[thirdparty/systemd.git] / src / resolve / resolved-dns-transaction.h

/* SPDX-License-Identifier: LGPL-2.1+ */
#pragma once

/***
  This file is part of systemd.

  Copyright 2014 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

typedef struct DnsTransaction DnsTransaction;
typedef enum DnsTransactionState DnsTransactionState;
typedef enum DnsTransactionSource DnsTransactionSource;

enum DnsTransactionState {
        DNS_TRANSACTION_NULL,
        DNS_TRANSACTION_PENDING,
        DNS_TRANSACTION_VALIDATING,
        DNS_TRANSACTION_RCODE_FAILURE,
        DNS_TRANSACTION_SUCCESS,
        DNS_TRANSACTION_NO_SERVERS,
        DNS_TRANSACTION_TIMEOUT,
        DNS_TRANSACTION_ATTEMPTS_MAX_REACHED,
        DNS_TRANSACTION_INVALID_REPLY,
        DNS_TRANSACTION_ERRNO,
        DNS_TRANSACTION_ABORTED,
        DNS_TRANSACTION_DNSSEC_FAILED,
        DNS_TRANSACTION_NO_TRUST_ANCHOR,
        DNS_TRANSACTION_RR_TYPE_UNSUPPORTED,
        DNS_TRANSACTION_NETWORK_DOWN,
        DNS_TRANSACTION_NOT_FOUND, /* like NXDOMAIN, but when LLMNR/TCP connections fail */
        _DNS_TRANSACTION_STATE_MAX,
        _DNS_TRANSACTION_STATE_INVALID = -1
};

#define DNS_TRANSACTION_IS_LIVE(state) IN_SET((state), DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING, DNS_TRANSACTION_VALIDATING)

enum DnsTransactionSource {
        DNS_TRANSACTION_NETWORK,
        DNS_TRANSACTION_CACHE,
        DNS_TRANSACTION_ZONE,
        DNS_TRANSACTION_TRUST_ANCHOR,
        _DNS_TRANSACTION_SOURCE_MAX,
        _DNS_TRANSACTION_SOURCE_INVALID = -1
};

#include "resolved-dns-answer.h"
#include "resolved-dns-packet.h"
#include "resolved-dns-question.h"
#include "resolved-dns-scope.h"
#include "resolved-dns-server.h"
#include "resolved-dns-stream.h"

struct DnsTransaction {
        DnsScope *scope;

        DnsResourceKey *key;

        DnsTransactionState state;

        uint16_t id;

        bool tried_stream:1;

        bool initial_jitter_scheduled:1;
        bool initial_jitter_elapsed:1;

        bool clamp_ttl:1;

        bool probing:1;

        DnsPacket *sent, *received;

        DnsAnswer *answer;
        int answer_rcode;
        DnssecResult answer_dnssec_result;
        DnsTransactionSource answer_source;
        uint32_t answer_nsec_ttl;
        int answer_errno; /* if state is DNS_TRANSACTION_ERRNO */

        /* Indicates whether the primary answer is authenticated,
         * i.e. whether the RRs from answer which directly match the
         * question are authenticated, or, if there are none, whether
         * the NODATA or NXDOMAIN case is. It says nothing about
         * additional RRs listed in the answer, however they have
         * their own DNS_ANSWER_AUTHORIZED FLAGS. Note that this bit
         * is defined different than the AD bit in DNS packets, as
         * that covers more than just the actual primary answer. */
        bool answer_authenticated;

        /* Contains DNSKEY, DS, SOA RRs we already verified and need
         * to authenticate this reply */
        DnsAnswer *validated_keys;

        usec_t start_usec;
        usec_t next_attempt_after;
        sd_event_source *timeout_event_source;
        unsigned n_attempts;

        unsigned n_picked_servers;

        /* UDP connection logic, if we need it */
        int dns_udp_fd;
        sd_event_source *dns_udp_event_source;

        /* TCP connection logic, if we need it */
        DnsStream *stream;

        /* The active server */
        DnsServer *server;

        /* The features of the DNS server at time of transaction start */
        DnsServerFeatureLevel current_feature_level;

        /* If we got SERVFAIL back, we retry the lookup, using a lower feature level than we used before. */
        DnsServerFeatureLevel clamp_feature_level;

        /* Query candidates this transaction is referenced by and that
         * shall be notified about this specific transaction
         * completing. */
        Set *notify_query_candidates, *notify_query_candidates_done;

