[thirdparty/systemd.git] / src / resolve / resolved-dns-server.h

/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once

#include "forward.h"
#include "in-addr-util.h"
#include "list.h"
#include "resolved-conf.h"
#include "resolved-dnstls.h"
#include "resolved-forward.h"

typedef enum DnsServerType {
        DNS_SERVER_SYSTEM,
        DNS_SERVER_FALLBACK,
        DNS_SERVER_LINK,
        DNS_SERVER_DELEGATE,
        _DNS_SERVER_TYPE_MAX,
        _DNS_SERVER_TYPE_INVALID = -EINVAL,
} DnsServerType;

const char* dns_server_type_to_string(DnsServerType i) _const_;
DnsServerType dns_server_type_from_string(const char *s) _pure_;

typedef enum DnsServerFeatureLevel {
        DNS_SERVER_FEATURE_LEVEL_TCP,
        DNS_SERVER_FEATURE_LEVEL_UDP,
        DNS_SERVER_FEATURE_LEVEL_EDNS0,
        DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN,
        DNS_SERVER_FEATURE_LEVEL_DO,
        DNS_SERVER_FEATURE_LEVEL_TLS_DO,
        _DNS_SERVER_FEATURE_LEVEL_MAX,
        _DNS_SERVER_FEATURE_LEVEL_INVALID = -EINVAL,
} DnsServerFeatureLevel;

#define DNS_SERVER_FEATURE_LEVEL_WORST 0
#define DNS_SERVER_FEATURE_LEVEL_BEST (_DNS_SERVER_FEATURE_LEVEL_MAX - 1)
#define DNS_SERVER_FEATURE_LEVEL_IS_EDNS0(x) ((x) >= DNS_SERVER_FEATURE_LEVEL_EDNS0)
#define DNS_SERVER_FEATURE_LEVEL_IS_TLS(x) IN_SET(x, DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN, DNS_SERVER_FEATURE_LEVEL_TLS_DO)
#define DNS_SERVER_FEATURE_LEVEL_IS_DNSSEC(x) ((x) >= DNS_SERVER_FEATURE_LEVEL_DO)
#define DNS_SERVER_FEATURE_LEVEL_IS_UDP(x) IN_SET(x, DNS_SERVER_FEATURE_LEVEL_UDP, DNS_SERVER_FEATURE_LEVEL_EDNS0, DNS_SERVER_FEATURE_LEVEL_DO)

const char* dns_server_feature_level_to_string(DnsServerFeatureLevel i) _const_;
DnsServerFeatureLevel dns_server_feature_level_from_string(const char *s) _pure_;

typedef struct DnsServer {
        Manager *manager;

        unsigned n_ref;

        DnsServerType type;
        Link *link;
        DnsDelegate *delegate;

        int family;
        union in_addr_union address;
        int ifindex; /* for IPv6 link-local DNS servers */
        uint16_t port;
        char *server_name;

        char *server_string;
        char *server_string_full;

        /* The long-lived stream towards this server. */
        DnsStream *stream;

#if ENABLE_DNS_OVER_TLS
        DnsTlsServerData dnstls_data;
#endif

        DnsServerFeatureLevel verified_feature_level;
        DnsServerFeatureLevel possible_feature_level;

        size_t received_udp_fragment_max;   /* largest packet or fragment (without IP/UDP header) we saw so far */

        unsigned n_failed_udp;
        unsigned n_failed_tcp;
        unsigned n_failed_tls;

        bool packet_truncated:1;        /* Set when TC bit was set on reply */
        bool packet_bad_opt:1;          /* Set when OPT was missing or otherwise bad on reply */
        bool packet_rrsig_missing:1;    /* Set when RRSIG was missing */
        bool packet_invalid:1;          /* Set when we failed to parse a reply */
        bool packet_do_off:1;           /* Set when the server didn't copy DNSSEC DO flag from request to response */
        bool packet_fragmented:1;       /* Set when we ever saw a fragmented packet */

        usec_t verified_usec;
        usec_t features_grace_period_usec;

        /* Whether we already warned about downgrading to non-DNSSEC mode for this server */
        bool warned_downgrade:1;

