]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolved-dns-transaction.c
projects / thirdparty / systemd.git / blob
? search:


7924b24354912b4afb72a2c9e7d3dc009f857aa6
[thirdparty/systemd.git] / src / resolve / resolved-dns-transaction.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2014 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include "af-list.h"
23 #include "alloc-util.h"
24 #include "dns-domain.h"
25 #include "fd-util.h"
26 #include "random-util.h"
27 #include "resolved-dns-transaction.h"
28 #include "resolved-llmnr.h"
29 #include "string-table.h"
30
31 DnsTransaction* dns_transaction_free(DnsTransaction *t) {
32 DnsQueryCandidate *c;
33 DnsZoneItem *i;
34
35 if (!t)
36 return NULL;
37
38 sd_event_source_unref(t->timeout_event_source);
39
40 dns_packet_unref(t->sent);
41 dns_packet_unref(t->received);
42
43 dns_answer_unref(t->answer);
44
45 sd_event_source_unref(t->dns_udp_event_source);
46 safe_close(t->dns_udp_fd);
47
48 dns_server_unref(t->server);
49 dns_stream_free(t->stream);
50
51 if (t->scope) {
52 hashmap_remove_value(t->scope->transactions_by_key, t->key, t);
53 LIST_REMOVE(transactions_by_scope, t->scope->transactions, t);
54
55 if (t->id != 0)
56 hashmap_remove(t->scope->manager->dns_transactions, UINT_TO_PTR(t->id));
57 }
58
59 dns_resource_key_unref(t->key);
60
61 while ((c = set_steal_first(t->query_candidates)))
62 set_remove(c->transactions, t);
63
64 set_free(t->query_candidates);
65
66 while ((i = set_steal_first(t->zone_items)))
67 i->probe_transaction = NULL;
68 set_free(t->zone_items);
69
70 free(t);
71 return NULL;
72 }
73
74 DEFINE_TRIVIAL_CLEANUP_FUNC(DnsTransaction*, dns_transaction_free);
75
76 void dns_transaction_gc(DnsTransaction *t) {
77 assert(t);
78
79 if (t->block_gc > 0)
80 return;
81
82 if (set_isempty(t->query_candidates) && set_isempty(t->zone_items))
83 dns_transaction_free(t);
84 }
85
86 int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsResourceKey *key) {
87 _cleanup_(dns_transaction_freep) DnsTransaction *t = NULL;
88 int r;
89
90 assert(ret);
91 assert(s);
92 assert(key);
93
94 r = hashmap_ensure_allocated(&s->manager->dns_transactions, NULL);
95 if (r < 0)
96 return r;
97
98 r = hashmap_ensure_allocated(&s->transactions_by_key, &dns_resource_key_hash_ops);
99 if (r < 0)
100 return r;
101
102 t = new0(DnsTransaction, 1);
103 if (!t)
104 return -ENOMEM;
105
106 t->dns_udp_fd = -1;
107 t->answer_source = _DNS_TRANSACTION_SOURCE_INVALID;
108 t->key = dns_resource_key_ref(key);
109
110 /* Find a fresh, unused transaction id */
111 do
112 random_bytes(&t->id, sizeof(t->id));
113 while (t->id == 0 ||
114 hashmap_get(s->manager->dns_transactions, UINT_TO_PTR(t->id)));
115
116 r = hashmap_put(s->manager->dns_transactions, UINT_TO_PTR(t->id), t);
117 if (r < 0) {
118 t->id = 0;
119 return r;
120 }
121
122 r = hashmap_replace(s->transactions_by_key, t->key, t);
123 if (r < 0) {
124 hashmap_remove(s->manager->dns_transactions, UINT_TO_PTR(t->id));
125 return r;
126 }
127
128 LIST_PREPEND(transactions_by_scope, s->transactions, t);
129 t->scope = s;
130
131 if (ret)
132 *ret = t;
133
134 t = NULL;
135
136 return 0;
137 }
138
139 static void dns_transaction_stop(DnsTransaction *t) {
140 assert(t);
141
142 t->timeout_event_source = sd_event_source_unref(t->timeout_event_source);
143 t->stream = dns_stream_free(t->stream);
144
145 /* Note that we do not drop the UDP socket here, as we want to
146 * reuse it to repeat the interaction. */
147 }
148
149 static void dns_transaction_tentative(DnsTransaction *t, DnsPacket *p) {
150 _cleanup_free_ char *pretty = NULL;
151 DnsZoneItem *z;
152
153 assert(t);
154 assert(p);
155
156 if (manager_our_packet(t->scope->manager, p) != 0)
157 return;
158
159 in_addr_to_string(p->family, &p->sender, &pretty);
