]>
Commit | Line | Data |
---|---|---|
ec2c5e43 LP |
1 | /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ |
2 | ||
3 | #pragma once | |
4 | ||
5 | /*** | |
6 | This file is part of systemd. | |
7 | ||
8 | Copyright 2014 Lennart Poettering | |
9 | ||
10 | systemd is free software; you can redistribute it and/or modify it | |
11 | under the terms of the GNU Lesser General Public License as published by | |
12 | the Free Software Foundation; either version 2.1 of the License, or | |
13 | (at your option) any later version. | |
14 | ||
15 | systemd is distributed in the hope that it will be useful, but | |
16 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
18 | Lesser General Public License for more details. | |
19 | ||
20 | You should have received a copy of the GNU Lesser General Public License | |
21 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
22 | ***/ | |
23 | ||
24 | typedef struct DnsTransaction DnsTransaction; | |
25 | typedef enum DnsTransactionState DnsTransactionState; | |
c3bc53e6 | 26 | typedef enum DnsTransactionSource DnsTransactionSource; |
ec2c5e43 LP |
27 | |
28 | enum DnsTransactionState { | |
29 | DNS_TRANSACTION_NULL, | |
30 | DNS_TRANSACTION_PENDING, | |
547973de | 31 | DNS_TRANSACTION_VALIDATING, |
3bbdc31d | 32 | DNS_TRANSACTION_RCODE_FAILURE, |
ec2c5e43 LP |
33 | DNS_TRANSACTION_SUCCESS, |
34 | DNS_TRANSACTION_NO_SERVERS, | |
35 | DNS_TRANSACTION_TIMEOUT, | |
36 | DNS_TRANSACTION_ATTEMPTS_MAX_REACHED, | |
37 | DNS_TRANSACTION_INVALID_REPLY, | |
38 | DNS_TRANSACTION_RESOURCES, | |
ac720200 | 39 | DNS_TRANSACTION_CONNECTION_FAILURE, |
ec2c5e43 | 40 | DNS_TRANSACTION_ABORTED, |
547973de | 41 | DNS_TRANSACTION_DNSSEC_FAILED, |
ec2c5e43 LP |
42 | _DNS_TRANSACTION_STATE_MAX, |
43 | _DNS_TRANSACTION_STATE_INVALID = -1 | |
44 | }; | |
45 | ||
547973de LP |
46 | #define DNS_TRANSACTION_IS_LIVE(state) IN_SET((state), DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING, DNS_TRANSACTION_VALIDATING) |
47 | ||
c3bc53e6 LP |
48 | enum DnsTransactionSource { |
49 | DNS_TRANSACTION_NETWORK, | |
50 | DNS_TRANSACTION_CACHE, | |
51 | DNS_TRANSACTION_ZONE, | |
0d2cd476 | 52 | DNS_TRANSACTION_TRUST_ANCHOR, |
c3bc53e6 LP |
53 | _DNS_TRANSACTION_SOURCE_MAX, |
54 | _DNS_TRANSACTION_SOURCE_INVALID = -1 | |
55 | }; | |
56 | ||
71d35b6b | 57 | #include "resolved-dns-answer.h" |
ec2c5e43 LP |
58 | #include "resolved-dns-packet.h" |
59 | #include "resolved-dns-question.h" | |
71d35b6b | 60 | #include "resolved-dns-scope.h" |
ec2c5e43 LP |
61 | |
62 | struct DnsTransaction { | |
63 | DnsScope *scope; | |
64 | ||
f52e61da | 65 | DnsResourceKey *key; |
a5784c49 | 66 | char *key_string; |
ec2c5e43 LP |
67 | |
68 | DnsTransactionState state; | |
547973de | 69 | |
ec2c5e43 LP |
70 | uint16_t id; |
71 | ||
cbe4216d LP |
72 | bool tried_stream:1; |
73 | ||
a0c888c7 LP |
74 | bool initial_jitter_scheduled:1; |
75 | bool initial_jitter_elapsed:1; | |
6e068472 | 76 | |
ec2c5e43 | 77 | DnsPacket *sent, *received; |
ae6a4bbf LP |
78 | |
79 | DnsAnswer *answer; | |
80 | int answer_rcode; | |
019036a4 | 81 | DnssecResult answer_dnssec_result; |
c3bc53e6 | 82 | DnsTransactionSource answer_source; |
105e1512 LP |
83 | |
84 | /* Indicates whether the primary answer is authenticated, | |
85 | * i.e. whether the RRs from answer which directly match the | |
86 | * question are authenticated, or, if there are none, whether | |
87 | * the NODATA or NXDOMAIN case is. It says nothing about | |
88 | * additional RRs listed in the answer, however they have | |
89 | * their own DNS_ANSWER_AUTHORIZED FLAGS. Note that this bit | |
90 | * is defined different than the AD bit in DNS packets, as | |
91 | * that covers more than just the actual primary answer. */ | |
931851e8 | 92 | bool answer_authenticated; |
ec2c5e43 | 93 | |
105e1512 LP |
