systemd/src/shared/resolve-util.h

/* SPDX-License-Identifier: LGPL-2.1+ */
#pragma once

#include "conf-parser.h"
#include "macro.h"

typedef enum ResolveSupport ResolveSupport;
typedef enum DnssecMode DnssecMode;
typedef enum DnsOverTlsMode DnsOverTlsMode;

enum ResolveSupport {
        RESOLVE_SUPPORT_NO,
        RESOLVE_SUPPORT_YES,
        RESOLVE_SUPPORT_RESOLVE,
        _RESOLVE_SUPPORT_MAX,
        _RESOLVE_SUPPORT_INVALID = -1
};

enum DnssecMode {
        /* No DNSSEC validation is done */
        DNSSEC_NO,

        /* Validate locally, if the server knows DO, but if not,
         * don't. Don't trust the AD bit. If the server doesn't do
         * DNSSEC properly, downgrade to non-DNSSEC operation. Of
         * course, we then are vulnerable to a downgrade attack, but
         * that's life and what is configured. */
        DNSSEC_ALLOW_DOWNGRADE,

        /* Insist on DNSSEC server support, and rather fail than downgrading. */
        DNSSEC_YES,

        _DNSSEC_MODE_MAX,
        _DNSSEC_MODE_INVALID = -1
};

enum DnsOverTlsMode {
        /* No connection is made for DNS-over-TLS */
        DNS_OVER_TLS_NO,

        /* Try to connect using DNS-over-TLS, but if connection fails,
         * fallback to using an unencrypted connection */
        DNS_OVER_TLS_OPPORTUNISTIC,

        /* Enforce DNS-over-TLS and require valid server certificates */
        DNS_OVER_TLS_YES,

        _DNS_OVER_TLS_MODE_MAX,
        _DNS_OVER_TLS_MODE_INVALID = -1
};

CONFIG_PARSER_PROTOTYPE(config_parse_resolve_support);
CONFIG_PARSER_PROTOTYPE(config_parse_dnssec_mode);
CONFIG_PARSER_PROTOTYPE(config_parse_dns_over_tls_mode);

const char* resolve_support_to_string(ResolveSupport p) _const_;
ResolveSupport resolve_support_from_string(const char *s) _pure_;

const char* dnssec_mode_to_string(DnssecMode p) _const_;
DnssecMode dnssec_mode_from_string(const char *s) _pure_;

const char* dns_over_tls_mode_to_string(DnsOverTlsMode p) _const_;
DnsOverTlsMode dns_over_tls_mode_from_string(const char *s) _pure_;
Add SPDX license identifiers to source files under the LGPL This follows what the kernel is doing, c.f. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fd54ace4721fc5ce2bb5aef6318fcf17f421460. 2017-11-18 19:09:20 +03:00			`/* SPDX-License-Identifier: LGPL-2.1+ */`
resolved,networkd: unify ResolveSupport enum networkd previously knew an enum "ResolveSupport" for configuring per-interface LLMNR support, resolved had a similar enum just called "Support", with the same value and similar pasers. Unify this, call the enum ResolveSupport, and port both daemons to it. 2016-01-05 19:25:10 +03:00			`#pragma once`

tree-wide: port over all code to the new CONFIG_PARSER_PROTOTYPE() macro This makes most header files easier to look at. Also Emacs gets really slow when browsing through large sections of overly long prototypes, which is much improved by this macro. We should probably not do something similar with too many other cases, as macros like this might help readability for some, but make it worse for others. But I think given the complexity of this specific prototype and how often we use it, it's worth doing. 2018-05-22 14:10:17 +03:00			`#include "conf-parser.h"`
resolved,networkd: unify ResolveSupport enum networkd previously knew an enum "ResolveSupport" for configuring per-interface LLMNR support, resolved had a similar enum just called "Support", with the same value and similar pasers. Unify this, call the enum ResolveSupport, and port both daemons to it. 2016-01-05 19:25:10 +03:00			`#include "macro.h"`

			`typedef enum ResolveSupport ResolveSupport;`
resolved,networkd: add a per-interface DNSSEC setting This adds a DNSSEC= setting to .network files, and makes resolved honour them. 2016-01-05 21:57:33 +03:00			`typedef enum DnssecMode DnssecMode;`
resolve: rename PrivateDNS to DNSOverTLS PrivateDNS is not considered a good name for this option, so rename it to DNSOverTLS 2018-06-13 21:26:24 +03:00			`typedef enum DnsOverTlsMode DnsOverTlsMode;`
resolved,networkd: unify ResolveSupport enum networkd previously knew an enum "ResolveSupport" for configuring per-interface LLMNR support, resolved had a similar enum just called "Support", with the same value and similar pasers. Unify this, call the enum ResolveSupport, and port both daemons to it. 2016-01-05 19:25:10 +03:00
			`enum ResolveSupport {`
			`RESOLVE_SUPPORT_NO,`
			`RESOLVE_SUPPORT_YES,`
			`RESOLVE_SUPPORT_RESOLVE,`
			`_RESOLVE_SUPPORT_MAX,`
			`_RESOLVE_SUPPORT_INVALID = -1`
			`};`

resolved,networkd: add a per-interface DNSSEC setting This adds a DNSSEC= setting to .network files, and makes resolved honour them. 2016-01-05 21:57:33 +03:00			`enum DnssecMode {`
			`/* No DNSSEC validation is done */`
			`DNSSEC_NO,`