160
161 log_debug("Transaction on scope %s on %s/%s got tentative packet from %s",
162 dns_protocol_to_string(t->scope->protocol),
163 t->scope->link ? t->scope->link->name : "*",
164 t->scope->family == AF_UNSPEC ? "*" : af_to_name(t->scope->family),
165 pretty);
166
167 /* RFC 4795, Section 4.1 says that the peer with the
168 * lexicographically smaller IP address loses */
169 if (memcmp(&p->sender, &p->destination, FAMILY_ADDRESS_SIZE(p->family)) >= 0) {
170 log_debug("Peer has lexicographically larger IP address and thus lost in the conflict.");
171 return;
172 }
173
174 log_debug("We have the lexicographically larger IP address and thus lost in the conflict.");
175
176 t->block_gc++;
177 while ((z = set_first(t->zone_items))) {
178 /* First, make sure the zone item drops the reference
179 * to us */
180 dns_zone_item_probe_stop(z);
181
182 /* Secondly, report this as conflict, so that we might
183 * look for a different hostname */
184 dns_zone_item_conflict(z);
185 }
186 t->block_gc--;
187
188 dns_transaction_gc(t);
189 }
190
191 void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state) {
192 DnsQueryCandidate *c;
193 DnsZoneItem *z;
194 Iterator i;
195
196 assert(t);
197 assert(!IN_SET(state, DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING));
198
199 /* Note that this call might invalidate the query. Callers
200 * should hence not attempt to access the query or transaction
201 * after calling this function. */
202
203 log_debug("Transaction on scope %s on %s/%s now complete with <%s> from %s",
204 dns_protocol_to_string(t->scope->protocol),
205 t->scope->link ? t->scope->link->name : "*",
206 t->scope->family == AF_UNSPEC ? "*" : af_to_name(t->scope->family),
207 dns_transaction_state_to_string(state),
208 t->answer_source < 0 ? "none" : dns_transaction_source_to_string(t->answer_source));
209
210 t->state = state;
211
212 dns_transaction_stop(t);
213
214 /* Notify all queries that are interested, but make sure the
215 * transaction isn't freed while we are still looking at it */
216 t->block_gc++;
217 SET_FOREACH(c, t->query_candidates, i)
218 dns_query_candidate_ready(c);
219 SET_FOREACH(z, t->zone_items, i)
220 dns_zone_item_ready(z);
221 t->block_gc--;
222
223 dns_transaction_gc(t);
224 }
225
226 static int on_stream_complete(DnsStream *s, int error) {
227 _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
228 DnsTransaction *t;
229
230 assert(s);
231 assert(s->transaction);
232
233 /* Copy the data we care about out of the stream before we
234 * destroy it. */
235 t = s->transaction;
236 p = dns_packet_ref(s->read_packet);
237
238 t->stream = dns_stream_free(t->stream);
239
240 if (error != 0) {
241 dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
242 return 0;
243 }
244
245 if (dns_packet_validate_reply(p) <= 0) {
246 log_debug("Invalid TCP reply packet.");
247 dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
248 return 0;
249 }
250
251 dns_scope_check_conflicts(t->scope, p);
252
253 t->block_gc++;
254 dns_transaction_process_reply(t, p);
255 t->block_gc--;
256
257 /* If the response wasn't useful, then complete the transition now */
258 if (t->state == DNS_TRANSACTION_PENDING)
259 dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
260
261 return 0;
262 }
263
264 static int dns_transaction_open_tcp(DnsTransaction *t) {
265 DnsServer *server = NULL;
266 _cleanup_close_ int fd = -1;
267 int r;
268
269 assert(t);
270
271 if (t->stream)
272 return 0;
273
274 switch (t->scope->protocol) {
275 case DNS_PROTOCOL_DNS:
276 fd = dns_scope_tcp_socket(t->scope, AF_UNSPEC, NULL, 53, &server);
277 break;
278
279 case DNS_PROTOCOL_LLMNR:
280 /* When we already received a reply to this (but it was truncated), send to its sender address */
