mirror of
https://github.com/TwiN/gatus.git
synced 2024-11-25 01:13:40 +01:00
chore(deps): bump github.com/miekg/dns from 1.1.43 to 1.1.50 (#385)
Bumps [github.com/miekg/dns](https://github.com/miekg/dns) from 1.1.43 to 1.1.50. - [Release notes](https://github.com/miekg/dns/releases) - [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release) - [Commits](https://github.com/miekg/dns/compare/v1.1.43...v1.1.50) --- updated-dependencies: - dependency-name: github.com/miekg/dns dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This commit is contained in:
parent
9acace7d37
commit
a5f135c675
2
go.mod
2
go.mod
@ -12,7 +12,7 @@ require (
|
|||||||
github.com/google/uuid v1.3.0
|
github.com/google/uuid v1.3.0
|
||||||
github.com/gorilla/mux v1.8.0
|
github.com/gorilla/mux v1.8.0
|
||||||
github.com/lib/pq v1.10.7
|
github.com/lib/pq v1.10.7
|
||||||
github.com/miekg/dns v1.1.43
|
github.com/miekg/dns v1.1.50
|
||||||
github.com/prometheus/client_golang v1.14.0
|
github.com/prometheus/client_golang v1.14.0
|
||||||
github.com/wcharczuk/go-chart/v2 v2.1.0
|
github.com/wcharczuk/go-chart/v2 v2.1.0
|
||||||
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
|
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
|
||||||
|
7
go.sum
7
go.sum
@ -246,8 +246,8 @@ github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/
|
|||||||
github.com/mattn/go-sqlite3 v1.14.15 h1:vfoHhTN1af61xCRSWzFIWzx2YskyMTwHLrExkBOjvxI=
|
github.com/mattn/go-sqlite3 v1.14.15 h1:vfoHhTN1af61xCRSWzFIWzx2YskyMTwHLrExkBOjvxI=
|
||||||
github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
|
github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
|
||||||
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
|
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
|
||||||
github.com/miekg/dns v1.1.43 h1:JKfpVSCB84vrAmHzyrsxB5NAr5kLoMXZArPSw7Qlgyg=
|
github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA=
|
||||||
github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4=
|
github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
|
||||||
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
|
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
|
||||||
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
|
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
|
||||||
github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
|
github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
|
||||||
@ -403,6 +403,7 @@ golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLd
|
|||||||
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
|
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
|
||||||
golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||||
golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||||
|
golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||||
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
|
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
|
||||||
golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
|
golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
|
||||||
golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
|
golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
|
||||||
@ -486,7 +487,6 @@ golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7w
|
|||||||
golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
|
||||||
golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
@ -583,6 +583,7 @@ golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
|
|||||||
golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
|
golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
|
||||||
golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
|
golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
|
||||||
golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
|
golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
|
||||||
|
golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
|
||||||
golang.org/x/tools v0.1.7 h1:6j8CgantCy3yc8JGBqkDLMKWqZ0RDU2g1HVgacojGWQ=
|
golang.org/x/tools v0.1.7 h1:6j8CgantCy3yc8JGBqkDLMKWqZ0RDU2g1HVgacojGWQ=
|
||||||
golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
|
golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
|
||||||
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||||
|
4
vendor/github.com/miekg/dns/README.md
generated
vendored
4
vendor/github.com/miekg/dns/README.md
generated
vendored
@ -73,6 +73,10 @@ A not-so-up-to-date-list-that-may-be-actually-current:
|
|||||||
* https://github.com/bodgit/tsig
|
* https://github.com/bodgit/tsig
|
||||||
* https://github.com/v2fly/v2ray-core (test only)
|
* https://github.com/v2fly/v2ray-core (test only)
|
||||||
* https://kuma.io/
|
* https://kuma.io/
|
||||||
|
* https://www.misaka.io/services/dns
|
||||||
|
* https://ping.sx/dig
|
||||||
|
* https://fleetdeck.io/
|
||||||
|
* https://github.com/markdingo/autoreverse
|
||||||
|
|
||||||
|
|
||||||
Send pull request if you want to be listed here.
|
Send pull request if you want to be listed here.
|
||||||
|
2
vendor/github.com/miekg/dns/acceptfunc.go
generated
vendored
2
vendor/github.com/miekg/dns/acceptfunc.go
generated
vendored
@ -12,7 +12,7 @@ type MsgAcceptFunc func(dh Header) MsgAcceptAction
|
|||||||
//
|
//
|
||||||
// * Zero bit isn't zero
|
// * Zero bit isn't zero
|
||||||
//
|
//
|
||||||
// * has more than 1 question in the question section
|
// * does not have exactly 1 question in the question section
|
||||||
//
|
//
|
||||||
// * has more than 1 RR in the Answer section
|
// * has more than 1 RR in the Answer section
|
||||||
//
|
//
|
||||||
|
119
vendor/github.com/miekg/dns/client.go
generated
vendored
119
vendor/github.com/miekg/dns/client.go
generated
vendored
@ -18,6 +18,18 @@ const (
|
|||||||
tcpIdleTimeout time.Duration = 8 * time.Second
|
tcpIdleTimeout time.Duration = 8 * time.Second
|
||||||
)
|
)
|
||||||
|
|
||||||
|
func isPacketConn(c net.Conn) bool {
|
||||||
|
if _, ok := c.(net.PacketConn); !ok {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
if ua, ok := c.LocalAddr().(*net.UnixAddr); ok {
|
||||||
|
return ua.Net == "unixgram" || ua.Net == "unixpacket"
|
||||||
|
}
|
||||||
|
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
// A Conn represents a connection to a DNS server.
|
// A Conn represents a connection to a DNS server.
|
||||||
type Conn struct {
|
type Conn struct {
|
||||||
net.Conn // a net.Conn holding the connection
|
net.Conn // a net.Conn holding the connection
|
||||||
@ -27,6 +39,14 @@ type Conn struct {
|
|||||||
tsigRequestMAC string
|
tsigRequestMAC string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (co *Conn) tsigProvider() TsigProvider {
|
||||||
|
if co.TsigProvider != nil {
|
||||||
|
return co.TsigProvider
|
||||||
|
}
|
||||||
|
// tsigSecretProvider will return ErrSecret if co.TsigSecret is nil.
|
||||||
|
return tsigSecretProvider(co.TsigSecret)
|
||||||
|
}
|
||||||
|
|
||||||
// A Client defines parameters for a DNS client.
|
// A Client defines parameters for a DNS client.
|
||||||
type Client struct {
|
type Client struct {
|
||||||
Net string // if "tcp" or "tcp-tls" (DNS over TLS) a TCP query will be initiated, otherwise an UDP one (default is "" for UDP)
|
Net string // if "tcp" or "tcp-tls" (DNS over TLS) a TCP query will be initiated, otherwise an UDP one (default is "" for UDP)
|
||||||
@ -82,6 +102,12 @@ func (c *Client) writeTimeout() time.Duration {
|
|||||||
|
|
||||||
// Dial connects to the address on the named network.
|
// Dial connects to the address on the named network.
|
||||||
func (c *Client) Dial(address string) (conn *Conn, err error) {
|
func (c *Client) Dial(address string) (conn *Conn, err error) {
|
||||||
|
return c.DialContext(context.Background(), address)
|
||||||
|
}
|
||||||
|
|
||||||
|
// DialContext connects to the address on the named network, with a context.Context.
|
||||||
|
// For TLS over TCP (DoT) the context isn't used yet. This will be enabled when Go 1.18 is released.
|
||||||
|
func (c *Client) DialContext(ctx context.Context, address string) (conn *Conn, err error) {
|
||||||
// create a new dialer with the appropriate timeout
|
// create a new dialer with the appropriate timeout
|
||||||
var d net.Dialer
|
var d net.Dialer
|
||||||
if c.Dialer == nil {
|
if c.Dialer == nil {
|
||||||
@ -101,9 +127,17 @@ func (c *Client) Dial(address string) (conn *Conn, err error) {
|
|||||||
if useTLS {
|
if useTLS {
|
||||||
network = strings.TrimSuffix(network, "-tls")
|
network = strings.TrimSuffix(network, "-tls")
|
||||||
|
|
||||||
|
// TODO(miekg): Enable after Go 1.18 is released, to be able to support two prev. releases.
|
||||||
|
/*
|
||||||
|
tlsDialer := tls.Dialer{
|
||||||
|
NetDialer: &d,
|
||||||
|
Config: c.TLSConfig,
|
||||||
|
}
|
||||||
|
conn.Conn, err = tlsDialer.DialContext(ctx, network, address)
|
||||||
|
*/
|
||||||
conn.Conn, err = tls.DialWithDialer(&d, network, address, c.TLSConfig)
|
conn.Conn, err = tls.DialWithDialer(&d, network, address, c.TLSConfig)
|
||||||
} else {
|
} else {
|
||||||
conn.Conn, err = d.Dial(network, address)
|
conn.Conn, err = d.DialContext(ctx, network, address)
|
||||||
}
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
@ -139,6 +173,7 @@ func (c *Client) Exchange(m *Msg, address string) (r *Msg, rtt time.Duration, er
|
|||||||
// ExchangeWithConn has the same behavior as Exchange, just with a predetermined connection
|
// ExchangeWithConn has the same behavior as Exchange, just with a predetermined connection
|
||||||
// that will be used instead of creating a new one.
|
// that will be used instead of creating a new one.
|
||||||
// Usage pattern with a *dns.Client:
|
// Usage pattern with a *dns.Client:
|
||||||
|
//
|
||||||
// c := new(dns.Client)
|
// c := new(dns.Client)
|
||||||
// // connection management logic goes here
|
// // connection management logic goes here
|
||||||
//
|
//
|
||||||
@ -148,15 +183,24 @@ func (c *Client) Exchange(m *Msg, address string) (r *Msg, rtt time.Duration, er
|
|||||||
// This allows users of the library to implement their own connection management,
|
// This allows users of the library to implement their own connection management,
|
||||||
// as opposed to Exchange, which will always use new connections and incur the added overhead
|
// as opposed to Exchange, which will always use new connections and incur the added overhead
|
||||||
// that entails when using "tcp" and especially "tcp-tls" clients.
|
// that entails when using "tcp" and especially "tcp-tls" clients.
|
||||||
|
//
|
||||||
|
// When the singleflight is set for this client the context is _not_ forwarded to the (shared) exchange, to
|
||||||
|
// prevent one cancelation from canceling all outstanding requests.
|
||||||
func (c *Client) ExchangeWithConn(m *Msg, conn *Conn) (r *Msg, rtt time.Duration, err error) {
|
func (c *Client) ExchangeWithConn(m *Msg, conn *Conn) (r *Msg, rtt time.Duration, err error) {
|
||||||
|
return c.exchangeWithConnContext(context.Background(), m, conn)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Client) exchangeWithConnContext(ctx context.Context, m *Msg, conn *Conn) (r *Msg, rtt time.Duration, err error) {
|
||||||
if !c.SingleInflight {
|
if !c.SingleInflight {
|
||||||
return c.exchange(m, conn)
|
return c.exchangeContext(ctx, m, conn)
|
||||||
}
|
}
|
||||||
|
|
||||||
q := m.Question[0]
|
q := m.Question[0]
|
||||||
key := fmt.Sprintf("%s:%d:%d", q.Name, q.Qtype, q.Qclass)
|
key := fmt.Sprintf("%s:%d:%d", q.Name, q.Qtype, q.Qclass)
|
||||||
r, rtt, err, shared := c.group.Do(key, func() (*Msg, time.Duration, error) {
|
r, rtt, err, shared := c.group.Do(key, func() (*Msg, time.Duration, error) {
|
||||||
return c.exchange(m, conn)
|
// When we're doing singleflight we don't want one context cancelation, cancel _all_ outstanding queries.
|
||||||
|
// Hence we ignore the context and use Background().
|
||||||
|
return c.exchangeContext(context.Background(), m, conn)
|
||||||
})
|
})
|
||||||
if r != nil && shared {
|
if r != nil && shared {
|
||||||
r = r.Copy()
|
r = r.Copy()
|
||||||
@ -165,8 +209,7 @@ func (c *Client) ExchangeWithConn(m *Msg, conn *Conn) (r *Msg, rtt time.Duration
|
|||||||
return r, rtt, err
|
return r, rtt, err
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Client) exchange(m *Msg, co *Conn) (r *Msg, rtt time.Duration, err error) {
|
func (c *Client) exchangeContext(ctx context.Context, m *Msg, co *Conn) (r *Msg, rtt time.Duration, err error) {
|
||||||
|
|
||||||
opt := m.IsEdns0()
|
opt := m.IsEdns0()
|
||||||
// If EDNS0 is used use that for size.
|
// If EDNS0 is used use that for size.
