]>
Commit | Line | Data |
---|---|---|
ec2c5e43 LP |
1 | /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ |
2 | ||
3 | /*** | |
4 | This file is part of systemd. | |
5 | ||
6 | Copyright 2014 Lennart Poettering | |
7 | ||
8 | systemd is free software; you can redistribute it and/or modify it | |
9 | under the terms of the GNU Lesser General Public License as published by | |
10 | the Free Software Foundation; either version 2.1 of the License, or | |
11 | (at your option) any later version. | |
12 | ||
13 | systemd is distributed in the hope that it will be useful, but | |
14 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
16 | Lesser General Public License for more details. | |
17 | ||
18 | You should have received a copy of the GNU Lesser General Public License | |
19 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
20 | ***/ | |
21 | ||
22 | #include "af-list.h" | |
b5efdb8a | 23 | #include "alloc-util.h" |
f52e61da | 24 | #include "dns-domain.h" |
3ffd4af2 LP |
25 | #include "fd-util.h" |
26 | #include "random-util.h" | |
27 | #include "resolved-dns-transaction.h" | |
28 | #include "resolved-llmnr.h" | |
8b43440b | 29 | #include "string-table.h" |
ec2c5e43 LP |
30 | |
31 | DnsTransaction* dns_transaction_free(DnsTransaction *t) { | |
801ad6a6 | 32 | DnsQueryCandidate *c; |
ec2c5e43 LP |
33 | DnsZoneItem *i; |
34 | ||
35 | if (!t) | |
36 | return NULL; | |
37 | ||
38 | sd_event_source_unref(t->timeout_event_source); | |
39 | ||
ec2c5e43 LP |
40 | dns_packet_unref(t->sent); |
41 | dns_packet_unref(t->received); | |
ae6a4bbf LP |
42 | |
43 | dns_answer_unref(t->answer); | |
ec2c5e43 | 44 | |
4667e00a LP |
45 | sd_event_source_unref(t->dns_udp_event_source); |
46 | safe_close(t->dns_udp_fd); | |
d20b1667 | 47 | |
8300ba21 | 48 | dns_server_unref(t->server); |
ec2c5e43 LP |
49 | dns_stream_free(t->stream); |
50 | ||
51 | if (t->scope) { | |
f9ebb22a LP |
52 | hashmap_remove_value(t->scope->transactions_by_key, t->key, t); |
53 | LIST_REMOVE(transactions_by_scope, t->scope->transactions, t); | |
ec2c5e43 LP |
54 | |
55 | if (t->id != 0) | |
56 | hashmap_remove(t->scope->manager->dns_transactions, UINT_TO_PTR(t->id)); | |
57 | } | |
58 | ||
da0c630e LP |
59 | dns_resource_key_unref(t->key); |
60 | ||
801ad6a6 LP |
61 | while ((c = set_steal_first(t->query_candidates))) |
62 | set_remove(c->transactions, t); | |
63 | ||
64 | set_free(t->query_candidates); | |
ec2c5e43 LP |
65 | |
66 | while ((i = set_steal_first(t->zone_items))) | |
67 | i->probe_transaction = NULL; | |
68 | set_free(t->zone_items); | |
69 | ||
70 | free(t); | |
71 | return NULL; | |
72 | } | |
73 | ||
74 | DEFINE_TRIVIAL_CLEANUP_FUNC(DnsTransaction*, dns_transaction_free); | |
75 | ||
76 | void dns_transaction_gc(DnsTransaction *t) { | |
77 | assert(t); | |
78 | ||
79 | if (t->block_gc > 0) | |
80 | return; | |
81 | ||
801ad6a6 | 82 | if (set_isempty(t->query_candidates) && set_isempty(t->zone_items)) |
ec2c5e43 LP |
83 | dns_transaction_free(t); |
84 | } | |
85 | ||
f52e61da | 86 | int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsResourceKey *key) { |
ec2c5e43 LP |
87 | _cleanup_(dns_transaction_freep) DnsTransaction *t = NULL; |
88 | int r; | |
89 | ||
90 | assert(ret); | |
91 | assert(s); | |
f52e61da | 92 | assert(key); |
ec2c5e43 | 93 | |
d5099efc | 94 | r = hashmap_ensure_allocated(&s->manager->dns_transactions, NULL); |
ec2c5e43 LP |
95 | if (r < 0) |
96 | return r; | |
97 | ||
f9ebb22a | 98 | r = hashmap_ensure_allocated(&s->transactions_by_key, &dns_resource_key_hash_ops); |
da0c630e LP |
99 | if (r < 0) |
100 | return r; | |
101 | ||
ec2c5e43 LP |
102 | t = new0(DnsTransaction, 1); |
103 | if (!t) | |
104 | return -ENOMEM; | |
105 | ||
4667e00a | 106 | t->dns_udp_fd = -1; |
c3bc53e6 | 107 | t->answer_source = _DNS_TRANSACTION_SOURCE_INVALID; |
f52e61da | 108 | t->key = dns_resource_key_ref(key); |
ec2c5e43 | 109 | |
da0c630e | 110 | /* Find a fresh, unused transaction id */ |
ec2c5e43 LP |
111 | do |
112 | random_bytes(&t->id, sizeof(t->id)); | |
113 | while (t->id == 0 || | |
