]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
322345fd | 2 | |
202b76ae ZJS |
3 | #include <net/if.h> |
4 | ||
5 | #include "af-list.h" | |
b5efdb8a | 6 | #include "alloc-util.h" |
58db254a | 7 | #include "dns-domain.h" |
518a66ec | 8 | #include "format-util.h" |
02c2857b | 9 | #include "resolved-dns-answer.h" |
322345fd | 10 | #include "resolved-dns-cache.h" |
7e8e0422 | 11 | #include "resolved-dns-packet.h" |
58db254a | 12 | #include "string-util.h" |
322345fd | 13 | |
6af47493 LP |
14 | /* Never cache more than 4K entries. RFC 1536, Section 5 suggests to |
15 | * leave DNS caches unbounded, but that's crazy. */ | |
d98e5504 | 16 | #define CACHE_MAX 4096 |
cbd4560e | 17 | |
d98e5504 LP |
18 | /* We never keep any item longer than 2h in our cache */ |
19 | #define CACHE_TTL_MAX_USEC (2 * USEC_PER_HOUR) | |
322345fd | 20 | |
201d9958 LP |
21 | /* How long to cache strange rcodes, i.e. rcodes != SUCCESS and != NXDOMAIN (specifically: that's only SERVFAIL for |
22 | * now) */ | |
23 | #define CACHE_TTL_STRANGE_RCODE_USEC (30 * USEC_PER_SEC) | |
24 | ||
623a4c97 LP |
25 | typedef enum DnsCacheItemType DnsCacheItemType; |
26 | typedef struct DnsCacheItem DnsCacheItem; | |
27 | ||
28 | enum DnsCacheItemType { | |
29 | DNS_CACHE_POSITIVE, | |
30 | DNS_CACHE_NODATA, | |
31 | DNS_CACHE_NXDOMAIN, | |
201d9958 | 32 | DNS_CACHE_RCODE, /* "strange" RCODE (effective only SERVFAIL for now) */ |
623a4c97 LP |
33 | }; |
34 | ||
35 | struct DnsCacheItem { | |
d2579eec | 36 | DnsCacheItemType type; |
623a4c97 LP |
37 | DnsResourceKey *key; |
38 | DnsResourceRecord *rr; | |
201d9958 | 39 | int rcode; |
d2579eec | 40 | |
623a4c97 | 41 | usec_t until; |
d2579eec LP |
42 | bool authenticated:1; |
43 | bool shared_owner:1; | |
44 | ||
06d12754 | 45 | int ifindex; |
a4076574 LP |
46 | int owner_family; |
47 | union in_addr_union owner_address; | |
d2579eec LP |
48 | |
49 | unsigned prioq_idx; | |
623a4c97 LP |
50 | LIST_FIELDS(DnsCacheItem, by_key); |
51 | }; | |
52 | ||
201d9958 LP |
53 | static const char *dns_cache_item_type_to_string(DnsCacheItem *item) { |
54 | assert(item); | |
55 | ||
56 | switch (item->type) { | |
57 | ||
58 | case DNS_CACHE_POSITIVE: | |
59 | return "POSITIVE"; | |
60 | ||
61 | case DNS_CACHE_NODATA: | |
62 | return "NODATA"; | |
63 | ||
64 | case DNS_CACHE_NXDOMAIN: | |
65 | return "NXDOMAIN"; | |
66 | ||
67 | case DNS_CACHE_RCODE: | |
68 | return dns_rcode_to_string(item->rcode); | |
69 | } | |
70 | ||
71 | return NULL; | |
72 | } | |
73 | ||
322345fd LP |
74 | static void dns_cache_item_free(DnsCacheItem *i) { |
75 | if (!i) | |
76 | return; | |
77 | ||
78 | dns_resource_record_unref(i->rr); | |
7e8e0422 | 79 | dns_resource_key_unref(i->key); |
322345fd LP |
80 | free(i); |
81 | } | |
82 | ||
83 | DEFINE_TRIVIAL_CLEANUP_FUNC(DnsCacheItem*, dns_cache_item_free); | |
84 | ||
39963f11 | 85 | static void dns_cache_item_unlink_and_free(DnsCache *c, DnsCacheItem *i) { |
322345fd LP |
86 | DnsCacheItem *first; |
87 | ||
88 | assert(c); | |
89 | ||
90 | if (!i) | |
91 | return; | |
92 | ||
7e8e0422 LP |
93 | first = hashmap_get(c->by_key, i->key); |
94 | LIST_REMOVE(by_key, first, i); | |
322345fd LP |
95 | |
96 | if (first) | |
7e8e0422 | 97 | assert_se(hashmap_replace(c->by_key, first->key, first) >= 0); |
322345fd | 98 | else |
7e8e0422 | 99 | hashmap_remove(c->by_key, i->key); |
322345fd | 100 | |
7e8e0422 | 101 | prioq_remove(c->by_expiry, i, &i->prioq_idx); |
322345fd LP |
102 | |
103 | dns_cache_item_free(i); | |
104 | } | |
105 | ||
f5bdeb01 LP |
106 | static bool dns_cache_remove_by_rr(DnsCache *c, DnsResourceRecord *rr) { |
107 | DnsCacheItem *first, *i; | |
108 | int r; | |
109 | ||
110 | first = hashmap_get(c->by_key, rr->key); | |
111 | LIST_FOREACH(by_key, i, first) { | |
112 | r = dns_resource_record_equal(i->rr, rr); | |
113 | if (r < 0) | |
114 | return r; | |
115 | if (r > 0) { | |
39963f11 | 116 | dns_cache_item_unlink_and_free(c, i); |
f5bdeb01 LP |
117 | return true; |
118 | } | |
119 | } | |
120 | ||
121 | return false; | |
122 | } | |
123 | ||
2dda578f | 124 | static bool dns_cache_remove_by_key(DnsCache *c, DnsResourceKey *key) { |
1f97052f | 125 | DnsCacheItem *first, *i, *n; |
322345fd LP |
126 | |
127 | assert(c); | |
128 | assert(key); | |
129 | ||
1f97052f LP |
130 | first = hashmap_remove(c->by_key, key); |
131 | if (!first) | |
132 | return false; | |
133 | ||
134 | LIST_FOREACH_SAFE(by_key, i, n, first) { | |
135 | prioq_remove(c->by_expiry, i, &i->prioq_idx); | |
136 | dns_cache_item_free(i); | |
6b34a6c9 TG |
137 | } |
138 | ||
1f97052f | 139 | return true; |
322345fd LP |
140 | } |
141 | ||
ef9a3e3c LP |
142 | void dns_cache_flush(DnsCache *c) { |
143 | DnsResourceKey *key; | |
144 | ||
145 | assert(c); | |
146 | ||
147 | while ((key = hashmap_first_key(c->by_key))) | |
2dda578f | 148 | dns_cache_remove_by_key(c, key); |
ef9a3e3c LP |
149 | |
150 | assert(hashmap_size(c->by_key) == 0); | |
151 | assert(prioq_size(c->by_expiry) == 0); | |
152 | ||
153 | c->by_key = hashmap_free(c->by_key); | |
