From 6545716c073c88ad86458620c6dbc59ba1cd00bb Mon Sep 17 00:00:00 2001 From: Dave Barach Date: Tue, 10 Oct 2017 17:53:14 -0400 Subject: VPP-1027: DNS name resolver This patch is a plausible first-cut, suitable for initial testing by vcl (host stack client library). Main features; - recursive name resolution - multiple ip4/ip6 name servers - cache size limit enforcement - currently limited to 65K - ttl / aging - static mapping support - show / clear / debug CLI commands Binary APIs provided for the following: - add/delete name servers - enable/disable the name cache - resolve a name To Do list: - Respond to ip4/ip6 client DNS requests (vs. binary API requests) - Perf / scale tuning - map pending transaction ids to pool indices, so the cache can (greatly) exceed 65K entries - Security improvements - Use unpredictable dns transaction IDs, related to previous item - Make sure that response-packet src ip addresses match the server - Add binary APIs - deliver raw response data to clients - control recursive name resolution - Documentation Change-Id: I48c373d5c05d7108ccd814d4055caf8c75ca10b7 Signed-off-by: Dave Barach --- src/vnet/dns/dns_packet.h | 154 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 154 insertions(+) create mode 100644 src/vnet/dns/dns_packet.h (limited to 'src/vnet/dns/dns_packet.h') diff --git a/src/vnet/dns/dns_packet.h b/src/vnet/dns/dns_packet.h new file mode 100644 index 00000000000..e0ea8fe2706 --- /dev/null +++ b/src/vnet/dns/dns_packet.h @@ -0,0 +1,154 @@ +/* + * Copyright (c) 2015 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef included_dns_packet_h +#define included_dns_packet_h + +/** + * DNS packet header format + */ + +/* *INDENT-OFF* */ +typedef CLIB_PACKED (struct { + u16 id; /**< transaction ID */ + u16 flags; /**< flags */ + u16 qdcount; /**< number of questions */ + u16 anscount; /**< number of answers */ + u16 nscount; /**< number of name servers */ + u16 arcount; /**< number of additional records */ +}) dns_header_t; +/* *INDENT-ON* */ + +#define DNS_RCODE_MASK (0xf) +#define DNS_RCODE_NO_ERROR 0 +#define DNS_RCODE_FORMAT_ERROR 1 +#define DNS_RCODE_SERVER_FAILURE 2 +#define DNS_RCODE_NAME_ERROR 3 +#define DNS_RCODE_NOT_IMPLEMENTED 4 +#define DNS_RCODE_REFUSED 5 + +#define DNS_RA (1<<7) /**< recursion available */ +#define DNS_RD (1<<8) /**< recursion desired */ +#define DNS_TC (1<<9) /**< truncation */ +#define DNS_AA (1<<10) /**< authoritative answer */ +#define DNS_OPCODE_MASK (0xf<<11) /**< opcode mask */ +#define DNS_OPCODE_QUERY (0<<11) /**< standard query */ +#define DNS_OPCODE_IQUERY (1<<11) /**< inverse query (deprecated) */ +#define DNS_OPCODE_STATUS (2<<11) /**< server status */ +#define DNS_QR (1<<15) /**< query=0, response=1 */ + + +/* + * Note: in DNS-land, www.foobar.com is encoded as three "labels," + * each of which amount to a 1 octet length followed by up to 63 + * octets of name. Don't forget to add a "null root label" after the last + * real one, or the poor slob trying to parse the name will have + * no chance whatsoever. + * + * All RRs have the same top level format shown below: + * + * 1 1 1 1 1 1 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * | | + * / / + * / NAME / + * | | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * | TYPE | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * | CLASS | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * | TTL | + * | | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * | RDLENGTH | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--| + * / RDATA / + * / / + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * + * + * DNS "questions" have the following format: + * + * 1 1 1 1 1 1 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * | | + * / QNAME / + * / / + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * | QTYPE | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * | QCLASS | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + */ + +/** + * DNS "question" fixed header. + */ +/* *INDENT-OFF* */ +typedef CLIB_PACKED (struct { + u16 type; /**< record type requested */ + u16 class; /**< class, 1 = internet */ +}) dns_query_t; +/* *INDENT-ON* */ + +/** + * DNS RR fixed header. + */ +/* *INDENT-OFF* */ +typedef CLIB_PACKED (struct { + u16 type; /**< record type */ + u16 class; /**< class, 1 = internet */ + u32 ttl; /**< time to live, in seconds */ + u16 rdlength; + /**< length of r */ + u8 rdata[0]; +}) dns_rr_t; +/* *INDENT-ON* */ + +/* + * There are quite a number of DNS record types + * Feel free to add as needed + */ +#define foreach_dns_type \ +_(A, 1) /**< ip4 host address */ \ +_(AAAA, 28) /**< ip6 host address */ \ +_(ALL, 255) /**< all available data */ \ +_(TEXT, 16) /**< a text string */ \ +_(NAMESERVER, 2) /**< a nameserver */ \ +_(CNAME, 5) /**< a CNAME (alias) */ \ +_(MAIL_EXCHANGE, 15) /**< a mail exchange */ + +typedef enum +{ +#define _(name,value) DNS_TYPE_##name = value, + foreach_dns_type +#undef _ +} dns_type_t; + +#define DNS_CLASS_IN 1 /**< The Internet */ + + +#endif /* included_dns_packet_h */ + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ -- cgit 1.2.3-korg