|
||||||
if opt != nil && opt.UDPSize() >= MinMsgSize {
|
if opt != nil && opt.UDPSize() >= MinMsgSize {
|
||||||
@ -177,16 +220,28 @@ func (c *Client) exchange(m *Msg, co *Conn) (r *Msg, rtt time.Duration, err erro
|
|||||||
co.UDPSize = c.UDPSize
|
co.UDPSize = c.UDPSize
|
||||||
}
|
}
|
||||||
|
|
||||||
co.TsigSecret, co.TsigProvider = c.TsigSecret, c.TsigProvider
|
|
||||||
t := time.Now()
|
|
||||||
// write with the appropriate write timeout
|
// write with the appropriate write timeout
|
||||||
co.SetWriteDeadline(t.Add(c.getTimeoutForRequest(c.writeTimeout())))
|
t := time.Now()
|
||||||
|
writeDeadline := t.Add(c.getTimeoutForRequest(c.writeTimeout()))
|
||||||
|
readDeadline := t.Add(c.getTimeoutForRequest(c.readTimeout()))
|
||||||
|
if deadline, ok := ctx.Deadline(); ok {
|
||||||
|
if deadline.Before(writeDeadline) {
|
||||||
|
writeDeadline = deadline
|
||||||
|
}
|
||||||
|
if deadline.Before(readDeadline) {
|
||||||
|
readDeadline = deadline
|
||||||
|
}
|
||||||
|
}
|
||||||
|
co.SetWriteDeadline(writeDeadline)
|
||||||
|
co.SetReadDeadline(readDeadline)
|
||||||
|
|
||||||
|
co.TsigSecret, co.TsigProvider = c.TsigSecret, c.TsigProvider
|
||||||
|
|
||||||
if err = co.WriteMsg(m); err != nil {
|
if err = co.WriteMsg(m); err != nil {
|
||||||
return nil, 0, err
|
return nil, 0, err
|
||||||
}
|
}
|
||||||
|
|
||||||
co.SetReadDeadline(time.Now().Add(c.getTimeoutForRequest(c.readTimeout())))
|
if isPacketConn(co.Conn) {
|
||||||
if _, ok := co.Conn.(net.PacketConn); ok {
|
|
||||||
for {
|
for {
|
||||||
r, err = co.ReadMsg()
|
r, err = co.ReadMsg()
|
||||||
// Ignore replies with mismatched IDs because they might be
|
// Ignore replies with mismatched IDs because they might be
|
||||||
@ -224,15 +279,8 @@ func (co *Conn) ReadMsg() (*Msg, error) {
|
|||||||
return m, err
|
return m, err
|
||||||
}
|
}
|
||||||
if t := m.IsTsig(); t != nil {
|
if t := m.IsTsig(); t != nil {
|
||||||
if co.TsigProvider != nil {
|
|
||||||
err = tsigVerifyProvider(p, co.TsigProvider, co.tsigRequestMAC, false)
|
|
||||||
} else {
|
|
||||||
if _, ok := co.TsigSecret[t.Hdr.Name]; !ok {
|
|
||||||
return m, ErrSecret
|
|
||||||
}
|
|
||||||
// Need to work on the original message p, as that was used to calculate the tsig.
|
// Need to work on the original message p, as that was used to calculate the tsig.
|
||||||
err = TsigVerify(p, co.TsigSecret[t.Hdr.Name], co.tsigRequestMAC, false)
|
err = TsigVerifyWithProvider(p, co.tsigProvider(), co.tsigRequestMAC, false)
|
||||||
}
|
|
||||||
}
|
}
|
||||||
return m, err
|
return m, err
|
||||||
}
|
}
|
||||||
@ -247,7 +295,7 @@ func (co *Conn) ReadMsgHeader(hdr *Header) ([]byte, error) {
|
|||||||
err error
|
err error
|
||||||
)
|
)
|
||||||
|
|
||||||
if _, ok := co.Conn.(net.PacketConn); ok {
|
if isPacketConn(co.Conn) {
|
||||||
if co.UDPSize > MinMsgSize {
|
if co.UDPSize > MinMsgSize {
|
||||||
p = make([]byte, co.UDPSize)
|
p = make([]byte, co.UDPSize)
|
||||||
} else {
|
} else {
|
||||||
@ -287,7 +335,7 @@ func (co *Conn) Read(p []byte) (n int, err error) {
|
|||||||
return 0, ErrConnEmpty
|
return 0, ErrConnEmpty
|
||||||
}
|
}
|
||||||
|
|
||||||
if _, ok := co.Conn.(net.PacketConn); ok {
|
if isPacketConn(co.Conn) {
|
||||||
// UDP connection
|
// UDP connection
|
||||||
return co.Conn.Read(p)
|
return co.Conn.Read(p)
|
||||||
}
|
}
|
||||||
@ -309,17 +357,8 @@ func (co *Conn) Read(p []byte) (n int, err error) {
|
|||||||
func (co *Conn) WriteMsg(m *Msg) (err error) {
|
func (co *Conn) WriteMsg(m *Msg) (err error) {
|
||||||
var out []byte
|
var out []byte
|
||||||
if t := m.IsTsig(); t != nil {
|
if t := m.IsTsig(); t != nil {
|
||||||
mac := ""
|
// Set tsigRequestMAC for the next read, although only used in zone transfers.
|
||||||
if co.TsigProvider != nil {
|
out, co.tsigRequestMAC, err = TsigGenerateWithProvider(m, co.tsigProvider(), co.tsigRequestMAC, false)
|
||||||
out, mac, err = tsigGenerateProvider(m, co.TsigProvider, co.tsigRequestMAC, false)
|
|
||||||
} else {
|
|
||||||
if _, ok := co.TsigSecret[t.Hdr.Name]; !ok {
|
|
||||||
return ErrSecret
|
|
||||||
}
|
|
||||||
out, mac, err = TsigGenerate(m, co.TsigSecret[t.Hdr.Name], co.tsigRequestMAC, false)
|
|
||||||
}
|
|
||||||
// Set for the next read, although only used in zone transfers
|
|
||||||
co.tsigRequestMAC = mac
|
|
||||||
} else {
|
} else {
|
||||||
out, err = m.Pack()
|
out, err = m.Pack()
|
||||||
}
|
}
|
||||||
@ -336,7 +375,7 @@ func (co *Conn) Write(p []byte) (int, error) {
|
|||||||
return 0, &Error{err: "message too large"}
|
return 0, &Error{err: "message too large"}
|
||||||
}
|
}
|
||||||
|
|
||||||
if _, ok := co.Conn.(net.PacketConn); ok {
|
if isPacketConn(co.Conn) {
|
||||||
return co.Conn.Write(p)
|
return co.Conn.Write(p)
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -435,15 +474,11 @@ func DialTimeoutWithTLS(network, address string, tlsConfig *tls.Config, timeout
|
|||||||
// context, if present. If there is both a context deadline and a configured
|
// context, if present. If there is both a context deadline and a configured
|
||||||
// timeout on the client, the earliest of the two takes effect.
|
// timeout on the client, the earliest of the two takes effect.
|
||||||
func (c *Client) ExchangeContext(ctx context.Context, m *Msg, a string) (r *Msg, rtt time.Duration, err error) {
|
func (c *Client) ExchangeContext(ctx context.Context, m *Msg, a string) (r *Msg, rtt time.Duration, err error) {
|
||||||
var timeout time.Duration
|
conn, err := c.DialContext(ctx, a)
|
||||||
if deadline, ok := ctx.Deadline(); !ok {
|
if err != nil {
|
||||||
timeout = 0
|
return nil, 0, err
|
||||||
} else {
|
|
||||||
timeout = time.Until(deadline)
|
|
||||||
}
|
}
|
||||||
// not passing the context to the underlying calls, as the API does not support
|
defer conn.Close()
|
||||||
// context. For timeouts you should set up Client.Dialer and call Client.Exchange.
|
|
||||||
// TODO(tmthrgd,miekg): this is a race condition.
|
return c.exchangeWithConnContext(ctx, m, conn)
|
||||||
c.Dialer = &net.Dialer{Timeout: timeout}
|
|
||||||
return c.Exchange(m, a)
|
|
||||||
}
|
}
|
||||||
|
5
vendor/github.com/miekg/dns/defaults.go
generated
vendored
5
vendor/github.com/miekg/dns/defaults.go
generated
vendored
@ -218,6 +218,11 @@ func IsDomainName(s string) (labels int, ok bool) {
|
|||||||
|
|
||||||
wasDot = false
|
wasDot = false
|
||||||
case '.':
|
case '.':
|
||||||
|
if i == 0 && len(s) > 1 {
|
||||||
|
// leading dots are not legal except for the root zone
|
||||||
|
return labels, false
|
||||||
|
}
|
||||||
|
|
||||||
if wasDot {
|
if wasDot {
|
||||||
// two dots back to back is not legal
|
// two dots back to back is not legal
|
||||||
return labels, false
|
return labels, false
|
||||||
|
46
vendor/github.com/miekg/dns/dnssec.go
generated
vendored
46
vendor/github.com/miekg/dns/dnssec.go
generated
vendored
@ -65,6 +65,9 @@ var AlgorithmToString = map[uint8]string{
|
|||||||
}
|
}
|
||||||
|
|
||||||
// AlgorithmToHash is a map of algorithm crypto hash IDs to crypto.Hash's.
|
// AlgorithmToHash is a map of algorithm crypto hash IDs to crypto.Hash's.
|
||||||
|
// For newer algorithm that do their own hashing (i.e. ED25519) the returned value
|
||||||
|
// is 0, implying no (external) hashing should occur. The non-exported identityHash is then
|
||||||
|
// used.
|
||||||
var AlgorithmToHash = map[uint8]crypto.Hash{
|
var AlgorithmToHash = map[uint8]crypto.Hash{
|
||||||
RSAMD5: crypto.MD5, // Deprecated in RFC 6725
|
RSAMD5: crypto.MD5, // Deprecated in RFC 6725
|
||||||
DSA: crypto.SHA1,
|
DSA: crypto.SHA1,
|
||||||
@ -74,7 +77,7 @@ var AlgorithmToHash = map[uint8]crypto.Hash{
|
|||||||
ECDSAP256SHA256: crypto.SHA256,
|
ECDSAP256SHA256: crypto.SHA256,
|
||||||
ECDSAP384SHA384: crypto.SHA384,
|
ECDSAP384SHA384: crypto.SHA384,
|
||||||
RSASHA512: crypto.SHA512,
|
RSASHA512: crypto.SHA512,
|
||||||
ED25519: crypto.Hash(0),
|
ED25519: 0,
|
||||||
}
|
}
|
||||||
|
|
||||||
// DNSSEC hashing algorithm codes.
|
// DNSSEC hashing algorithm codes.
|
||||||
@ -137,12 +140,12 @@ func (k *DNSKEY) KeyTag() uint16 {
|
|||||||
var keytag int
|
var keytag int
|
||||||
switch k.Algorithm {
|
switch k.Algorithm {
|
||||||
case RSAMD5:
|
case RSAMD5:
|
||||||
// Look at the bottom two bytes of the modules, which the last
|
|
||||||
// item in the pubkey.
|
|
||||||
// This algorithm has been deprecated, but keep this key-tag calculation.
|
// This algorithm has been deprecated, but keep this key-tag calculation.
|
||||||
|
// Look at the bottom two bytes of the modules, which the last item in the pubkey.
|
||||||
|
// See https://www.rfc-editor.org/errata/eid193 .
|
||||||
modulus, _ := fromBase64([]byte(k.PublicKey))
|
modulus, _ := fromBase64([]byte(k.PublicKey))
|
||||||
if len(modulus) > 1 {
|
if len(modulus) > 1 {
|
||||||
x := binary.BigEndian.Uint16(modulus[len(modulus)-2:])
|
x := binary.BigEndian.Uint16(modulus[len(modulus)-3:])
|
||||||
keytag = int(x)
|
keytag = int(x)
|
||||||
}
|
}
|
||||||
default:
|
default:
|
||||||
@ -296,35 +299,20 @@ func (rr *RRSIG) Sign(k crypto.Signer, rrset []RR) error {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
hash, ok := AlgorithmToHash[rr.Algorithm]
|
h, cryptohash, err := hashFromAlgorithm(rr.Algorithm)
|
||||||
if !ok {
|
|
||||||
return ErrAlg
|
|
||||||
}
|
|
||||||
|
|
||||||
switch rr.Algorithm {
|
|
||||||
case ED25519:
|
|
||||||
// ed25519 signs the raw message and performs hashing internally.
|
|
||||||
// All other supported signature schemes operate over the pre-hashed
|
|
||||||
// message, and thus ed25519 must be handled separately here.
|
|
||||||
//
|
|
||||||
// The raw message is passed directly into sign and crypto.Hash(0) is
|
|
||||||
// used to signal to the crypto.Signer that the data has not been hashed.
|
|
||||||
signature, err := sign(k, append(signdata, wire...), crypto.Hash(0), rr.Algorithm)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
rr.Signature = toBase64(signature)
|
switch rr.Algorithm {
|
||||||
return nil
|
|
||||||
case RSAMD5, DSA, DSANSEC3SHA1:
|
case RSAMD5, DSA, DSANSEC3SHA1:
|
||||||
// See RFC 6944.
|
// See RFC 6944.
|
||||||
return ErrAlg
|
return ErrAlg
|
||||||
default:
|
default:
|
||||||
h := hash.New()
|
|
||||||
h.Write(signdata)
|
h.Write(signdata)
|
||||||
h.Write(wire)
|
h.Write(wire)
|
||||||
|
|
||||||
signature, err := sign(k, h.Sum(nil), hash, rr.Algorithm)
|
signature, err := sign(k, h.Sum(nil), cryptohash, rr.Algorithm)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
@ -341,7 +329,7 @@ func sign(k crypto.Signer, hashed []byte, hash crypto.Hash, alg uint8) ([]byte,
|
|||||||
}
|
}
|
||||||
|
|
||||||
switch alg {
|
switch alg {
|
||||||
case RSASHA1, RSASHA1NSEC3SHA1, RSASHA256, RSASHA512:
|
case RSASHA1, RSASHA1NSEC3SHA1, RSASHA256, RSASHA512, ED25519:
|
||||||
return signature, nil
|
return signature, nil
|
||||||
case ECDSAP256SHA256, ECDSAP384SHA384:
|
case ECDSAP256SHA256, ECDSAP384SHA384:
|
||||||
ecdsaSignature := &struct {
|
ecdsaSignature := &struct {
|
||||||
@ -362,8 +350,6 @@ func sign(k crypto.Signer, hashed []byte, hash crypto.Hash, alg uint8) ([]byte,
|
|||||||
signature := intToBytes(ecdsaSignature.R, intlen)
|
signature := intToBytes(ecdsaSignature.R, intlen)
|
||||||
signature = append(signature, intToBytes(ecdsaSignature.S, intlen)...)
