[thirdparty/systemd.git] / src / resolve / resolved-dns-transaction.h

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

#pragma once

/***
  This file is part of systemd.

  Copyright 2014 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

typedef struct DnsTransaction DnsTransaction;
typedef enum DnsTransactionState DnsTransactionState;
typedef enum DnsTransactionSource DnsTransactionSource;

enum DnsTransactionState {
        DNS_TRANSACTION_NULL,
        DNS_TRANSACTION_PENDING,
        DNS_TRANSACTION_VALIDATING,
        DNS_TRANSACTION_RCODE_FAILURE,
        DNS_TRANSACTION_SUCCESS,
        DNS_TRANSACTION_NO_SERVERS,
        DNS_TRANSACTION_TIMEOUT,
        DNS_TRANSACTION_ATTEMPTS_MAX_REACHED,
        DNS_TRANSACTION_INVALID_REPLY,
        DNS_TRANSACTION_RESOURCES,
        DNS_TRANSACTION_ABORTED,
        DNS_TRANSACTION_DNSSEC_FAILED,
        DNS_TRANSACTION_NO_TRUST_ANCHOR,
        DNS_TRANSACTION_RR_TYPE_UNSUPPORTED,
        _DNS_TRANSACTION_STATE_MAX,
        _DNS_TRANSACTION_STATE_INVALID = -1
};

#define DNS_TRANSACTION_IS_LIVE(state) IN_SET((state), DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING, DNS_TRANSACTION_VALIDATING)

enum DnsTransactionSource {
        DNS_TRANSACTION_NETWORK,
        DNS_TRANSACTION_CACHE,
        DNS_TRANSACTION_ZONE,
        DNS_TRANSACTION_TRUST_ANCHOR,
        _DNS_TRANSACTION_SOURCE_MAX,
        _DNS_TRANSACTION_SOURCE_INVALID = -1
};

#include "resolved-dns-answer.h"
#include "resolved-dns-packet.h"
#include "resolved-dns-question.h"
#include "resolved-dns-scope.h"

struct DnsTransaction {
        DnsScope *scope;

        DnsResourceKey *key;
        char *key_string;

        DnsTransactionState state;

        uint16_t id;

        bool tried_stream:1;

        bool initial_jitter_scheduled:1;
        bool initial_jitter_elapsed:1;

        DnsPacket *sent, *received;

        DnsAnswer *answer;
        int answer_rcode;
        DnssecResult answer_dnssec_result;
        DnsTransactionSource answer_source;
        uint32_t answer_nsec_ttl;

        /* Indicates whether the primary answer is authenticated,
         * i.e. whether the RRs from answer which directly match the
         * question are authenticated, or, if there are none, whether
         * the NODATA or NXDOMAIN case is. It says nothing about
         * additional RRs listed in the answer, however they have
         * their own DNS_ANSWER_AUTHORIZED FLAGS. Note that this bit
         * is defined different than the AD bit in DNS packets, as
         * that covers more than just the actual primary answer. */
        bool answer_authenticated;

        /* Contains DNSKEY, DS, SOA RRs we already verified and need
         * to authenticate this reply */
        DnsAnswer *validated_keys;

        usec_t start_usec;
        usec_t next_attempt_after;
        sd_event_source *timeout_event_source;
        unsigned n_attempts;

        /* UDP connection logic, if we need it */
        int dns_udp_fd;
        sd_event_source *dns_udp_event_source;

        /* TCP connection logic, if we need it */
        DnsStream *stream;

        /* The active server */
        DnsServer *server;

        /* The features of the DNS server at time of transaction start */
        DnsServerFeatureLevel current_features;

        /* Query candidates this transaction is referenced by and that
         * shall be notified about this specific transaction
         * completing. */
        Set *notify_query_candidates;

        /* Zone items this transaction is referenced by and that shall
         * be notified about completion. */
        Set *notify_zone_items;

        /* Other transactions that this transactions is referenced by
         * and that shall be notified about completion. This is used
         * when transactions want to validate their RRsets, but need
         * another DNSKEY or DS RR to do so. */
        Set *notify_transactions;

        /* The opposite direction: the transactions this transaction
         * created in order to request DNSKEY or DS RRs. */
        Set *dnssec_transactions;

        unsigned block_gc;

        LIST_FIELDS(DnsTransaction, transactions_by_scope);
};

int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsResourceKey *key);
DnsTransaction* dns_transaction_free(DnsTransaction *t);

bool dns_transaction_gc(DnsTransaction *t);
int dns_transaction_go(DnsTransaction *t);

void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p);
void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state);

void dns_transaction_notify(DnsTransaction *t, DnsTransaction *source);
int dns_transaction_validate_dnssec(DnsTransaction *t);
int dns_transaction_request_dnssec_keys(DnsTransaction *t);

const char *dns_transaction_key_string(DnsTransaction *t);

const char* dns_transaction_state_to_string(DnsTransactionState p) _const_;
DnsTransactionState dns_transaction_state_from_string(const char *s) _pure_;

const char* dns_transaction_source_to_string(DnsTransactionSource p) _const_;
DnsTransactionSource dns_transaction_source_from_string(const char *s) _pure_;