        /* Zone items this transaction is referenced by and that shall
         * be notified about completion. */
        Set *notify_zone_items, *notify_zone_items_done;

        /* Other transactions that this transactions is referenced by
         * and that shall be notified about completion. This is used
         * when transactions want to validate their RRsets, but need
         * another DNSKEY or DS RR to do so. */
        Set *notify_transactions, *notify_transactions_done;

        /* The opposite direction: the transactions this transaction
         * created in order to request DNSKEY or DS RRs. */
        Set *dnssec_transactions;

        unsigned block_gc;

        LIST_FIELDS(DnsTransaction, transactions_by_scope);
};

int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsResourceKey *key);
DnsTransaction* dns_transaction_free(DnsTransaction *t);

bool dns_transaction_gc(DnsTransaction *t);
int dns_transaction_go(DnsTransaction *t);

void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p);
void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state);

void dns_transaction_notify(DnsTransaction *t, DnsTransaction *source);
int dns_transaction_validate_dnssec(DnsTransaction *t);
int dns_transaction_request_dnssec_keys(DnsTransaction *t);

const char* dns_transaction_state_to_string(DnsTransactionState p) _const_;
DnsTransactionState dns_transaction_state_from_string(const char *s) _pure_;

const char* dns_transaction_source_to_string(DnsTransactionSource p) _const_;
DnsTransactionSource dns_transaction_source_from_string(const char *s) _pure_;

/* LLMNR Jitter interval, see RFC 4795 Section 7 */
#define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC)

/* mDNS Jitter interval, see RFC 6762 Section 5.2 */
#define MDNS_JITTER_MIN_USEC   (20 * USEC_PER_MSEC)
#define MDNS_JITTER_RANGE_USEC (100 * USEC_PER_MSEC)

/* mDNS probing interval, see RFC 6762 Section 8.1 */
#define MDNS_PROBING_INTERVAL_USEC (250 * USEC_PER_MSEC)

/* Maximum attempts to send DNS requests, across all DNS servers */
#define DNS_TRANSACTION_ATTEMPTS_MAX 24

/* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */
#define LLMNR_TRANSACTION_ATTEMPTS_MAX 3

/* Maximum attempts to send MDNS requests, see RFC 6762 Section 8.1 */
#define MDNS_TRANSACTION_ATTEMPTS_MAX 3