|
signature = append(signature, intToBytes(ecdsaSignature.S, intlen)...)
|
||||||
return signature, nil
|
return signature, nil
|
||||||
case ED25519:
|
|
||||||
return signature, nil
|
|
||||||
default:
|
default:
|
||||||
return nil, ErrAlg
|
return nil, ErrAlg
|
||||||
}
|
}
|
||||||
@ -437,9 +423,9 @@ func (rr *RRSIG) Verify(k *DNSKEY, rrset []RR) error {
|
|||||||
// remove the domain name and assume its ours?
|
// remove the domain name and assume its ours?
|
||||||
}
|
}
|
||||||
|
|
||||||
hash, ok := AlgorithmToHash[rr.Algorithm]
|
h, cryptohash, err := hashFromAlgorithm(rr.Algorithm)
|
||||||
if !ok {
|
if err != nil {
|
||||||
return ErrAlg
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
switch rr.Algorithm {
|
switch rr.Algorithm {
|
||||||
@ -450,10 +436,9 @@ func (rr *RRSIG) Verify(k *DNSKEY, rrset []RR) error {
|
|||||||
return ErrKey
|
return ErrKey
|
||||||
}
|
}
|
||||||
|
|
||||||
h := hash.New()
|
|
||||||
h.Write(signeddata)
|
h.Write(signeddata)
|
||||||
h.Write(wire)
|
h.Write(wire)
|
||||||
return rsa.VerifyPKCS1v15(pubkey, hash, h.Sum(nil), sigbuf)
|
return rsa.VerifyPKCS1v15(pubkey, cryptohash, h.Sum(nil), sigbuf)
|
||||||
|
|
||||||
case ECDSAP256SHA256, ECDSAP384SHA384:
|
case ECDSAP256SHA256, ECDSAP384SHA384:
|
||||||
pubkey := k.publicKeyECDSA()
|
pubkey := k.publicKeyECDSA()
|
||||||
@ -465,7 +450,6 @@ func (rr *RRSIG) Verify(k *DNSKEY, rrset []RR) error {
|
|||||||
r := new(big.Int).SetBytes(sigbuf[:len(sigbuf)/2])
|
r := new(big.Int).SetBytes(sigbuf[:len(sigbuf)/2])
|
||||||
s := new(big.Int).SetBytes(sigbuf[len(sigbuf)/2:])
|
s := new(big.Int).SetBytes(sigbuf[len(sigbuf)/2:])
|
||||||
|
|
||||||
h := hash.New()
|
|
||||||
h.Write(signeddata)
|
h.Write(signeddata)
|
||||||
h.Write(wire)
|
h.Write(wire)
|
||||||
if ecdsa.Verify(pubkey, h.Sum(nil), r, s) {
|
if ecdsa.Verify(pubkey, h.Sum(nil), r, s) {
|
||||||
|
2
vendor/github.com/miekg/dns/doc.go
generated
vendored
2
vendor/github.com/miekg/dns/doc.go
generated
vendored
@ -251,7 +251,7 @@ information.
|
|||||||
EDNS0
|
EDNS0
|
||||||
|
|
||||||
EDNS0 is an extension mechanism for the DNS defined in RFC 2671 and updated by
|
EDNS0 is an extension mechanism for the DNS defined in RFC 2671 and updated by
|
||||||
RFC 6891. It defines an new RR type, the OPT RR, which is then completely
|
RFC 6891. It defines a new RR type, the OPT RR, which is then completely
|
||||||
abused.
|
abused.
|
||||||
|
|
||||||
Basic use pattern for creating an (empty) OPT RR:
|
Basic use pattern for creating an (empty) OPT RR:
|
||||||
|
96
vendor/github.com/miekg/dns/edns.go
generated
vendored
96
vendor/github.com/miekg/dns/edns.go
generated
vendored
@ -14,6 +14,7 @@ const (
|
|||||||
EDNS0LLQ = 0x1 // long lived queries: http://tools.ietf.org/html/draft-sekar-dns-llq-01
|
EDNS0LLQ = 0x1 // long lived queries: http://tools.ietf.org/html/draft-sekar-dns-llq-01
|
||||||
EDNS0UL = 0x2 // update lease draft: http://files.dns-sd.org/draft-sekar-dns-ul.txt
|
EDNS0UL = 0x2 // update lease draft: http://files.dns-sd.org/draft-sekar-dns-ul.txt
|
||||||
EDNS0NSID = 0x3 // nsid (See RFC 5001)
|
EDNS0NSID = 0x3 // nsid (See RFC 5001)
|
||||||
|
EDNS0ESU = 0x4 // ENUM Source-URI draft: https://datatracker.ietf.org/doc/html/draft-kaplan-enum-source-uri-00
|
||||||
EDNS0DAU = 0x5 // DNSSEC Algorithm Understood
|
EDNS0DAU = 0x5 // DNSSEC Algorithm Understood
|
||||||
EDNS0DHU = 0x6 // DS Hash Understood
|
EDNS0DHU = 0x6 // DS Hash Understood
|
||||||
EDNS0N3U = 0x7 // NSEC3 Hash Understood
|
EDNS0N3U = 0x7 // NSEC3 Hash Understood
|
||||||
@ -56,6 +57,8 @@ func makeDataOpt(code uint16) EDNS0 {
|
|||||||
return new(EDNS0_PADDING)
|
return new(EDNS0_PADDING)
|
||||||
case EDNS0EDE:
|
case EDNS0EDE:
|
||||||
return new(EDNS0_EDE)
|
return new(EDNS0_EDE)
|
||||||
|
case EDNS0ESU:
|
||||||
|
return &EDNS0_ESU{Code: EDNS0ESU}
|
||||||
default:
|
default:
|
||||||
e := new(EDNS0_LOCAL)
|
e := new(EDNS0_LOCAL)
|
||||||
e.Code = code
|
e.Code = code
|
||||||
@ -95,6 +98,8 @@ func (rr *OPT) String() string {
|
|||||||
s += "\n; SUBNET: " + o.String()
|
s += "\n; SUBNET: " + o.String()
|
||||||
case *EDNS0_COOKIE:
|
case *EDNS0_COOKIE:
|
||||||
s += "\n; COOKIE: " + o.String()
|
s += "\n; COOKIE: " + o.String()
|
||||||
|
case *EDNS0_TCP_KEEPALIVE:
|
||||||
|
s += "\n; KEEPALIVE: " + o.String()
|
||||||
case *EDNS0_UL:
|
case *EDNS0_UL:
|
||||||
s += "\n; UPDATE LEASE: " + o.String()
|
s += "\n; UPDATE LEASE: " + o.String()
|
||||||
case *EDNS0_LLQ:
|
case *EDNS0_LLQ:
|
||||||
@ -111,6 +116,8 @@ func (rr *OPT) String() string {
|
|||||||
s += "\n; PADDING: " + o.String()
|
s += "\n; PADDING: " + o.String()
|
||||||
case *EDNS0_EDE:
|
case *EDNS0_EDE:
|
||||||
s += "\n; EDE: " + o.String()
|
s += "\n; EDE: " + o.String()
|
||||||
|
case *EDNS0_ESU:
|
||||||
|
s += "\n; ESU: " + o.String()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return s
|
return s
|
||||||
@ -577,14 +584,17 @@ func (e *EDNS0_N3U) copy() EDNS0 { return &EDNS0_N3U{e.Code, e.AlgCode} }
|
|||||||
type EDNS0_EXPIRE struct {
|
type EDNS0_EXPIRE struct {
|
||||||
Code uint16 // Always EDNS0EXPIRE
|
Code uint16 // Always EDNS0EXPIRE
|
||||||
Expire uint32
|
Expire uint32
|
||||||
|
Empty bool // Empty is used to signal an empty Expire option in a backwards compatible way, it's not used on the wire.
|
||||||
}
|
}
|
||||||
|
|
||||||
// Option implements the EDNS0 interface.
|
// Option implements the EDNS0 interface.
|
||||||
func (e *EDNS0_EXPIRE) Option() uint16 { return EDNS0EXPIRE }
|
func (e *EDNS0_EXPIRE) Option() uint16 { return EDNS0EXPIRE }
|
||||||
func (e *EDNS0_EXPIRE) String() string { return strconv.FormatUint(uint64(e.Expire), 10) }
|
func (e *EDNS0_EXPIRE) copy() EDNS0 { return &EDNS0_EXPIRE{e.Code, e.Expire, e.Empty} }
|
||||||
func (e *EDNS0_EXPIRE) copy() EDNS0 { return &EDNS0_EXPIRE{e.Code, e.Expire} }
|
|
||||||
|
|
||||||
func (e *EDNS0_EXPIRE) pack() ([]byte, error) {
|
func (e *EDNS0_EXPIRE) pack() ([]byte, error) {
|
||||||
|
if e.Empty {
|
||||||
|
return []byte{}, nil
|
||||||
|
}
|
||||||
b := make([]byte, 4)
|
b := make([]byte, 4)
|
||||||
binary.BigEndian.PutUint32(b, e.Expire)
|
binary.BigEndian.PutUint32(b, e.Expire)
|
||||||
return b, nil
|
return b, nil
|
||||||
@ -593,15 +603,24 @@ func (e *EDNS0_EXPIRE) pack() ([]byte, error) {
|
|||||||
func (e *EDNS0_EXPIRE) unpack(b []byte) error {
|
func (e *EDNS0_EXPIRE) unpack(b []byte) error {
|
||||||
if len(b) == 0 {
|
if len(b) == 0 {
|
||||||
// zero-length EXPIRE query, see RFC 7314 Section 2
|
// zero-length EXPIRE query, see RFC 7314 Section 2
|
||||||
|
e.Empty = true
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
if len(b) < 4 {
|
if len(b) < 4 {
|
||||||
return ErrBuf
|
return ErrBuf
|
||||||
}
|
}
|
||||||
e.Expire = binary.BigEndian.Uint32(b)
|
e.Expire = binary.BigEndian.Uint32(b)
|
||||||
|
e.Empty = false
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (e *EDNS0_EXPIRE) String() (s string) {
|
||||||
|
if e.Empty {
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
return strconv.FormatUint(uint64(e.Expire), 10)
|
||||||
|
}
|
||||||
|
|
||||||
// The EDNS0_LOCAL option is used for local/experimental purposes. The option
|
// The EDNS0_LOCAL option is used for local/experimental purposes. The option
|
||||||
// code is recommended to be within the range [EDNS0LOCALSTART, EDNS0LOCALEND]
|
// code is recommended to be within the range [EDNS0LOCALSTART, EDNS0LOCALEND]
|
||||||
// (RFC6891), although any unassigned code can actually be used. The content of
|
// (RFC6891), although any unassigned code can actually be used. The content of
|
||||||
@ -653,56 +672,51 @@ func (e *EDNS0_LOCAL) unpack(b []byte) error {
|
|||||||
// the TCP connection alive. See RFC 7828.
|
// the TCP connection alive. See RFC 7828.
|
||||||
type EDNS0_TCP_KEEPALIVE struct {
|
type EDNS0_TCP_KEEPALIVE struct {
|
||||||
Code uint16 // Always EDNSTCPKEEPALIVE
|
Code uint16 // Always EDNSTCPKEEPALIVE
|
||||||
Length uint16 // the value 0 if the TIMEOUT is omitted, the value 2 if it is present;
|
|
||||||
Timeout uint16 // an idle timeout value for the TCP connection, specified in units of 100 milliseconds, encoded in network byte order.
|
// Timeout is an idle timeout value for the TCP connection, specified in
|
||||||
|
// units of 100 milliseconds, encoded in network byte order. If set to 0,
|
||||||
|
// pack will return a nil slice.
|
||||||
|
Timeout uint16
|
||||||
|
|
||||||
|
// Length is the option's length.
|
||||||
|
// Deprecated: this field is deprecated and is always equal to 0.
|
||||||
|
Length uint16
|
||||||
}
|
}
|
||||||
|
|
||||||
// Option implements the EDNS0 interface.
|
// Option implements the EDNS0 interface.