154 | c->by_expiry = prioq_free(c->by_expiry); | |
155 | } | |
156 | ||
322345fd LP |
157 | static void dns_cache_make_space(DnsCache *c, unsigned add) { |
158 | assert(c); | |
159 | ||
160 | if (add <= 0) | |
161 | return; | |
162 | ||
163 | /* Makes space for n new entries. Note that we actually allow | |
164 | * the cache to grow beyond CACHE_MAX, but only when we shall | |
165 | * add more RRs to the cache than CACHE_MAX at once. In that | |
166 | * case the cache will be emptied completely otherwise. */ | |
167 | ||
168 | for (;;) { | |
faa133f3 | 169 | _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL; |
322345fd LP |
170 | DnsCacheItem *i; |
171 | ||
7e8e0422 | 172 | if (prioq_size(c->by_expiry) <= 0) |
322345fd LP |
173 | break; |
174 | ||
7e8e0422 | 175 | if (prioq_size(c->by_expiry) + add < CACHE_MAX) |
322345fd LP |
176 | break; |
177 | ||
7e8e0422 | 178 | i = prioq_peek(c->by_expiry); |
cbd4560e LP |
179 | assert(i); |
180 | ||
faa133f3 | 181 | /* Take an extra reference to the key so that it |
cbd4560e | 182 | * doesn't go away in the middle of the remove call */ |
7e8e0422 | 183 | key = dns_resource_key_ref(i->key); |
2dda578f | 184 | dns_cache_remove_by_key(c, key); |
322345fd LP |
185 | } |
186 | } | |
187 | ||
188 | void dns_cache_prune(DnsCache *c) { | |
189 | usec_t t = 0; | |
190 | ||
191 | assert(c); | |
192 | ||
193 | /* Remove all entries that are past their TTL */ | |
194 | ||
195 | for (;;) { | |
196 | DnsCacheItem *i; | |
202b76ae | 197 | char key_str[DNS_RESOURCE_KEY_STRING_MAX]; |
322345fd | 198 | |
7e8e0422 | 199 | i = prioq_peek(c->by_expiry); |
322345fd LP |
200 | if (!i) |
201 | break; | |
202 | ||
322345fd | 203 | if (t <= 0) |
240b589b | 204 | t = now(clock_boottime_or_monotonic()); |
322345fd | 205 | |
7e8e0422 | 206 | if (i->until > t) |
322345fd LP |
207 | break; |
208 | ||
d2579eec | 209 | /* Depending whether this is an mDNS shared entry |
202b76ae ZJS |
210 | * either remove only this one RR or the whole RRset */ |
211 | log_debug("Removing %scache entry for %s (expired "USEC_FMT"s ago)", | |
212 | i->shared_owner ? "shared " : "", | |
213 | dns_resource_key_to_string(i->key, key_str, sizeof key_str), | |
214 | (t - i->until) / USEC_PER_SEC); | |
215 | ||
d2579eec | 216 | if (i->shared_owner) |
39963f11 | 217 | dns_cache_item_unlink_and_free(c, i); |
d2579eec LP |
218 | else { |
219 | _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL; | |
220 | ||
221 | /* Take an extra reference to the key so that it | |
222 | * doesn't go away in the middle of the remove call */ | |
223 | key = dns_resource_key_ref(i->key); | |
2dda578f | 224 | dns_cache_remove_by_key(c, key); |
d2579eec | 225 | } |
322345fd LP |
226 | } |
227 | } | |
228 | ||
229 | static int dns_cache_item_prioq_compare_func(const void *a, const void *b) { | |
322345fd LP |
230 | const DnsCacheItem *x = a, *y = b; |
231 | ||
a0edd02e | 232 | return CMP(x->until, y->until); |
322345fd LP |
233 | } |
234 | ||
623a4c97 | 235 | static int dns_cache_init(DnsCache *c) { |
7e8e0422 LP |
236 | int r; |
237 | ||
623a4c97 LP |
238 | assert(c); |
239 | ||
7e8e0422 LP |
240 | r = prioq_ensure_allocated(&c->by_expiry, dns_cache_item_prioq_compare_func); |
241 | if (r < 0) | |
242 | return r; | |
243 | ||
d5099efc | 244 | r = hashmap_ensure_allocated(&c->by_key, &dns_resource_key_hash_ops); |
7e8e0422 LP |
245 | if (r < 0) |
246 | return r; | |
247 | ||
248 | return r; | |
249 | } | |
250 | ||
251 | static int dns_cache_link_item(DnsCache *c, DnsCacheItem *i) { | |
252 | DnsCacheItem *first; | |
253 | int r; | |
254 | ||
322345fd LP |
255 | assert(c); |
256 | assert(i); | |
322345fd | 257 | |
7e8e0422 LP |
258 | r = prioq_put(c->by_expiry, i, &i->prioq_idx); |
259 | if (r < 0) | |
260 | return r; | |
322345fd | 261 | |
7e8e0422 LP |
262 | first = hashmap_get(c->by_key, i->key); |
263 | if (first) { | |
f57e3cd5 LP |
264 | _cleanup_(dns_resource_key_unrefp) DnsResourceKey *k = NULL; |
265 | ||
266 | /* Keep a reference to the original key, while we manipulate the list. */ | |
267 | k = dns_resource_key_ref(first->key); | |
268 | ||
269 | /* Now, try to reduce the number of keys we keep */ | |
270 | dns_resource_key_reduce(&first->key, &i->key); | |
271 | ||
272 | if (first->rr) | |
273 | dns_resource_key_reduce(&first->rr->key, &i->key); | |
274 | if (i->rr) | |
275 | dns_resource_key_reduce(&i->rr->key, &i->key); | |
276 | ||
7e8e0422 LP |
277 | LIST_PREPEND(by_key, first, i); |
278 | assert_se(hashmap_replace(c->by_key, first->key, first) >= 0); | |
279 | } else { | |
280 | r = hashmap_put(c->by_key, i->key, i); | |
281 | if (r < 0) { | |
282 | prioq_remove(c->by_expiry, i, &i->prioq_idx); | |
283 | return r; | |
284 | } | |
322345fd LP |
285 | } |
286 | ||
7e8e0422 | 287 | return 0; |
322345fd LP |
288 | } |
289 | ||
faa133f3 LP |
290 | static DnsCacheItem* dns_cache_get(DnsCache *c, DnsResourceRecord *rr) { |
291 | DnsCacheItem *i; | |
292 | ||
293 | assert(c); | |
294 | assert(rr); | |
295 | ||
7e8e0422 | 296 | LIST_FOREACH(by_key, i, hashmap_get(c->by_key, rr->key)) |
