Added interface for DNS resolvers
This commit is contained in:
parent
c381e46855
commit
ffdeeb6609
|
@ -63,6 +63,8 @@ database/database.h database/database_factory.h fetcher/fetcher.h \
|
|||
fetcher/fetcher_manager.h eap/eap.h pen/pen.h ipsec/ipsec_types.h \
|
||||
networking/host.h networking/host_resolver.h networking/packet.h \
|
||||
networking/tun_device.h \
|
||||
resolver/resolver.h resolver/resolver_response.h resolver/rr_set.h \
|
||||
resolver/rr.h \
|
||||
plugins/plugin_loader.h plugins/plugin.h plugins/plugin_feature.h \
|
||||
processing/jobs/job.h processing/jobs/callback_job.h processing/processor.h \
|
||||
processing/scheduler.h selectors/traffic_selector.h \
|
||||
|
|
|
@ -49,6 +49,9 @@
|
|||
* @defgroup fetcher fetcher
|
||||
* @ingroup libstrongswan
|
||||
*
|
||||
* @defgroup resolver resolver
|
||||
* @ingroup libstrongswan
|
||||
*
|
||||
* @defgroup ipsec ipsec
|
||||
* @ingroup libstrongswan
|
||||
*
|
||||
|
|
|
@ -0,0 +1,65 @@
|
|||
/*
|
||||
* Copyright (C) 2011-2012 Reto Guadagnini
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @defgroup resolveri resolver
|
||||
* @{ @ingroup resolver
|
||||
*/
|
||||
|
||||
#ifndef RESOLVER_H_
|
||||
#define RESOLVER_H_
|
||||
|
||||
typedef struct resolver_t resolver_t;
|
||||
|
||||
/**
|
||||
* Constructor function which creates resolver instances.
|
||||
*
|
||||
* Creates a new DNS resolver with settings from the file resolv_conf and
|
||||
* keys from the file ta_file as DNSSEC trust anchor.
|
||||
*
|
||||
* @param resolv_conf path to the file resolv.conf
|
||||
* @param ta_file path to a file with the DNSSEC trust anchors
|
||||
* @return resolver instance
|
||||
*/
|
||||
typedef resolver_t* (*resolver_constructor_t)(char *resolv_conf, char *ta_file);
|
||||
|
||||
#include <resolver/resolver_response.h>
|
||||
#include <resolver/rr_set.h>
|
||||
#include <resolver/rr.h>
|
||||
|
||||
/**
|
||||
* Interface of a security-aware DNS resolver.
|
||||
*
|
||||
*/
|
||||
struct resolver_t {
|
||||
|
||||
/**
|
||||
* Perform a DNS query.
|
||||
*
|
||||
* @param domain domain (FQDN) to query
|
||||
* @param rr_class class of the desired RRs
|
||||
* @param rr_type type of the desired RRs
|
||||
* @return response to the query, NULL on failure
|
||||
*/
|
||||
resolver_response_t *(*query)(resolver_t *this, char *domain,
|
||||
rr_class_t rr_class, rr_type_t rr_type);
|
||||
|
||||
/**
|
||||
* Destroy the resolver instance.
|
||||
*/
|
||||
void (*destroy)(resolver_t *this);
|
||||
};
|
||||
|
||||
#endif /** RESOLVER_H_ @}*/
|
|
@ -0,0 +1,143 @@
|
|||
/*
|
||||
* Copyright (C) 2012 Reto Guadagnini
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @defgroup rsolver_response resolver_response
|
||||
* @{ @ingroup resolver
|
||||
*/
|
||||
|
||||
#ifndef RESOLVER_RESPONSE_H_
|
||||
#define RESOLVER_RESPONSE_H_
|
||||
|
||||
typedef struct resolver_response_t resolver_response_t;
|
||||
typedef enum dnssec_status_t dnssec_status_t;
|
||||
|
||||
#include <library.h>
|
||||
#include <resolver/rr_set.h>
|
||||
|
||||
/**
|
||||
* DNSSEC security state.
|
||||
*
|
||||
* DNSSEC security state, which a security aware resolver is able determine
|
||||
* according to RFC 4033.