|
||||||
func (e *EDNS0_TCP_KEEPALIVE) Option() uint16 { return EDNS0TCPKEEPALIVE }
|
func (e *EDNS0_TCP_KEEPALIVE) Option() uint16 { return EDNS0TCPKEEPALIVE }
|
||||||
|
|
||||||
func (e *EDNS0_TCP_KEEPALIVE) pack() ([]byte, error) {
|
func (e *EDNS0_TCP_KEEPALIVE) pack() ([]byte, error) {
|
||||||
if e.Timeout != 0 && e.Length != 2 {
|
if e.Timeout > 0 {
|
||||||
return nil, errors.New("dns: timeout specified but length is not 2")
|
b := make([]byte, 2)
|
||||||
}
|
binary.BigEndian.PutUint16(b, e.Timeout)
|
||||||
if e.Timeout == 0 && e.Length != 0 {
|
|
||||||
return nil, errors.New("dns: timeout not specified but length is not 0")
|
|
||||||
}
|
|
||||||
b := make([]byte, 4+e.Length)
|
|
||||||
binary.BigEndian.PutUint16(b[0:], e.Code)
|
|
||||||
binary.BigEndian.PutUint16(b[2:], e.Length)
|
|
||||||
if e.Length == 2 {
|
|
||||||
binary.BigEndian.PutUint16(b[4:], e.Timeout)
|
|
||||||
}
|
|
||||||
return b, nil
|
return b, nil
|
||||||
|
}
|
||||||
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (e *EDNS0_TCP_KEEPALIVE) unpack(b []byte) error {
|
func (e *EDNS0_TCP_KEEPALIVE) unpack(b []byte) error {
|
||||||
if len(b) < 4 {
|
switch len(b) {
|
||||||
return ErrBuf
|
case 0:
|
||||||
}
|
case 2:
|
||||||
e.Length = binary.BigEndian.Uint16(b[2:4])
|
e.Timeout = binary.BigEndian.Uint16(b)
|
||||||
if e.Length != 0 && e.Length != 2 {
|
default:
|
||||||
return errors.New("dns: length mismatch, want 0/2 but got " + strconv.FormatUint(uint64(e.Length), 10))
|
return fmt.Errorf("dns: length mismatch, want 0/2 but got %d", len(b))
|
||||||
}
|
|
||||||
if e.Length == 2 {
|
|
||||||
if len(b) < 6 {
|
|
||||||
return ErrBuf
|
|
||||||
}
|
|
||||||
e.Timeout = binary.BigEndian.Uint16(b[4:6])
|
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (e *EDNS0_TCP_KEEPALIVE) String() (s string) {
|
func (e *EDNS0_TCP_KEEPALIVE) String() string {
|
||||||
s = "use tcp keep-alive"
|
s := "use tcp keep-alive"
|
||||||
if e.Length == 0 {
|
if e.Timeout == 0 {
|
||||||
s += ", timeout omitted"
|
s += ", timeout omitted"
|
||||||
} else {
|
} else {
|
||||||
s += fmt.Sprintf(", timeout %dms", e.Timeout*100)
|
s += fmt.Sprintf(", timeout %dms", e.Timeout*100)
|
||||||
}
|
}
|
||||||
return
|
return s
|
||||||
}
|
}
|
||||||
func (e *EDNS0_TCP_KEEPALIVE) copy() EDNS0 { return &EDNS0_TCP_KEEPALIVE{e.Code, e.Length, e.Timeout} }
|
|
||||||
|
func (e *EDNS0_TCP_KEEPALIVE) copy() EDNS0 { return &EDNS0_TCP_KEEPALIVE{e.Code, e.Timeout, e.Length} }
|
||||||
|
|
||||||
// EDNS0_PADDING option is used to add padding to a request/response. The default
|
// EDNS0_PADDING option is used to add padding to a request/response. The default
|
||||||
// value of padding SHOULD be 0x0 but other values MAY be used, for instance if
|
// value of padding SHOULD be 0x0 but other values MAY be used, for instance if
|
||||||
@ -819,3 +833,19 @@ func (e *EDNS0_EDE) unpack(b []byte) error {
|
|||||||
e.ExtraText = string(b[2:])
|
e.ExtraText = string(b[2:])
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// The EDNS0_ESU option for ENUM Source-URI Extension
|
||||||
|
type EDNS0_ESU struct {
|
||||||
|
Code uint16
|
||||||
|
Uri string
|
||||||
|
}
|
||||||
|
|
||||||
|
// Option implements the EDNS0 interface.
|
||||||
|
func (e *EDNS0_ESU) Option() uint16 { return EDNS0ESU }
|
||||||
|
func (e *EDNS0_ESU) String() string { return e.Uri }
|
||||||
|
func (e *EDNS0_ESU) copy() EDNS0 { return &EDNS0_ESU{e.Code, e.Uri} }
|
||||||
|
func (e *EDNS0_ESU) pack() ([]byte, error) { return []byte(e.Uri), nil }
|
||||||
|
func (e *EDNS0_ESU) unpack(b []byte) error {
|
||||||
|
e.Uri = string(b)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
31
vendor/github.com/miekg/dns/hash.go
generated
vendored
Normal file
31
vendor/github.com/miekg/dns/hash.go
generated
vendored
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
package dns
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"crypto"
|
||||||
|
"hash"
|
||||||
|
)
|
||||||
|
|
||||||
|
// identityHash will not hash, it only buffers the data written into it and returns it as-is.
|
||||||
|
type identityHash struct {
|
||||||
|
b *bytes.Buffer
|
||||||
|
}
|
||||||
|
|
||||||
|
// Implement the hash.Hash interface.
|
||||||
|
|
||||||
|
func (i identityHash) Write(b []byte) (int, error) { return i.b.Write(b) }
|
||||||
|
func (i identityHash) Size() int { return i.b.Len() }
|
||||||
|
func (i identityHash) BlockSize() int { return 1024 }
|
||||||
|
func (i identityHash) Reset() { i.b.Reset() }
|
||||||
|
func (i identityHash) Sum(b []byte) []byte { return append(b, i.b.Bytes()...) }
|
||||||
|
|
||||||
|
func hashFromAlgorithm(alg uint8) (hash.Hash, crypto.Hash, error) {
|
||||||
|
hashnumber, ok := AlgorithmToHash[alg]
|
||||||
|
if !ok {
|
||||||
|
return nil, 0, ErrAlg
|
||||||
|
}
|
||||||
|
if hashnumber == 0 {
|
||||||
|
return identityHash{b: &bytes.Buffer{}}, hashnumber, nil
|
||||||
|
}
|
||||||
|
return hashnumber.New(), hashnumber, nil
|
||||||
|
}
|
14
vendor/github.com/miekg/dns/msg.go
generated
vendored
14
vendor/github.com/miekg/dns/msg.go
generated
vendored
@ -265,6 +265,11 @@ loop:
|
|||||||
|
|
||||||
wasDot = false
|
wasDot = false
|
||||||
case '.':
|
case '.':
|
||||||
|
if i == 0 && len(s) > 1 {
|
||||||
|
// leading dots are not legal except for the root zone
|
||||||
|
return len(msg), ErrRdata
|
||||||
|
}
|
||||||
|
|
||||||
if wasDot {
|
if wasDot {
|
||||||
// two dots back to back is not legal
|
// two dots back to back is not legal
|
||||||
return len(msg), ErrRdata
|
return len(msg), ErrRdata
|
||||||
@ -901,6 +906,11 @@ func (dns *Msg) String() string {
|
|||||||
s += "ANSWER: " + strconv.Itoa(len(dns.Answer)) + ", "
|
s += "ANSWER: " + strconv.Itoa(len(dns.Answer)) + ", "
|
||||||
s += "AUTHORITY: " + strconv.Itoa(len(dns.Ns)) + ", "
|
s += "AUTHORITY: " + strconv.Itoa(len(dns.Ns)) + ", "
|
||||||
s += "ADDITIONAL: " + strconv.Itoa(len(dns.Extra)) + "\n"
|
s += "ADDITIONAL: " + strconv.Itoa(len(dns.Extra)) + "\n"
|
||||||
|
opt := dns.IsEdns0()
|
||||||
|
if opt != nil {
|
||||||
|
// OPT PSEUDOSECTION
|
||||||
|
s += opt.String() + "\n"
|
||||||
|
}
|
||||||
if len(dns.Question) > 0 {
|
if len(dns.Question) > 0 {
|
||||||
s += "\n;; QUESTION SECTION:\n"
|
s += "\n;; QUESTION SECTION:\n"
|
||||||
for _, r := range dns.Question {
|
for _, r := range dns.Question {
|
||||||
@ -923,10 +933,10 @@ func (dns *Msg) String() string {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if len(dns.Extra) > 0 {
|
if len(dns.Extra) > 0 && (opt == nil || len(dns.Extra) > 1) {
|
||||||
s += "\n;; ADDITIONAL SECTION:\n"
|
s += "\n;; ADDITIONAL SECTION:\n"
|
||||||
for _, r := range dns.Extra {
|
for _, r := range dns.Extra {
|
||||||
if r != nil {
|
if r != nil && r.Header().Rrtype != TypeOPT {
|
||||||
s += r.String() + "\n"
|
s += r.String() + "\n"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
26
vendor/github.com/miekg/dns/msg_helpers.go
generated
vendored
26
vendor/github.com/miekg/dns/msg_helpers.go
generated
vendored
@ -476,7 +476,7 @@ func unpackDataNsec(msg []byte, off int) ([]uint16, int, error) {
|
|||||||
length, window, lastwindow := 0, 0, -1
|
length, window, lastwindow := 0, 0, -1
|
||||||
for off < len(msg) {
|
for off < len(msg) {
|
||||||
if off+2 > len(msg) {
|
if off+2 > len(msg) {
|
||||||
return nsec, len(msg), &Error{err: "overflow unpacking nsecx"}
|
return nsec, len(msg), &Error{err: "overflow unpacking NSEC(3)"}
|
||||||
}
|
}
|
||||||
window = int(msg[off])
|
window = int(msg[off])
|
||||||
length = int(msg[off+1])
|
length = int(msg[off+1])
|
||||||
@ -484,17 +484,17 @@ func unpackDataNsec(msg []byte, off int) ([]uint16, int, error) {
|
|||||||
if window <= lastwindow {
|
if window <= lastwindow {
|
||||||
// RFC 4034: Blocks are present in the NSEC RR RDATA in
|
// RFC 4034: Blocks are present in the NSEC RR RDATA in
|
||||||
// increasing numerical order.
|
// increasing numerical order.
|
||||||
return nsec, len(msg), &Error{err: "out of order NSEC block"}
|
return nsec, len(msg), &Error{err: "out of order NSEC(3) block in type bitmap"}
|
||||||
}
|
}
|
||||||
if length == 0 {
|
if length == 0 {
|
||||||
// RFC 4034: Blocks with no types present MUST NOT be included.
|
// RFC 4034: Blocks with no types present MUST NOT be included.
|
||||||
return nsec, len(msg), &Error{err: "empty NSEC block"}
|
return nsec, len(msg), &Error{err: "empty NSEC(3) block in type bitmap"}
|
||||||
}
|
}
|
||||||
if length > 32 {
|
if length > 32 {
|
||||||
return nsec, len(msg), &Error{err: "NSEC block too long"}
|
return nsec, len(msg), &Error{err: "NSEC(3) block too long in type bitmap"}
|
||||||
}
|
}
|
||||||
if off+length > len(msg) {
|
if off+length > len(msg) {
|
||||||
return nsec, len(msg), &Error{err: "overflowing NSEC block"}
|
return nsec, len(msg), &Error{err: "overflowing NSEC(3) block in type bitmap"}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Walk the bytes in the window and extract the type bits
|
// Walk the bytes in the window and extract the type bits
|
||||||
@ -558,6 +558,16 @@ func packDataNsec(bitmap []uint16, msg []byte, off int) (int, error) {
|
|||||||
if len(bitmap) == 0 {
|
if len(bitmap) == 0 {
|
||||||
return off, nil
|
return off, nil
|
||||||
}
|
}
|
||||||
|
if off > len(msg) {
|
||||||
|
return off, &Error{err: "overflow packing nsec"}
|
||||||
|
}
|
||||||
|
toZero := msg[off:]
|
||||||
|
if maxLen := typeBitMapLen(bitmap); maxLen < len(toZero) {
|
||||||
|
toZero = toZero[:maxLen]
|
||||||
|
}
|
||||||
|
for i := range toZero {
|
||||||
|
toZero[i] = 0
|
||||||
|
}
|
||||||
var lastwindow, lastlength uint16
|
var lastwindow, lastlength uint16
|
||||||
for _, t := range bitmap {
|
for _, t := range bitmap {
|
||||||
window := t / 256
|
window := t / 256
|
||||||
@ -781,6 +791,8 @@ func unpackDataAplPrefix(msg []byte, off int) (APLPrefix, int, error) {
|
|||||||
if off+afdlen > len(msg) {
|
if off+afdlen > len(msg) {
|
||||||
return APLPrefix{}, len(msg), &Error{err: "overflow unpacking APL address"}
|
return APLPrefix{}, len(msg), &Error{err: "overflow unpacking APL address"}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Address MUST NOT contain trailing zero bytes per RFC3123 Sections 4.1 and 4.2.
|
||||||
off += copy(ip, msg[off:off+afdlen])
|
off += copy(ip, msg[off:off+afdlen])
|
||||||
if afdlen > 0 {
|
if afdlen > 0 {
|
||||||
last := ip[afdlen-1]
|
last := ip[afdlen-1]
|
||||||
@ -792,10 +804,6 @@ func unpackDataAplPrefix(msg []byte, off int) (APLPrefix, int, error) {
|
|||||||
IP: ip,
|
IP: ip,
|
||||||
Mask: net.CIDRMask(int(prefix), 8*len(ip)),
|
Mask: net.CIDRMask(int(prefix), 8*len(ip)),
|
||||||
}
|
}
|
||||||
network := ipnet.IP.Mask(ipnet.Mask)
|
|
||||||
if !network.Equal(ipnet.IP) {
|
|
||||||
return APLPrefix{}, len(msg), &Error{err: "invalid APL address length"}
|
|
||||||
}
|
|
||||||
|
|
||||||
return APLPrefix{
|
return APLPrefix{
|
||||||
Negation: (nlen & 0x80) != 0,
|
Negation: (nlen & 0x80) != 0,
|
||||||
|
32
vendor/github.com/miekg/dns/server.go
generated
vendored
32
vendor/github.com/miekg/dns/server.go
generated
vendored
@ -71,7 +71,7 @@ type response struct {
|
|||||||
tsigTimersOnly bool
|
tsigTimersOnly bool
|
||||||
tsigStatus error
|
tsigStatus error
|
||||||
tsigRequestMAC string
|
tsigRequestMAC string
|
||||||
tsigSecret map[string]string // the tsig secrets
|
tsigProvider TsigProvider
|
||||||
udp net.PacketConn // i/o connection if UDP was used
|
udp net.PacketConn // i/o connection if UDP was used
|
||||||
tcp net.Conn // i/o connection if TCP was used
|
tcp net.Conn // i/o connection if TCP was used
|
||||||
udpSession *SessionUDP // oob data to get egress interface right
|
udpSession *SessionUDP // oob data to get egress interface right
|
||||||
@ -211,6 +211,8 @@ type Server struct {
|
|||||||
WriteTimeout time.Duration
|
WriteTimeout time.Duration
|
||||||
// TCP idle timeout for multiple queries, if nil, defaults to 8 * time.Second (RFC 5966).
