]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
322345fd LP |
2 | /*** |
3 | This file is part of systemd. | |
4 | ||
5 | Copyright 2014 Lennart Poettering | |
6 | ||
7 | systemd is free software; you can redistribute it and/or modify it | |
8 | under the terms of the GNU Lesser General Public License as published by | |
9 | the Free Software Foundation; either version 2.1 of the License, or | |
10 | (at your option) any later version. | |
11 | ||
12 | systemd is distributed in the hope that it will be useful, but | |
13 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
15 | Lesser General Public License for more details. | |
16 | ||
17 | You should have received a copy of the GNU Lesser General Public License | |
18 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
19 | ***/ | |
20 | ||
202b76ae ZJS |
21 | #include <net/if.h> |
22 | ||
23 | #include "af-list.h" | |
b5efdb8a | 24 | #include "alloc-util.h" |
58db254a | 25 | #include "dns-domain.h" |
02c2857b | 26 | #include "resolved-dns-answer.h" |
322345fd | 27 | #include "resolved-dns-cache.h" |
7e8e0422 | 28 | #include "resolved-dns-packet.h" |
58db254a | 29 | #include "string-util.h" |
322345fd | 30 | |
6af47493 LP |
31 | /* Never cache more than 4K entries. RFC 1536, Section 5 suggests to |
32 | * leave DNS caches unbounded, but that's crazy. */ | |
d98e5504 | 33 | #define CACHE_MAX 4096 |
cbd4560e | 34 | |
d98e5504 LP |
35 | /* We never keep any item longer than 2h in our cache */ |
36 | #define CACHE_TTL_MAX_USEC (2 * USEC_PER_HOUR) | |
322345fd | 37 | |
201d9958 LP |
38 | /* How long to cache strange rcodes, i.e. rcodes != SUCCESS and != NXDOMAIN (specifically: that's only SERVFAIL for |
39 | * now) */ | |
40 | #define CACHE_TTL_STRANGE_RCODE_USEC (30 * USEC_PER_SEC) | |
41 | ||
623a4c97 LP |
42 | typedef enum DnsCacheItemType DnsCacheItemType; |
43 | typedef struct DnsCacheItem DnsCacheItem; | |
44 | ||
45 | enum DnsCacheItemType { | |
46 | DNS_CACHE_POSITIVE, | |
47 | DNS_CACHE_NODATA, | |
48 | DNS_CACHE_NXDOMAIN, | |
201d9958 | 49 | DNS_CACHE_RCODE, /* "strange" RCODE (effective only SERVFAIL for now) */ |
623a4c97 LP |
50 | }; |
51 | ||
52 | struct DnsCacheItem { | |
d2579eec | 53 | DnsCacheItemType type; |
623a4c97 LP |
54 | DnsResourceKey *key; |
55 | DnsResourceRecord *rr; | |
201d9958 | 56 | int rcode; |
d2579eec | 57 | |
623a4c97 | 58 | usec_t until; |
d2579eec LP |
59 | bool authenticated:1; |
60 | bool shared_owner:1; | |
61 | ||
06d12754 | 62 | int ifindex; |
a4076574 LP |
63 | int owner_family; |
64 | union in_addr_union owner_address; | |
d2579eec LP |
65 | |
66 | unsigned prioq_idx; | |
623a4c97 LP |
67 | LIST_FIELDS(DnsCacheItem, by_key); |
68 | }; | |
69 | ||
201d9958 LP |
70 | static const char *dns_cache_item_type_to_string(DnsCacheItem *item) { |
71 | assert(item); | |
72 | ||
73 | switch (item->type) { | |
74 | ||
75 | case DNS_CACHE_POSITIVE: | |
76 | return "POSITIVE"; | |
77 | ||
78 | case DNS_CACHE_NODATA: | |
79 | return "NODATA"; | |
80 | ||
81 | case DNS_CACHE_NXDOMAIN: | |
82 | return "NXDOMAIN"; | |
83 | ||
84 | case DNS_CACHE_RCODE: | |
85 | return dns_rcode_to_string(item->rcode); | |
86 | } | |
87 | ||
88 | return NULL; | |
89 | } | |
90 | ||
322345fd LP |
91 | static void dns_cache_item_free(DnsCacheItem *i) { |
92 | if (!i) | |
93 | return; | |
94 | ||
95 | dns_resource_record_unref(i->rr); | |
7e8e0422 | 96 | dns_resource_key_unref(i->key); |
322345fd LP |
97 | free(i); |
98 | } | |
99 | ||
100 | DEFINE_TRIVIAL_CLEANUP_FUNC(DnsCacheItem*, dns_cache_item_free); | |
101 | ||
39963f11 | 102 | static void dns_cache_item_unlink_and_free(DnsCache *c, DnsCacheItem *i) { |
322345fd LP |
103 | DnsCacheItem *first; |
104 | ||
105 | assert(c); | |
106 | ||
107 | if (!i) | |
108 | return; | |
109 | ||
7e8e0422 LP |
110 | first = hashmap_get(c->by_key, i->key); |
111 | LIST_REMOVE(by_key, first, i); | |
322345fd LP |
112 | |
113 | if (first) | |
7e8e0422 | 114 | assert_se(hashmap_replace(c->by_key, first->key, first) >= 0); |
322345fd | 115 | else |
7e8e0422 | 116 | hashmap_remove(c->by_key, i->key); |
322345fd | 117 | |
7e8e0422 | 118 | prioq_remove(c->by_expiry, i, &i->prioq_idx); |
322345fd LP |
119 | |
120 | dns_cache_item_free(i); | |
121 | } | |
122 | ||
f5bdeb01 LP |
123 | static bool dns_cache_remove_by_rr(DnsCache *c, DnsResourceRecord *rr) { |
124 | DnsCacheItem *first, *i; | |
125 | int r; | |
126 | ||
127 | first = hashmap_get(c->by_key, rr->key); | |
128 | LIST_FOREACH(by_key, i, first) { | |
129 | r = dns_resource_record_equal(i->rr, rr); | |
130 | if (r < 0) | |
131 | return r; | |
132 | if (r > 0) { | |
39963f11 | 133 | dns_cache_item_unlink_and_free(c, i); |
f5bdeb01 LP |
134 | return true; |
135 | } | |
136 | } | |
137 | ||
138 | return false; | |
139 | } | |
140 | ||
2dda578f | 141 | static bool dns_cache_remove_by_key(DnsCache *c, DnsResourceKey *key) { |
1f97052f | 142 | DnsCacheItem *first, *i, *n; |
322345fd LP |
143 | |
144 | assert(c); | |
145 | assert(key); | |
146 | ||
1f97052f LP |
147 | first = hashmap_remove(c->by_key, key); |
148 | if (!first) | |
