net_help.h revision 1.1.1.7 
1/*
2 * util/net_help.h - network help functions
3 *
4 * Copyright (c) 2007, NLnet Labs. All rights reserved.
5 *
6 * This software is open source.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * Redistributions of source code must retain the above copyright notice,
13 * this list of conditions and the following disclaimer.
14 *
15 * Redistributions in binary form must reproduce the above copyright notice,
16 * this list of conditions and the following disclaimer in the documentation
17 * and/or other materials provided with the distribution.
18 *
19 * Neither the name of the NLNET LABS nor the names of its contributors may
20 * be used to endorse or promote products derived from this software without
21 * specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 */
35
36/**
37 * \file
38 *
39 * This file contains functions to perform network related tasks.
40 */
41
42#ifndef NET_HELP_H
43#define NET_HELP_H
44#include "util/log.h"
45#include "util/random.h"
46struct sock_list;
47struct regional;
48struct config_strlist;
49
50/** DNS constants for uint16_t style flag manipulation. host byteorder.
51 *                                1  1  1  1  1  1
52 *  0  1  2  3  4  5  6  7  8  9  0  1  2  3  4  5
53 * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
54 * |QR|   Opcode  |AA|TC|RD|RA| Z|AD|CD|   RCODE   |
55 * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
56 */
57/** CD flag */
58#define BIT_CD 0x0010
59/** AD flag */
60#define BIT_AD 0x0020
61/** Z flag */
62#define BIT_Z  0x0040
63/** RA flag */
64#define BIT_RA 0x0080
65/** RD flag */
66#define BIT_RD 0x0100
67/** TC flag */
68#define BIT_TC 0x0200
69/** AA flag */
70#define BIT_AA 0x0400
71/** QR flag */
72#define BIT_QR 0x8000
73/** get RCODE bits from uint16 flags */
74#define FLAGS_GET_RCODE(f) ((f) & 0xf)
75/** set RCODE bits in uint16 flags */
76#define FLAGS_SET_RCODE(f, r) (f = (((f) & 0xfff0) | (r)))
77
78/** timeout in milliseconds for UDP queries to auth servers. */
79#define UDP_AUTH_QUERY_TIMEOUT 3000
80/** Advertised version of EDNS capabilities */
81#define EDNS_ADVERTISED_VERSION         0
82/** Advertised size of EDNS capabilities */
83extern uint16_t EDNS_ADVERTISED_SIZE;
84/** bits for EDNS bitfield */
85#define EDNS_DO 0x8000 /* Dnssec Ok */
86/** byte size of ip4 address */
87#define INET_SIZE 4
88/** byte size of ip6 address */
89#define INET6_SIZE 16
90
91/** DNSKEY zone sign key flag */
92#define DNSKEY_BIT_ZSK 0x0100
93/** DNSKEY secure entry point, KSK flag */
94#define DNSKEY_BIT_SEP 0x0001
95
96/** return a random 16-bit number given a random source */
97#define GET_RANDOM_ID(rnd) (((unsigned)ub_random(rnd)>>8) & 0xffff)
98
99/** minimal responses when positive answer */
100extern int MINIMAL_RESPONSES;
101
102/** rrset order roundrobin */
103extern int RRSET_ROUNDROBIN;
104
105/** log tag queries with name instead of 'info' for filtering */
106extern int LOG_TAG_QUERYREPLY;
107
108/**
109 * See if string is ip4 or ip6.
110 * @param str: IP specification.
111 * @return: true if string addr is an ip6 specced address.
112 */
113int str_is_ip6(const char* str);
114
115/**
116 * Set fd nonblocking.
117 * @param s: file descriptor.
118 * @return: 0 on error (error is printed to log).
119 */
120int fd_set_nonblock(int s);
121
122/**
123 * Set fd (back to) blocking.
124 * @param s: file descriptor.
125 * @return: 0 on error (error is printed to log).
126 */
127int fd_set_block(int s);
128
129/**
130 * See if number is a power of 2.
131 * @param num: the value.
132 * @return: true if the number is a power of 2.
133 */
134int is_pow2(size_t num);
135
136/**
137 * Allocate memory and copy over contents.
138 * @param data: what to copy over.
139 * @param len: length of data.
140 * @return: NULL on malloc failure, or newly malloced data.
141 */
142void* memdup(void* data, size_t len);
143
144/**
145 * Prints the sockaddr in readable format with log_info. Debug helper.
146 * @param v: at what verbosity level to print this.
147 * @param str: descriptive string printed with it.
148 * @param addr: the sockaddr to print. Can be ip4 or ip6.
149 * @param addrlen: length of addr.
150 */
151void log_addr(enum verbosity_value v, const char* str,
152	struct sockaddr_storage* addr, socklen_t addrlen);
153
154/**
155 * Prints zone name and sockaddr in readable format with log_info. Debug.
