]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
ec2c5e43 LP |
2 | #pragma once |
3 | ||
4 | /*** | |
5 | This file is part of systemd. | |
6 | ||
7 | Copyright 2014 Lennart Poettering | |
8 | ||
9 | systemd is free software; you can redistribute it and/or modify it | |
10 | under the terms of the GNU Lesser General Public License as published by | |
11 | the Free Software Foundation; either version 2.1 of the License, or | |
12 | (at your option) any later version. | |
13 | ||
14 | systemd is distributed in the hope that it will be useful, but | |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
17 | Lesser General Public License for more details. | |
18 | ||
19 | You should have received a copy of the GNU Lesser General Public License | |
20 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
21 | ***/ | |
22 | ||
23 | typedef struct DnsTransaction DnsTransaction; | |
24 | typedef enum DnsTransactionState DnsTransactionState; | |
c3bc53e6 | 25 | typedef enum DnsTransactionSource DnsTransactionSource; |
ec2c5e43 LP |
26 | |
27 | enum DnsTransactionState { | |
28 | DNS_TRANSACTION_NULL, | |
29 | DNS_TRANSACTION_PENDING, | |
547973de | 30 | DNS_TRANSACTION_VALIDATING, |
3bbdc31d | 31 | DNS_TRANSACTION_RCODE_FAILURE, |
ec2c5e43 LP |
32 | DNS_TRANSACTION_SUCCESS, |
33 | DNS_TRANSACTION_NO_SERVERS, | |
34 | DNS_TRANSACTION_TIMEOUT, | |
35 | DNS_TRANSACTION_ATTEMPTS_MAX_REACHED, | |
36 | DNS_TRANSACTION_INVALID_REPLY, | |
7cc6ed7b | 37 | DNS_TRANSACTION_ERRNO, |
ec2c5e43 | 38 | DNS_TRANSACTION_ABORTED, |
547973de | 39 | DNS_TRANSACTION_DNSSEC_FAILED, |
b2b796b8 | 40 | DNS_TRANSACTION_NO_TRUST_ANCHOR, |
91adc4db | 41 | DNS_TRANSACTION_RR_TYPE_UNSUPPORTED, |
edbcc1fd | 42 | DNS_TRANSACTION_NETWORK_DOWN, |
0791110f | 43 | DNS_TRANSACTION_NOT_FOUND, /* like NXDOMAIN, but when LLMNR/TCP connections fail */ |
ec2c5e43 LP |
44 | _DNS_TRANSACTION_STATE_MAX, |
45 | _DNS_TRANSACTION_STATE_INVALID = -1 | |
46 | }; | |
47 | ||
547973de LP |
48 | #define DNS_TRANSACTION_IS_LIVE(state) IN_SET((state), DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING, DNS_TRANSACTION_VALIDATING) |
49 | ||
c3bc53e6 LP |
50 | enum DnsTransactionSource { |
51 | DNS_TRANSACTION_NETWORK, | |
52 | DNS_TRANSACTION_CACHE, | |
53 | DNS_TRANSACTION_ZONE, | |
0d2cd476 | 54 | DNS_TRANSACTION_TRUST_ANCHOR, |
c3bc53e6 LP |
55 | _DNS_TRANSACTION_SOURCE_MAX, |
56 | _DNS_TRANSACTION_SOURCE_INVALID = -1 | |
57 | }; | |
58 | ||
71d35b6b | 59 | #include "resolved-dns-answer.h" |
ec2c5e43 LP |
60 | #include "resolved-dns-packet.h" |
61 | #include "resolved-dns-question.h" | |
71d35b6b | 62 | #include "resolved-dns-scope.h" |
07f264e4 DM |
63 | #include "resolved-dns-server.h" |
64 | #include "resolved-dns-stream.h" | |
ec2c5e43 LP |
65 | |
66 | struct DnsTransaction { | |
67 | DnsScope *scope; | |
68 | ||
f52e61da | 69 | DnsResourceKey *key; |
ec2c5e43 LP |
70 | |
71 | DnsTransactionState state; | |
547973de | 72 | |
ec2c5e43 LP |
73 | uint16_t id; |
74 | ||
cbe4216d LP |
75 | bool tried_stream:1; |
76 | ||
a0c888c7 LP |
77 | bool initial_jitter_scheduled:1; |
78 | bool initial_jitter_elapsed:1; | |
6e068472 | 79 | |
17c8de63 LP |
80 | bool clamp_ttl:1; |
81 | ||
53fda2bb DR |
82 | bool probing:1; |
83 | ||
ec2c5e43 | 84 | DnsPacket *sent, *received; |
ae6a4bbf LP |
85 | |
86 | DnsAnswer *answer; | |
87 | int answer_rcode; | |
019036a4 | 88 | DnssecResult answer_dnssec_result; |
c3bc53e6 | 89 | DnsTransactionSource answer_source; |
d3760be0 | 90 | uint32_t answer_nsec_ttl; |
7cc6ed7b | 91 | int answer_errno; /* if state is DNS_TRANSACTION_ERRNO */ |
105e1512 LP |
92 | |
93 | /* Indicates whether the primary answer is authenticated, | |
94 | * i.e. whether the RRs from answer which directly match the | |
95 | * question are authenticated, or, if there are none, whether | |
96 | * the NODATA or NXDOMAIN case is. It says nothing about | |
97 | * additional RRs listed in the answer, however they have | |
98 | * their own DNS_ANSWER_AUTHORIZED FLAGS. Note that this bit | |
99 | * is defined different than the AD bit in DNS packets, as | |
100 | * that covers more than just the actual primary answer. */ | |
931851e8 | 101 | bool answer_authenticated; |
ec2c5e43 | 102 | |
105e1512 LP |
103 | /* Contains DNSKEY, DS, SOA RRs we already verified and need |
104 | * to authenticate this reply */ | |
547973de LP |
105 | DnsAnswer *validated_keys; |
106 | ||
9df3ba6c | 107 | usec_t start_usec; |