149 | return false; | |
150 | ||
151 | LIST_FOREACH_SAFE(by_key, i, n, first) { | |
152 | prioq_remove(c->by_expiry, i, &i->prioq_idx); | |
153 | dns_cache_item_free(i); | |
6b34a6c9 TG |
154 | } |
155 | ||
1f97052f | 156 | return true; |
322345fd LP |
157 | } |
158 | ||
ef9a3e3c LP |
159 | void dns_cache_flush(DnsCache *c) { |
160 | DnsResourceKey *key; | |
161 | ||
162 | assert(c); | |
163 | ||
164 | while ((key = hashmap_first_key(c->by_key))) | |
2dda578f | 165 | dns_cache_remove_by_key(c, key); |
ef9a3e3c LP |
166 | |
167 | assert(hashmap_size(c->by_key) == 0); | |
168 | assert(prioq_size(c->by_expiry) == 0); | |
169 | ||
170 | c->by_key = hashmap_free(c->by_key); | |
171 | c->by_expiry = prioq_free(c->by_expiry); | |
172 | } | |
173 | ||
322345fd LP |
174 | static void dns_cache_make_space(DnsCache *c, unsigned add) { |
175 | assert(c); | |
176 | ||
177 | if (add <= 0) | |
178 | return; | |
179 | ||
180 | /* Makes space for n new entries. Note that we actually allow | |
181 | * the cache to grow beyond CACHE_MAX, but only when we shall | |
182 | * add more RRs to the cache than CACHE_MAX at once. In that | |
183 | * case the cache will be emptied completely otherwise. */ | |
184 | ||
185 | for (;;) { | |
faa133f3 | 186 | _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL; |
322345fd LP |
187 | DnsCacheItem *i; |
188 | ||
7e8e0422 | 189 | if (prioq_size(c->by_expiry) <= 0) |
322345fd LP |
190 | break; |
191 | ||
7e8e0422 | 192 | if (prioq_size(c->by_expiry) + add < CACHE_MAX) |
322345fd LP |
193 | break; |
194 | ||
7e8e0422 | 195 | i = prioq_peek(c->by_expiry); |
cbd4560e LP |
196 | assert(i); |
197 | ||
faa133f3 | 198 | /* Take an extra reference to the key so that it |
cbd4560e | 199 | * doesn't go away in the middle of the remove call */ |
7e8e0422 | 200 | key = dns_resource_key_ref(i->key); |
2dda578f | 201 | dns_cache_remove_by_key(c, key); |
322345fd LP |
202 | } |
203 | } | |
204 | ||
205 | void dns_cache_prune(DnsCache *c) { | |
206 | usec_t t = 0; | |
207 | ||
208 | assert(c); | |
209 | ||
210 | /* Remove all entries that are past their TTL */ | |
211 | ||
212 | for (;;) { | |
213 | DnsCacheItem *i; | |
202b76ae | 214 | char key_str[DNS_RESOURCE_KEY_STRING_MAX]; |
322345fd | 215 | |
7e8e0422 | 216 | i = prioq_peek(c->by_expiry); |
322345fd LP |
217 | if (!i) |
218 | break; | |
219 | ||
322345fd | 220 | if (t <= 0) |
240b589b | 221 | t = now(clock_boottime_or_monotonic()); |
322345fd | 222 | |
7e8e0422 | 223 | if (i->until > t) |
322345fd LP |
224 | break; |
225 | ||
d2579eec | 226 | /* Depending whether this is an mDNS shared entry |
202b76ae ZJS |
227 | * either remove only this one RR or the whole RRset */ |
228 | log_debug("Removing %scache entry for %s (expired "USEC_FMT"s ago)", | |
229 | i->shared_owner ? "shared " : "", | |
230 | dns_resource_key_to_string(i->key, key_str, sizeof key_str), | |
231 | (t - i->until) / USEC_PER_SEC); | |
232 | ||
d2579eec | 233 | if (i->shared_owner) |
39963f11 | 234 | dns_cache_item_unlink_and_free(c, i); |
d2579eec LP |
235 | else { |
236 | _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL; | |
237 | ||
238 | /* Take an extra reference to the key so that it | |
239 | * doesn't go away in the middle of the remove call */ | |
240 | key = dns_resource_key_ref(i->key); | |
2dda578f | 241 | dns_cache_remove_by_key(c, key); |
d2579eec | 242 | } |
322345fd LP |
243 | } |
244 | } | |
245 | ||
246 | static int dns_cache_item_prioq_compare_func(const void *a, const void *b) { | |
322345fd LP |
247 | const DnsCacheItem *x = a, *y = b; |
248 | ||
7e8e0422 | 249 | if (x->until < y->until) |
322345fd | 250 | return -1; |
7e8e0422 | 251 | if (x->until > y->until) |
322345fd LP |
252 | return 1; |
253 | return 0; | |
254 | } | |
255 | ||
623a4c97 | 256 | static int dns_cache_init(DnsCache *c) { |
7e8e0422 LP |
257 | int r; |
258 | ||
623a4c97 LP |
259 | assert(c); |
260 | ||
7e8e0422 LP |
261 | r = prioq_ensure_allocated(&c->by_expiry, dns_cache_item_prioq_compare_func); |
262 | if (r < 0) | |
263 | return r; | |
264 | ||
d5099efc | 265 | r = hashmap_ensure_allocated(&c->by_key, &dns_resource_key_hash_ops); |
7e8e0422 LP |
266 | if (r < 0) |
267 | return r; | |
268 | ||
269 | return r; | |
270 | } | |
271 | ||
272 | static int dns_cache_link_item(DnsCache *c, DnsCacheItem *i) { | |
273 | DnsCacheItem *first; | |
274 | int r; | |
275 | ||
322345fd LP |
276 | assert(c); |
277 | assert(i); | |
322345fd | 278 | |
7e8e0422 LP |
279 | r = prioq_put(c->by_expiry, i, &i->prioq_idx); |
280 | if (r < 0) | |
281 | return r; | |
322345fd | 282 | |
7e8e0422 LP |
283 | first = hashmap_get(c->by_key, i->key); |
284 | if (first) { | |
f57e3cd5 LP |
285 | _cleanup_(dns_resource_key_unrefp) DnsResourceKey *k = NULL; |
286 | ||
287 | /* Keep a reference to the original key, while we manipulate the list. */ | |
288 | k = dns_resource_key_ref(first->key); | |
289 | ||
290 | /* Now, try to reduce the number of keys we keep */ | |
291 | dns_resource_key_reduce(&first->key, &i->key); | |
292 | ||
293 | if (first->rr) | |
294 | dns_resource_key_reduce(&first->rr->key, &i->key); | |
