1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2014 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
23 #include "alloc-util.h"
24 #include "dns-domain.h"
26 #include "random-util.h"
27 #include "resolved-dns-transaction.h"
28 #include "resolved-llmnr.h"
29 #include "string-table.h"
31 DnsTransaction
* dns_transaction_free(DnsTransaction
*t
) {
38 sd_event_source_unref(t
->timeout_event_source
);
40 dns_packet_unref(t
->sent
);
41 dns_packet_unref(t
->received
);
43 dns_answer_unref(t
->answer
);
45 sd_event_source_unref(t
->dns_udp_event_source
);
46 safe_close(t
->dns_udp_fd
);
48 dns_server_unref(t
->server
);
49 dns_stream_free(t
->stream
);
52 hashmap_remove_value(t
->scope
->transactions_by_key
, t
->key
, t
);
53 LIST_REMOVE(transactions_by_scope
, t
->scope
->transactions
, t
);
56 hashmap_remove(t
->scope
->manager
->dns_transactions
, UINT_TO_PTR(t
->id
));
59 dns_resource_key_unref(t
->key
);
61 while ((c
= set_steal_first(t
->query_candidates
)))
62 set_remove(c
->transactions
, t
);
64 set_free(t
->query_candidates
);
66 while ((i
= set_steal_first(t
->zone_items
)))
67 i
->probe_transaction
= NULL
;
68 set_free(t
->zone_items
);
74 DEFINE_TRIVIAL_CLEANUP_FUNC(DnsTransaction
*, dns_transaction_free
);
76 void dns_transaction_gc(DnsTransaction
*t
) {
82 if (set_isempty(t
->query_candidates
) && set_isempty(t
->zone_items
))
83 dns_transaction_free(t
);
86 int dns_transaction_new(DnsTransaction
**ret
, DnsScope
*s
, DnsResourceKey
*key
) {
87 _cleanup_(dns_transaction_freep
) DnsTransaction
*t
= NULL
;
94 r
= hashmap_ensure_allocated(&s
->manager
->dns_transactions
, NULL
);
98 r
= hashmap_ensure_allocated(&s
->transactions_by_key
, &dns_resource_key_hash_ops
);
102 t
= new0(DnsTransaction
, 1);
107 t
->answer_source
= _DNS_TRANSACTION_SOURCE_INVALID
;
108 t
->key
= dns_resource_key_ref(key
);
110 /* Find a fresh, unused transaction id */
112 random_bytes(&t
->id
, sizeof(t
->id
));
114 hashmap_get(s
->manager
->dns_transactions
, UINT_TO_PTR(t
->id
)));
116 r
= hashmap_put(s
->manager
->dns_transactions
, UINT_TO_PTR(t
->id
), t
);
122 r
= hashmap_replace(s
->transactions_by_key
, t
->key
, t
);
124 hashmap_remove(s
->manager
->dns_transactions
, UINT_TO_PTR(t
->id
));
128 LIST_PREPEND(transactions_by_scope
, s
->transactions
, t
);
139 static void dns_transaction_stop(DnsTransaction
*t
) {
142 t
->timeout_event_source
= sd_event_source_unref(t
->timeout_event_source
);
143 t
->stream
= dns_stream_free(t
->stream
);
145 /* Note that we do not drop the UDP socket here, as we want to
146 * reuse it to repeat the interaction. */
149 static void dns_transaction_tentative(DnsTransaction
*t
, DnsPacket
*p
) {
150 _cleanup_free_
char *pretty
= NULL
;
156 if (manager_our_packet(t
->scope
->manager
, p
) != 0)
159 in_addr_to_string(p
->family
, &p
->sender
, &pretty
);
161 log_debug("Transaction on scope %s on %s/%s got tentative packet from %s",
162 dns_protocol_to_string(t
->scope
->protocol
),
163 t
->scope
->link
? t
->scope
->link
->name
: "*",
164 t
->scope
->family
== AF_UNSPEC
? "*" : af_to_name(t
->scope
->family
),
167 /* RFC 4795, Section 4.1 says that the peer with the
168 * lexicographically smaller IP address loses */
