1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253
// Copyright 2015-2021 Benjamin Fry <benjaminfry@me.com>
//
// Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or
// http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or
// http://opensource.org/licenses/MIT>, at your option. This file may not be
// copied, modified, or distributed except according to those terms.
//! SVCB records, see [draft-ietf-dnsop-svcb-https-03 SVCB and HTTPS RRs for DNS, February 2021](https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-svcb-https-03)
#![allow(clippy::use_self)]
use std::{
cmp::{Ord, Ordering, PartialOrd},
convert::TryFrom,
fmt,
net::Ipv4Addr,
net::Ipv6Addr,
};
#[cfg(feature = "serde-config")]
use serde::{Deserialize, Serialize};
use enum_as_inner::EnumAsInner;
use crate::error::*;
use crate::rr::Name;
use crate::serialize::binary::*;
/// [draft-ietf-dnsop-svcb-https-03 SVCB and HTTPS RRs for DNS, February 2021](https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-svcb-https-03#section-2.2)
///
/// ```text
/// 2.2. RDATA wire format
///
/// The RDATA for the SVCB RR consists of:
///
/// * a 2 octet field for SvcPriority as an integer in network byte
/// order.
/// * the uncompressed, fully-qualified TargetName, represented as a
/// sequence of length-prefixed labels as in Section 3.1 of [RFC1035].
/// * the SvcParams, consuming the remainder of the record (so smaller
/// than 65535 octets and constrained by the RDATA and DNS message
/// sizes).
///
/// When the list of SvcParams is non-empty (ServiceMode), it contains a
/// series of SvcParamKey=SvcParamValue pairs, represented as:
///
/// * a 2 octet field containing the SvcParamKey as an integer in
/// network byte order. (See Section 14.3.2 for the defined values.)
/// * a 2 octet field containing the length of the SvcParamValue as an
/// integer between 0 and 65535 in network byte order (but constrained
/// by the RDATA and DNS message sizes).
/// * an octet string of this length whose contents are in a format
/// determined by the SvcParamKey.
///
/// SvcParamKeys SHALL appear in increasing numeric order.
///
/// Clients MUST consider an RR malformed if:
///
/// * the end of the RDATA occurs within a SvcParam.
/// * SvcParamKeys are not in strictly increasing numeric order.
/// * the SvcParamValue for an SvcParamKey does not have the expected
/// format.
///
/// Note that the second condition implies that there are no duplicate
/// SvcParamKeys.
///
/// If any RRs are malformed, the client MUST reject the entire RRSet and
/// fall back to non-SVCB connection establishment.
/// ```
#[cfg_attr(feature = "serde-config", derive(Deserialize, Serialize))]
#[derive(Debug, PartialEq, Eq, Hash, Clone)]
pub struct SVCB {
svc_priority: u16,
target_name: Name,
svc_params: Vec<(SvcParamKey, SvcParamValue)>,
}
impl SVCB {
/// Create a new SVCB record from parts
///
/// It is up to the caller to validate the data going into the record
pub fn new(
svc_priority: u16,
target_name: Name,
svc_params: Vec<(SvcParamKey, SvcParamValue)>,
) -> Self {
Self {
svc_priority,
target_name,
svc_params,
}
}
/// [draft-ietf-dnsop-svcb-https-03 SVCB and HTTPS RRs for DNS, February 2021](https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-svcb-https-03#section-2.4.1)
/// ```text
/// 2.4.1. SvcPriority
///
/// When SvcPriority is 0 the SVCB record is in AliasMode
/// (Section 2.4.2). Otherwise, it is in ServiceMode (Section 2.4.3).
///
/// Within a SVCB RRSet, all RRs SHOULD have the same Mode. If an RRSet
/// contains a record in AliasMode, the recipient MUST ignore any
/// ServiceMode records in the set.
///
/// RRSets are explicitly unordered collections, so the SvcPriority field
/// is used to impose an ordering on SVCB RRs. SVCB RRs with a smaller
/// SvcPriority value SHOULD be given preference over RRs with a larger
/// SvcPriority value.
///
/// When receiving an RRSet containing multiple SVCB records with the
/// same SvcPriority value, clients SHOULD apply a random shuffle within
/// a priority level to the records before using them, to ensure uniform
/// load-balancing.
/// ```
pub fn svc_priority(&self) -> u16 {
self.svc_priority
}
/// [draft-ietf-dnsop-svcb-https-03 SVCB and HTTPS RRs for DNS, February 2021](https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-svcb-https-03#section-2.5)
/// ```text
/// 2.5. Special handling of "." in TargetName
///
/// If TargetName has the value "." (represented in the wire format as a
/// zero-length label), special rules apply.
///
/// 2.5.1. AliasMode
///
/// For AliasMode SVCB RRs, a TargetName of "." indicates that the
/// service is not available or does not exist. This indication is
/// advisory: clients encountering this indication MAY ignore it and
/// attempt to connect without the use of SVCB.
///
/// 2.5.2. ServiceMode
///
/// For ServiceMode SVCB RRs, if TargetName has the value ".", then the
/// owner name of this record MUST be used as the effective TargetName.
///
/// For example, in the following example "svc2.example.net" is the
/// effective TargetName:
///
/// example.com. 7200 IN HTTPS 0 svc.example.net.
/// svc.example.net. 7200 IN CNAME svc2.example.net.
/// svc2.example.net. 7200 IN HTTPS 1 . port=8002 echconfig="..."