/* LLMNR Jitter interval, see RFC 4795 Section 7 */
#define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC)

/* mDNS Jitter interval, see RFC 6762 Section 5.2 */
#define MDNS_JITTER_MIN_USEC   (20 * USEC_PER_MSEC)
#define MDNS_JITTER_RANGE_USEC (100 * USEC_PER_MSEC)

/* Maximum attempts to send DNS requests, across all DNS servers */
#define DNS_TRANSACTION_ATTEMPTS_MAX 16

/* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */
#define LLMNR_TRANSACTION_ATTEMPTS_MAX 3

#define TRANSACTION_ATTEMPTS_MAX(p) ((p) == DNS_PROTOCOL_LLMNR ? LLMNR_TRANSACTION_ATTEMPTS_MAX : DNS_TRANSACTION_ATTEMPTS_MAX)
Commit	Line	Data
ec2c5e43 LP	1	/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/
	2
	3	#pragma once
	4
	5	/***
	6	This file is part of systemd.
	7
	8	Copyright 2014 Lennart Poettering
	9
	10	systemd is free software; you can redistribute it and/or modify it
	11	under the terms of the GNU Lesser General Public License as published by
	12	the Free Software Foundation; either version 2.1 of the License, or
	13	(at your option) any later version.
	14
	15	systemd is distributed in the hope that it will be useful, but
	16	WITHOUT ANY WARRANTY; without even the implied warranty of
	17	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	18	Lesser General Public License for more details.
	19
	20	You should have received a copy of the GNU Lesser General Public License
	21	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	22	***/
	23
	24	typedef struct DnsTransaction DnsTransaction;
	25	typedef enum DnsTransactionState DnsTransactionState;
c3bc53e6	26	typedef enum DnsTransactionSource DnsTransactionSource;
ec2c5e43 LP	27
	28	enum DnsTransactionState {
	29	DNS_TRANSACTION_NULL,
	30	DNS_TRANSACTION_PENDING,
547973de	31	DNS_TRANSACTION_VALIDATING,
3bbdc31d	32	DNS_TRANSACTION_RCODE_FAILURE,
ec2c5e43 LP	33	DNS_TRANSACTION_SUCCESS,
	34	DNS_TRANSACTION_NO_SERVERS,
	35	DNS_TRANSACTION_TIMEOUT,
	36	DNS_TRANSACTION_ATTEMPTS_MAX_REACHED,
	37	DNS_TRANSACTION_INVALID_REPLY,
	38	DNS_TRANSACTION_RESOURCES,
	39	DNS_TRANSACTION_ABORTED,
547973de	40	DNS_TRANSACTION_DNSSEC_FAILED,
b2b796b8	41	DNS_TRANSACTION_NO_TRUST_ANCHOR,
91adc4db	42	DNS_TRANSACTION_RR_TYPE_UNSUPPORTED,
ec2c5e43 LP	43	_DNS_TRANSACTION_STATE_MAX,
	44	_DNS_TRANSACTION_STATE_INVALID = -1
	45	};
	46
547973de LP	47	#define DNS_TRANSACTION_IS_LIVE(state) IN_SET((state), DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING, DNS_TRANSACTION_VALIDATING)
547973de LP	48
c3bc53e6 LP	49	enum DnsTransactionSource {
	50	DNS_TRANSACTION_NETWORK,
	51	DNS_TRANSACTION_CACHE,
	52	DNS_TRANSACTION_ZONE,
0d2cd476	53	DNS_TRANSACTION_TRUST_ANCHOR,
c3bc53e6 LP	54	_DNS_TRANSACTION_SOURCE_MAX,
	55	_DNS_TRANSACTION_SOURCE_INVALID = -1
	56	};
	57
71d35b6b	58	#include "resolved-dns-answer.h"
ec2c5e43 LP	59	#include "resolved-dns-packet.h"
ec2c5e43 LP	60	#include "resolved-dns-question.h"
71d35b6b	61	#include "resolved-dns-scope.h"
ec2c5e43 LP	62
	63	struct DnsTransaction {
	64	DnsScope *scope;
	65
f52e61da	66	DnsResourceKey *key;
a5784c49	67	char *key_string;
ec2c5e43 LP	68
ec2c5e43 LP	69	DnsTransactionState state;
547973de	70
ec2c5e43 LP	71	uint16_t id;
ec2c5e43 LP	72
cbe4216d LP	73	bool tried_stream:1;
cbe4216d LP	74
a0c888c7 LP	75	bool initial_jitter_scheduled:1;
a0c888c7 LP	76	bool initial_jitter_elapsed:1;
6e068472	77
ec2c5e43	78	DnsPacket sent, received;
ae6a4bbf LP	79
	80	DnsAnswer *answer;
	81	int answer_rcode;
019036a4	82	DnssecResult answer_dnssec_result;
c3bc53e6	83	DnsTransactionSource answer_source;
d3760be0	84	uint32_t answer_nsec_ttl;
105e1512 LP	85
	86	/* Indicates whether the primary answer is authenticated,
	87	* i.e. whether the RRs from answer which directly match the
	88	* question are authenticated, or, if there are none, whether
	89	* the NODATA or NXDOMAIN case is. It says nothing about
	90	* additional RRs listed in the answer, however they have