169 if (memcmp(&p
->sender
, &p
->destination
, FAMILY_ADDRESS_SIZE(p
->family
)) >= 0) {
170 log_debug("Peer has lexicographically larger IP address and thus lost in the conflict.");
174 log_debug("We have the lexicographically larger IP address and thus lost in the conflict.");
177 while ((z
= set_first(t
->zone_items
))) {
178 /* First, make sure the zone item drops the reference
180 dns_zone_item_probe_stop(z
);
182 /* Secondly, report this as conflict, so that we might
183 * look for a different hostname */
184 dns_zone_item_conflict(z
);
188 dns_transaction_gc(t
);
191 void dns_transaction_complete(DnsTransaction
*t
, DnsTransactionState state
) {
192 DnsQueryCandidate
*c
;
197 assert(!IN_SET(state
, DNS_TRANSACTION_NULL
, DNS_TRANSACTION_PENDING
));
199 /* Note that this call might invalidate the query. Callers
200 * should hence not attempt to access the query or transaction
201 * after calling this function. */
203 log_debug("Transaction on scope %s on %s/%s now complete with <%s> from %s",
204 dns_protocol_to_string(t
->scope
->protocol
),
205 t
->scope
->link
? t
->scope
->link
->name
: "*",
206 t
->scope
->family
== AF_UNSPEC
? "*" : af_to_name(t
->scope
->family
),
207 dns_transaction_state_to_string(state
),
208 t
->answer_source
< 0 ? "none" : dns_transaction_source_to_string(t
->answer_source
));
212 dns_transaction_stop(t
);
214 /* Notify all queries that are interested, but make sure the
215 * transaction isn't freed while we are still looking at it */
217 SET_FOREACH(c
, t
->query_candidates
, i
)
218 dns_query_candidate_ready(c
);
219 SET_FOREACH(z
, t
->zone_items
, i
)
220 dns_zone_item_ready(z
);
223 dns_transaction_gc(t
);
226 static int on_stream_complete(DnsStream
*s
, int error
) {
227 _cleanup_(dns_packet_unrefp
) DnsPacket
*p
= NULL
;
231 assert(s
->transaction
);
233 /* Copy the data we care about out of the stream before we
236 p
= dns_packet_ref(s
->read_packet
);
238 t
->stream
= dns_stream_free(t
->stream
);
241 dns_transaction_complete(t
, DNS_TRANSACTION_RESOURCES
);
245 if (dns_packet_validate_reply(p
) <= 0) {
246 log_debug("Invalid LLMNR TCP packet.");
247 dns_transaction_complete(t
, DNS_TRANSACTION_INVALID_REPLY
);
251 dns_scope_check_conflicts(t
->scope
, p
);
254 dns_transaction_process_reply(t
, p
);
257 /* If the response wasn't useful, then complete the transition now */
258 if (t
->state
== DNS_TRANSACTION_PENDING
)
259 dns_transaction_complete(t
, DNS_TRANSACTION_INVALID_REPLY
);
264 static int dns_transaction_open_tcp(DnsTransaction
*t
) {
265 DnsServer
*server
= NULL
;
266 _cleanup_close_
int fd
= -1;
274 switch (t
->scope
->protocol
) {
275 case DNS_PROTOCOL_DNS
:
276 fd
= dns_scope_tcp_socket(t
->scope
, AF_UNSPEC
, NULL
, 53, &server
);
279 case DNS_PROTOCOL_LLMNR
:
280 /* When we already received a reply to this (but it was truncated), send to its sender address */
282 fd
= dns_scope_tcp_socket(t
->scope
, t
->received
->family
, &t
->received
->sender
, t
->received
->sender_port
, NULL
);
284 union in_addr_union address
;
285 int family
= AF_UNSPEC
;
287 /* Otherwise, try to talk to the owner of a
288 * the IP address, in case this is a reverse
291 r
