[thirdparty/systemd.git] / src / resolve / resolved-dns-transaction.h

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

#pragma once

/***
  This file is part of systemd.

  Copyright 2014 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

typedef struct DnsTransaction DnsTransaction;
typedef enum DnsTransactionState DnsTransactionState;
typedef enum DnsTransactionSource DnsTransactionSource;

enum DnsTransactionState {
        DNS_TRANSACTION_NULL,
        DNS_TRANSACTION_PENDING,
        DNS_TRANSACTION_VALIDATING,
        DNS_TRANSACTION_RCODE_FAILURE,
        DNS_TRANSACTION_SUCCESS,
        DNS_TRANSACTION_NO_SERVERS,
        DNS_TRANSACTION_TIMEOUT,
        DNS_TRANSACTION_ATTEMPTS_MAX_REACHED,
        DNS_TRANSACTION_INVALID_REPLY,
        DNS_TRANSACTION_RESOURCES,
        DNS_TRANSACTION_CONNECTION_FAILURE,
        DNS_TRANSACTION_ABORTED,
        DNS_TRANSACTION_DNSSEC_FAILED,
        _DNS_TRANSACTION_STATE_MAX,
        _DNS_TRANSACTION_STATE_INVALID = -1
};

#define DNS_TRANSACTION_IS_LIVE(state) IN_SET((state), DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING, DNS_TRANSACTION_VALIDATING)

enum DnsTransactionSource {
        DNS_TRANSACTION_NETWORK,
        DNS_TRANSACTION_CACHE,
        DNS_TRANSACTION_ZONE,
        DNS_TRANSACTION_TRUST_ANCHOR,
        _DNS_TRANSACTION_SOURCE_MAX,
        _DNS_TRANSACTION_SOURCE_INVALID = -1
};

#include "resolved-dns-answer.h"
#include "resolved-dns-packet.h"
#include "resolved-dns-question.h"
#include "resolved-dns-scope.h"

struct DnsTransaction {
        DnsScope *scope;

        DnsResourceKey *key;
        char *key_string;

        DnsTransactionState state;

        uint16_t id;

        bool tried_stream:1;

        bool initial_jitter_scheduled:1;
        bool initial_jitter_elapsed:1;

        DnsPacket *sent, *received;

        DnsAnswer *answer;
        int answer_rcode;
        DnssecResult answer_dnssec_result;
        DnsTransactionSource answer_source;

        /* Indicates whether the primary answer is authenticated,
         * i.e. whether the RRs from answer which directly match the
         * question are authenticated, or, if there are none, whether
         * the NODATA or NXDOMAIN case is. It says nothing about
         * additional RRs listed in the answer, however they have
         * their own DNS_ANSWER_AUTHORIZED FLAGS. Note that this bit
         * is defined different than the AD bit in DNS packets, as
         * that covers more than just the actual primary answer. */
        bool answer_authenticated;

        /* Contains DNSKEY, DS, SOA RRs we already verified and need
         * to authenticate this reply */
        DnsAnswer *validated_keys;

        usec_t start_usec;
        usec_t next_attempt_after;
        sd_event_source *timeout_event_source;
        unsigned n_attempts;

        int dns_udp_fd;
        sd_event_source *dns_udp_event_source;

        /* The active server */
        DnsServer *server;

        /* The features of the DNS server at time of transaction start */
        DnsServerFeatureLevel current_features;

        /* TCP connection logic, if we need it */
        DnsStream *stream;

        /* Query candidates this transaction is referenced by and that
         * shall be notified about this specific transaction
         * completing. */
        Set *notify_query_candidates;

        /* Zone items this transaction is referenced by and that shall
         * be notified about completion. */
        Set *notify_zone_items;

        /* Other transactions that this transactions is referenced by
         * and that shall be notified about completion. This is used
         * when transactions want to validate their RRsets, but need
         * another DNSKEY or DS RR to do so. */
        Set *notify_transactions;

        /* The opposite direction: the transactions this transaction
         * created in order to request DNSKEY or DS RRs. */
        Set *dnssec_transactions;

        unsigned block_gc;

        LIST_FIELDS(DnsTransaction, transactions_by_scope);
};

int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsResourceKey *key);
DnsTransaction* dns_transaction_free(DnsTransaction *t);

void dns_transaction_gc(DnsTransaction *t);
int dns_transaction_go(DnsTransaction *t);

void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p);
void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state);

void dns_transaction_notify(DnsTransaction *t, DnsTransaction *source);
int dns_transaction_validate_dnssec(DnsTransaction *t);
int dns_transaction_request_dnssec_keys(DnsTransaction *t);

const char *dns_transaction_key_string(DnsTransaction *t);

const char* dns_transaction_state_to_string(DnsTransactionState p) _const_;
DnsTransactionState dns_transaction_state_from_string(const char *s) _pure_;

const char* dns_transaction_source_to_string(DnsTransactionSource p) _const_;
DnsTransactionSource dns_transaction_source_from_string(const char *s) _pure_;