a9da14e1 | 108 | usec_t next_attempt_after; |
ec2c5e43 LP |
109 | sd_event_source *timeout_event_source; |
110 | unsigned n_attempts; | |
111 | ||
44db02d0 LP |
112 | unsigned n_picked_servers; |
113 | ||
f32f0e57 | 114 | /* UDP connection logic, if we need it */ |
4667e00a LP |
115 | int dns_udp_fd; |
116 | sd_event_source *dns_udp_event_source; | |
d20b1667 | 117 | |
f32f0e57 LP |
118 | /* TCP connection logic, if we need it */ |
119 | DnsStream *stream; | |
120 | ||
4667e00a | 121 | /* The active server */ |
8300ba21 TG |
122 | DnsServer *server; |
123 | ||
547973de | 124 | /* The features of the DNS server at time of transaction start */ |
274b8748 | 125 | DnsServerFeatureLevel current_feature_level; |
be808ea0 | 126 | |
d001e0a3 LP |
127 | /* If we got SERVFAIL back, we retry the lookup, using a lower feature level than we used before. */ |
128 | DnsServerFeatureLevel clamp_feature_level; | |
129 | ||
801ad6a6 LP |
130 | /* Query candidates this transaction is referenced by and that |
131 | * shall be notified about this specific transaction | |
132 | * completing. */ | |
35aa04e9 | 133 | Set *notify_query_candidates, *notify_query_candidates_done; |
ec2c5e43 LP |
134 | |
135 | /* Zone items this transaction is referenced by and that shall | |
136 | * be notified about completion. */ | |
35aa04e9 | 137 | Set *notify_zone_items, *notify_zone_items_done; |
547973de LP |
138 | |
139 | /* Other transactions that this transactions is referenced by | |
140 | * and that shall be notified about completion. This is used | |
141 | * when transactions want to validate their RRsets, but need | |
142 | * another DNSKEY or DS RR to do so. */ | |
35aa04e9 | 143 | Set *notify_transactions, *notify_transactions_done; |
547973de LP |
144 | |
145 | /* The opposite direction: the transactions this transaction | |
146 | * created in order to request DNSKEY or DS RRs. */ | |
147 | Set *dnssec_transactions; | |
ec2c5e43 LP |
148 | |
149 | unsigned block_gc; | |
150 | ||
151 | LIST_FIELDS(DnsTransaction, transactions_by_scope); | |
152 | }; | |
153 | ||
f52e61da | 154 | int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsResourceKey *key); |
ec2c5e43 LP |
155 | DnsTransaction* dns_transaction_free(DnsTransaction *t); |
156 | ||
51e399bc | 157 | bool dns_transaction_gc(DnsTransaction *t); |
ec2c5e43 LP |
158 | int dns_transaction_go(DnsTransaction *t); |
159 | ||
160 | void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p); | |
161 | void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state); | |
162 | ||
547973de LP |
163 | void dns_transaction_notify(DnsTransaction *t, DnsTransaction *source); |
164 | int dns_transaction_validate_dnssec(DnsTransaction *t); | |
165 | int dns_transaction_request_dnssec_keys(DnsTransaction *t); | |
166 | ||
ec2c5e43 LP |
167 | const char* dns_transaction_state_to_string(DnsTransactionState p) _const_; |
168 | DnsTransactionState dns_transaction_state_from_string(const char *s) _pure_; | |
169 | ||
c3bc53e6 LP |
170 | const char* dns_transaction_source_to_string(DnsTransactionSource p) _const_; |
171 | DnsTransactionSource dns_transaction_source_from_string(const char *s) _pure_; | |
172 | ||
ec2c5e43 | 173 | /* LLMNR Jitter interval, see RFC 4795 Section 7 */ |
6e068472 | 174 | #define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC) |
ec2c5e43 | 175 | |
ea12bcc7 DM |
176 | /* mDNS Jitter interval, see RFC 6762 Section 5.2 */ |
177 | #define MDNS_JITTER_MIN_USEC (20 * USEC_PER_MSEC) | |
178 | #define MDNS_JITTER_RANGE_USEC (100 * USEC_PER_MSEC) | |
179 | ||
53fda2bb DR |
180 | /* mDNS probing interval, see RFC 6762 Section 8.1 */ |
181 | #define MDNS_PROBING_INTERVAL_USEC (250 * USEC_PER_MSEC) | |
182 | ||
ec2c5e43 | 183 | /* Maximum attempts to send DNS requests, across all DNS servers */ |
74a3ed74 | 184 | #define DNS_TRANSACTION_ATTEMPTS_MAX 24 |
ec2c5e43 LP |
185 | |
186 | /* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */ | |
187 | #define LLMNR_TRANSACTION_ATTEMPTS_MAX 3 | |
188 | ||
53fda2bb DR |
189 | /* Maximum attempts to send MDNS requests, see RFC 6762 Section 8.1 */ |
190 | #define MDNS_TRANSACTION_ATTEMPTS_MAX 3 | |
191 | ||
192 | #define TRANSACTION_ATTEMPTS_MAX(p) (((p) == DNS_PROTOCOL_LLMNR) ? \ | |
193 | LLMNR_TRANSACTION_ATTEMPTS_MAX : \ | |
194 | (((p) == DNS_PROTOCOL_MDNS) ? \ | |
195 | MDNS_TRANSACTION_ATTEMPTS_MAX : \ | |
196 | DNS_TRANSACTION_ATTEMPTS_MAX)) |