1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 This file is part of systemd.
5 Copyright 2014 Lennart Poettering
8 #include "alloc-util.h"
9 #include "dns-domain.h"
11 #include "resolved-dns-packet.h"
12 #include "resolved-dns-zone.h"
13 #include "resolved-dnssd.h"
14 #include "string-util.h"
16 /* Never allow more than 1K entries */
19 void dns_zone_item_probe_stop(DnsZoneItem
*i
) {
23 if (!i
->probe_transaction
)
26 t
= TAKE_PTR(i
->probe_transaction
);
28 set_remove(t
->notify_zone_items
, i
);
29 set_remove(t
->notify_zone_items_done
, i
);
30 dns_transaction_gc(t
);
33 static void dns_zone_item_free(DnsZoneItem
*i
) {
37 dns_zone_item_probe_stop(i
);
38 dns_resource_record_unref(i
->rr
);
43 DEFINE_TRIVIAL_CLEANUP_FUNC(DnsZoneItem
*, dns_zone_item_free
);
45 static void dns_zone_item_remove_and_free(DnsZone
*z
, DnsZoneItem
*i
) {
53 first
= hashmap_get(z
->by_key
, i
->rr
->key
);
54 LIST_REMOVE(by_key
, first
, i
);
56 assert_se(hashmap_replace(z
->by_key
, first
->rr
->key
, first
) >= 0);
58 hashmap_remove(z
->by_key
, i
->rr
->key
);
60 first
= hashmap_get(z
->by_name
, dns_resource_key_name(i
->rr
->key
));
61 LIST_REMOVE(by_name
, first
, i
);
63 assert_se(hashmap_replace(z
->by_name
, dns_resource_key_name(first
->rr
->key
), first
) >= 0);
65 hashmap_remove(z
->by_name
, dns_resource_key_name(i
->rr
->key
));
67 dns_zone_item_free(i
);
70 void dns_zone_flush(DnsZone
*z
) {
75 while ((i
= hashmap_first(z
->by_key
)))
76 dns_zone_item_remove_and_free(z
, i
);
78 assert(hashmap_size(z
->by_key
) == 0);
79 assert(hashmap_size(z
->by_name
) == 0);
81 z
->by_key
= hashmap_free(z
->by_key
);
82 z
->by_name
= hashmap_free(z
->by_name
);
85 DnsZoneItem
* dns_zone_get(DnsZone
*z
, DnsResourceRecord
*rr
) {
91 LIST_FOREACH(by_key
, i
, hashmap_get(z
->by_key
, rr
->key
))
92 if (dns_resource_record_equal(i
->rr
, rr
) > 0)
98 void dns_zone_remove_rr(DnsZone
*z
, DnsResourceRecord
*rr
) {
104 i
= dns_zone_get(z
, rr
);
106 dns_zone_item_remove_and_free(z
, i
);
109 int dns_zone_remove_rrs_by_key(DnsZone
*z
, DnsResourceKey
*key
) {
110 _cleanup_(dns_answer_unrefp
) DnsAnswer
*answer
= NULL
, *soa
= NULL
;
111 DnsResourceRecord
*rr
;
115 r
= dns_zone_lookup(z
, key
, 0, &answer
, &soa
, &tentative
);
119 DNS_ANSWER_FOREACH(rr
, answer
)
120 dns_zone_remove_rr(z
, rr
);
125 static int dns_zone_init(DnsZone
*z
) {
130 r
= hashmap_ensure_allocated(&z
->by_key
, &dns_resource_key_hash_ops
);
134 r
= hashmap_ensure_allocated(&z
->by_name
, &dns_name_hash_ops
);
141 static int dns_zone_link_item(DnsZone
*z
, DnsZoneItem
*i
) {
145 first
= hashmap_get(z
->by_key
, i
->rr
->key
);
147 LIST_PREPEND(by_key
, first
, i
);
