]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/resolve/resolved-dns-transaction.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
resolved: reference count the dns servers
[thirdparty/systemd.git] / src / resolve / resolved-dns-transaction.c
CommitLineData
ec2c5e43
LP		 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3/***
4 This file is part of systemd.
5
6 Copyright 2014 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
22#include "af-list.h"
23
22a37591 24#include "resolved-llmnr.h"
ec2c5e43 25#include "resolved-dns-transaction.h"
3df3e884 26#include "random-util.h"
ec2c5e43
LP		 27
28DnsTransaction* dns_transaction_free(DnsTransaction *t) {
29 DnsQuery *q;
30 DnsZoneItem *i;
31
32 if (!t)
33 return NULL;
34
35 sd_event_source_unref(t->timeout_event_source);
36
37 dns_question_unref(t->question);
38 dns_packet_unref(t->sent);
39 dns_packet_unref(t->received);
40 dns_answer_unref(t->cached);
41
42 dns_stream_free(t->stream);
43
44 if (t->scope) {
45 LIST_REMOVE(transactions_by_scope, t->scope->transactions, t);
46
47 if (t->id != 0)
48 hashmap_remove(t->scope->manager->dns_transactions, UINT_TO_PTR(t->id));
49 }
50
51 while ((q = set_steal_first(t->queries)))
52 set_remove(q->transactions, t);
53 set_free(t->queries);
54
55 while ((i = set_steal_first(t->zone_items)))
56 i->probe_transaction = NULL;
57 set_free(t->zone_items);
58
59 free(t);
60 return NULL;
61}
62
63DEFINE_TRIVIAL_CLEANUP_FUNC(DnsTransaction*, dns_transaction_free);
64
65void dns_transaction_gc(DnsTransaction *t) {
66 assert(t);
67
68 if (t->block_gc > 0)
69 return;
70
71 if (set_isempty(t->queries) && set_isempty(t->zone_items))
72 dns_transaction_free(t);
73}
74
75int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsQuestion *q) {
76 _cleanup_(dns_transaction_freep) DnsTransaction *t = NULL;
77 int r;
78
79 assert(ret);
80 assert(s);
81 assert(q);
82
d5099efc 83 r = hashmap_ensure_allocated(&s->manager->dns_transactions, NULL);
ec2c5e43
LP		 84 if (r < 0)
85 return r;
86
87 t = new0(DnsTransaction, 1);
88 if (!t)
89 return -ENOMEM;
90
91 t->question = dns_question_ref(q);
92
93 do
94 random_bytes(&t->id, sizeof(t->id));
95 while (t->id == 0 ||
96 hashmap_get(s->manager->dns_transactions, UINT_TO_PTR(t->id)));
97
98 r = hashmap_put(s->manager->dns_transactions, UINT_TO_PTR(t->id), t);
99 if (r < 0) {
100 t->id = 0;
101 return r;
102 }
103
104 LIST_PREPEND(transactions_by_scope, s->transactions, t);
105 t->scope = s;
106
107 if (ret)
108 *ret = t;
109
110 t = NULL;
111
112 return 0;
113}
114
115static void dns_transaction_stop(DnsTransaction *t) {
116 assert(t);
117
118 t->timeout_event_source = sd_event_source_unref(t->timeout_event_source);
119 t->stream = dns_stream_free(t->stream);
120}
121
122static void dns_transaction_tentative(DnsTransaction *t, DnsPacket *p) {
2fb3034c 123 _cleanup_free_ char *pretty = NULL;
ec2c5e43 124 DnsZoneItem *z;
ec2c5e43
LP		 125
126 assert(t);
127 assert(p);
128
129 if (manager_our_packet(t->scope->manager, p) != 0)
130 return;
131
2fb3034c
LP		 132 in_addr_to_string(p->family, &p->sender, &pretty);
133
134 log_debug("Transaction on scope %s on %s/%s got tentative packet from %s",
ec2c5e43
LP		 135 dns_protocol_to_string(t->scope->protocol),
136 t->scope->link ? t->scope->link->name : "*",
2fb3034c
LP		 137 t->scope->family == AF_UNSPEC ? "*" : af_to_name(t->scope->family),
138 pretty);
ec2c5e43 139
a4076574
LP		 140 /* RFC 4795, Section 4.1 says that the peer with the
141 * lexicographically smaller IP address loses */
4d91eec4
LP		 142 if (memcmp(&p->sender, &p->destination, FAMILY_ADDRESS_SIZE(p->family)) >= 0) {
143 log_debug("Peer has lexicographically larger IP address and thus lost in the conflict.");
a4076574
LP		 144 return;
145 }
146
4d91eec4 147 log_debug("We have the lexicographically larger IP address and thus lost in the conflict.");
a4076574 148
ec2c5e43 149 t->block_gc++;