295 | if (i->rr) | |
296 | dns_resource_key_reduce(&i->rr->key, &i->key); | |
297 | ||
7e8e0422 LP |
298 | LIST_PREPEND(by_key, first, i); |
299 | assert_se(hashmap_replace(c->by_key, first->key, first) >= 0); | |
300 | } else { | |
301 | r = hashmap_put(c->by_key, i->key, i); | |
302 | if (r < 0) { | |
303 | prioq_remove(c->by_expiry, i, &i->prioq_idx); | |
304 | return r; | |
305 | } | |
322345fd LP |
306 | } |
307 | ||
7e8e0422 | 308 | return 0; |
322345fd LP |
309 | } |
310 | ||
faa133f3 LP |
311 | static DnsCacheItem* dns_cache_get(DnsCache *c, DnsResourceRecord *rr) { |
312 | DnsCacheItem *i; | |
313 | ||
314 | assert(c); | |
315 | assert(rr); | |
316 | ||
7e8e0422 | 317 | LIST_FOREACH(by_key, i, hashmap_get(c->by_key, rr->key)) |
3ef77d04 | 318 | if (i->rr && dns_resource_record_equal(i->rr, rr) > 0) |
faa133f3 LP |
319 | return i; |
320 | ||
321 | return NULL; | |
322 | } | |
323 | ||
d3760be0 | 324 | static usec_t calculate_until(DnsResourceRecord *rr, uint32_t nsec_ttl, usec_t timestamp, bool use_soa_minimum) { |
b211dc7e LP |
325 | uint32_t ttl; |
326 | usec_t u; | |
ee3d6aff LP |
327 | |
328 | assert(rr); | |
329 | ||
d3760be0 | 330 | ttl = MIN(rr->ttl, nsec_ttl); |
b211dc7e LP |
331 | if (rr->key->type == DNS_TYPE_SOA && use_soa_minimum) { |
332 | /* If this is a SOA RR, and it is requested, clamp to | |
333 | * the SOA's minimum field. This is used when we do | |
334 | * negative caching, to determine the TTL for the | |
335 | * negative caching entry. See RFC 2308, Section | |
336 | * 5. */ | |
ee3d6aff | 337 | |
b211dc7e LP |
338 | if (ttl > rr->soa.minimum) |
339 | ttl = rr->soa.minimum; | |
340 | } | |
341 | ||
342 | u = ttl * USEC_PER_SEC; | |
343 | if (u > CACHE_TTL_MAX_USEC) | |
344 | u = CACHE_TTL_MAX_USEC; | |
ee3d6aff LP |
345 | |
346 | if (rr->expiry != USEC_INFINITY) { | |
347 | usec_t left; | |
348 | ||
b211dc7e LP |
349 | /* Make use of the DNSSEC RRSIG expiry info, if we |
350 | * have it */ | |
ee3d6aff LP |
351 | |
352 | left = LESS_BY(rr->expiry, now(CLOCK_REALTIME)); | |
b211dc7e LP |
353 | if (u > left) |
354 | u = left; | |
ee3d6aff LP |
355 | } |
356 | ||
b211dc7e | 357 | return timestamp + u; |
ee3d6aff LP |
358 | } |
359 | ||
d2579eec LP |
360 | static void dns_cache_item_update_positive( |
361 | DnsCache *c, | |
362 | DnsCacheItem *i, | |
363 | DnsResourceRecord *rr, | |
364 | bool authenticated, | |
365 | bool shared_owner, | |
366 | usec_t timestamp, | |
06d12754 | 367 | int ifindex, |
d2579eec LP |
368 | int owner_family, |
369 | const union in_addr_union *owner_address) { | |
370 | ||
7e8e0422 LP |
371 | assert(c); |
372 | assert(i); | |
373 | assert(rr); | |
d2579eec | 374 | assert(owner_address); |
7e8e0422 LP |
375 | |
376 | i->type = DNS_CACHE_POSITIVE; | |
377 | ||
ece174c5 | 378 | if (!i->by_key_prev) |
7e8e0422 LP |
379 | /* We are the first item in the list, we need to |
380 | * update the key used in the hashmap */ | |
381 | ||
382 | assert_se(hashmap_replace(c->by_key, rr->key, i) >= 0); | |
7e8e0422 LP |
383 | |
384 | dns_resource_record_ref(rr); | |
385 | dns_resource_record_unref(i->rr); | |
386 | i->rr = rr; | |
387 | ||
388 | dns_resource_key_unref(i->key); | |
389 | i->key = dns_resource_key_ref(rr->key); | |
390 | ||
d3760be0 | 391 | i->until = calculate_until(rr, (uint32_t) -1, timestamp, false); |
d2579eec LP |
392 | i->authenticated = authenticated; |
393 | i->shared_owner = shared_owner; | |
394 | ||
06d12754 LP |
395 | i->ifindex = ifindex; |
396 | ||
d2579eec LP |
397 | i->owner_family = owner_family; |
398 | i->owner_address = *owner_address; | |
7e8e0422 LP |
399 | |
400 | prioq_reshuffle(c->by_expiry, i, &i->prioq_idx); | |
401 | } | |
402 | ||
a4076574 LP |
403 | static int dns_cache_put_positive( |
404 | DnsCache *c, | |
405 | DnsResourceRecord *rr, | |
931851e8 | 406 | bool authenticated, |
d2579eec | 407 | bool shared_owner, |
a4076574 | 408 | usec_t timestamp, |
06d12754 | 409 | int ifindex, |
a4076574 LP |
410 | int owner_family, |
411 | const union in_addr_union *owner_address) { | |
412 | ||
322345fd | 413 | _cleanup_(dns_cache_item_freep) DnsCacheItem *i = NULL; |
7e8e0422 | 414 | DnsCacheItem *existing; |
202b76ae | 415 | char key_str[DNS_RESOURCE_KEY_STRING_MAX], ifname[IF_NAMESIZE]; |
a257f9d4 | 416 | int r, k; |
322345fd LP |
417 | |
418 | assert(c); | |
419 | assert(rr); | |
a4076574 | 420 | assert(owner_address); |
322345fd | 421 | |
222148b6 LP |
422 | /* Never cache pseudo RRs */ |
423 | if (dns_class_is_pseudo(rr->key->class)) | |
424 | return 0; | |
425 | if (dns_type_is_pseudo(rr->key->type)) | |
426 | return 0; | |
427 | ||
f5bdeb01 | 428 | /* New TTL is 0? Delete this specific entry... */ |
322345fd | 429 | if (rr->ttl <= 0) { |
f5bdeb01 | 430 | k = dns_cache_remove_by_rr(c, rr); |
202b76ae ZJS |
431 | log_debug("%s: %s", |
432 | k > 0 ? "Removed zero TTL entry from cache" : "Not caching zero TTL cache entry", | |
18665d1f | 433 | dns_resource_key_to_string(rr->key, key_str, sizeof key_str)); |
322345fd LP |
434 | return 0; |
435 | } | |
436 | ||
