1/*	$NetBSD: nameser.h,v 1.1.1.2 2012/09/09 16:07:50 christos Exp $	*/
2
3/*
4 * Portions Copyright (C) 2004, 2005, 2008, 2009  Internet Systems Consortium, Inc. ("ISC")
5 * Portions Copyright (C) 1996-2003  Internet Software Consortium.
6 *
7 * Permission to use, copy, modify, and/or distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
12 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
13 * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
14 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
16 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17 * PERFORMANCE OF THIS SOFTWARE.
18 */
19
20/*
21 * Copyright (c) 1983, 1989, 1993
22 *    The Regents of the University of California.  All rights reserved.
23 *
24 * Redistribution and use in source and binary forms, with or without
25 * modification, are permitted provided that the following conditions
26 * are met:
27 * 1. Redistributions of source code must retain the above copyright
28 *    notice, this list of conditions and the following disclaimer.
29 * 2. Redistributions in binary form must reproduce the above copyright
30 *    notice, this list of conditions and the following disclaimer in the
31 *    documentation and/or other materials provided with the distribution.
32 * 3. All advertising materials mentioning features or use of this software
33 *    must display the following acknowledgement:
34 * 	This product includes software developed by the University of
35 * 	California, Berkeley and its contributors.
36 * 4. Neither the name of the University nor the names of its contributors
37 *    may be used to endorse or promote products derived from this software
38 *    without specific prior written permission.
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 */
52
53/*
54 *	Id: nameser.h,v 1.16 2009/03/03 01:52:48 each Exp
55 */
56
57#ifndef _ARPA_NAMESER_H_
58#define _ARPA_NAMESER_H_
59
60/*! \file */
61
62#define BIND_4_COMPAT
63
64#include <sys/param.h>
65#if (!defined(BSD)) || (BSD < 199306)
66# include <sys/bitypes.h>
67#else
68# include <sys/types.h>
69#endif
70#include <sys/cdefs.h>
71
72/*%
73 * Revision information.  This is the release date in YYYYMMDD format.
74 * It can change every day so the right thing to do with it is use it
75 * in preprocessor commands such as "#if (__NAMESER > 19931104)".  Do not
76 * compare for equality; rather, use it to determine whether your libbind.a
77 * contains a new enough lib/nameser/ to support the feature you need.
78 */
79
80#define __NAMESER	20090302	/*%< New interface version stamp. */
81/*
82 * Define constants based on RFC0883, RFC1034, RFC 1035
83 */
84#define NS_PACKETSZ	512	/*%< default UDP packet size */
85#define NS_MAXDNAME	1025	/*%< maximum domain name (presentation format)*/
86#define NS_MAXMSG	65535	/*%< maximum message size */
87#define NS_MAXCDNAME	255	/*%< maximum compressed domain name */
88#define NS_MAXLABEL	63	/*%< maximum length of domain label */
89#define NS_MAXLABELS	128	/*%< theoretical max #/labels per domain name */
90#define NS_MAXNNAME	256	/*%< maximum uncompressed (binary) domain name*/
91#define	NS_MAXPADDR	(sizeof "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff")
92#define NS_HFIXEDSZ	12	/*%< #/bytes of fixed data in header */
93#define NS_QFIXEDSZ	4	/*%< #/bytes of fixed data in query */
94#define NS_RRFIXEDSZ	10	/*%< #/bytes of fixed data in r record */
95#define NS_INT32SZ	4	/*%< #/bytes of data in a u_int32_t */
96#define NS_INT16SZ	2	/*%< #/bytes of data in a u_int16_t */
97#define NS_INT8SZ	1	/*%< #/bytes of data in a u_int8_t */
98#define NS_INADDRSZ	4	/*%< IPv4 T_A */
99#define NS_IN6ADDRSZ	16	/*%< IPv6 T_AAAA */
100#define NS_CMPRSFLGS	0xc0	/*%< Flag bits indicating name compression. */
101#define NS_DEFAULTPORT	53	/*%< For both TCP and UDP. */
102/*
103 * These can be expanded with synonyms, just keep ns_parse.c:ns_parserecord()
104 * in synch with it.