|
// TCP idle timeout for multiple queries, if nil, defaults to 8 * time.Second (RFC 5966).
|
||||||
IdleTimeout func() time.Duration
|
IdleTimeout func() time.Duration
|
||||||
|
// An implementation of the TsigProvider interface. If defined it replaces TsigSecret and is used for all TSIG operations.
|
||||||
|
TsigProvider TsigProvider
|
||||||
// Secret(s) for Tsig map[<zonename>]<base64 secret>. The zonename must be in canonical form (lowercase, fqdn, see RFC 4034 Section 6.2).
|
// Secret(s) for Tsig map[<zonename>]<base64 secret>. The zonename must be in canonical form (lowercase, fqdn, see RFC 4034 Section 6.2).
|
||||||
TsigSecret map[string]string
|
TsigSecret map[string]string
|
||||||
// If NotifyStartedFunc is set it is called once the server has started listening.
|
// If NotifyStartedFunc is set it is called once the server has started listening.
|
||||||
@ -238,6 +240,16 @@ type Server struct {
|
|||||||
udpPool sync.Pool
|
udpPool sync.Pool
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (srv *Server) tsigProvider() TsigProvider {
|
||||||
|
if srv.TsigProvider != nil {
|
||||||
|
return srv.TsigProvider
|
||||||
|
}
|
||||||
|
if srv.TsigSecret != nil {
|
||||||
|
return tsigSecretProvider(srv.TsigSecret)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
func (srv *Server) isStarted() bool {
|
func (srv *Server) isStarted() bool {
|
||||||
srv.lock.RLock()
|
srv.lock.RLock()
|
||||||
started := srv.started
|
started := srv.started
|
||||||
@ -526,7 +538,7 @@ func (srv *Server) serveUDP(l net.PacketConn) error {
|
|||||||
|
|
||||||
// Serve a new TCP connection.
|
// Serve a new TCP connection.
|
||||||
func (srv *Server) serveTCPConn(wg *sync.WaitGroup, rw net.Conn) {
|
func (srv *Server) serveTCPConn(wg *sync.WaitGroup, rw net.Conn) {
|
||||||
w := &response{tsigSecret: srv.TsigSecret, tcp: rw}
|
w := &response{tsigProvider: srv.tsigProvider(), tcp: rw}
|
||||||
if srv.DecorateWriter != nil {
|
if srv.DecorateWriter != nil {
|
||||||
w.writer = srv.DecorateWriter(w)
|
w.writer = srv.DecorateWriter(w)
|
||||||
} else {
|
} else {
|
||||||
@ -581,7 +593,7 @@ func (srv *Server) serveTCPConn(wg *sync.WaitGroup, rw net.Conn) {
|
|||||||
|
|
||||||
// Serve a new UDP request.
|
// Serve a new UDP request.
|
||||||
func (srv *Server) serveUDPPacket(wg *sync.WaitGroup, m []byte, u net.PacketConn, udpSession *SessionUDP, pcSession net.Addr) {
|
func (srv *Server) serveUDPPacket(wg *sync.WaitGroup, m []byte, u net.PacketConn, udpSession *SessionUDP, pcSession net.Addr) {
|
||||||
w := &response{tsigSecret: srv.TsigSecret, udp: u, udpSession: udpSession, pcSession: pcSession}
|
w := &response{tsigProvider: srv.tsigProvider(), udp: u, udpSession: udpSession, pcSession: pcSession}
|
||||||
if srv.DecorateWriter != nil {
|
if srv.DecorateWriter != nil {
|
||||||
w.writer = srv.DecorateWriter(w)
|
w.writer = srv.DecorateWriter(w)
|
||||||
} else {
|
} else {
|
||||||
@ -632,15 +644,11 @@ func (srv *Server) serveDNS(m []byte, w *response) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
w.tsigStatus = nil
|
w.tsigStatus = nil
|
||||||
if w.tsigSecret != nil {
|
if w.tsigProvider != nil {
|
||||||
if t := req.IsTsig(); t != nil {
|
if t := req.IsTsig(); t != nil {
|
||||||
if secret, ok := w.tsigSecret[t.Hdr.Name]; ok {
|
w.tsigStatus = TsigVerifyWithProvider(m, w.tsigProvider, "", false)
|
||||||
w.tsigStatus = TsigVerify(m, secret, "", false)
|
|
||||||
} else {
|
|
||||||
w.tsigStatus = ErrSecret
|
|
||||||
}
|
|
||||||
w.tsigTimersOnly = false
|
w.tsigTimersOnly = false
|
||||||
w.tsigRequestMAC = req.Extra[len(req.Extra)-1].(*TSIG).MAC
|
w.tsigRequestMAC = t.MAC
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -718,9 +726,9 @@ func (w *response) WriteMsg(m *Msg) (err error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
var data []byte
|
var data []byte
|
||||||
if w.tsigSecret != nil { // if no secrets, dont check for the tsig (which is a longer check)
|
if w.tsigProvider != nil { // if no provider, dont check for the tsig (which is a longer check)
|
||||||
if t := m.IsTsig(); t != nil {
|
if t := m.IsTsig(); t != nil {
|
||||||
data, w.tsigRequestMAC, err = TsigGenerate(m, w.tsigSecret[t.Hdr.Name], w.tsigRequestMAC, w.tsigTimersOnly)
|
data, w.tsigRequestMAC, err = TsigGenerateWithProvider(m, w.tsigProvider, w.tsigRequestMAC, w.tsigTimersOnly)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
51
vendor/github.com/miekg/dns/sig0.go
generated
vendored
51
vendor/github.com/miekg/dns/sig0.go
generated
vendored
@ -3,6 +3,7 @@ package dns
|
|||||||
import (
|
import (
|
||||||
"crypto"
|
"crypto"
|
||||||
"crypto/ecdsa"
|
"crypto/ecdsa"
|
||||||
|
"crypto/ed25519"
|
||||||
"crypto/rsa"
|
"crypto/rsa"
|
||||||
"encoding/binary"
|
"encoding/binary"
|
||||||
"math/big"
|
"math/big"
|
||||||
@ -38,18 +39,17 @@ func (rr *SIG) Sign(k crypto.Signer, m *Msg) ([]byte, error) {
|
|||||||
}
|
}
|
||||||
buf = buf[:off:cap(buf)]
|
buf = buf[:off:cap(buf)]
|
||||||
|
|
||||||
hash, ok := AlgorithmToHash[rr.Algorithm]
|
h, cryptohash, err := hashFromAlgorithm(rr.Algorithm)
|
||||||
if !ok {
|
if err != nil {
|
||||||
return nil, ErrAlg
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
hasher := hash.New()
|
|
||||||
// Write SIG rdata
|
// Write SIG rdata
|
||||||
hasher.Write(buf[len(mbuf)+1+2+2+4+2:])
|
h.Write(buf[len(mbuf)+1+2+2+4+2:])
|
||||||
// Write message
|
// Write message
|
||||||
hasher.Write(buf[:len(mbuf)])
|
h.Write(buf[:len(mbuf)])
|
||||||
|
|
||||||
signature, err := sign(k, hasher.Sum(nil), hash, rr.Algorithm)
|
signature, err := sign(k, h.Sum(nil), cryptohash, rr.Algorithm)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -82,20 +82,10 @@ func (rr *SIG) Verify(k *KEY, buf []byte) error {
|
|||||||
return ErrKey
|
return ErrKey
|
||||||
}
|
}
|
||||||
|
|
||||||
var hash crypto.Hash
|
h, cryptohash, err := hashFromAlgorithm(rr.Algorithm)
|
||||||
switch rr.Algorithm {
|
if err != nil {
|
||||||
case RSASHA1:
|
return err
|
||||||
hash = crypto.SHA1
|
|
||||||
case RSASHA256, ECDSAP256SHA256:
|
|
||||||
hash = crypto.SHA256
|
|
||||||
case ECDSAP384SHA384:
|
|
||||||
hash = crypto.SHA384
|
|
||||||
case RSASHA512:
|
|
||||||
hash = crypto.SHA512
|
|
||||||
default:
|
|
||||||
return ErrAlg
|
|
||||||
}
|
}
|
||||||
hasher := hash.New()
|
|
||||||
|
|
||||||
buflen := len(buf)
|
buflen := len(buf)
|
||||||
qdc := binary.BigEndian.Uint16(buf[4:])
|
qdc := binary.BigEndian.Uint16(buf[4:])
|
||||||
@ -103,7 +93,6 @@ func (rr *SIG) Verify(k *KEY, buf []byte) error {
|
|||||||
auc := binary.BigEndian.Uint16(buf[8:])
|
auc := binary.BigEndian.Uint16(buf[8:])
|
||||||
adc := binary.BigEndian.Uint16(buf[10:])
|
adc := binary.BigEndian.Uint16(buf[10:])
|
||||||
offset := headerSize
|
offset := headerSize
|
||||||
var err error
|
|
||||||
for i := uint16(0); i < qdc && offset < buflen; i++ {
|
for i := uint16(0); i < qdc && offset < buflen; i++ {
|
||||||
_, offset, err = UnpackDomainName(buf, offset)
|
_, offset, err = UnpackDomainName(buf, offset)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -166,21 +155,21 @@ func (rr *SIG) Verify(k *KEY, buf []byte) error {
|
|||||||
return &Error{err: "signer name doesn't match key name"}
|
return &Error{err: "signer name doesn't match key name"}
|
||||||
}
|
}
|
||||||
sigend := offset
|
sigend := offset
|
||||||
hasher.Write(buf[sigstart:sigend])
|
h.Write(buf[sigstart:sigend])
|
||||||
hasher.Write(buf[:10])
|
h.Write(buf[:10])
|
||||||
hasher.Write([]byte{
|
h.Write([]byte{
|
||||||
byte((adc - 1) << 8),
|
byte((adc - 1) << 8),
|
||||||
byte(adc - 1),
|
byte(adc - 1),
|
||||||
})
|
})
|
||||||
hasher.Write(buf[12:bodyend])
|
h.Write(buf[12:bodyend])
|
||||||
|
|
||||||
hashed := hasher.Sum(nil)
|
hashed := h.Sum(nil)
|
||||||
sig := buf[sigend:]
|
sig := buf[sigend:]
|
||||||
switch k.Algorithm {
|
switch k.Algorithm {
|
||||||
case RSASHA1, RSASHA256, RSASHA512:
|
case RSASHA1, RSASHA256, RSASHA512:
|
||||||
pk := k.publicKeyRSA()
|
pk := k.publicKeyRSA()
|
||||||
if pk != nil {
|
if pk != nil {
|
||||||
return rsa.VerifyPKCS1v15(pk, hash, hashed, sig)
|
return rsa.VerifyPKCS1v15(pk, cryptohash, hashed, sig)
|
||||||
}
|
}
|
||||||
case ECDSAP256SHA256, ECDSAP384SHA384:
|
case ECDSAP256SHA256, ECDSAP384SHA384:
|
||||||
pk := k.publicKeyECDSA()
|
pk := k.publicKeyECDSA()
|
||||||
@ -192,6 +181,14 @@ func (rr *SIG) Verify(k *KEY, buf []byte) error {
|
|||||||
}
|
}
|
||||||
return ErrSig
|
return ErrSig
|
||||||
}
|
}
|
||||||
|
case ED25519:
|
||||||
|
pk := k.publicKeyED25519()
|
||||||
|
if pk != nil {
|
||||||
|
if ed25519.Verify(pk, hashed, sig) {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
return ErrSig
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return ErrKeyAlg
|
return ErrKeyAlg
|
||||||
}
|
}
|
||||||
|
326
vendor/github.com/miekg/dns/svcb.go
generated
vendored
326
vendor/github.com/miekg/dns/svcb.go
generated
vendored
@ -4,6 +4,7 @@ import (
|
|||||||
"bytes"
|
"bytes"
|
||||||
"encoding/binary"
|
"encoding/binary"
|
||||||
"errors"
|
"errors"
|
||||||
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
"sort"
|
"sort"
|
||||||
"strconv"
|
"strconv"
|
||||||
@ -13,15 +14,17 @@ import (
|
|||||||
// SVCBKey is the type of the keys used in the SVCB RR.
|
// SVCBKey is the type of the keys used in the SVCB RR.
|
||||||
type SVCBKey uint16
|
type SVCBKey uint16
|
||||||
|
|
||||||
// Keys defined in draft-ietf-dnsop-svcb-https-01 Section 12.3.2.
|
// Keys defined in draft-ietf-dnsop-svcb-https-08 Section 14.3.2.