13e785f7 | 437 | /* Entry exists already? Update TTL, timestamp and owner */ |
322345fd LP |
438 | existing = dns_cache_get(c, rr); |
439 | if (existing) { | |
d2579eec LP |
440 | dns_cache_item_update_positive( |
441 | c, | |
442 | existing, | |
443 | rr, | |
444 | authenticated, | |
445 | shared_owner, | |
446 | timestamp, | |
06d12754 | 447 | ifindex, |
d2579eec LP |
448 | owner_family, |
449 | owner_address); | |
322345fd LP |
450 | return 0; |
451 | } | |
452 | ||
453 | /* Otherwise, add the new RR */ | |
623a4c97 | 454 | r = dns_cache_init(c); |
322345fd LP |
455 | if (r < 0) |
456 | return r; | |
457 | ||
7e8e0422 LP |
458 | dns_cache_make_space(c, 1); |
459 | ||
460 | i = new0(DnsCacheItem, 1); | |
461 | if (!i) | |
462 | return -ENOMEM; | |
463 | ||
464 | i->type = DNS_CACHE_POSITIVE; | |
465 | i->key = dns_resource_key_ref(rr->key); | |
466 | i->rr = dns_resource_record_ref(rr); | |
d3760be0 | 467 | i->until = calculate_until(rr, (uint32_t) -1, timestamp, false); |
d2579eec LP |
468 | i->authenticated = authenticated; |
469 | i->shared_owner = shared_owner; | |
06d12754 | 470 | i->ifindex = ifindex; |
a4076574 LP |
471 | i->owner_family = owner_family; |
472 | i->owner_address = *owner_address; | |
d2579eec | 473 | i->prioq_idx = PRIOQ_IDX_NULL; |
7e8e0422 LP |
474 | |
475 | r = dns_cache_link_item(c, i); | |
476 | if (r < 0) | |
477 | return r; | |
478 | ||
a257f9d4 | 479 | if (log_get_max_level() >= LOG_DEBUG) { |
202b76ae ZJS |
480 | _cleanup_free_ char *t = NULL; |
481 | ||
482 | (void) in_addr_to_string(i->owner_family, &i->owner_address, &t); | |
483 | ||
484 | log_debug("Added positive %s%s cache entry for %s "USEC_FMT"s on %s/%s/%s", | |
485 | i->authenticated ? "authenticated" : "unauthenticated", | |
486 | i->shared_owner ? " shared" : "", | |
487 | dns_resource_key_to_string(i->key, key_str, sizeof key_str), | |
488 | (i->until - timestamp) / USEC_PER_SEC, | |
489 | i->ifindex == 0 ? "*" : strna(if_indextoname(i->ifindex, ifname)), | |
490 | af_to_name_short(i->owner_family), | |
491 | strna(t)); | |
a257f9d4 | 492 | } |
6b34a6c9 | 493 | |
7e8e0422 LP |
494 | i = NULL; |
495 | return 0; | |
496 | } | |
497 | ||
a4076574 LP |
498 | static int dns_cache_put_negative( |
499 | DnsCache *c, | |
500 | DnsResourceKey *key, | |
501 | int rcode, | |
931851e8 | 502 | bool authenticated, |
d3760be0 | 503 | uint32_t nsec_ttl, |
a4076574 | 504 | usec_t timestamp, |
b211dc7e | 505 | DnsResourceRecord *soa, |
a4076574 LP |
506 | int owner_family, |
507 | const union in_addr_union *owner_address) { | |
508 | ||
7e8e0422 | 509 | _cleanup_(dns_cache_item_freep) DnsCacheItem *i = NULL; |
202b76ae | 510 | char key_str[DNS_RESOURCE_KEY_STRING_MAX]; |
7e8e0422 LP |
511 | int r; |
512 | ||
513 | assert(c); | |
514 | assert(key); | |
a4076574 | 515 | assert(owner_address); |
7e8e0422 | 516 | |
98b6be77 LP |
517 | /* Never cache pseudo RR keys. DNS_TYPE_ANY is particularly |
518 | * important to filter out as we use this as a pseudo-type for | |
519 | * NXDOMAIN entries */ | |
222148b6 | 520 | if (dns_class_is_pseudo(key->class)) |
ddf16339 | 521 | return 0; |
c33be4a6 | 522 | if (dns_type_is_pseudo(key->type)) |
ddf16339 | 523 | return 0; |
222148b6 | 524 | |
201d9958 LP |
525 | if (IN_SET(rcode, DNS_RCODE_SUCCESS, DNS_RCODE_NXDOMAIN)) { |
526 | if (!soa) | |
527 | return 0; | |
ddf16339 | 528 | |
201d9958 LP |
529 | /* For negative replies, check if we have a TTL of a SOA */ |
530 | if (nsec_ttl <= 0 || soa->soa.minimum <= 0 || soa->ttl <= 0) { | |
531 | log_debug("Not caching negative entry with zero SOA/NSEC/NSEC3 TTL: %s", | |
532 | dns_resource_key_to_string(key, key_str, sizeof key_str)); | |
533 | return 0; | |
534 | } | |
535 | } else if (rcode != DNS_RCODE_SERVFAIL) | |
7e8e0422 LP |
536 | return 0; |
537 | ||
623a4c97 | 538 | r = dns_cache_init(c); |
322345fd LP |
539 | if (r < 0) |
540 | return r; | |
541 | ||
542 | dns_cache_make_space(c, 1); | |
543 | ||
544 | i = new0(DnsCacheItem, 1); | |
545 | if (!i) | |
546 | return -ENOMEM; | |
547 | ||
201d9958 LP |
548 | i->type = |
549 | rcode == DNS_RCODE_SUCCESS ? DNS_CACHE_NODATA : | |
550 | rcode == DNS_RCODE_NXDOMAIN ? DNS_CACHE_NXDOMAIN : DNS_CACHE_RCODE; | |
551 | i->until = | |
552 | i->type == DNS_CACHE_RCODE ? timestamp + CACHE_TTL_STRANGE_RCODE_USEC : | |
553 | calculate_until(soa, nsec_ttl, timestamp, true); | |
d2579eec | 554 | i->authenticated = authenticated; |
a4076574 LP |
555 | i->owner_family = owner_family; |
556 | i->owner_address = *owner_address; | |
d2579eec | 557 | i->prioq_idx = PRIOQ_IDX_NULL; |
201d9958 | 558 | i->rcode = rcode; |
322345fd | 559 | |
71e13669 TG |
560 | if (i->type == DNS_CACHE_NXDOMAIN) { |
561 | /* NXDOMAIN entries should apply equally to all types, so we use ANY as | |
562 | * a pseudo type for this purpose here. */ | |
1c02e7ba | 563 | i->key = dns_resource_key_new(key->class, DNS_TYPE_ANY, dns_resource_key_name(key)); |
71e13669 TG |
564 | if (!i->key) |
565 | return -ENOMEM; | |
a5444ca9 LP |
566 | |
567 | /* Make sure to remove any previous entry for this | |
568 | * specific ANY key. (For non-ANY keys the cache data | |