114 | hashmap_get(s->manager->dns_transactions, UINT_TO_PTR(t->id))); | |
115 | ||
116 | r = hashmap_put(s->manager->dns_transactions, UINT_TO_PTR(t->id), t); | |
117 | if (r < 0) { | |
118 | t->id = 0; | |
119 | return r; | |
120 | } | |
121 | ||
f9ebb22a | 122 | r = hashmap_replace(s->transactions_by_key, t->key, t); |
da0c630e LP |
123 | if (r < 0) { |
124 | hashmap_remove(s->manager->dns_transactions, UINT_TO_PTR(t->id)); | |
125 | return r; | |
126 | } | |
127 | ||
f9ebb22a | 128 | LIST_PREPEND(transactions_by_scope, s->transactions, t); |
ec2c5e43 LP |
129 | t->scope = s; |
130 | ||
131 | if (ret) | |
132 | *ret = t; | |
133 | ||
134 | t = NULL; | |
135 | ||
136 | return 0; | |
137 | } | |
138 | ||
139 | static void dns_transaction_stop(DnsTransaction *t) { | |
140 | assert(t); | |
141 | ||
142 | t->timeout_event_source = sd_event_source_unref(t->timeout_event_source); | |
143 | t->stream = dns_stream_free(t->stream); | |
ae6a4bbf LP |
144 | |
145 | /* Note that we do not drop the UDP socket here, as we want to | |
146 | * reuse it to repeat the interaction. */ | |
ec2c5e43 LP |
147 | } |
148 | ||
149 | static void dns_transaction_tentative(DnsTransaction *t, DnsPacket *p) { | |
2fb3034c | 150 | _cleanup_free_ char *pretty = NULL; |
ec2c5e43 | 151 | DnsZoneItem *z; |
ec2c5e43 LP |
152 | |
153 | assert(t); | |
154 | assert(p); | |
155 | ||
156 | if (manager_our_packet(t->scope->manager, p) != 0) | |
157 | return; | |
158 | ||
2fb3034c LP |
159 | in_addr_to_string(p->family, &p->sender, &pretty); |
160 | ||
161 | log_debug("Transaction on scope %s on %s/%s got tentative packet from %s", | |
ec2c5e43 LP |
162 | dns_protocol_to_string(t->scope->protocol), |
163 | t->scope->link ? t->scope->link->name : "*", | |
2fb3034c LP |
164 | t->scope->family == AF_UNSPEC ? "*" : af_to_name(t->scope->family), |
165 | pretty); | |
ec2c5e43 | 166 | |
a4076574 LP |
167 | /* RFC 4795, Section 4.1 says that the peer with the |
168 | * lexicographically smaller IP address loses */ | |
4d91eec4 LP |
169 | if (memcmp(&p->sender, &p->destination, FAMILY_ADDRESS_SIZE(p->family)) >= 0) { |
170 | log_debug("Peer has lexicographically larger IP address and thus lost in the conflict."); | |
a4076574 LP |
171 | return; |
172 | } | |
173 | ||
4d91eec4 | 174 | log_debug("We have the lexicographically larger IP address and thus lost in the conflict."); |
a4076574 | 175 | |
ec2c5e43 | 176 | t->block_gc++; |
3ef64445 LP |
177 | while ((z = set_first(t->zone_items))) { |
178 | /* First, make sure the zone item drops the reference | |
179 | * to us */ | |
180 | dns_zone_item_probe_stop(z); | |
181 | ||
182 | /* Secondly, report this as conflict, so that we might | |
183 | * look for a different hostname */ | |
ec2c5e43 | 184 | dns_zone_item_conflict(z); |
3ef64445 | 185 | } |
ec2c5e43 LP |
186 | t->block_gc--; |
187 | ||
188 | dns_transaction_gc(t); | |
189 | } | |
190 | ||
191 | void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state) { | |
801ad6a6 | 192 | DnsQueryCandidate *c; |
ec2c5e43 LP |
193 | DnsZoneItem *z; |
194 | Iterator i; | |
195 | ||
196 | assert(t); | |
197 | assert(!IN_SET(state, DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING)); | |
e56187ca | 198 | |
ec2c5e43 LP |
199 | /* Note that this call might invalidate the query. Callers |
200 | * should hence not attempt to access the query or transaction | |
201 | * after calling this function. */ | |
202 | ||
c3bc53e6 | 203 | log_debug("Transaction on scope %s on %s/%s now complete with <%s> from %s", |
ec2c5e43 LP |
204 | dns_protocol_to_string(t->scope->protocol), |
205 | t->scope->link ? t->scope->link->name : "*", | |
206 | t->scope->family == AF_UNSPEC ? "*" : af_to_name(t->scope->family), | |
c3bc53e6 LP |
207 | dns_transaction_state_to_string(state), |
208 | t->answer_source < 0 ? "none" : dns_transaction_source_to_string(t->answer_source)); | |
ec2c5e43 LP |
209 | |
210 | t->state = state; | |
211 | ||
212 | dns_transaction_stop(t); | |
213 | ||
214 | /* Notify all queries that are interested, but make sure the | |