|
||||
*/
|
||||
enum dnssec_status_t {
|
||||
/**
|
||||
* The validating resolver has a trust anchor, has a chain of
|
||||
* trust, and is able to verify all the signatures in the response.
|
||||
* [RFC4033]
|
||||
*/
|
||||
SECURE,
|
||||
/**
|
||||
* The validating resolver has a trust anchor, a chain of
|
||||
* trust, and, at some delegation point, signed proof of the
|
||||
* non-existence of a DS record. This indicates that subsequent
|
||||
* branches in the tree are provably insecure. A validating resolver
|
||||
* may have a local policy to mark parts of the domain space as
|
||||
* insecure. [RFC4033]
|
||||
*/
|
||||
INSECURE,
|
||||
/**
|
||||
* The validating resolver has a trust anchor and a secure
|
||||
* delegation indicating that subsidiary data is signed, but the
|
||||
* response fails to validate for some reason: missing signatures,
|
||||
* expired signatures, signatures with unsupported algorithms, data
|
||||
* missing that the relevant NSEC RR says should be present, and so
|
||||
* forth. [RFC4033]
|
||||
*/
|
||||
BOGUS,
|
||||
/**
|
||||
* There is no trust anchor that would indicate that a
|
||||
* specific portion of the tree is secure. This is the default
|
||||
* operation mode. [RFC4033]
|
||||
*/
|
||||
INDETERMINATE,
|
||||
};
|
||||
|
||||
|
||||
/**
|
||||
* A response of the DNS resolver to a DNS query.
|
||||
*
|
||||
* A response represents the answer of the Domain Name System to a query.
|
||||
* It contains the RRset with the queried Resource Records and additional
|
||||
* information.
|
||||
*/
|
||||
struct resolver_response_t {
|
||||
|
||||
/**
|
||||
* Get the original question string.
|
||||
*
|
||||
* The string to which the returned pointer points, is still owned
|
||||
* by the resolver_response. Clone it if necessary.
|
||||
*
|
||||
* @return the queried name
|
||||
*/
|
||||
char *(*get_query_name)(resolver_response_t *this);
|
||||
|
||||
/**
|
||||
* Get the canonical name of the result.
|
||||
*
|
||||
* The string to which the returned pointer points, is still owned
|
||||
* by the resolver_response. Clone it if necessary.
|
||||
*
|
||||
* @return - canonical name of result
|
||||
* - NULL, if result has no canonical name
|
||||
*/
|
||||
char *(*get_canon_name)(resolver_response_t *this);
|
||||
|
||||
/**
|
||||
* Does the RRset of this response contain some Resource Records?
|
||||
*
|
||||
* Returns TRUE if the RRset of this response contains some RRs
|
||||
* (RRSIG Resource Records are ignored).
|
||||
*
|
||||
* @return
|
||||
* - TRUE, if there are some RRs in the RRset
|
||||
* - FALSE, otherwise
|
||||
*/
|
||||
bool (*has_data)(resolver_response_t *this);
|
||||
|
||||
/**
|
||||
* Does the queried name exist?
|
||||
*
|
||||
* @return
|
||||
* - TRUE, if the queried name exists
|
||||
* - FALSE, otherwise
|
||||
*/
|
||||
bool (*query_name_exist)(resolver_response_t *this);
|
||||
|
||||
/**
|
||||
* Get the DNSSEC security state of the response.
|
||||
*
|
||||
* @return DNSSEC security state
|
||||
*/
|
||||
dnssec_status_t (*get_security_state)(resolver_response_t *this);
|
||||
|
||||
/**
|
||||
* Get the RRset with all Resource Records of this response.
|
||||
*
|
||||
* @return - RRset
|
||||
* - NULL if there is no data or the query name
|
||||
* does not exist
|
||||
*/
|
||||
rr_set_t *(*get_rr_set)(resolver_response_t *this);
|
||||
|
||||
/**
|
||||
* Destroy this response.