105 */
106typedef enum __ns_sect {
107	ns_s_qd = 0,		/*%< Query: Question. */
108	ns_s_zn = 0,		/*%< Update: Zone. */
109	ns_s_an = 1,		/*%< Query: Answer. */
110	ns_s_pr = 1,		/*%< Update: Prerequisites. */
111	ns_s_ns = 2,		/*%< Query: Name servers. */
112	ns_s_ud = 2,		/*%< Update: Update. */
113	ns_s_ar = 3,		/*%< Query|Update: Additional records. */
114	ns_s_max = 4
115} ns_sect;
116
117/*%
118 * Network name (compressed or not) type.  Equivilent to a pointer when used
119 * in a function prototype.  Can be const'd.
120 */
121typedef u_char ns_nname[NS_MAXNNAME];
122typedef const u_char *ns_nname_ct;
123typedef u_char *ns_nname_t;
124
125struct ns_namemap { ns_nname_ct base; int len; };
126typedef struct ns_namemap *ns_namemap_t;
127typedef const struct ns_namemap *ns_namemap_ct;
128
129/*%
130 * This is a message handle.  It is caller allocated and has no dynamic data.
131 * This structure is intended to be opaque to all but ns_parse.c, thus the
132 * leading _'s on the member names.  Use the accessor functions, not the _'s.
133 */
134typedef struct __ns_msg {
135	const u_char	*_msg, *_eom;
136	u_int16_t	_id, _flags, _counts[ns_s_max];
137	const u_char	*_sections[ns_s_max];
138	ns_sect		_sect;
139	int		_rrnum;
140	const u_char	*_msg_ptr;
141} ns_msg;
142
143/*
144 * This is a newmsg handle, used when constructing new messages with
145 * ns_newmsg_init, et al.
146 */
147struct ns_newmsg {
148	ns_msg		msg;
149	const u_char	*dnptrs[25];
150	const u_char	**lastdnptr;
151};
152typedef struct ns_newmsg ns_newmsg;
153
154/* Private data structure - do not use from outside library. */
155struct _ns_flagdata {  int mask, shift;  };
156extern struct _ns_flagdata _ns_flagdata[];
157
158/* Accessor macros - this is part of the public interface. */
159
160#define ns_msg_id(handle) ((handle)._id + 0)
161#define ns_msg_base(handle) ((handle)._msg + 0)
162#define ns_msg_end(handle) ((handle)._eom + 0)
163#define ns_msg_size(handle) ((handle)._eom - (handle)._msg)
164#define ns_msg_count(handle, section) ((handle)._counts[section] + 0)
165
166/*%
167 * This is a parsed record.  It is caller allocated and has no dynamic data.
168 */
169typedef	struct __ns_rr {
170	char		name[NS_MAXDNAME];
171	u_int16_t	type;
172	u_int16_t	rr_class;
173	u_int32_t	ttl;
174	u_int16_t	rdlength;
175	const u_char *	rdata;
176} ns_rr;
177
178/*
179 * Same thing, but using uncompressed network binary names, and real C types.
180 */
181typedef	struct __ns_rr2 {
182	ns_nname	nname;
183	size_t		nnamel;
184	int		type;
185	int		rr_class;
186	u_int		ttl;
187	int		rdlength;
188	const u_char *	rdata;
189} ns_rr2;
190
191/* Accessor macros - this is part of the public interface. */
192#define ns_rr_name(rr)	(((rr).name[0] != '\0') ? (rr).name : ".")
193#define ns_rr_nname(rr)	((const ns_nname_t)(rr).nname)
194#define ns_rr_nnamel(rr) ((rr).nnamel + 0)
195#define ns_rr_type(rr)	((ns_type)((rr).type + 0))
196#define ns_rr_class(rr)	((ns_class)((rr).rr_class + 0))
197#define ns_rr_ttl(rr)	((rr).ttl + 0)
198#define ns_rr_rdlen(rr)	((rr).rdlength + 0)
199#define ns_rr_rdata(rr)	((rr).rdata + 0)
200
201/*%
202 * These don't have to be in the same order as in the packet flags word,
203 * and they can even overlap in some cases, but they will need to be kept
204 * in synch with ns_parse.c:ns_flagdata[].
205 */
206typedef enum __ns_flag {
207	ns_f_qr,		/*%< Question/Response. */
208	ns_f_opcode,		/*%< Operation code. */
209	ns_f_aa,		/*%< Authoritative Answer. */
210	ns_f_tc,		/*%< Truncation occurred. */
211	ns_f_rd,		/*%< Recursion Desired. */
212	ns_f_ra,		/*%< Recursion Available. */
213	ns_f_z,			/*%< MBZ. */
214	ns_f_ad,		/*%< Authentic Data (DNSSEC). */
215	ns_f_cd,		/*%< Checking Disabled (DNSSEC). */
216	ns_f_rcode,		/*%< Response code. */
217	ns_f_max
218} ns_flag;
219
220/*%
221 * Currently defined opcodes.
