net_help.h revision 1.1.1.8
1111072Sjake/* 2111072Sjake * util/net_help.h - network help functions 3167308Smarius * 4111072Sjake * Copyright (c) 2007, NLnet Labs. All rights reserved. 5111072Sjake * 6111072Sjake * This software is open source. 7111072Sjake * 8111072Sjake * Redistribution and use in source and binary forms, with or without 9111072Sjake * modification, are permitted provided that the following conditions 10111072Sjake * are met: 11111072Sjake * 12111072Sjake * Redistributions of source code must retain the above copyright notice, 13111072Sjake * this list of conditions and the following disclaimer. 14111072Sjake * 15111072Sjake * Redistributions in binary form must reproduce the above copyright notice, 16111072Sjake * this list of conditions and the following disclaimer in the documentation 17111072Sjake * and/or other materials provided with the distribution. 18111072Sjake * 19111072Sjake * Neither the name of the NLNET LABS nor the names of its contributors may 20111072Sjake * be used to endorse or promote products derived from this software without 21111072Sjake * specific prior written permission. 22111072Sjake * 23111072Sjake * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24111072Sjake * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25111072Sjake * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26111072Sjake * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27111072Sjake * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28143129Smarius * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29143129Smarius * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30143129Smarius * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31111072Sjake * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32111072Sjake * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33111072Sjake * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34111072Sjake */ 35111072Sjake 36167308Smarius/** 37111123Sjake * \file 38111072Sjake * 39143826Smarius * This file contains functions to perform network related tasks. 40133589Smarius */ 41152684Smarius 42111072Sjake#ifndef NET_HELP_H 43111072Sjake#define NET_HELP_H 44111072Sjake#include "util/log.h" 45111072Sjake#include "util/random.h" 46111072Sjakestruct sock_list; 47111072Sjakestruct regional; 48111072Sjakestruct config_strlist; 49111072Sjake 50111072Sjake/** DNS constants for uint16_t style flag manipulation. host byteorder. 51111072Sjake * 1 1 1 1 1 1 52111072Sjake * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 53111072Sjake * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 54152684Smarius * |QR| Opcode |AA|TC|RD|RA| Z|AD|CD| RCODE | 55111072Sjake * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 56111072Sjake */ 57111072Sjake/** CD flag */ 58167308Smarius#define BIT_CD 0x0010 59172066Smarius/** AD flag */ 60167308Smarius#define BIT_AD 0x0020 61167308Smarius/** Z flag */ 62167308Smarius#define BIT_Z 0x0040 63167308Smarius/** RA flag */ 64167308Smarius#define BIT_RA 0x0080 65167308Smarius/** RD flag */ 66167308Smarius#define BIT_RD 0x0100 67167308Smarius/** TC flag */ 68167308Smarius#define BIT_TC 0x0200 69167308Smarius/** AA flag */ 70167308Smarius#define BIT_AA 0x0400 71167308Smarius/** QR flag */ 72167308Smarius#define BIT_QR 0x8000 73167308Smarius/** get RCODE bits from uint16 flags */ 74167308Smarius#define FLAGS_GET_RCODE(f) ((f) & 0xf) 75172066Smarius/** set RCODE bits in uint16 flags */ 76172066Smarius#define FLAGS_SET_RCODE(f, r) (f = (((f) & 0xfff0) | (r))) 77178443Smarius 78178443Smarius/** timeout in milliseconds for UDP queries to auth servers. */ 79143826Smarius#define UDP_AUTH_QUERY_TIMEOUT 3000 80152684Smarius/** Advertised version of EDNS capabilities */ 81111123Sjake#define EDNS_ADVERTISED_VERSION 0 82167308Smarius/** Advertised size of