215 | * transaction isn't freed while we are still looking at it */ | |
216 | t->block_gc++; | |
801ad6a6 LP |
217 | SET_FOREACH(c, t->query_candidates, i) |
218 | dns_query_candidate_ready(c); | |
ec2c5e43 LP |
219 | SET_FOREACH(z, t->zone_items, i) |
220 | dns_zone_item_ready(z); | |
221 | t->block_gc--; | |
222 | ||
223 | dns_transaction_gc(t); | |
224 | } | |
225 | ||
226 | static int on_stream_complete(DnsStream *s, int error) { | |
227 | _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL; | |
228 | DnsTransaction *t; | |
229 | ||
230 | assert(s); | |
231 | assert(s->transaction); | |
232 | ||
233 | /* Copy the data we care about out of the stream before we | |
234 | * destroy it. */ | |
235 | t = s->transaction; | |
236 | p = dns_packet_ref(s->read_packet); | |
237 | ||
238 | t->stream = dns_stream_free(t->stream); | |
239 | ||
240 | if (error != 0) { | |
241 | dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES); | |
242 | return 0; | |
243 | } | |
244 | ||
a4076574 LP |
245 | if (dns_packet_validate_reply(p) <= 0) { |
246 | log_debug("Invalid LLMNR TCP packet."); | |
247 | dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY); | |
248 | return 0; | |
249 | } | |
250 | ||
251 | dns_scope_check_conflicts(t->scope, p); | |
252 | ||
ec2c5e43 LP |
253 | t->block_gc++; |
254 | dns_transaction_process_reply(t, p); | |
255 | t->block_gc--; | |
256 | ||
257 | /* If the response wasn't useful, then complete the transition now */ | |
258 | if (t->state == DNS_TRANSACTION_PENDING) | |
259 | dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY); | |
260 | ||
261 | return 0; | |
262 | } | |
263 | ||
264 | static int dns_transaction_open_tcp(DnsTransaction *t) { | |
088480fa | 265 | DnsServer *server = NULL; |
ec2c5e43 LP |
266 | _cleanup_close_ int fd = -1; |
267 | int r; | |
268 | ||
269 | assert(t); | |
270 | ||
271 | if (t->stream) | |
272 | return 0; | |
273 | ||
106784eb DM |
274 | switch (t->scope->protocol) { |
275 | case DNS_PROTOCOL_DNS: | |
8300ba21 | 276 | fd = dns_scope_tcp_socket(t->scope, AF_UNSPEC, NULL, 53, &server); |
106784eb | 277 | break; |
ec2c5e43 | 278 | |
106784eb | 279 | case DNS_PROTOCOL_LLMNR: |
a8f6397f | 280 | /* When we already received a reply to this (but it was truncated), send to its sender address */ |
ec2c5e43 | 281 | if (t->received) |
8300ba21 | 282 | fd = dns_scope_tcp_socket(t->scope, t->received->family, &t->received->sender, t->received->sender_port, NULL); |
ec2c5e43 LP |
283 | else { |
284 | union in_addr_union address; | |
a7f7d1bd | 285 | int family = AF_UNSPEC; |
ec2c5e43 LP |
286 | |
287 | /* Otherwise, try to talk to the owner of a | |
288 | * the IP address, in case this is a reverse | |
289 | * PTR lookup */ | |
f52e61da LP |
290 | |
291 | r = dns_name_address(DNS_RESOURCE_KEY_NAME(t->key), &family, &address); | |
ec2c5e43 LP |
292 | if (r < 0) |
293 | return r; | |
294 | if (r == 0) | |
295 | return -EINVAL; | |
9e08a6e0 | 296 | if (family != t->scope->family) |
9318cdd3 | 297 | return -ESRCH; |
ec2c5e43 | 298 | |
8300ba21 | 299 | fd = dns_scope_tcp_socket(t->scope, family, &address, LLMNR_PORT, NULL); |
ec2c5e43 | 300 | } |
106784eb DM |
301 | |
302 | break; | |
303 | ||
304 | default: | |
ec2c5e43 | 305 | return -EAFNOSUPPORT; |
106784eb | 306 | } |
ec2c5e43 LP |
307 | |
308 | if (fd < 0) | |
309 | return fd; | |
310 | ||
311 | r = dns_stream_new(t->scope->manager, &t->stream, t->scope->protocol, fd); | |
312 | if (r < 0) | |
313 | return r; | |
314 | ||
315 | fd = -1; | |
316 | ||
317 | r = dns_stream_write_packet(t->stream, t->sent); | |
318 | if (r < 0) { | |
319 | t->stream = dns_stream_free(t->stream); | |
320 | return r; | |
321 | } | |
322 | ||
8300ba21 TG |
323 | dns_server_unref(t->server); |
324 | t->server = dns_server_ref(server); | |
ec2c5e43 | 325 | t->received = dns_packet_unref(t->received); |
ae6a4bbf LP |
326 | t->answer = dns_answer_unref(t->answer); |
327 | t->answer_rcode = 0; | |
ec2c5e43 LP |
328 | t->stream->complete = on_stream_complete; |
329 | t->stream->transaction = t; | |