|
||||||
const (
|
const (
|
||||||
SVCB_MANDATORY SVCBKey = 0
|
SVCB_MANDATORY SVCBKey = iota
|
||||||
SVCB_ALPN SVCBKey = 1
|
SVCB_ALPN
|
||||||
SVCB_NO_DEFAULT_ALPN SVCBKey = 2
|
SVCB_NO_DEFAULT_ALPN
|
||||||
SVCB_PORT SVCBKey = 3
|
SVCB_PORT
|
||||||
SVCB_IPV4HINT SVCBKey = 4
|
SVCB_IPV4HINT
|
||||||
SVCB_ECHCONFIG SVCBKey = 5
|
SVCB_ECHCONFIG
|
||||||
SVCB_IPV6HINT SVCBKey = 6
|
SVCB_IPV6HINT
|
||||||
|
SVCB_DOHPATH // draft-ietf-add-svcb-dns-02 Section 9
|
||||||
|
|
||||||
svcb_RESERVED SVCBKey = 65535
|
svcb_RESERVED SVCBKey = 65535
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -31,8 +34,9 @@ var svcbKeyToStringMap = map[SVCBKey]string{
|
|||||||
SVCB_NO_DEFAULT_ALPN: "no-default-alpn",
|
SVCB_NO_DEFAULT_ALPN: "no-default-alpn",
|
||||||
SVCB_PORT: "port",
|
SVCB_PORT: "port",
|
||||||
SVCB_IPV4HINT: "ipv4hint",
|
SVCB_IPV4HINT: "ipv4hint",
|
||||||
SVCB_ECHCONFIG: "echconfig",
|
SVCB_ECHCONFIG: "ech",
|
||||||
SVCB_IPV6HINT: "ipv6hint",
|
SVCB_IPV6HINT: "ipv6hint",
|
||||||
|
SVCB_DOHPATH: "dohpath",
|
||||||
}
|
}
|
||||||
|
|
||||||
var svcbStringToKeyMap = reverseSVCBKeyMap(svcbKeyToStringMap)
|
var svcbStringToKeyMap = reverseSVCBKeyMap(svcbKeyToStringMap)
|
||||||
@ -167,10 +171,14 @@ func (rr *SVCB) parse(c *zlexer, o string) *ParseError {
|
|||||||
}
|
}
|
||||||
l, _ = c.Next()
|
l, _ = c.Next()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// "In AliasMode, records SHOULD NOT include any SvcParams, and recipients MUST
|
||||||
|
// ignore any SvcParams that are present."
|
||||||
|
// However, we don't check rr.Priority == 0 && len(xs) > 0 here
|
||||||
|
// It is the responsibility of the user of the library to check this.
|
||||||
|
// This is to encourage the fixing of the source of this error.
|
||||||
|
|
||||||
rr.Value = xs
|
rr.Value = xs
|
||||||
if rr.Priority == 0 && len(xs) > 0 {
|
|
||||||
return &ParseError{l.token, "SVCB aliasform can't have values", l}
|
|
||||||
}
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -191,6 +199,8 @@ func makeSVCBKeyValue(key SVCBKey) SVCBKeyValue {
|
|||||||
return new(SVCBECHConfig)
|
return new(SVCBECHConfig)
|
||||||
case SVCB_IPV6HINT:
|
case SVCB_IPV6HINT:
|
||||||
return new(SVCBIPv6Hint)
|
return new(SVCBIPv6Hint)
|
||||||
|
case SVCB_DOHPATH:
|
||||||
|
return new(SVCBDoHPath)
|
||||||
case svcb_RESERVED:
|
case svcb_RESERVED:
|
||||||
return nil
|
return nil
|
||||||
default:
|
default:
|
||||||
@ -200,16 +210,24 @@ func makeSVCBKeyValue(key SVCBKey) SVCBKeyValue {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// SVCB RR. See RFC xxxx (https://tools.ietf.org/html/draft-ietf-dnsop-svcb-https-01).
|
// SVCB RR. See RFC xxxx (https://tools.ietf.org/html/draft-ietf-dnsop-svcb-https-08).
|
||||||
|
//
|
||||||
|
// NOTE: The HTTPS/SVCB RFCs are in the draft stage.
|
||||||
|
// The API, including constants and types related to SVCBKeyValues, may
|
||||||
|
// change in future versions in accordance with the latest drafts.
|
||||||
type SVCB struct {
|
type SVCB struct {
|
||||||
Hdr RR_Header
|
Hdr RR_Header
|
||||||
Priority uint16
|
Priority uint16 // If zero, Value must be empty or discarded by the user of this library
|
||||||
Target string `dns:"domain-name"`
|
Target string `dns:"domain-name"`
|
||||||
Value []SVCBKeyValue `dns:"pairs"` // Value must be empty if Priority is zero.
|
Value []SVCBKeyValue `dns:"pairs"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// HTTPS RR. Everything valid for SVCB applies to HTTPS as well.
|
// HTTPS RR. Everything valid for SVCB applies to HTTPS as well.
|
||||||
// Except that the HTTPS record is intended for use with the HTTP and HTTPS protocols.
|
// Except that the HTTPS record is intended for use with the HTTP and HTTPS protocols.
|
||||||
|
//
|
||||||
|
// NOTE: The HTTPS/SVCB RFCs are in the draft stage.
|
||||||
|
// The API, including constants and types related to SVCBKeyValues, may
|
||||||
|
// change in future versions in accordance with the latest drafts.
|
||||||
type HTTPS struct {
|
type HTTPS struct {
|
||||||
SVCB
|
SVCB
|
||||||
}
|
}
|
||||||
@ -235,15 +253,29 @@ type SVCBKeyValue interface {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// SVCBMandatory pair adds to required keys that must be interpreted for the RR
|
// SVCBMandatory pair adds to required keys that must be interpreted for the RR
|
||||||
// to be functional.
|
// to be functional. If ignored, the whole RRSet must be ignored.
|
||||||
|
// "port" and "no-default-alpn" are mandatory by default if present,
|
||||||
|
// so they shouldn't be included here.
|
||||||
|
//
|
||||||
|
// It is incumbent upon the user of this library to reject the RRSet if
|
||||||
|
// or avoid constructing such an RRSet that:
|
||||||
|
// - "mandatory" is included as one of the keys of mandatory
|
||||||
|
// - no key is listed multiple times in mandatory
|
||||||
|
// - all keys listed in mandatory are present
|
||||||
|
// - escape sequences are not used in mandatory
|
||||||
|
// - mandatory, when present, lists at least one key
|
||||||
|
//
|
||||||
// Basic use pattern for creating a mandatory option:
|
// Basic use pattern for creating a mandatory option:
|
||||||
//
|
//
|
||||||
// s := &dns.SVCB{Hdr: dns.RR_Header{Name: ".", Rrtype: dns.TypeSVCB, Class: dns.ClassINET}}
|
// s := &dns.SVCB{Hdr: dns.RR_Header{Name: ".", Rrtype: dns.TypeSVCB, Class: dns.ClassINET}}
|
||||||
// e := new(dns.SVCBMandatory)
|
// e := new(dns.SVCBMandatory)
|
||||||
// e.Code = []uint16{65403}
|
// e.Code = []uint16{dns.SVCB_ALPN}
|
||||||
// s.Value = append(s.Value, e)
|
// s.Value = append(s.Value, e)
|
||||||
|
// t := new(dns.SVCBAlpn)
|
||||||
|
// t.Alpn = []string{"xmpp-client"}
|
||||||
|
// s.Value = append(s.Value, t)
|
||||||
type SVCBMandatory struct {
|
type SVCBMandatory struct {
|
||||||
Code []SVCBKey // Must not include mandatory
|
Code []SVCBKey
|
||||||
}
|
}
|
||||||
|
|
||||||
func (*SVCBMandatory) Key() SVCBKey { return SVCB_MANDATORY }
|
func (*SVCBMandatory) Key() SVCBKey { return SVCB_MANDATORY }
|
||||||
@ -302,7 +334,8 @@ func (s *SVCBMandatory) copy() SVCBKeyValue {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// SVCBAlpn pair is used to list supported connection protocols.
|
// SVCBAlpn pair is used to list supported connection protocols.
|
||||||
// Protocol ids can be found at:
|
// The user of this library must ensure that at least one protocol is listed when alpn is present.
|
||||||
|
// Protocol IDs can be found at:
|
||||||
// https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids
|
// https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids
|
||||||
// Basic use pattern for creating an alpn option:
|
// Basic use pattern for creating an alpn option:
|
||||||
//
|
//
|
||||||
@ -310,13 +343,57 @@ func (s *SVCBMandatory) copy() SVCBKeyValue {
|
|||||||
// h.Hdr = dns.RR_Header{Name: ".", Rrtype: dns.TypeHTTPS, Class: dns.ClassINET}
|
// h.Hdr = dns.RR_Header{Name: ".", Rrtype: dns.TypeHTTPS, Class: dns.ClassINET}
|
||||||
// e := new(dns.SVCBAlpn)
|
// e := new(dns.SVCBAlpn)
|
||||||
// e.Alpn = []string{"h2", "http/1.1"}
|
// e.Alpn = []string{"h2", "http/1.1"}
|
||||||
// h.Value = append(o.Value, e)
|
// h.Value = append(h.Value, e)
|
||||||
type SVCBAlpn struct {
|
type SVCBAlpn struct {
|
||||||
Alpn []string
|
Alpn []string
|
||||||
}
|
}
|
||||||
|
|
||||||
func (*SVCBAlpn) Key() SVCBKey { return SVCB_ALPN }
|
func (*SVCBAlpn) Key() SVCBKey { return SVCB_ALPN }
|
||||||
func (s *SVCBAlpn) String() string { return strings.Join(s.Alpn, ",") }
|
|
||||||
|
func (s *SVCBAlpn) String() string {
|
||||||
|
// An ALPN value is a comma-separated list of values, each of which can be
|
||||||
|
// an arbitrary binary value. In order to allow parsing, the comma and
|
||||||
|
// backslash characters are themselves excaped.
|
||||||
|
//
|
||||||
|
// However, this escaping is done in addition to the normal escaping which
|
||||||
|
// happens in zone files, meaning that these values must be
|
||||||
|
// double-escaped. This looks terrible, so if you see a never-ending
|
||||||
|
// sequence of backslash in a zone file this may be why.
|
||||||
|
//
|
||||||
|
// https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-svcb-https-08#appendix-A.1
|
||||||
|
var str strings.Builder
|
||||||
|
for i, alpn := range s.Alpn {
|
||||||
|
// 4*len(alpn) is the worst case where we escape every character in the alpn as \123, plus 1 byte for the ',' separating the alpn from others
|
||||||
|
str.Grow(4*len(alpn) + 1)
|
||||||
|
if i > 0 {
|
||||||
|
str.WriteByte(',')
|
||||||
|
}
|
||||||
|
for j := 0; j < len(alpn); j++ {
|
||||||
|
e := alpn[j]
|
||||||
|
if ' ' > e || e > '~' {
|
||||||
|
str.WriteString(escapeByte(e))
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
switch e {
|
||||||
|
// We escape a few characters which may confuse humans or parsers.
|
||||||
|
case '"', ';', ' ':
|
||||||
|
str.WriteByte('\\')
|
||||||
|
str.WriteByte(e)
|
||||||
|
// The comma and backslash characters themselves must be
|
||||||
|
// doubly-escaped. We use `\\` for the first backslash and
|
||||||
|
// the escaped numeric value for the other value. We especially
|
||||||
|
// don't want a comma in the output.
|
||||||
|
case ',':
|
||||||
|
str.WriteString(`\\\044`)
|
||||||
|
case '\\':
|
||||||
|
str.WriteString(`\\\092`)
|
||||||
|
default:
|
||||||
|
str.WriteByte(e)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return str.String()
|
||||||
|
}
|
||||||
|
|
||||||
func (s *SVCBAlpn) pack() ([]byte, error) {
|
func (s *SVCBAlpn) pack() ([]byte, error) {
|
||||||
// Liberally estimate the size of an alpn as 10 octets
|
// Liberally estimate the size of an alpn as 10 octets
|
||||||
@ -351,7 +428,47 @@ func (s *SVCBAlpn) unpack(b []byte) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (s *SVCBAlpn) parse(b string) error {
|
func (s *SVCBAlpn) parse(b string) error {
|
||||||
s.Alpn = strings.Split(b, ",")
|
if len(b) == 0 {
|
||||||
|
s.Alpn = []string{}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
alpn := []string{}
|
||||||
|
a := []byte{}
|
||||||
|
for p := 0; p < len(b); {
|
||||||
|
c, q := nextByte(b, p)
|
||||||
|
if q == 0 {
|
||||||
|
return errors.New("dns: svcbalpn: unterminated escape")
|
||||||
|
}
|
||||||
|
p += q
|
||||||
|
// If we find a comma, we have finished reading an alpn.
|
||||||
|
if c == ',' {
|
||||||
|
if len(a) == 0 {
|
||||||
|
return errors.New("dns: svcbalpn: empty protocol identifier")
|
||||||
|
}
|
||||||
|
alpn = append(alpn, string(a))
|
||||||
|
a = []byte{}
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
// If it's a backslash, we need to handle a comma-separated list.
|
||||||
|
if c == '\\' {
|
||||||
|
dc, dq := nextByte(b, p)
|
||||||
|
if dq == 0 {
|
||||||
|
return errors.New("dns: svcbalpn: unterminated escape decoding comma-separated list")
|
||||||
|
}
|
||||||
|
if dc != '\\' && dc != ',' {
|
||||||
|
return errors.New("dns: svcbalpn: bad escaped character decoding comma-separated list")
|
||||||
|
}
|
||||||
|
p += dq
|
||||||
|
c = dc
|
||||||
|
}
|
||||||
|
a = append(a, c)
|
||||||
|
}
|
||||||
|
// Add the final alpn.
|
||||||
|
if len(a) == 0 {
|
||||||
|
return errors.New("dns: svcbalpn: last protocol identifier empty")
|
||||||
|
}
|
||||||
|
s.Alpn = append(alpn, string(a))
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -370,9 +487,13 @@ func (s *SVCBAlpn) copy() SVCBKeyValue {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// SVCBNoDefaultAlpn pair signifies no support for default connection protocols.
|
// SVCBNoDefaultAlpn pair signifies no support for default connection protocols.
|
||||||
|
// Should be used in conjunction with alpn.