281 if (t->received)
282 fd = dns_scope_tcp_socket(t->scope, t->received->family, &t->received->sender, t->received->sender_port, NULL);
283 else {
284 union in_addr_union address;
285 int family = AF_UNSPEC;
286
287 /* Otherwise, try to talk to the owner of a
288 * the IP address, in case this is a reverse
289 * PTR lookup */
290
291 r = dns_name_address(DNS_RESOURCE_KEY_NAME(t->key), &family, &address);
292 if (r < 0)
293 return r;
294 if (r == 0)
295 return -EINVAL;
296 if (family != t->scope->family)
297 return -ESRCH;
298
299 fd = dns_scope_tcp_socket(t->scope, family, &address, LLMNR_PORT, NULL);
300 }
301
302 break;
303
304 default:
305 return -EAFNOSUPPORT;
306 }
307
308 if (fd < 0)
309 return fd;
310
311 r = dns_stream_new(t->scope->manager, &t->stream, t->scope->protocol, fd);
312 if (r < 0)
313 return r;
314
315 fd = -1;
316
317 r = dns_stream_write_packet(t->stream, t->sent);
318 if (r < 0) {
319 t->stream = dns_stream_free(t->stream);
320 return r;
321 }
322
323 dns_server_unref(t->server);
324 t->server = dns_server_ref(server);
325 t->received = dns_packet_unref(t->received);
326 t->answer = dns_answer_unref(t->answer);
327 t->answer_rcode = 0;
328 t->stream->complete = on_stream_complete;
329 t->stream->transaction = t;
330
331 /* The interface index is difficult to determine if we are
332 * connecting to the local host, hence fill this in right away
333 * instead of determining it from the socket */
334 if (t->scope->link)
335 t->stream->ifindex = t->scope->link->ifindex;
336
337 return 0;
338 }
339
340 static void dns_transaction_next_dns_server(DnsTransaction *t) {
341 assert(t);
342
343 t->server = dns_server_unref(t->server);
344 t->dns_udp_event_source = sd_event_source_unref(t->dns_udp_event_source);
345 t->dns_udp_fd = safe_close(t->dns_udp_fd);
346
347 dns_scope_next_dns_server(t->scope);
348 }
349
350 void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p) {
351 usec_t ts;
352 int r;
353
354 assert(t);
355 assert(p);
356 assert(t->state == DNS_TRANSACTION_PENDING);
357 assert(t->scope);
358 assert(t->scope->manager);
359
360 /* Note that this call might invalidate the query. Callers
361 * should hence not attempt to access the query or transaction
362 * after calling this function. */
363
364 switch (t->scope->protocol) {
365 case DNS_PROTOCOL_LLMNR:
366 assert(t->scope->link);
367
368 /* For LLMNR we will not accept any packets from other
369 * interfaces */
370
371 if (p->ifindex != t->scope->link->ifindex)
372 return;
373
374 if (p->family != t->scope->family)
375 return;
376
377 /* Tentative packets are not full responses but still
378 * useful for identifying uniqueness conflicts during
379 * probing. */
380 if (DNS_PACKET_LLMNR_T(p)) {
381 dns_transaction_tentative(t, p);
382 return;
383 }
384
385 break;
386
387 case DNS_PROTOCOL_MDNS:
388 assert(t->scope->link);
389
390 /* For mDNS we will not accept any packets from other interfaces */
391 if (p->ifindex != t->scope->link->ifindex)
392 return;
393
394 if (p->family != t->scope->family)
395 return;
396
397 break;
398
399 case DNS_PROTOCOL_DNS:
400 break;
401
402 default:
403 assert_not_reached("Invalid DNS protocol.");
404 }
405
406 if (t->received != p) {
407 dns_packet_unref(t->received);
408 t->received = dns_packet_ref(p);
409 }
410
411 t->answer_source = DNS_TRANSACTION_NETWORK;
412
413 if (p->ipproto == IPPROTO_TCP) {
414 if (DNS_PACKET_TC(p)) {
415 /* Truncated via TCP? Somebody must be fucking with us */
416 dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
417 return;
418 }
419
420 if (DNS_PACKET_ID(p) != t->id) {
421 /* Not the reply to our query? Somebody must be fucking with us */
422 dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
423 return;
424 }
425 }
426
