[thirdparty/systemd.git] / src / resolve / resolved-dns-transaction.h

/* SPDX-License-Identifier: LGPL-2.1+ */
#pragma once

#include "sd-event.h"

typedef struct DnsTransaction DnsTransaction;
typedef enum DnsTransactionState DnsTransactionState;
typedef enum DnsTransactionSource DnsTransactionSource;

#include "resolved-dns-answer.h"
#include "resolved-dns-dnssec.h"
#include "resolved-dns-packet.h"
#include "resolved-dns-question.h"
#include "resolved-dns-server.h"

enum DnsTransactionState {
        DNS_TRANSACTION_NULL,
        DNS_TRANSACTION_PENDING,
        DNS_TRANSACTION_VALIDATING,
        DNS_TRANSACTION_RCODE_FAILURE,
        DNS_TRANSACTION_SUCCESS,
        DNS_TRANSACTION_NO_SERVERS,
        DNS_TRANSACTION_TIMEOUT,
        DNS_TRANSACTION_ATTEMPTS_MAX_REACHED,
        DNS_TRANSACTION_INVALID_REPLY,
        DNS_TRANSACTION_ERRNO,
        DNS_TRANSACTION_ABORTED,
        DNS_TRANSACTION_DNSSEC_FAILED,
        DNS_TRANSACTION_NO_TRUST_ANCHOR,
        DNS_TRANSACTION_RR_TYPE_UNSUPPORTED,
        DNS_TRANSACTION_NETWORK_DOWN,
        DNS_TRANSACTION_NOT_FOUND, /* like NXDOMAIN, but when LLMNR/TCP connections fail */
        _DNS_TRANSACTION_STATE_MAX,
        _DNS_TRANSACTION_STATE_INVALID = -1
};

#define DNS_TRANSACTION_IS_LIVE(state) IN_SET((state), DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING, DNS_TRANSACTION_VALIDATING)

enum DnsTransactionSource {
        DNS_TRANSACTION_NETWORK,
        DNS_TRANSACTION_CACHE,
        DNS_TRANSACTION_ZONE,
        DNS_TRANSACTION_TRUST_ANCHOR,
        _DNS_TRANSACTION_SOURCE_MAX,
        _DNS_TRANSACTION_SOURCE_INVALID = -1
};

struct DnsTransaction {
        DnsScope *scope;

        DnsResourceKey *key;

        DnsTransactionState state;

        uint16_t id;

        bool tried_stream:1;

        bool initial_jitter_scheduled:1;
        bool initial_jitter_elapsed:1;

        bool clamp_ttl:1;

        bool probing:1;

        DnsPacket *sent, *received;

        DnsAnswer *answer;
        int answer_rcode;
        DnssecResult answer_dnssec_result;
        DnsTransactionSource answer_source;
        uint32_t answer_nsec_ttl;
        int answer_errno; /* if state is DNS_TRANSACTION_ERRNO */

        /* Indicates whether the primary answer is authenticated,
         * i.e. whether the RRs from answer which directly match the
         * question are authenticated, or, if there are none, whether
         * the NODATA or NXDOMAIN case is. It says nothing about
         * additional RRs listed in the answer, however they have
         * their own DNS_ANSWER_AUTHORIZED FLAGS. Note that this bit
         * is defined different than the AD bit in DNS packets, as
         * that covers more than just the actual primary answer. */
        bool answer_authenticated;

        /* Contains DNSKEY, DS, SOA RRs we already verified and need
         * to authenticate this reply */
        DnsAnswer *validated_keys;

        usec_t start_usec;
        usec_t next_attempt_after;
        sd_event_source *timeout_event_source;
        unsigned n_attempts;

        unsigned n_picked_servers;

        /* UDP connection logic, if we need it */
        int dns_udp_fd;
        sd_event_source *dns_udp_event_source;

        /* TCP connection logic, if we need it */
        DnsStream *stream;

        /* The active server */
        DnsServer *server;

        /* The features of the DNS server at time of transaction start */
        DnsServerFeatureLevel current_feature_level;

        /* If we got SERVFAIL back, we retry the lookup, using a lower feature level than we used before. */
        DnsServerFeatureLevel clamp_feature_level;

        /* Query candidates this transaction is referenced by and that
         * shall be notified about this specific transaction
         * completing. */
        Set *notify_query_candidates, *notify_query_candidates_done;