#define TRANSACTION_ATTEMPTS_MAX(p) (((p) == DNS_PROTOCOL_LLMNR) ? \
                                         LLMNR_TRANSACTION_ATTEMPTS_MAX : \
                                         (((p) == DNS_PROTOCOL_MDNS) ? \
                                             MDNS_TRANSACTION_ATTEMPTS_MAX : \
                                             DNS_TRANSACTION_ATTEMPTS_MAX))
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
ec2c5e43 LP	2	#pragma once
	3
	4	/***
	5	This file is part of systemd.
	6
	7	Copyright 2014 Lennart Poettering
	8
	9	systemd is free software; you can redistribute it and/or modify it
	10	under the terms of the GNU Lesser General Public License as published by
	11	the Free Software Foundation; either version 2.1 of the License, or
	12	(at your option) any later version.
	13
	14	systemd is distributed in the hope that it will be useful, but
	15	WITHOUT ANY WARRANTY; without even the implied warranty of
	16	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	17	Lesser General Public License for more details.
	18
	19	You should have received a copy of the GNU Lesser General Public License
	20	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	21	***/
	22
	23	typedef struct DnsTransaction DnsTransaction;
	24	typedef enum DnsTransactionState DnsTransactionState;
c3bc53e6	25	typedef enum DnsTransactionSource DnsTransactionSource;
ec2c5e43 LP	26
	27	enum DnsTransactionState {
	28	DNS_TRANSACTION_NULL,
	29	DNS_TRANSACTION_PENDING,
547973de	30	DNS_TRANSACTION_VALIDATING,
3bbdc31d	31	DNS_TRANSACTION_RCODE_FAILURE,
ec2c5e43 LP	32	DNS_TRANSACTION_SUCCESS,
	33	DNS_TRANSACTION_NO_SERVERS,
	34	DNS_TRANSACTION_TIMEOUT,
	35	DNS_TRANSACTION_ATTEMPTS_MAX_REACHED,
	36	DNS_TRANSACTION_INVALID_REPLY,
7cc6ed7b	37	DNS_TRANSACTION_ERRNO,
ec2c5e43	38	DNS_TRANSACTION_ABORTED,
547973de	39	DNS_TRANSACTION_DNSSEC_FAILED,
b2b796b8	40	DNS_TRANSACTION_NO_TRUST_ANCHOR,
91adc4db	41	DNS_TRANSACTION_RR_TYPE_UNSUPPORTED,
edbcc1fd	42	DNS_TRANSACTION_NETWORK_DOWN,
0791110f	43	DNS_TRANSACTION_NOT_FOUND, /* like NXDOMAIN, but when LLMNR/TCP connections fail */
ec2c5e43 LP	44	_DNS_TRANSACTION_STATE_MAX,
	45	_DNS_TRANSACTION_STATE_INVALID = -1
	46	};
	47
547973de LP	48	#define DNS_TRANSACTION_IS_LIVE(state) IN_SET((state), DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING, DNS_TRANSACTION_VALIDATING)
547973de LP	49
c3bc53e6 LP	50	enum DnsTransactionSource {
	51	DNS_TRANSACTION_NETWORK,
	52	DNS_TRANSACTION_CACHE,
	53	DNS_TRANSACTION_ZONE,
0d2cd476	54	DNS_TRANSACTION_TRUST_ANCHOR,
c3bc53e6 LP	55	_DNS_TRANSACTION_SOURCE_MAX,
	56	_DNS_TRANSACTION_SOURCE_INVALID = -1
	57	};
	58
71d35b6b	59	#include "resolved-dns-answer.h"
ec2c5e43 LP	60	#include "resolved-dns-packet.h"
ec2c5e43 LP	61	#include "resolved-dns-question.h"
71d35b6b	62	#include "resolved-dns-scope.h"
07f264e4 DM	63	#include "resolved-dns-server.h"
07f264e4 DM	64	#include "resolved-dns-stream.h"
ec2c5e43 LP	65
	66	struct DnsTransaction {
	67	DnsScope *scope;
	68
f52e61da	69	DnsResourceKey *key;
ec2c5e43 LP	70
ec2c5e43 LP	71	DnsTransactionState state;
547973de	72
ec2c5e43 LP	73	uint16_t id;
ec2c5e43 LP	74
cbe4216d LP	75	bool tried_stream:1;
cbe4216d LP	76
a0c888c7 LP	77	bool initial_jitter_scheduled:1;
a0c888c7 LP	78	bool initial_jitter_elapsed:1;
6e068472	79
17c8de63 LP	80	bool clamp_ttl:1;
17c8de63 LP	81
53fda2bb DR	82	bool probing:1;
53fda2bb DR	83
ec2c5e43	84	DnsPacket sent, received;
ae6a4bbf LP	85
	86	DnsAnswer *answer;
	87	int answer_rcode;
019036a4	88	DnssecResult answer_dnssec_result;
c3bc53e6	89	DnsTransactionSource answer_source;
d3760be0	90	uint32_t answer_nsec_ttl;
7cc6ed7b	91	int answer_errno; /* if state is DNS_TRANSACTION_ERRNO */
105e1512 LP	92
	93	/* Indicates whether the primary answer is authenticated,
	94	* i.e. whether the RRs from answer which directly match the
	95	* question are authenticated, or, if there are none, whether
	96	* the NODATA or NXDOMAIN case is. It says nothing about
	97	* additional RRs listed in the answer, however they have
	98	* their own DNS_ANSWER_AUTHORIZED FLAGS. Note that this bit
	99	* is defined different than the AD bit in DNS packets, as
	100	* that covers more than just the actual primary answer. */
931851e8	101	bool answer_authenticated;