3ef77d04 | 297 | if (i->rr && dns_resource_record_equal(i->rr, rr) > 0) |
faa133f3 LP |
298 | return i; |
299 | ||
300 | return NULL; | |
301 | } | |
302 | ||
d3760be0 | 303 | static usec_t calculate_until(DnsResourceRecord *rr, uint32_t nsec_ttl, usec_t timestamp, bool use_soa_minimum) { |
b211dc7e LP |
304 | uint32_t ttl; |
305 | usec_t u; | |
ee3d6aff LP |
306 | |
307 | assert(rr); | |
308 | ||
d3760be0 | 309 | ttl = MIN(rr->ttl, nsec_ttl); |
b211dc7e LP |
310 | if (rr->key->type == DNS_TYPE_SOA && use_soa_minimum) { |
311 | /* If this is a SOA RR, and it is requested, clamp to | |
312 | * the SOA's minimum field. This is used when we do | |
313 | * negative caching, to determine the TTL for the | |
314 | * negative caching entry. See RFC 2308, Section | |
315 | * 5. */ | |
ee3d6aff | 316 | |
b211dc7e LP |
317 | if (ttl > rr->soa.minimum) |
318 | ttl = rr->soa.minimum; | |
319 | } | |
320 | ||
321 | u = ttl * USEC_PER_SEC; | |
322 | if (u > CACHE_TTL_MAX_USEC) | |
323 | u = CACHE_TTL_MAX_USEC; | |
ee3d6aff LP |
324 | |
325 | if (rr->expiry != USEC_INFINITY) { | |
326 | usec_t left; | |
327 | ||
b211dc7e LP |
328 | /* Make use of the DNSSEC RRSIG expiry info, if we |
329 | * have it */ | |
ee3d6aff LP |
330 | |
331 | left = LESS_BY(rr->expiry, now(CLOCK_REALTIME)); | |
b211dc7e LP |
332 | if (u > left) |
333 | u = left; | |
ee3d6aff LP |
334 | } |
335 | ||
b211dc7e | 336 | return timestamp + u; |
ee3d6aff LP |
337 | } |
338 | ||
d2579eec LP |
339 | static void dns_cache_item_update_positive( |
340 | DnsCache *c, | |
341 | DnsCacheItem *i, | |
342 | DnsResourceRecord *rr, | |
343 | bool authenticated, | |
344 | bool shared_owner, | |
345 | usec_t timestamp, | |
06d12754 | 346 | int ifindex, |
d2579eec LP |
347 | int owner_family, |
348 | const union in_addr_union *owner_address) { | |
349 | ||
7e8e0422 LP |
350 | assert(c); |
351 | assert(i); | |
352 | assert(rr); | |
d2579eec | 353 | assert(owner_address); |
7e8e0422 LP |
354 | |
355 | i->type = DNS_CACHE_POSITIVE; | |
356 | ||
ece174c5 | 357 | if (!i->by_key_prev) |
7e8e0422 LP |
358 | /* We are the first item in the list, we need to |
359 | * update the key used in the hashmap */ | |
360 | ||
361 | assert_se(hashmap_replace(c->by_key, rr->key, i) >= 0); | |
7e8e0422 LP |
362 | |
363 | dns_resource_record_ref(rr); | |
364 | dns_resource_record_unref(i->rr); | |
365 | i->rr = rr; | |
366 | ||
367 | dns_resource_key_unref(i->key); | |
368 | i->key = dns_resource_key_ref(rr->key); | |
369 | ||
d3760be0 | 370 | i->until = calculate_until(rr, (uint32_t) -1, timestamp, false); |
d2579eec LP |
371 | i->authenticated = authenticated; |
372 | i->shared_owner = shared_owner; | |
373 | ||
06d12754 LP |
374 | i->ifindex = ifindex; |
375 | ||
d2579eec LP |
376 | i->owner_family = owner_family; |
377 | i->owner_address = *owner_address; | |
7e8e0422 LP |
378 | |
379 | prioq_reshuffle(c->by_expiry, i, &i->prioq_idx); | |
380 | } | |
381 | ||
a4076574 LP |
382 | static int dns_cache_put_positive( |
383 | DnsCache *c, | |
384 | DnsResourceRecord *rr, | |
931851e8 | 385 | bool authenticated, |
d2579eec | 386 | bool shared_owner, |
a4076574 | 387 | usec_t timestamp, |
06d12754 | 388 | int ifindex, |
a4076574 LP |
389 | int owner_family, |
390 | const union in_addr_union *owner_address) { | |
391 | ||
322345fd | 392 | _cleanup_(dns_cache_item_freep) DnsCacheItem *i = NULL; |
7e8e0422 | 393 | DnsCacheItem *existing; |
518a66ec | 394 | char key_str[DNS_RESOURCE_KEY_STRING_MAX]; |
a257f9d4 | 395 | int r, k; |
322345fd LP |
396 | |
397 | assert(c); | |
398 | assert(rr); | |
a4076574 | 399 | assert(owner_address); |
322345fd | 400 | |
222148b6 LP |
401 | /* Never cache pseudo RRs */ |
402 | if (dns_class_is_pseudo(rr->key->class)) | |
403 | return 0; | |
404 | if (dns_type_is_pseudo(rr->key->type)) | |
405 | return 0; | |
406 | ||
f5bdeb01 | 407 | /* New TTL is 0? Delete this specific entry... */ |
322345fd | 408 | if (rr->ttl <= 0) { |
f5bdeb01 | 409 | k = dns_cache_remove_by_rr(c, rr); |
202b76ae ZJS |
410 | log_debug("%s: %s", |
411 | k > 0 ? "Removed zero TTL entry from cache" : "Not caching zero TTL cache entry", | |
18665d1f | 412 | dns_resource_key_to_string(rr->key, key_str, sizeof key_str)); |
322345fd LP |
413 | return 0; |
414 | } | |
415 | ||
13e785f7 | 416 | /* Entry exists already? Update TTL, timestamp and owner */ |
322345fd LP |
417 | existing = dns_cache_get(c, rr); |
418 | if (existing) { | |
d2579eec LP |
419 | dns_cache_item_update_positive( |
420 | c, | |
421 | existing, | |
422 | rr, | |
423 | authenticated, | |
424 | shared_owner, | |
425 | timestamp, | |
06d12754 | 426 | ifindex, |
d2579eec LP |
427 | owner_family, |
428 | owner_address); | |
322345fd LP |
429 | return 0; |
430 | } | |
431 | ||
432 | /* Otherwise, add the new RR */ | |
623a4c97 | 433 | r = dns_cache_init(c); |
322345fd LP |
434 | if (r < 0) |
435 | return r; | |
436 | ||
7e8e0422 LP |
437 | dns_cache_make_space(c, 1); |
438 | ||
439 | i = new0(DnsCacheItem, 1); | |
440 | if (!i) | |