/* LLMNR Jitter interval, see RFC 4795 Section 7 */
#define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC)

/* mDNS Jitter interval, see RFC 6762 Section 5.2 */
#define MDNS_JITTER_MIN_USEC   (20 * USEC_PER_MSEC)
#define MDNS_JITTER_RANGE_USEC (100 * USEC_PER_MSEC)

/* Maximum attempts to send DNS requests, across all DNS servers */
#define DNS_TRANSACTION_ATTEMPTS_MAX 16

/* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */
#define LLMNR_TRANSACTION_ATTEMPTS_MAX 3

#define TRANSACTION_ATTEMPTS_MAX(p) ((p) == DNS_PROTOCOL_LLMNR ? LLMNR_TRANSACTION_ATTEMPTS_MAX : DNS_TRANSACTION_ATTEMPTS_MAX)
Commit	Line	Data
ec2c5e43 LP	1	/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/
	2
	3	#pragma once
	4
	5	/***
	6	This file is part of systemd.
	7
	8	Copyright 2014 Lennart Poettering
	9
	10	systemd is free software; you can redistribute it and/or modify it
	11	under the terms of the GNU Lesser General Public License as published by
	12	the Free Software Foundation; either version 2.1 of the License, or
	13	(at your option) any later version.
	14
	15	systemd is distributed in the hope that it will be useful, but
	16	WITHOUT ANY WARRANTY; without even the implied warranty of
	17	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	18	Lesser General Public License for more details.
	19
	20	You should have received a copy of the GNU Lesser General Public License
	21	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	22	***/
	23
	24	typedef struct DnsTransaction DnsTransaction;
	25	typedef enum DnsTransactionState DnsTransactionState;
c3bc53e6	26	typedef enum DnsTransactionSource DnsTransactionSource;
ec2c5e43 LP	27
	28	enum DnsTransactionState {
	29	DNS_TRANSACTION_NULL,
	30	DNS_TRANSACTION_PENDING,
547973de	31	DNS_TRANSACTION_VALIDATING,
3bbdc31d	32	DNS_TRANSACTION_RCODE_FAILURE,
ec2c5e43 LP	33	DNS_TRANSACTION_SUCCESS,
	34	DNS_TRANSACTION_NO_SERVERS,
	35	DNS_TRANSACTION_TIMEOUT,
	36	DNS_TRANSACTION_ATTEMPTS_MAX_REACHED,
	37	DNS_TRANSACTION_INVALID_REPLY,
	38	DNS_TRANSACTION_RESOURCES,
ac720200	39	DNS_TRANSACTION_CONNECTION_FAILURE,
ec2c5e43	40	DNS_TRANSACTION_ABORTED,
547973de	41	DNS_TRANSACTION_DNSSEC_FAILED,
ec2c5e43 LP	42	_DNS_TRANSACTION_STATE_MAX,
	43	_DNS_TRANSACTION_STATE_INVALID = -1
	44	};
	45
547973de LP	46	#define DNS_TRANSACTION_IS_LIVE(state) IN_SET((state), DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING, DNS_TRANSACTION_VALIDATING)
547973de LP	47
c3bc53e6 LP	48	enum DnsTransactionSource {
	49	DNS_TRANSACTION_NETWORK,
	50	DNS_TRANSACTION_CACHE,
	51	DNS_TRANSACTION_ZONE,
0d2cd476	52	DNS_TRANSACTION_TRUST_ANCHOR,
c3bc53e6 LP	53	_DNS_TRANSACTION_SOURCE_MAX,
	54	_DNS_TRANSACTION_SOURCE_INVALID = -1
	55	};
	56
71d35b6b	57	#include "resolved-dns-answer.h"
ec2c5e43 LP	58	#include "resolved-dns-packet.h"
ec2c5e43 LP	59	#include "resolved-dns-question.h"
71d35b6b	60	#include "resolved-dns-scope.h"
ec2c5e43 LP	61
	62	struct DnsTransaction {
	63	DnsScope *scope;
	64
f52e61da	65	DnsResourceKey *key;
a5784c49	66	char *key_string;
ec2c5e43 LP	67
ec2c5e43 LP	68	DnsTransactionState state;
547973de	69
ec2c5e43 LP	70	uint16_t id;
ec2c5e43 LP	71
cbe4216d LP	72	bool tried_stream:1;
cbe4216d LP	73
a0c888c7 LP	74	bool initial_jitter_scheduled:1;
a0c888c7 LP	75	bool initial_jitter_elapsed:1;
6e068472	76
ec2c5e43	77	DnsPacket sent, received;
ae6a4bbf LP	78
	79	DnsAnswer *answer;
	80	int answer_rcode;
019036a4	81	DnssecResult answer_dnssec_result;
c3bc53e6	82	DnsTransactionSource answer_source;
105e1512 LP	83
	84	/* Indicates whether the primary answer is authenticated,
	85	* i.e. whether the RRs from answer which directly match the
	86	* question are authenticated, or, if there are none, whether
	87	* the NODATA or NXDOMAIN case is. It says nothing about
	88	* additional RRs listed in the answer, however they have