ec2c5e43	102
105e1512 LP	103	/* Contains DNSKEY, DS, SOA RRs we already verified and need
105e1512 LP	104	* to authenticate this reply */
547973de LP	105	DnsAnswer *validated_keys;
547973de LP	106
9df3ba6c	107	usec_t start_usec;
a9da14e1	108	usec_t next_attempt_after;
ec2c5e43 LP	109	sd_event_source *timeout_event_source;
	110	unsigned n_attempts;
	111
44db02d0 LP	112	unsigned n_picked_servers;
44db02d0 LP	113
f32f0e57	114	/* UDP connection logic, if we need it */
4667e00a LP	115	int dns_udp_fd;
4667e00a LP	116	sd_event_source *dns_udp_event_source;
d20b1667	117
f32f0e57 LP	118	/* TCP connection logic, if we need it */
	119	DnsStream *stream;
	120
4667e00a	121	/* The active server */
8300ba21 TG	122	DnsServer *server;
8300ba21 TG	123
547973de	124	/* The features of the DNS server at time of transaction start */
274b8748	125	DnsServerFeatureLevel current_feature_level;
be808ea0	126
d001e0a3 LP	127	/* If we got SERVFAIL back, we retry the lookup, using a lower feature level than we used before. */
	128	DnsServerFeatureLevel clamp_feature_level;
	129
801ad6a6 LP	130	/* Query candidates this transaction is referenced by and that
	131	* shall be notified about this specific transaction
	132	* completing. */
35aa04e9	133	Set notify_query_candidates, notify_query_candidates_done;
ec2c5e43 LP	134
	135	/* Zone items this transaction is referenced by and that shall
	136	* be notified about completion. */
35aa04e9	137	Set notify_zone_items, notify_zone_items_done;
547973de LP	138
	139	/* Other transactions that this transactions is referenced by
	140	* and that shall be notified about completion. This is used
	141	* when transactions want to validate their RRsets, but need
	142	* another DNSKEY or DS RR to do so. */
35aa04e9	143	Set notify_transactions, notify_transactions_done;
547973de LP	144
	145	/* The opposite direction: the transactions this transaction
	146	* created in order to request DNSKEY or DS RRs. */
	147	Set *dnssec_transactions;
ec2c5e43 LP	148
	149	unsigned block_gc;
	150
	151	LIST_FIELDS(DnsTransaction, transactions_by_scope);
	152	};
	153
f52e61da	154	int dns_transaction_new(DnsTransaction *ret, DnsScope s, DnsResourceKey *key);
ec2c5e43 LP	155	DnsTransaction* dns_transaction_free(DnsTransaction *t);
ec2c5e43 LP	156
51e399bc	157	bool dns_transaction_gc(DnsTransaction *t);
ec2c5e43 LP	158	int dns_transaction_go(DnsTransaction *t);
	159
	160	void dns_transaction_process_reply(DnsTransaction t, DnsPacket p);
	161	void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state);
	162
547973de LP	163	void dns_transaction_notify(DnsTransaction t, DnsTransaction source);
	164	int dns_transaction_validate_dnssec(DnsTransaction *t);
	165	int dns_transaction_request_dnssec_keys(DnsTransaction *t);
	166
ec2c5e43 LP	167	const char* dns_transaction_state_to_string(DnsTransactionState p) _const_;
	168	DnsTransactionState dns_transaction_state_from_string(const char *s) _pure_;
	169
c3bc53e6 LP	170	const char* dns_transaction_source_to_string(DnsTransactionSource p) _const_;
	171	DnsTransactionSource dns_transaction_source_from_string(const char *s) _pure_;
	172
ec2c5e43	173	/* LLMNR Jitter interval, see RFC 4795 Section 7 */
6e068472	174	#define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC)
ec2c5e43	175
ea12bcc7 DM	176	/* mDNS Jitter interval, see RFC 6762 Section 5.2 */
	177	#define MDNS_JITTER_MIN_USEC (20 * USEC_PER_MSEC)
	178	#define MDNS_JITTER_RANGE_USEC (100 * USEC_PER_MSEC)
	179
53fda2bb DR	180	/* mDNS probing interval, see RFC 6762 Section 8.1 */
	181	#define MDNS_PROBING_INTERVAL_USEC (250 * USEC_PER_MSEC)
	182
ec2c5e43	183	/* Maximum attempts to send DNS requests, across all DNS servers */
74a3ed74	184	#define DNS_TRANSACTION_ATTEMPTS_MAX 24
ec2c5e43 LP	185
	186	/* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */
	187	#define LLMNR_TRANSACTION_ATTEMPTS_MAX 3
	188
53fda2bb DR	189	/* Maximum attempts to send MDNS requests, see RFC 6762 Section 8.1 */
	190	#define MDNS_TRANSACTION_ATTEMPTS_MAX 3
	191
	192	#define TRANSACTION_ATTEMPTS_MAX(p) (((p) == DNS_PROTOCOL_LLMNR) ? \
	193	LLMNR_TRANSACTION_ATTEMPTS_MAX : \
	194	(((p) == DNS_PROTOCOL_MDNS) ? \
	195	MDNS_TRANSACTION_ATTEMPTS_MAX : \
	196	DNS_TRANSACTION_ATTEMPTS_MAX))