427 assert_se(sd_event_now(t->scope->manager->event, clock_boottime_or_monotonic(), &ts) >= 0);
428
429 switch (t->scope->protocol) {
430 case DNS_PROTOCOL_DNS:
431 assert(t->server);
432
433 if (IN_SET(DNS_PACKET_RCODE(p), DNS_RCODE_FORMERR, DNS_RCODE_SERVFAIL, DNS_RCODE_NOTIMP)) {
434
435 /* request failed, immediately try again with reduced features */
436 log_debug("Server returned error: %s", dns_rcode_to_string(DNS_PACKET_RCODE(p)));
437
438 dns_server_packet_failed(t->server, t->current_features);
439
440 r = dns_transaction_go(t);
441 if (r < 0) {
442 dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
443 return;
444 }
445
446 return;
447 } else
448 dns_server_packet_received(t->server, t->current_features, ts - t->start_usec, p->size);
449
450 break;
451 case DNS_PROTOCOL_LLMNR:
452 case DNS_PROTOCOL_MDNS:
453 dns_scope_packet_received(t->scope, ts - t->start_usec);
454
455 break;
456 default:
457 break;
458 }
459
460 if (DNS_PACKET_TC(p)) {
461
462 /* Truncated packets for mDNS are not allowed. Give up immediately. */
463 if (t->scope->protocol == DNS_PROTOCOL_MDNS) {
464 dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
465 return;
466 }
467
468 /* Response was truncated, let's try again with good old TCP */
469 r = dns_transaction_open_tcp(t);
470 if (r == -ESRCH) {
471 /* No servers found? Damn! */
472 dns_transaction_complete(t, DNS_TRANSACTION_NO_SERVERS);
473 return;
474 }
475 if (r < 0) {
476 /* On LLMNR and mDNS, if we cannot connect to the host,
477 * we immediately give up */
478 if (t->scope->protocol == DNS_PROTOCOL_LLMNR) {
479 dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
480 return;
481 }
482
483 /* On DNS, couldn't send? Try immediately again, with a new server */
484 dns_transaction_next_dns_server(t);
485
486 r = dns_transaction_go(t);
487 if (r < 0) {
488 dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
489 return;
490 }
491
492 return;
493 }
494 }
495
496 /* Parse and update the cache */
497 r = dns_packet_extract(p);
498 if (r < 0) {
499 dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
500 return;
501 }
502
503 if (t->scope->protocol == DNS_PROTOCOL_DNS) {
504 /* Only consider responses with equivalent query section to the request */
505 if (p->question->n_keys != 1 || dns_resource_key_equal(p->question->keys[0], t->key) <= 0) {
506 dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
507 return;
508 }
509
510 /* Install the answer as answer to the transaction */
511 dns_answer_unref(t->answer);
512 t->answer = dns_answer_ref(p->answer);
513 t->answer_rcode = DNS_PACKET_RCODE(p);
514 t->answer_authenticated = t->scope->dnssec_mode == DNSSEC_TRUST && DNS_PACKET_AD(p);
515
516 /* According to RFC 4795, section 2.9. only the RRs from the answer section shall be cached */
517 if (DNS_PACKET_SHALL_CACHE(p))
518 dns_cache_put(&t->scope->cache,
519 t->key,
520 DNS_PACKET_RCODE(p),
521 p->answer,
522 DNS_PACKET_ANCOUNT(p),
523 t->answer_authenticated,
524 0,
525 p->family,
526 &p->sender);
527 }
528
529 if (DNS_PACKET_RCODE(p) == DNS_RCODE_SUCCESS)
530 dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS);
531 else
532 dns_transaction_complete(t, DNS_TRANSACTION_FAILURE);
533 }
534
535 static int on_dns_packet(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
536 _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
537 DnsTransaction *t = userdata;
538 int r;
539
540 assert(t);
541 assert(t->scope);
542
543 r = manager_recv(t->scope->manager, fd, DNS_PROTOCOL_DNS, &p);
544 if (r <= 0)
545 return r;
546
547 if (dns_packet_validate_reply(p) > 0 &&
548 DNS_PACKET_ID(p) == t->id)
549 dns_transaction_process_reply(t, p);
550 else
551 log_debug("Invalid DNS packet.");
552
553 return 0;
554 }
555
556 static int dns_transaction_emit(DnsTransaction *t) {
