1 /* SPDX-License-Identifier: LGPL-2.1+ */
5 This file is part of systemd.
7 Copyright 2014 Lennart Poettering
10 typedef struct DnsTransaction DnsTransaction
;
11 typedef enum DnsTransactionState DnsTransactionState
;
12 typedef enum DnsTransactionSource DnsTransactionSource
;
14 enum DnsTransactionState
{
16 DNS_TRANSACTION_PENDING
,
17 DNS_TRANSACTION_VALIDATING
,
18 DNS_TRANSACTION_RCODE_FAILURE
,
19 DNS_TRANSACTION_SUCCESS
,
20 DNS_TRANSACTION_NO_SERVERS
,
21 DNS_TRANSACTION_TIMEOUT
,
22 DNS_TRANSACTION_ATTEMPTS_MAX_REACHED
,
23 DNS_TRANSACTION_INVALID_REPLY
,
24 DNS_TRANSACTION_ERRNO
,
25 DNS_TRANSACTION_ABORTED
,
26 DNS_TRANSACTION_DNSSEC_FAILED
,
27 DNS_TRANSACTION_NO_TRUST_ANCHOR
,
28 DNS_TRANSACTION_RR_TYPE_UNSUPPORTED
,
29 DNS_TRANSACTION_NETWORK_DOWN
,
30 DNS_TRANSACTION_NOT_FOUND
, /* like NXDOMAIN, but when LLMNR/TCP connections fail */
31 _DNS_TRANSACTION_STATE_MAX
,
32 _DNS_TRANSACTION_STATE_INVALID
= -1
35 #define DNS_TRANSACTION_IS_LIVE(state) IN_SET((state), DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING, DNS_TRANSACTION_VALIDATING)
37 enum DnsTransactionSource
{
38 DNS_TRANSACTION_NETWORK
,
39 DNS_TRANSACTION_CACHE
,
41 DNS_TRANSACTION_TRUST_ANCHOR
,
42 _DNS_TRANSACTION_SOURCE_MAX
,
43 _DNS_TRANSACTION_SOURCE_INVALID
= -1
46 #include "resolved-dns-answer.h"
47 #include "resolved-dns-packet.h"
48 #include "resolved-dns-question.h"
49 #include "resolved-dns-scope.h"
50 #include "resolved-dns-server.h"
51 #include "resolved-dns-stream.h"
53 struct DnsTransaction
{
58 DnsTransactionState state
;
64 bool initial_jitter_scheduled
:1;
65 bool initial_jitter_elapsed
:1;
71 DnsPacket
*sent
, *received
;
75 DnssecResult answer_dnssec_result
;
76 DnsTransactionSource answer_source
;
77 uint32_t answer_nsec_ttl
;
78 int answer_errno
; /* if state is DNS_TRANSACTION_ERRNO */
80 /* Indicates whether the primary answer is authenticated,
81 * i.e. whether the RRs from answer which directly match the
82 * question are authenticated, or, if there are none, whether
83 * the NODATA or NXDOMAIN case is. It says nothing about
84 * additional RRs listed in the answer, however they have
85 * their own DNS_ANSWER_AUTHORIZED FLAGS. Note that this bit
86 * is defined different than the AD bit in DNS packets, as
87 * that covers more than just the actual primary answer. */
88 bool answer_authenticated
;
90 /* Contains DNSKEY, DS, SOA RRs we already verified and need
91 * to authenticate this reply */
92 DnsAnswer
*validated_keys
;
95 usec_t next_attempt_after
;
96 sd_event_source
*timeout_event_source
;
99 unsigned n_picked_servers
;
101 /* UDP connection logic, if we need it */
103 sd_event_source
*dns_udp_event_source
;
105 /* TCP connection logic, if we need it */
108 /* The active server */
111 /* The features of the DNS server at time of transaction start */
112 DnsServerFeatureLevel current_feature_level
;
114 /* If we got SERVFAIL back, we retry the lookup, using a lower feature level than we used before. */
115 DnsServerFeatureLevel clamp_feature_level
;
117 /* Query candidates this transaction is referenced by and that
118 * shall be notified about this specific transaction
120 Set
*notify_query_candidates
, *notify_query_candidates_done
;
122 /* Zone items this transaction is referenced by and that shall
123 * be notified about completion. */
124 Set
*notify_zone_items
, *notify_zone_items_done
;
126 /* Other transactions that this transactions is referenced by
127 * and that shall be notified about completion. This is used
128 * when transactions want to validate their RRsets, but need
129 * another DNSKEY or DS RR to do so. */
130 Set
*notify_transactions
, *notify_transactions_done
;
132 /* The opposite direction: the transactions this transaction
133 * created in order to request DNSKEY or DS RRs. */
134 Set
*dnssec_transactions
;
138 LIST_FIELDS(DnsTransaction
, transactions_by_scope
);
139 LIST_FIELDS(DnsTransaction
, transactions_by_stream
);
142 int dns_transaction_new(DnsTransaction
**ret
, DnsScope
*s
, DnsResourceKey
*key
);
143 DnsTransaction
* dns_transaction_free(DnsTransaction
*t
);
145 bool dns_transaction_gc(DnsTransaction
*t
);
146 int dns_transaction_go(DnsTransaction
*t
);
148 void dns_transaction_process_reply(DnsTransaction
*t
, DnsPacket
*p
);
149 void dns_transaction_complete(DnsTransaction
*t
, DnsTransactionState state
);
151 void dns_transaction_notify(DnsTransaction
*t
, DnsTransaction
*source
);
152 int dns_transaction_validate_dnssec(DnsTransaction
*t
);
153 int dns_transaction_request_dnssec_keys(DnsTransaction
*t
);
155 const char* dns_transaction_state_to_string(DnsTransactionState p
) _const_
;
156 DnsTransactionState
dns_transaction_state_from_string(const char *s
) _pure_
;
158 const char* dns_transaction_source_to_string(DnsTransactionSource p
) _const_
;
159 DnsTransactionSource
dns_transaction_source_from_string(const char *s
) _pure_
;
161 /* LLMNR Jitter interval, see RFC 4795 Section 7 */
162 #define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC)
164 /* mDNS Jitter interval, see RFC 6762 Section 5.2 */
165 #define MDNS_JITTER_MIN_USEC (20 * USEC_PER_MSEC)
166 #define MDNS_JITTER_RANGE_USEC (100 * USEC_PER_MSEC)
168 /* mDNS probing interval, see RFC 6762 Section 8.1 */
169 #define MDNS_PROBING_INTERVAL_USEC (250 * USEC_PER_MSEC)
171 /* Maximum attempts to send DNS requests, across all DNS servers */
172 #define DNS_TRANSACTION_ATTEMPTS_MAX 24
174 /* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */
175 #define LLMNR_TRANSACTION_ATTEMPTS_MAX 3
177 /* Maximum attempts to send MDNS requests, see RFC 6762 Section 8.1 */
178 #define MDNS_TRANSACTION_ATTEMPTS_MAX 3
180 #define TRANSACTION_ATTEMPTS_MAX(p) (((p) == DNS_PROTOCOL_LLMNR) ? \
181 LLMNR_TRANSACTION_ATTEMPTS_MAX : \
182 (((p) == DNS_PROTOCOL_MDNS) ? \
183 MDNS_TRANSACTION_ATTEMPTS_MAX : \
184 DNS_TRANSACTION_ATTEMPTS_MAX))