569 | * is already cleared by the caller.) Note that we | |
570 | * don't bother removing positive or NODATA cache | |
571 | * items in this case, because it would either be slow | |
572 | * or require explicit indexing by name */ | |
573 | dns_cache_remove_by_key(c, key); | |
71e13669 TG |
574 | } else |
575 | i->key = dns_resource_key_ref(key); | |
576 | ||
7e8e0422 | 577 | r = dns_cache_link_item(c, i); |
322345fd LP |
578 | if (r < 0) |
579 | return r; | |
580 | ||
202b76ae | 581 | log_debug("Added %s cache entry for %s "USEC_FMT"s", |
201d9958 | 582 | dns_cache_item_type_to_string(i), |
202b76ae ZJS |
583 | dns_resource_key_to_string(i->key, key_str, sizeof key_str), |
584 | (i->until - timestamp) / USEC_PER_SEC); | |
6b34a6c9 | 585 | |
322345fd | 586 | i = NULL; |
322345fd LP |
587 | return 0; |
588 | } | |
589 | ||
d2579eec LP |
590 | static void dns_cache_remove_previous( |
591 | DnsCache *c, | |
592 | DnsResourceKey *key, | |
593 | DnsAnswer *answer) { | |
594 | ||
595 | DnsResourceRecord *rr; | |
596 | DnsAnswerFlags flags; | |
597 | ||
598 | assert(c); | |
599 | ||
600 | /* First, if we were passed a key (i.e. on LLMNR/DNS, but | |
601 | * not on mDNS), delete all matching old RRs, so that we only | |
602 | * keep complete by_key in place. */ | |
603 | if (key) | |
2dda578f | 604 | dns_cache_remove_by_key(c, key); |
d2579eec LP |
605 | |
606 | /* Second, flush all entries matching the answer, unless this | |
607 | * is an RR that is explicitly marked to be "shared" between | |
608 | * peers (i.e. mDNS RRs without the flush-cache bit set). */ | |
609 | DNS_ANSWER_FOREACH_FLAGS(rr, flags, answer) { | |
610 | if ((flags & DNS_ANSWER_CACHEABLE) == 0) | |
611 | continue; | |
612 | ||
613 | if (flags & DNS_ANSWER_SHARED_OWNER) | |
614 | continue; | |
615 | ||
2dda578f | 616 | dns_cache_remove_by_key(c, rr->key); |
d2579eec LP |
617 | } |
618 | } | |
619 | ||
f6618dcd LP |
620 | static bool rr_eligible(DnsResourceRecord *rr) { |
621 | assert(rr); | |
622 | ||
623 | /* When we see an NSEC/NSEC3 RR, we'll only cache it if it is from the lower zone, not the upper zone, since | |
624 | * that's where the interesting bits are (with exception of DS RRs). Of course, this way we cannot derive DS | |
625 | * existence from any cached NSEC/NSEC3, but that should be fine. */ | |
626 | ||
627 | switch (rr->key->type) { | |
628 | ||
629 | case DNS_TYPE_NSEC: | |
630 | return !bitmap_isset(rr->nsec.types, DNS_TYPE_NS) || | |
631 | bitmap_isset(rr->nsec.types, DNS_TYPE_SOA); | |
632 | ||
633 | case DNS_TYPE_NSEC3: | |
634 | return !bitmap_isset(rr->nsec3.types, DNS_TYPE_NS) || | |
635 | bitmap_isset(rr->nsec3.types, DNS_TYPE_SOA); | |
636 | ||
637 | default: | |
638 | return true; | |
639 | } | |
640 | } | |
641 | ||
a4076574 LP |
642 | int dns_cache_put( |
643 | DnsCache *c, | |
8e427d9b | 644 | DnsResourceKey *key, |
a4076574 LP |
645 | int rcode, |
646 | DnsAnswer *answer, | |
931851e8 | 647 | bool authenticated, |
d3760be0 | 648 | uint32_t nsec_ttl, |
a4076574 LP |
649 | usec_t timestamp, |
650 | int owner_family, | |
651 | const union in_addr_union *owner_address) { | |
652 | ||
02c2857b | 653 | DnsResourceRecord *soa = NULL, *rr; |
201d9958 | 654 | bool weird_rcode = false; |
105e1512 LP |
655 | DnsAnswerFlags flags; |
656 | unsigned cache_keys; | |
06d12754 | 657 | int r, ifindex; |
322345fd LP |
658 | |
659 | assert(c); | |
d2579eec | 660 | assert(owner_address); |
322345fd | 661 | |
d2579eec | 662 | dns_cache_remove_previous(c, key, answer); |
0ec7c46e | 663 | |
201d9958 LP |
664 | /* We only care for positive replies and NXDOMAINs, on all other replies we will simply flush the respective |
665 | * entries, and that's it. (Well, with one further exception: since some DNS zones (akamai!) return SERVFAIL | |
666 | * consistently for some lookups, and forwarders tend to propagate that we'll cache that too, but only for a | |
667 | * short time.) */ | |
6ff01a0d | 668 | |
201d9958 | 669 | if (IN_SET(rcode, DNS_RCODE_SUCCESS, DNS_RCODE_NXDOMAIN)) { |
c3cb6dc2 | 670 | |
201d9958 LP |
671 | if (dns_answer_size(answer) <= 0) { |
672 | char key_str[DNS_RESOURCE_KEY_STRING_MAX]; | |
673 | ||
674 | log_debug("Not caching negative entry without a SOA record: %s", | |
675 | dns_resource_key_to_string(key, key_str, sizeof key_str)); | |
676 | return 0; | |
677 | } | |
678 | ||
679 | } else { | |
680 | /* Only cache SERVFAIL as "weird" rcode for now. We can add more later, should that turn out to be | |
681 | * beneficial. */ | |
682 | if (rcode != DNS_RCODE_SERVFAIL) | |
683 | return 0; | |
684 | ||
685 | weird_rcode = true; | |
c3cb6dc2 | 686 | } |
0ec7c46e | 687 | |
ea207b63 | 688 | cache_keys = dns_answer_size(answer); |
8e427d9b | 689 | if (key) |
313cefa1 | 690 | cache_keys++; |
eff91ee0 | 691 | |
7e8e0422 | 692 | /* Make some space for our new entries */ |
eff91ee0 | 693 | dns_cache_make_space(c, cache_keys); |
322345fd | 694 | |
7e8e0422 | 695 | if (timestamp <= 0) |
240b589b | 696 | timestamp = now(clock_boottime_or_monotonic()); |
322345fd | 697 | |
