[thirdparty/systemd.git] / src / resolve / resolved-dns-transaction.h

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

#pragma once

/***
  This file is part of systemd.

  Copyright 2014 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

typedef struct DnsTransaction DnsTransaction;
typedef enum DnsTransactionState DnsTransactionState;
typedef enum DnsTransactionSource DnsTransactionSource;

enum DnsTransactionState {
        DNS_TRANSACTION_NULL,
        DNS_TRANSACTION_PENDING,
        DNS_TRANSACTION_VALIDATING,
        DNS_TRANSACTION_RCODE_FAILURE,
        DNS_TRANSACTION_SUCCESS,
        DNS_TRANSACTION_NO_SERVERS,
        DNS_TRANSACTION_TIMEOUT,
        DNS_TRANSACTION_ATTEMPTS_MAX_REACHED,
        DNS_TRANSACTION_INVALID_REPLY,
        DNS_TRANSACTION_ERRNO,
        DNS_TRANSACTION_ABORTED,
        DNS_TRANSACTION_DNSSEC_FAILED,
        DNS_TRANSACTION_NO_TRUST_ANCHOR,
        DNS_TRANSACTION_RR_TYPE_UNSUPPORTED,
        DNS_TRANSACTION_NETWORK_DOWN,
        DNS_TRANSACTION_NOT_FOUND, /* like NXDOMAIN, but when LLMNR/TCP connections fail */
        _DNS_TRANSACTION_STATE_MAX,
        _DNS_TRANSACTION_STATE_INVALID = -1
};

#define DNS_TRANSACTION_IS_LIVE(state) IN_SET((state), DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING, DNS_TRANSACTION_VALIDATING)

enum DnsTransactionSource {
        DNS_TRANSACTION_NETWORK,
        DNS_TRANSACTION_CACHE,
        DNS_TRANSACTION_ZONE,
        DNS_TRANSACTION_TRUST_ANCHOR,
        _DNS_TRANSACTION_SOURCE_MAX,
        _DNS_TRANSACTION_SOURCE_INVALID = -1
};

#include "resolved-dns-answer.h"
#include "resolved-dns-packet.h"
#include "resolved-dns-question.h"
#include "resolved-dns-scope.h"

struct DnsTransaction {
        DnsScope *scope;

        DnsResourceKey *key;
        char *key_string;

        DnsTransactionState state;

        uint16_t id;

        bool tried_stream:1;

        bool initial_jitter_scheduled:1;
        bool initial_jitter_elapsed:1;

        DnsPacket *sent, *received;

        DnsAnswer *answer;
        int answer_rcode;
        DnssecResult answer_dnssec_result;
        DnsTransactionSource answer_source;
        uint32_t answer_nsec_ttl;
        int answer_errno; /* if state is DNS_TRANSACTION_ERRNO */

        /* Indicates whether the primary answer is authenticated,
         * i.e. whether the RRs from answer which directly match the
         * question are authenticated, or, if there are none, whether
         * the NODATA or NXDOMAIN case is. It says nothing about
         * additional RRs listed in the answer, however they have
         * their own DNS_ANSWER_AUTHORIZED FLAGS. Note that this bit
         * is defined different than the AD bit in DNS packets, as
         * that covers more than just the actual primary answer. */
        bool answer_authenticated;

        /* Contains DNSKEY, DS, SOA RRs we already verified and need
         * to authenticate this reply */
        DnsAnswer *validated_keys;

        usec_t start_usec;
        usec_t next_attempt_after;
        sd_event_source *timeout_event_source;
        unsigned n_attempts;

        /* UDP connection logic, if we need it */
        int dns_udp_fd;
        sd_event_source *dns_udp_event_source;

        /* TCP connection logic, if we need it */
        DnsStream *stream;

        /* The active server */
        DnsServer *server;

        /* The features of the DNS server at time of transaction start */
        DnsServerFeatureLevel current_feature_level;