        /* Used when GC'ing old DNS servers when configuration changes. */
        bool marked:1;

        /* If linked is set, then this server appears in the servers linked list */
        bool linked:1;
        LIST_FIELDS(DnsServer, servers);

        /* Servers registered via D-Bus are not removed on reload */
        ResolveConfigSource config_source;

        /* Tri-state to indicate if the DNS server is accessible. */
        int accessible;
} DnsServer;

int dns_server_new(
                Manager *m,
                DnsServer **ret,
                DnsServerType type,
                Link *link,
                DnsDelegate *delegate,
                int family,
                const union in_addr_union *address,
                uint16_t port,
                int ifindex,
                const char *server_string,
                ResolveConfigSource config_source);

DnsServer* dns_server_ref(DnsServer *s);
DnsServer* dns_server_unref(DnsServer *s);

void dns_server_unlink(DnsServer *s);
void dns_server_move_back_and_unmark(DnsServer *s);

void dns_server_packet_received(DnsServer *s, int protocol, DnsServerFeatureLevel level, size_t fragsize);
void dns_server_packet_lost(DnsServer *s, int protocol, DnsServerFeatureLevel level);
void dns_server_packet_truncated(DnsServer *s, DnsServerFeatureLevel level);
void dns_server_packet_rrsig_missing(DnsServer *s, DnsServerFeatureLevel level);
void dns_server_packet_bad_opt(DnsServer *s, DnsServerFeatureLevel level);
void dns_server_packet_rcode_downgrade(DnsServer *s, DnsServerFeatureLevel level);
void dns_server_packet_invalid(DnsServer *s, DnsServerFeatureLevel level);
void dns_server_packet_do_off(DnsServer *s, DnsServerFeatureLevel level);
void dns_server_packet_udp_fragmented(DnsServer *s, size_t fragsize);

DnsServerFeatureLevel dns_server_possible_feature_level(DnsServer *s);

int dns_server_adjust_opt(DnsServer *server, DnsPacket *packet, DnsServerFeatureLevel level);

const char* dns_server_string(DnsServer *server);
const char* dns_server_string_full(DnsServer *server);
int dns_server_ifindex(const DnsServer *s);
uint16_t dns_server_port(const DnsServer *s);

bool dns_server_dnssec_supported(DnsServer *server);

void dns_server_warn_downgrade(DnsServer *server);

DnsServer *dns_server_find(DnsServer *first, int family, const union in_addr_union *in_addr, uint16_t port, int ifindex, const char *name);

void dns_server_unlink_all(DnsServer *first);
void dns_server_unlink_on_reload(DnsServer *server);
bool dns_server_unlink_marked(DnsServer *first);
void dns_server_mark_all(DnsServer *first);

int manager_parse_search_domains_and_warn(Manager *m, const char *string);
int manager_parse_dns_server_string_and_warn(Manager *m, DnsServerType type, const char *string);

DnsServer *manager_get_first_dns_server(Manager *m, DnsServerType t);

DnsServer *manager_set_dns_server(Manager *m, DnsServer *s);
DnsServer *manager_get_dns_server(Manager *m);
void manager_next_dns_server(Manager *m, DnsServer *if_current);

DnssecMode dns_server_get_dnssec_mode(DnsServer *s);
DnsOverTlsMode dns_server_get_dns_over_tls_mode(DnsServer *s);

size_t dns_server_get_mtu(DnsServer *s);

DEFINE_TRIVIAL_CLEANUP_FUNC(DnsServer*, dns_server_unref);

extern const struct hash_ops dns_server_hash_ops;

void dns_server_flush_cache(DnsServer *s);

void dns_server_reset_features(DnsServer *s);
void dns_server_reset_features_all(DnsServer *s);

void dns_server_dump(DnsServer *s, FILE *f);

void dns_server_unref_stream(DnsServer *s);