|
||||||
// Basic use pattern for creating a no-default-alpn option:
|
// Basic use pattern for creating a no-default-alpn option:
|
||||||
//
|
//
|
||||||
// s := &dns.SVCB{Hdr: dns.RR_Header{Name: ".", Rrtype: dns.TypeSVCB, Class: dns.ClassINET}}
|
// s := &dns.SVCB{Hdr: dns.RR_Header{Name: ".", Rrtype: dns.TypeSVCB, Class: dns.ClassINET}}
|
||||||
|
// t := new(dns.SVCBAlpn)
|
||||||
|
// t.Alpn = []string{"xmpp-client"}
|
||||||
|
// s.Value = append(s.Value, t)
|
||||||
// e := new(dns.SVCBNoDefaultAlpn)
|
// e := new(dns.SVCBNoDefaultAlpn)
|
||||||
// s.Value = append(s.Value, e)
|
// s.Value = append(s.Value, e)
|
||||||
type SVCBNoDefaultAlpn struct{}
|
type SVCBNoDefaultAlpn struct{}
|
||||||
@ -385,14 +506,14 @@ func (*SVCBNoDefaultAlpn) len() int { return 0 }
|
|||||||
|
|
||||||
func (*SVCBNoDefaultAlpn) unpack(b []byte) error {
|
func (*SVCBNoDefaultAlpn) unpack(b []byte) error {
|
||||||
if len(b) != 0 {
|
if len(b) != 0 {
|
||||||
return errors.New("dns: svcbnodefaultalpn: no_default_alpn must have no value")
|
return errors.New("dns: svcbnodefaultalpn: no-default-alpn must have no value")
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (*SVCBNoDefaultAlpn) parse(b string) error {
|
func (*SVCBNoDefaultAlpn) parse(b string) error {
|
||||||
if b != "" {
|
if b != "" {
|
||||||
return errors.New("dns: svcbnodefaultalpn: no_default_alpn must have no value")
|
return errors.New("dns: svcbnodefaultalpn: no-default-alpn must have no value")
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
@ -523,7 +644,7 @@ func (s *SVCBIPv4Hint) copy() SVCBKeyValue {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// SVCBECHConfig pair contains the ECHConfig structure defined in draft-ietf-tls-esni [RFC xxxx].
|
// SVCBECHConfig pair contains the ECHConfig structure defined in draft-ietf-tls-esni [RFC xxxx].
|
||||||
// Basic use pattern for creating an echconfig option:
|
// Basic use pattern for creating an ech option:
|
||||||
//
|
//
|
||||||
// h := new(dns.HTTPS)
|
// h := new(dns.HTTPS)
|
||||||
// h.Hdr = dns.RR_Header{Name: ".", Rrtype: dns.TypeHTTPS, Class: dns.ClassINET}
|
// h.Hdr = dns.RR_Header{Name: ".", Rrtype: dns.TypeHTTPS, Class: dns.ClassINET}
|
||||||
@ -531,7 +652,7 @@ func (s *SVCBIPv4Hint) copy() SVCBKeyValue {
|
|||||||
// e.ECH = []byte{0xfe, 0x08, ...}
|
// e.ECH = []byte{0xfe, 0x08, ...}
|
||||||
// h.Value = append(h.Value, e)
|
// h.Value = append(h.Value, e)
|
||||||
type SVCBECHConfig struct {
|
type SVCBECHConfig struct {
|
||||||
ECH []byte
|
ECH []byte // Specifically ECHConfigList including the redundant length prefix
|
||||||
}
|
}
|
||||||
|
|
||||||
func (*SVCBECHConfig) Key() SVCBKey { return SVCB_ECHCONFIG }
|
func (*SVCBECHConfig) Key() SVCBKey { return SVCB_ECHCONFIG }
|
||||||
@ -555,7 +676,7 @@ func (s *SVCBECHConfig) unpack(b []byte) error {
|
|||||||
func (s *SVCBECHConfig) parse(b string) error {
|
func (s *SVCBECHConfig) parse(b string) error {
|
||||||
x, err := fromBase64([]byte(b))
|
x, err := fromBase64([]byte(b))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.New("dns: svcbechconfig: bad base64 echconfig")
|
return errors.New("dns: svcbech: bad base64 ech")
|
||||||
}
|
}
|
||||||
s.ECH = x
|
s.ECH = x
|
||||||
return nil
|
return nil
|
||||||
@ -618,9 +739,6 @@ func (s *SVCBIPv6Hint) String() string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (s *SVCBIPv6Hint) parse(b string) error {
|
func (s *SVCBIPv6Hint) parse(b string) error {
|
||||||
if strings.Contains(b, ".") {
|
|
||||||
return errors.New("dns: svcbipv6hint: expected ipv6, got ipv4")
|
|
||||||
}
|
|
||||||
str := strings.Split(b, ",")
|
str := strings.Split(b, ",")
|
||||||
dst := make([]net.IP, len(str))
|
dst := make([]net.IP, len(str))
|
||||||
for i, e := range str {
|
for i, e := range str {
|
||||||
@ -628,6 +746,9 @@ func (s *SVCBIPv6Hint) parse(b string) error {
|
|||||||
if ip == nil {
|
if ip == nil {
|
||||||
return errors.New("dns: svcbipv6hint: bad ip")
|
return errors.New("dns: svcbipv6hint: bad ip")
|
||||||
}
|
}
|
||||||
|
if ip.To4() != nil {
|
||||||
|
return errors.New("dns: svcbipv6hint: expected ipv6, got ipv4-mapped-ipv6")
|
||||||
|
}
|
||||||
dst[i] = ip
|
dst[i] = ip
|
||||||
}
|
}
|
||||||
s.Hint = dst
|
s.Hint = dst
|
||||||
@ -645,6 +766,54 @@ func (s *SVCBIPv6Hint) copy() SVCBKeyValue {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// SVCBDoHPath pair is used to indicate the URI template that the
|
||||||
|
// clients may use to construct a DNS over HTTPS URI.
|
||||||
|
//
|
||||||
|
// See RFC xxxx (https://datatracker.ietf.org/doc/html/draft-ietf-add-svcb-dns-02)
|
||||||
|
// and RFC yyyy (https://datatracker.ietf.org/doc/html/draft-ietf-add-ddr-06).
|
||||||
|
//
|
||||||
|
// A basic example of using the dohpath option together with the alpn
|
||||||
|
// option to indicate support for DNS over HTTPS on a certain path:
|
||||||
|
//
|
||||||
|
// s := new(dns.SVCB)
|
||||||
|
// s.Hdr = dns.RR_Header{Name: ".", Rrtype: dns.TypeSVCB, Class: dns.ClassINET}
|
||||||
|
// e := new(dns.SVCBAlpn)
|
||||||
|
// e.Alpn = []string{"h2", "h3"}
|
||||||
|
// p := new(dns.SVCBDoHPath)
|
||||||
|
// p.Template = "/dns-query{?dns}"
|
||||||
|
// s.Value = append(s.Value, e, p)
|
||||||
|
//
|
||||||
|
// The parsing currently doesn't validate that Template is a valid
|
||||||
|
// RFC 6570 URI template.
|
||||||
|
type SVCBDoHPath struct {
|
||||||
|
Template string
|
||||||
|
}
|
||||||
|
|
||||||
|
func (*SVCBDoHPath) Key() SVCBKey { return SVCB_DOHPATH }
|
||||||
|
func (s *SVCBDoHPath) String() string { return svcbParamToStr([]byte(s.Template)) }
|
||||||
|
func (s *SVCBDoHPath) len() int { return len(s.Template) }
|
||||||
|
func (s *SVCBDoHPath) pack() ([]byte, error) { return []byte(s.Template), nil }
|
||||||
|
|
||||||
|
func (s *SVCBDoHPath) unpack(b []byte) error {
|
||||||
|
s.Template = string(b)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *SVCBDoHPath) parse(b string) error {
|
||||||
|
template, err := svcbParseParam(b)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("dns: svcbdohpath: %w", err)
|
||||||
|
}
|
||||||
|
s.Template = string(template)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *SVCBDoHPath) copy() SVCBKeyValue {
|
||||||
|
return &SVCBDoHPath{
|
||||||
|
Template: s.Template,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// SVCBLocal pair is intended for experimental/private use. The key is recommended
|
// SVCBLocal pair is intended for experimental/private use. The key is recommended
|
||||||
// to be in the range [SVCB_PRIVATE_LOWER, SVCB_PRIVATE_UPPER].
|
// to be in the range [SVCB_PRIVATE_LOWER, SVCB_PRIVATE_UPPER].
|
||||||
// Basic use pattern for creating a keyNNNNN option:
|
// Basic use pattern for creating a keyNNNNN option:
|
||||||
@ -661,6 +830,7 @@ type SVCBLocal struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (s *SVCBLocal) Key() SVCBKey { return s.KeyCode }
|
func (s *SVCBLocal) Key() SVCBKey { return s.KeyCode }
|
||||||
|
func (s *SVCBLocal) String() string { return svcbParamToStr(s.Data) }
|
||||||
func (s *SVCBLocal) pack() ([]byte, error) { return append([]byte(nil), s.Data...), nil }
|
func (s *SVCBLocal) pack() ([]byte, error) { return append([]byte(nil), s.Data...), nil }
|
||||||
func (s *SVCBLocal) len() int { return len(s.Data) }
|
func (s *SVCBLocal) len() int { return len(s.Data) }
|
||||||
|
|
||||||
@ -669,50 +839,10 @@ func (s *SVCBLocal) unpack(b []byte) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *SVCBLocal) String() string {
|
|
||||||
var str strings.Builder
|
|
||||||
str.Grow(4 * len(s.Data))
|
|
||||||
for _, e := range s.Data {
|
|
||||||
if ' ' <= e && e <= '~' {
|
|
||||||
switch e {
|
|
||||||
case '"', ';', ' ', '\\':
|
|
||||||
str.WriteByte('\\')
|
|
||||||
str.WriteByte(e)
|
|
||||||
default:
|
|
||||||
str.WriteByte(e)
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
str.WriteString(escapeByte(e))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return str.String()
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *SVCBLocal) parse(b string) error {
|
func (s *SVCBLocal) parse(b string) error {
|
||||||
data := make([]byte, 0, len(b))
|
data, err := svcbParseParam(b)
|
||||||
for i := 0; i < len(b); {
|
if err != nil {
|
||||||
if b[i] != '\\' {
|
return fmt.Errorf("dns: svcblocal: svcb private/experimental key %w", err)
|
||||||
data = append(data, b[i])
|
|
||||||
i++
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
if i+1 == len(b) {
|
|
||||||
return errors.New("dns: svcblocal: svcb private/experimental key escape unterminated")
|
|
||||||
}
|
|
||||||
if isDigit(b[i+1]) {
|
|
||||||
if i+3 < len(b) && isDigit(b[i+2]) && isDigit(b[i+3]) {
|
|
||||||
a, err := strconv.ParseUint(b[i+1:i+4], 10, 8)
|
|
||||||
if err == nil {
|
|
||||||
i += 4
|
|
||||||
data = append(data, byte(a))
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return errors.New("dns: svcblocal: svcb private/experimental key bad escaped octet")
|
|
||||||
} else {
|
|
||||||
data = append(data, b[i+1])
|
|
||||||
i += 2
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
s.Data = data
|
s.Data = data
|
||||||
return nil
|
return nil
|
||||||
@ -753,3 +883,53 @@ func areSVCBPairArraysEqual(a []SVCBKeyValue, b []SVCBKeyValue) bool {
|
|||||||
}
|
}
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// svcbParamStr converts the value of an SVCB parameter into a DNS presentation-format string.
|
||||||
|
func svcbParamToStr(s []byte) string {
|
||||||
|
var str strings.Builder
|
||||||
|
str.Grow(4 * len(s))
|
||||||
|
for _, e := range s {
|
||||||
|
if ' ' <= e && e <= '~' {
|
||||||
|
switch e {
|
||||||
|
case '"', ';', ' ', '\\':
|
||||||
|
str.WriteByte('\\')
|
||||||
|
str.WriteByte(e)
|
||||||
|
default:
|
||||||
|
str.WriteByte(e)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
str.WriteString(escapeByte(e))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return str.String()
|
||||||
|
}
|
||||||
|
|
||||||
|
// svcbParseParam parses a DNS presentation-format string into an SVCB parameter value.
|
||||||
|
func svcbParseParam(b string) ([]byte, error) {
|
||||||
|
data := make([]byte, 0, len(b))
|
||||||
|
for i := 0; i < len(b); {
|
||||||
|
if b[i] != '\\' {
|
||||||
|
data = append(data, b[i])
|
||||||
|
i++
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
if i+1 == len(b) {
|
||||||
|
return nil, errors.New("escape unterminated")
|
||||||
|
}
|
||||||
|
if isDigit(b[i+1]) {
|
||||||
|
if i+3 < len(b) && isDigit(b[i+2]) && isDigit(b[i+3]) {
|
||||||
|
a, err := strconv.ParseUint(b[i+1:i+4], 10, 8)
|
||||||
|
if err == nil {
|
||||||
|
i += 4
|
||||||
|
data = append(data, byte(a))
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return nil, errors.New("bad escaped octet")
|
||||||
|
} else {
|
||||||
|
data = append(data, b[i+1])
|
||||||
|
i += 2
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return data, nil
|
||||||
|
}
|
||||||
|
9
vendor/github.com/miekg/dns/tools.go
generated
vendored
Normal file
9
vendor/github.com/miekg/dns/tools.go
generated
vendored
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
// +build tools
|
||||||
|
|
||||||
|
// We include our tool dependencies for `go generate` here to ensure they're
|
||||||
|
// properly tracked by the go tool. See the Go Wiki for the rationale behind this:
|
||||||
|
// https://github.com/golang/go/wiki/Modules#how-can-i-track-tool-dependencies-for-a-module.