441 | return -ENOMEM; | |
442 | ||
443 | i->type = DNS_CACHE_POSITIVE; | |
444 | i->key = dns_resource_key_ref(rr->key); | |
445 | i->rr = dns_resource_record_ref(rr); | |
d3760be0 | 446 | i->until = calculate_until(rr, (uint32_t) -1, timestamp, false); |
d2579eec LP |
447 | i->authenticated = authenticated; |
448 | i->shared_owner = shared_owner; | |
06d12754 | 449 | i->ifindex = ifindex; |
a4076574 LP |
450 | i->owner_family = owner_family; |
451 | i->owner_address = *owner_address; | |
d2579eec | 452 | i->prioq_idx = PRIOQ_IDX_NULL; |
7e8e0422 LP |
453 | |
454 | r = dns_cache_link_item(c, i); | |
455 | if (r < 0) | |
456 | return r; | |
457 | ||
f1d34068 | 458 | if (DEBUG_LOGGING) { |
202b76ae | 459 | _cleanup_free_ char *t = NULL; |
518a66ec | 460 | char ifname[IF_NAMESIZE + 1]; |
202b76ae ZJS |
461 | |
462 | (void) in_addr_to_string(i->owner_family, &i->owner_address, &t); | |
463 | ||
464 | log_debug("Added positive %s%s cache entry for %s "USEC_FMT"s on %s/%s/%s", | |
465 | i->authenticated ? "authenticated" : "unauthenticated", | |
466 | i->shared_owner ? " shared" : "", | |
467 | dns_resource_key_to_string(i->key, key_str, sizeof key_str), | |
468 | (i->until - timestamp) / USEC_PER_SEC, | |
518a66ec | 469 | i->ifindex == 0 ? "*" : strna(format_ifname(i->ifindex, ifname)), |
202b76ae ZJS |
470 | af_to_name_short(i->owner_family), |
471 | strna(t)); | |
a257f9d4 | 472 | } |
6b34a6c9 | 473 | |
7e8e0422 LP |
474 | i = NULL; |
475 | return 0; | |
476 | } | |
477 | ||
a4076574 LP |
478 | static int dns_cache_put_negative( |
479 | DnsCache *c, | |
480 | DnsResourceKey *key, | |
481 | int rcode, | |
931851e8 | 482 | bool authenticated, |
d3760be0 | 483 | uint32_t nsec_ttl, |
a4076574 | 484 | usec_t timestamp, |
b211dc7e | 485 | DnsResourceRecord *soa, |
a4076574 LP |
486 | int owner_family, |
487 | const union in_addr_union *owner_address) { | |
488 | ||
7e8e0422 | 489 | _cleanup_(dns_cache_item_freep) DnsCacheItem *i = NULL; |
202b76ae | 490 | char key_str[DNS_RESOURCE_KEY_STRING_MAX]; |
7e8e0422 LP |
491 | int r; |
492 | ||
493 | assert(c); | |
494 | assert(key); | |
a4076574 | 495 | assert(owner_address); |
7e8e0422 | 496 | |
98b6be77 LP |
497 | /* Never cache pseudo RR keys. DNS_TYPE_ANY is particularly |
498 | * important to filter out as we use this as a pseudo-type for | |
499 | * NXDOMAIN entries */ | |
222148b6 | 500 | if (dns_class_is_pseudo(key->class)) |
ddf16339 | 501 | return 0; |
c33be4a6 | 502 | if (dns_type_is_pseudo(key->type)) |
ddf16339 | 503 | return 0; |
222148b6 | 504 | |
201d9958 LP |
505 | if (IN_SET(rcode, DNS_RCODE_SUCCESS, DNS_RCODE_NXDOMAIN)) { |
506 | if (!soa) | |
507 | return 0; | |
ddf16339 | 508 | |
201d9958 LP |
509 | /* For negative replies, check if we have a TTL of a SOA */ |
510 | if (nsec_ttl <= 0 || soa->soa.minimum <= 0 || soa->ttl <= 0) { | |
511 | log_debug("Not caching negative entry with zero SOA/NSEC/NSEC3 TTL: %s", | |
512 | dns_resource_key_to_string(key, key_str, sizeof key_str)); | |
513 | return 0; | |
514 | } | |
515 | } else if (rcode != DNS_RCODE_SERVFAIL) | |
7e8e0422 LP |
516 | return 0; |
517 | ||
623a4c97 | 518 | r = dns_cache_init(c); |
322345fd LP |
519 | if (r < 0) |
520 | return r; | |
521 | ||
522 | dns_cache_make_space(c, 1); | |
523 | ||
524 | i = new0(DnsCacheItem, 1); | |
525 | if (!i) | |
526 | return -ENOMEM; | |
527 | ||
201d9958 LP |
528 | i->type = |
529 | rcode == DNS_RCODE_SUCCESS ? DNS_CACHE_NODATA : | |
530 | rcode == DNS_RCODE_NXDOMAIN ? DNS_CACHE_NXDOMAIN : DNS_CACHE_RCODE; | |
531 | i->until = | |
532 | i->type == DNS_CACHE_RCODE ? timestamp + CACHE_TTL_STRANGE_RCODE_USEC : | |
533 | calculate_until(soa, nsec_ttl, timestamp, true); | |
d2579eec | 534 | i->authenticated = authenticated; |
a4076574 LP |
535 | i->owner_family = owner_family; |
536 | i->owner_address = *owner_address; | |
d2579eec | 537 | i->prioq_idx = PRIOQ_IDX_NULL; |
201d9958 | 538 | i->rcode = rcode; |
322345fd | 539 | |
71e13669 TG |
540 | if (i->type == DNS_CACHE_NXDOMAIN) { |
541 | /* NXDOMAIN entries should apply equally to all types, so we use ANY as | |
542 | * a pseudo type for this purpose here. */ | |
1c02e7ba | 543 | i->key = dns_resource_key_new(key->class, DNS_TYPE_ANY, dns_resource_key_name(key)); |
71e13669 TG |
544 | if (!i->key) |
545 | return -ENOMEM; | |
a5444ca9 LP |
546 | |
547 | /* Make sure to remove any previous entry for this | |
548 | * specific ANY key. (For non-ANY keys the cache data | |
549 | * is already cleared by the caller.) Note that we | |
550 | * don't bother removing positive or NODATA cache | |
551 | * items in this case, because it would either be slow | |
552 | * or require explicit indexing by name */ | |
553 | dns_cache_remove_by_key(c, key); | |
71e13669 TG |
554 | } else |
555 | i->key = dns_resource_key_ref(key); | |
556 | ||
7e8e0422 | 557 | r = dns_cache_link_item(c, i); |
322345fd LP |
558 | if (r < 0) |
559 | return r; | |
560 | ||
202b76ae | 561 | log_debug("Added %s cache entry for %s "USEC_FMT"s", |