7e8e0422 | 698 | /* Second, add in positive entries for all contained RRs */ |
06d12754 | 699 | DNS_ANSWER_FOREACH_FULL(rr, ifindex, flags, answer) { |
105e1512 LP |
700 | if ((flags & DNS_ANSWER_CACHEABLE) == 0) |
701 | continue; | |
702 | ||
f6618dcd LP |
703 | r = rr_eligible(rr); |
704 | if (r < 0) | |
705 | return r; | |
706 | if (r == 0) | |
707 | continue; | |
708 | ||
d2579eec LP |
709 | r = dns_cache_put_positive( |
710 | c, | |
711 | rr, | |
712 | flags & DNS_ANSWER_AUTHENTICATED, | |
713 | flags & DNS_ANSWER_SHARED_OWNER, | |
714 | timestamp, | |
06d12754 | 715 | ifindex, |
d2579eec | 716 | owner_family, owner_address); |
7e8e0422 LP |
717 | if (r < 0) |
718 | goto fail; | |
719 | } | |
720 | ||
d2579eec | 721 | if (!key) /* mDNS doesn't know negative caching, really */ |
eff91ee0 DM |
722 | return 0; |
723 | ||
8e427d9b | 724 | /* Third, add in negative entries if the key has no RR */ |
105e1512 | 725 | r = dns_answer_match_key(answer, key, NULL); |
8e427d9b TG |
726 | if (r < 0) |
727 | goto fail; | |
728 | if (r > 0) | |
729 | return 0; | |
7e8e0422 | 730 | |
5d27351f TG |
731 | /* But not if it has a matching CNAME/DNAME (the negative |
732 | * caching will be done on the canonical name, not on the | |
733 | * alias) */ | |
105e1512 | 734 | r = dns_answer_find_cname_or_dname(answer, key, NULL, NULL); |
5d27351f TG |
735 | if (r < 0) |
736 | goto fail; | |
737 | if (r > 0) | |
738 | return 0; | |
739 | ||
201d9958 LP |
740 | /* See https://tools.ietf.org/html/rfc2308, which say that a matching SOA record in the packet is used to |
741 | * enable negative caching. We apply one exception though: if we are about to cache a weird rcode we do so | |
742 | * regardless of a SOA. */ | |
fd009cd8 | 743 | r = dns_answer_find_soa(answer, key, &soa, &flags); |
8e427d9b TG |
744 | if (r < 0) |
745 | goto fail; | |
201d9958 | 746 | if (r == 0 && !weird_rcode) |
fd009cd8 | 747 | return 0; |
201d9958 LP |
748 | if (r > 0) { |
749 | /* Refuse using the SOA data if it is unsigned, but the key is | |
750 | * signed */ | |
751 | if (authenticated && (flags & DNS_ANSWER_AUTHENTICATED) == 0) | |
752 | return 0; | |
753 | } | |
fd009cd8 | 754 | |
d2579eec LP |
755 | r = dns_cache_put_negative( |
756 | c, | |
757 | key, | |
758 | rcode, | |
759 | authenticated, | |
d3760be0 | 760 | nsec_ttl, |
d2579eec | 761 | timestamp, |
b211dc7e | 762 | soa, |
d2579eec | 763 | owner_family, owner_address); |
8e427d9b TG |
764 | if (r < 0) |
765 | goto fail; | |
322345fd LP |
766 | |
767 | return 0; | |
768 | ||
769 | fail: | |
770 | /* Adding all RRs failed. Let's clean up what we already | |
771 | * added, just in case */ | |
772 | ||
8e427d9b | 773 | if (key) |
2dda578f | 774 | dns_cache_remove_by_key(c, key); |
eff91ee0 | 775 | |
105e1512 LP |
776 | DNS_ANSWER_FOREACH_FLAGS(rr, flags, answer) { |
777 | if ((flags & DNS_ANSWER_CACHEABLE) == 0) | |
778 | continue; | |
779 | ||
2dda578f | 780 | dns_cache_remove_by_key(c, rr->key); |
105e1512 | 781 | } |
322345fd LP |
782 | |
783 | return r; | |
784 | } | |
785 | ||
37da8931 | 786 | static DnsCacheItem *dns_cache_get_by_key_follow_cname_dname_nsec(DnsCache *c, DnsResourceKey *k) { |
58db254a LP |
787 | DnsCacheItem *i; |
788 | const char *n; | |
789 | int r; | |
5643c00a TG |
790 | |
791 | assert(c); | |
792 | assert(k); | |
793 | ||
58db254a LP |
794 | /* If we hit some OOM error, or suchlike, we don't care too |
795 | * much, after all this is just a cache */ | |
796 | ||
5643c00a | 797 | i = hashmap_get(c->by_key, k); |
d7ce6c94 | 798 | if (i) |
37da8931 LP |
799 | return i; |
800 | ||
1c02e7ba | 801 | n = dns_resource_key_name(k); |
37da8931 | 802 | |
71e13669 TG |
803 | /* Check if we have an NXDOMAIN cache item for the name, notice that we use |
804 | * the pseudo-type ANY for NXDOMAIN cache items. */ | |
805 | i = hashmap_get(c->by_key, &DNS_RESOURCE_KEY_CONST(k->class, DNS_TYPE_ANY, n)); | |
806 | if (i && i->type == DNS_CACHE_NXDOMAIN) | |
807 | return i; | |
808 | ||
d3c7e913 | 809 | if (dns_type_may_redirect(k->type)) { |
d7ce6c94 TG |
810 | /* Check if we have a CNAME record instead */ |
811 | i = hashmap_get(c->by_key, &DNS_RESOURCE_KEY_CONST(k->class, DNS_TYPE_CNAME, n)); | |
812 | if (i) | |
813 | return i; | |
5643c00a | 814 | |
d7ce6c94 TG |
815 | /* OK, let's look for cached DNAME records. */ |
816 | for (;;) { | |
d7ce6c94 TG |
817 | if (isempty(n)) |
818 | return NULL; | |
819 | ||
820 | i = hashmap_get(c->by_key, &DNS_RESOURCE_KEY_CONST(k->class, DNS_TYPE_DNAME, n)); | |
821 | if (i) | |
822 | return i; | |
58db254a | 823 | |
d7ce6c94 | 824 | /* Jump one label ahead */ |
950b692b | 825 | r = dns_name_parent(&n); |
d7ce6c94 TG |
826 | if (r <= 0) |
827 | return NULL; | |
828 | } | |
829 | } | |
5643c00a | 830 | |
950b692b | 831 | if (k->type != DNS_TYPE_NSEC) { |
d7ce6c94 TG |
832 | /* Check if we have an NSEC record instead for the name. */ |
833 | i = hashmap_get(c->by_key, &DNS_RESOURCE_KEY_CONST(k->class, DNS_TYPE_NSEC, n)); | |
58db254a LP |
834 | if (i) |
835 | return i; | |
58db254a LP |
836 | } |
837 | ||
838 | return NULL; | |