|
||||
*/
|
||||
void (*destroy) (resolver_response_t *this);
|
||||
};
|
||||
|
||||
#endif /** RR_SET_H_ @}*/
|
|
@ -0,0 +1,268 @@
|
|||
/*
|
||||
* Copyright (C) 2012 Reto Guadagnini
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @defgroup rr rr
|
||||
* @{ @ingroup resolver
|
||||
*/
|
||||
|
||||
#ifndef RR_H_
|
||||
#define RR_H_
|
||||
|
||||
typedef struct rr_t rr_t;
|
||||
typedef enum rr_type_t rr_type_t;
|
||||
typedef enum rr_class_t rr_class_t;
|
||||
|
||||
#include <library.h>
|
||||
|
||||
/**
|
||||
* Resource Record types.
|
||||
*
|
||||
* According to www.iana.org/assignments/dns-parameters (version 2012-03-13).
|
||||
*/
|
||||
enum rr_type_t {
|
||||
/** a host address */
|
||||
RR_TYPE_A = 1,
|
||||
/** an authoritative name server */
|
||||
RR_TYPE_NS = 2,
|
||||
//** a mail destination (OBSOLETE - use MX */
|
||||
RR_TYPE_MD = 3,
|
||||
/** a mail forwarder (OBSOLETE - use MX) */
|
||||
RR_TYPE_MF = 4,
|
||||
/** the canonical name for an alias */
|
||||
RR_TYPE_CNAME = 5,
|
||||
/** marks the start of a zone of authority */
|
||||
RR_TYPE_SOA = 6,
|
||||
/** a mailbox domain name (EXPERIMENTAL) */
|
||||
RR_TYPE_MB = 7,
|
||||
/** a mail group member (EXPERIMENTAL) */
|
||||
RR_TYPE_MG = 8,
|
||||
/** a mail rename domain name (EXPERIMENTAL) */
|
||||
RR_TYPE_MR = 9,
|
||||
/** a null RR (EXPERIMENTAL) */
|
||||
RR_TYPE_NULL = 10,
|
||||
/** a well known service description */
|
||||
RR_TYPE_WKS = 11,
|
||||
/** a domain name pointer */
|
||||
RR_TYPE_PTR = 12,
|
||||
/** host information */
|
||||
RR_TYPE_HINFO = 13,
|
||||
/** mailbox or mail list information */
|
||||
RR_TYPE_MINFO = 14,
|
||||
/** mail exchange */
|
||||
RR_TYPE_MX = 15,
|
||||
/** text strings */
|
||||
RR_TYPE_TXT = 16,
|
||||
/** for Responsible Person */
|
||||
RR_TYPE_RP = 17,
|
||||
/** for AFS Data Base location */
|
||||
RR_TYPE_AFSDB = 18,
|
||||
/** for X.25 PSDN address */
|
||||
RR_TYPE_X25 = 19,
|
||||
/** for ISDN address */
|
||||
RR_TYPE_ISDN = 20,
|
||||
/** for Route Through */
|
||||
RR_TYPE_RT = 21,
|
||||
/** for NSAP address, NSAP style A record */
|
||||
RR_TYPE_NSAP = 22,
|
||||
/** for domain name pointer, NSAP style */
|
||||
RR_TYPE_NSAP_PTR = 23,
|
||||
/** for security signature */
|
||||
RR_TYPE_SIG = 24,
|
||||
/** for security key */
|
||||
RR_TYPE_KEY = 25,
|
||||
/** X.400 mail mapping information */
|
||||
RR_TYPE_PX = 26,
|
||||
/** Geographical Position */
|
||||
RR_TYPE_GPOS = 27,
|
||||
/** ipv6 address */
|
||||
RR_TYPE_AAAA = 28,
|
||||
/** Location Information */
|
||||
RR_TYPE_LOC = 29,
|
||||
/** Next Domain (OBSOLETE) */
|
||||
RR_TYPE_NXT = 30,
|
||||
/** Endpoint Identifier */
|
||||
RR_TYPE_EID = 31,
|
||||
/** Nimrod Locator */
|
||||
RR_TYPE_NIMLOC = 32,
|
||||
/** Server Selection */
|
||||
RR_TYPE_SRV = 33,
|
||||