3ef64445
LP		 150 while ((z = set_first(t->zone_items))) {
151 /* First, make sure the zone item drops the reference
152 * to us */
153 dns_zone_item_probe_stop(z);
154
155 /* Secondly, report this as conflict, so that we might
156 * look for a different hostname */
ec2c5e43 157 dns_zone_item_conflict(z);
3ef64445 158 }
ec2c5e43
LP		 159 t->block_gc--;
160
161 dns_transaction_gc(t);
162}
163
164void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state) {
165 DnsQuery *q;
166 DnsZoneItem *z;
167 Iterator i;
168
169 assert(t);
170 assert(!IN_SET(state, DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING));
e56187ca
LP		 171
172 if (!IN_SET(t->state, DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING))
173 return;
ec2c5e43
LP		 174
175 /* Note that this call might invalidate the query. Callers
176 * should hence not attempt to access the query or transaction
177 * after calling this function. */
178
179 log_debug("Transaction on scope %s on %s/%s now complete with <%s>",
180 dns_protocol_to_string(t->scope->protocol),
181 t->scope->link ? t->scope->link->name : "*",
182 t->scope->family == AF_UNSPEC ? "*" : af_to_name(t->scope->family),
183 dns_transaction_state_to_string(state));
184
185 t->state = state;
186
187 dns_transaction_stop(t);
188
189 /* Notify all queries that are interested, but make sure the
190 * transaction isn't freed while we are still looking at it */
191 t->block_gc++;
192 SET_FOREACH(q, t->queries, i)
193 dns_query_ready(q);
194 SET_FOREACH(z, t->zone_items, i)
195 dns_zone_item_ready(z);
196 t->block_gc--;
197
198 dns_transaction_gc(t);
199}
200
201static int on_stream_complete(DnsStream *s, int error) {
202 _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
203 DnsTransaction *t;
204
205 assert(s);
206 assert(s->transaction);
207
208 /* Copy the data we care about out of the stream before we
209 * destroy it. */
210 t = s->transaction;
211 p = dns_packet_ref(s->read_packet);
212
213 t->stream = dns_stream_free(t->stream);
214
215 if (error != 0) {
216 dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
217 return 0;
218 }
219
a4076574
LP		 220 if (dns_packet_validate_reply(p) <= 0) {
221 log_debug("Invalid LLMNR TCP packet.");
222 dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
223 return 0;
224 }
225
226 dns_scope_check_conflicts(t->scope, p);
227
ec2c5e43
LP		 228 t->block_gc++;
229 dns_transaction_process_reply(t, p);
230 t->block_gc--;
231
232 /* If the response wasn't useful, then complete the transition now */
233 if (t->state == DNS_TRANSACTION_PENDING)
234 dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
235
236 return 0;
237}
238
239static int dns_transaction_open_tcp(DnsTransaction *t) {
240 _cleanup_close_ int fd = -1;
241 int r;
242
243 assert(t);
244
245 if (t->stream)
246 return 0;
247
248 if (t->scope->protocol == DNS_PROTOCOL_DNS)
249 fd = dns_scope_tcp_socket(t->scope, AF_UNSPEC, NULL, 53);
250 else if (t->scope->protocol == DNS_PROTOCOL_LLMNR) {
251
252 /* When we already received a query to this (but it was truncated), send to its sender address */
253 if (t->received)
254 fd = dns_scope_tcp_socket(t->scope, t->received->family, &t->received->sender, t->received->sender_port);
255 else {
256 union in_addr_union address;
a7f7d1bd 257 int family = AF_UNSPEC;
ec2c5e43
LP		 258
259 /* Otherwise, try to talk to the owner of a
260 * the IP address, in case this is a reverse
261 * PTR lookup */
262 r = dns_question_extract_reverse_address(t->question, &family, &address);
263 if (r < 0)
264 return r;
265 if (r == 0)
266 return -EINVAL;
267
22a37591 268 fd = dns_scope_tcp_socket(t->scope, family, &address, LLMNR_PORT);
ec2c5e43
LP		 269 }
270 } else
271 return -EAFNOSUPPORT;
272
273 if (fd < 0)
274 return fd;
275
276 r = dns_stream_new(t->scope->manager, &t->stream, t->scope->protocol, fd);
277 if (r < 0)
278 return r;
279
280 fd = -1;
281