	89	* their own DNS_ANSWER_AUTHORIZED FLAGS. Note that this bit
	90	* is defined different than the AD bit in DNS packets, as
	91	* that covers more than just the actual primary answer. */
931851e8	92	bool answer_authenticated;
ec2c5e43	93
105e1512 LP	94	/* Contains DNSKEY, DS, SOA RRs we already verified and need
105e1512 LP	95	* to authenticate this reply */
547973de LP	96	DnsAnswer *validated_keys;
547973de LP	97
9df3ba6c	98	usec_t start_usec;
a9da14e1	99	usec_t next_attempt_after;
ec2c5e43 LP	100	sd_event_source *timeout_event_source;
	101	unsigned n_attempts;
	102
4667e00a LP	103	int dns_udp_fd;
4667e00a LP	104	sd_event_source *dns_udp_event_source;
d20b1667	105
4667e00a	106	/* The active server */
8300ba21 TG	107	DnsServer *server;
8300ba21 TG	108
547973de	109	/* The features of the DNS server at time of transaction start */
be808ea0 TG	110	DnsServerFeatureLevel current_features;
be808ea0 TG	111
ec2c5e43 LP	112	/* TCP connection logic, if we need it */
	113	DnsStream *stream;
	114
801ad6a6 LP	115	/* Query candidates this transaction is referenced by and that
	116	* shall be notified about this specific transaction
	117	* completing. */
547973de	118	Set *notify_query_candidates;
ec2c5e43 LP	119
	120	/* Zone items this transaction is referenced by and that shall
	121	* be notified about completion. */
547973de LP	122	Set *notify_zone_items;
	123
	124	/* Other transactions that this transactions is referenced by
	125	* and that shall be notified about completion. This is used
	126	* when transactions want to validate their RRsets, but need
	127	* another DNSKEY or DS RR to do so. */
	128	Set *notify_transactions;
	129
	130	/* The opposite direction: the transactions this transaction
	131	* created in order to request DNSKEY or DS RRs. */
	132	Set *dnssec_transactions;
ec2c5e43 LP	133
	134	unsigned block_gc;
	135
	136	LIST_FIELDS(DnsTransaction, transactions_by_scope);
	137	};
	138
f52e61da	139	int dns_transaction_new(DnsTransaction *ret, DnsScope s, DnsResourceKey *key);
ec2c5e43 LP	140	DnsTransaction* dns_transaction_free(DnsTransaction *t);
	141
	142	void dns_transaction_gc(DnsTransaction *t);
	143	int dns_transaction_go(DnsTransaction *t);
	144
	145	void dns_transaction_process_reply(DnsTransaction t, DnsPacket p);
	146	void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state);
	147
547973de LP	148	void dns_transaction_notify(DnsTransaction t, DnsTransaction source);
	149	int dns_transaction_validate_dnssec(DnsTransaction *t);
	150	int dns_transaction_request_dnssec_keys(DnsTransaction *t);
	151
a5784c49 LP	152	const char dns_transaction_key_string(DnsTransaction t);
a5784c49 LP	153
ec2c5e43 LP	154	const char* dns_transaction_state_to_string(DnsTransactionState p) _const_;
	155	DnsTransactionState dns_transaction_state_from_string(const char *s) _pure_;
	156
c3bc53e6 LP	157	const char* dns_transaction_source_to_string(DnsTransactionSource p) _const_;
	158	DnsTransactionSource dns_transaction_source_from_string(const char *s) _pure_;
	159
ec2c5e43	160	/* LLMNR Jitter interval, see RFC 4795 Section 7 */
6e068472	161	#define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC)
ec2c5e43	162
ea12bcc7 DM	163	/* mDNS Jitter interval, see RFC 6762 Section 5.2 */
	164	#define MDNS_JITTER_MIN_USEC (20 * USEC_PER_MSEC)
	165	#define MDNS_JITTER_RANGE_USEC (100 * USEC_PER_MSEC)
	166
ec2c5e43	167	/* Maximum attempts to send DNS requests, across all DNS servers */
3b31df83	168	#define DNS_TRANSACTION_ATTEMPTS_MAX 16
ec2c5e43 LP	169
	170	/* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */
	171	#define LLMNR_TRANSACTION_ATTEMPTS_MAX 3
	172
c3bc53e6	173	#define TRANSACTION_ATTEMPTS_MAX(p) ((p) == DNS_PROTOCOL_LLMNR ? LLMNR_TRANSACTION_ATTEMPTS_MAX : DNS_TRANSACTION_ATTEMPTS_MAX)