148 assert_se(hashmap_replace(z
->by_key
, first
->rr
->key
, first
) >= 0);
150 r
= hashmap_put(z
->by_key
, i
->rr
->key
, i
);
155 first
= hashmap_get(z
->by_name
, dns_resource_key_name(i
->rr
->key
));
157 LIST_PREPEND(by_name
, first
, i
);
158 assert_se(hashmap_replace(z
->by_name
, dns_resource_key_name(first
->rr
->key
), first
) >= 0);
160 r
= hashmap_put(z
->by_name
, dns_resource_key_name(i
->rr
->key
), i
);
168 static int dns_zone_item_probe_start(DnsZoneItem
*i
) {
174 if (i
->probe_transaction
)
177 t
= dns_scope_find_transaction(i
->scope
, &DNS_RESOURCE_KEY_CONST(i
->rr
->key
->class, DNS_TYPE_ANY
, dns_resource_key_name(i
->rr
->key
)), false);
179 _cleanup_(dns_resource_key_unrefp
) DnsResourceKey
*key
= NULL
;
181 key
= dns_resource_key_new(i
->rr
->key
->class, DNS_TYPE_ANY
, dns_resource_key_name(i
->rr
->key
));
185 r
= dns_transaction_new(&t
, i
->scope
, key
);
190 r
= set_ensure_allocated(&t
->notify_zone_items
, NULL
);
194 r
= set_ensure_allocated(&t
->notify_zone_items_done
, NULL
);
198 r
= set_put(t
->notify_zone_items
, i
);
202 i
->probe_transaction
= t
;
205 if (t
->state
== DNS_TRANSACTION_NULL
) {
208 r
= dns_transaction_go(t
);
212 dns_zone_item_probe_stop(i
);
217 dns_zone_item_notify(i
);
221 dns_transaction_gc(t
);
225 int dns_zone_put(DnsZone
*z
, DnsScope
*s
, DnsResourceRecord
*rr
, bool probe
) {
226 _cleanup_(dns_zone_item_freep
) DnsZoneItem
*i
= NULL
;
227 DnsZoneItem
*existing
;
234 if (dns_class_is_pseudo(rr
->key
->class))
236 if (dns_type_is_pseudo(rr
->key
->type
))
239 existing
= dns_zone_get(z
, rr
);
243 r
= dns_zone_init(z
);
247 i
= new0(DnsZoneItem
, 1);
252 i
->rr
= dns_resource_record_ref(rr
);
253 i
->probing_enabled
= probe
;
255 r
= dns_zone_link_item(z
, i
);
260 DnsZoneItem
*first
, *j
;
261 bool established
= false;
263 /* Check if there's already an RR with the same name
264 * established. If so, it has been probed already, and
265 * we don't ned to probe again. */
267 LIST_FIND_HEAD(by_name
, i
, first
);
268 LIST_FOREACH(by_name
, j
, first
) {
272 if (j
->state
== DNS_ZONE_ITEM_ESTABLISHED
)
277 i
->state
= DNS_ZONE_ITEM_ESTABLISHED
;
279 i
->state
= DNS_ZONE_ITEM_PROBING
;
281 r
= dns_zone_item_probe_start(i
);
283 dns_zone_item_remove_and_free(z
, i
);
289 i
->state
= DNS_ZONE_ITEM_ESTABLISHED
;
295 static int dns_zone_add_authenticated_answer(DnsAnswer
*a
, DnsZoneItem
*i
, int ifindex
) {
296 DnsAnswerFlags flags
;
298 /* From RFC 6762, Section 10.2
299 * "They (the rules about when to set the cache-flush bit) apply to
300 * startup announcements as described in Section 8.3, "Announcing",
301 * and to responses generated as a result of receiving query messages."