156 * @param v: at what verbosity level to print this.
157 * @param str: descriptive string printed with it.
158 * @param zone: DNS domain name, uncompressed wireformat.
159 * @param addr: the sockaddr to print. Can be ip4 or ip6.
160 * @param addrlen: length of addr.
161 */
162void log_name_addr(enum verbosity_value v, const char* str, uint8_t* zone,
163	struct sockaddr_storage* addr, socklen_t addrlen);
164
165/**
166 * Log errno and addr.
167 * @param str: descriptive string printed with it.
168 * @param err: errno string to print, i.e. strerror(errno).
169 * @param addr: the sockaddr to print. Can be ip4 or ip6.
170 * @param addrlen: length of addr.
171 */
172void log_err_addr(const char* str, const char* err,
173	struct sockaddr_storage* addr, socklen_t addrlen);
174
175/**
176 * Convert address string, with "@port" appendix, to sockaddr.
177 * Uses DNS port by default.
178 * @param str: the string
179 * @param addr: where to store sockaddr.
180 * @param addrlen: length of stored sockaddr is returned.
181 * @return 0 on error.
182 */
183int extstrtoaddr(const char* str, struct sockaddr_storage* addr,
184	socklen_t* addrlen);
185
186/**
187 * Convert ip address string and port to sockaddr.
188 * @param ip: ip4 or ip6 address string.
189 * @param port: port number, host format.
190 * @param addr: where to store sockaddr.
191 * @param addrlen: length of stored sockaddr is returned.
192 * @return 0 on error.
193 */
194int ipstrtoaddr(const char* ip, int port, struct sockaddr_storage* addr,
195	socklen_t* addrlen);
196
197/**
198 * Convert ip netblock (ip/netsize) string and port to sockaddr.
199 * performs a copy internally to avoid writing over 'ip' string.
200 * @param ip: ip4 or ip6 address string.
201 * @param port: port number, host format.
202 * @param addr: where to store sockaddr.
203 * @param addrlen: length of stored sockaddr is returned.
204 * @param net: netblock size is returned.
205 * @return 0 on error.
206 */
207int netblockstrtoaddr(const char* ip, int port, struct sockaddr_storage* addr,
208	socklen_t* addrlen, int* net);
209
210/**
211 * Convert address string, with "@port" appendix, to sockaddr.
212 * It can also have an "#tls-auth-name" appendix (after the port).
213 * The returned auth_name string is a pointer into the input string.
214 * Uses DNS port by default; TLS port when a "#tls-auth-name" is configured.
215 * @param str: the string
216 * @param addr: where to store sockaddr.
217 * @param addrlen: length of stored sockaddr is returned.
218 * @param auth_name: returned pointer to tls_auth_name, or NULL if none.
219 * @return 0 on error.
220 */
221int authextstrtoaddr(char* str, struct sockaddr_storage* addr,
222	socklen_t* addrlen, char** auth_name);
223
224/**
225 * Convert domain string, with "@port" appendix, to dname.
226 * It can also have an "#tls-auth-name" appendix (after the port).
227 * The return port is the parsed port.
228 * Uses DNS port by default; TLS port when a "#tls-auth-name" is configured.
229 * The returned auth_name string is a pointer into the input string.
230 * @param str: the string
231 * @param port: pointer to be assigned the parsed port value.
232 * @param auth_name: returned pointer to tls_auth_name, or NULL if none.
233 * @return pointer to the dname.
234 */
235uint8_t* authextstrtodname(char* str, int* port, char** auth_name);
236
237/**
238 * Store port number into sockaddr structure
239 * @param addr: sockaddr structure, ip4 or ip6.
240 * @param addrlen: length of addr.
241 * @param port: port number to put into the addr.
242 */
243void sockaddr_store_port(struct sockaddr_storage* addr, socklen_t addrlen,
244	int port);
245
246/**
247 * Print string with neat domain name, type and class.
248 * @param v: at what verbosity level to print this.
249 * @param str: string of message.
250 * @param name: domain name uncompressed wireformat.
251 * @param type: host format RR type.
252 * @param dclass: host format RR class.
253 */
254void log_nametypeclass(enum verbosity_value v, const char* str,
255	uint8_t* name, uint16_t type, uint16_t dclass);
256
257/**
258 * Like log_nametypeclass, but logs with log_query for query logging
259 */
260void log_query_in(const char* str, uint8_t* name, uint16_t type,
261	uint16_t dclass);
262
263/**
264 * Compare two sockaddrs. Imposes an ordering on the addresses.
265 * Compares address and port.
266 * @param addr1: address 1.
267 * @param len1: lengths of addr1.
268 * @param addr2: address 2.
269 * @param len2: lengths of addr2.