        /* Zone items this transaction is referenced by and that shall
         * be notified about completion. */
        Set *notify_zone_items, *notify_zone_items_done;

        /* Other transactions that this transactions is referenced by
         * and that shall be notified about completion. This is used
         * when transactions want to validate their RRsets, but need
         * another DNSKEY or DS RR to do so. */
        Set *notify_transactions, *notify_transactions_done;

        /* The opposite direction: the transactions this transaction
         * created in order to request DNSKEY or DS RRs. */
        Set *dnssec_transactions;

        unsigned block_gc;

        LIST_FIELDS(DnsTransaction, transactions_by_scope);
        LIST_FIELDS(DnsTransaction, transactions_by_stream);
};

int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsResourceKey *key);
DnsTransaction* dns_transaction_free(DnsTransaction *t);

bool dns_transaction_gc(DnsTransaction *t);
DEFINE_TRIVIAL_CLEANUP_FUNC(DnsTransaction*, dns_transaction_gc);

int dns_transaction_go(DnsTransaction *t);

void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p);
void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state);

void dns_transaction_notify(DnsTransaction *t, DnsTransaction *source);
int dns_transaction_validate_dnssec(DnsTransaction *t);
int dns_transaction_request_dnssec_keys(DnsTransaction *t);

const char* dns_transaction_state_to_string(DnsTransactionState p) _const_;
DnsTransactionState dns_transaction_state_from_string(const char *s) _pure_;

const char* dns_transaction_source_to_string(DnsTransactionSource p) _const_;
DnsTransactionSource dns_transaction_source_from_string(const char *s) _pure_;

/* LLMNR Jitter interval, see RFC 4795 Section 7 */
#define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC)

/* mDNS Jitter interval, see RFC 6762 Section 5.2 */
#define MDNS_JITTER_MIN_USEC   (20 * USEC_PER_MSEC)
#define MDNS_JITTER_RANGE_USEC (100 * USEC_PER_MSEC)

/* mDNS probing interval, see RFC 6762 Section 8.1 */
#define MDNS_PROBING_INTERVAL_USEC (250 * USEC_PER_MSEC)

/* Maximum attempts to send DNS requests, across all DNS servers */
#define DNS_TRANSACTION_ATTEMPTS_MAX 24

/* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */
#define LLMNR_TRANSACTION_ATTEMPTS_MAX 3

/* Maximum attempts to send MDNS requests, see RFC 6762 Section 8.1 */
#define MDNS_TRANSACTION_ATTEMPTS_MAX 3