= dns_name_address(DNS_RESOURCE_KEY_NAME(t
->key
), &family
, &address
);
296 if (family
!= t
->scope
->family
)
299 fd
= dns_scope_tcp_socket(t
->scope
, family
, &address
, LLMNR_PORT
, NULL
);
305 return -EAFNOSUPPORT
;
311 r
= dns_stream_new(t
->scope
->manager
, &t
->stream
, t
->scope
->protocol
, fd
);
317 r
= dns_stream_write_packet(t
->stream
, t
->sent
);
319 t
->stream
= dns_stream_free(t
->stream
);
323 dns_server_unref(t
->server
);
324 t
->server
= dns_server_ref(server
);
325 t
->received
= dns_packet_unref(t
->received
);
326 t
->answer
= dns_answer_unref(t
->answer
);
328 t
->stream
->complete
= on_stream_complete
;
329 t
->stream
->transaction
= t
;
331 /* The interface index is difficult to determine if we are
332 * connecting to the local host, hence fill this in right away
333 * instead of determining it from the socket */
335 t
->stream
->ifindex
= t
->scope
->link
->ifindex
;
340 static void dns_transaction_next_dns_server(DnsTransaction
*t
) {
343 t
->server
= dns_server_unref(t
->server
);
344 t
->dns_udp_event_source
= sd_event_source_unref(t
->dns_udp_event_source
);
345 t
->dns_udp_fd
= safe_close(t
->dns_udp_fd
);
347 dns_scope_next_dns_server(t
->scope
);
350 void dns_transaction_process_reply(DnsTransaction
*t
, DnsPacket
*p
) {
356 assert(t
->state
== DNS_TRANSACTION_PENDING
);
358 assert(t
->scope
->manager
);
360 /* Note that this call might invalidate the query. Callers
361 * should hence not attempt to access the query or transaction
362 * after calling this function. */
364 switch (t
->scope
->protocol
) {
365 case DNS_PROTOCOL_LLMNR
:
366 assert(t
->scope
->link
);
368 /* For LLMNR we will not accept any packets from other
371 if (p
->ifindex
!= t
->scope
->link
->ifindex
)
374 if (p
->family
!= t
->scope
->family
)
377 /* Tentative packets are not full responses but still
378 * useful for identifying uniqueness conflicts during
380 if (DNS_PACKET_LLMNR_T(p
)) {
381 dns_transaction_tentative(t
, p
);
387 case DNS_PROTOCOL_DNS
:
391 assert_not_reached("Invalid DNS protocol.");
394 if (t
->received
!= p
) {
395 dns_packet_unref(t
->received
);
396 t
->received
= dns_packet_ref(p
);
399 t
->answer_source
= DNS_TRANSACTION_NETWORK
;
401 if (p
->ipproto
== IPPROTO_TCP
) {
402 if (DNS_PACKET_TC(p
)) {
403 /* Truncated via TCP? Somebody must be fucking with us */
404 dns_transaction_complete(t
, DNS_TRANSACTION_INVALID_REPLY
);
408 if (DNS_PACKET_ID(p
) != t
->id
) {
409 /* Not the reply to our query? Somebody must be fucking with us */
410 dns_transaction_complete(t
, DNS_TRANSACTION_INVALID_REPLY
);
415 assert_se(sd_event_now(t
->scope
->manager
->event
, clock_boottime_or_monotonic(), &ts
) >= 0);
417 switch (t
->scope
->protocol
) {
418 case DNS_PROTOCOL_DNS
:
421 dns_server_packet_received(t
->server
, ts
- t
->start_usec
);
424 case DNS_PROTOCOL_LLMNR
:
425 case DNS_PROTOCOL_MDNS
:
426 dns_scope_packet_received(t
->scope
, ts
- t
->start_usec
);
433 if (DNS_PACKET_TC(p
)) {
434 /* Response was truncated, let's try again with good old TCP */
435 r
= dns_transaction_open_tcp(t
);
437 /* No servers found? Damn! */
438 dns_transaction_complete(t
, DNS_TRANSACTION_NO_SERVERS
);
442 /* On LLMNR, if we cannot connect to the host,