330 | ||
331 | /* The interface index is difficult to determine if we are | |
332 | * connecting to the local host, hence fill this in right away | |
333 | * instead of determining it from the socket */ | |
334 | if (t->scope->link) | |
335 | t->stream->ifindex = t->scope->link->ifindex; | |
336 | ||
337 | return 0; | |
338 | } | |
339 | ||
647f6aa8 TG |
340 | static void dns_transaction_next_dns_server(DnsTransaction *t) { |
341 | assert(t); | |
342 | ||
343 | t->server = dns_server_unref(t->server); | |
4667e00a LP |
344 | t->dns_udp_event_source = sd_event_source_unref(t->dns_udp_event_source); |
345 | t->dns_udp_fd = safe_close(t->dns_udp_fd); | |
647f6aa8 TG |
346 | |
347 | dns_scope_next_dns_server(t->scope); | |
348 | } | |
349 | ||
ec2c5e43 | 350 | void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p) { |
9df3ba6c | 351 | usec_t ts; |
ec2c5e43 LP |
352 | int r; |
353 | ||
354 | assert(t); | |
355 | assert(p); | |
356 | assert(t->state == DNS_TRANSACTION_PENDING); | |
9df3ba6c TG |
357 | assert(t->scope); |
358 | assert(t->scope->manager); | |
ec2c5e43 LP |
359 | |
360 | /* Note that this call might invalidate the query. Callers | |
361 | * should hence not attempt to access the query or transaction | |
362 | * after calling this function. */ | |
363 | ||
106784eb DM |
364 | switch (t->scope->protocol) { |
365 | case DNS_PROTOCOL_LLMNR: | |
ec2c5e43 LP |
366 | assert(t->scope->link); |
367 | ||
368 | /* For LLMNR we will not accept any packets from other | |
369 | * interfaces */ | |
370 | ||
371 | if (p->ifindex != t->scope->link->ifindex) | |
372 | return; | |
373 | ||
374 | if (p->family != t->scope->family) | |
375 | return; | |
376 | ||
377 | /* Tentative packets are not full responses but still | |
378 | * useful for identifying uniqueness conflicts during | |
379 | * probing. */ | |
8b757a38 | 380 | if (DNS_PACKET_LLMNR_T(p)) { |
ec2c5e43 LP |
381 | dns_transaction_tentative(t, p); |
382 | return; | |
383 | } | |
106784eb DM |
384 | |
385 | break; | |
386 | ||
4e5bf5e1 DM |
387 | case DNS_PROTOCOL_MDNS: |
388 | assert(t->scope->link); | |
389 | ||
390 | /* For mDNS we will not accept any packets from other interfaces */ | |
391 | if (p->ifindex != t->scope->link->ifindex) | |
392 | return; | |
393 | ||
394 | if (p->family != t->scope->family) | |
395 | return; | |
396 | ||
397 | break; | |
398 | ||
106784eb DM |
399 | case DNS_PROTOCOL_DNS: |
400 | break; | |
401 | ||
402 | default: | |
9c56a6f3 | 403 | assert_not_reached("Invalid DNS protocol."); |
ec2c5e43 LP |
404 | } |
405 | ||
ec2c5e43 LP |
406 | if (t->received != p) { |
407 | dns_packet_unref(t->received); | |
408 | t->received = dns_packet_ref(p); | |
409 | } | |
410 | ||
c3bc53e6 LP |
411 | t->answer_source = DNS_TRANSACTION_NETWORK; |
412 | ||
ec2c5e43 LP |
413 | if (p->ipproto == IPPROTO_TCP) { |
414 | if (DNS_PACKET_TC(p)) { | |
415 | /* Truncated via TCP? Somebody must be fucking with us */ | |
416 | dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY); | |
417 | return; | |
418 | } | |
419 | ||
420 | if (DNS_PACKET_ID(p) != t->id) { | |
421 | /* Not the reply to our query? Somebody must be fucking with us */ | |
422 | dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY); | |
423 | return; | |
424 | } | |
425 | } | |
426 | ||
38a03f06 | 427 | assert_se(sd_event_now(t->scope->manager->event, clock_boottime_or_monotonic(), &ts) >= 0); |
9df3ba6c TG |
428 | |
429 | switch (t->scope->protocol) { | |
430 | case DNS_PROTOCOL_DNS: | |
431 | assert(t->server); | |
432 | ||
4e0b8b17 TG |
433 | if (IN_SET(DNS_PACKET_RCODE(p), DNS_RCODE_FORMERR, DNS_RCODE_SERVFAIL, DNS_RCODE_NOTIMP)) { |
434 | ||
435 | /* request failed, immediately try again with reduced features */ | |
436 | log_debug("Server returned error: %s", dns_rcode_to_string(DNS_PACKET_RCODE(p))); | |
437 | ||
438 | dns_server_packet_failed(t->server, t->current_features); | |
439 | ||
440 | r = dns_transaction_go(t); | |
441 | if (r < 0) { | |
442 | dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES); | |
