2 This file is part of systemd.
4 Copyright 2014 Lennart Poettering
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 #include "alloc-util.h"
21 #include "dns-domain.h"
23 #include "resolved-dns-packet.h"
24 #include "resolved-dns-zone.h"
25 #include "string-util.h"
27 /* Never allow more than 1K entries */
30 void dns_zone_item_probe_stop(DnsZoneItem
*i
) {
34 if (!i
->probe_transaction
)
37 t
= i
->probe_transaction
;
38 i
->probe_transaction
= NULL
;
40 set_remove(t
->notify_zone_items
, i
);
41 set_remove(t
->notify_zone_items_done
, i
);
42 dns_transaction_gc(t
);
45 static void dns_zone_item_free(DnsZoneItem
*i
) {
49 dns_zone_item_probe_stop(i
);
50 dns_resource_record_unref(i
->rr
);
55 DEFINE_TRIVIAL_CLEANUP_FUNC(DnsZoneItem
*, dns_zone_item_free
);
57 static void dns_zone_item_remove_and_free(DnsZone
*z
, DnsZoneItem
*i
) {
65 first
= hashmap_get(z
->by_key
, i
->rr
->key
);
66 LIST_REMOVE(by_key
, first
, i
);
68 assert_se(hashmap_replace(z
->by_key
, first
->rr
->key
, first
) >= 0);
70 hashmap_remove(z
->by_key
, i
->rr
->key
);
72 first
= hashmap_get(z
->by_name
, dns_resource_key_name(i
->rr
->key
));
73 LIST_REMOVE(by_name
, first
, i
);
75 assert_se(hashmap_replace(z
->by_name
, dns_resource_key_name(first
->rr
->key
), first
) >= 0);
77 hashmap_remove(z
->by_name
, dns_resource_key_name(i
->rr
->key
));
79 dns_zone_item_free(i
);
82 void dns_zone_flush(DnsZone
*z
) {
87 while ((i
= hashmap_first(z
->by_key
)))
88 dns_zone_item_remove_and_free(z
, i
);
90 assert(hashmap_size(z
->by_key
) == 0);
91 assert(hashmap_size(z
->by_name
) == 0);
93 z
->by_key
= hashmap_free(z
->by_key
);
94 z
->by_name
= hashmap_free(z
->by_name
);
97 static DnsZoneItem
* dns_zone_get(DnsZone
*z
, DnsResourceRecord
*rr
) {
103 LIST_FOREACH(by_key
, i
, hashmap_get(z
->by_key
, rr
->key
))
104 if (dns_resource_record_equal(i
->rr
, rr
) > 0)
110 void dns_zone_remove_rr(DnsZone
*z
, DnsResourceRecord
*rr
) {
116 i
= dns_zone_get(z
, rr
);
118 dns_zone_item_remove_and_free(z
, i
);
121 static int dns_zone_init(DnsZone
*z
) {
126 r
= hashmap_ensure_allocated(&z
->by_key
, &dns_resource_key_hash_ops
);
130 r
= hashmap_ensure_allocated(&z
->by_name
, &dns_name_hash_ops
);
137 static int dns_zone_link_item(DnsZone
*z
, DnsZoneItem
*i
) {
141 first
= hashmap_get(z
->by_key
, i
->rr
->key
);
143 LIST_PREPEND(by_key
, first
, i
);
144 assert_se(hashmap_replace(z
->by_key
, first
->rr
->key
, first
) >= 0);
146 r
= hashmap_put(z
->by_key
, i
->rr
->key
, i
);
151 first
= hashmap_get(z
->by_name
, dns_resource_key_name(i
->rr
->key
));
153 LIST_PREPEND(by_name
, first
, i
);
154 assert_se(hashmap_replace(z
->by_name
, dns_resource_key_name(first
->rr
->key
), first
) >= 0);
156 r
= hashmap_put(z
->by_name
, dns_resource_key_name(i
->rr
->key
), i
);
164 static int dns_zone_item_probe_start(DnsZoneItem
*i
) {
170 if (i
->probe_transaction
)
173 t
= dns_scope_find_transaction(i
->scope
, &DNS_RESOURCE_KEY_CONST(i
->rr
->key
->class, DNS_TYPE_ANY
, dns_resource_key_name(i
->rr
->key
)), false);
175 _cleanup_(dns_resource_key_unrefp
) DnsResourceKey
*key
= NULL
;
177 key
= dns_resource_key_new(i
->rr
->key
->class, DNS_TYPE_ANY
, dns_resource_key_name(i
->rr
->key
));
181 r
= dns_transaction_new(&t
, i
->scope
, key
);
186 r
= set_ensure_allocated(&t
->notify_zone_items
, NULL
);
190 r
= set_ensure_allocated(&t
->notify_zone_items_done
, NULL
);
194 r
= set_put(t
->notify_zone_items
, i
);
198 i
->probe_transaction
= t
;
200 if (t
->state
== DNS_TRANSACTION_NULL
) {
203 r
= dns_transaction_go(t
);
207 dns_zone_item_probe_stop(i
);
212 dns_zone_item_notify(i
);
216 dns_transaction_gc(t
);
220 int dns_zone_put(DnsZone
*z
, DnsScope
*s
, DnsResourceRecord
*rr
, bool probe
) {
221 _cleanup_(dns_zone_item_freep
) DnsZoneItem
*i
= NULL
;