222 */
223typedef enum __ns_opcode {
224	ns_o_query = 0,		/*%< Standard query. */
225	ns_o_iquery = 1,	/*%< Inverse query (deprecated/unsupported). */
226	ns_o_status = 2,	/*%< Name server status query (unsupported). */
227				/* Opcode 3 is undefined/reserved. */
228	ns_o_notify = 4,	/*%< Zone change notification. */
229	ns_o_update = 5,	/*%< Zone update message. */
230	ns_o_max = 6
231} ns_opcode;
232
233/*%
234 * Currently defined response codes.
235 */
236typedef	enum __ns_rcode {
237	ns_r_noerror = 0,	/*%< No error occurred. */
238	ns_r_formerr = 1,	/*%< Format error. */
239	ns_r_servfail = 2,	/*%< Server failure. */
240	ns_r_nxdomain = 3,	/*%< Name error. */
241	ns_r_notimpl = 4,	/*%< Unimplemented. */
242	ns_r_refused = 5,	/*%< Operation refused. */
243	/* these are for BIND_UPDATE */
244	ns_r_yxdomain = 6,	/*%< Name exists */
245	ns_r_yxrrset = 7,	/*%< RRset exists */
246	ns_r_nxrrset = 8,	/*%< RRset does not exist */
247	ns_r_notauth = 9,	/*%< Not authoritative for zone */
248	ns_r_notzone = 10,	/*%< Zone of record different from zone section */
249	ns_r_max = 11,
250	/* The following are EDNS extended rcodes */
251	ns_r_badvers = 16,
252	/* The following are TSIG errors */
253	ns_r_badsig = 16,
254	ns_r_badkey = 17,
255	ns_r_badtime = 18
256} ns_rcode;
257
258/* BIND_UPDATE */
259typedef enum __ns_update_operation {
260	ns_uop_delete = 0,
261	ns_uop_add = 1,
262	ns_uop_max = 2
263} ns_update_operation;
264
265/*%
266 * This structure is used for TSIG authenticated messages
267 */
268struct ns_tsig_key {
269	char name[NS_MAXDNAME], alg[NS_MAXDNAME];
270	unsigned char *data;
271	int len;
272};
273typedef struct ns_tsig_key ns_tsig_key;
274
275/*%
276 * This structure is used for TSIG authenticated TCP messages
277 */
278struct ns_tcp_tsig_state {
279	int counter;
280	struct dst_key *key;
281	void *ctx;
282	unsigned char sig[NS_PACKETSZ];
283	int siglen;
284};
285typedef struct ns_tcp_tsig_state ns_tcp_tsig_state;
286
287#define NS_TSIG_FUDGE 300
288#define NS_TSIG_TCP_COUNT 100
289#define NS_TSIG_ALG_HMAC_MD5 "HMAC-MD5.SIG-ALG.REG.INT"
290
291#define NS_TSIG_ERROR_NO_TSIG -10
292#define NS_TSIG_ERROR_NO_SPACE -11
293#define NS_TSIG_ERROR_FORMERR -12
294
295/*%
296 * Currently defined type values for resources and queries.