EDNS capabilities */ 83167308Smariusextern uint16_t EDNS_ADVERTISED_SIZE; 84167308Smarius/** bits for EDNS bitfield */ 85167308Smarius#define EDNS_DO 0x8000 /* Dnssec Ok */ 86167308Smarius/** byte size of ip4 address */ 87167308Smarius#define INET_SIZE 4 88167308Smarius/** byte size of ip6 address */ 89167308Smarius#define INET6_SIZE 16 90167308Smarius 91167308Smarius/** DNSKEY zone sign key flag */ 92167308Smarius#define DNSKEY_BIT_ZSK 0x0100 93167308Smarius/** DNSKEY secure entry point, KSK flag */ 94167308Smarius#define DNSKEY_BIT_SEP 0x0001 95167308Smarius 96190098Smarius/** return a random 16-bit number given a random source */ 97190098Smarius#define GET_RANDOM_ID(rnd) (((unsigned)ub_random(rnd)>>8) & 0xffff) 98190098Smarius 99190098Smarius/** define MSG_DONTWAIT for unsupported platforms */ 100167308Smarius#ifndef MSG_DONTWAIT 101190114Smarius#define MSG_DONTWAIT 0 102167308Smarius#endif 103167308Smarius 104167308Smarius/** minimal responses when positive answer */ 105167308Smariusextern int MINIMAL_RESPONSES; 106167308Smarius 107167308Smarius/** rrset order roundrobin */ 108167308Smariusextern int RRSET_ROUNDROBIN; 109167308Smarius 110167308Smarius/** log tag queries with name instead of 'info' for filtering */ 111190098Smariusextern int LOG_TAG_QUERYREPLY; 112167308Smarius 113167308Smarius/** 114167308Smarius * See if string is ip4 or ip6. 115167308Smarius * @param str: IP specification. 116167308Smarius * @return: true if string addr is an ip6 specced address. 117167308Smarius */ 118167308Smariusint str_is_ip6(const char* str); 119167308Smarius 120167308Smarius/** 121167308Smarius * Set fd nonblocking. 122167308Smarius * @param s: file descriptor. 123167308Smarius * @return: 0 on error (error is printed to log). 124182070Smarius */ 125182070Smariusint fd_set_nonblock(int s); 126167308Smarius 127172066Smarius/** 128172066Smarius * Set fd (back to) blocking. 129172066Smarius * @param s: file descriptor. 130178443Smarius * @return: 0 on error (error is printed to log). 131178443Smarius */ 132172066Smariusint fd_set_block(int s); 133172066Smarius 134172066Smarius/** 135172066Smarius * See if number is a power of 2. 136172066Smarius * @param num: the value. 137172066Smarius * @return: true if the number is a power of 2. 138172066Smarius */ 139167308Smariusint is_pow2(size_t num); 140111072Sjake 141111072Sjake/** 142111072Sjake * Allocate memory and copy over contents. 143167308Smarius * @param data: what to copy over. 144167308Smarius * @param len: length of data. 145167308Smarius * @return: NULL on malloc failure, or newly malloced data. 146167308Smarius */ 147167308Smariusvoid* memdup(void* data, size_t len); 148111072Sjake 149111072Sjake/** 150167308Smarius * Prints the sockaddr in readable format with log_info. Debug helper. 151111072Sjake * @param v: at what verbosity level to print this. 152111072Sjake * @param str: descriptive string printed with it. 153143826Smarius * @param addr: the sockaddr to print. Can be ip4 or ip6. 154111072Sjake * @param addrlen: length of addr. 155172066Smarius */ 156172066Smariusvoid log_addr(enum verbosity_value v, const char* str, 157111072Sjake struct sockaddr_storage* addr, socklen_t addrlen); 158111072Sjake 159111072Sjake/** 160111072Sjake * Prints zone name and sockaddr in readable format with log_info. Debug. 161167308Smarius * @param v: at what verbosity level to print this. 162111123Sjake * @param str: descriptive string printed with it. 163143142Smarius * @param zone: DNS domain name, uncompressed wireformat. 164143142Smarius * @param addr: the sockaddr to print. Can be ip4 or ip6. 