201d9958 | 562 | dns_cache_item_type_to_string(i), |
202b76ae ZJS |
563 | dns_resource_key_to_string(i->key, key_str, sizeof key_str), |
564 | (i->until - timestamp) / USEC_PER_SEC); | |
6b34a6c9 | 565 | |
322345fd | 566 | i = NULL; |
322345fd LP |
567 | return 0; |
568 | } | |
569 | ||
d2579eec LP |
570 | static void dns_cache_remove_previous( |
571 | DnsCache *c, | |
572 | DnsResourceKey *key, | |
573 | DnsAnswer *answer) { | |
574 | ||
575 | DnsResourceRecord *rr; | |
576 | DnsAnswerFlags flags; | |
577 | ||
578 | assert(c); | |
579 | ||
580 | /* First, if we were passed a key (i.e. on LLMNR/DNS, but | |
581 | * not on mDNS), delete all matching old RRs, so that we only | |
582 | * keep complete by_key in place. */ | |
583 | if (key) | |
2dda578f | 584 | dns_cache_remove_by_key(c, key); |
d2579eec LP |
585 | |
586 | /* Second, flush all entries matching the answer, unless this | |
587 | * is an RR that is explicitly marked to be "shared" between | |
588 | * peers (i.e. mDNS RRs without the flush-cache bit set). */ | |
589 | DNS_ANSWER_FOREACH_FLAGS(rr, flags, answer) { | |
590 | if ((flags & DNS_ANSWER_CACHEABLE) == 0) | |
591 | continue; | |
592 | ||
593 | if (flags & DNS_ANSWER_SHARED_OWNER) | |
594 | continue; | |
595 | ||
2dda578f | 596 | dns_cache_remove_by_key(c, rr->key); |
d2579eec LP |
597 | } |
598 | } | |
599 | ||
f6618dcd LP |
600 | static bool rr_eligible(DnsResourceRecord *rr) { |
601 | assert(rr); | |
602 | ||
603 | /* When we see an NSEC/NSEC3 RR, we'll only cache it if it is from the lower zone, not the upper zone, since | |
604 | * that's where the interesting bits are (with exception of DS RRs). Of course, this way we cannot derive DS | |
605 | * existence from any cached NSEC/NSEC3, but that should be fine. */ | |
606 | ||
607 | switch (rr->key->type) { | |
608 | ||
609 | case DNS_TYPE_NSEC: | |
610 | return !bitmap_isset(rr->nsec.types, DNS_TYPE_NS) || | |
611 | bitmap_isset(rr->nsec.types, DNS_TYPE_SOA); | |
612 | ||
613 | case DNS_TYPE_NSEC3: | |
614 | return !bitmap_isset(rr->nsec3.types, DNS_TYPE_NS) || | |
615 | bitmap_isset(rr->nsec3.types, DNS_TYPE_SOA); | |
616 | ||
617 | default: | |
618 | return true; | |
619 | } | |
620 | } | |
621 | ||
a4076574 LP |
622 | int dns_cache_put( |
623 | DnsCache *c, | |
37d7a7d9 | 624 | DnsCacheMode cache_mode, |
8e427d9b | 625 | DnsResourceKey *key, |
a4076574 LP |
626 | int rcode, |
627 | DnsAnswer *answer, | |
931851e8 | 628 | bool authenticated, |
d3760be0 | 629 | uint32_t nsec_ttl, |
a4076574 LP |
630 | usec_t timestamp, |
631 | int owner_family, | |
632 | const union in_addr_union *owner_address) { | |
633 | ||
02c2857b | 634 | DnsResourceRecord *soa = NULL, *rr; |
201d9958 | 635 | bool weird_rcode = false; |
105e1512 LP |
636 | DnsAnswerFlags flags; |
637 | unsigned cache_keys; | |
06d12754 | 638 | int r, ifindex; |
322345fd LP |
639 | |
640 | assert(c); | |
d2579eec | 641 | assert(owner_address); |
322345fd | 642 | |
d2579eec | 643 | dns_cache_remove_previous(c, key, answer); |
0ec7c46e | 644 | |
201d9958 LP |
645 | /* We only care for positive replies and NXDOMAINs, on all other replies we will simply flush the respective |
646 | * entries, and that's it. (Well, with one further exception: since some DNS zones (akamai!) return SERVFAIL | |
647 | * consistently for some lookups, and forwarders tend to propagate that we'll cache that too, but only for a | |
648 | * short time.) */ | |
6ff01a0d | 649 | |
201d9958 | 650 | if (IN_SET(rcode, DNS_RCODE_SUCCESS, DNS_RCODE_NXDOMAIN)) { |
201d9958 | 651 | if (dns_answer_size(answer) <= 0) { |
e55fc5b0 YW |
652 | if (key) { |
653 | char key_str[DNS_RESOURCE_KEY_STRING_MAX]; | |
201d9958 | 654 | |
e55fc5b0 YW |
655 | log_debug("Not caching negative entry without a SOA record: %s", |
656 | dns_resource_key_to_string(key, key_str, sizeof key_str)); | |
657 | } | |
201d9958 LP |
658 | return 0; |
659 | } | |
660 | ||
661 | } else { | |
662 | /* Only cache SERVFAIL as "weird" rcode for now. We can add more later, should that turn out to be | |
663 | * beneficial. */ | |
664 | if (rcode != DNS_RCODE_SERVFAIL) | |
665 | return 0; | |
666 | ||
667 | weird_rcode = true; | |
c3cb6dc2 | 668 | } |
0ec7c46e | 669 | |
ea207b63 | 670 | cache_keys = dns_answer_size(answer); |
8e427d9b | 671 | if (key) |
313cefa1 | 672 | cache_keys++; |
eff91ee0 | 673 | |
7e8e0422 | 674 | /* Make some space for our new entries */ |
eff91ee0 | 675 | dns_cache_make_space(c, cache_keys); |
322345fd | 676 | |
7e8e0422 | 677 | if (timestamp <= 0) |
240b589b | 678 | timestamp = now(clock_boottime_or_monotonic()); |
322345fd | 679 | |
7e8e0422 | 680 | /* Second, add in positive entries for all contained RRs */ |
06d12754 | 681 | DNS_ANSWER_FOREACH_FULL(rr, ifindex, flags, answer) { |
fa6a69d7 YW |
682 | if ((flags & DNS_ANSWER_CACHEABLE) == 0 || |
683 | !rr_eligible(rr)) | |
f6618dcd LP |
684 | continue; |
685 | ||
d2579eec LP |
686 | r = dns_cache_put_positive( |
687 | c, | |
688 | rr, | |
689 | flags & DNS_ANSWER_AUTHENTICATED, | |
690 | flags & DNS_ANSWER_SHARED_OWNER, | |