557 int r;
558
559 assert(t);
560
561 if (t->scope->protocol == DNS_PROTOCOL_DNS && !t->server) {
562 DnsServer *server = NULL;
563 _cleanup_close_ int fd = -1;
564
565 fd = dns_scope_udp_dns_socket(t->scope, &server);
566 if (fd < 0)
567 return fd;
568
569 r = sd_event_add_io(t->scope->manager->event, &t->dns_udp_event_source, fd, EPOLLIN, on_dns_packet, t);
570 if (r < 0)
571 return r;
572
573 t->dns_udp_fd = fd;
574 fd = -1;
575 t->server = dns_server_ref(server);
576 }
577
578 r = dns_scope_emit(t->scope, t->dns_udp_fd, t->server, t->sent);
579 if (r < 0)
580 return r;
581
582 if (t->server)
583 t->current_features = t->server->possible_features;
584
585 return 0;
586 }
587
588 static int on_transaction_timeout(sd_event_source *s, usec_t usec, void *userdata) {
589 DnsTransaction *t = userdata;
590 int r;
591
592 assert(s);
593 assert(t);
594
595 if (!t->initial_jitter_scheduled || t->initial_jitter_elapsed) {
596 /* Timeout reached? Increase the timeout for the server used */
597 switch (t->scope->protocol) {
598 case DNS_PROTOCOL_DNS:
599 assert(t->server);
600
601 dns_server_packet_lost(t->server, t->current_features, usec - t->start_usec);
602
603 break;
604 case DNS_PROTOCOL_LLMNR:
605 case DNS_PROTOCOL_MDNS:
606 dns_scope_packet_lost(t->scope, usec - t->start_usec);
607
608 break;
609 default:
610 assert_not_reached("Invalid DNS protocol.");
611 }
612
613 if (t->initial_jitter_scheduled)
614 t->initial_jitter_elapsed = true;
615 }
616
617 /* ...and try again with a new server */
618 dns_transaction_next_dns_server(t);
619
620 r = dns_transaction_go(t);
621 if (r < 0)
622 dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
623
624 return 0;
625 }
626
627 static int dns_transaction_make_packet(DnsTransaction *t) {
628 _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
629 int r;
630
631 assert(t);
632
633 if (t->sent)
634 return 0;
635
636 r = dns_packet_new_query(&p, t->scope->protocol, 0, t->scope->dnssec_mode == DNSSEC_YES);
637 if (r < 0)
638 return r;
639
640 r = dns_scope_good_key(t->scope, t->key);
641 if (r < 0)
642 return r;
643 if (r == 0)
644 return -EDOM;
645
646 r = dns_packet_append_key(p, t->key, NULL);
647 if (r < 0)
648 return r;
649
650 DNS_PACKET_HEADER(p)->qdcount = htobe16(1);
651 DNS_PACKET_HEADER(p)->id = t->id;
652
653 t->sent = p;
654 p = NULL;
655
656 return 0;
657 }
658
659 static usec_t transaction_get_resend_timeout(DnsTransaction *t) {
660 assert(t);
661 assert(t->scope);
662
663 switch (t->scope->protocol) {
664 case DNS_PROTOCOL_DNS:
665 assert(t->server);
666
667 return t->server->resend_timeout;
668 case DNS_PROTOCOL_MDNS:
669 assert(t->n_attempts > 0);
670 return (1 << (t->n_attempts - 1)) * USEC_PER_SEC;
671 case DNS_PROTOCOL_LLMNR:
672 return t->scope->resend_timeout;
673 default:
674 assert_not_reached("Invalid DNS protocol.");
675 }
676 }
677
678 static int dns_transaction_prepare_next_attempt(DnsTransaction *t, usec_t ts) {
679 bool had_stream;
680 int r;
681
682 assert(t);
683
684 had_stream = !!t->stream;
685
686 dns_transaction_stop(t);
687
688 if (t->n_attempts >= TRANSACTION_ATTEMPTS_MAX(t->scope->protocol)) {
689 dns_transaction_complete(t, DNS_TRANSACTION_ATTEMPTS_MAX_REACHED);
690 return 0;
691 }
692
693 if (t->scope->protocol == DNS_PROTOCOL_LLMNR && had_stream) {
694 /* If we already tried via a stream, then we don't
695 * retry on LLMNR. See RFC 4795, Section 2.7. */
696 dns_transaction_complete(t, DNS_TRANSACTION_ATTEMPTS_MAX_REACHED);
697 return 0;
698 }
699
700 t->n_attempts++;
701 t->start_usec = ts;
702 t->received = dns_packet_unref(t->received);
703 t->answer = dns_answer_unref(t->answer);
704 t->answer_rcode = 0;
705 t->answer_source = _DNS_TRANSACTION_SOURCE_INVALID;
706