165111072Sjake * @param addrlen: length of addr. 166172066Smarius */ 167167308Smariusvoid log_name_addr(enum verbosity_value v, const char* str, uint8_t* zone, 168167308Smarius struct sockaddr_storage* addr, socklen_t addrlen); 169190098Smarius 170111072Sjake/** 171111072Sjake * Log errno and addr. 172167308Smarius * @param str: descriptive string printed with it. 173111072Sjake * @param err: errno string to print, i.e. strerror(errno). 174172066Smarius * @param addr: the sockaddr to print. Can be ip4 or ip6. 175167308Smarius * @param addrlen: length of addr. 176172066Smarius */ 177167308Smariusvoid log_err_addr(const char* str, const char* err, 178167308Smarius struct sockaddr_storage* addr, socklen_t addrlen); 179190098Smarius 180167308Smarius/** 181190098Smarius * Convert address string, with "@port" appendix, to sockaddr. 182167308Smarius * Uses DNS port by default. 183167308Smarius * @param str: the string 184167308Smarius * @param addr: where to store sockaddr. 185167308Smarius * @param addrlen: length of stored sockaddr is returned. 186167308Smarius * @param port: default port. 187167308Smarius * @return 0 on error. 188167308Smarius */ 189172066Smariusint extstrtoaddr(const char* str, struct sockaddr_storage* addr, 190172066Smarius socklen_t* addrlen, int port); 191172066Smarius 192167308Smarius/** 193172066Smarius * Convert ip address string and port to sockaddr. 194167308Smarius * @param ip: ip4 or ip6 address string. 195167308Smarius * @param port: port number, host format. 196167308Smarius * @param addr: where to store sockaddr. 197167308Smarius * @param addrlen: length of stored sockaddr is returned. 198167308Smarius * @return 0 on error. 199167308Smarius */ 200172066Smariusint ipstrtoaddr(const char* ip, int port, struct sockaddr_storage* addr, 201143129Smarius socklen_t* addrlen); 202143826Smarius 203143129Smarius/** 204143826Smarius * Convert ip netblock (ip/netsize) string and port to sockaddr. 205143826Smarius * performs a copy internally to avoid writing over 'ip' string. 206143129Smarius * @param ip: ip4 or ip6 address string. 207111072Sjake * @param port: port number, host format. 208172066Smarius * @param addr: where to store sockaddr. 209172066Smarius * @param addrlen: length of stored sockaddr is returned. 210111072Sjake * @param net: netblock size is returned. 211111072Sjake * @return 0 on error. 212172066Smarius */ 213172066Smariusint netblockstrtoaddr(const char* ip, int port, struct sockaddr_storage* addr, 214172066Smarius socklen_t* addrlen, int* net); 215111123Sjake 216172066Smarius/** 217172066Smarius * Convert address string, with "@port" appendix, to sockaddr. 218111123Sjake * It can also have an "#tls-auth-name" appendix (after the port). 219111123Sjake * The returned auth_name string is a pointer into the input string. 220172066Smarius * Uses DNS port by default; TLS port when a "#tls-auth-name" is configured. 221172066Smarius * @param str: the string 222111123Sjake * @param addr: where to store sockaddr. 223111072Sjake * @param addrlen: length of stored sockaddr is returned. 224111072Sjake * @param auth_name: returned pointer to tls_auth_name, or NULL if none. 225111072Sjake * @return 0 on error. 226167308Smarius */ 227167308Smariusint authextstrtoaddr(char* str, struct sockaddr_storage* addr, 228167308Smarius socklen_t* addrlen, char** auth_name); 229111072Sjake 230111072Sjake/** 231172066Smarius * Convert domain string, with "@port" appendix, to dname. 232172066Smarius * It can also have an "#tls-auth-name" appendix (after the port). 233172066Smarius * The return port is the parsed port. 234172066Smarius * Uses DNS port by default; TLS port when a "#tls-auth-name" is configured. 235172066Smarius * The returned auth_name string is a pointer into the input string. 236172066Smarius * @param str: the string 237172066Smarius * @param port: pointer to be assigned the parsed port value. 238172066Smarius * @param auth_name: returned pointer to tls_auth_name, or NULL if none. 239172066Smarius * @return pointer to the dname. 