443 | return; | |
444 | } | |
445 | ||
446 | return; | |
447 | } else | |
d74fb368 | 448 | dns_server_packet_received(t->server, t->current_features, ts - t->start_usec, p->size); |
9df3ba6c TG |
449 | |
450 | break; | |
451 | case DNS_PROTOCOL_LLMNR: | |
452 | case DNS_PROTOCOL_MDNS: | |
453 | dns_scope_packet_received(t->scope, ts - t->start_usec); | |
454 | ||
455 | break; | |
456 | default: | |
9c56a6f3 | 457 | break; |
9df3ba6c TG |
458 | } |
459 | ||
ec2c5e43 LP |
460 | if (DNS_PACKET_TC(p)) { |
461 | /* Response was truncated, let's try again with good old TCP */ | |
462 | r = dns_transaction_open_tcp(t); | |
463 | if (r == -ESRCH) { | |
464 | /* No servers found? Damn! */ | |
465 | dns_transaction_complete(t, DNS_TRANSACTION_NO_SERVERS); | |
466 | return; | |
467 | } | |
468 | if (r < 0) { | |
469 | /* On LLMNR, if we cannot connect to the host, | |
470 | * we immediately give up */ | |
471 | if (t->scope->protocol == DNS_PROTOCOL_LLMNR) { | |
472 | dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES); | |
473 | return; | |
474 | } | |
475 | ||
476 | /* On DNS, couldn't send? Try immediately again, with a new server */ | |
647f6aa8 | 477 | dns_transaction_next_dns_server(t); |
ec2c5e43 LP |
478 | |
479 | r = dns_transaction_go(t); | |
480 | if (r < 0) { | |
481 | dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES); | |
482 | return; | |
483 | } | |
484 | ||
485 | return; | |
486 | } | |
487 | } | |
488 | ||
489 | /* Parse and update the cache */ | |
490 | r = dns_packet_extract(p); | |
491 | if (r < 0) { | |
492 | dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY); | |
493 | return; | |
494 | } | |
495 | ||
29815b6c | 496 | /* Only consider responses with equivalent query section to the request */ |
f52e61da | 497 | if (p->question->n_keys != 1 || dns_resource_key_equal(p->question->keys[0], t->key) <= 0) { |
29815b6c | 498 | dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY); |
6709eb94 TG |
499 | return; |
500 | } | |
29815b6c | 501 | |
931851e8 LP |
502 | /* Install the answer as answer to the transaction */ |
503 | dns_answer_unref(t->answer); | |
504 | t->answer = dns_answer_ref(p->answer); | |
505 | t->answer_rcode = DNS_PACKET_RCODE(p); | |
506 | t->answer_authenticated = t->scope->dnssec_mode == DNSSEC_TRUST && DNS_PACKET_AD(p); | |
507 | ||
ec2c5e43 | 508 | /* According to RFC 4795, section 2.9. only the RRs from the answer section shall be cached */ |
d830ebbd | 509 | if (DNS_PACKET_SHALL_CACHE(p)) |
931851e8 LP |
510 | dns_cache_put(&t->scope->cache, |
511 | t->key, | |
512 | DNS_PACKET_RCODE(p), | |
513 | p->answer, | |
514 | DNS_PACKET_ANCOUNT(p), | |
515 | t->answer_authenticated, | |
516 | 0, | |
517 | p->family, | |
518 | &p->sender); | |
ec2c5e43 LP |
519 | |
520 | if (DNS_PACKET_RCODE(p) == DNS_RCODE_SUCCESS) | |
521 | dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS); | |
522 | else | |
523 | dns_transaction_complete(t, DNS_TRANSACTION_FAILURE); | |
524 | } | |
525 | ||
c19ffd9f TG |
526 | static int on_dns_packet(sd_event_source *s, int fd, uint32_t revents, void *userdata) { |
527 | _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL; | |
528 | DnsTransaction *t = userdata; | |
529 | int r; | |
530 | ||
531 | assert(t); | |
532 | assert(t->scope); | |
533 | ||
534 | r = manager_recv(t->scope->manager, fd, DNS_PROTOCOL_DNS, &p); | |
535 | if (r <= 0) | |
536 | return r; | |
537 | ||
538 | if (dns_packet_validate_reply(p) > 0 && | |
9df3ba6c | 539 | DNS_PACKET_ID(p) == t->id) |
c19ffd9f | 540 | dns_transaction_process_reply(t, p); |
9df3ba6c | 541 | else |
c19ffd9f TG |
542 | log_debug("Invalid DNS packet."); |
543 | ||
544 | return 0; | |
545 | } | |
546 | ||
471d40d9 | 547 | static int dns_transaction_emit(DnsTransaction *t) { |
c19ffd9f TG |
548 | int r; |
549 | ||
550 | assert(t); | |
c19ffd9f | 551 | |
471d40d9 TG |
552 | if (t->scope->protocol == DNS_PROTOCOL_DNS && !t->server) { |
553 | DnsServer *server = NULL; | |
554 | _cleanup_close_ int fd = -1; | |
c19ffd9f | 555 | |
471d40d9 TG |