297 */
298typedef enum __ns_type {
299	ns_t_invalid = 0,	/*%< Cookie. */
300	ns_t_a = 1,		/*%< Host address. */
301	ns_t_ns = 2,		/*%< Authoritative server. */
302	ns_t_md = 3,		/*%< Mail destination. */
303	ns_t_mf = 4,		/*%< Mail forwarder. */
304	ns_t_cname = 5,		/*%< Canonical name. */
305	ns_t_soa = 6,		/*%< Start of authority zone. */
306	ns_t_mb = 7,		/*%< Mailbox domain name. */
307	ns_t_mg = 8,		/*%< Mail group member. */
308	ns_t_mr = 9,		/*%< Mail rename name. */
309	ns_t_null = 10,		/*%< Null resource record. */
310	ns_t_wks = 11,		/*%< Well known service. */
311	ns_t_ptr = 12,		/*%< Domain name pointer. */
312	ns_t_hinfo = 13,	/*%< Host information. */
313	ns_t_minfo = 14,	/*%< Mailbox information. */
314	ns_t_mx = 15,		/*%< Mail routing information. */
315	ns_t_txt = 16,		/*%< Text strings. */
316	ns_t_rp = 17,		/*%< Responsible person. */
317	ns_t_afsdb = 18,	/*%< AFS cell database. */
318	ns_t_x25 = 19,		/*%< X_25 calling address. */
319	ns_t_isdn = 20,		/*%< ISDN calling address. */
320	ns_t_rt = 21,		/*%< Router. */
321	ns_t_nsap = 22,		/*%< NSAP address. */
322	ns_t_nsap_ptr = 23,	/*%< Reverse NSAP lookup (deprecated). */
323	ns_t_sig = 24,		/*%< Security signature. */
324	ns_t_key = 25,		/*%< Security key. */
325	ns_t_px = 26,		/*%< X.400 mail mapping. */
326	ns_t_gpos = 27,		/*%< Geographical position (withdrawn). */
327	ns_t_aaaa = 28,		/*%< IPv6 Address. */
328	ns_t_loc = 29,		/*%< Location Information. */
329	ns_t_nxt = 30,		/*%< Next domain (security). */
330	ns_t_eid = 31,		/*%< Endpoint identifier. */
331	ns_t_nimloc = 32,	/*%< Nimrod Locator. */
332	ns_t_srv = 33,		/*%< Server Selection. */
333	ns_t_atma = 34,		/*%< ATM Address */
334	ns_t_naptr = 35,	/*%< Naming Authority PoinTeR */
335	ns_t_kx = 36,		/*%< Key Exchange */
336	ns_t_cert = 37,		/*%< Certification record */
337	ns_t_a6 = 38,		/*%< IPv6 address (experimental) */
338	ns_t_dname = 39,	/*%< Non-terminal DNAME */
339	ns_t_sink = 40,		/*%< Kitchen sink (experimentatl) */
340	ns_t_opt = 41,		/*%< EDNS0 option (meta-RR) */
341	ns_t_apl = 42,		/*%< Address prefix list (RFC3123) */
342	ns_t_ds = 43,		/*%< Delegation Signer */
343	ns_t_sshfp = 44,	/*%< SSH Fingerprint */
344	ns_t_ipseckey = 45,	/*%< IPSEC Key */
345	ns_t_rrsig = 46,	/*%< RRset Signature */
346	ns_t_nsec = 47,		/*%< Negative security */
347	ns_t_dnskey = 48,	/*%< DNS Key */
348	ns_t_dhcid = 49,	/*%< Dynamic host configuratin identifier */
349	ns_t_nsec3 = 50,	/*%< Negative security type 3 */
350	ns_t_nsec3param = 51,	/*%< Negative security type 3 parameters */
351	ns_t_hip = 55,		/*%< Host Identity Protocol */
352	ns_t_spf = 99,		/*%< Sender Policy Framework */
353	ns_t_tkey = 249,	/*%< Transaction key */
354	ns_t_tsig = 250,	/*%< Transaction signature. */
355	ns_t_ixfr = 251,	/*%< Incremental zone transfer. */
356	ns_t_axfr = 252,	/*%< Transfer zone of authority. */
357	ns_t_mailb = 253,	/*%< Transfer mailbox records. */
358	ns_t_maila = 254,	/*%< Transfer mail agent records. */
359	ns_t_any = 255,		/*%< Wildcard match. */
360	ns_t_zxfr = 256,	/*%< BIND-specific, nonstandard. */
361	ns_t_dlv = 32769,	/*%< DNSSEC look-aside validatation. */
362	ns_t_max = 65536
363} ns_type;
364
365/* Exclusively a QTYPE? (not also an RTYPE) */
366#define	ns_t_qt_p(t) (ns_t_xfr_p(t) || (t) == ns_t_any || \
367		      (t) == ns_t_mailb || (t) == ns_t_maila)