/// svc2.example.net. 300 IN A 192.0.2.2
/// svc2.example.net. 300 IN AAAA 2001:db8::2
/// ```
pub fn target_name(&self) -> &Name {
&self.target_name
}
/// See [`SvcParamKey`] for details on each parameter
pub fn svc_params(&self) -> &[(SvcParamKey, SvcParamValue)] {
&self.svc_params
}
}
/// ```text
/// 14.3.2. Initial contents
///
/// The "Service Binding (SVCB) Parameter Registry" shall initially be
/// populated with the registrations below:
///
/// +=============+=================+======================+===========+
/// | Number | Name | Meaning | Reference |
/// +=============+=================+======================+===========+
/// | 0 | mandatory | Mandatory keys in | (This |
/// | | | this RR | document) |
/// +-------------+-----------------+----------------------+-----------+
/// | 1 | alpn | Additional supported | (This |
/// | | | protocols | document) |
/// +-------------+-----------------+----------------------+-----------+
/// | 2 | no-default-alpn | No support for | (This |
/// | | | default protocol | document) |
/// +-------------+-----------------+----------------------+-----------+
/// | 3 | port | Port for alternative | (This |
/// | | | endpoint | document) |
/// +-------------+-----------------+----------------------+-----------+
/// | 4 | ipv4hint | IPv4 address hints | (This |
/// | | | | document) |
/// +-------------+-----------------+----------------------+-----------+
/// | 5 | echconfig | Encrypted | (This |
/// | | | ClientHello info | document) |
/// +-------------+-----------------+----------------------+-----------+
/// | 6 | ipv6hint | IPv6 address hints | (This |
/// | | | | document) |
/// +-------------+-----------------+----------------------+-----------+
/// | 65280-65534 | keyNNNNN | Private Use | (This |
/// | | | | document) |
/// +-------------+-----------------+----------------------+-----------+
/// | 65535 | key65535 | Reserved ("Invalid | (This |
/// | | | key") | document) |
/// +-------------+-----------------+----------------------+-----------+
///
/// parsing done via:
/// * a 2 octet field containing the SvcParamKey as an integer in
/// network byte order. (See Section 14.3.2 for the defined values.)
/// ```
#[cfg_attr(feature = "serde-config", derive(Deserialize, Serialize))]
#[derive(Debug, PartialEq, Eq, Hash, Clone, Copy)]
pub enum SvcParamKey {
/// Mandatory keys in this RR
Mandatory,
/// Additional supported protocols
Alpn,
/// No support for default protocol
NoDefaultAlpn,
/// Port for alternative endpoint
Port,
/// IPv4 address hints
Ipv4Hint,
/// Encrypted ClientHello info
EchConfig,
/// IPv6 address hints
Ipv6Hint,
/// Private Use
Key(u16),
/// Reserved ("Invalid key")
Key65535,
/// Unknown
Unknown(u16),
}
impl From<u16> for SvcParamKey {
fn from(val: u16) -> Self {
match val {
0 => Self::Mandatory,
1 => Self::Alpn,
2 => Self::NoDefaultAlpn,
3 => Self::Port,
4 => Self::Ipv4Hint,
5 => Self::EchConfig,
6 => Self::Ipv6Hint,
65280..=65534 => Self::Key(val),
65535 => Self::Key65535,
_ => Self::Unknown(val),
}
}
}
impl From<SvcParamKey> for u16 {
fn from(val: SvcParamKey) -> Self {
match val {
SvcParamKey::Mandatory => 0,
SvcParamKey::Alpn => 1,
SvcParamKey::NoDefaultAlpn => 2,
SvcParamKey::Port => 3,
SvcParamKey::Ipv4Hint => 4,
SvcParamKey::EchConfig => 5,
SvcParamKey::Ipv6Hint => 6,
SvcParamKey::Key(val) => val,
SvcParamKey::Key65535 => 65535,
SvcParamKey::Unknown(val) => val,
}
}
}
impl<'r> BinDecodable<'r> for SvcParamKey {
// a 2 octet field containing the SvcParamKey as an integer in
// network byte order. (See Section 14.3.2 for the defined values.)
fn read(decoder: &mut BinDecoder<'r>) -> ProtoResult<Self> {
Ok(decoder.read_u16()?.unverified(/*any u16 is valid*/).into())
}
}
impl BinEncodable for SvcParamKey {
// a 2 octet field containing the SvcParamKey as an integer in
// network byte order. (See Section 14.3.2 for the defined values.)
fn emit(&self, encoder: &mut BinEncoder<'_>) -> ProtoResult<()> {
encoder.emit_u16((*self).into())
}
}
impl fmt::Display for SvcParamKey {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> {
match *self {
Self::Mandatory => f.write_str("mandatory")?,
Self::Alpn => f.write_str("alpn")?,
Self::NoDefaultAlpn => f.write_str("no-default-alpn")?,
Self::Port => f.write_str("port")?,
Self::Ipv4Hint => f.write_str("ipv4hint")?,
Self::EchConfig => f.write_str("echconfig")?,
Self::Ipv6Hint => f.write_str("ipv6hint")?,
Self::Key(val) => write!(f, "key{}", val)?,
Self::Key65535 => f.write_str("key65535")?,
Self::Unknown(val) => write!(f, "unknown{}", val)?,
}
Ok(())
}
}
impl std::str::FromStr for SvcParamKey {
type Err = ProtoError;
fn from_str(s: &str) -> Result<Self, Self::Err> {
/// keys are in the format of key#, e.g. key12344, with a max value of u16
fn parse_unknown_key(key: &str) -> Result<SvcParamKey, ProtoError> {
let key_value = key.strip_prefix("key").ok_or_else(|| {
ProtoError::from(ProtoErrorKind::Msg(format!(
"bad formatted key ({}), expected key1234",
key
)))
})?;
let key_value = u16::from_str(key_value)?;
let key = SvcParamKey::from(key_value);
Ok(key)
}
let key = match s {
"mandatory" => Self::Mandatory,
"alpn" => Self::Alpn,
"no-default-alpn" => Self::NoDefaultAlpn,
"port" => Self::Port,
"ipv4hint" => Self::Ipv4Hint,
"echconfig" => Self::EchConfig,
"ipv6hint" => Self::Ipv6Hint,
"key65535" => Self::Key65535,
_ => parse_unknown_key(s)?,
};
Ok(key)
}
}
impl Ord for SvcParamKey {
fn cmp(&self, other: &Self) -> Ordering {
u16::from(*self).cmp(&u16::from(*other))
}
}
impl PartialOrd for SvcParamKey {
fn partial_cmp(&self, other: &Self) -> Option<Ordering> {
Some(self.cmp(other))
}
}
/// Warning, it is currently up to users of this type to validate the data against that expected by the key
///
/// ```text
/// * a 2 octet field containing the length of the SvcParamValue as an
/// integer between 0 and 65535 in network byte order (but constrained
/// by the RDATA and DNS message sizes).