5643c00a TG |
839 | } |
840 | ||
17c8de63 | 841 | int dns_cache_lookup(DnsCache *c, DnsResourceKey *key, bool clamp_ttl, int *rcode, DnsAnswer **ret, bool *authenticated) { |
faa133f3 | 842 | _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL; |
202b76ae | 843 | char key_str[DNS_RESOURCE_KEY_STRING_MAX]; |
f52e61da | 844 | unsigned n = 0; |
322345fd | 845 | int r; |
7e8e0422 | 846 | bool nxdomain = false; |
931851e8 LP |
847 | DnsCacheItem *j, *first, *nsec = NULL; |
848 | bool have_authenticated = false, have_non_authenticated = false; | |
17c8de63 | 849 | usec_t current; |
201d9958 | 850 | int found_rcode = -1; |
322345fd LP |
851 | |
852 | assert(c); | |
f52e61da | 853 | assert(key); |
623a4c97 | 854 | assert(rcode); |
faa133f3 | 855 | assert(ret); |
931851e8 | 856 | assert(authenticated); |
322345fd | 857 | |
202b76ae | 858 | if (key->type == DNS_TYPE_ANY || key->class == DNS_CLASS_ANY) { |
931851e8 LP |
859 | /* If we have ANY lookups we don't use the cache, so |
860 | * that the caller refreshes via the network. */ | |
322345fd | 861 | |
202b76ae ZJS |
862 | log_debug("Ignoring cache for ANY lookup: %s", |
863 | dns_resource_key_to_string(key, key_str, sizeof key_str)); | |
6b34a6c9 | 864 | |
a150ff5e LP |
865 | c->n_miss++; |
866 | ||
f52e61da LP |
867 | *ret = NULL; |
868 | *rcode = DNS_RCODE_SUCCESS; | |
2d4a4e14 LP |
869 | *authenticated = false; |
870 | ||
f52e61da LP |
871 | return 0; |
872 | } | |
6b34a6c9 | 873 | |
37da8931 | 874 | first = dns_cache_get_by_key_follow_cname_dname_nsec(c, key); |
f52e61da LP |
875 | if (!first) { |
876 | /* If one question cannot be answered we need to refresh */ | |
ddf16339 | 877 | |
202b76ae ZJS |
878 | log_debug("Cache miss for %s", |
879 | dns_resource_key_to_string(key, key_str, sizeof key_str)); | |
6b34a6c9 | 880 | |
a150ff5e LP |
881 | c->n_miss++; |
882 | ||
f52e61da LP |
883 | *ret = NULL; |
884 | *rcode = DNS_RCODE_SUCCESS; | |
2d4a4e14 LP |
885 | *authenticated = false; |
886 | ||
f52e61da LP |
887 | return 0; |
888 | } | |
6b34a6c9 | 889 | |
f52e61da | 890 | LIST_FOREACH(by_key, j, first) { |
37da8931 LP |
891 | if (j->rr) { |
892 | if (j->rr->key->type == DNS_TYPE_NSEC) | |
931851e8 LP |
893 | nsec = j; |
894 | ||
f52e61da | 895 | n++; |
37da8931 | 896 | } else if (j->type == DNS_CACHE_NXDOMAIN) |
f52e61da | 897 | nxdomain = true; |
201d9958 LP |
898 | else if (j->type == DNS_CACHE_RCODE) |
899 | found_rcode = j->rcode; | |
931851e8 LP |
900 | |
901 | if (j->authenticated) | |
902 | have_authenticated = true; | |
903 | else | |
904 | have_non_authenticated = true; | |
f52e61da | 905 | } |
6b34a6c9 | 906 | |
201d9958 LP |
907 | if (found_rcode >= 0) { |
908 | log_debug("RCODE %s cache hit for %s", | |
909 | dns_rcode_to_string(found_rcode), | |
910 | dns_resource_key_to_string(key, key_str, sizeof(key_str))); | |
911 | ||
912 | *ret = NULL; | |
913 | *rcode = found_rcode; | |
914 | *authenticated = false; | |
915 | ||
916 | c->n_hit++; | |
917 | return 1; | |
918 | } | |
919 | ||
f6618dcd LP |
920 | if (nsec && !IN_SET(key->type, DNS_TYPE_NSEC, DNS_TYPE_DS)) { |
921 | /* Note that we won't derive information for DS RRs from an NSEC, because we only cache NSEC RRs from | |
922 | * the lower-zone of a zone cut, but the DS RRs are on the upper zone. */ | |
923 | ||
202b76ae ZJS |
924 | log_debug("NSEC NODATA cache hit for %s", |
925 | dns_resource_key_to_string(key, key_str, sizeof key_str)); | |
37da8931 LP |
926 | |
927 | /* We only found an NSEC record that matches our name. | |
a257f9d4 | 928 | * If it says the type doesn't exist report |
37da8931 LP |
929 | * NODATA. Otherwise report a cache miss. */ |
930 | ||
931 | *ret = NULL; | |
932 | *rcode = DNS_RCODE_SUCCESS; | |
931851e8 | 933 | *authenticated = nsec->authenticated; |
37da8931 | 934 | |
a150ff5e LP |
935 | if (!bitmap_isset(nsec->rr->nsec.types, key->type) && |
936 | !bitmap_isset(nsec->rr->nsec.types, DNS_TYPE_CNAME) && | |
937 | !bitmap_isset(nsec->rr->nsec.types, DNS_TYPE_DNAME)) { | |
938 | c->n_hit++; | |
939 | return 1; | |
940 | } | |
941 | ||
942 | c->n_miss++; | |
943 | return 0; | |
37da8931 LP |
944 | } |
945 | ||
202b76ae ZJS |
946 | log_debug("%s cache hit for %s", |
947 | n > 0 ? "Positive" : | |
948 | nxdomain ? "NXDOMAIN" : "NODATA", | |
949 | dns_resource_key_to_string(key, key_str, sizeof key_str)); | |
faa133f3 | 950 | |
7e8e0422 | 951 | if (n <= 0) { |
a150ff5e LP |
952 | c->n_hit++; |
953 | ||
7e8e0422 LP |
954 | *ret = NULL; |
955 | *rcode = nxdomain ? DNS_RCODE_NXDOMAIN : DNS_RCODE_SUCCESS; | |
931851e8 | 956 | *authenticated = have_authenticated && !have_non_authenticated; |
7e8e0422 LP |
957 | return 1; |
958 | } | |
faa133f3 LP |
959 | |
960 | answer = dns_answer_new(n); | |
961 | if (!answer) | |
962 | return -ENOMEM; | |
322345fd | 963 | |
17c8de63 LP |
964 | if (clamp_ttl) |
965 | current = now(clock_boottime_or_monotonic()); | |
966 | ||
f52e61da | 967 | LIST_FOREACH(by_key, j, first) { |
17c8de63 LP |
968 | _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL; |
969 | ||
f52e61da LP |
970 | if (!j->rr) |
971 | continue; | |