443 * we immediately give up */
444 if (t
->scope
->protocol
== DNS_PROTOCOL_LLMNR
) {
445 dns_transaction_complete(t
, DNS_TRANSACTION_RESOURCES
);
449 /* On DNS, couldn't send? Try immediately again, with a new server */
450 dns_transaction_next_dns_server(t
);
452 r
= dns_transaction_go(t
);
454 dns_transaction_complete(t
, DNS_TRANSACTION_RESOURCES
);
462 /* Parse and update the cache */
463 r
= dns_packet_extract(p
);
465 dns_transaction_complete(t
, DNS_TRANSACTION_INVALID_REPLY
);
469 /* Install the answer as answer to the transaction */
470 dns_answer_unref(t
->answer
);
471 t
->answer
= dns_answer_ref(p
->answer
);
472 t
->answer_rcode
= DNS_PACKET_RCODE(p
);
474 /* Only consider responses with equivalent query section to the request */
475 if (p
->question
->n_keys
!= 1 || dns_resource_key_equal(p
->question
->keys
[0], t
->key
) <= 0) {
476 dns_transaction_complete(t
, DNS_TRANSACTION_INVALID_REPLY
);
480 /* According to RFC 4795, section 2.9. only the RRs from the answer section shall be cached */
481 if (DNS_PACKET_SHALL_CACHE(p
))
482 dns_cache_put(&t
->scope
->cache
, t
->key
, DNS_PACKET_RCODE(p
), p
->answer
, DNS_PACKET_ANCOUNT(p
), 0, p
->family
, &p
->sender
);
484 if (DNS_PACKET_RCODE(p
) == DNS_RCODE_SUCCESS
)
485 dns_transaction_complete(t
, DNS_TRANSACTION_SUCCESS
);
487 dns_transaction_complete(t
, DNS_TRANSACTION_FAILURE
);
490 static int on_dns_packet(sd_event_source
*s
, int fd
, uint32_t revents
, void *userdata
) {
491 _cleanup_(dns_packet_unrefp
) DnsPacket
*p
= NULL
;
492 DnsTransaction
*t
= userdata
;
498 r
= manager_recv(t
->scope
->manager
, fd
, DNS_PROTOCOL_DNS
, &p
);
502 if (dns_packet_validate_reply(p
) > 0 &&
503 DNS_PACKET_ID(p
) == t
->id
)
504 dns_transaction_process_reply(t
, p
);
506 log_debug("Invalid DNS packet.");
511 static int dns_transaction_emit(DnsTransaction
*t
) {
516 if (t
->scope
->protocol
== DNS_PROTOCOL_DNS
&& !t
->server
) {
517 DnsServer
*server
= NULL
;
518 _cleanup_close_
int fd
= -1;
520 fd
= dns_scope_udp_dns_socket(t
->scope
, &server
);
524 r
= sd_event_add_io(t
->scope
->manager
->event
, &t
->dns_udp_event_source
, fd
, EPOLLIN
, on_dns_packet
, t
);
530 t
->server
= dns_server_ref(server
);
533 r
= dns_scope_emit(t
->scope
, t
->dns_udp_fd
, t
->sent
);
540 static int on_transaction_timeout(sd_event_source
*s
, usec_t usec
, void *userdata
) {
541 DnsTransaction
*t
= userdata
;
547 /* Timeout reached? Try again, with a new server */
548 dns_transaction_next_dns_server(t
);
550 /* ... and possibly increased timeout */
552 dns_server_packet_lost(t
->server
, usec
- t
->start_usec
);
554 dns_scope_packet_lost(t
->scope
, usec
- t
->start_usec
);
556 r
= dns_transaction_go(t
);
558 dns_transaction_complete(t
, DNS_TRANSACTION_RESOURCES
);
563 static int dns_transaction_make_packet(DnsTransaction
*t
) {
564 _cleanup_(dns_packet_unrefp
) DnsPacket
*p
= NULL
;
572 r
= dns_packet_new_query(&p
, t
->scope
->protocol
, 0);
576 r
= dns_scope_good_key(t
->scope
, t
->key
);
582 r
= dns_packet_append_key(p
, t
->key
, NULL
);
586 DNS_PACKET_HEADER(p
)->qdcount
= htobe16(1);
587 DNS_PACKET_HEADER(p
)->id
= t
->id
;
595 static usec_t
transaction_get_resend_timeout(DnsTransaction