302 * So, set the cache-flush bit for mDNS answers except for DNS-SD
303 * service enumeration PTRs described in RFC 6763, Section 4.1. */
304 if (i
->scope
->protocol
== DNS_PROTOCOL_MDNS
&&
305 !dns_resource_key_is_dnssd_ptr(i
->rr
->key
))
306 flags
= DNS_ANSWER_AUTHENTICATED
|DNS_ANSWER_CACHE_FLUSH
;
308 flags
= DNS_ANSWER_AUTHENTICATED
;
310 return dns_answer_add(a
, i
->rr
, ifindex
, flags
);
313 int dns_zone_lookup(DnsZone
*z
, DnsResourceKey
*key
, int ifindex
, DnsAnswer
**ret_answer
, DnsAnswer
**ret_soa
, bool *ret_tentative
) {
314 _cleanup_(dns_answer_unrefp
) DnsAnswer
*answer
= NULL
, *soa
= NULL
;
315 unsigned n_answer
= 0;
316 DnsZoneItem
*j
, *first
;
317 bool tentative
= true, need_soa
= false;
320 /* Note that we don't actually need the ifindex for anything. However when it is passed we'll initialize the
321 * ifindex field in the answer with it */
327 /* First iteration, count what we have */
329 if (key
->type
== DNS_TYPE_ANY
|| key
->class == DNS_CLASS_ANY
) {
330 bool found
= false, added
= false;
333 /* If this is a generic match, then we have to
334 * go through the list by the name and look
335 * for everything manually */
337 first
= hashmap_get(z
->by_name
, dns_resource_key_name(key
));
338 LIST_FOREACH(by_name
, j
, first
) {
339 if (!IN_SET(j
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
))
344 k
= dns_resource_key_match_rr(key
, j
->rr
, NULL
);
360 /* If this is a specific match, then look for
361 * the right key immediately */
363 first
= hashmap_get(z
->by_key
, key
);
364 LIST_FOREACH(by_key
, j
, first
) {
365 if (!IN_SET(j
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
))
373 first
= hashmap_get(z
->by_name
, dns_resource_key_name(key
));
374 LIST_FOREACH(by_name
, j
, first
) {
375 if (!IN_SET(j
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
))
384 if (n_answer
<= 0 && !need_soa
)
388 answer
= dns_answer_new(n_answer
);
394 soa
= dns_answer_new(1);
399 /* Second iteration, actually add the RRs to the answers */
400 if (key
->type
== DNS_TYPE_ANY
|| key
->class == DNS_CLASS_ANY
) {
401 bool found
= false, added
= false;
404 first
= hashmap_get(z
->by_name
, dns_resource_key_name(key
));
405 LIST_FOREACH(by_name
, j
, first
) {
406 if (!IN_SET(j
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
))
411 if (j
->state
!= DNS_ZONE_ITEM_PROBING
)
414 k
= dns_resource_key_match_rr(key
, j
->rr
, NULL
);
418 r
= dns_zone_add_authenticated_answer(answer
, j
, ifindex
);
426 if (found
&& !added
) {
427 r
= dns_answer_add_soa(soa
, dns_resource_key_name(key
), LLMNR_DEFAULT_TTL
, ifindex
);
434 first
= hashmap_get(z
->by_key
, key
);
435 LIST_FOREACH(by_key
, j
, first
) {
436 if (!IN_SET(j
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
))
441 if (j
->state
!= DNS_ZONE_ITEM_PROBING
)
444 r
= dns_zone_add_authenticated_answer(answer
, j
, ifindex
);
450 bool add_soa
= false;
452 first
= hashmap_get(z
->by_name
, dns_resource_key_name(key
));
453 LIST_FOREACH(by_name
, j
, first
) {
454 if (!IN_SET(j
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
))
457 if (j
->state
!= DNS_ZONE_ITEM_PROBING
)
464 r
= dns_answer_add_soa(soa
, dns_resource_key_name(key
), LLMNR_DEFAULT_TTL
, ifindex
);
471 /* If the caller sets ret_tentative to NULL, then use this as
472 * indication to not return tentative entries */
474 if (!ret_tentative
&& tentative
)
477 *ret_answer
= TAKE_PTR(answer
);
480 *ret_soa
= TAKE_PTR(soa
);
483 *ret_tentative
= tentative
;
494 *ret_tentative
= false;
499 void dns_zone_item_conflict(DnsZoneItem
*i
) {
502 if (!IN_SET(i
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_VERIFYING
, DNS_ZONE_ITEM_ESTABLISHED
))
505 log_info("Detected conflict on %s", strna(dns_resource_record_to_string(i
->rr
)));
507 dns_zone_item_probe_stop(i
);
509 /* Withdraw the conflict item */
510 i
->state
= DNS_ZONE_ITEM_WITHDRAWN
;
512 dnssd_signal_conflict(i
->scope
->manager
, dns_resource_key_name(i
->rr
->key
));
514 /* Maybe change the hostname */
515 if (manager_is_own_hostname(i
->scope
->manager
, dns_resource_key_name(i
->rr
->key
)) > 0)
516 manager_next_hostname(i
->scope
->manager
);
519 void dns_zone_item_notify(DnsZoneItem
*i
) {
521 assert(i
->probe_transaction
);
523 if (i
->block_ready
> 0)
526 if (IN_SET(i
->probe_transaction
->state
, DNS_TRANSACTION_NULL
, DNS_TRANSACTION_PENDING
, DNS_TRANSACTION_VALIDATING
))
529 if (i
->probe_transaction
->state
== DNS_TRANSACTION_SUCCESS
) {
530 bool we_lost
= false;
532 /* The probe got a successful reply. If we so far
533 * weren't established we just give up.