/// * an octet string of this length whose contents are in a format
/// determined by the SvcParamKey.
/// ```
#[cfg_attr(feature = "serde-config", derive(Deserialize, Serialize))]
#[derive(Debug, PartialEq, Eq, Hash, Clone, EnumAsInner)]
pub enum SvcParamValue {
/// In a ServiceMode RR, a SvcParamKey is considered "mandatory" if the
/// RR will not function correctly for clients that ignore this
/// SvcParamKey. Each SVCB protocol mapping SHOULD specify a set of keys
/// that are "automatically mandatory", i.e. mandatory if they are
/// present in an RR. The SvcParamKey "mandatory" is used to indicate
/// any mandatory keys for this RR, in addition to any automatically
/// mandatory keys that are present.
///
/// see `Mandatory`
Mandatory(Mandatory),
/// The "alpn" and "no-default-alpn" SvcParamKeys together indicate the
/// set of Application Layer Protocol Negotiation (ALPN) protocol
/// identifiers [Alpn] and associated transport protocols supported by
/// this service endpoint.
Alpn(Alpn),
/// For "no-default-alpn", the presentation and wire format values MUST
/// be empty.
/// See also `Alpn`
NoDefaultAlpn,
/// ```text
/// 6.2. "port"
///
/// The "port" SvcParamKey defines the TCP or UDP port that should be
/// used to reach this alternative endpoint. If this key is not present,
/// clients SHALL use the authority endpoint's port number.
///
/// The presentation "value" of the SvcParamValue is a single decimal
/// integer between 0 and 65535 in ASCII. Any other "value" (e.g. an
/// empty value) is a syntax error. To enable simpler parsing, this
/// SvcParam MUST NOT contain escape sequences.
///
/// The wire format of the SvcParamValue is the corresponding 2 octet
/// numeric value in network byte order.
///
/// If a port-restricting firewall is in place between some client and
/// the service endpoint, changing the port number might cause that
/// client to lose access to the service, so operators should exercise
/// caution when using this SvcParamKey to specify a non-default port.
/// ```
Port(u16),
/// The "ipv4hint" and "ipv6hint" keys convey IP addresses that clients
/// MAY use to reach the service. If A and AAAA records for TargetName
/// are locally available, the client SHOULD ignore these hints.
/// Otherwise, clients SHOULD perform A and/or AAAA queries for
/// TargetName as in Section 3, and clients SHOULD use the IP address in
/// those responses for future connections. Clients MAY opt to terminate
/// any connections using the addresses in hints and instead switch to
/// the addresses in response to the TargetName query. Failure to use A
/// and/or AAAA response addresses could negatively impact load balancing
/// or other geo-aware features and thereby degrade client performance.
///
/// see `IpHint`
Ipv4Hint(IpHint<Ipv4Addr>),
/// ```text
/// 6.3. "echconfig"
///
/// The SvcParamKey to enable Encrypted ClientHello (ECH) is "echconfig".
/// Its value is defined in Section 9. It is applicable to most TLS-
/// based protocols.
///
/// When publishing a record containing an "echconfig" parameter, the
/// publisher MUST ensure that all IP addresses of TargetName correspond
/// to servers that have access to the corresponding private key or are
/// authoritative for the public name. (See Section 7.2.2 of [ECH] for
/// more details about the public name.) This yields an anonymity set of
/// cardinality equal to the number of ECH-enabled server domains
/// supported by a given client-facing server. Thus, even with an
/// encrypted ClientHello, an attacker who can enumerate the set of ECH-
/// enabled domains supported by a client-facing server can guess the
/// correct SNI with probability at least 1/K, where K is the size of
/// this ECH-enabled server anonymity set. This probability may be
/// increased via traffic analysis or other mechanisms.
/// ```
EchConfig(EchConfig),
/// See `IpHint`
Ipv6Hint(IpHint<Ipv6Addr>),
/// Unparsed network data. Refer to documents on the associated key value
///
/// This will be left as is when read off the wire, and encoded in bas64
/// for presentation.
Unknown(Unknown),
}
impl SvcParamValue {
// a 2 octet field containing the length of the SvcParamValue as an
// integer between 0 and 65535 in network byte order (but constrained
// by the RDATA and DNS message sizes).
fn read(key: SvcParamKey, decoder: &mut BinDecoder<'_>) -> ProtoResult<Self> {
let len: usize = decoder
.read_u16()?
.verify_unwrap(|len| *len as usize <= decoder.len())
.map(|len| len as usize)
.map_err(|u| {
ProtoError::from(format!(
"length of SvcParamValue ({}) exceeds remainder in RDATA ({})",
u,
decoder.len()
))
})?;
let param_data = decoder.read_slice(len)?.unverified(/*verification to be done by individual param types*/);
let mut decoder = BinDecoder::new(param_data);
let value = match key {
SvcParamKey::Mandatory => Self::Mandatory(Mandatory::read(&mut decoder)?),
SvcParamKey::Alpn => Self::Alpn(Alpn::read(&mut decoder)?),
// should always be empty
SvcParamKey::NoDefaultAlpn => {
if len > 0 {
return Err(ProtoError::from("Alpn expects at least one value"));
}
Self::NoDefaultAlpn
}
// The wire format of the SvcParamValue is the corresponding 2 octet
// numeric value in network byte order.
SvcParamKey::Port => {
let port = decoder.read_u16()?.unverified(/*all values are legal ports*/);
Self::Port(port)
}
SvcParamKey::Ipv4Hint => Self::Ipv4Hint(IpHint::<Ipv4Addr>::read(&mut decoder)?),
SvcParamKey::EchConfig => Self::EchConfig(EchConfig::read(&mut decoder)?),
SvcParamKey::Ipv6Hint => Self::Ipv6Hint(IpHint::<Ipv6Addr>::read(&mut decoder)?),
SvcParamKey::Key(_) | SvcParamKey::Key65535 | SvcParamKey::Unknown(_) => {
Self::Unknown(Unknown::read(&mut decoder)?)