707 /* Check the trust anchor. Do so only on classic DNS, since DNSSEC does not apply otherwise. */
708 if (t->scope->protocol == DNS_PROTOCOL_DNS) {
709 r = dns_trust_anchor_lookup(&t->scope->manager->trust_anchor, t->key, &t->answer);
710 if (r < 0)
711 return r;
712 if (r > 0) {
713 t->answer_rcode = DNS_RCODE_SUCCESS;
714 t->answer_source = DNS_TRANSACTION_TRUST_ANCHOR;
715 t->answer_authenticated = true;
716 dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS);
717 return 0;
718 }
719 }
720
721 /* Check the zone, but only if this transaction is not used
722 * for probing or verifying a zone item. */
723 if (set_isempty(t->zone_items)) {
724
725 r = dns_zone_lookup(&t->scope->zone, t->key, &t->answer, NULL, NULL);
726 if (r < 0)
727 return r;
728 if (r > 0) {
729 t->answer_rcode = DNS_RCODE_SUCCESS;
730 t->answer_source = DNS_TRANSACTION_ZONE;
731 t->answer_authenticated = true;
732 dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS);
733 return 0;
734 }
735 }
736
737 /* Check the cache, but only if this transaction is not used
738 * for probing or verifying a zone item. */
739 if (set_isempty(t->zone_items)) {
740
741 /* Before trying the cache, let's make sure we figured out a
742 * server to use. Should this cause a change of server this
743 * might flush the cache. */
744 dns_scope_get_dns_server(t->scope);
745
746 /* Let's then prune all outdated entries */
747 dns_cache_prune(&t->scope->cache);
748
749 r = dns_cache_lookup(&t->scope->cache, t->key, &t->answer_rcode, &t->answer, &t->answer_authenticated);
750 if (r < 0)
751 return r;
752 if (r > 0) {
753 t->answer_source = DNS_TRANSACTION_CACHE;
754 if (t->answer_rcode == DNS_RCODE_SUCCESS)
755 dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS);
756 else
757 dns_transaction_complete(t, DNS_TRANSACTION_FAILURE);
758 return 0;
759 }
760 }
761
762 return 1;
763 }
764
765 int dns_transaction_go(DnsTransaction *t) {
766 usec_t ts;
767 int r;
768
769 assert(t);
770
771 assert_se(sd_event_now(t->scope->manager->event, clock_boottime_or_monotonic(), &ts) >= 0);
772 r = dns_transaction_prepare_next_attempt(t, ts);
773 if (r <= 0)
774 return r;
775
776 log_debug("Excercising transaction on scope %s on %s/%s",
777 dns_protocol_to_string(t->scope->protocol),
778 t->scope->link ? t->scope->link->name : "*",
779 t->scope->family == AF_UNSPEC ? "*" : af_to_name(t->scope->family));
780
781 if (!t->initial_jitter_scheduled &&
782 (t->scope->protocol == DNS_PROTOCOL_LLMNR ||
783 t->scope->protocol == DNS_PROTOCOL_MDNS)) {
784 usec_t jitter, accuracy;
785
786 /* RFC 4795 Section 2.7 suggests all queries should be
787 * delayed by a random time from 0 to JITTER_INTERVAL. */
788
789 t->initial_jitter_scheduled = true;
790
791 random_bytes(&jitter, sizeof(jitter));
792
793 switch (t->scope->protocol) {
794 case DNS_PROTOCOL_LLMNR:
795 jitter %= LLMNR_JITTER_INTERVAL_USEC;
796 accuracy = LLMNR_JITTER_INTERVAL_USEC;
797 break;
798 case DNS_PROTOCOL_MDNS:
799 jitter %= MDNS_JITTER_RANGE_USEC;
800 jitter += MDNS_JITTER_MIN_USEC;
801 accuracy = MDNS_JITTER_RANGE_USEC;
802 break;
803 default:
804 assert_not_reached("bad protocol");
805 }
806
807 r = sd_event_add_time(
808 t->scope->manager->event,
809 &t->timeout_event_source,
810 clock_boottime_or_monotonic(),
811 ts + jitter, accuracy,
812 on_transaction_timeout, t);
813 if (r < 0)
814 return r;
815
816 t->n_attempts = 0;
817 t->next_attempt_after = ts;
818 t->state = DNS_TRANSACTION_PENDING;
819
820 log_debug("Delaying %s transaction for " USEC_FMT "us.", dns_protocol_to_string(t->scope->protocol), jitter);
821 return 0;
822 }
823
824 /* Otherwise, we need to ask the network */
825 r = dns_transaction_make_packet(t);
826 if (r == -EDOM) {
827 /* Not the right request to make on this network?