972 | ||
17c8de63 LP |
973 | if (clamp_ttl) { |
974 | rr = dns_resource_record_ref(j->rr); | |
975 | ||
976 | r = dns_resource_record_clamp_ttl(&rr, LESS_BY(j->until, current) / USEC_PER_SEC); | |
977 | if (r < 0) | |
978 | return r; | |
979 | } | |
980 | ||
981 | r = dns_answer_add(answer, rr ?: j->rr, j->ifindex, j->authenticated ? DNS_ANSWER_AUTHENTICATED : 0); | |
f52e61da LP |
982 | if (r < 0) |
983 | return r; | |
322345fd LP |
984 | } |
985 | ||
a150ff5e LP |
986 | c->n_hit++; |
987 | ||
faa133f3 | 988 | *ret = answer; |
7e8e0422 | 989 | *rcode = DNS_RCODE_SUCCESS; |
931851e8 | 990 | *authenticated = have_authenticated && !have_non_authenticated; |
faa133f3 LP |
991 | answer = NULL; |
992 | ||
993 | return n; | |
322345fd | 994 | } |
a4076574 LP |
995 | |
996 | int dns_cache_check_conflicts(DnsCache *cache, DnsResourceRecord *rr, int owner_family, const union in_addr_union *owner_address) { | |
997 | DnsCacheItem *i, *first; | |
998 | bool same_owner = true; | |
999 | ||
1000 | assert(cache); | |
1001 | assert(rr); | |
1002 | ||
1003 | dns_cache_prune(cache); | |
1004 | ||
1005 | /* See if there's a cache entry for the same key. If there | |
1006 | * isn't there's no conflict */ | |
1007 | first = hashmap_get(cache->by_key, rr->key); | |
1008 | if (!first) | |
1009 | return 0; | |
1010 | ||
1011 | /* See if the RR key is owned by the same owner, if so, there | |
1012 | * isn't a conflict either */ | |
1013 | LIST_FOREACH(by_key, i, first) { | |
1014 | if (i->owner_family != owner_family || | |
1015 | !in_addr_equal(owner_family, &i->owner_address, owner_address)) { | |
1016 | same_owner = false; | |
1017 | break; | |
1018 | } | |
1019 | } | |
1020 | if (same_owner) | |
1021 | return 0; | |
1022 | ||
1023 | /* See if there's the exact same RR in the cache. If yes, then | |
1024 | * there's no conflict. */ | |
1025 | if (dns_cache_get(cache, rr)) | |
1026 | return 0; | |
1027 | ||
1028 | /* There's a conflict */ | |
1029 | return 1; | |
1030 | } | |
4d506d6b | 1031 | |
7778dfff DM |
1032 | int dns_cache_export_shared_to_packet(DnsCache *cache, DnsPacket *p) { |
1033 | unsigned ancount = 0; | |
1034 | Iterator iterator; | |
1035 | DnsCacheItem *i; | |
1036 | int r; | |
1037 | ||
1038 | assert(cache); | |
261f3673 | 1039 | assert(p); |
7778dfff DM |
1040 | |
1041 | HASHMAP_FOREACH(i, cache->by_key, iterator) { | |
1042 | DnsCacheItem *j; | |
1043 | ||
1044 | LIST_FOREACH(by_key, j, i) { | |
7778dfff DM |
1045 | if (!j->rr) |
1046 | continue; | |
1047 | ||
d2579eec | 1048 | if (!j->shared_owner) |
7778dfff DM |
1049 | continue; |
1050 | ||
58ab31d5 | 1051 | r = dns_packet_append_rr(p, j->rr, 0, NULL, NULL); |
261f3673 DM |
1052 | if (r == -EMSGSIZE && p->protocol == DNS_PROTOCOL_MDNS) { |
1053 | /* For mDNS, if we're unable to stuff all known answers into the given packet, | |
1054 | * allocate a new one, push the RR into that one and link it to the current one. | |
1055 | */ | |
1056 | ||
1057 | DNS_PACKET_HEADER(p)->ancount = htobe16(ancount); | |
1058 | ancount = 0; | |
1059 | ||
1060 | r = dns_packet_new_query(&p->more, p->protocol, 0, true); | |
1061 | if (r < 0) | |
1062 | return r; | |
1063 | ||
1064 | /* continue with new packet */ | |
1065 | p = p->more; | |
58ab31d5 | 1066 | r = dns_packet_append_rr(p, j->rr, 0, NULL, NULL); |
261f3673 DM |
1067 | } |
1068 | ||
7778dfff DM |
1069 | if (r < 0) |
1070 | return r; | |
1071 | ||
313cefa1 | 1072 | ancount++; |
7778dfff DM |
1073 | } |
1074 | } | |
1075 | ||
1076 | DNS_PACKET_HEADER(p)->ancount = htobe16(ancount); | |
1077 | ||
1078 | return 0; | |
1079 | } | |
1080 | ||
4d506d6b LP |
1081 | void dns_cache_dump(DnsCache *cache, FILE *f) { |
1082 | Iterator iterator; | |
1083 | DnsCacheItem *i; | |
4d506d6b LP |
1084 | |
1085 | if (!cache) | |
1086 | return; | |
1087 | ||
1088 | if (!f) | |
1089 | f = stdout; | |
1090 | ||
1091 | HASHMAP_FOREACH(i, cache->by_key, iterator) { | |
1092 | DnsCacheItem *j; | |
1093 | ||
1094 | LIST_FOREACH(by_key, j, i) { | |
4d506d6b LP |
1095 | |
1096 | fputc('\t', f); | |
1097 | ||
1098 | if (j->rr) { | |
7b50eb2e LP |
1099 | const char *t; |
1100 | t = dns_resource_record_to_string(j->rr); | |
1101 | if (!t) { | |
4d506d6b LP |
1102 | log_oom(); |
1103 | continue; | |
1104 | } | |
1105 | ||
1106 | fputs(t, f); | |
1107 | fputc('\n', f); | |
1108 | } else { | |
202b76ae | 1109 | char key_str[DNS_RESOURCE_KEY_STRING_MAX]; |
4d506d6b | 1110 | |
202b76ae | 1111 | fputs(dns_resource_key_to_string(j->key, key_str, sizeof key_str), f); |
4d506d6b | 1112 | fputs(" -- ", f); |
201d9958 | 1113 | fputs(dns_cache_item_type_to_string(j), f); |
4d506d6b LP |
1114 | fputc('\n', f); |
1115 | } | |
1116 | } | |
1117 | } | |
1118 | } | |
1119 | ||
1120 | bool dns_cache_is_empty(DnsCache *cache) { | |
1121 | if (!cache) | |
1122 | return true; | |
1123 | ||
1124 | return hashmap_isempty(cache->by_key); | |
1125 | } | |
a150ff5e LP |
1126 | |
1127 | unsigned dns_cache_size(DnsCache *cache) { | |
1128 | if (!cache) | |
1129 | return 0; | |
1130 | ||
1131 | return hashmap_size(cache->by_key); | |
1132 | } |