240172066Smarius */ 241190098Smariusuint8_t* authextstrtodname(char* str, int* port, char** auth_name); 242190098Smarius 243172066Smarius/** 244172066Smarius * Store port number into sockaddr structure 245172066Smarius * @param addr: sockaddr structure, ip4 or ip6. 246172066Smarius * @param addrlen: length of addr. 247172066Smarius * @param port: port number to put into the addr. 248172066Smarius */ 249172066Smariusvoid sockaddr_store_port(struct sockaddr_storage* addr, socklen_t addrlen, 250172066Smarius int port); 251172066Smarius 252172066Smarius/** 253172066Smarius * Print string with neat domain name, type and class. 254172066Smarius * @param v: at what verbosity level to print this. 255172066Smarius * @param str: string of message. 256172066Smarius * @param name: domain name uncompressed wireformat. 257172066Smarius * @param type: host format RR type. 258172066Smarius * @param dclass: host format RR class. 259172066Smarius */ 260172066Smariusvoid log_nametypeclass(enum verbosity_value v, const char* str, 261172066Smarius uint8_t* name, uint16_t type, uint16_t dclass); 262190098Smarius 263172066Smarius/** 264190098Smarius * Like log_nametypeclass, but logs with log_query for query logging 265190098Smarius */ 266190098Smariusvoid log_query_in(const char* str, uint8_t* name, uint16_t type, 267190098Smarius uint16_t dclass); 268190098Smarius 269172066Smarius/** 270172066Smarius * Compare two sockaddrs. Imposes an ordering on the addresses. 271172066Smarius * Compares address and port. 272143826Smarius * @param addr1: address 1. 273143826Smarius * @param len1: lengths of addr1. 274143826Smarius * @param addr2: address 2. 275111072Sjake * @param len2: lengths of addr2. 276152684Smarius * @return: 0 if addr1 == addr2. -1 if addr1 is smaller, +1 if larger. 277152684Smarius */ 278152684Smariusint sockaddr_cmp(struct sockaddr_storage* addr1, socklen_t len1, 279111072Sjake struct sockaddr_storage* addr2, socklen_t len2); 280152684Smarius 281190098Smarius/** 282152684Smarius * Compare two sockaddrs. Compares address, not the port. 283190098Smarius * @param addr1: address 1. 284152684Smarius * @param len1: lengths of addr1. 285152684Smarius * @param addr2: address 2. 286152684Smarius * @param len2: lengths of addr2. 287152684Smarius * @return: 0 if addr1 == addr2. -1 if addr1 is smaller, +1 if larger. 288152684Smarius */ 289152684Smariusint sockaddr_cmp_addr(struct sockaddr_storage* addr1, socklen_t len1, 290152684Smarius struct sockaddr_storage* addr2, socklen_t len2); 291190098Smarius 292190098Smarius/** 293190098Smarius * Checkout address family. 294190098Smarius * @param addr: the sockaddr to examine. 295152684Smarius * @param len: the length of addr. 296172066Smarius * @return: true if sockaddr is ip6. 297190098Smarius */ 298172066Smariusint addr_is_ip6(struct sockaddr_storage* addr, socklen_t len); 299190098Smarius 300190098Smarius/** 301190098Smarius * Make sure the sockaddr ends in zeroes. For tree insertion and subsequent 302172066Smarius * comparison. 303190098Smarius * @param addr: the ip4 or ip6 addr. 304172066Smarius * @param len: length of addr. 305172066Smarius * @param net: number of bits to leave untouched, the rest of the netblock 306152684Smarius * address is zeroed. 307152684Smarius */ 308111072Sjakevoid addr_mask(struct sockaddr_storage* addr, socklen_t len, int net); 309152684Smarius 310152684Smarius/** 311152684Smarius * See how many bits are shared, equal, between two addrs. 312152684Smarius * @param addr1: first addr. 313152684Smarius * @param net1: netblock size of first addr. 314152684Smarius * @param addr2: second addr. 315152684Smarius * @param net2: netblock size of second addr. 316152684Smarius * @param addrlen: length of first addr and of second addr. 317152684Smarius * They must be of the same length (i.e. same type IP4, IP6). 