535 * In LLMNR case if we already
536 * were established, and the peer has the
537 * lexicographically larger IP address we continue
540 if (!IN_SET(i
->state
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
)) {
541 log_debug("Got a successful probe for not yet established RR, we lost.");
543 } else if (i
->probe_transaction
->scope
->protocol
== DNS_PROTOCOL_LLMNR
) {
544 assert(i
->probe_transaction
->received
);
545 we_lost
= memcmp(&i
->probe_transaction
->received
->sender
, &i
->probe_transaction
->received
->destination
, FAMILY_ADDRESS_SIZE(i
->probe_transaction
->received
->family
)) < 0;
547 log_debug("Got a successful probe reply for an established RR, and we have a lexicographically larger IP address and thus lost.");
551 dns_zone_item_conflict(i
);
555 log_debug("Got a successful probe reply, but peer has lexicographically lower IP address and thus lost.");
558 log_debug("Record %s successfully probed.", strna(dns_resource_record_to_string(i
->rr
)));
560 dns_zone_item_probe_stop(i
);
561 i
->state
= DNS_ZONE_ITEM_ESTABLISHED
;
564 static int dns_zone_item_verify(DnsZoneItem
*i
) {
569 if (i
->state
!= DNS_ZONE_ITEM_ESTABLISHED
)
572 log_debug("Verifying RR %s", strna(dns_resource_record_to_string(i
->rr
)));
574 i
->state
= DNS_ZONE_ITEM_VERIFYING
;
575 r
= dns_zone_item_probe_start(i
);
577 log_error_errno(r
, "Failed to start probing for verifying RR: %m");
578 i
->state
= DNS_ZONE_ITEM_ESTABLISHED
;
585 int dns_zone_check_conflicts(DnsZone
*zone
, DnsResourceRecord
*rr
) {
586 DnsZoneItem
*i
, *first
;
592 /* This checks whether a response RR we received from somebody
593 * else is one that we actually thought was uniquely ours. If
594 * so, we'll verify our RRs. */
596 /* No conflict if we don't have the name at all. */
597 first
= hashmap_get(zone
->by_name
, dns_resource_key_name(rr
->key
));
601 /* No conflict if we have the exact same RR */
602 if (dns_zone_get(zone
, rr
))
605 /* No conflict if it is DNS-SD RR used for service enumeration. */
606 if (dns_resource_key_is_dnssd_ptr(rr
->key
))
609 /* OK, somebody else has RRs for the same name. Yuck! Let's
610 * start probing again */
612 LIST_FOREACH(by_name
, i
, first
) {
613 if (dns_resource_record_equal(i
->rr
, rr
))
616 dns_zone_item_verify(i
);
623 int dns_zone_verify_conflicts(DnsZone
*zone
, DnsResourceKey
*key
) {
624 DnsZoneItem
*i
, *first
;
629 /* Somebody else notified us about a possible conflict. Let's
630 * verify if that's true. */
632 first
= hashmap_get(zone
->by_name
, dns_resource_key_name(key
));
636 LIST_FOREACH(by_name
, i
, first
) {
637 dns_zone_item_verify(i
);
644 void dns_zone_verify_all(DnsZone
*zone
) {
650 HASHMAP_FOREACH(i
, zone
->by_key
, iterator
) {
653 LIST_FOREACH(by_key
, j
, i
)
654 dns_zone_item_verify(j
);
658 void dns_zone_dump(DnsZone
*zone
, FILE *f
) {
668 HASHMAP_FOREACH(i
, zone
->by_key
, iterator
) {
671 LIST_FOREACH(by_key
, j
, i
) {
674 t
= dns_resource_record_to_string(j
->rr
);
687 bool dns_zone_is_empty(DnsZone
*zone
) {
691 return hashmap_isempty(zone
->by_key
);
694 bool dns_zone_contains_name(DnsZone
*z
, const char *name
) {
695 DnsZoneItem
*i
, *first
;
697 first
= hashmap_get(z
->by_name
, name
);
701 LIST_FOREACH(by_name
, i
, first
) {
702 if (!IN_SET(i
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
))