#define TRANSACTION_ATTEMPTS_MAX(p) (((p) == DNS_PROTOCOL_LLMNR) ? \
                                         LLMNR_TRANSACTION_ATTEMPTS_MAX : \
                                         (((p) == DNS_PROTOCOL_MDNS) ? \
                                             MDNS_TRANSACTION_ATTEMPTS_MAX : \
                                             DNS_TRANSACTION_ATTEMPTS_MAX))
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
ec2c5e43 LP	2	#pragma once
ec2c5e43 LP	3
be28f72d DDM	4	#include "sd-event.h"
be28f72d DDM	5
ec2c5e43 LP	6	typedef struct DnsTransaction DnsTransaction;
ec2c5e43 LP	7	typedef enum DnsTransactionState DnsTransactionState;
c3bc53e6	8	typedef enum DnsTransactionSource DnsTransactionSource;
ec2c5e43	9
be28f72d DDM	10	#include "resolved-dns-answer.h"
	11	#include "resolved-dns-dnssec.h"
	12	#include "resolved-dns-packet.h"
	13	#include "resolved-dns-question.h"
	14	#include "resolved-dns-server.h"
	15
ec2c5e43 LP	16	enum DnsTransactionState {
	17	DNS_TRANSACTION_NULL,
	18	DNS_TRANSACTION_PENDING,
547973de	19	DNS_TRANSACTION_VALIDATING,
3bbdc31d	20	DNS_TRANSACTION_RCODE_FAILURE,
ec2c5e43 LP	21	DNS_TRANSACTION_SUCCESS,
	22	DNS_TRANSACTION_NO_SERVERS,
	23	DNS_TRANSACTION_TIMEOUT,
	24	DNS_TRANSACTION_ATTEMPTS_MAX_REACHED,
	25	DNS_TRANSACTION_INVALID_REPLY,
7cc6ed7b	26	DNS_TRANSACTION_ERRNO,
ec2c5e43	27	DNS_TRANSACTION_ABORTED,
547973de	28	DNS_TRANSACTION_DNSSEC_FAILED,
b2b796b8	29	DNS_TRANSACTION_NO_TRUST_ANCHOR,
91adc4db	30	DNS_TRANSACTION_RR_TYPE_UNSUPPORTED,
edbcc1fd	31	DNS_TRANSACTION_NETWORK_DOWN,
0791110f	32	DNS_TRANSACTION_NOT_FOUND, /* like NXDOMAIN, but when LLMNR/TCP connections fail */
ec2c5e43 LP	33	_DNS_TRANSACTION_STATE_MAX,
	34	_DNS_TRANSACTION_STATE_INVALID = -1
	35	};
	36
547973de LP	37	#define DNS_TRANSACTION_IS_LIVE(state) IN_SET((state), DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING, DNS_TRANSACTION_VALIDATING)
547973de LP	38
c3bc53e6 LP	39	enum DnsTransactionSource {
	40	DNS_TRANSACTION_NETWORK,
	41	DNS_TRANSACTION_CACHE,
	42	DNS_TRANSACTION_ZONE,
0d2cd476	43	DNS_TRANSACTION_TRUST_ANCHOR,
c3bc53e6 LP	44	_DNS_TRANSACTION_SOURCE_MAX,
	45	_DNS_TRANSACTION_SOURCE_INVALID = -1
	46	};
	47
ec2c5e43 LP	48	struct DnsTransaction {
	49	DnsScope *scope;
	50
f52e61da	51	DnsResourceKey *key;
ec2c5e43 LP	52
ec2c5e43 LP	53	DnsTransactionState state;
547973de	54
ec2c5e43 LP	55	uint16_t id;
ec2c5e43 LP	56
cbe4216d LP	57	bool tried_stream:1;
cbe4216d LP	58
a0c888c7 LP	59	bool initial_jitter_scheduled:1;
a0c888c7 LP	60	bool initial_jitter_elapsed:1;
6e068472	61
17c8de63 LP	62	bool clamp_ttl:1;
17c8de63 LP	63
53fda2bb DR	64	bool probing:1;
53fda2bb DR	65
ec2c5e43	66	DnsPacket sent, received;
ae6a4bbf LP	67
	68	DnsAnswer *answer;
	69	int answer_rcode;
019036a4	70	DnssecResult answer_dnssec_result;
c3bc53e6	71	DnsTransactionSource answer_source;
d3760be0	72	uint32_t answer_nsec_ttl;
7cc6ed7b	73	int answer_errno; /* if state is DNS_TRANSACTION_ERRNO */
105e1512 LP	74
	75	/* Indicates whether the primary answer is authenticated,
	76	* i.e. whether the RRs from answer which directly match the
	77	* question are authenticated, or, if there are none, whether
	78	* the NODATA or NXDOMAIN case is. It says nothing about
	79	* additional RRs listed in the answer, however they have
	80	* their own DNS_ANSWER_AUTHORIZED FLAGS. Note that this bit
	81	* is defined different than the AD bit in DNS packets, as
	82	* that covers more than just the actual primary answer. */
931851e8	83	bool answer_authenticated;
ec2c5e43	84
105e1512 LP	85	/* Contains DNSKEY, DS, SOA RRs we already verified and need
105e1512 LP	86	* to authenticate this reply */
547973de LP	87	DnsAnswer *validated_keys;
547973de LP	88
9df3ba6c	89	usec_t start_usec;
a9da14e1	90	usec_t next_attempt_after;
ec2c5e43 LP	91	sd_event_source *timeout_event_source;
	92	unsigned n_attempts;
	93
44db02d0 LP	94	unsigned n_picked_servers;
44db02d0 LP	95
f32f0e57	96	/* UDP connection logic, if we need it */