|
||||||
|
|
||||||
|
package dns
|
||||||
|
|
||||||
|
import _ "golang.org/x/tools/go/packages"
|
55
vendor/github.com/miekg/dns/tsig.go
generated
vendored
55
vendor/github.com/miekg/dns/tsig.go
generated
vendored
@ -74,6 +74,24 @@ func (key tsigHMACProvider) Verify(msg []byte, t *TSIG) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type tsigSecretProvider map[string]string
|
||||||
|
|
||||||
|
func (ts tsigSecretProvider) Generate(msg []byte, t *TSIG) ([]byte, error) {
|
||||||
|
key, ok := ts[t.Hdr.Name]
|
||||||
|
if !ok {
|
||||||
|
return nil, ErrSecret
|
||||||
|
}
|
||||||
|
return tsigHMACProvider(key).Generate(msg, t)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (ts tsigSecretProvider) Verify(msg []byte, t *TSIG) error {
|
||||||
|
key, ok := ts[t.Hdr.Name]
|
||||||
|
if !ok {
|
||||||
|
return ErrSecret
|
||||||
|
}
|
||||||
|
return tsigHMACProvider(key).Verify(msg, t)
|
||||||
|
}
|
||||||
|
|
||||||
// TSIG is the RR the holds the transaction signature of a message.
|
// TSIG is the RR the holds the transaction signature of a message.
|
||||||
// See RFC 2845 and RFC 4635.
|
// See RFC 2845 and RFC 4635.
|
||||||
type TSIG struct {
|
type TSIG struct {
|
||||||
@ -140,18 +158,17 @@ type timerWireFmt struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// TsigGenerate fills out the TSIG record attached to the message.
|
// TsigGenerate fills out the TSIG record attached to the message.
|
||||||
// The message should contain
|
// The message should contain a "stub" TSIG RR with the algorithm, key name
|
||||||
// a "stub" TSIG RR with the algorithm, key name (owner name of the RR),
|
// (owner name of the RR), time fudge (defaults to 300 seconds) and the current
|
||||||
// time fudge (defaults to 300 seconds) and the current time
|
// time The TSIG MAC is saved in that Tsig RR. When TsigGenerate is called for
|
||||||
// The TSIG MAC is saved in that Tsig RR.
|
// the first time requestMAC should be set to the empty string and timersOnly to
|
||||||
// When TsigGenerate is called for the first time requestMAC is set to the empty string and
|
// false.
|
||||||
// timersOnly is false.
|
|
||||||
// If something goes wrong an error is returned, otherwise it is nil.
|
|
||||||
func TsigGenerate(m *Msg, secret, requestMAC string, timersOnly bool) ([]byte, string, error) {
|
func TsigGenerate(m *Msg, secret, requestMAC string, timersOnly bool) ([]byte, string, error) {
|
||||||
return tsigGenerateProvider(m, tsigHMACProvider(secret), requestMAC, timersOnly)
|
return TsigGenerateWithProvider(m, tsigHMACProvider(secret), requestMAC, timersOnly)
|
||||||
}
|
}
|
||||||
|
|
||||||
func tsigGenerateProvider(m *Msg, provider TsigProvider, requestMAC string, timersOnly bool) ([]byte, string, error) {
|
// TsigGenerateWithProvider is similar to TsigGenerate, but allows for a custom TsigProvider.
|
||||||
|
func TsigGenerateWithProvider(m *Msg, provider TsigProvider, requestMAC string, timersOnly bool) ([]byte, string, error) {
|
||||||
if m.IsTsig() == nil {
|
if m.IsTsig() == nil {
|
||||||
panic("dns: TSIG not last RR in additional")
|
panic("dns: TSIG not last RR in additional")
|
||||||
}
|
}
|
||||||
@ -162,20 +179,29 @@ func tsigGenerateProvider(m *Msg, provider TsigProvider, requestMAC string, time
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, "", err
|
return nil, "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
buf, err := tsigBuffer(mbuf, rr, requestMAC, timersOnly)
|
buf, err := tsigBuffer(mbuf, rr, requestMAC, timersOnly)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, "", err
|
return nil, "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
t := new(TSIG)
|
t := new(TSIG)
|
||||||
// Copy all TSIG fields except MAC and its size, which are filled using the computed digest.
|
// Copy all TSIG fields except MAC, its size, and time signed which are filled when signing.
|
||||||
*t = *rr
|
*t = *rr
|
||||||
|
t.TimeSigned = 0
|
||||||
|
t.MAC = ""
|
||||||
|
t.MACSize = 0
|
||||||
|
|
||||||
|
// Sign unless there is a key or MAC validation error (RFC 8945 5.3.2)
|
||||||
|
if rr.Error != RcodeBadKey && rr.Error != RcodeBadSig {
|
||||||
mac, err := provider.Generate(buf, rr)
|
mac, err := provider.Generate(buf, rr)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, "", err
|
return nil, "", err
|
||||||
}
|
}
|
||||||
|
t.TimeSigned = rr.TimeSigned
|
||||||
t.MAC = hex.EncodeToString(mac)
|
t.MAC = hex.EncodeToString(mac)
|
||||||
t.MACSize = uint16(len(t.MAC) / 2) // Size is half!
|
t.MACSize = uint16(len(t.MAC) / 2) // Size is half!
|
||||||
|
}
|
||||||
|
|
||||||
tbuf := make([]byte, Len(t))
|
tbuf := make([]byte, Len(t))
|
||||||
off, err := PackRR(t, tbuf, 0, nil, false)
|
off, err := PackRR(t, tbuf, 0, nil, false)
|
||||||
@ -189,14 +215,15 @@ func tsigGenerateProvider(m *Msg, provider TsigProvider, requestMAC string, time
|
|||||||
return mbuf, t.MAC, nil
|
return mbuf, t.MAC, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// TsigVerify verifies the TSIG on a message.
|
// TsigVerify verifies the TSIG on a message. If the signature does not
|
||||||
// If the signature does not validate err contains the
|
// validate the returned error contains the cause. If the signature is OK, the
|
||||||
// error, otherwise it is nil.
|
// error is nil.
|
||||||
func TsigVerify(msg []byte, secret, requestMAC string, timersOnly bool) error {
|
func TsigVerify(msg []byte, secret, requestMAC string, timersOnly bool) error {
|
||||||
return tsigVerify(msg, tsigHMACProvider(secret), requestMAC, timersOnly, uint64(time.Now().Unix()))
|
return tsigVerify(msg, tsigHMACProvider(secret), requestMAC, timersOnly, uint64(time.Now().Unix()))
|
||||||
}
|
}
|
||||||
|
|
||||||
func tsigVerifyProvider(msg []byte, provider TsigProvider, requestMAC string, timersOnly bool) error {
|
// TsigVerifyWithProvider is similar to TsigVerify, but allows for a custom TsigProvider.
|
||||||
|
func TsigVerifyWithProvider(msg []byte, provider TsigProvider, requestMAC string, timersOnly bool) error {
|
||||||
return tsigVerify(msg, provider, requestMAC, timersOnly, uint64(time.Now().Unix()))
|
return tsigVerify(msg, provider, requestMAC, timersOnly, uint64(time.Now().Unix()))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
4
vendor/github.com/miekg/dns/update.go
generated
vendored
4
vendor/github.com/miekg/dns/update.go
generated
vendored
@ -32,7 +32,9 @@ func (u *Msg) Used(rr []RR) {
|
|||||||
u.Answer = make([]RR, 0, len(rr))
|
u.Answer = make([]RR, 0, len(rr))
|
||||||
}
|
}
|
||||||
for _, r := range rr {
|
for _, r := range rr {
|
||||||
r.Header().Class = u.Question[0].Qclass
|
hdr := r.Header()
|
||||||
|
hdr.Class = u.Question[0].Qclass
|
||||||
|
hdr.Ttl = 0
|
||||||
u.Answer = append(u.Answer, r)
|
u.Answer = append(u.Answer, r)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
2
vendor/github.com/miekg/dns/version.go
generated
vendored
2
vendor/github.com/miekg/dns/version.go
generated
vendored
@ -3,7 +3,7 @@ package dns
|
|||||||
import "fmt"
|
import "fmt"
|
||||||
|
|
||||||
// Version is current version of this library.
|
// Version is current version of this library.
|
||||||
var Version = v{1, 1, 43}
|
var Version = v{1, 1, 50}
|
||||||
|
|
||||||
// v holds the version of this library.
|
// v holds the version of this library.
|
||||||
type v struct {
|
type v struct {
|
||||||
|
27
vendor/github.com/miekg/dns/xfr.go
generated
vendored
27
vendor/github.com/miekg/dns/xfr.go
generated
vendored
@ -17,11 +17,22 @@ type Transfer struct {
|
|||||||
DialTimeout time.Duration // net.DialTimeout, defaults to 2 seconds
|
DialTimeout time.Duration // net.DialTimeout, defaults to 2 seconds
|
||||||
ReadTimeout time.Duration // net.Conn.SetReadTimeout value for connections, defaults to 2 seconds
|
ReadTimeout time.Duration // net.Conn.SetReadTimeout value for connections, defaults to 2 seconds
|
||||||
WriteTimeout time.Duration // net.Conn.SetWriteTimeout value for connections, defaults to 2 seconds
|
WriteTimeout time.Duration // net.Conn.SetWriteTimeout value for connections, defaults to 2 seconds
|
||||||
|
TsigProvider TsigProvider // An implementation of the TsigProvider interface. If defined it replaces TsigSecret and is used for all TSIG operations.
|
||||||
TsigSecret map[string]string // Secret(s) for Tsig map[<zonename>]<base64 secret>, zonename must be in canonical form (lowercase, fqdn, see RFC 4034 Section 6.2)
|
TsigSecret map[string]string // Secret(s) for Tsig map[<zonename>]<base64 secret>, zonename must be in canonical form (lowercase, fqdn, see RFC 4034 Section 6.2)
|
||||||
tsigTimersOnly bool
|
tsigTimersOnly bool
|
||||||
}
|
}
|
||||||
|
|
||||||
// Think we need to away to stop the transfer
|
func (t *Transfer) tsigProvider() TsigProvider {
|
||||||
|
if t.TsigProvider != nil {
|
||||||
|
return t.TsigProvider
|
||||||
|
}
|
||||||
|
if t.TsigSecret != nil {
|
||||||
|
return tsigSecretProvider(t.TsigSecret)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO: Think we need to away to stop the transfer
|
||||||
|
|
||||||
// In performs an incoming transfer with the server in a.
|
// In performs an incoming transfer with the server in a.
|
||||||
// If you would like to set the source IP, or some other attribute
|
// If you would like to set the source IP, or some other attribute
|
||||||
@ -224,12 +235,9 @@ func (t *Transfer) ReadMsg() (*Msg, error) {
|
|||||||
if err := m.Unpack(p); err != nil {
|
if err := m.Unpack(p); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
if ts := m.IsTsig(); ts != nil && t.TsigSecret != nil {
|
if ts, tp := m.IsTsig(), t.tsigProvider(); ts != nil && tp != nil {
|
||||||
if _, ok := t.TsigSecret[ts.Hdr.Name]; !ok {
|
|
||||||
return m, ErrSecret
|
|
||||||
}
|
|
||||||
// Need to work on the original message p, as that was used to calculate the tsig.
|
// Need to work on the original message p, as that was used to calculate the tsig.
|
||||||
err = TsigVerify(p, t.TsigSecret[ts.Hdr.Name], t.tsigRequestMAC, t.tsigTimersOnly)
|
err = TsigVerifyWithProvider(p, tp, t.tsigRequestMAC, t.tsigTimersOnly)
|
||||||
t.tsigRequestMAC = ts.MAC
|
t.tsigRequestMAC = ts.MAC
|
||||||
}
|
}
|
||||||
return m, err
|
return m, err
|
||||||
@ -238,11 +246,8 @@ func (t *Transfer) ReadMsg() (*Msg, error) {
|
|||||||
// WriteMsg writes a message through the transfer connection t.
|
// WriteMsg writes a message through the transfer connection t.
|
||||||
func (t *Transfer) WriteMsg(m *Msg) (err error) {
|
func (t *Transfer) WriteMsg(m *Msg) (err error) {
|
||||||
var out []byte
|
var out []byte
|
||||||
if ts := m.IsTsig(); ts != nil && t.TsigSecret != nil {
|
if ts, tp := m.IsTsig(), t.tsigProvider(); ts != nil && tp != nil {
|
||||||
if _, ok := t.TsigSecret[ts.Hdr.Name]; !ok {
|
out, t.tsigRequestMAC, err = TsigGenerateWithProvider(m, tp, t.tsigRequestMAC, t.tsigTimersOnly)
|
||||||
return ErrSecret
|
|
||||||
}
|
|
||||||
out, t.tsigRequestMAC, err = TsigGenerate(m, t.TsigSecret[ts.Hdr.Name], t.tsigRequestMAC, t.tsigTimersOnly)
|
|
||||||
} else {
|
} else {
|
||||||
out, err = m.Pack()
|
out, err = m.Pack()
|
||||||
}
|
}
|
||||||
|
2
vendor/modules.txt
vendored
2
vendor/modules.txt
vendored
@ -56,7 +56,7 @@ github.com/mattn/go-isatty
|
|||||||
# github.com/matttproud/golang_protobuf_extensions v1.0.1
|
# github.com/matttproud/golang_protobuf_extensions v1.0.1
|
||||||
## explicit
|
## explicit
|
||||||
github.com/matttproud/golang_protobuf_extensions/pbutil
|
github.com/matttproud/golang_protobuf_extensions/pbutil
|
||||||
# github.com/miekg/dns v1.1.43
|
# github.com/miekg/dns v1.1.50
|
||||||
## explicit; go 1.14
|
## explicit; go 1.14
|
||||||
github.com/miekg/dns
|
github.com/miekg/dns
|
||||||
# github.com/prometheus/client_golang v1.14.0
|
# github.com/prometheus/client_golang v1.14.0
|
||||||
|
Loading…
Reference in New Issue
Block a user