368/* Some kind of meta-RR? (not a QTYPE, but also not an RTYPE) */
369#define	ns_t_mrr_p(t) ((t) == ns_t_tsig || (t) == ns_t_opt)
370/* Exclusively an RTYPE? (not also a QTYPE or a meta-RR) */
371#define ns_t_rr_p(t) (!ns_t_qt_p(t) && !ns_t_mrr_p(t))
372#define ns_t_udp_p(t) ((t) != ns_t_axfr && (t) != ns_t_zxfr)
373#define ns_t_xfr_p(t) ((t) == ns_t_axfr || (t) == ns_t_ixfr || \
374		       (t) == ns_t_zxfr)
375
376/*%
377 * Values for class field
378 */
379typedef enum __ns_class {
380	ns_c_invalid = 0,	/*%< Cookie. */
381	ns_c_in = 1,		/*%< Internet. */
382	ns_c_2 = 2,		/*%< unallocated/unsupported. */
383	ns_c_chaos = 3,		/*%< MIT Chaos-net. */
384	ns_c_hs = 4,		/*%< MIT Hesiod. */
385	/* Query class values which do not appear in resource records */
386	ns_c_none = 254,	/*%< for prereq. sections in update requests */
387	ns_c_any = 255,		/*%< Wildcard match. */
388	ns_c_max = 65536
389} ns_class;
390
391/* DNSSEC constants. */
392
393typedef enum __ns_key_types {
394	ns_kt_rsa = 1,		/*%< key type RSA/MD5 */
395	ns_kt_dh  = 2,		/*%< Diffie Hellman */
396	ns_kt_dsa = 3,		/*%< Digital Signature Standard (MANDATORY) */
397	ns_kt_private = 254	/*%< Private key type starts with OID */
398} ns_key_types;
399
400typedef enum __ns_cert_types {
401	cert_t_pkix = 1,	/*%< PKIX (X.509v3) */
402	cert_t_spki = 2,	/*%< SPKI */
403	cert_t_pgp  = 3,	/*%< PGP */
404	cert_t_url  = 253,	/*%< URL private type */
405	cert_t_oid  = 254	/*%< OID private type */
406} ns_cert_types;
407
408/* Flags field of the KEY RR rdata. */
409#define	NS_KEY_TYPEMASK		0xC000	/*%< Mask for "type" bits */
410#define	NS_KEY_TYPE_AUTH_CONF	0x0000	/*%< Key usable for both */
411#define	NS_KEY_TYPE_CONF_ONLY	0x8000	/*%< Key usable for confidentiality */
412#define	NS_KEY_TYPE_AUTH_ONLY	0x4000	/*%< Key usable for authentication */
413#define	NS_KEY_TYPE_NO_KEY	0xC000	/*%< No key usable for either; no key */
414/* The type bits can also be interpreted independently, as single bits: */
415#define	NS_KEY_NO_AUTH		0x8000	/*%< Key unusable for authentication */
416#define	NS_KEY_NO_CONF		0x4000	/*%< Key unusable for confidentiality */
417#define	NS_KEY_RESERVED2	0x2000	/* Security is *mandatory* if bit=0 */
418#define	NS_KEY_EXTENDED_FLAGS	0x1000	/*%< reserved - must be zero */
419#define	NS_KEY_RESERVED4	0x0800  /*%< reserved - must be zero */
420#define	NS_KEY_RESERVED5	0x0400  /*%< reserved - must be zero */
421#define	NS_KEY_NAME_TYPE	0x0300	/*%< these bits determine the type */
422#define	NS_KEY_NAME_USER	0x0000	/*%< key is assoc. with user */
423#define	NS_KEY_NAME_ENTITY	0x0200	/*%< key is assoc. with entity eg host */
424#define	NS_KEY_NAME_ZONE	0x0100	/*%< key is zone key */
425#define	NS_KEY_NAME_RESERVED	0x0300	/*%< reserved meaning */
426#define	NS_KEY_RESERVED8	0x0080  /*%< reserved - must be zero */
427#define	NS_KEY_RESERVED9	0x0040  /*%< reserved - must be zero */
428#define	NS_KEY_RESERVED10	0x0020  /*%< reserved - must be zero */
429#define	NS_KEY_RESERVED11	0x0010  /*%< reserved - must be zero */
430#define	NS_KEY_SIGNATORYMASK	0x000F	/*%< key can sign RR's of same name */
431#define	NS_KEY_RESERVED_BITMASK ( NS_KEY_RESERVED2 | \
432				  NS_KEY_RESERVED4 | \
433				  NS_KEY_RESERVED5 | \
434				  NS_KEY_RESERVED8 | \
435				  NS_KEY_RESERVED9 | \
436				  NS_KEY_RESERVED10 | \
437				  NS_KEY_RESERVED11 )
438#define NS_KEY_RESERVED_BITMASK2 0xFFFF /*%< no bits defined here */