318111072Sjake * @return: number of bits the same. 319111072Sjake */ 320111072Sjakeint addr_in_common(struct sockaddr_storage* addr1, int net1, 321167308Smarius struct sockaddr_storage* addr2, int net2, socklen_t addrlen); 322167308Smarius 323167308Smarius/** 324167308Smarius * Put address into string, works for IPv4 and IPv6. 325167308Smarius * @param addr: address 326167308Smarius * @param addrlen: length of address 327182070Smarius * @param buf: result string stored here 328111072Sjake * @param len: length of buf. 329111072Sjake * On failure a string with "error" is stored inside. 330167308Smarius */ 331111072Sjakevoid addr_to_str(struct sockaddr_storage* addr, socklen_t addrlen, 332111072Sjake char* buf, size_t len); 333111072Sjake 334111072Sjake/** 335111072Sjake * Check if the prefix network length is one of the allowed 32, 40, 48, 56, 64, 336152684Smarius * or 96. 337111072Sjake * @param prefixnet: prefix network length to check. 338111072Sjake * @return 1 on success, 0 on failure. 339111072Sjake */ 340111072Sjakeint prefixnet_is_nat64(int prefixnet); 341167308Smarius 342111072Sjake/** 343111072Sjake * Create a NAT64 address from a given address (needs to be IPv4) and a given 344152684Smarius * NAT64 prefix. The NAT64 prefix net needs to be one of 32, 40, 48, 56, 64, 96. 345111072Sjake * @param addr: IPv4 address. 346152684Smarius * @param nat64_prefix: NAT64 prefix. 347152684Smarius * @param nat64_prefixlen: NAT64 prefix len. 348152684Smarius * @param nat64_prefixnet: NAT64 prefix mask. 349111072Sjake * @param nat64_addr: the resulting NAT64 address. 350152684Smarius * @param nat64_addrlen: the resulting NAT64 address length. 351111072Sjake */ 352111072Sjakevoid addr_to_nat64(const struct sockaddr_storage* addr, 353172066Smarius const struct sockaddr_storage* nat64_prefix, 354172066Smarius socklen_t nat64_prefixlen, int nat64_prefixnet, 355111072Sjake struct sockaddr_storage* nat64_addr, socklen_t* nat64_addrlen); 356172066Smarius 357172066Smarius/** 358111072Sjake * See if sockaddr is an ipv6 mapped ipv4 address, "::ffff:0.0.0.0" 359172066Smarius * @param addr: address 360172066Smarius * @param addrlen: length of address 361172066Smarius * @return true if so 362111072Sjake */ 363111072Sjakeint addr_is_ip4mapped(struct sockaddr_storage* addr, socklen_t addrlen); 364172066Smarius 365172066Smarius/** 366111072Sjake * See if sockaddr is 255.255.255.255. 367172066Smarius * @param addr: address 368172066Smarius * @param addrlen: length of address 369111072Sjake * @return true if so 370172066Smarius */ 371172066Smariusint addr_is_broadcast(struct sockaddr_storage* addr, socklen_t addrlen); 372111072Sjake 373111072Sjake/** 374172066Smarius * See if sockaddr is 0.0.0.0 or ::0. 375178443Smarius * @param addr: address 376170387Spiso * @param addrlen: length of address 377172066Smarius * @return true if so 378172066Smarius */ 379170387Spisoint addr_is_any(struct sockaddr_storage* addr, socklen_t addrlen); 380178443Smarius 381178443Smarius/** 382178443Smarius * Insert new socket list item. If fails logs error. 383178443Smarius * @param list: pointer to pointer to first item. 384178443Smarius * @param addr: address or NULL if 'cache'. 385178443Smarius * @param len: length of addr, or 0 if 'cache'. 386178443Smarius * @param region: where to allocate 387178443Smarius */ 388178443Smariusvoid sock_list_insert(struct sock_list** list, struct sockaddr_storage* addr, 389178443Smarius socklen_t len, struct regional* region); 390178443Smarius 391172066Smarius/** 392172066Smarius * Append one list to another. Must both be from same qstate(regional). 393170387Spiso * @param list: pointer to result list that is modified. 