*t
) {
599 switch (t
->scope
->protocol
) {
600 case DNS_PROTOCOL_DNS
:
603 return t
->server
->resend_timeout
;
604 case DNS_PROTOCOL_LLMNR
:
605 case DNS_PROTOCOL_MDNS
:
606 return t
->scope
->resend_timeout
;
608 assert_not_reached("Invalid DNS protocol.");
612 int dns_transaction_go(DnsTransaction
*t
) {
619 had_stream
= !!t
->stream
;
621 dns_transaction_stop(t
);
623 log_debug("Excercising transaction on scope %s on %s/%s",
624 dns_protocol_to_string(t
->scope
->protocol
),
625 t
->scope
->link
? t
->scope
->link
->name
: "*",
626 t
->scope
->family
== AF_UNSPEC
? "*" : af_to_name(t
->scope
->family
));
628 if (t
->n_attempts
>= TRANSACTION_ATTEMPTS_MAX(t
->scope
->protocol
)) {
629 dns_transaction_complete(t
, DNS_TRANSACTION_ATTEMPTS_MAX_REACHED
);
633 if (t
->scope
->protocol
== DNS_PROTOCOL_LLMNR
&& had_stream
) {
634 /* If we already tried via a stream, then we don't
635 * retry on LLMNR. See RFC 4795, Section 2.7. */
636 dns_transaction_complete(t
, DNS_TRANSACTION_ATTEMPTS_MAX_REACHED
);
640 assert_se(sd_event_now(t
->scope
->manager
->event
, clock_boottime_or_monotonic(), &ts
) >= 0);
644 t
->received
= dns_packet_unref(t
->received
);
645 t
->answer
= dns_answer_unref(t
->answer
);
647 t
->answer_source
= _DNS_TRANSACTION_SOURCE_INVALID
;
649 /* Check the zone, but obly if this transaction is not used
650 * for probing or verifying a zone item. */
651 if (set_isempty(t
->zone_items
)) {
653 r
= dns_zone_lookup(&t
->scope
->zone
, t
->key
, &t
->answer
, NULL
, NULL
);
657 t
->answer_rcode
= DNS_RCODE_SUCCESS
;
658 t
->answer_source
= DNS_TRANSACTION_ZONE
;
659 dns_transaction_complete(t
, DNS_TRANSACTION_SUCCESS
);
664 /* Check the cache, but only if this transaction is not used
665 * for probing or verifying a zone item. */
666 if (set_isempty(t
->zone_items
)) {
668 /* Before trying the cache, let's make sure we figured out a
669 * server to use. Should this cause a change of server this
670 * might flush the cache. */
671 dns_scope_get_dns_server(t
->scope
);
673 /* Let's then prune all outdated entries */
674 dns_cache_prune(&t
->scope
->cache
);
676 r
= dns_cache_lookup(&t
->scope
->cache
, t
->key
, &t
->answer_rcode
, &t
->answer
);
680 t
->answer_source
= DNS_TRANSACTION_CACHE
;
681 if (t
->answer_rcode
== DNS_RCODE_SUCCESS
)
682 dns_transaction_complete(t
, DNS_TRANSACTION_SUCCESS
);
684 dns_transaction_complete(t
, DNS_TRANSACTION_FAILURE
);
689 if (t
->scope
->protocol
== DNS_PROTOCOL_LLMNR
&& !t
->initial_jitter
) {
692 /* RFC 4795 Section 2.7 suggests all queries should be
693 * delayed by a random time from 0 to JITTER_INTERVAL. */
695 t
->initial_jitter
= true;
697 random_bytes(&jitter
, sizeof(jitter
));
698 jitter
%= LLMNR_JITTER_INTERVAL_USEC
;
700 r
= sd_event_add_time(
701 t
->scope
->manager
->event
,
702 &t
->timeout_event_source
,
703 clock_boottime_or_monotonic(),
705 LLMNR_JITTER_INTERVAL_USEC
,
706 on_transaction_timeout
, t
);
711 t
->state
= DNS_TRANSACTION_PENDING
;
713 log_debug("Delaying LLMNR transaction for " USEC_FMT
"us.", jitter
);
717 /* Otherwise, we need to ask the network */
718 r
= dns_transaction_make_packet(t
);
720 /* Not the right request to make on this network?