/** ATM Address */
|
||||
RR_TYPE_ATMA = 34,
|
||||
/** Naming Authority Pointer */
|
||||
RR_TYPE_NAPTR = 35,
|
||||
/** Key Exchanger */
|
||||
RR_TYPE_KX = 36,
|
||||
/** CERT */
|
||||
RR_TYPE_CERT = 37,
|
||||
/** A6 (OBSOLETE - use AAAA) */
|
||||
RR_TYPE_A6 = 38,
|
||||
/** DNAME */
|
||||
RR_TYPE_DNAME = 39,
|
||||
/** SINK */
|
||||
RR_TYPE_SINK = 40,
|
||||
/** OPT */
|
||||
RR_TYPE_OPT = 41,
|
||||
/** APL */
|
||||
RR_TYPE_APL = 42,
|
||||
/** Delegation Signer */
|
||||
RR_TYPE_DS = 43,
|
||||
/** SSH Key Fingerprint */
|
||||
RR_TYPE_SSHFP = 44,
|
||||
/** IPSECKEY */
|
||||
RR_TYPE_IPSECKEY = 45,
|
||||
/** RRSIG */
|
||||
RR_TYPE_RRSIG = 46,
|
||||
/** NSEC */
|
||||
RR_TYPE_NSEC = 47,
|
||||
/** DNSKEY */
|
||||
RR_TYPE_DNSKEY = 48,
|
||||
/** DHCID */
|
||||
RR_TYPE_DHCID = 49,
|
||||
/** NSEC3 */
|
||||
RR_TYPE_NSEC3 = 50,
|
||||
/** NSEC3PARAM */
|
||||
RR_TYPE_NSEC3PARAM = 51,
|
||||
|
||||
/** Unassigned 52-54 */
|
||||
|
||||
/** Host Identity Protocol */
|
||||
RR_TYPE_HIP = 55,
|
||||
/** NINFO */
|
||||
RR_TYPE_NINFO = 56,
|
||||
/** RKEY */
|
||||
RR_TYPE_RKEY = 57,
|
||||
/** Trust Anchor LINK */
|
||||
RR_TYPE_TALINK = 58,
|
||||
/** Child DS */
|
||||
RR_TYPE_CDS = 59,
|
||||
|
||||
/** Unassigned 60-98 */
|
||||
|
||||
/** SPF */
|
||||
RR_TYPE_SPF = 99,
|
||||
/** UINFO */
|
||||
RR_TYPE_UINFO = 100,
|
||||
/** UID */
|
||||
RR_TYPE_UID = 101,
|
||||
/** GID */
|
||||
RR_TYPE_GID = 102,
|
||||
/** UNSPEC */
|
||||
RR_TYPE_UNSPEC = 103,
|
||||
|
||||
/** Unassigned 104-248 */
|
||||
|
||||
/** Transaction Key */
|
||||
RR_TYPE_TKEY = 249,
|
||||
/** Transaction Signature */
|
||||
RR_TYPE_TSIG = 250,
|
||||
/** incremental transfer */
|
||||
RR_TYPE_IXFR = 251,
|
||||
/** transfer of an entire zone */
|
||||
RR_TYPE_AXFR = 252,
|
||||
/** mailbox-related RRs (MB, MG or MR) */
|
||||
RR_TYPE_MAILB = 253,
|
||||
/** mail agent RRs (OBSOLETE - see MX) */
|
||||
RR_TYPE_MAILA = 254,
|
||||
/** A request for all records */
|
||||
RR_TYPE_ANY = 255,
|
||||
/** URI */
|
||||
RR_TYPE_URI = 256,
|
||||
/** Certification Authority Authorization */
|
||||
RR_TYPE_CAA = 257,
|
||||
|
||||
/** Unassigned 258-32767 */
|
||||
|
||||
/** DNSSEC Trust Authorities */
|
||||
RR_TYPE_TA = 32768,
|
||||
/** DNSSEC Lookaside Validation */
|
||||
RR_TYPE_DLV = 32769,
|
||||
|
||||
/** Unassigned 32770-65279 */
|
||||
|
||||
/** Private use 65280-65534 */
|
||||
|
||||
/** Reserved 65535 */
|
||||
};
|
||||
|
||||
|
||||
/**
|
||||
* Resource Record CLASSes
|
||||
*/
|
||||
enum rr_class_t {
|
||||
/** Internet */
|
||||
RR_CLASS_IN = 1,
|
||||
/** Chaos */
|
||||
RR_CLASS_CH = 3,
|
||||
/** Hesiod */
|
||||
RR_CLASS_HS = 4,
|
||||
/** further CLASSes: http://wwwiana.org/assignments/dns-parameters */
|
||||
};
|
||||
|
||||
|
||||
/**
|
||||
* A DNS Resource Record.