DnsScope *dns_server_scope(DnsServer *s);

static inline bool dns_server_is_fallback(DnsServer *s) {
        return s && s->type == DNS_SERVER_FALLBACK;
}

int dns_server_dump_state_to_json(DnsServer *server, sd_json_variant **ret);
int dns_server_dump_configuration_to_json(DnsServer *server, sd_json_variant **ret);

int dns_server_is_accessible(DnsServer *s);
static inline void dns_server_reset_accessible(DnsServer *s) {
        s->accessible = -1;
}
void dns_server_reset_accessible_all(DnsServer *first);
Commit	Line	Data
db9ecf05	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
74b2466e LP	2	#pragma once
74b2466e LP	3
284d7641	4	#include "forward.h"
3c0cf502	5	#include "in-addr-util.h"
be28f72d	6	#include "list.h"
68527d30 DDM	7	#include "resolved-conf.h"
68527d30 DDM	8	#include "resolved-dnstls.h"
284d7641	9	#include "resolved-forward.h"
be28f72d	10
4e945a6f LP	11	typedef enum DnsServerType {
	12	DNS_SERVER_SYSTEM,
	13	DNS_SERVER_FALLBACK,
	14	DNS_SERVER_LINK,
7928c0e0	15	DNS_SERVER_DELEGATE,
3fe30d85	16	_DNS_SERVER_TYPE_MAX,
2d93c20e	17	_DNS_SERVER_TYPE_INVALID = -EINVAL,
4e945a6f	18	} DnsServerType;
e3309036 ZJS	19
	20	const char* dns_server_type_to_string(DnsServerType i) _const_;
	21	DnsServerType dns_server_type_from_string(const char *s) _pure_;
4e945a6f	22
be808ea0 TG	23	typedef enum DnsServerFeatureLevel {
	24	DNS_SERVER_FEATURE_LEVEL_TCP,
	25	DNS_SERVER_FEATURE_LEVEL_UDP,
9c5e12a4	26	DNS_SERVER_FEATURE_LEVEL_EDNS0,
5d67a7ae	27	DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN,
7586f4d1	28	DNS_SERVER_FEATURE_LEVEL_DO,
5d67a7ae	29	DNS_SERVER_FEATURE_LEVEL_TLS_DO,
be808ea0	30	_DNS_SERVER_FEATURE_LEVEL_MAX,
2d93c20e	31	_DNS_SERVER_FEATURE_LEVEL_INVALID = -EINVAL,
be808ea0 TG	32	} DnsServerFeatureLevel;
	33
	34	#define DNS_SERVER_FEATURE_LEVEL_WORST 0
	35	#define DNS_SERVER_FEATURE_LEVEL_BEST (_DNS_SERVER_FEATURE_LEVEL_MAX - 1)
d8592a4e	36	#define DNS_SERVER_FEATURE_LEVEL_IS_EDNS0(x) ((x) >= DNS_SERVER_FEATURE_LEVEL_EDNS0)
5d67a7ae	37	#define DNS_SERVER_FEATURE_LEVEL_IS_TLS(x) IN_SET(x, DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN, DNS_SERVER_FEATURE_LEVEL_TLS_DO)
2c42a217	38	#define DNS_SERVER_FEATURE_LEVEL_IS_DNSSEC(x) ((x) >= DNS_SERVER_FEATURE_LEVEL_DO)
526fce97	39	#define DNS_SERVER_FEATURE_LEVEL_IS_UDP(x) IN_SET(x, DNS_SERVER_FEATURE_LEVEL_UDP, DNS_SERVER_FEATURE_LEVEL_EDNS0, DNS_SERVER_FEATURE_LEVEL_DO)
be808ea0	40
e14afe31 CR	41	const char* dns_server_feature_level_to_string(DnsServerFeatureLevel i) _const_;
e14afe31 CR	42	DnsServerFeatureLevel dns_server_feature_level_from_string(const char *s) _pure_;
be808ea0	43
284d7641	44	typedef struct DnsServer {
74b2466e	45	Manager *manager;
74b2466e	46
91b14d6f TG	47	unsigned n_ref;
91b14d6f TG	48
4e945a6f	49	DnsServerType type;
3c0cf502	50	Link *link;
7928c0e0	51	DnsDelegate *delegate;
3c0cf502	52
0dd25fb9	53	int family;
74b2466e	54	union in_addr_union address;
2817157b	55	int ifindex; /* for IPv6 link-local DNS servers */
da9de738 YW	56	uint16_t port;
da9de738 YW	57	char *server_name;
74b2466e	58
6cb08a89	59	char *server_string;
8aa5afd2	60	char *server_string_full;
51bc63fe LP	61
51bc63fe LP	62	/* The long-lived stream towards this server. */