282 r = dns_stream_write_packet(t->stream, t->sent);
283 if (r < 0) {
284 t->stream = dns_stream_free(t->stream);
285 return r;
286 }
287
288 t->received = dns_packet_unref(t->received);
289 t->stream->complete = on_stream_complete;
290 t->stream->transaction = t;
291
292 /* The interface index is difficult to determine if we are
293 * connecting to the local host, hence fill this in right away
294 * instead of determining it from the socket */
295 if (t->scope->link)
296 t->stream->ifindex = t->scope->link->ifindex;
297
298 return 0;
299}
300
301void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p) {
302 int r;
303
304 assert(t);
305 assert(p);
306 assert(t->state == DNS_TRANSACTION_PENDING);
307
308 /* Note that this call might invalidate the query. Callers
309 * should hence not attempt to access the query or transaction
310 * after calling this function. */
311
312 if (t->scope->protocol == DNS_PROTOCOL_LLMNR) {
313 assert(t->scope->link);
314
315 /* For LLMNR we will not accept any packets from other
316 * interfaces */
317
318 if (p->ifindex != t->scope->link->ifindex)
319 return;
320
321 if (p->family != t->scope->family)
322 return;
323
324 /* Tentative packets are not full responses but still
325 * useful for identifying uniqueness conflicts during
326 * probing. */
8b757a38 327 if (DNS_PACKET_LLMNR_T(p)) {
ec2c5e43
LP		 328 dns_transaction_tentative(t, p);
329 return;
330 }
331 }
332
333 if (t->scope->protocol == DNS_PROTOCOL_DNS) {
334
335 /* For DNS we are fine with accepting packets on any
336 * interface, but the source IP address must be one of
337 * a valid DNS server */
338
339 if (!dns_scope_good_dns_server(t->scope, p->family, &p->sender))
340 return;
341
342 if (p->sender_port != 53)
343 return;
344 }
345
346 if (t->received != p) {
347 dns_packet_unref(t->received);
348 t->received = dns_packet_ref(p);
349 }
350
351 if (p->ipproto == IPPROTO_TCP) {
352 if (DNS_PACKET_TC(p)) {
353 /* Truncated via TCP? Somebody must be fucking with us */
354 dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
355 return;
356 }
357
358 if (DNS_PACKET_ID(p) != t->id) {
359 /* Not the reply to our query? Somebody must be fucking with us */
360 dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
361 return;
362 }
363 }
364
365 if (DNS_PACKET_TC(p)) {
366 /* Response was truncated, let's try again with good old TCP */
367 r = dns_transaction_open_tcp(t);
368 if (r == -ESRCH) {
369 /* No servers found? Damn! */
370 dns_transaction_complete(t, DNS_TRANSACTION_NO_SERVERS);
371 return;
372 }
373 if (r < 0) {
374 /* On LLMNR, if we cannot connect to the host,
375 * we immediately give up */
376 if (t->scope->protocol == DNS_PROTOCOL_LLMNR) {
377 dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
378 return;
379 }
380
381 /* On DNS, couldn't send? Try immediately again, with a new server */
382 dns_scope_next_dns_server(t->scope);
383
384 r = dns_transaction_go(t);
385 if (r < 0) {
386 dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
387 return;
388 }
389
390 return;
391 }
392 }
393
394 /* Parse and update the cache */
395 r = dns_packet_extract(p);
396 if (r < 0) {
397 dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
398 return;
399 }
400
401 /* According to RFC 4795, section 2.9. only the RRs from the answer section shall be cached */
a4076574 402 dns_cache_put(&t->scope->cache, p->question, DNS_PACKET_RCODE(p), p->answer, DNS_PACKET_ANCOUNT(p), 0, p->family, &p->sender);
ec2c5e43
LP		 403
404 if (DNS_PACKET_RCODE(p) == DNS_RCODE_SUCCESS)
405 dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS);
406 else
407 dns_transaction_complete(t, DNS_TRANSACTION_FAILURE);
408}
409
410static int on_transaction_timeout(sd_event_source *s, usec_t usec, void *userdata) {
411 DnsTransaction *t = userdata;
412 int r;
413
414 assert(s);
415 assert(t);
416
417 /* Timeout reached? Try again, with a new server */