691 | timestamp, | |
06d12754 | 692 | ifindex, |
d2579eec | 693 | owner_family, owner_address); |
7e8e0422 LP |
694 | if (r < 0) |
695 | goto fail; | |
696 | } | |
697 | ||
d2579eec | 698 | if (!key) /* mDNS doesn't know negative caching, really */ |
eff91ee0 DM |
699 | return 0; |
700 | ||
8e427d9b | 701 | /* Third, add in negative entries if the key has no RR */ |
105e1512 | 702 | r = dns_answer_match_key(answer, key, NULL); |
8e427d9b TG |
703 | if (r < 0) |
704 | goto fail; | |
705 | if (r > 0) | |
706 | return 0; | |
7e8e0422 | 707 | |
5d27351f TG |
708 | /* But not if it has a matching CNAME/DNAME (the negative |
709 | * caching will be done on the canonical name, not on the | |
710 | * alias) */ | |
105e1512 | 711 | r = dns_answer_find_cname_or_dname(answer, key, NULL, NULL); |
5d27351f TG |
712 | if (r < 0) |
713 | goto fail; | |
714 | if (r > 0) | |
715 | return 0; | |
716 | ||
201d9958 LP |
717 | /* See https://tools.ietf.org/html/rfc2308, which say that a matching SOA record in the packet is used to |
718 | * enable negative caching. We apply one exception though: if we are about to cache a weird rcode we do so | |
719 | * regardless of a SOA. */ | |
fd009cd8 | 720 | r = dns_answer_find_soa(answer, key, &soa, &flags); |
8e427d9b TG |
721 | if (r < 0) |
722 | goto fail; | |
201d9958 | 723 | if (r == 0 && !weird_rcode) |
fd009cd8 | 724 | return 0; |
201d9958 LP |
725 | if (r > 0) { |
726 | /* Refuse using the SOA data if it is unsigned, but the key is | |
727 | * signed */ | |
728 | if (authenticated && (flags & DNS_ANSWER_AUTHENTICATED) == 0) | |
729 | return 0; | |
730 | } | |
fd009cd8 | 731 | |
37d7a7d9 JN |
732 | if (cache_mode == DNS_CACHE_MODE_NO_NEGATIVE) { |
733 | char key_str[DNS_RESOURCE_KEY_STRING_MAX]; | |
734 | log_debug("Not caching negative entry for: %s, cache mode set to no-negative", | |
735 | dns_resource_key_to_string(key, key_str, sizeof key_str)); | |
736 | return 0; | |
737 | } | |
738 | ||
d2579eec LP |
739 | r = dns_cache_put_negative( |
740 | c, | |
741 | key, | |
742 | rcode, | |
743 | authenticated, | |
d3760be0 | 744 | nsec_ttl, |
d2579eec | 745 | timestamp, |
b211dc7e | 746 | soa, |
d2579eec | 747 | owner_family, owner_address); |
8e427d9b TG |
748 | if (r < 0) |
749 | goto fail; | |
322345fd LP |
750 | |
751 | return 0; | |
752 | ||
753 | fail: | |
754 | /* Adding all RRs failed. Let's clean up what we already | |
755 | * added, just in case */ | |
756 | ||
8e427d9b | 757 | if (key) |
2dda578f | 758 | dns_cache_remove_by_key(c, key); |
eff91ee0 | 759 | |
105e1512 LP |
760 | DNS_ANSWER_FOREACH_FLAGS(rr, flags, answer) { |
761 | if ((flags & DNS_ANSWER_CACHEABLE) == 0) | |
762 | continue; | |
763 | ||
2dda578f | 764 | dns_cache_remove_by_key(c, rr->key); |
105e1512 | 765 | } |
322345fd LP |
766 | |
767 | return r; | |
768 | } | |
769 | ||
37da8931 | 770 | static DnsCacheItem *dns_cache_get_by_key_follow_cname_dname_nsec(DnsCache *c, DnsResourceKey *k) { |
58db254a LP |
771 | DnsCacheItem *i; |
772 | const char *n; | |
773 | int r; | |
5643c00a TG |
774 | |
775 | assert(c); | |
776 | assert(k); | |
777 | ||
58db254a LP |
778 | /* If we hit some OOM error, or suchlike, we don't care too |
779 | * much, after all this is just a cache */ | |
780 | ||
5643c00a | 781 | i = hashmap_get(c->by_key, k); |
d7ce6c94 | 782 | if (i) |
37da8931 LP |
783 | return i; |
784 | ||
1c02e7ba | 785 | n = dns_resource_key_name(k); |
37da8931 | 786 | |
71e13669 TG |
787 | /* Check if we have an NXDOMAIN cache item for the name, notice that we use |
788 | * the pseudo-type ANY for NXDOMAIN cache items. */ | |
789 | i = hashmap_get(c->by_key, &DNS_RESOURCE_KEY_CONST(k->class, DNS_TYPE_ANY, n)); | |
790 | if (i && i->type == DNS_CACHE_NXDOMAIN) | |
791 | return i; | |
792 | ||
d3c7e913 | 793 | if (dns_type_may_redirect(k->type)) { |
d7ce6c94 TG |
794 | /* Check if we have a CNAME record instead */ |
795 | i = hashmap_get(c->by_key, &DNS_RESOURCE_KEY_CONST(k->class, DNS_TYPE_CNAME, n)); | |
3740146a | 796 | if (i && i->type != DNS_CACHE_NODATA) |
d7ce6c94 | 797 | return i; |
5643c00a | 798 | |
d7ce6c94 TG |
799 | /* OK, let's look for cached DNAME records. */ |
800 | for (;;) { | |
d7ce6c94 TG |
801 | if (isempty(n)) |
802 | return NULL; | |
803 | ||
804 | i = hashmap_get(c->by_key, &DNS_RESOURCE_KEY_CONST(k->class, DNS_TYPE_DNAME, n)); | |
3740146a | 805 | if (i && i->type != DNS_CACHE_NODATA) |
d7ce6c94 | 806 | return i; |
58db254a | 807 | |
d7ce6c94 | 808 | /* Jump one label ahead */ |
950b692b | 809 | r = dns_name_parent(&n); |
d7ce6c94 TG |
810 | if (r <= 0) |
811 | return NULL; | |
812 | } | |
813 | } | |
5643c00a | 814 | |
950b692b | 815 | if (k->type != DNS_TYPE_NSEC) { |
d7ce6c94 TG |
816 | /* Check if we have an NSEC record instead for the name. */ |
817 | i = hashmap_get(c->by_key, &DNS_RESOURCE_KEY_CONST(k->class, DNS_TYPE_NSEC, n)); | |
58db254a LP |
818 | if (i) |
819 | return i; | |
58db254a LP |
820 | } |
821 | ||
822 | return NULL; | |
5643c00a TG |
823 | } |
824 | ||