98767d75	63	DnsStream *stream;
6cb08a89	64
56ddbf10	65	#if ENABLE_DNS_OVER_TLS
6016fcb0	66	DnsTlsServerData dnstls_data;
5d67a7ae IT	67	#endif
5d67a7ae IT	68
f4461e56 LP	69	DnsServerFeatureLevel verified_feature_level;
f4461e56 LP	70	DnsServerFeatureLevel possible_feature_level;
de54e62b	71
acbf761b	72	size_t received_udp_fragment_max; /* largest packet or fragment (without IP/UDP header) we saw so far */
de54e62b	73
6bb2c085 LP	74	unsigned n_failed_udp;
6bb2c085 LP	75	unsigned n_failed_tcp;
5d67a7ae	76	unsigned n_failed_tls;
de54e62b	77
2c42a217 LP	78	bool packet_truncated:1; /* Set when TC bit was set on reply */
	79	bool packet_bad_opt:1; /* Set when OPT was missing or otherwise bad on reply */
	80	bool packet_rrsig_missing:1; /* Set when RRSIG was missing */
	81	bool packet_invalid:1; /* Set when we failed to parse a reply */
d96275d8	82	bool packet_do_off:1; /* Set when the server didn't copy DNSSEC DO flag from request to response */
acbf761b	83	bool packet_fragmented:1; /* Set when we ever saw a fragmented packet */
de54e62b	84
be808ea0 TG	85	usec_t verified_usec;
be808ea0 TG	86	usec_t features_grace_period_usec;
74b2466e	87
1e02e182 LP	88	/* Whether we already warned about downgrading to non-DNSSEC mode for this server */
	89	bool warned_downgrade:1;
	90
b652d4a2 LP	91	/* Used when GC'ing old DNS servers when configuration changes. */
	92	bool marked:1;
	93
0eac4623 LP	94	/* If linked is set, then this server appears in the servers linked list */
0eac4623 LP	95	bool linked:1;
74b2466e	96	LIST_FIELDS(DnsServer, servers);
14a52176 LB	97
	98	/* Servers registered via D-Bus are not removed on reload */
	99	ResolveConfigSource config_source;
b9335a32 NR	100
	101	/* Tri-state to indicate if the DNS server is accessible. */
	102	int accessible;
284d7641	103	} DnsServer;
74b2466e LP	104
	105	int dns_server_new(
	106	Manager *m,
0b58db65	107	DnsServer **ret,
4e945a6f	108	DnsServerType type,
0b58db65	109	Link *link,
7928c0e0	110	DnsDelegate *delegate,
0dd25fb9	111	int family,
2817157b	112	const union in_addr_union *address,
da9de738	113	uint16_t port,
2e22a54f	114	int ifindex,
14a52176 LB	115	const char *server_string,
14a52176 LB	116	ResolveConfigSource config_source);
74b2466e	117
91b14d6f TG	118	DnsServer* dns_server_ref(DnsServer *s);
91b14d6f TG	119	DnsServer* dns_server_unref(DnsServer *s);
87f5a193	120
0eac4623	121	void dns_server_unlink(DnsServer *s);
0b58db65	122	void dns_server_move_back_and_unmark(DnsServer *s);
0eac4623	123
acbf761b	124	void dns_server_packet_received(DnsServer *s, int protocol, DnsServerFeatureLevel level, size_t fragsize);
3da3cdd5	125	void dns_server_packet_lost(DnsServer *s, int protocol, DnsServerFeatureLevel level);
6bb2c085	126	void dns_server_packet_truncated(DnsServer *s, DnsServerFeatureLevel level);
de54e62b LP	127	void dns_server_packet_rrsig_missing(DnsServer *s, DnsServerFeatureLevel level);
de54e62b LP	128	void dns_server_packet_bad_opt(DnsServer *s, DnsServerFeatureLevel level);
d001e0a3	129	void dns_server_packet_rcode_downgrade(DnsServer *s, DnsServerFeatureLevel level);
2c42a217	130	void dns_server_packet_invalid(DnsServer *s, DnsServerFeatureLevel level);