418 dns_scope_next_dns_server(t->scope);
419
420 r = dns_transaction_go(t);
421 if (r < 0)
422 dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
423
424 return 0;
425}
426
427static int dns_transaction_make_packet(DnsTransaction *t) {
428 _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
429 unsigned n, added = 0;
430 int r;
431
432 assert(t);
433
434 if (t->sent)
435 return 0;
436
437 r = dns_packet_new_query(&p, t->scope->protocol, 0);
438 if (r < 0)
439 return r;
440
441 for (n = 0; n < t->question->n_keys; n++) {
442 r = dns_scope_good_key(t->scope, t->question->keys[n]);
443 if (r < 0)
444 return r;
445 if (r == 0)
446 continue;
447
448 r = dns_packet_append_key(p, t->question->keys[n], NULL);
449 if (r < 0)
450 return r;
451
452 added++;
453 }
454
455 if (added <= 0)
456 return -EDOM;
457
458 DNS_PACKET_HEADER(p)->qdcount = htobe16(added);
459 DNS_PACKET_HEADER(p)->id = t->id;
460
461 t->sent = p;
462 p = NULL;
463
464 return 0;
465}
466
467int dns_transaction_go(DnsTransaction *t) {
468 bool had_stream;
469 int r;
470
471 assert(t);
472
473 had_stream = !!t->stream;
474
475 dns_transaction_stop(t);
476
e56187ca 477 log_debug("Excercising transaction on scope %s on %s/%s",
ec2c5e43
LP		 478 dns_protocol_to_string(t->scope->protocol),
479 t->scope->link ? t->scope->link->name : "*",
480 t->scope->family == AF_UNSPEC ? "*" : af_to_name(t->scope->family));
481
482 if (t->n_attempts >= TRANSACTION_ATTEMPTS_MAX(t->scope->protocol)) {
483 dns_transaction_complete(t, DNS_TRANSACTION_ATTEMPTS_MAX_REACHED);
484 return 0;
485 }
486
487 if (t->scope->protocol == DNS_PROTOCOL_LLMNR && had_stream) {
488 /* If we already tried via a stream, then we don't
489 * retry on LLMNR. See RFC 4795, Section 2.7. */
490 dns_transaction_complete(t, DNS_TRANSACTION_ATTEMPTS_MAX_REACHED);
491 return 0;
492 }
493
494 t->n_attempts++;
495 t->received = dns_packet_unref(t->received);
496 t->cached = dns_answer_unref(t->cached);
497 t->cached_rcode = 0;
498
4d926a69
LP		 499 /* Check the cache, but only if this transaction is not used
500 * for probing or verifying a zone item. */
501 if (set_isempty(t->zone_items)) {
2c27fbca 502
4d926a69
LP		 503 /* Before trying the cache, let's make sure we figured out a
504 * server to use. Should this cause a change of server this
505 * might flush the cache. */
506 dns_scope_get_dns_server(t->scope);
2c27fbca 507
4d926a69
LP		 508 /* Let's then prune all outdated entries */
509 dns_cache_prune(&t->scope->cache);
510
511 r = dns_cache_lookup(&t->scope->cache, t->question, &t->cached_rcode, &t->cached);
512 if (r < 0)
513 return r;
514 if (r > 0) {
515 log_debug("Cache hit!");
516 if (t->cached_rcode == DNS_RCODE_SUCCESS)
517 dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS);
518 else
519 dns_transaction_complete(t, DNS_TRANSACTION_FAILURE);
520 return 0;
521 }
ec2c5e43
LP		 522 }
523
6e068472
LP		 524 if (t->scope->protocol == DNS_PROTOCOL_LLMNR && !t->initial_jitter) {
525 usec_t jitter;
526
527 /* RFC 4795 Section 2.7 suggests all queries should be
528 * delayed by a random time from 0 to JITTER_INTERVAL. */
529
530 t->initial_jitter = true;
531
532 random_bytes(&jitter, sizeof(jitter));
533 jitter %= LLMNR_JITTER_INTERVAL_USEC;
534
535 r = sd_event_add_time(
536 t->scope->manager->event,
537 &t->timeout_event_source,
538 clock_boottime_or_monotonic(),
a4076574
LP		 539 now(clock_boottime_or_monotonic()) + jitter,
540 LLMNR_JITTER_INTERVAL_USEC,
6e068472
LP		 541 on_transaction_timeout, t);
542 if (r < 0)
543 return r;
544
545 t->n_attempts = 0;
546 t->state = DNS_TRANSACTION_PENDING;
547
548 log_debug("Delaying LLMNR transaction for " USEC_FMT "us.", jitter);
549 return 0;
550 }
551
2c27fbca
LP		 552 log_debug("Cache miss!");
553
ec2c5e43
LP		 554 /* Otherwise, we need to ask the network */
555 r = dns_transaction_make_packet(t);
556 if (r == -EDOM) {
557 /* Not the right request to make on this network?