270 * @return: 0 if addr1 == addr2. -1 if addr1 is smaller, +1 if larger.
271 */
272int sockaddr_cmp(struct sockaddr_storage* addr1, socklen_t len1,
273	struct sockaddr_storage* addr2, socklen_t len2);
274
275/**
276 * Compare two sockaddrs. Compares address, not the port.
277 * @param addr1: address 1.
278 * @param len1: lengths of addr1.
279 * @param addr2: address 2.
280 * @param len2: lengths of addr2.
281 * @return: 0 if addr1 == addr2. -1 if addr1 is smaller, +1 if larger.
282 */
283int sockaddr_cmp_addr(struct sockaddr_storage* addr1, socklen_t len1,
284	struct sockaddr_storage* addr2, socklen_t len2);
285
286/**
287 * Checkout address family.
288 * @param addr: the sockaddr to examine.
289 * @param len: the length of addr.
290 * @return: true if sockaddr is ip6.
291 */
292int addr_is_ip6(struct sockaddr_storage* addr, socklen_t len);
293
294/**
295 * Make sure the sockaddr ends in zeroes. For tree insertion and subsequent
296 * comparison.
297 * @param addr: the ip4 or ip6 addr.
298 * @param len: length of addr.
299 * @param net: number of bits to leave untouched, the rest of the netblock
300 * 	address is zeroed.
301 */
302void addr_mask(struct sockaddr_storage* addr, socklen_t len, int net);
303
304/**
305 * See how many bits are shared, equal, between two addrs.
306 * @param addr1: first addr.
307 * @param net1: netblock size of first addr.
308 * @param addr2: second addr.
309 * @param net2: netblock size of second addr.
310 * @param addrlen: length of first addr and of second addr.
311 * 	They must be of the same length (i.e. same type IP4, IP6).
312 * @return: number of bits the same.
313 */
314int addr_in_common(struct sockaddr_storage* addr1, int net1,
315	struct sockaddr_storage* addr2, int net2, socklen_t addrlen);
316
317/**
318 * Put address into string, works for IPv4 and IPv6.
319 * @param addr: address
320 * @param addrlen: length of address
321 * @param buf: result string stored here
322 * @param len: length of buf.
323 * On failure a string with "error" is stored inside.
324 */
325void addr_to_str(struct sockaddr_storage* addr, socklen_t addrlen,
326	char* buf, size_t len);
327
328/**
329 * See if sockaddr is an ipv6 mapped ipv4 address, "::ffff:0.0.0.0"
330 * @param addr: address
331 * @param addrlen: length of address
332 * @return true if so
333 */
334int addr_is_ip4mapped(struct sockaddr_storage* addr, socklen_t addrlen);
335
336/**
337 * See if sockaddr is 255.255.255.255.
338 * @param addr: address
339 * @param addrlen: length of address
340 * @return true if so
341 */
342int addr_is_broadcast(struct sockaddr_storage* addr, socklen_t addrlen);
343
344/**
345 * See if sockaddr is 0.0.0.0 or ::0.
346 * @param addr: address
347 * @param addrlen: length of address
348 * @return true if so
349 */
350int addr_is_any(struct sockaddr_storage* addr, socklen_t addrlen);
351
352/**
353 * Insert new socket list item. If fails logs error.
354 * @param list: pointer to pointer to first item.
355 * @param addr: address or NULL if 'cache'.
356 * @param len: length of addr, or 0 if 'cache'.
357 * @param region: where to allocate
358 */
359void sock_list_insert(struct sock_list** list, struct sockaddr_storage* addr,
360	socklen_t len, struct regional* region);
361
362/**
363 * Append one list to another.  Must both be from same qstate(regional).
364 * @param list: pointer to result list that is modified.
365 * @param add: item(s) to add.  They are prepended to list.
366 */
367void sock_list_prepend(struct sock_list** list, struct sock_list* add);
368
369/**
370 * Find addr in list.
371 * @param list: to search in
372 * @param addr: address to look for.
373 * @param len: length. Can be 0, look for 'cache entry'.
374 * @return true if found.
375 */
376int sock_list_find(struct sock_list* list, struct sockaddr_storage* addr,
377        socklen_t len);
378
379/**
380 * Merge socklist into another socket list.  Allocates the new entries
381 * freshly and copies them over, so also performs a region switchover.
382 * Allocation failures are logged.
383 * @param list: the destination list (checked for duplicates)
384 * @param region: where to allocate
385 * @param add: the list of entries to add.
386 */
387void sock_list_merge(struct sock_list** list, struct regional* region,
388	struct sock_list* add);
389
390/**
391 * Log libcrypto error with descriptive string. Calls log_err().
392 * @param str: what failed.
393 */
394void log_crypto_err(const char* str);
395
396/**
397 * Log libcrypto error from errcode with descriptive string, calls log_err.