d96275d8	131	void dns_server_packet_do_off(DnsServer *s, DnsServerFeatureLevel level);
acbf761b	132	void dns_server_packet_udp_fragmented(DnsServer *s, size_t fragsize);
9df3ba6c	133
f4461e56 LP	134	DnsServerFeatureLevel dns_server_possible_feature_level(DnsServer *s);
f4461e56 LP	135
519ef046 LP	136	int dns_server_adjust_opt(DnsServer server, DnsPacket packet, DnsServerFeatureLevel level);
519ef046 LP	137
bfd5a068 ZJS	138	const char* dns_server_string(DnsServer *server);
bfd5a068 ZJS	139	const char* dns_server_string_full(DnsServer *server);
2817157b	140	int dns_server_ifindex(const DnsServer *s);
da9de738	141	uint16_t dns_server_port(const DnsServer *s);
6cb08a89	142
92ec902a LP	143	bool dns_server_dnssec_supported(DnsServer *server);
92ec902a LP	144
1e02e182 LP	145	void dns_server_warn_downgrade(DnsServer *server);
1e02e182 LP	146
1b860092	147	DnsServer dns_server_find(DnsServer first, int family, const union in_addr_union in_addr, uint16_t port, int ifindex, const char name);
4b95f179 LP	148
4b95f179 LP	149	void dns_server_unlink_all(DnsServer *first);
14a52176	150	void dns_server_unlink_on_reload(DnsServer *server);
cbf23f38	151	bool dns_server_unlink_marked(DnsServer *first);
4b95f179	152	void dns_server_mark_all(DnsServer *first);
f2f1dbe5	153
6f502df4 DDM	154	int manager_parse_search_domains_and_warn(Manager m, const char string);
	155	int manager_parse_dns_server_string_and_warn(Manager m, DnsServerType type, const char string);
	156
4b95f179	157	DnsServer manager_get_first_dns_server(Manager m, DnsServerType t);
636e813d	158
0eac4623	159	DnsServer manager_set_dns_server(Manager m, DnsServer *s);
0eac4623	160	DnsServer manager_get_dns_server(Manager m);
5e8bc852	161	void manager_next_dns_server(Manager m, DnsServer if_current);
0eac4623	162
12bf2331	163	DnssecMode dns_server_get_dnssec_mode(DnsServer *s);
c9299be2	164	DnsOverTlsMode dns_server_get_dns_over_tls_mode(DnsServer *s);
12bf2331	165
980821f3 LP	166	size_t dns_server_get_mtu(DnsServer *s);
980821f3 LP	167
8300ba21 TG	168	DEFINE_TRIVIAL_CLEANUP_FUNC(DnsServer*, dns_server_unref);
8300ba21 TG	169
d5099efc	170	extern const struct hash_ops dns_server_hash_ops;
ce7c8b20 LP	171
ce7c8b20 LP	172	void dns_server_flush_cache(DnsServer *s);
59c0fd0e LP	173
	174	void dns_server_reset_features(DnsServer *s);
	175	void dns_server_reset_features_all(DnsServer *s);
cf84484a LP	176
cf84484a LP	177	void dns_server_dump(DnsServer s, FILE f);
904dcaf9 LP	178
904dcaf9 LP	179	void dns_server_unref_stream(DnsServer *s);
f76fa088 LP	180
f76fa088 LP	181	DnsScope dns_server_scope(DnsServer s);
bc837621	182
c00157dd RP	183	static inline bool dns_server_is_fallback(DnsServer *s) {
	184	return s && s->type == DNS_SERVER_FALLBACK;
	185	}
	186
309a747f	187	int dns_server_dump_state_to_json(DnsServer server, sd_json_variant *ret);
54401c6f	188	int dns_server_dump_configuration_to_json(DnsServer server, sd_json_variant *ret);
b9335a32 NR	189
	190	int dns_server_is_accessible(DnsServer *s);
	191	static inline void dns_server_reset_accessible(DnsServer *s) {
	192	s->accessible = -1;
	193	}
	194	void dns_server_reset_accessible_all(DnsServer *first);