dnscrypt-proxy/vendor/github.com/miekg/dns/acceptfunc.go

62 lines
1.8 KiB
Go
Raw Normal View History

2019-02-23 13:44:05 +01:00
package dns
// MsgAcceptFunc is used early in the server code to accept or reject a message with RcodeFormatError.
// It returns a MsgAcceptAction to indicate what should happen with the message.
type MsgAcceptFunc func(dh Header) MsgAcceptAction
// DefaultMsgAcceptFunc checks the request and will reject if:
//
2019-12-21 21:28:07 +01:00
// * isn't a request (don't respond in that case)
//
2019-02-23 13:44:05 +01:00
// * opcode isn't OpcodeQuery or OpcodeNotify
2019-12-21 21:28:07 +01:00
//
2019-02-23 13:44:05 +01:00
// * Zero bit isn't zero
2019-12-21 21:28:07 +01:00
//
2019-02-23 13:44:05 +01:00
// * has more than 1 question in the question section
2019-12-21 21:28:07 +01:00
//
2019-02-23 13:44:05 +01:00
// * has more than 1 RR in the Answer section
2019-12-21 21:28:07 +01:00
//
2019-02-23 13:44:05 +01:00
// * has more than 0 RRs in the Authority section
2019-12-21 21:28:07 +01:00
//
2019-02-23 13:44:05 +01:00
// * has more than 2 RRs in the Additional section
2019-12-21 21:28:07 +01:00
//
2019-02-23 13:44:05 +01:00
var DefaultMsgAcceptFunc MsgAcceptFunc = defaultMsgAcceptFunc
// MsgAcceptAction represents the action to be taken.
type MsgAcceptAction int
const (
MsgAccept MsgAcceptAction = iota // Accept the message
MsgReject // Reject the message with a RcodeFormatError
MsgIgnore // Ignore the error and send nothing back.
2019-07-06 18:03:41 +02:00
MsgRejectNotImplemented // Reject the message with a RcodeNotImplemented
2019-02-23 13:44:05 +01:00
)
func defaultMsgAcceptFunc(dh Header) MsgAcceptAction {
if isResponse := dh.Bits&_QR != 0; isResponse {
return MsgIgnore
}
// Don't allow dynamic updates, because then the sections can contain a whole bunch of RRs.
opcode := int(dh.Bits>>11) & 0xF
if opcode != OpcodeQuery && opcode != OpcodeNotify {
2019-07-06 18:03:41 +02:00
return MsgRejectNotImplemented
2019-02-23 13:44:05 +01:00
}
if dh.Qdcount != 1 {
return MsgReject
}
// NOTIFY requests can have a SOA in the ANSWER section. See RFC 1996 Section 3.7 and 3.11.
if dh.Ancount > 1 {
return MsgReject
}
// IXFR request could have one SOA RR in the NS section. See RFC 1995, section 3.
if dh.Nscount > 1 {
return MsgReject
}
if dh.Arcount > 2 {
return MsgReject
}
return MsgAccept
}