	91	* their own DNS_ANSWER_AUTHORIZED FLAGS. Note that this bit
	92	* is defined different than the AD bit in DNS packets, as
	93	* that covers more than just the actual primary answer. */
931851e8	94	bool answer_authenticated;
ec2c5e43	95
105e1512 LP	96	/* Contains DNSKEY, DS, SOA RRs we already verified and need
105e1512 LP	97	* to authenticate this reply */
547973de LP	98	DnsAnswer *validated_keys;
547973de LP	99
9df3ba6c	100	usec_t start_usec;
a9da14e1	101	usec_t next_attempt_after;
ec2c5e43 LP	102	sd_event_source *timeout_event_source;
	103	unsigned n_attempts;
	104
f32f0e57	105	/* UDP connection logic, if we need it */
4667e00a LP	106	int dns_udp_fd;
4667e00a LP	107	sd_event_source *dns_udp_event_source;
d20b1667	108
f32f0e57 LP	109	/* TCP connection logic, if we need it */
	110	DnsStream *stream;
	111
4667e00a	112	/* The active server */
8300ba21 TG	113	DnsServer *server;
8300ba21 TG	114
547973de	115	/* The features of the DNS server at time of transaction start */
be808ea0 TG	116	DnsServerFeatureLevel current_features;
be808ea0 TG	117
801ad6a6 LP	118	/* Query candidates this transaction is referenced by and that
	119	* shall be notified about this specific transaction
	120	* completing. */
547973de	121	Set *notify_query_candidates;
ec2c5e43 LP	122
	123	/* Zone items this transaction is referenced by and that shall
	124	* be notified about completion. */
547973de LP	125	Set *notify_zone_items;
	126
	127	/* Other transactions that this transactions is referenced by
	128	* and that shall be notified about completion. This is used
	129	* when transactions want to validate their RRsets, but need
	130	* another DNSKEY or DS RR to do so. */
	131	Set *notify_transactions;
	132
	133	/* The opposite direction: the transactions this transaction
	134	* created in order to request DNSKEY or DS RRs. */
	135	Set *dnssec_transactions;
ec2c5e43 LP	136
	137	unsigned block_gc;
	138
	139	LIST_FIELDS(DnsTransaction, transactions_by_scope);
	140	};
	141
f52e61da	142	int dns_transaction_new(DnsTransaction *ret, DnsScope s, DnsResourceKey *key);
ec2c5e43 LP	143	DnsTransaction* dns_transaction_free(DnsTransaction *t);
ec2c5e43 LP	144
51e399bc	145	bool dns_transaction_gc(DnsTransaction *t);
ec2c5e43 LP	146	int dns_transaction_go(DnsTransaction *t);
	147
	148	void dns_transaction_process_reply(DnsTransaction t, DnsPacket p);
	149	void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state);
	150
547973de LP	151	void dns_transaction_notify(DnsTransaction t, DnsTransaction source);
	152	int dns_transaction_validate_dnssec(DnsTransaction *t);
	153	int dns_transaction_request_dnssec_keys(DnsTransaction *t);
	154
a5784c49 LP	155	const char dns_transaction_key_string(DnsTransaction t);
a5784c49 LP	156
ec2c5e43 LP	157	const char* dns_transaction_state_to_string(DnsTransactionState p) _const_;
	158	DnsTransactionState dns_transaction_state_from_string(const char *s) _pure_;
	159
c3bc53e6 LP	160	const char* dns_transaction_source_to_string(DnsTransactionSource p) _const_;
	161	DnsTransactionSource dns_transaction_source_from_string(const char *s) _pure_;
	162
ec2c5e43	163	/* LLMNR Jitter interval, see RFC 4795 Section 7 */
6e068472	164	#define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC)
ec2c5e43	165
ea12bcc7 DM	166	/* mDNS Jitter interval, see RFC 6762 Section 5.2 */
	167	#define MDNS_JITTER_MIN_USEC (20 * USEC_PER_MSEC)
	168	#define MDNS_JITTER_RANGE_USEC (100 * USEC_PER_MSEC)
	169
ec2c5e43	170	/* Maximum attempts to send DNS requests, across all DNS servers */
3b31df83	171	#define DNS_TRANSACTION_ATTEMPTS_MAX 16
ec2c5e43 LP	172
	173	/* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */
	174	#define LLMNR_TRANSACTION_ATTEMPTS_MAX 3
	175
c3bc53e6	176	#define TRANSACTION_ATTEMPTS_MAX(p) ((p) == DNS_PROTOCOL_LLMNR ? LLMNR_TRANSACTION_ATTEMPTS_MAX : DNS_TRANSACTION_ATTEMPTS_MAX)