17c8de63 | 825 | int dns_cache_lookup(DnsCache *c, DnsResourceKey *key, bool clamp_ttl, int *rcode, DnsAnswer **ret, bool *authenticated) { |
faa133f3 | 826 | _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL; |
202b76ae | 827 | char key_str[DNS_RESOURCE_KEY_STRING_MAX]; |
f52e61da | 828 | unsigned n = 0; |
322345fd | 829 | int r; |
7e8e0422 | 830 | bool nxdomain = false; |
931851e8 LP |
831 | DnsCacheItem *j, *first, *nsec = NULL; |
832 | bool have_authenticated = false, have_non_authenticated = false; | |
17c8de63 | 833 | usec_t current; |
201d9958 | 834 | int found_rcode = -1; |
322345fd LP |
835 | |
836 | assert(c); | |
f52e61da | 837 | assert(key); |
623a4c97 | 838 | assert(rcode); |
faa133f3 | 839 | assert(ret); |
931851e8 | 840 | assert(authenticated); |
322345fd | 841 | |
202b76ae | 842 | if (key->type == DNS_TYPE_ANY || key->class == DNS_CLASS_ANY) { |
931851e8 LP |
843 | /* If we have ANY lookups we don't use the cache, so |
844 | * that the caller refreshes via the network. */ | |
322345fd | 845 | |
202b76ae ZJS |
846 | log_debug("Ignoring cache for ANY lookup: %s", |
847 | dns_resource_key_to_string(key, key_str, sizeof key_str)); | |
6b34a6c9 | 848 | |
a150ff5e LP |
849 | c->n_miss++; |
850 | ||
f52e61da LP |
851 | *ret = NULL; |
852 | *rcode = DNS_RCODE_SUCCESS; | |
2d4a4e14 LP |
853 | *authenticated = false; |
854 | ||
f52e61da LP |
855 | return 0; |
856 | } | |
6b34a6c9 | 857 | |
37da8931 | 858 | first = dns_cache_get_by_key_follow_cname_dname_nsec(c, key); |
f52e61da LP |
859 | if (!first) { |
860 | /* If one question cannot be answered we need to refresh */ | |
ddf16339 | 861 | |
202b76ae ZJS |
862 | log_debug("Cache miss for %s", |
863 | dns_resource_key_to_string(key, key_str, sizeof key_str)); | |
6b34a6c9 | 864 | |
a150ff5e LP |
865 | c->n_miss++; |
866 | ||
f52e61da LP |
867 | *ret = NULL; |
868 | *rcode = DNS_RCODE_SUCCESS; | |
2d4a4e14 LP |
869 | *authenticated = false; |
870 | ||
f52e61da LP |
871 | return 0; |
872 | } | |
6b34a6c9 | 873 | |
f52e61da | 874 | LIST_FOREACH(by_key, j, first) { |
37da8931 LP |
875 | if (j->rr) { |
876 | if (j->rr->key->type == DNS_TYPE_NSEC) | |
931851e8 LP |
877 | nsec = j; |
878 | ||
f52e61da | 879 | n++; |
37da8931 | 880 | } else if (j->type == DNS_CACHE_NXDOMAIN) |
f52e61da | 881 | nxdomain = true; |
201d9958 LP |
882 | else if (j->type == DNS_CACHE_RCODE) |
883 | found_rcode = j->rcode; | |
931851e8 LP |
884 | |
885 | if (j->authenticated) | |
886 | have_authenticated = true; | |
887 | else | |
888 | have_non_authenticated = true; | |
f52e61da | 889 | } |
6b34a6c9 | 890 | |
201d9958 LP |
891 | if (found_rcode >= 0) { |
892 | log_debug("RCODE %s cache hit for %s", | |
893 | dns_rcode_to_string(found_rcode), | |
894 | dns_resource_key_to_string(key, key_str, sizeof(key_str))); | |
895 | ||
896 | *ret = NULL; | |
897 | *rcode = found_rcode; | |
898 | *authenticated = false; | |
899 | ||
900 | c->n_hit++; | |
901 | return 1; | |
902 | } | |
903 | ||
f6618dcd LP |
904 | if (nsec && !IN_SET(key->type, DNS_TYPE_NSEC, DNS_TYPE_DS)) { |
905 | /* Note that we won't derive information for DS RRs from an NSEC, because we only cache NSEC RRs from | |
906 | * the lower-zone of a zone cut, but the DS RRs are on the upper zone. */ | |
907 | ||
202b76ae ZJS |
908 | log_debug("NSEC NODATA cache hit for %s", |
909 | dns_resource_key_to_string(key, key_str, sizeof key_str)); | |
37da8931 LP |
910 | |
911 | /* We only found an NSEC record that matches our name. | |
a257f9d4 | 912 | * If it says the type doesn't exist report |
37da8931 LP |
913 | * NODATA. Otherwise report a cache miss. */ |
914 | ||
915 | *ret = NULL; | |
916 | *rcode = DNS_RCODE_SUCCESS; | |
931851e8 | 917 | *authenticated = nsec->authenticated; |
37da8931 | 918 | |
a150ff5e LP |
919 | if (!bitmap_isset(nsec->rr->nsec.types, key->type) && |
920 | !bitmap_isset(nsec->rr->nsec.types, DNS_TYPE_CNAME) && | |
921 | !bitmap_isset(nsec->rr->nsec.types, DNS_TYPE_DNAME)) { | |
922 | c->n_hit++; | |
923 | return 1; | |
924 | } | |
925 | ||
926 | c->n_miss++; | |
927 | return 0; | |
37da8931 LP |
928 | } |
929 | ||
202b76ae ZJS |
930 | log_debug("%s cache hit for %s", |
931 | n > 0 ? "Positive" : | |
932 | nxdomain ? "NXDOMAIN" : "NODATA", | |
933 | dns_resource_key_to_string(key, key_str, sizeof key_str)); | |
faa133f3 | 934 | |
7e8e0422 | 935 | if (n <= 0) { |
a150ff5e LP |
936 | c->n_hit++; |
937 | ||
7e8e0422 LP |
938 | *ret = NULL; |
939 | *rcode = nxdomain ? DNS_RCODE_NXDOMAIN : DNS_RCODE_SUCCESS; | |
931851e8 | 940 | *authenticated = have_authenticated && !have_non_authenticated; |
7e8e0422 LP |
941 | return 1; |
942 | } | |
faa133f3 LP |
943 | |
944 | answer = dns_answer_new(n); | |
945 | if (!answer) | |
946 | return -ENOMEM; | |
322345fd | 947 | |
17c8de63 LP |
948 | if (clamp_ttl) |
949 | current = now(clock_boottime_or_monotonic()); | |
950 | ||
f52e61da | 951 | LIST_FOREACH(by_key, j, first) { |
17c8de63 LP |
952 | _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL; |
953 | ||
f52e61da LP |
954 | if (!j->rr) |
955 | continue; | |
956 | ||
17c8de63 LP |