439/* The Algorithm field of the KEY and SIG RR's is an integer, {1..254} */
440#define	NS_ALG_MD5RSA		1	/*%< MD5 with RSA */
441#define	NS_ALG_DH               2	/*%< Diffie Hellman KEY */
442#define	NS_ALG_DSA              3	/*%< DSA KEY */
443#define	NS_ALG_DSS              NS_ALG_DSA
444#define	NS_ALG_EXPIRE_ONLY	253	/*%< No alg, no security */
445#define	NS_ALG_PRIVATE_OID	254	/*%< Key begins with OID giving alg */
446/* Protocol values  */
447/* value 0 is reserved */
448#define NS_KEY_PROT_TLS         1
449#define NS_KEY_PROT_EMAIL       2
450#define NS_KEY_PROT_DNSSEC      3
451#define NS_KEY_PROT_IPSEC       4
452#define NS_KEY_PROT_ANY		255
453
454/* Signatures */
455#define	NS_MD5RSA_MIN_BITS	 512	/*%< Size of a mod or exp in bits */
456#define	NS_MD5RSA_MAX_BITS	4096
457	/* Total of binary mod and exp */
458#define	NS_MD5RSA_MAX_BYTES	((NS_MD5RSA_MAX_BITS+7/8)*2+3)
459	/* Max length of text sig block */
460#define	NS_MD5RSA_MAX_BASE64	(((NS_MD5RSA_MAX_BYTES+2)/3)*4)
461#define NS_MD5RSA_MIN_SIZE	((NS_MD5RSA_MIN_BITS+7)/8)
462#define NS_MD5RSA_MAX_SIZE	((NS_MD5RSA_MAX_BITS+7)/8)
463
464#define NS_DSA_SIG_SIZE         41
465#define NS_DSA_MIN_SIZE         213
466#define NS_DSA_MAX_BYTES        405
467
468/* Offsets into SIG record rdata to find various values */
469#define	NS_SIG_TYPE	0	/*%< Type flags */
470#define	NS_SIG_ALG	2	/*%< Algorithm */
471#define	NS_SIG_LABELS	3	/*%< How many labels in name */
472#define	NS_SIG_OTTL	4	/*%< Original TTL */
473#define	NS_SIG_EXPIR	8	/*%< Expiration time */
474#define	NS_SIG_SIGNED	12	/*%< Signature time */
475#define	NS_SIG_FOOT	16	/*%< Key footprint */
476#define	NS_SIG_SIGNER	18	/*%< Domain name of who signed it */
477/* How RR types are represented as bit-flags in NXT records */
478#define	NS_NXT_BITS 8
479#define	NS_NXT_BIT_SET(  n,p) (p[(n)/NS_NXT_BITS] |=  (0x80>>((n)%NS_NXT_BITS)))
480#define	NS_NXT_BIT_CLEAR(n,p) (p[(n)/NS_NXT_BITS] &= ~(0x80>>((n)%NS_NXT_BITS)))
481#define	NS_NXT_BIT_ISSET(n,p) (p[(n)/NS_NXT_BITS] &   (0x80>>((n)%NS_NXT_BITS)))
482#define NS_NXT_MAX 127
483
484/*%
485 * EDNS0 extended flags and option codes, host order.
486 */
487#define NS_OPT_DNSSEC_OK	0x8000U
488#define NS_OPT_NSID             3
489
490/*%
491 * Inline versions of get/put short/long.  Pointer is advanced.
492 */
493#define NS_GET16(s, cp) do { \
494	register const u_char *t_cp = (const u_char *)(cp); \
495	(s) = ((u_int16_t)t_cp[0] << 8) \
496	    | ((u_int16_t)t_cp[1]) \
497	    ; \
498	(cp) += NS_INT16SZ; \
499} while (0)
500
501#define NS_GET32(l, cp) do { \
502	register const u_char *t_cp = (const u_char *)(cp); \
503	(l) = ((u_int32_t)t_cp[0] << 24) \
504	    | ((u_int32_t)t_cp[1] << 16) \
505	    | ((u_int32_t)t_cp[2] << 8) \
506	    | ((u_int32_t)t_cp[3]) \
507	    ; \
508	(cp) += NS_INT32SZ; \
509} while (0)
510
511#define NS_PUT16(s, cp) do { \
512	register u_int16_t t_s = (u_int16_t)(s); \
513	register u_char *t_cp = (u_char *)(cp); \
514	*t_cp++ = t_s >> 8; \
515	*t_cp   = t_s; \
516	(cp) += NS_INT16SZ; \
517} while (0)
518
519#define NS_PUT32(l, cp) do { \
520	register u_int32_t t_l = (u_int32_t)(l); \
521	register u_char *t_cp = (u_char *)(cp); \
522	*t_cp++ = t_l >> 24; \
523	*t_cp++ = t_l >> 16; \
524	*t_cp++ = t_l >> 8; \
525	*t_cp   = t_l; \
526	(cp) += NS_INT32SZ; \
527} while (0)
528
529/*%
530 * ANSI C identifier hiding for bind's lib/nameser.