222 DnsZoneItem
*existing
;
229 if (dns_class_is_pseudo(rr
->key
->class))
231 if (dns_type_is_pseudo(rr
->key
->type
))
234 existing
= dns_zone_get(z
, rr
);
238 r
= dns_zone_init(z
);
242 i
= new0(DnsZoneItem
, 1);
247 i
->rr
= dns_resource_record_ref(rr
);
248 i
->probing_enabled
= probe
;
250 r
= dns_zone_link_item(z
, i
);
255 DnsZoneItem
*first
, *j
;
256 bool established
= false;
258 /* Check if there's already an RR with the same name
259 * established. If so, it has been probed already, and
260 * we don't ned to probe again. */
262 LIST_FIND_HEAD(by_name
, i
, first
);
263 LIST_FOREACH(by_name
, j
, first
) {
267 if (j
->state
== DNS_ZONE_ITEM_ESTABLISHED
)
272 i
->state
= DNS_ZONE_ITEM_ESTABLISHED
;
274 i
->state
= DNS_ZONE_ITEM_PROBING
;
276 r
= dns_zone_item_probe_start(i
);
278 dns_zone_item_remove_and_free(z
, i
);
284 i
->state
= DNS_ZONE_ITEM_ESTABLISHED
;
290 int dns_zone_lookup(DnsZone
*z
, DnsResourceKey
*key
, DnsAnswer
**ret_answer
, DnsAnswer
**ret_soa
, bool *ret_tentative
) {
291 _cleanup_(dns_answer_unrefp
) DnsAnswer
*answer
= NULL
, *soa
= NULL
;
292 unsigned n_answer
= 0;
293 DnsZoneItem
*j
, *first
;
294 bool tentative
= true, need_soa
= false;
301 /* First iteration, count what we have */
303 if (key
->type
== DNS_TYPE_ANY
|| key
->class == DNS_CLASS_ANY
) {
304 bool found
= false, added
= false;
307 /* If this is a generic match, then we have to
308 * go through the list by the name and look
309 * for everything manually */
311 first
= hashmap_get(z
->by_name
, dns_resource_key_name(key
));
312 LIST_FOREACH(by_name
, j
, first
) {
313 if (!IN_SET(j
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
))
318 k
= dns_resource_key_match_rr(key
, j
->rr
, NULL
);
334 /* If this is a specific match, then look for
335 * the right key immediately */
337 first
= hashmap_get(z
->by_key
, key
);
338 LIST_FOREACH(by_key
, j
, first
) {
339 if (!IN_SET(j
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
))
347 first
= hashmap_get(z
->by_name
, dns_resource_key_name(key
));
348 LIST_FOREACH(by_name
, j
, first
) {
349 if (!IN_SET(j
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
))
358 if (n_answer
<= 0 && !need_soa
)
362 answer
= dns_answer_new(n_answer
);
368 soa
= dns_answer_new(1);
373 /* Second iteration, actually add the RRs to the answers */
374 if (key
->type
== DNS_TYPE_ANY
|| key
->class == DNS_CLASS_ANY
) {
375 bool found
= false, added
= false;
378 first
= hashmap_get(z
->by_name
, dns_resource_key_name(key
));
379 LIST_FOREACH(by_name
, j
, first
) {
380 if (!IN_SET(j
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
))
385 if (j
->state
!= DNS_ZONE_ITEM_PROBING
)
388 k
= dns_resource_key_match_rr(key
, j
->rr
, NULL
);
392 r
= dns_answer_add(answer
, j
->rr
, 0, DNS_ANSWER_AUTHENTICATED
);
400 if (found
&& !added
) {
401 r
= dns_answer_add_soa(soa
, dns_resource_key_name(key
), LLMNR_DEFAULT_TTL
);
408 first
= hashmap_get(z
->by_key
, key
);
409 LIST_FOREACH(by_key
, j
, first
) {
410 if (!IN_SET(j
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
))
415 if (j
->state
!= DNS_ZONE_ITEM_PROBING
)
418 r
= dns_answer_add(answer
, j
->rr
, 0, DNS_ANSWER_AUTHENTICATED
);
424 bool add_soa
= false;
426 first
= hashmap_get(z
->by_name
, dns_resource_key_name(key
));
427 LIST_FOREACH(by_name
, j
, first
) {
428 if (!IN_SET(j
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
))
431 if (j
->state
!= DNS_ZONE_ITEM_PROBING
)
438 r
= dns_answer_add_soa(soa
, dns_resource_key_name(key
), LLMNR_DEFAULT_TTL
);
445 /* If the caller sets ret_tentative to NULL, then use this as
446 * indication to not return tentative entries */
448 if (!ret_tentative
&& tentative
)
451 *ret_answer
= answer
;
460 *ret_tentative
= tentative
;
471 *ret_tentative
= false;
476 void dns_zone_item_conflict(DnsZoneItem