394170387Spiso * @param add: item(s) to add. They are prepended to list. 395172066Smarius */ 396172066Smariusvoid sock_list_prepend(struct sock_list** list, struct sock_list* add); 397172066Smarius 398111123Sjake/** 399172066Smarius * Find addr in list. 400172066Smarius * @param list: to search in 401111123Sjake * @param addr: address to look for. 402172066Smarius * @param len: length. Can be 0, look for 'cache entry'. 403172066Smarius * @return true if found. 404172066Smarius */ 405172066Smariusint sock_list_find(struct sock_list* list, struct sockaddr_storage* addr, 406182070Smarius socklen_t len); 407172066Smarius 408172066Smarius/** 409172066Smarius * Merge socklist into another socket list. Allocates the new entries 410182070Smarius * freshly and copies them over, so also performs a region switchover. 411182070Smarius * Allocation failures are logged. 412172066Smarius * @param list: the destination list (checked for duplicates) 413172066Smarius * @param region: where to allocate 414111123Sjake * @param add: the list of entries to add. 415111123Sjake */ 416167308Smariusvoid sock_list_merge(struct sock_list** list, struct regional* region, 417111072Sjake struct sock_list* add); 418111072Sjake 419111072Sjake/** 420143826Smarius * Log libcrypto error with descriptive string. Calls log_err(). 421111072Sjake * @param str: what failed. 422111072Sjake */ 423111072Sjakevoid log_crypto_err(const char* str); 424111072Sjake 425111072Sjake/** 426111072Sjake * Log libcrypto error from errcode with descriptive string, calls log_err. 427111072Sjake * @param str: what failed. 428143826Smarius * @param err: error code from ERR_get_error. 429111072Sjake */ 430111072Sjakevoid log_crypto_err_code(const char* str, unsigned long err); 431111072Sjake 432143826Smarius/** 433111072Sjake * Log an error from libcrypto that came from SSL_write and so on, with 434143826Smarius * a value from SSL_get_error, calls log_err. If that fails it logs with 435143826Smarius * log_crypto_err. 436111072Sjake * @param str: what failed 437111072Sjake * @param r: output of SSL_get_error on the I/O operation result. 438111072Sjake */ 439143826Smariusvoid log_crypto_err_io(const char* str, int r); 440143826Smarius 441111072Sjake/** 442143826Smarius * Log an error from libcrypt that came from an I/O routine with the 443172066Smarius * errcode from ERR_get_error. Calls log_err() and log_crypto_err_code. 444143826Smarius * @param str: what failed 445143826Smarius * @param r: output of SSL_get_error on the I/O operation result. 446143826Smarius * @param err: error code from ERR_get_error 447143826Smarius */ 448143826Smariusvoid log_crypto_err_io_code(const char* str, int r, unsigned long err); 449143826Smarius 450143826Smarius/** 451143826Smarius * Log certificate details verbosity, string, of X509 cert 452143826Smarius * @param level: verbosity level 453143826Smarius * @param str: string to prefix on output 454111072Sjake * @param cert: X509* structure. 455111072Sjake */ 456111072Sjakevoid log_cert(unsigned level, const char* str, void* cert); 457111072Sjake 458111072Sjake/** 459111072Sjake * Set SSL_OP_NOxxx options on SSL context to disable bad crypto 460111072Sjake * @param ctxt: SSL_CTX* 461111072Sjake * @return false on failure. 462111072Sjake */ 463111072Sjakeint listen_sslctx_setup(void* ctxt); 464111072Sjake 465143826Smarius/** 466143826Smarius * Further setup of listening SSL context, after keys loaded. 467111072Sjake * @param ctxt: SSL_CTX* 468111072Sjake */ 469111072Sjakevoid listen_sslctx_setup_2(void* ctxt); 470111072Sjake 471111072Sjake/** 472111072Sjake * create SSL listen context 473111072Sjake * @param key: private key file. 474111072Sjake * @param pem: public key cert. 475167308Smarius * @param verifypem: if nonNULL, verifylocation file. 476143826Smarius * return SSL_CTX* or NULL on failure (logged). 