|
||||
*
|
||||
* Represents a Resource Record of the Domain Name System
|
||||
* as defined in RFC 1035.
|
||||
*
|
||||
*/
|
||||
struct rr_t {
|
||||
|
||||
/**
|
||||
* Get the NAME of the owner of this RR.
|
||||
*
|
||||
* @return owner name as string
|
||||
*/
|
||||
char *(*get_name)(rr_t *this);
|
||||
|
||||
/**
|
||||
* Get the type of this RR.
|
||||
*
|
||||
* @return RR type
|
||||
*/
|
||||
rr_type_t (*get_type)(rr_t *this);
|
||||
|
||||
/**
|
||||
* Get the class of this RR.
|
||||
*
|
||||
* @return RR class
|
||||
*/
|
||||
rr_class_t (*get_class)(rr_t *this);
|
||||
|
||||
/**
|
||||
* Get the Time to Live (TTL) of this RR.
|
||||
*
|
||||
* @return Time to Live
|
||||
*/
|
||||
uint32_t (*get_ttl)(rr_t *this);
|
||||
|
||||
/**
|
||||
* Get the content of the RDATA field as chunk.
|
||||
*
|
||||
* The data pointed by the chunk is still owned by the RR.
|
||||
* Clone it if needed.
|
||||
*
|
||||
* @return RDATA field as chunk
|
||||
*/
|
||||
chunk_t (*get_rdata)(rr_t *this);
|
||||
|
||||
/**
|
||||
* Destroy the Resource Record.
|
||||
*/
|
||||
void (*destroy) (rr_t *this);
|
||||
};
|
||||
|
||||
#endif /** RR_H_ @}*/
|
|
@ -0,0 +1,67 @@
|
|||
/*
|
||||
* Copyright (C) 2012 Reto Guadagnini
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @defgroup rr_set rr_set
|
||||
* @{ @ingroup resolver
|
||||
*/
|
||||
|
||||
#ifndef RR_SET_H_
|
||||
#define RR_SET_H_
|
||||
|
||||
typedef struct rr_set_t rr_set_t;
|
||||
|
||||
#include <library.h>
|
||||
#include <collections/enumerator.h>
|
||||
|
||||
/**
|
||||
* A set of DNS Resource Records.
|
||||
*
|
||||
* Represents a RRset as defined in RFC 2181. This RRset consists of a set of
|
||||
* Resource Records with the same label, class and type but different data.
|
||||
*
|
||||
* The DNSSEC signature Resource Records (RRSIGs) which sign the RRs of this set
|
||||
* are also part of an object of this type.
|
||||
*/
|
||||
struct rr_set_t {
|
||||
|
||||
/**
|
||||
* Create an enumerator over all Resource Records of this RRset.
|
||||
*
|
||||
* @note The enumerator's position is invalid before the first call
|
||||
* to enumerate().
|
||||
*
|
||||
* @return enumerator over Resource Records
|
||||
*/
|
||||
enumerator_t *(*create_rr_enumerator)(rr_set_t *this);
|
||||
|
||||
/**
|
||||
* Create an enumerator over all RRSIGs of this RRset
|
||||
*
|
||||
* @note The enumerator's position is invalid before the first call
|
||||
* to enumerate().
|
||||
*
|
||||
* @return enumerator over RRSIG Resource Records,
|
||||
* NULL if there are no RRSIGs for this RRset
|
||||
*/
|
||||
enumerator_t *(*create_rrsig_enumerator)(rr_set_t *this);
|
||||
|
||||
/**
|
||||
* Destroy this RRset with all its Resource Records.
|
||||
*/
|
||||
void (*destroy) (rr_set_t *this);
|
||||
};
|
||||
|
||||
#endif /** RR_SET_H_ @}*/
|
Loading…
Reference in New Issue