531 */
532#define	ns_msg_getflag		__ns_msg_getflag
533#define ns_get16		__ns_get16
534#define ns_get32		__ns_get32
535#define ns_put16		__ns_put16
536#define ns_put32		__ns_put32
537#define ns_initparse		__ns_initparse
538#define ns_skiprr		__ns_skiprr
539#define ns_parserr		__ns_parserr
540#define ns_parserr2		__ns_parserr2
541#define	ns_sprintrr		__ns_sprintrr
542#define	ns_sprintrrf		__ns_sprintrrf
543#define	ns_format_ttl		__ns_format_ttl
544#define	ns_parse_ttl		__ns_parse_ttl
545#define ns_datetosecs		__ns_datetosecs
546#define	ns_name_ntol		__ns_name_ntol
547#define	ns_name_ntop		__ns_name_ntop
548#define	ns_name_pton		__ns_name_pton
549#define	ns_name_pton2		__ns_name_pton2
550#define	ns_name_unpack		__ns_name_unpack
551#define	ns_name_unpack2		__ns_name_unpack2
552#define	ns_name_pack		__ns_name_pack
553#define	ns_name_compress	__ns_name_compress
554#define	ns_name_uncompress	__ns_name_uncompress
555#define	ns_name_skip		__ns_name_skip
556#define	ns_name_rollback	__ns_name_rollback
557#define	ns_name_length		__ns_name_length
558#define	ns_name_eq		__ns_name_eq
559#define	ns_name_owned		__ns_name_owned
560#define	ns_name_map		__ns_name_map
561#define	ns_name_labels		__ns_name_labels
562#define	ns_sign			__ns_sign
563#define	ns_sign2		__ns_sign2
564#define	ns_sign_tcp		__ns_sign_tcp
565#define	ns_sign_tcp2		__ns_sign_tcp2
566#define	ns_sign_tcp_init	__ns_sign_tcp_init
567#define ns_find_tsig		__ns_find_tsig
568#define	ns_verify		__ns_verify
569#define	ns_verify_tcp		__ns_verify_tcp
570#define	ns_verify_tcp_init	__ns_verify_tcp_init
571#define	ns_samedomain		__ns_samedomain
572#define	ns_subdomain		__ns_subdomain
573#define	ns_makecanon		__ns_makecanon
574#define	ns_samename		__ns_samename
575#define	ns_newmsg_init		__ns_newmsg_init
576#define	ns_newmsg_copy		__ns_newmsg_copy
577#define	ns_newmsg_id		__ns_newmsg_id
578#define	ns_newmsg_flag		__ns_newmsg_flag
579#define	ns_newmsg_q		__ns_newmsg_q
580#define	ns_newmsg_rr		__ns_newmsg_rr
581#define	ns_newmsg_done		__ns_newmsg_done
582#define	ns_rdata_unpack		__ns_rdata_unpack
583#define	ns_rdata_equal		__ns_rdata_equal
584#define	ns_rdata_refers		__ns_rdata_refers
585
586__BEGIN_DECLS
587int		ns_msg_getflag __P((ns_msg, int));
588u_int		ns_get16 __P((const u_char *));
589u_long		ns_get32 __P((const u_char *));
590void		ns_put16 __P((u_int, u_char *));
591void		ns_put32 __P((u_long, u_char *));
592int		ns_initparse __P((const u_char *, int, ns_msg *));
593int		ns_skiprr __P((const u_char *, const u_char *, ns_sect, int));
594int		ns_parserr __P((ns_msg *, ns_sect, int, ns_rr *));
595int		ns_parserr2 __P((ns_msg *, ns_sect, int, ns_rr2 *));
596int		ns_sprintrr __P((const ns_msg *, const ns_rr *,
597				 const char *, const char *, char *, size_t));
598int		ns_sprintrrf __P((const u_char *, size_t, const char *,
599				  ns_class, ns_type, u_long, const u_char *,
600				  size_t, const char *, const char *,
601				  char *, size_t));
602int		ns_format_ttl __P((u_long, char *, size_t));
603int		ns_parse_ttl __P((const char *, u_long *));
604u_int32_t	ns_datetosecs __P((const char *cp, int *errp));
605int		ns_name_ntol __P((const u_char *, u_char *, size_t));
606int		ns_name_ntop __P((const u_char *, char *, size_t));
607int		ns_name_pton __P((const char *, u_char *, size_t));