}
};
Ok(value)
}
}
impl BinEncodable for SvcParamValue {
// a 2 octet field containing the length of the SvcParamValue as an
// integer between 0 and 65535 in network byte order (but constrained
// by the RDATA and DNS message sizes).
fn emit(&self, encoder: &mut BinEncoder<'_>) -> ProtoResult<()> {
// set the place for the length...
let place = encoder.place::<u16>()?;
match self {
Self::Mandatory(mandatory) => mandatory.emit(encoder)?,
Self::Alpn(alpn) => alpn.emit(encoder)?,
Self::NoDefaultAlpn => (),
Self::Port(port) => encoder.emit_u16(*port)?,
Self::Ipv4Hint(ip_hint) => ip_hint.emit(encoder)?,
Self::EchConfig(ech_config) => ech_config.emit(encoder)?,
Self::Ipv6Hint(ip_hint) => ip_hint.emit(encoder)?,
Self::Unknown(unknown) => unknown.emit(encoder)?,
}
// go back and set the length
let len = u16::try_from(encoder.len_since_place(&place))
.map_err(|_| ProtoError::from("Total length of SvcParamValue exceeds u16::MAX"))?;
place.replace(encoder, len)?;
Ok(())
}
}
impl fmt::Display for SvcParamValue {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> {
match self {
Self::Mandatory(mandatory) => write!(f, "{}", mandatory)?,
Self::Alpn(alpn) => write!(f, "{}", alpn)?,
Self::NoDefaultAlpn => (),
Self::Port(port) => write!(f, "{}", port)?,
Self::Ipv4Hint(ip_hint) => write!(f, "{}", ip_hint)?,
Self::EchConfig(ech_config) => write!(f, "{}", ech_config)?,
Self::Ipv6Hint(ip_hint) => write!(f, "{}", ip_hint)?,
Self::Unknown(unknown) => write!(f, "{}", unknown)?,
}
Ok(())
}
}
/// ```text
/// 7. ServiceMode RR compatibility and mandatory keys
///
/// In a ServiceMode RR, a SvcParamKey is considered "mandatory" if the
/// RR will not function correctly for clients that ignore this
/// SvcParamKey. Each SVCB protocol mapping SHOULD specify a set of keys
/// that are "automatically mandatory", i.e. mandatory if they are
/// present in an RR. The SvcParamKey "mandatory" is used to indicate
/// any mandatory keys for this RR, in addition to any automatically
/// mandatory keys that are present.
///
/// A ServiceMode RR is considered "compatible" with a client if the
/// client recognizes all the mandatory keys, and their values indicate
/// that successful connection establishment is possible. If the SVCB
/// RRSet contains no compatible RRs, the client will generally act as if
/// the RRSet is empty.
///
/// The presentation "value" SHALL be a comma-separated list
/// (Appendix A.1) of one or more valid SvcParamKeys, either by their
/// registered name or in the unknown-key format (Section 2.1). Keys MAY
/// appear in any order, but MUST NOT appear more than once. For self-
/// consistency (Section 2.4.3), listed keys MUST also appear in the
/// SvcParams.
///
/// To enable simpler parsing, this SvcParamValue MUST NOT contain escape
/// sequences.
///
/// For example, the following is a valid list of SvcParams:
///
/// echconfig=... key65333=ex1 key65444=ex2 mandatory=key65444,echconfig
///
/// In wire format, the keys are represented by their numeric values in
/// network byte order, concatenated in ascending order.
///
/// This SvcParamKey is always automatically mandatory, and MUST NOT
/// appear in its own value-list. Other automatically mandatory keys
/// SHOULD NOT appear in the list either. (Including them wastes space
/// and otherwise has no effect.)
/// ```
#[cfg_attr(feature = "serde-config", derive(Deserialize, Serialize))]
#[derive(Debug, PartialEq, Eq, Hash, Clone)]
#[repr(transparent)]
pub struct Mandatory(pub Vec<SvcParamKey>);
impl<'r> BinDecodable<'r> for Mandatory {
/// This expects the decoder to be limited to only this field, i.e. the end of input for the decoder
/// is the end of input for the fields
///
/// ```text
/// In wire format, the keys are represented by their numeric values in
/// network byte order, concatenated in ascending order.
/// ```
fn read(decoder: &mut BinDecoder<'r>) -> ProtoResult<Self> {
let mut keys = Vec::with_capacity(1);
while decoder.peek().is_some() {
keys.push(SvcParamKey::read(decoder)?);
}
if keys.is_empty() {
return Err(ProtoError::from("Mandatory expects at least one value"));
}
Ok(Self(keys))
}
}
impl BinEncodable for Mandatory {
/// This expects the decoder to be limited to only this field, i.e. the end of input for the decoder
/// is the end of input for the fields
///
/// ```text
/// In wire format, the keys are represented by their numeric values in
/// network byte order, concatenated in ascending order.
/// ```
fn emit(&self, encoder: &mut BinEncoder<'_>) -> ProtoResult<()> {
if self.0.is_empty() {
return Err(ProtoError::from("Alpn expects at least one value"));
}
// TODO: order by key value
for key in self.0.iter() {
key.emit(encoder)?
}
Ok(())
}
}
impl fmt::Display for Mandatory {
/// The presentation "value" SHALL be a comma-separated list
/// (Appendix A.1) of one or more valid SvcParamKeys, either by their
/// registered name or in the unknown-key format (Section 2.1). Keys MAY
/// appear in any order, but MUST NOT appear more than once. For self-
/// consistency (Section 2.4.3), listed keys MUST also appear in the
/// SvcParams.
///
/// To enable simpler parsing, this SvcParamValue MUST NOT contain escape
/// sequences.