        /* Query candidates this transaction is referenced by and that
         * shall be notified about this specific transaction
         * completing. */
        Set *notify_query_candidates;

        /* Zone items this transaction is referenced by and that shall
         * be notified about completion. */
        Set *notify_zone_items;

        /* Other transactions that this transactions is referenced by
         * and that shall be notified about completion. This is used
         * when transactions want to validate their RRsets, but need
         * another DNSKEY or DS RR to do so. */
        Set *notify_transactions;

        /* The opposite direction: the transactions this transaction
         * created in order to request DNSKEY or DS RRs. */
        Set *dnssec_transactions;

        unsigned block_gc;

        LIST_FIELDS(DnsTransaction, transactions_by_scope);
};

int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsResourceKey *key);
DnsTransaction* dns_transaction_free(DnsTransaction *t);

bool dns_transaction_gc(DnsTransaction *t);
int dns_transaction_go(DnsTransaction *t);

void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p);
void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state);

void dns_transaction_notify(DnsTransaction *t, DnsTransaction *source);
int dns_transaction_validate_dnssec(DnsTransaction *t);
int dns_transaction_request_dnssec_keys(DnsTransaction *t);

const char *dns_transaction_key_string(DnsTransaction *t);

const char* dns_transaction_state_to_string(DnsTransactionState p) _const_;
DnsTransactionState dns_transaction_state_from_string(const char *s) _pure_;

const char* dns_transaction_source_to_string(DnsTransactionSource p) _const_;
DnsTransactionSource dns_transaction_source_from_string(const char *s) _pure_;

/* LLMNR Jitter interval, see RFC 4795 Section 7 */
#define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC)

/* mDNS Jitter interval, see RFC 6762 Section 5.2 */
#define MDNS_JITTER_MIN_USEC   (20 * USEC_PER_MSEC)
#define MDNS_JITTER_RANGE_USEC (100 * USEC_PER_MSEC)

/* Maximum attempts to send DNS requests, across all DNS servers */
#define DNS_TRANSACTION_ATTEMPTS_MAX 16

/* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */
#define LLMNR_TRANSACTION_ATTEMPTS_MAX 3