608int		ns_name_pton2 __P((const char *, u_char *, size_t, size_t *));
609int		ns_name_unpack __P((const u_char *, const u_char *,
610				    const u_char *, u_char *, size_t));
611int		ns_name_unpack2 __P((const u_char *, const u_char *,
612				     const u_char *, u_char *, size_t,
613				     size_t *));
614int		ns_name_pack __P((const u_char *, u_char *, int,
615				  const u_char **, const u_char **));
616int		ns_name_uncompress __P((const u_char *, const u_char *,
617					const u_char *, char *, size_t));
618int		ns_name_compress __P((const char *, u_char *, size_t,
619				      const u_char **, const u_char **));
620int		ns_name_skip __P((const u_char **, const u_char *));
621void		ns_name_rollback __P((const u_char *, const u_char **,
622				      const u_char **));
623ssize_t		ns_name_length(ns_nname_ct, size_t);
624int		ns_name_eq(ns_nname_ct, size_t, ns_nname_ct, size_t);
625int		ns_name_owned(ns_namemap_ct, int, ns_namemap_ct, int);
626int		ns_name_map(ns_nname_ct, size_t, ns_namemap_t, int);
627int		ns_name_labels(ns_nname_ct, size_t);
628int		ns_sign __P((u_char *, int *, int, int, void *,
629			     const u_char *, int, u_char *, int *, time_t));
630int		ns_sign2 __P((u_char *, int *, int, int, void *,
631			      const u_char *, int, u_char *, int *, time_t,
632			      u_char **, u_char **));
633int		ns_sign_tcp __P((u_char *, int *, int, int,
634				 ns_tcp_tsig_state *, int));
635int		ns_sign_tcp2 __P((u_char *, int *, int, int,
636				  ns_tcp_tsig_state *, int,
637				  u_char **, u_char **));
638int		ns_sign_tcp_init __P((void *, const u_char *, int,
639					ns_tcp_tsig_state *));
640u_char		*ns_find_tsig __P((u_char *, u_char *));
641int		ns_verify __P((u_char *, int *, void *,
642			       const u_char *, int, u_char *, int *,
643			       time_t *, int));
644int		ns_verify_tcp __P((u_char *, int *, ns_tcp_tsig_state *, int));
645int		ns_verify_tcp_init __P((void *, const u_char *, int,
646					ns_tcp_tsig_state *));
647int		ns_samedomain __P((const char *, const char *));
648int		ns_subdomain __P((const char *, const char *));
649int		ns_makecanon __P((const char *, char *, size_t));
650int		ns_samename __P((const char *, const char *));
651int		ns_newmsg_init(u_char *buffer, size_t bufsiz, ns_newmsg *);
652int		ns_newmsg_copy(ns_newmsg *, ns_msg *);
653void		ns_newmsg_id(ns_newmsg *handle, u_int16_t id);
654void		ns_newmsg_flag(ns_newmsg *handle, ns_flag flag, u_int value);
655int		ns_newmsg_q(ns_newmsg *handle, ns_nname_ct qname,
656			    ns_type qtype, ns_class qclass);
657int		ns_newmsg_rr(ns_newmsg *handle, ns_sect sect,
658			     ns_nname_ct name, ns_type type,
659			     ns_class rr_class, u_int32_t ttl,
660			     u_int16_t rdlen, const u_char *rdata);
661size_t		ns_newmsg_done(ns_newmsg *handle);
662ssize_t		ns_rdata_unpack(const u_char *, const u_char *, ns_type,
663				const u_char *, size_t, u_char *, size_t);
664int		ns_rdata_equal(ns_type,
665			       const u_char *, size_t,
666			       const u_char *, size_t);
667int		ns_rdata_refers(ns_type,
668				const u_char *, size_t,
669				const u_char *);
670__END_DECLS
671
672#ifdef BIND_4_COMPAT
673#include <arpa/nameser_compat.h>
674#endif
675
676#endif /* !_ARPA_NAMESER_H_ */
677/*! \file */
678