398 * @param str: what failed.
399 * @param err: error code from ERR_get_error.
400 */
401void log_crypto_err_code(const char* str, unsigned long err);
402
403/**
404 * Log certificate details verbosity, string, of X509 cert
405 * @param level: verbosity level
406 * @param str: string to prefix on output
407 * @param cert: X509* structure.
408 */
409void log_cert(unsigned level, const char* str, void* cert);
410
411/**
412 * Set SSL_OP_NOxxx options on SSL context to disable bad crypto
413 * @param ctxt: SSL_CTX*
414 * @return false on failure.
415 */
416int listen_sslctx_setup(void* ctxt);
417
418/**
419 * Further setup of listening SSL context, after keys loaded.
420 * @param ctxt: SSL_CTX*
421 */
422void listen_sslctx_setup_2(void* ctxt);
423
424/**
425 * create SSL listen context
426 * @param key: private key file.
427 * @param pem: public key cert.
428 * @param verifypem: if nonNULL, verifylocation file.
429 * return SSL_CTX* or NULL on failure (logged).
430 */
431void* listen_sslctx_create(char* key, char* pem, char* verifypem);
432
433/**
434 * create SSL connect context
435 * @param key: if nonNULL (also pem nonNULL), the client private key.
436 * @param pem: client public key (or NULL if key is NULL).
437 * @param verifypem: if nonNULL used for verifylocation file.
438 * @param wincert: add system certificate store to ctx (add to verifypem ca
439 * 	certs).
440 * @return SSL_CTX* or NULL on failure (logged).
441 */
442void* connect_sslctx_create(char* key, char* pem, char* verifypem, int wincert);
443
444/**
445 * accept a new fd and wrap it in a BIO in SSL
446 * @param sslctx: the SSL_CTX to use (from listen_sslctx_create()).
447 * @param fd: from accept, nonblocking.
448 * @return SSL or NULL on alloc failure.
449 */
450void* incoming_ssl_fd(void* sslctx, int fd);
451
452/**
453 * connect a new fd and wrap it in a BIO in SSL
454 * @param sslctx: the SSL_CTX to use (from connect_sslctx_create())
455 * @param fd: from connect.
456 * @return SSL or NULL on alloc failure
457 */
458void* outgoing_ssl_fd(void* sslctx, int fd);
459
460/**
461 * check if authname SSL functionality is available, false if not
462 * @param auth_name: the name for the remote server, used for error print.
463 * @return false if SSL functionality to check the SSL name is not available.
464 */
465int check_auth_name_for_ssl(char* auth_name);
466
467/**
468 * set auth name on SSL for verification
469 * @param ssl: SSL* to set
470 * @param auth_name: if NULL nothing happens, otherwise the name to check.
471 * @param use_sni: if SNI will be used.
472 * @return 1 on success or NULL auth_name, 0 on failure.
473 */
474int set_auth_name_on_ssl(void* ssl, char* auth_name, int use_sni);
475
476/**
477 * Initialize openssl locking for thread safety
478 * @return false on failure (alloc failure).
479 */
480int ub_openssl_lock_init(void);
481
482/**
483 * De-init the allocated openssl locks
484 */
485void ub_openssl_lock_delete(void);
486
487/**
488 * setup TLS session ticket
489 * @param sslctx: the SSL_CTX to use (from connect_sslctx_create())
490 * @param tls_session_ticket_keys: TLS ticket secret filenames
491 * @return false on failure (alloc failure).
492 */
493int listen_sslctx_setup_ticket_keys(void* sslctx,
494	struct config_strlist* tls_session_ticket_keys);
495
496/** Free memory used for TLS session ticket keys */
497void listen_sslctx_delete_ticket_keys(void);
498
499/**
500 * RPZ format netblock to network byte order address and netblock
501 * example RPZ netblock format dnames:
502 *  - 24.10.100.51.198.rpz-ip -> 198.51.100.10/24
503 *  - 32.10.zz.db8.2001.rpz-ip -> 2001:db8:0:0:0:0:0:10/32
504 * @param dname: the dname containing RPZ format netblock
505 * @param dnamelen: length of dname
506 * @param addr: where to store sockaddr.
507 * @param addrlen: length of stored sockaddr is returned.
508 * @param net: where to store netmask
509 * @param af: where to store address family.
510 * @return 0 on error.
511 */
512int netblockdnametoaddr(uint8_t* dname, size_t dnamelen,
513	struct sockaddr_storage* addr, socklen_t* addrlen, int* net, int* af);
514
515/** Return strerror or wsastrerror for socket error printout */
516char* sock_strerror(int errn);
517/** close the socket with close, or wsa closesocket */
518void sock_close(int socket);
519
520#endif /* NET_HELP_H */
521