///
/// For example, the following is a valid list of SvcParams:
///
/// echconfig=... key65333=ex1 key65444=ex2 mandatory=key65444,echconfig
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> {
for key in self.0.iter() {
// TODO: confirm in the RFC that trailing commas are ok
write!(f, "{},", key)?;
}
Ok(())
}
}
/// [draft-ietf-dnsop-svcb-https-03 SVCB and HTTPS RRs for DNS, February 2021](https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-svcb-https-03#section-6.1)
///
/// ```text
/// 6.1. "alpn" and "no-default-alpn"
///
/// The "alpn" and "no-default-alpn" SvcParamKeys together indicate the
/// set of Application Layer Protocol Negotiation (ALPN) protocol
/// identifiers [ALPN] and associated transport protocols supported by
/// this service endpoint.
///
/// As with Alt-Svc [AltSvc], the ALPN protocol identifier is used to
/// identify the application protocol and associated suite of protocols
/// supported by the endpoint (the "protocol suite"). Clients filter the
/// set of ALPN identifiers to match the protocol suites they support,
/// and this informs the underlying transport protocol used (such as
/// QUIC-over-UDP or TLS-over-TCP).
///
/// ALPNs are identified by their registered "Identification Sequence"
/// ("alpn-id"), which is a sequence of 1-255 octets.
///
/// alpn-id = 1*255OCTET
///
/// The presentation "value" SHALL be a comma-separated list
/// (Appendix A.1) of one or more "alpn-id"s.
///
/// The wire format value for "alpn" consists of at least one "alpn-id"
/// prefixed by its length as a single octet, and these length-value
/// pairs are concatenated to form the SvcParamValue. These pairs MUST
/// exactly fill the SvcParamValue; otherwise, the SvcParamValue is
/// malformed.
///
/// For "no-default-alpn", the presentation and wire format values MUST
/// be empty. When "no-default-alpn" is specified in an RR, "alpn" must
/// also be specified in order for the RR to be "self-consistent"
/// (Section 2.4.3).
///
/// Each scheme that uses this SvcParamKey defines a "default set" of
/// supported ALPNs, which SHOULD NOT be empty. To determine the set of
/// protocol suites supported by an endpoint (the "SVCB ALPN set"), the
/// client adds the default set to the list of "alpn-id"s unless the "no-
/// default-alpn" SvcParamKey is present. The presence of an ALPN
/// protocol in the SVCB ALPN set indicates that this service endpoint,
/// described by TargetName and the other parameters (e.g. "port") offers
/// service with the protocol suite associated with this ALPN protocol.
///
/// ALPN protocol names that do not uniquely identify a protocol suite
/// (e.g. an Identification Sequence that can be used with both TLS and
/// DTLS) are not compatible with this SvcParamKey and MUST NOT be
/// included in the SVCB ALPN set.
///
/// To establish a connection to the endpoint, clients MUST
///
/// 1. Let SVCB-ALPN-Intersection be the set of protocols in the SVCB
/// ALPN set that the client supports.
///
/// 2. Let Intersection-Transports be the set of transports (e.g. TLS,
/// DTLS, QUIC) implied by the protocols in SVCB-ALPN-Intersection.
///
/// 3. For each transport in Intersection-Transports, construct a
/// ProtocolNameList containing the Identification Sequences of all
/// the client's supported ALPN protocols for that transport, without
/// regard to the SVCB ALPN set.
///
/// For example, if the SVCB ALPN set is ["http/1.1", "h3"], and the
/// client supports HTTP/1.1, HTTP/2, and HTTP/3, the client could
/// attempt to connect using TLS over TCP with a ProtocolNameList of
/// ["http/1.1", "h2"], and could also attempt a connection using QUIC,
/// with a ProtocolNameList of ["h3"].
///
/// Once the client has constructed a ClientHello, protocol negotiation
/// in that handshake proceeds as specified in [ALPN], without regard to
/// the SVCB ALPN set.
///
/// With this procedure in place, an attacker who can modify DNS and
/// network traffic can prevent a successful transport connection, but
/// cannot otherwise interfere with ALPN protocol selection. This
/// procedure also ensures that each ProtocolNameList includes at least
/// one protocol from the SVCB ALPN set.
///
/// Clients SHOULD NOT attempt connection to a service endpoint whose
/// SVCB ALPN set does not contain any supported protocols. To ensure
/// consistency of behavior, clients MAY reject the entire SVCB RRSet and
/// fall back to basic connection establishment if all of the RRs
/// indicate "no-default-alpn", even if connection could have succeeded
/// using a non-default alpn.
///
/// For compatibility with clients that require default transports, zone
/// operators SHOULD ensure that at least one RR in each RRSet supports
/// the default transports.
/// ```
#[cfg_attr(feature = "serde-config", derive(Deserialize, Serialize))]
#[derive(Debug, PartialEq, Eq, Hash, Clone)]
#[repr(transparent)]
pub struct Alpn(pub Vec<String>);
impl<'r> BinDecodable<'r> for Alpn {
/// This expects the decoder to be limited to only this field, i.e. the end of input for the decoder
/// is the end of input for the fields
///
/// ```text
/// The wire format value for "alpn" consists of at least one "alpn-id"
/// prefixed by its length as a single octet, and these length-value
/// pairs are concatenated to form the SvcParamValue. These pairs MUST
/// exactly fill the SvcParamValue; otherwise, the SvcParamValue is
/// malformed.
/// ```
fn read(decoder: &mut BinDecoder<'r>) -> ProtoResult<Self> {
let mut alpns = Vec::with_capacity(1);
while decoder.peek().is_some() {
let alpn = decoder.read_character_data()?.unverified(/*will rely on string parser*/);
let alpn = String::from_utf8(alpn.to_vec())?;
alpns.push(alpn);
}
if alpns.is_empty() {
return Err(ProtoError::from("Alpn expects at least one value"));
}
Ok(Self(alpns))
}
}
impl BinEncodable for Alpn {
/// The wire format value for "alpn" consists of at least one "alpn-id"
/// prefixed by its length as a single octet, and these length-value
/// pairs are concatenated to form the SvcParamValue. These pairs MUST
/// exactly fill the SvcParamValue; otherwise, the SvcParamValue is
/// malformed.
fn emit(&self, encoder: &mut BinEncoder<'_>) -> ProtoResult<()> {
if self.0.is_empty() {
return Err(ProtoError::from("Alpn expects at least one value"));
}
for alpn in self.0.iter() {
encoder.emit_character_data(alpn)?