*i
) {
479 if (!IN_SET(i
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_VERIFYING
, DNS_ZONE_ITEM_ESTABLISHED
))
482 log_info("Detected conflict on %s", strna(dns_resource_record_to_string(i
->rr
)));
484 dns_zone_item_probe_stop(i
);
486 /* Withdraw the conflict item */
487 i
->state
= DNS_ZONE_ITEM_WITHDRAWN
;
489 /* Maybe change the hostname */
490 if (manager_is_own_hostname(i
->scope
->manager
, dns_resource_key_name(i
->rr
->key
)) > 0)
491 manager_next_hostname(i
->scope
->manager
);
494 void dns_zone_item_notify(DnsZoneItem
*i
) {
496 assert(i
->probe_transaction
);
498 if (i
->block_ready
> 0)
501 if (IN_SET(i
->probe_transaction
->state
, DNS_TRANSACTION_NULL
, DNS_TRANSACTION_PENDING
, DNS_TRANSACTION_VALIDATING
))
504 if (i
->probe_transaction
->state
== DNS_TRANSACTION_SUCCESS
) {
505 bool we_lost
= false;
507 /* The probe got a successful reply. If we so far
508 * weren't established we just give up. If we already
509 * were established, and the peer has the
510 * lexicographically larger IP address we continue
513 if (!IN_SET(i
->state
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
)) {
514 log_debug("Got a successful probe for not yet established RR, we lost.");
517 assert(i
->probe_transaction
->received
);
518 we_lost
= memcmp(&i
->probe_transaction
->received
->sender
, &i
->probe_transaction
->received
->destination
, FAMILY_ADDRESS_SIZE(i
->probe_transaction
->received
->family
)) < 0;
520 log_debug("Got a successful probe reply for an established RR, and we have a lexicographically larger IP address and thus lost.");
524 dns_zone_item_conflict(i
);
528 log_debug("Got a successful probe reply, but peer has lexicographically lower IP address and thus lost.");
531 log_debug("Record %s successfully probed.", strna(dns_resource_record_to_string(i
->rr
)));
533 dns_zone_item_probe_stop(i
);
534 i
->state
= DNS_ZONE_ITEM_ESTABLISHED
;
537 static int dns_zone_item_verify(DnsZoneItem
*i
) {
542 if (i
->state
!= DNS_ZONE_ITEM_ESTABLISHED
)
545 log_debug("Verifying RR %s", strna(dns_resource_record_to_string(i
->rr
)));
547 i
->state
= DNS_ZONE_ITEM_VERIFYING
;
548 r
= dns_zone_item_probe_start(i
);
550 log_error_errno(r
, "Failed to start probing for verifying RR: %m");
551 i
->state
= DNS_ZONE_ITEM_ESTABLISHED
;
558 int dns_zone_check_conflicts(DnsZone
*zone
, DnsResourceRecord
*rr
) {
559 DnsZoneItem
*i
, *first
;
565 /* This checks whether a response RR we received from somebody
566 * else is one that we actually thought was uniquely ours. If
567 * so, we'll verify our RRs. */
569 /* No conflict if we don't have the name at all. */
570 first
= hashmap_get(zone
->by_name
, dns_resource_key_name(rr
->key
));
574 /* No conflict if we have the exact same RR */
575 if (dns_zone_get(zone
, rr
))
578 /* OK, somebody else has RRs for the same name. Yuck! Let's
579 * start probing again */
581 LIST_FOREACH(by_name
, i
, first
) {
582 if (dns_resource_record_equal(i
->rr
, rr
))
585 dns_zone_item_verify(i
);
592 int dns_zone_verify_conflicts(DnsZone
*zone
, DnsResourceKey
*key
) {
593 DnsZoneItem
*i
, *first
;
598 /* Somebody else notified us about a possible conflict. Let's
599 * verify if that's true. */
601 first
= hashmap_get(zone
->by_name
, dns_resource_key_name(key
));
605 LIST_FOREACH(by_name
, i
, first
) {
606 dns_zone_item_verify(i
);
613 void dns_zone_verify_all(DnsZone
*zone
) {
619 HASHMAP_FOREACH(i
, zone
->by_key
, iterator
) {
622 LIST_FOREACH(by_key
, j
, i
)
623 dns_zone_item_verify(j
);
627 void dns_zone_dump(DnsZone
*zone
, FILE *f
) {
637 HASHMAP_FOREACH(i
, zone
->by_key
, iterator
) {
640 LIST_FOREACH(by_key
, j
, i
) {
643 t
= dns_resource_record_to_string(j
->rr
);
656 bool dns_zone_is_empty(DnsZone
*zone
) {
660 return hashmap_isempty(zone
->by_key
);