477111072Sjake */ 478111072Sjakevoid* listen_sslctx_create(char* key, char* pem, char* verifypem); 479111072Sjake 480111072Sjake/** 481143826Smarius * create SSL connect context 482111072Sjake * @param key: if nonNULL (also pem nonNULL), the client private key. 483133589Smarius * @param pem: client public key (or NULL if key is NULL). 484167308Smarius * @param verifypem: if nonNULL used for verifylocation file. 485152684Smarius * @param wincert: add system certificate store to ctx (add to verifypem ca 486152684Smarius * certs). 487152684Smarius * @return SSL_CTX* or NULL on failure (logged). 488152684Smarius */ 489152684Smariusvoid* connect_sslctx_create(char* key, char* pem, char* verifypem, int wincert); 490152684Smarius 491152684Smarius/** 492152684Smarius * accept a new fd and wrap it in a BIO in SSL 493143826Smarius * @param sslctx: the SSL_CTX to use (from listen_sslctx_create()). 494143826Smarius * @param fd: from accept, nonblocking. 495143826Smarius * @return SSL or NULL on alloc failure. 496143826Smarius */ 497143826Smariusvoid* incoming_ssl_fd(void* sslctx, int fd); 498143826Smarius 499143826Smarius/** 500143826Smarius * connect a new fd and wrap it in a BIO in SSL 501172066Smarius * @param sslctx: the SSL_CTX to use (from connect_sslctx_create()) 502143826Smarius * @param fd: from connect. 503143826Smarius * @return SSL or NULL on alloc failure 504143826Smarius */ 505143826Smariusvoid* outgoing_ssl_fd(void* sslctx, int fd); 506143826Smarius 507172066Smarius/** 508172066Smarius * check if authname SSL functionality is available, false if not 509143826Smarius * @param auth_name: the name for the remote server, used for error print. 510143826Smarius * @return false if SSL functionality to check the SSL name is not available. 511152684Smarius */ 512152684Smariusint check_auth_name_for_ssl(char* auth_name); 513133589Smarius 514152684Smarius/** 515133589Smarius * set auth name on SSL for verification 516152684Smarius * @param ssl: SSL* to set 517152684Smarius * @param auth_name: if NULL nothing happens, otherwise the name to check. 518152684Smarius * @param use_sni: if SNI will be used. 519152684Smarius * @return 1 on success or NULL auth_name, 0 on failure. 520152684Smarius */ 521133589Smariusint set_auth_name_on_ssl(void* ssl, char* auth_name, int use_sni); 522 523/** 524 * Initialize openssl locking for thread safety 525 * @return false on failure (alloc failure). 526 */ 527int ub_openssl_lock_init(void); 528 529/** 530 * De-init the allocated openssl locks 531 */ 532void ub_openssl_lock_delete(void); 533 534/** 535 * setup TLS session ticket 536 * @param sslctx: the SSL_CTX to use (from connect_sslctx_create()) 537 * @param tls_session_ticket_keys: TLS ticket secret filenames 538 * @return false on failure (alloc failure). 539 */ 540int listen_sslctx_setup_ticket_keys(void* sslctx, 541 struct config_strlist* tls_session_ticket_keys); 542 543/** Free memory used for TLS session ticket keys */ 544void listen_sslctx_delete_ticket_keys(void); 545 546/** 547 * RPZ format netblock to network byte order address and netblock 548 * example RPZ netblock format dnames: 549 * - 24.10.100.51.198.rpz-ip -> 198.51.100.10/24 550 * - 32.10.zz.db8.2001.rpz-ip -> 2001:db8:0:0:0:0:0:10/32 551 * @param dname: the dname containing RPZ format netblock 552 * @param dnamelen: length of dname 553 * @param addr: where to store sockaddr. 554 * @param addrlen: length of stored sockaddr is returned. 555 * @param net: where to store netmask 556 * @param af: where to store address family. 557 * @return 0 on error. 558 */ 559int netblockdnametoaddr(uint8_t* dname, size_t dnamelen, 560 struct sockaddr_storage* addr, socklen_t* addrlen, int* net, int* af); 561 562/** Return strerror or wsastrerror for socket error printout */ 563char* sock_strerror(int errn); 564/** close the socket with close, or wsa closesocket */ 565void sock_close(int socket); 566 567#endif /* NET_HELP_H */ 568