828 * (i.e. an A request made on IPv6 or an AAAA request
829 * made on IPv4, on LLMNR or mDNS.) */
830 dns_transaction_complete(t, DNS_TRANSACTION_NO_SERVERS);
831 return 0;
832 }
833 if (r < 0)
834 return r;
835
836 if (t->scope->protocol == DNS_PROTOCOL_LLMNR &&
837 (dns_name_endswith(DNS_RESOURCE_KEY_NAME(t->key), "in-addr.arpa") > 0 ||
838 dns_name_endswith(DNS_RESOURCE_KEY_NAME(t->key), "ip6.arpa") > 0)) {
839
840 /* RFC 4795, Section 2.4. says reverse lookups shall
841 * always be made via TCP on LLMNR */
842 r = dns_transaction_open_tcp(t);
843 } else {
844 /* Try via UDP, and if that fails due to large size or lack of
845 * support try via TCP */
846 r = dns_transaction_emit(t);
847 if (r == -EMSGSIZE || r == -EAGAIN)
848 r = dns_transaction_open_tcp(t);
849 }
850
851 if (r == -ESRCH) {
852 /* No servers to send this to? */
853 dns_transaction_complete(t, DNS_TRANSACTION_NO_SERVERS);
854 return 0;
855 } else if (r < 0) {
856 if (t->scope->protocol != DNS_PROTOCOL_DNS) {
857 dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
858 return 0;
859 }
860
861 /* Couldn't send? Try immediately again, with a new server */
862 dns_transaction_next_dns_server(t);
863
864 return dns_transaction_go(t);
865 }
866
867 ts += transaction_get_resend_timeout(t);
868
869 r = sd_event_add_time(
870 t->scope->manager->event,
871 &t->timeout_event_source,
872 clock_boottime_or_monotonic(),
873 ts, 0,
874 on_transaction_timeout, t);
875 if (r < 0)
876 return r;
877
878 t->state = DNS_TRANSACTION_PENDING;
879 t->next_attempt_after = ts;
880
881 return 1;
882 }
883
884 static const char* const dns_transaction_state_table[_DNS_TRANSACTION_STATE_MAX] = {
885 [DNS_TRANSACTION_NULL] = "null",
886 [DNS_TRANSACTION_PENDING] = "pending",
887 [DNS_TRANSACTION_FAILURE] = "failure",
888 [DNS_TRANSACTION_SUCCESS] = "success",
889 [DNS_TRANSACTION_NO_SERVERS] = "no-servers",
890 [DNS_TRANSACTION_TIMEOUT] = "timeout",
891 [DNS_TRANSACTION_ATTEMPTS_MAX_REACHED] = "attempts-max-reached",
892 [DNS_TRANSACTION_INVALID_REPLY] = "invalid-reply",
893 [DNS_TRANSACTION_RESOURCES] = "resources",
894 [DNS_TRANSACTION_ABORTED] = "aborted",
895 };
896 DEFINE_STRING_TABLE_LOOKUP(dns_transaction_state, DnsTransactionState);
897
898 static const char* const dns_transaction_source_table[_DNS_TRANSACTION_SOURCE_MAX] = {
899 [DNS_TRANSACTION_NETWORK] = "network",
900 [DNS_TRANSACTION_CACHE] = "cache",
901 [DNS_TRANSACTION_ZONE] = "zone",
902 [DNS_TRANSACTION_TRUST_ANCHOR] = "trust-anchor",
903 };
904 DEFINE_STRING_TABLE_LOOKUP(dns_transaction_source, DnsTransactionSource);
Unnamed repository; edit this file 'description' to name the repository.