}
Ok(())
}
}
impl fmt::Display for Alpn {
/// The presentation "value" SHALL be a comma-separated list
/// (Appendix A.1) of one or more "alpn-id"s.
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> {
for alpn in self.0.iter() {
// TODO: confirm in the RFC that trailing commas are ok
write!(f, "{},", alpn)?;
}
Ok(())
}
}
/// ```text
/// 9. SVCB/HTTPS RR parameter for ECH configuration
///
/// The SVCB "echconfig" parameter is defined for conveying the ECH
/// configuration of an alternative endpoint. In wire format, the value
/// of the parameter is an ECHConfigs vector [ECH], including the
/// redundant length prefix. In presentation format, the value is a
/// single ECHConfigs encoded in Base64 [base64]. Base64 is used here to
/// simplify integration with TLS server software. To enable simpler
/// parsing, this SvcParam MUST NOT contain escape sequences.
///
/// When ECH is in use, the TLS ClientHello is divided into an
/// unencrypted "outer" and an encrypted "inner" ClientHello. The outer
/// ClientHello is an implementation detail of ECH, and its contents are
/// controlled by the ECHConfig in accordance with [ECH]. The inner
/// ClientHello is used for establishing a connection to the service, so
/// its contents may be influenced by other SVCB parameters. For
/// example, the requirements on the ProtocolNameList in Section 6.1
/// apply only to the inner ClientHello. Similarly, it is the inner
/// ClientHello whose Server Name Indication identifies the desired
/// ```
#[cfg_attr(feature = "serde-config", derive(Deserialize, Serialize))]
#[derive(PartialEq, Eq, Hash, Clone)]
#[repr(transparent)]
pub struct EchConfig(pub Vec<u8>);
impl<'r> BinDecodable<'r> for EchConfig {
/// In wire format, the value
/// of the parameter is an ECHConfigs vector (ECH), including the
/// redundant length prefix (a 2 octet field containing the length of the SvcParamValue
/// as an integer between 0 and 65535 in network byte order).
fn read(decoder: &mut BinDecoder<'r>) -> ProtoResult<Self> {
let redundant_len = decoder
.read_u16()?
.map(|len| len as usize)
.verify_unwrap(|len| *len <= decoder.len())
.map_err(|_| ProtoError::from("ECH value length exceeds max size of u16::MAX"))?;
let data =
decoder.read_vec(redundant_len)?.unverified(/*up to consumer to validate this data*/);
Ok(Self(data))
}
}
impl BinEncodable for EchConfig {
/// In wire format, the value
/// of the parameter is an ECHConfigs vector (ECH), including the
/// redundant length prefix (a 2 octet field containing the length of the SvcParamValue
/// as an integer between 0 and 65535 in network byte order).
fn emit(&self, encoder: &mut BinEncoder<'_>) -> ProtoResult<()> {
let len = u16::try_from(self.0.len())
.map_err(|_| ProtoError::from("ECH value length exceeds max size of u16::MAX"))?;
// redundant length...
encoder.emit_u16(len)?;
encoder.emit_vec(&self.0)?;
Ok(())
}
}
impl fmt::Display for EchConfig {
/// As the documentation states, the presentation format (what this function outputs) must be a BASE64 encoded string.
/// trust-dns will encode to BASE64 during formatting of the internal data, and output the BASE64 value.
///
/// [draft-ietf-dnsop-svcb-https-03 SVCB and HTTPS RRs for DNS, February 2021](https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-svcb-https-03#section-9)
/// ```text
/// In presentation format, the value is a
/// single ECHConfigs encoded in Base64 [base64]. Base64 is used here to
/// simplify integration with TLS server software. To enable simpler
/// parsing, this SvcParam MUST NOT contain escape sequences.
/// ```
///
/// *note* while the on the wire the EchConfig has a redundant length,
/// the RFC is not explicit about including it in the BASE64 encoded value,
/// trust-dns will encode the data as it is stored, i.e. without the length encoding.
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> {
write!(f, "\"{}\"", data_encoding::BASE64.encode(&self.0))
}
}
impl fmt::Debug for EchConfig {
/// The debug format for EchConfig will output the value in BASE64 like Display, but will the addition of the type-name.
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> {
write!(
f,
"\"EchConfig ({})\"",
data_encoding::BASE64.encode(&self.0)
)
}
}
/// ```text
/// 6.4. "ipv4hint" and "ipv6hint"
///
/// The "ipv4hint" and "ipv6hint" keys convey IP addresses that clients
/// MAY use to reach the service. If A and AAAA records for TargetName
/// are locally available, the client SHOULD ignore these hints.
/// Otherwise, clients SHOULD perform A and/or AAAA queries for
/// TargetName as in Section 3, and clients SHOULD use the IP address in
/// those responses for future connections. Clients MAY opt to terminate
/// any connections using the addresses in hints and instead switch to
/// the addresses in response to the TargetName query. Failure to use A
/// and/or AAAA response addresses could negatively impact load balancing
/// or other geo-aware features and thereby degrade client performance.
///
/// The presentation "value" SHALL be a comma-separated list
/// (Appendix A.1) of one or more IP addresses of the appropriate family
/// in standard textual format [RFC5952]. To enable simpler parsing,
/// this SvcParamValue MUST NOT contain escape sequences.
///
/// The wire format for each parameter is a sequence of IP addresses in
/// network byte order. Like an A or AAAA RRSet, the list of addresses
/// represents an unordered collection, and clients SHOULD pick addresses
/// to use in a random order. An empty list of addresses is invalid.