			`/* Validate locally, if the server knows DO, but if not,`
			`* don't. Don't trust the AD bit. If the server doesn't do`
			`* DNSSEC properly, downgrade to non-DNSSEC operation. Of`
			`* course, we then are vulnerable to a downgrade attack, but`
			`* that's life and what is configured. */`
			`DNSSEC_ALLOW_DOWNGRADE,`

			`/* Insist on DNSSEC server support, and rather fail than downgrading. */`
			`DNSSEC_YES,`

			`_DNSSEC_MODE_MAX,`
			`_DNSSEC_MODE_INVALID = -1`
			`};`

resolve: rename PrivateDNS to DNSOverTLS PrivateDNS is not considered a good name for this option, so rename it to DNSOverTLS 2018-06-13 21:26:24 +03:00			`enum DnsOverTlsMode {`
resolved: support for DNS-over-TLS Add support for DNS-over-TLS using GnuTLS. To reduce latency also TLS False Start and TLS session resumption is supported. 2018-04-27 18:50:38 +03:00			`/* No connection is made for DNS-over-TLS */`
resolve: rename PrivateDNS to DNSOverTLS PrivateDNS is not considered a good name for this option, so rename it to DNSOverTLS 2018-06-13 21:26:24 +03:00			`DNS_OVER_TLS_NO,`
resolved: support for DNS-over-TLS Add support for DNS-over-TLS using GnuTLS. To reduce latency also TLS False Start and TLS session resumption is supported. 2018-04-27 18:50:38 +03:00
			`/* Try to connect using DNS-over-TLS, but if connection fails,`
			`* fallback to using an unencrypted connection */`
resolve: rename PrivateDNS to DNSOverTLS PrivateDNS is not considered a good name for this option, so rename it to DNSOverTLS 2018-06-13 21:26:24 +03:00			`DNS_OVER_TLS_OPPORTUNISTIC,`
resolved: support for DNS-over-TLS Add support for DNS-over-TLS using GnuTLS. To reduce latency also TLS False Start and TLS session resumption is supported. 2018-04-27 18:50:38 +03:00
resolved: add strict mode for DNS-over-TLS Add strict mode for DNS-over-TLS, which will require TLS support from the server. Closes #10755 2019-02-18 22:41:46 +03:00			`/* Enforce DNS-over-TLS and require valid server certificates */`
			`DNS_OVER_TLS_YES,`

resolve: rename PrivateDNS to DNSOverTLS PrivateDNS is not considered a good name for this option, so rename it to DNSOverTLS 2018-06-13 21:26:24 +03:00			`_DNS_OVER_TLS_MODE_MAX,`
			`_DNS_OVER_TLS_MODE_INVALID = -1`
resolved: support for DNS-over-TLS Add support for DNS-over-TLS using GnuTLS. To reduce latency also TLS False Start and TLS session resumption is supported. 2018-04-27 18:50:38 +03:00			`};`

tree-wide: port over all code to the new CONFIG_PARSER_PROTOTYPE() macro This makes most header files easier to look at. Also Emacs gets really slow when browsing through large sections of overly long prototypes, which is much improved by this macro. We should probably not do something similar with too many other cases, as macros like this might help readability for some, but make it worse for others. But I think given the complexity of this specific prototype and how often we use it, it's worth doing. 2018-05-22 14:10:17 +03:00			`CONFIG_PARSER_PROTOTYPE(config_parse_resolve_support);`
			`CONFIG_PARSER_PROTOTYPE(config_parse_dnssec_mode);`
resolve: rename PrivateDNS to DNSOverTLS PrivateDNS is not considered a good name for this option, so rename it to DNSOverTLS 2018-06-13 21:26:24 +03:00			`CONFIG_PARSER_PROTOTYPE(config_parse_dns_over_tls_mode);`
resolved,networkd: unify ResolveSupport enum networkd previously knew an enum "ResolveSupport" for configuring per-interface LLMNR support, resolved had a similar enum just called "Support", with the same value and similar pasers. Unify this, call the enum ResolveSupport, and port both daemons to it. 2016-01-05 19:25:10 +03:00
			`const char* resolve_support_to_string(ResolveSupport p) _const_;`
			`ResolveSupport resolve_support_from_string(const char *s) _pure_;`
resolved,networkd: add a per-interface DNSSEC setting This adds a DNSSEC= setting to .network files, and makes resolved honour them. 2016-01-05 21:57:33 +03:00
			`const char* dnssec_mode_to_string(DnssecMode p) _const_;`
			`DnssecMode dnssec_mode_from_string(const char *s) _pure_;`
resolved: support for DNS-over-TLS Add support for DNS-over-TLS using GnuTLS. To reduce latency also TLS False Start and TLS session resumption is supported. 2018-04-27 18:50:38 +03:00
resolve: rename PrivateDNS to DNSOverTLS PrivateDNS is not considered a good name for this option, so rename it to DNSOverTLS 2018-06-13 21:26:24 +03:00			`const char* dns_over_tls_mode_to_string(DnsOverTlsMode p) _const_;`
			`DnsOverTlsMode dns_over_tls_mode_from_string(const char *s) _pure_;`