4667e00a LP	97	int dns_udp_fd;
4667e00a LP	98	sd_event_source *dns_udp_event_source;
d20b1667	99
f32f0e57 LP	100	/* TCP connection logic, if we need it */
	101	DnsStream *stream;
	102
4667e00a	103	/* The active server */
8300ba21 TG	104	DnsServer *server;
8300ba21 TG	105
547973de	106	/* The features of the DNS server at time of transaction start */
274b8748	107	DnsServerFeatureLevel current_feature_level;
be808ea0	108
d001e0a3 LP	109	/* If we got SERVFAIL back, we retry the lookup, using a lower feature level than we used before. */
	110	DnsServerFeatureLevel clamp_feature_level;
	111
801ad6a6 LP	112	/* Query candidates this transaction is referenced by and that
	113	* shall be notified about this specific transaction
	114	* completing. */
35aa04e9	115	Set notify_query_candidates, notify_query_candidates_done;
ec2c5e43 LP	116
	117	/* Zone items this transaction is referenced by and that shall
	118	* be notified about completion. */
35aa04e9	119	Set notify_zone_items, notify_zone_items_done;
547973de LP	120
	121	/* Other transactions that this transactions is referenced by
	122	* and that shall be notified about completion. This is used
	123	* when transactions want to validate their RRsets, but need
	124	* another DNSKEY or DS RR to do so. */
35aa04e9	125	Set notify_transactions, notify_transactions_done;
547973de LP	126
	127	/* The opposite direction: the transactions this transaction
	128	* created in order to request DNSKEY or DS RRs. */
	129	Set *dnssec_transactions;
ec2c5e43 LP	130
	131	unsigned block_gc;
	132
	133	LIST_FIELDS(DnsTransaction, transactions_by_scope);
98767d75	134	LIST_FIELDS(DnsTransaction, transactions_by_stream);
ec2c5e43 LP	135	};
ec2c5e43 LP	136
f52e61da	137	int dns_transaction_new(DnsTransaction *ret, DnsScope s, DnsResourceKey *key);
ec2c5e43 LP	138	DnsTransaction* dns_transaction_free(DnsTransaction *t);
ec2c5e43 LP	139
51e399bc	140	bool dns_transaction_gc(DnsTransaction *t);
29bd6012 ZJS	141	DEFINE_TRIVIAL_CLEANUP_FUNC(DnsTransaction*, dns_transaction_gc);
29bd6012 ZJS	142
ec2c5e43 LP	143	int dns_transaction_go(DnsTransaction *t);
	144
	145	void dns_transaction_process_reply(DnsTransaction t, DnsPacket p);
	146	void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state);
	147
547973de LP	148	void dns_transaction_notify(DnsTransaction t, DnsTransaction source);
	149	int dns_transaction_validate_dnssec(DnsTransaction *t);
	150	int dns_transaction_request_dnssec_keys(DnsTransaction *t);
	151
ec2c5e43 LP	152	const char* dns_transaction_state_to_string(DnsTransactionState p) _const_;
	153	DnsTransactionState dns_transaction_state_from_string(const char *s) _pure_;
	154
c3bc53e6 LP	155	const char* dns_transaction_source_to_string(DnsTransactionSource p) _const_;
	156	DnsTransactionSource dns_transaction_source_from_string(const char *s) _pure_;
	157
ec2c5e43	158	/* LLMNR Jitter interval, see RFC 4795 Section 7 */
6e068472	159	#define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC)
ec2c5e43	160
ea12bcc7 DM	161	/* mDNS Jitter interval, see RFC 6762 Section 5.2 */
	162	#define MDNS_JITTER_MIN_USEC (20 * USEC_PER_MSEC)
	163	#define MDNS_JITTER_RANGE_USEC (100 * USEC_PER_MSEC)
	164
53fda2bb DR	165	/* mDNS probing interval, see RFC 6762 Section 8.1 */
	166	#define MDNS_PROBING_INTERVAL_USEC (250 * USEC_PER_MSEC)
	167
ec2c5e43	168	/* Maximum attempts to send DNS requests, across all DNS servers */
74a3ed74	169	#define DNS_TRANSACTION_ATTEMPTS_MAX 24
ec2c5e43 LP	170
	171	/* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */
	172	#define LLMNR_TRANSACTION_ATTEMPTS_MAX 3
	173
53fda2bb DR	174	/* Maximum attempts to send MDNS requests, see RFC 6762 Section 8.1 */
	175	#define MDNS_TRANSACTION_ATTEMPTS_MAX 3
	176
	177	#define TRANSACTION_ATTEMPTS_MAX(p) (((p) == DNS_PROTOCOL_LLMNR) ? \
	178	LLMNR_TRANSACTION_ATTEMPTS_MAX : \
	179	(((p) == DNS_PROTOCOL_MDNS) ? \
	180	MDNS_TRANSACTION_ATTEMPTS_MAX : \
	181	DNS_TRANSACTION_ATTEMPTS_MAX))