#define TRANSACTION_ATTEMPTS_MAX(p) ((p) == DNS_PROTOCOL_LLMNR ? LLMNR_TRANSACTION_ATTEMPTS_MAX : DNS_TRANSACTION_ATTEMPTS_MAX)
Commit	Line	Data
ec2c5e43 LP	1	/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/
	2
	3	#pragma once
	4
	5	/***
	6	This file is part of systemd.
	7
	8	Copyright 2014 Lennart Poettering
	9
	10	systemd is free software; you can redistribute it and/or modify it
	11	under the terms of the GNU Lesser General Public License as published by
	12	the Free Software Foundation; either version 2.1 of the License, or
	13	(at your option) any later version.
	14
	15	systemd is distributed in the hope that it will be useful, but
	16	WITHOUT ANY WARRANTY; without even the implied warranty of
	17	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	18	Lesser General Public License for more details.
	19
	20	You should have received a copy of the GNU Lesser General Public License
	21	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	22	***/
	23
	24	typedef struct DnsTransaction DnsTransaction;
	25	typedef enum DnsTransactionState DnsTransactionState;
c3bc53e6	26	typedef enum DnsTransactionSource DnsTransactionSource;
ec2c5e43 LP	27
	28	enum DnsTransactionState {
	29	DNS_TRANSACTION_NULL,
	30	DNS_TRANSACTION_PENDING,
547973de	31	DNS_TRANSACTION_VALIDATING,
3bbdc31d	32	DNS_TRANSACTION_RCODE_FAILURE,
ec2c5e43 LP	33	DNS_TRANSACTION_SUCCESS,
	34	DNS_TRANSACTION_NO_SERVERS,
	35	DNS_TRANSACTION_TIMEOUT,
	36	DNS_TRANSACTION_ATTEMPTS_MAX_REACHED,
	37	DNS_TRANSACTION_INVALID_REPLY,
7cc6ed7b	38	DNS_TRANSACTION_ERRNO,
ec2c5e43	39	DNS_TRANSACTION_ABORTED,
547973de	40	DNS_TRANSACTION_DNSSEC_FAILED,
b2b796b8	41	DNS_TRANSACTION_NO_TRUST_ANCHOR,
91adc4db	42	DNS_TRANSACTION_RR_TYPE_UNSUPPORTED,
edbcc1fd	43	DNS_TRANSACTION_NETWORK_DOWN,
0791110f	44	DNS_TRANSACTION_NOT_FOUND, /* like NXDOMAIN, but when LLMNR/TCP connections fail */
ec2c5e43 LP	45	_DNS_TRANSACTION_STATE_MAX,
	46	_DNS_TRANSACTION_STATE_INVALID = -1
	47	};
	48
547973de LP	49	#define DNS_TRANSACTION_IS_LIVE(state) IN_SET((state), DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING, DNS_TRANSACTION_VALIDATING)
547973de LP	50
c3bc53e6 LP	51	enum DnsTransactionSource {
	52	DNS_TRANSACTION_NETWORK,
	53	DNS_TRANSACTION_CACHE,
	54	DNS_TRANSACTION_ZONE,
0d2cd476	55	DNS_TRANSACTION_TRUST_ANCHOR,
c3bc53e6 LP	56	_DNS_TRANSACTION_SOURCE_MAX,
	57	_DNS_TRANSACTION_SOURCE_INVALID = -1
	58	};
	59
71d35b6b	60	#include "resolved-dns-answer.h"
ec2c5e43 LP	61	#include "resolved-dns-packet.h"
ec2c5e43 LP	62	#include "resolved-dns-question.h"
71d35b6b	63	#include "resolved-dns-scope.h"
ec2c5e43 LP	64
	65	struct DnsTransaction {
	66	DnsScope *scope;
	67
f52e61da	68	DnsResourceKey *key;
a5784c49	69	char *key_string;
ec2c5e43 LP	70
ec2c5e43 LP	71	DnsTransactionState state;
547973de	72
ec2c5e43 LP	73	uint16_t id;
ec2c5e43 LP	74
cbe4216d LP	75	bool tried_stream:1;
cbe4216d LP	76
a0c888c7 LP	77	bool initial_jitter_scheduled:1;
a0c888c7 LP	78	bool initial_jitter_elapsed:1;
6e068472	79
ec2c5e43	80	DnsPacket sent, received;
ae6a4bbf LP	81
	82	DnsAnswer *answer;
	83	int answer_rcode;
019036a4	84	DnssecResult answer_dnssec_result;
c3bc53e6	85	DnsTransactionSource answer_source;
d3760be0	86	uint32_t answer_nsec_ttl;
7cc6ed7b	87	int answer_errno; /* if state is DNS_TRANSACTION_ERRNO */
105e1512 LP	88
	89	/* Indicates whether the primary answer is authenticated,
	90	* i.e. whether the RRs from answer which directly match the
	91	* question are authenticated, or, if there are none, whether
	92	* the NODATA or NXDOMAIN case is. It says nothing about
	93	* additional RRs listed in the answer, however they have
	94	* their own DNS_ANSWER_AUTHORIZED FLAGS. Note that this bit
	95	* is defined different than the AD bit in DNS packets, as