94 | /* Contains DNSKEY, DS, SOA RRs we already verified and need |
95 | * to authenticate this reply */ | |
547973de LP |
96 | DnsAnswer *validated_keys; |
97 | ||
9df3ba6c | 98 | usec_t start_usec; |
a9da14e1 | 99 | usec_t next_attempt_after; |
ec2c5e43 LP |
100 | sd_event_source *timeout_event_source; |
101 | unsigned n_attempts; | |
102 | ||
4667e00a LP |
103 | int dns_udp_fd; |
104 | sd_event_source *dns_udp_event_source; | |
d20b1667 | 105 | |
4667e00a | 106 | /* The active server */ |
8300ba21 TG |
107 | DnsServer *server; |
108 | ||
547973de | 109 | /* The features of the DNS server at time of transaction start */ |
be808ea0 TG |
110 | DnsServerFeatureLevel current_features; |
111 | ||
ec2c5e43 LP |
112 | /* TCP connection logic, if we need it */ |
113 | DnsStream *stream; | |
114 | ||
801ad6a6 LP |
115 | /* Query candidates this transaction is referenced by and that |
116 | * shall be notified about this specific transaction | |
117 | * completing. */ | |
547973de | 118 | Set *notify_query_candidates; |
ec2c5e43 LP |
119 | |
120 | /* Zone items this transaction is referenced by and that shall | |
121 | * be notified about completion. */ | |
547973de LP |
122 | Set *notify_zone_items; |
123 | ||
124 | /* Other transactions that this transactions is referenced by | |
125 | * and that shall be notified about completion. This is used | |
126 | * when transactions want to validate their RRsets, but need | |
127 | * another DNSKEY or DS RR to do so. */ | |
128 | Set *notify_transactions; | |
129 | ||
130 | /* The opposite direction: the transactions this transaction | |
131 | * created in order to request DNSKEY or DS RRs. */ | |
132 | Set *dnssec_transactions; | |
ec2c5e43 LP |
133 | |
134 | unsigned block_gc; | |
135 | ||
136 | LIST_FIELDS(DnsTransaction, transactions_by_scope); | |
137 | }; | |
138 | ||
f52e61da | 139 | int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsResourceKey *key); |
ec2c5e43 LP |
140 | DnsTransaction* dns_transaction_free(DnsTransaction *t); |
141 | ||
142 | void dns_transaction_gc(DnsTransaction *t); | |
143 | int dns_transaction_go(DnsTransaction *t); | |
144 | ||
145 | void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p); | |
146 | void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state); | |
147 | ||
547973de LP |
148 | void dns_transaction_notify(DnsTransaction *t, DnsTransaction *source); |
149 | int dns_transaction_validate_dnssec(DnsTransaction *t); | |
150 | int dns_transaction_request_dnssec_keys(DnsTransaction *t); | |
151 | ||
a5784c49 LP |
152 | const char *dns_transaction_key_string(DnsTransaction *t); |
153 | ||
ec2c5e43 LP |
154 | const char* dns_transaction_state_to_string(DnsTransactionState p) _const_; |
155 | DnsTransactionState dns_transaction_state_from_string(const char *s) _pure_; | |
156 | ||
c3bc53e6 LP |
157 | const char* dns_transaction_source_to_string(DnsTransactionSource p) _const_; |
158 | DnsTransactionSource dns_transaction_source_from_string(const char *s) _pure_; | |
159 | ||
ec2c5e43 | 160 | /* LLMNR Jitter interval, see RFC 4795 Section 7 */ |
6e068472 | 161 | #define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC) |
ec2c5e43 | 162 | |
ea12bcc7 DM |
163 | /* mDNS Jitter interval, see RFC 6762 Section 5.2 */ |
164 | #define MDNS_JITTER_MIN_USEC (20 * USEC_PER_MSEC) | |
165 | #define MDNS_JITTER_RANGE_USEC (100 * USEC_PER_MSEC) | |
166 | ||
ec2c5e43 | 167 | /* Maximum attempts to send DNS requests, across all DNS servers */ |
3b31df83 | 168 | #define DNS_TRANSACTION_ATTEMPTS_MAX 16 |
ec2c5e43 LP |
169 | |
170 | /* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */ | |
171 | #define LLMNR_TRANSACTION_ATTEMPTS_MAX 3 | |
172 | ||
c3bc53e6 | 173 | #define TRANSACTION_ATTEMPTS_MAX(p) ((p) == DNS_PROTOCOL_LLMNR ? LLMNR_TRANSACTION_ATTEMPTS_MAX : DNS_TRANSACTION_ATTEMPTS_MAX) |