721 * (i.e. an A request made on IPv6 or an AAAA request
722 * made on IPv4, on LLMNR or mDNS.) */
723 dns_transaction_complete(t
, DNS_TRANSACTION_NO_SERVERS
);
729 if (t
->scope
->protocol
== DNS_PROTOCOL_LLMNR
&&
730 (dns_name_endswith(DNS_RESOURCE_KEY_NAME(t
->key
), "in-addr.arpa") > 0 ||
731 dns_name_endswith(DNS_RESOURCE_KEY_NAME(t
->key
), "ip6.arpa") > 0)) {
733 /* RFC 4795, Section 2.4. says reverse lookups shall
734 * always be made via TCP on LLMNR */
735 r
= dns_transaction_open_tcp(t
);
737 /* Try via UDP, and if that fails due to large size try via TCP */
738 r
= dns_transaction_emit(t
);
740 r
= dns_transaction_open_tcp(t
);
743 /* No servers to send this to? */
744 dns_transaction_complete(t
, DNS_TRANSACTION_NO_SERVERS
);
747 if (t
->scope
->protocol
!= DNS_PROTOCOL_DNS
) {
748 dns_transaction_complete(t
, DNS_TRANSACTION_RESOURCES
);
752 /* Couldn't send? Try immediately again, with a new server */
753 dns_transaction_next_dns_server(t
);
755 return dns_transaction_go(t
);
758 r
= sd_event_add_time(
759 t
->scope
->manager
->event
,
760 &t
->timeout_event_source
,
761 clock_boottime_or_monotonic(),
762 ts
+ transaction_get_resend_timeout(t
), 0,
763 on_transaction_timeout
, t
);
767 t
->state
= DNS_TRANSACTION_PENDING
;
771 static const char* const dns_transaction_state_table
[_DNS_TRANSACTION_STATE_MAX
] = {
772 [DNS_TRANSACTION_NULL
] = "null",
773 [DNS_TRANSACTION_PENDING
] = "pending",
774 [DNS_TRANSACTION_FAILURE
] = "failure",
775 [DNS_TRANSACTION_SUCCESS
] = "success",
776 [DNS_TRANSACTION_NO_SERVERS
] = "no-servers",
777 [DNS_TRANSACTION_TIMEOUT
] = "timeout",
778 [DNS_TRANSACTION_ATTEMPTS_MAX_REACHED
] = "attempts-max-reached",
779 [DNS_TRANSACTION_INVALID_REPLY
] = "invalid-reply",
780 [DNS_TRANSACTION_RESOURCES
] = "resources",
781 [DNS_TRANSACTION_ABORTED
] = "aborted",
783 DEFINE_STRING_TABLE_LOOKUP(dns_transaction_state
, DnsTransactionState
);
785 static const char* const dns_transaction_source_table
[_DNS_TRANSACTION_SOURCE_MAX
] = {
786 [DNS_TRANSACTION_NETWORK
] = "network",
787 [DNS_TRANSACTION_CACHE
] = "cache",
788 [DNS_TRANSACTION_ZONE
] = "zone",
790 DEFINE_STRING_TABLE_LOOKUP(dns_transaction_source
, DnsTransactionSource
);