957 | if (clamp_ttl) { |
958 | rr = dns_resource_record_ref(j->rr); | |
959 | ||
960 | r = dns_resource_record_clamp_ttl(&rr, LESS_BY(j->until, current) / USEC_PER_SEC); | |
961 | if (r < 0) | |
962 | return r; | |
963 | } | |
964 | ||
965 | r = dns_answer_add(answer, rr ?: j->rr, j->ifindex, j->authenticated ? DNS_ANSWER_AUTHENTICATED : 0); | |
f52e61da LP |
966 | if (r < 0) |
967 | return r; | |
322345fd LP |
968 | } |
969 | ||
a150ff5e LP |
970 | c->n_hit++; |
971 | ||
faa133f3 | 972 | *ret = answer; |
7e8e0422 | 973 | *rcode = DNS_RCODE_SUCCESS; |
931851e8 | 974 | *authenticated = have_authenticated && !have_non_authenticated; |
faa133f3 LP |
975 | answer = NULL; |
976 | ||
977 | return n; | |
322345fd | 978 | } |
a4076574 LP |
979 | |
980 | int dns_cache_check_conflicts(DnsCache *cache, DnsResourceRecord *rr, int owner_family, const union in_addr_union *owner_address) { | |
981 | DnsCacheItem *i, *first; | |
982 | bool same_owner = true; | |
983 | ||
984 | assert(cache); | |
985 | assert(rr); | |
986 | ||
987 | dns_cache_prune(cache); | |
988 | ||
989 | /* See if there's a cache entry for the same key. If there | |
990 | * isn't there's no conflict */ | |
991 | first = hashmap_get(cache->by_key, rr->key); | |
992 | if (!first) | |
993 | return 0; | |
994 | ||
995 | /* See if the RR key is owned by the same owner, if so, there | |
996 | * isn't a conflict either */ | |
997 | LIST_FOREACH(by_key, i, first) { | |
998 | if (i->owner_family != owner_family || | |
999 | !in_addr_equal(owner_family, &i->owner_address, owner_address)) { | |
1000 | same_owner = false; | |
1001 | break; | |
1002 | } | |
1003 | } | |
1004 | if (same_owner) | |
1005 | return 0; | |
1006 | ||
1007 | /* See if there's the exact same RR in the cache. If yes, then | |
1008 | * there's no conflict. */ | |
1009 | if (dns_cache_get(cache, rr)) | |
1010 | return 0; | |
1011 | ||
1012 | /* There's a conflict */ | |
1013 | return 1; | |
1014 | } | |
4d506d6b | 1015 | |
7778dfff DM |
1016 | int dns_cache_export_shared_to_packet(DnsCache *cache, DnsPacket *p) { |
1017 | unsigned ancount = 0; | |
1018 | Iterator iterator; | |
1019 | DnsCacheItem *i; | |
1020 | int r; | |
1021 | ||
1022 | assert(cache); | |
261f3673 | 1023 | assert(p); |
7778dfff DM |
1024 | |
1025 | HASHMAP_FOREACH(i, cache->by_key, iterator) { | |
1026 | DnsCacheItem *j; | |
1027 | ||
1028 | LIST_FOREACH(by_key, j, i) { | |
7778dfff DM |
1029 | if (!j->rr) |
1030 | continue; | |
1031 | ||
d2579eec | 1032 | if (!j->shared_owner) |
7778dfff DM |
1033 | continue; |
1034 | ||
58ab31d5 | 1035 | r = dns_packet_append_rr(p, j->rr, 0, NULL, NULL); |
261f3673 DM |
1036 | if (r == -EMSGSIZE && p->protocol == DNS_PROTOCOL_MDNS) { |
1037 | /* For mDNS, if we're unable to stuff all known answers into the given packet, | |
1038 | * allocate a new one, push the RR into that one and link it to the current one. | |
1039 | */ | |
1040 | ||
1041 | DNS_PACKET_HEADER(p)->ancount = htobe16(ancount); | |
1042 | ancount = 0; | |
1043 | ||
1044 | r = dns_packet_new_query(&p->more, p->protocol, 0, true); | |
1045 | if (r < 0) | |
1046 | return r; | |
1047 | ||
1048 | /* continue with new packet */ | |
1049 | p = p->more; | |
58ab31d5 | 1050 | r = dns_packet_append_rr(p, j->rr, 0, NULL, NULL); |
261f3673 DM |
1051 | } |
1052 | ||
7778dfff DM |
1053 | if (r < 0) |
1054 | return r; | |
1055 | ||
313cefa1 | 1056 | ancount++; |
7778dfff DM |
1057 | } |
1058 | } | |
1059 | ||
1060 | DNS_PACKET_HEADER(p)->ancount = htobe16(ancount); | |
1061 | ||
1062 | return 0; | |
1063 | } | |
1064 | ||
4d506d6b LP |
1065 | void dns_cache_dump(DnsCache *cache, FILE *f) { |
1066 | Iterator iterator; | |
1067 | DnsCacheItem *i; | |
4d506d6b LP |
1068 | |
1069 | if (!cache) | |
1070 | return; | |
1071 | ||
1072 | if (!f) | |
1073 | f = stdout; | |
1074 | ||
1075 | HASHMAP_FOREACH(i, cache->by_key, iterator) { | |
1076 | DnsCacheItem *j; | |
1077 | ||
1078 | LIST_FOREACH(by_key, j, i) { | |
4d506d6b LP |
1079 | |
1080 | fputc('\t', f); | |
1081 | ||
1082 | if (j->rr) { | |
7b50eb2e LP |
1083 | const char *t; |
1084 | t = dns_resource_record_to_string(j->rr); | |
1085 | if (!t) { | |
4d506d6b LP |
1086 | log_oom(); |
1087 | continue; | |
1088 | } | |
1089 | ||
1090 | fputs(t, f); | |
1091 | fputc('\n', f); | |
1092 | } else { | |
202b76ae | 1093 | char key_str[DNS_RESOURCE_KEY_STRING_MAX]; |
4d506d6b | 1094 | |
202b76ae | 1095 | fputs(dns_resource_key_to_string(j->key, key_str, sizeof key_str), f); |
4d506d6b | 1096 | fputs(" -- ", f); |
201d9958 | 1097 | fputs(dns_cache_item_type_to_string(j), f); |
4d506d6b LP |
1098 | fputc('\n', f); |
1099 | } | |
1100 | } | |
1101 | } | |
1102 | } | |
1103 | ||
1104 | bool dns_cache_is_empty(DnsCache *cache) { | |
1105 | if (!cache) | |
1106 | return true; | |
1107 | ||
1108 | return hashmap_isempty(cache->by_key); | |
1109 | } | |
a150ff5e LP |
1110 | |
1111 | unsigned dns_cache_size(DnsCache *cache) { | |
1112 | if (!cache) | |
1113 | return 0; | |
1114 | ||
1115 | return hashmap_size(cache->by_key); | |
1116 | } |