hare

[hare] The Hare programming language
git clone https://git.torresjrjr.com/hare.git
Log | Files | Refs | README | LICENSE

commit d97383835e6a155527d07852ce6292fcc3abf355
parent 7ed1697b32d5460819e27202ad7d3b66615b8418
Author: Conrad Hoffmann <ch@bitfehler.net>
Date:   Mon, 10 Jul 2023 15:44:24 +0200

net::dns: add constants for DNS dynamic updates

This commit adds some constants defined in RFC 2136 ("Dynamic Updates in
the Domain Name System (DNS UPDATE)" and RFC 2845 ("Secure Domain Name
System (DNS) Dynamic Update"). The two are usually used together, as one
usually wants to authenticate dynamic update requests.

To keep naming consistency, all existing RCODE constants have been
renamed to their IANA-assigned name.

Signed-off-by: Conrad Hoffmann <ch@bitfehler.net>

Diffstat:
Mnet/dns/encode.ha | 2+-
Mnet/dns/error.ha | 73+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------
Mnet/dns/types.ha | 23++++++++++++++++++-----
3 files changed, 86 insertions(+), 12 deletions(-)

diff --git a/net/dns/encode.ha b/net/dns/encode.ha @@ -107,7 +107,7 @@ fn encode_op(op: *op) u16 = tc = true, rd = false, ra = true, - rcode = rcode::SERVER_FAILURE, + rcode = rcode::SERVFAIL, }; let enc = encode_op(&opcode); let opcode2 = op { ... }; diff --git a/net/dns/error.ha b/net/dns/error.ha @@ -24,12 +24,41 @@ export type not_implemented = !void; // reasons. export type refused = !void; +// Dynamic update prerequisite unsatisfied: a domain name exists when it +// shouldn't. +export type name_exists = !void; + +// Dynamic update prerequisite unsatisfied: a resource record set exists when it +// shouldn't. +export type rrset_exists = !void; + +// Dynamic update prerequisite unsatisfied: a resource record set doesn't exists +// when it should. +export type rrset_error = !void; + +// Server not authoritative for the zone or request not authorized. +export type not_auth = !void; + +// Name not contained in zone. +export type not_zone = !void; + +// TSIG signature validation failed. +export type bad_sig = !void; + +// Key not recognized. +export type bad_key = !void; + +// Signature out of time window. +export type bad_time = !void; + // Any other server-provided error condition not known to Hare. export type unknown_error = !u8; // All error types which might be returned from [[net::dns]] functions. export type error = !(format | server_failure | name_error - | not_implemented | refused | unknown_error + | not_implemented | refused | name_exists + | rrset_exists | rrset_error | not_auth | not_zone + | bad_sig | bad_key | bad_time | unknown_error | errors::overflow | errors::timeout | net::error | io::error); export fn strerror(err: error) const str = { @@ -45,6 +74,22 @@ export fn strerror(err: error) const str = { return "The name server does not support the requested kind of query"; case refused => return "The name server refuses to perform the specified operation for policy reasons"; + case name_exists => + return "Dynamic update prerequisite unsatisfied: a domain name exists when it shouldn't"; + case rrset_exists => + return "Dynamic update prerequisite unsatisfied: a resource record set exists when it shouldn't"; + case rrset_error => + return "Dynamic update prerequisite unsatisfied: a resource record set doesn't exist when it should"; + case not_auth => + return "Server not authoritative for the zone or request not authorized"; + case not_zone => + return "Name not contained in zone"; + case bad_sig => + return "TSIG signature validation failed"; + case bad_key => + return "Key not recognized"; + case bad_time => + return "Signature out of time window"; case let ue: unknown_error => return fmt::bsprintf(buf, "Unknown DNS error {}", ue: u8); case errors::overflow => @@ -60,17 +105,33 @@ export fn strerror(err: error) const str = { fn check_rcode(rcode: rcode) (void | error) = { switch (rcode) { - case rcode::NO_ERROR => void; - case rcode::FMT_ERROR => + case rcode::NOERROR => void; + case rcode::FORMERR => return format; - case rcode::SERVER_FAILURE => + case rcode::SERVFAIL => return server_failure; - case rcode::NAME_ERROR => + case rcode::NXDOMAIN => return name_error; - case rcode::NOT_IMPLEMENTED => + case rcode::NOTIMP => return not_implemented; case rcode::REFUSED => return refused; + case rcode::YXDOMAIN => + return name_exists; + case rcode::YXRRSET => + return rrset_exists; + case rcode::NXRRSET => + return rrset_error; + case rcode::NOTAUTH => + return not_auth; + case rcode::NOTZONE => + return not_zone; + case rcode::BADSIG => + return bad_sig; + case rcode::BADKEY => + return bad_key; + case rcode::BADTIME => + return bad_time; case => return rcode: unknown_error; }; diff --git a/net/dns/types.ha b/net/dns/types.ha @@ -19,6 +19,7 @@ export type rtype = enum u16 { SRV = 33, SSHFP = 44, DNSKEY = 48, + TSIG = 250, CAA = 257, }; @@ -57,6 +58,7 @@ export type qclass = enum u16 { CH = 3, HS = 4, // * + NONE = 254, ANY = 255, }; @@ -85,16 +87,27 @@ export type opcode = enum u8 { QUERY = 0, IQUERY = 1, STATUS = 2, + UPDATE = 5, }; // Response code from resolver. export type rcode = enum u8 { - NO_ERROR = 0, - FMT_ERROR = 1, - SERVER_FAILURE = 2, - NAME_ERROR = 3, - NOT_IMPLEMENTED = 4, + NOERROR = 0, + FORMERR = 1, + SERVFAIL = 2, + NXDOMAIN = 3, + NOTIMP = 4, REFUSED = 5, + // RFC 2136 UPDATE + YXDOMAIN = 6, + YXRRSET = 7, + NXRRSET = 8, + NOTAUTH = 9, + NOTZONE = 10, + // RFC 2845 TSIG + BADSIG = 16, + BADKEY = 17, + BADTIME = 18, }; // Operational information for this message.