556 | fd = dns_scope_udp_dns_socket(t->scope, &server); |
557 | if (fd < 0) | |
558 | return fd; | |
c19ffd9f | 559 | |
4667e00a | 560 | r = sd_event_add_io(t->scope->manager->event, &t->dns_udp_event_source, fd, EPOLLIN, on_dns_packet, t); |
471d40d9 TG |
561 | if (r < 0) |
562 | return r; | |
c19ffd9f | 563 | |
4667e00a | 564 | t->dns_udp_fd = fd; |
471d40d9 TG |
565 | fd = -1; |
566 | t->server = dns_server_ref(server); | |
567 | } | |
c19ffd9f | 568 | |
9c5e12a4 | 569 | r = dns_scope_emit(t->scope, t->dns_udp_fd, t->server, t->sent); |
471d40d9 TG |
570 | if (r < 0) |
571 | return r; | |
c19ffd9f | 572 | |
be808ea0 TG |
573 | if (t->server) |
574 | t->current_features = t->server->possible_features; | |
575 | ||
471d40d9 | 576 | return 0; |
c19ffd9f TG |
577 | } |
578 | ||
ec2c5e43 LP |
579 | static int on_transaction_timeout(sd_event_source *s, usec_t usec, void *userdata) { |
580 | DnsTransaction *t = userdata; | |
581 | int r; | |
582 | ||
583 | assert(s); | |
584 | assert(t); | |
585 | ||
be808ea0 TG |
586 | /* Timeout reached? Increase the timeout for the server used */ |
587 | switch (t->scope->protocol) { | |
588 | case DNS_PROTOCOL_DNS: | |
589 | assert(t->server); | |
ec2c5e43 | 590 | |
be808ea0 TG |
591 | dns_server_packet_lost(t->server, t->current_features, usec - t->start_usec); |
592 | ||
593 | break; | |
594 | case DNS_PROTOCOL_LLMNR: | |
595 | case DNS_PROTOCOL_MDNS: | |
9df3ba6c TG |
596 | dns_scope_packet_lost(t->scope, usec - t->start_usec); |
597 | ||
be808ea0 TG |
598 | break; |
599 | default: | |
600 | assert_not_reached("Invalid DNS protocol."); | |
601 | } | |
602 | ||
603 | /* ...and try again with a new server */ | |
604 | dns_transaction_next_dns_server(t); | |
605 | ||
ec2c5e43 LP |
606 | r = dns_transaction_go(t); |
607 | if (r < 0) | |
608 | dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES); | |
609 | ||
610 | return 0; | |
611 | } | |
612 | ||
613 | static int dns_transaction_make_packet(DnsTransaction *t) { | |
614 | _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL; | |
ec2c5e43 LP |
615 | int r; |
616 | ||
617 | assert(t); | |
618 | ||
619 | if (t->sent) | |
620 | return 0; | |
621 | ||
24710c48 | 622 | r = dns_packet_new_query(&p, t->scope->protocol, 0, t->scope->dnssec_mode == DNSSEC_YES); |
ec2c5e43 LP |
623 | if (r < 0) |
624 | return r; | |
625 | ||
f52e61da LP |
626 | r = dns_scope_good_key(t->scope, t->key); |
627 | if (r < 0) | |
628 | return r; | |
629 | if (r == 0) | |
ec2c5e43 LP |
630 | return -EDOM; |
631 | ||
f52e61da LP |
632 | r = dns_packet_append_key(p, t->key, NULL); |
633 | if (r < 0) | |
634 | return r; | |
635 | ||
636 | DNS_PACKET_HEADER(p)->qdcount = htobe16(1); | |
ec2c5e43 LP |
637 | DNS_PACKET_HEADER(p)->id = t->id; |
638 | ||
639 | t->sent = p; | |
640 | p = NULL; | |
641 | ||
642 | return 0; | |
643 | } | |
644 | ||
9df3ba6c TG |
645 | static usec_t transaction_get_resend_timeout(DnsTransaction *t) { |
646 | assert(t); | |
647 | assert(t->scope); | |
648 | ||
649 | switch (t->scope->protocol) { | |
650 | case DNS_PROTOCOL_DNS: | |
651 | assert(t->server); | |
652 | ||
653 | return t->server->resend_timeout; | |
654 | case DNS_PROTOCOL_LLMNR: | |
655 | case DNS_PROTOCOL_MDNS: | |
656 | return t->scope->resend_timeout; | |
657 | default: | |
658 | assert_not_reached("Invalid DNS protocol."); | |
659 | } | |
660 | } | |
661 | ||
ec2c5e43 LP |
662 | int dns_transaction_go(DnsTransaction *t) { |
663 | bool had_stream; | |
9df3ba6c | 664 | usec_t ts; |
ec2c5e43 LP |
665 | int r; |
666 | ||
667 | assert(t); | |
668 | ||
669 | had_stream = !!t->stream; | |
670 | ||
671 | dns_transaction_stop(t); | |
672 | ||
e56187ca | 673 | log_debug("Excercising transaction on scope %s on %s/%s", |
ec2c5e43 LP |
674 | dns_protocol_to_string(t->scope->protocol), |
675 | t->scope->link ? t->scope->link->name : "*", | |
676 | t->scope->family == AF_UNSPEC ? "*" : af_to_name(t->scope->family)); | |
677 | ||
678 | if (t->n_attempts >= TRANSACTION_ATTEMPTS_MAX(t->scope->protocol)) { | |
679 | dns_transaction_complete(t, DNS_TRANSACTION_ATTEMPTS_MAX_REACHED); | |