///
/// When selecting between IPv4 and IPv6 addresses to use, clients may
/// use an approach such as Happy Eyeballs [HappyEyeballsV2]. When only
/// "ipv4hint" is present, IPv6-only clients may synthesize IPv6
/// addresses as specified in [RFC7050] or ignore the "ipv4hint" key and
/// wait for AAAA resolution (Section 3). Recursive resolvers MUST NOT
/// perform DNS64 ([RFC6147]) on parameters within a SVCB record. For
/// best performance, server operators SHOULD include an "ipv6hint"
/// parameter whenever they include an "ipv4hint" parameter.
///
/// These parameters are intended to minimize additional connection
/// latency when a recursive resolver is not compliant with the
/// requirements in Section 4, and SHOULD NOT be included if most clients
/// are using compliant recursive resolvers. When TargetName is the
/// origin hostname or the owner name (which can be written as "."),
/// server operators SHOULD NOT include these hints, because they are
/// unlikely to convey any performance benefit.
/// ```
#[cfg_attr(feature = "serde-config", derive(Deserialize, Serialize))]
#[derive(Debug, PartialEq, Eq, Hash, Clone)]
#[repr(transparent)]
pub struct IpHint<T>(pub Vec<T>);
impl<'r, T> BinDecodable<'r> for IpHint<T>
where
T: BinDecodable<'r>,
{
/// The wire format for each parameter is a sequence of IP addresses in
/// network byte order. Like an A or AAAA RRSet, the list of addresses
/// represents an unordered collection, and clients SHOULD pick addresses
/// to use in a random order. An empty list of addresses is invalid.
fn read(decoder: &mut BinDecoder<'r>) -> ProtoResult<Self> {
let mut ips = Vec::new();
while decoder.peek().is_some() {
ips.push(T::read(decoder)?)
}
Ok(Self(ips))
}
}
impl<T> BinEncodable for IpHint<T>
where
T: BinEncodable,
{
/// The wire format for each parameter is a sequence of IP addresses in
/// network byte order. Like an A or AAAA RRSet, the list of addresses
/// represents an unordered collection, and clients SHOULD pick addresses
/// to use in a random order. An empty list of addresses is invalid.
fn emit(&self, encoder: &mut BinEncoder<'_>) -> ProtoResult<()> {
for ip in self.0.iter() {
ip.emit(encoder)?;
}
Ok(())
}
}
impl<T> fmt::Display for IpHint<T>
where
T: fmt::Display,
{
/// The presentation "value" SHALL be a comma-separated list
/// (Appendix A.1) of one or more IP addresses of the appropriate family
/// in standard textual format [RFC 5952](https://tools.ietf.org/html/rfc5952). To enable simpler parsing,
/// this SvcParamValue MUST NOT contain escape sequences.
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> {
for ip in self.0.iter() {
write!(f, "{},", ip)?;
}
Ok(())
}
}
/// [draft-ietf-dnsop-svcb-https-03 SVCB and HTTPS RRs for DNS, February 2021](https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-svcb-https-03#section-2.1)
/// ```text
/// Unrecognized keys are represented in presentation format as
/// "keyNNNNN" where NNNNN is the numeric value of the key type without
/// leading zeros. A SvcParam in this form SHALL be parsed as specified
/// above, and the decoded "value" SHALL be used as its wire format
/// encoding.
///
/// For some SvcParamKeys, the "value" corresponds to a list or set of
/// items. Presentation formats for such keys SHOULD use a comma-
/// separated list (Appendix A.1).
///
/// SvcParams in presentation format MAY appear in any order, but keys
/// MUST NOT be repeated.
/// ```
#[cfg_attr(feature = "serde-config", derive(Deserialize, Serialize))]
#[derive(Debug, PartialEq, Eq, Hash, Clone)]
#[repr(transparent)]
pub struct Unknown(pub Vec<u8>);
impl<'r> BinDecodable<'r> for Unknown {
fn read(decoder: &mut BinDecoder<'r>) -> ProtoResult<Self> {
// The passed slice is already length delimited, and we cannot
// assume it's a collection of anything.
let len = decoder.len();
let data = decoder.read_vec(len)?;
let unknowns = data.unverified(/*any data is valid here*/).to_vec();
Ok(Self(unknowns))
}
}
impl BinEncodable for Unknown {
fn emit(&self, encoder: &mut BinEncoder<'_>) -> ProtoResult<()> {
encoder.emit_character_data(&self.0)?;
Ok(())
}
}
impl fmt::Display for Unknown {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> {
// TODO: this needs to be properly encoded
write!(f, "\"{}\",", String::from_utf8_lossy(&self.0))?;
Ok(())
}
}
/// Reads the SVCB record from the decoder.
///
/// ```text
/// Clients MUST consider an RR malformed if:
///
/// * the end of the RDATA occurs within a SvcParam.
/// * SvcParamKeys are not in strictly increasing numeric order.
/// * the SvcParamValue for an SvcParamKey does not have the expected
/// format.
///
/// Note that the second condition implies that there are no duplicate
/// SvcParamKeys.
///
/// If any RRs are malformed, the client MUST reject the entire RRSet and
/// fall back to non-SVCB connection establishment.
/// ```
pub fn read(decoder: &mut BinDecoder<'_>, rdata_length: Restrict<u16>) -> ProtoResult<SVCB> {
let start_index = decoder.index();
let svc_priority = decoder.read_u16()?.unverified(/*any u16 is valid*/);
let target_name = Name::read(decoder)?;
let mut remainder_len = rdata_length
.map(|len| len as usize)
.checked_sub(decoder.index() - start_index)
.map_err(|len| format!("Bad length for RDATA of SVCB: {}", len))?
.unverified(); // valid len
let mut svc_params: Vec<(SvcParamKey, SvcParamValue)> = Vec::new();
// must have at least 4 bytes left for the key and the length
while remainder_len >= 4 {
// a 2 octet field containing the SvcParamKey as an integer in
// network byte order. (See Section 14.3.2 for the defined values.)
let key = SvcParamKey::read(decoder)?;
// a 2 octet field containing the length of the SvcParamValue as an
// integer between 0 and 65535 in network byte order (but constrained
// by the RDATA and DNS message sizes).
let value = SvcParamValue::read(key, decoder)?;
if let Some(last_key) = svc_params.last().map(|(key, _)| key) {
if last_key >= &key {
return Err(ProtoError::from("SvcParams out of order"));
}
}
svc_params.push((key, value));
remainder_len = rdata_length
.map(|len| len as usize)
.checked_sub(decoder.index() - start_index)
.map_err(|len| format!("Bad length for RDATA of SVCB: {}", len))?