	96	* that covers more than just the actual primary answer. */
931851e8	97	bool answer_authenticated;
ec2c5e43	98
105e1512 LP	99	/* Contains DNSKEY, DS, SOA RRs we already verified and need
105e1512 LP	100	* to authenticate this reply */
547973de LP	101	DnsAnswer *validated_keys;
547973de LP	102
9df3ba6c	103	usec_t start_usec;
a9da14e1	104	usec_t next_attempt_after;
ec2c5e43 LP	105	sd_event_source *timeout_event_source;
	106	unsigned n_attempts;
	107
f32f0e57	108	/* UDP connection logic, if we need it */
4667e00a LP	109	int dns_udp_fd;
4667e00a LP	110	sd_event_source *dns_udp_event_source;
d20b1667	111
f32f0e57 LP	112	/* TCP connection logic, if we need it */
	113	DnsStream *stream;
	114
4667e00a	115	/* The active server */
8300ba21 TG	116	DnsServer *server;
8300ba21 TG	117
547973de	118	/* The features of the DNS server at time of transaction start */
274b8748	119	DnsServerFeatureLevel current_feature_level;
be808ea0	120
801ad6a6 LP	121	/* Query candidates this transaction is referenced by and that
	122	* shall be notified about this specific transaction
	123	* completing. */
547973de	124	Set *notify_query_candidates;
ec2c5e43 LP	125
	126	/* Zone items this transaction is referenced by and that shall
	127	* be notified about completion. */
547973de LP	128	Set *notify_zone_items;
	129
	130	/* Other transactions that this transactions is referenced by
	131	* and that shall be notified about completion. This is used
	132	* when transactions want to validate their RRsets, but need
	133	* another DNSKEY or DS RR to do so. */
	134	Set *notify_transactions;
	135
	136	/* The opposite direction: the transactions this transaction
	137	* created in order to request DNSKEY or DS RRs. */
	138	Set *dnssec_transactions;
ec2c5e43 LP	139
	140	unsigned block_gc;
	141
	142	LIST_FIELDS(DnsTransaction, transactions_by_scope);
	143	};
	144
f52e61da	145	int dns_transaction_new(DnsTransaction *ret, DnsScope s, DnsResourceKey *key);
ec2c5e43 LP	146	DnsTransaction* dns_transaction_free(DnsTransaction *t);
ec2c5e43 LP	147
51e399bc	148	bool dns_transaction_gc(DnsTransaction *t);
ec2c5e43 LP	149	int dns_transaction_go(DnsTransaction *t);
	150
	151	void dns_transaction_process_reply(DnsTransaction t, DnsPacket p);
	152	void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state);
	153
547973de LP	154	void dns_transaction_notify(DnsTransaction t, DnsTransaction source);
	155	int dns_transaction_validate_dnssec(DnsTransaction *t);
	156	int dns_transaction_request_dnssec_keys(DnsTransaction *t);
	157
a5784c49 LP	158	const char dns_transaction_key_string(DnsTransaction t);
a5784c49 LP	159
ec2c5e43 LP	160	const char* dns_transaction_state_to_string(DnsTransactionState p) _const_;
	161	DnsTransactionState dns_transaction_state_from_string(const char *s) _pure_;
	162
c3bc53e6 LP	163	const char* dns_transaction_source_to_string(DnsTransactionSource p) _const_;
	164	DnsTransactionSource dns_transaction_source_from_string(const char *s) _pure_;
	165
ec2c5e43	166	/* LLMNR Jitter interval, see RFC 4795 Section 7 */
6e068472	167	#define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC)
ec2c5e43	168
ea12bcc7 DM	169	/* mDNS Jitter interval, see RFC 6762 Section 5.2 */
	170	#define MDNS_JITTER_MIN_USEC (20 * USEC_PER_MSEC)
	171	#define MDNS_JITTER_RANGE_USEC (100 * USEC_PER_MSEC)
	172
ec2c5e43	173	/* Maximum attempts to send DNS requests, across all DNS servers */
3b31df83	174	#define DNS_TRANSACTION_ATTEMPTS_MAX 16
ec2c5e43 LP	175
	176	/* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */
	177	#define LLMNR_TRANSACTION_ATTEMPTS_MAX 3
	178
c3bc53e6	179	#define TRANSACTION_ATTEMPTS_MAX(p) ((p) == DNS_PROTOCOL_LLMNR ? LLMNR_TRANSACTION_ATTEMPTS_MAX : DNS_TRANSACTION_ATTEMPTS_MAX)