680 | return 0; | |
681 | } | |
682 | ||
683 | if (t->scope->protocol == DNS_PROTOCOL_LLMNR && had_stream) { | |
684 | /* If we already tried via a stream, then we don't | |
685 | * retry on LLMNR. See RFC 4795, Section 2.7. */ | |
686 | dns_transaction_complete(t, DNS_TRANSACTION_ATTEMPTS_MAX_REACHED); | |
687 | return 0; | |
688 | } | |
689 | ||
38a03f06 | 690 | assert_se(sd_event_now(t->scope->manager->event, clock_boottime_or_monotonic(), &ts) >= 0); |
9df3ba6c | 691 | |
ec2c5e43 | 692 | t->n_attempts++; |
9df3ba6c | 693 | t->start_usec = ts; |
ec2c5e43 | 694 | t->received = dns_packet_unref(t->received); |
ae6a4bbf LP |
695 | t->answer = dns_answer_unref(t->answer); |
696 | t->answer_rcode = 0; | |
c3bc53e6 | 697 | t->answer_source = _DNS_TRANSACTION_SOURCE_INVALID; |
ec2c5e43 | 698 | |
0d2cd476 LP |
699 | /* Check the trust anchor. Do so only on classic DNS, since DNSSEC does not apply otherwise. */ |
700 | if (t->scope->protocol == DNS_PROTOCOL_DNS) { | |
701 | r = dns_trust_anchor_lookup(&t->scope->manager->trust_anchor, t->key, &t->answer); | |
702 | if (r < 0) | |
703 | return r; | |
704 | if (r > 0) { | |
705 | t->answer_rcode = DNS_RCODE_SUCCESS; | |
706 | t->answer_source = DNS_TRANSACTION_TRUST_ANCHOR; | |
931851e8 | 707 | t->answer_authenticated = true; |
0d2cd476 LP |
708 | dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS); |
709 | return 0; | |
710 | } | |
711 | } | |
712 | ||
713 | /* Check the zone, but only if this transaction is not used | |
d746bb3e LP |
714 | * for probing or verifying a zone item. */ |
715 | if (set_isempty(t->zone_items)) { | |
716 | ||
ae6a4bbf | 717 | r = dns_zone_lookup(&t->scope->zone, t->key, &t->answer, NULL, NULL); |
d746bb3e LP |
718 | if (r < 0) |
719 | return r; | |
720 | if (r > 0) { | |
ae6a4bbf | 721 | t->answer_rcode = DNS_RCODE_SUCCESS; |
c3bc53e6 | 722 | t->answer_source = DNS_TRANSACTION_ZONE; |
931851e8 | 723 | t->answer_authenticated = true; |
d746bb3e LP |
724 | dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS); |
725 | return 0; | |
726 | } | |
727 | } | |
728 | ||
4d926a69 LP |
729 | /* Check the cache, but only if this transaction is not used |
730 | * for probing or verifying a zone item. */ | |
731 | if (set_isempty(t->zone_items)) { | |
2c27fbca | 732 | |
4d926a69 LP |
733 | /* Before trying the cache, let's make sure we figured out a |
734 | * server to use. Should this cause a change of server this | |
735 | * might flush the cache. */ | |
736 | dns_scope_get_dns_server(t->scope); | |
2c27fbca | 737 | |
4d926a69 LP |
738 | /* Let's then prune all outdated entries */ |
739 | dns_cache_prune(&t->scope->cache); | |
740 | ||
931851e8 | 741 | r = dns_cache_lookup(&t->scope->cache, t->key, &t->answer_rcode, &t->answer, &t->answer_authenticated); |
4d926a69 LP |
742 | if (r < 0) |
743 | return r; | |
744 | if (r > 0) { | |
c3bc53e6 | 745 | t->answer_source = DNS_TRANSACTION_CACHE; |
ae6a4bbf | 746 | if (t->answer_rcode == DNS_RCODE_SUCCESS) |
4d926a69 LP |
747 | dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS); |
748 | else | |
749 | dns_transaction_complete(t, DNS_TRANSACTION_FAILURE); | |
750 | return 0; | |
751 | } | |
ec2c5e43 LP |
752 | } |
753 | ||
ea12bcc7 DM |
754 | if (!t->initial_jitter && |
755 | (t->scope->protocol == DNS_PROTOCOL_LLMNR || | |
756 | t->scope->protocol == DNS_PROTOCOL_MDNS)) { | |
757 | usec_t jitter, accuracy; | |
6e068472 LP |
758 | |
759 | /* RFC 4795 Section 2.7 suggests all queries should be | |
760 | * delayed by a random time from 0 to JITTER_INTERVAL. */ | |
761 | ||
762 | t->initial_jitter = true; | |
763 | ||
764 | random_bytes(&jitter, sizeof(jitter)); | |
ea12bcc7 DM |
765 | |
766 | switch (t->scope->protocol) { | |
767 | case DNS_PROTOCOL_LLMNR: | |
768 | jitter %= LLMNR_JITTER_INTERVAL_USEC; | |
769 | accuracy = LLMNR_JITTER_INTERVAL_USEC; | |
770 | break; | |
771 | case DNS_PROTOCOL_MDNS: | |
772 | jitter %= MDNS_JITTER_RANGE_USEC; | |
773 | jitter += MDNS_JITTER_MIN_USEC; | |
774 | accuracy = MDNS_JITTER_RANGE_USEC; | |
