1 /* $NetBSD: dns64.h,v 1.1 2024/02/18 20:57:36 christos Exp $ */ 2 3 /* 4 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 5 * 6 * SPDX-License-Identifier: MPL-2.0 7 * 8 * This Source Code Form is subject to the terms of the Mozilla Public 9 * License, v. 2.0. If a copy of the MPL was not distributed with this 10 * file, you can obtain one at https://mozilla.org/MPL/2.0/. 11 * 12 * See the COPYRIGHT file distributed with this work for additional 13 * information regarding copyright ownership. 14 */ 15 16 #ifndef DNS_DNS64_H 17 #define DNS_DNS64_H 1 18 19 #include <stdbool.h> 20 21 #include <isc/lang.h> 22 23 #include <dns/types.h> 24 25 ISC_LANG_BEGINDECLS 26 27 /* 28 * dns_dns64_create() flags. 29 */ 30 #define DNS_DNS64_RECURSIVE_ONLY \ 31 0x01 /* If set then this record \ 32 * only applies to recursive \ 33 * queries. \ 34 */ 35 #define DNS_DNS64_BREAK_DNSSEC \ 36 0x02 /* If set then still perform \ 37 * DNSSEC synthesis even \ 38 * though the result would \ 39 * fail validation. \ 40 */ 41 42 /* 43 * dns_dns64_aaaaok() and dns_dns64_aaaafroma() flags. 44 */ 45 #define DNS_DNS64_RECURSIVE 0x01 /* Recursive query. */ 46 #define DNS_DNS64_DNSSEC 0x02 /* DNSSEC sensitive query. */ 47 48 isc_result_t 49 dns_dns64_create(isc_mem_t *mctx, const isc_netaddr_t *prefix, 50 unsigned int prefixlen, const isc_netaddr_t *suffix, 51 dns_acl_t *client, dns_acl_t *mapped, dns_acl_t *excluded, 52 unsigned int flags, dns_dns64_t **dns64); 53 /* 54 * Create a dns64 record which is used to identify the set of clients 55 * it applies to and how to perform the DNS64 synthesis. 56 * 57 * 'prefix' and 'prefixlen' defined the leading bits of the AAAA records 58 * to be synthesised. 'suffix' defines the bits after the A records bits. 59 * If suffix is NULL zeros will be used for these bits. 'client' defines 60 * for which clients this record applies. If 'client' is NULL then all 61 * clients apply. 'mapped' defines which A records are candidated for 62 * mapping. If 'mapped' is NULL then all A records will be mapped. 63 * 'excluded' defines which AAAA are to be treated as non-existent for the 64 * purposed of determining whether to perform synthesis. If 'excluded' is 65 * NULL then no AAAA records prevent synthesis. 66 * 67 * If DNS_DNS64_RECURSIVE_ONLY is set then the record will only match if 68 * DNS_DNS64_RECURSIVE is set when calling dns_dns64_aaaaok() and 69 * dns_dns64_aaaafroma(). 70 * 71 * If DNS_DNS64_BREAK_DNSSEC is set then the record will still apply if 72 * DNS_DNS64_DNSSEC is set when calling dns_dns64_aaaaok() and 73 * dns_dns64_aaaafroma() otherwise the record will be ignored. 74 * 75 * Requires: 76 * 'mctx' to be valid. 77 * 'prefix' to be valid and the address family to AF_INET6. 78 * 'prefixlen' to be one of 32, 40, 48, 56, 72 and 96. 79 * the bits not covered by prefixlen in prefix to 80 * be zero. 81 * 'suffix' to be NULL or the address family be set to AF_INET6 82 * and the leading 'prefixlen' + 32 bits of the 'suffix' 83 * to be zero. If 'prefixlen' is 40, 48 or 56 then the 84 * the leading 'prefixlen' + 40 bits of 'suffix' must be 85 * zero. 86 * 'client' to be NULL or a valid acl. 87 * 'mapped' to be NULL or a valid acl. 88 * 'excluded' to be NULL or a valid acl. 89 * 90 * Returns: 91 * ISC_R_SUCCESS 92 * ISC_R_NOMEMORY 93 */ 94 95 void 96 dns_dns64_destroy(dns_dns64_t **dns64p); 97 /* 98 * Destroys a dns64 record. 99 * 100 * Requires the record to not be linked. 101 */ 102 103 isc_result_t 104 dns_dns64_aaaafroma(const dns_dns64_t *dns64, const isc_netaddr_t *reqaddr, 105 const dns_name_t *reqsigner, const dns_aclenv_t *env, 106 unsigned int flags, unsigned char *a, unsigned char *aaaa); 107 /* 108 * dns_dns64_aaaafroma() determines whether to perform a DNS64 address 109 * synthesis from 'a' based on 'dns64', 'reqaddr', 'reqsigner', 'env', 110 * 'flags' and 'aaaa'. If synthesis is performed then the result is 111 * written to '*aaaa'. 112 * 113 * The synthesised address will be of the form: 114 * 115 * <prefix bits><a bits><suffix bits> 116 * 117 * If <a bits> straddle bits 64-71 of the AAAA record, then 8 zero bits will 118 * be inserted at bits 64-71. 119 * 120 * Requires: 121 * 'dns64' to be valid. 122 * 'reqaddr' to be valid. 123 * 'reqsigner' to be NULL or valid. 124 * 'env' to be valid. 125 * 'a' to point to a IPv4 address in network order. 126 * 'aaaa' to point to a IPv6 address buffer in network order. 127 * 128 * Returns: 129 * ISC_R_SUCCESS if synthesis was performed. 130 * DNS_R_DISALLOWED if there is no match. 131 */ 132 133 dns_dns64_t * 134 dns_dns64_next(dns_dns64_t *dns64); 135 /* 136 * Return the next dns64 record in the list. 137 */ 138 139 void 140 dns_dns64_append(dns_dns64list_t *list, dns_dns64_t *dns64); 141 /* 142 * Append the dns64 record to the list. 143 */ 144 145 void 146 dns_dns64_unlink(dns_dns64list_t *list, dns_dns64_t *dns64); 147 /* 148 * Unlink the dns64 record from the list. 149 */ 150 151 bool 152 dns_dns64_aaaaok(const dns_dns64_t *dns64, const isc_netaddr_t *reqaddr, 153 const dns_name_t *reqsigner, const dns_aclenv_t *env, 154 unsigned int flags, dns_rdataset_t *rdataset, bool *aaaaok, 155 size_t aaaaoklen); 156 /* 157 * Determine if there are any non-excluded AAAA records in from the 158 * matching dns64 records in the list starting at 'dns64'. If there 159 * is a non-excluded address return true. If all addresses are 160 * excluded in the matched records return false. If no records 161 * match then return true. 162 * 163 * If aaaaok is defined then dns_dns64_aaaaok() return a array of which 164 * addresses in 'rdataset' were deemed to not be exclude by any matching 165 * record. If there are no matching records then all entries are set 166 * to true. 167 * 168 * Requires 169 * 'rdataset' to be valid and to be for type AAAA and class IN. 170 * 'aaaaoklen' must match the number of records in 'rdataset' 171 * if 'aaaaok' in non NULL. 172 */ 173 174 ISC_LANG_ENDDECLS 175 176 #endif /* DNS_DNS64_H */ 177
Indexes created Wed Mar 04 05:31:52 UTC 2026