558 * (i.e. an A request made on IPv6 or an AAAA request
559 * made on IPv4, on LLMNR or mDNS.) */
560 dns_transaction_complete(t, DNS_TRANSACTION_NO_SERVERS);
561 return 0;
562 }
563 if (r < 0)
564 return r;
565
566 if (t->scope->protocol == DNS_PROTOCOL_LLMNR &&
567 (dns_question_endswith(t->question, "in-addr.arpa") > 0 ||
568 dns_question_endswith(t->question, "ip6.arpa") > 0)) {
569
570 /* RFC 4795, Section 2.4. says reverse lookups shall
571 * always be made via TCP on LLMNR */
572 r = dns_transaction_open_tcp(t);
573 } else {
574 /* Try via UDP, and if that fails due to large size try via TCP */
a4076574 575 r = dns_scope_emit(t->scope, t->sent);
ec2c5e43
LP		 576 if (r == -EMSGSIZE)
577 r = dns_transaction_open_tcp(t);
578 }
579 if (r == -ESRCH) {
580 /* No servers to send this to? */
581 dns_transaction_complete(t, DNS_TRANSACTION_NO_SERVERS);
582 return 0;
583 }
584 if (r < 0) {
13b551ac
LP		 585 if (t->scope->protocol != DNS_PROTOCOL_DNS) {
586 dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
587 return 0;
588 }
589
ec2c5e43
LP		 590 /* Couldn't send? Try immediately again, with a new server */
591 dns_scope_next_dns_server(t->scope);
592
593 return dns_transaction_go(t);
594 }
595
9a015429
LP		 596 r = sd_event_add_time(
597 t->scope->manager->event,
598 &t->timeout_event_source,
599 clock_boottime_or_monotonic(),
600 now(clock_boottime_or_monotonic()) + TRANSACTION_TIMEOUT_USEC(t->scope->protocol), 0,
601 on_transaction_timeout, t);
ec2c5e43
LP		 602 if (r < 0)
603 return r;
604
605 t->state = DNS_TRANSACTION_PENDING;
606 return 1;
607}
608
609static const char* const dns_transaction_state_table[_DNS_TRANSACTION_STATE_MAX] = {
610 [DNS_TRANSACTION_NULL] = "null",
611 [DNS_TRANSACTION_PENDING] = "pending",
612 [DNS_TRANSACTION_FAILURE] = "failure",
613 [DNS_TRANSACTION_SUCCESS] = "success",
614 [DNS_TRANSACTION_NO_SERVERS] = "no-servers",
615 [DNS_TRANSACTION_TIMEOUT] = "timeout",
616 [DNS_TRANSACTION_ATTEMPTS_MAX_REACHED] = "attempts-max-reached",
617 [DNS_TRANSACTION_INVALID_REPLY] = "invalid-reply",
618 [DNS_TRANSACTION_RESOURCES] = "resources",
619 [DNS_TRANSACTION_ABORTED] = "aborted",
620};
621DEFINE_STRING_TABLE_LOOKUP(dns_transaction_state, DnsTransactionState);
Unnamed repository; edit this file 'description' to name the repository.