775 | break; | |
776 | default: | |
777 | assert_not_reached("bad protocol"); | |
778 | } | |
6e068472 LP |
779 | |
780 | r = sd_event_add_time( | |
781 | t->scope->manager->event, | |
782 | &t->timeout_event_source, | |
783 | clock_boottime_or_monotonic(), | |
ea12bcc7 | 784 | ts + jitter, accuracy, |
6e068472 LP |
785 | on_transaction_timeout, t); |
786 | if (r < 0) | |
787 | return r; | |
788 | ||
789 | t->n_attempts = 0; | |
790 | t->state = DNS_TRANSACTION_PENDING; | |
791 | ||
ea12bcc7 | 792 | log_debug("Delaying %s transaction for " USEC_FMT "us.", dns_protocol_to_string(t->scope->protocol), jitter); |
6e068472 LP |
793 | return 0; |
794 | } | |
795 | ||
ec2c5e43 LP |
796 | /* Otherwise, we need to ask the network */ |
797 | r = dns_transaction_make_packet(t); | |
798 | if (r == -EDOM) { | |
799 | /* Not the right request to make on this network? | |
800 | * (i.e. an A request made on IPv6 or an AAAA request | |
801 | * made on IPv4, on LLMNR or mDNS.) */ | |
802 | dns_transaction_complete(t, DNS_TRANSACTION_NO_SERVERS); | |
803 | return 0; | |
804 | } | |
805 | if (r < 0) | |
806 | return r; | |
807 | ||
808 | if (t->scope->protocol == DNS_PROTOCOL_LLMNR && | |
f52e61da LP |
809 | (dns_name_endswith(DNS_RESOURCE_KEY_NAME(t->key), "in-addr.arpa") > 0 || |
810 | dns_name_endswith(DNS_RESOURCE_KEY_NAME(t->key), "ip6.arpa") > 0)) { | |
ec2c5e43 LP |
811 | |
812 | /* RFC 4795, Section 2.4. says reverse lookups shall | |
813 | * always be made via TCP on LLMNR */ | |
814 | r = dns_transaction_open_tcp(t); | |
815 | } else { | |
be808ea0 TG |
816 | /* Try via UDP, and if that fails due to large size or lack of |
817 | * support try via TCP */ | |
471d40d9 | 818 | r = dns_transaction_emit(t); |
be808ea0 | 819 | if (r == -EMSGSIZE || r == -EAGAIN) |
ec2c5e43 LP |
820 | r = dns_transaction_open_tcp(t); |
821 | } | |
be808ea0 | 822 | |
ec2c5e43 LP |
823 | if (r == -ESRCH) { |
824 | /* No servers to send this to? */ | |
825 | dns_transaction_complete(t, DNS_TRANSACTION_NO_SERVERS); | |
826 | return 0; | |
8300ba21 | 827 | } else if (r < 0) { |
13b551ac LP |
828 | if (t->scope->protocol != DNS_PROTOCOL_DNS) { |
829 | dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES); | |
830 | return 0; | |
831 | } | |
832 | ||
ec2c5e43 | 833 | /* Couldn't send? Try immediately again, with a new server */ |
647f6aa8 | 834 | dns_transaction_next_dns_server(t); |
ec2c5e43 LP |
835 | |
836 | return dns_transaction_go(t); | |
837 | } | |
838 | ||
9a015429 LP |
839 | r = sd_event_add_time( |
840 | t->scope->manager->event, | |
841 | &t->timeout_event_source, | |
842 | clock_boottime_or_monotonic(), | |
9df3ba6c | 843 | ts + transaction_get_resend_timeout(t), 0, |
9a015429 | 844 | on_transaction_timeout, t); |
ec2c5e43 LP |
845 | if (r < 0) |
846 | return r; | |
847 | ||
848 | t->state = DNS_TRANSACTION_PENDING; | |
849 | return 1; | |
850 | } | |
851 | ||
852 | static const char* const dns_transaction_state_table[_DNS_TRANSACTION_STATE_MAX] = { | |
853 | [DNS_TRANSACTION_NULL] = "null", | |
854 | [DNS_TRANSACTION_PENDING] = "pending", | |
855 | [DNS_TRANSACTION_FAILURE] = "failure", | |
856 | [DNS_TRANSACTION_SUCCESS] = "success", | |
857 | [DNS_TRANSACTION_NO_SERVERS] = "no-servers", | |
858 | [DNS_TRANSACTION_TIMEOUT] = "timeout", | |
859 | [DNS_TRANSACTION_ATTEMPTS_MAX_REACHED] = "attempts-max-reached", | |
860 | [DNS_TRANSACTION_INVALID_REPLY] = "invalid-reply", | |
861 | [DNS_TRANSACTION_RESOURCES] = "resources", | |
862 | [DNS_TRANSACTION_ABORTED] = "aborted", | |
863 | }; | |
864 | DEFINE_STRING_TABLE_LOOKUP(dns_transaction_state, DnsTransactionState); | |
c3bc53e6 LP |
865 | |
866 | static const char* const dns_transaction_source_table[_DNS_TRANSACTION_SOURCE_MAX] = { | |
867 | [DNS_TRANSACTION_NETWORK] = "network", | |
868 | [DNS_TRANSACTION_CACHE] = "cache", | |
869 | [DNS_TRANSACTION_ZONE] = "zone", | |
0d2cd476 | 870 | [DNS_TRANSACTION_TRUST_ANCHOR] = "trust-anchor", |
c3bc53e6 LP |
871 | }; |
872 | DEFINE_STRING_TABLE_LOOKUP(dns_transaction_source, DnsTransactionSource); |