.unverified(); // valid len
}
Ok(SVCB {
svc_priority,
target_name,
svc_params,
})
}
/// Write the RData from the given Decoder
pub fn emit(encoder: &mut BinEncoder<'_>, svcb: &SVCB) -> ProtoResult<()> {
svcb.svc_priority.emit(encoder)?;
svcb.target_name.emit(encoder)?;
let mut last_key: Option<SvcParamKey> = None;
for (key, param) in svcb.svc_params.iter() {
if let Some(last_key) = last_key {
if key <= &last_key {
return Err(ProtoError::from("SvcParams out of order"));
}
}
key.emit(encoder)?;
param.emit(encoder)?;
last_key = Some(*key);
}
Ok(())
}
/// [draft-ietf-dnsop-svcb-https-03 SVCB and HTTPS RRs for DNS, February 2021](https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-svcb-https-03#section-10.3)
///
/// ```text
/// simple.example. 7200 IN HTTPS 1 . alpn=h3
/// pool 7200 IN HTTPS 1 h3pool alpn=h2,h3 echconfig="123..."
/// HTTPS 2 . alpn=h2 echconfig="abc..."
/// @ 7200 IN HTTPS 0 www
/// _8765._baz.api.example.com. 7200 IN SVCB 0 svc4-baz.example.net.
/// ```
impl fmt::Display for SVCB {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> {
write!(
f,
"{svc_priority} {target_name}",
svc_priority = self.svc_priority,
target_name = self.target_name,
)?;
for (key, param) in self.svc_params.iter() {
write!(f, " {key}={param}", key = key, param = param)?
}
Ok(())
}
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn read_svcb_key() {
assert_eq!(SvcParamKey::Mandatory, 0.into());
assert_eq!(SvcParamKey::Alpn, 1.into());
assert_eq!(SvcParamKey::NoDefaultAlpn, 2.into());
assert_eq!(SvcParamKey::Port, 3.into());
assert_eq!(SvcParamKey::Ipv4Hint, 4.into());
assert_eq!(SvcParamKey::EchConfig, 5.into());
assert_eq!(SvcParamKey::Ipv6Hint, 6.into());
assert_eq!(SvcParamKey::Key(65280), 65280.into());
assert_eq!(SvcParamKey::Key(65534), 65534.into());
assert_eq!(SvcParamKey::Key65535, 65535.into());
assert_eq!(SvcParamKey::Unknown(65279), 65279.into());
}
#[test]
fn read_svcb_key_to_u16() {
assert_eq!(u16::from(SvcParamKey::Mandatory), 0);
assert_eq!(u16::from(SvcParamKey::Alpn), 1);
assert_eq!(u16::from(SvcParamKey::NoDefaultAlpn), 2);
assert_eq!(u16::from(SvcParamKey::Port), 3);
assert_eq!(u16::from(SvcParamKey::Ipv4Hint), 4);
assert_eq!(u16::from(SvcParamKey::EchConfig), 5);
assert_eq!(u16::from(SvcParamKey::Ipv6Hint), 6);
assert_eq!(u16::from(SvcParamKey::Key(65280)), 65280);
assert_eq!(u16::from(SvcParamKey::Key(65534)), 65534);
assert_eq!(u16::from(SvcParamKey::Key65535), 65535);
assert_eq!(u16::from(SvcParamKey::Unknown(65279)), 65279);
}
#[track_caller]
fn test_encode_decode(rdata: SVCB) {
let mut bytes = Vec::new();
let mut encoder: BinEncoder<'_> = BinEncoder::new(&mut bytes);
emit(&mut encoder, &rdata).expect("failed to emit SVCB");
let bytes = encoder.into_bytes();
println!("svcb: {}", rdata);
println!("bytes: {:?}", bytes);
let mut decoder: BinDecoder<'_> = BinDecoder::new(bytes);
let read_rdata =
read(&mut decoder, Restrict::new(bytes.len() as u16)).expect("failed to read back");
assert_eq!(rdata, read_rdata);
}
#[test]
fn test_encode_decode_svcb() {
test_encode_decode(SVCB::new(
0,
Name::from_utf8("www.example.com.").unwrap(),
vec![],
));
test_encode_decode(SVCB::new(
0,
Name::from_utf8(".").unwrap(),
vec![(
SvcParamKey::Alpn,
SvcParamValue::Alpn(Alpn(vec!["h2".to_string()])),
)],
));
test_encode_decode(SVCB::new(
0,
Name::from_utf8("example.com.").unwrap(),
vec![
(
SvcParamKey::Mandatory,
SvcParamValue::Mandatory(Mandatory(vec![SvcParamKey::Alpn])),
),
(
SvcParamKey::Alpn,
SvcParamValue::Alpn(Alpn(vec!["h2".to_string()])),
),
],
));
}
#[test]
#[should_panic]
fn test_encode_decode_svcb_bad_order() {
test_encode_decode(SVCB::new(
0,
Name::from_utf8(".").unwrap(),
vec![
(
SvcParamKey::Alpn,
SvcParamValue::Alpn(Alpn(vec!["h2".to_string()])),
),
(
SvcParamKey::Mandatory,
SvcParamValue::Mandatory(Mandatory(vec![SvcParamKey::Alpn])),
),
],
));
}
#[test]
fn test_no_panic() {
const BUF: &[u8] = &[
255, 121, 0, 0, 0, 0, 40, 255, 255, 160, 160, 0, 0, 0, 64, 0, 1, 255, 158, 0, 0, 0, 8,
0, 0, 7, 7, 0, 0, 0, 0, 0, 0, 0,
];
assert!(crate::op::Message::from_vec(BUF).is_err());
}
}