]>
Commit | Line | Data |
---|---|---|
ec2c5e43 LP |
1 | #pragma once |
2 | ||
3 | /*** | |
4 | This file is part of systemd. | |
5 | ||
6 | Copyright 2014 Lennart Poettering | |
7 | ||
8 | systemd is free software; you can redistribute it and/or modify it | |
9 | under the terms of the GNU Lesser General Public License as published by | |
10 | the Free Software Foundation; either version 2.1 of the License, or | |
11 | (at your option) any later version. | |
12 | ||
13 | systemd is distributed in the hope that it will be useful, but | |
14 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
16 | Lesser General Public License for more details. | |
17 | ||
18 | You should have received a copy of the GNU Lesser General Public License | |
19 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
20 | ***/ | |
21 | ||
22 | typedef struct DnsTransaction DnsTransaction; | |
23 | typedef enum DnsTransactionState DnsTransactionState; | |
c3bc53e6 | 24 | typedef enum DnsTransactionSource DnsTransactionSource; |
ec2c5e43 LP |
25 | |
26 | enum DnsTransactionState { | |
27 | DNS_TRANSACTION_NULL, | |
28 | DNS_TRANSACTION_PENDING, | |
547973de | 29 | DNS_TRANSACTION_VALIDATING, |
3bbdc31d | 30 | DNS_TRANSACTION_RCODE_FAILURE, |
ec2c5e43 LP |
31 | DNS_TRANSACTION_SUCCESS, |
32 | DNS_TRANSACTION_NO_SERVERS, | |
33 | DNS_TRANSACTION_TIMEOUT, | |
34 | DNS_TRANSACTION_ATTEMPTS_MAX_REACHED, | |
35 | DNS_TRANSACTION_INVALID_REPLY, | |
7cc6ed7b | 36 | DNS_TRANSACTION_ERRNO, |
ec2c5e43 | 37 | DNS_TRANSACTION_ABORTED, |
547973de | 38 | DNS_TRANSACTION_DNSSEC_FAILED, |
b2b796b8 | 39 | DNS_TRANSACTION_NO_TRUST_ANCHOR, |
91adc4db | 40 | DNS_TRANSACTION_RR_TYPE_UNSUPPORTED, |
edbcc1fd | 41 | DNS_TRANSACTION_NETWORK_DOWN, |
0791110f | 42 | DNS_TRANSACTION_NOT_FOUND, /* like NXDOMAIN, but when LLMNR/TCP connections fail */ |
ec2c5e43 LP |
43 | _DNS_TRANSACTION_STATE_MAX, |
44 | _DNS_TRANSACTION_STATE_INVALID = -1 | |
45 | }; | |
46 | ||
547973de LP |
47 | #define DNS_TRANSACTION_IS_LIVE(state) IN_SET((state), DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING, DNS_TRANSACTION_VALIDATING) |
48 | ||
c3bc53e6 LP |
49 | enum DnsTransactionSource { |
50 | DNS_TRANSACTION_NETWORK, | |
51 | DNS_TRANSACTION_CACHE, | |
52 | DNS_TRANSACTION_ZONE, | |
0d2cd476 | 53 | DNS_TRANSACTION_TRUST_ANCHOR, |
c3bc53e6 LP |
54 | _DNS_TRANSACTION_SOURCE_MAX, |
55 | _DNS_TRANSACTION_SOURCE_INVALID = -1 | |
56 | }; | |
57 | ||
71d35b6b | 58 | #include "resolved-dns-answer.h" |
ec2c5e43 LP |
59 | #include "resolved-dns-packet.h" |
60 | #include "resolved-dns-question.h" | |
71d35b6b | 61 | #include "resolved-dns-scope.h" |
07f264e4 DM |
62 | #include "resolved-dns-server.h" |
63 | #include "resolved-dns-stream.h" | |
ec2c5e43 LP |
64 | |
65 | struct DnsTransaction { | |
66 | DnsScope *scope; | |
67 | ||
f52e61da | 68 | DnsResourceKey *key; |
ec2c5e43 LP |
69 | |
70 | DnsTransactionState state; | |
547973de | 71 | |
ec2c5e43 LP |
72 | uint16_t id; |
73 | ||
cbe4216d LP |
74 | bool tried_stream:1; |
75 | ||
a0c888c7 LP |
76 | bool initial_jitter_scheduled:1; |
77 | bool initial_jitter_elapsed:1; | |
6e068472 | 78 | |
17c8de63 LP |
79 | bool clamp_ttl:1; |
80 | ||
53fda2bb DR |
81 | bool probing:1; |
82 | ||
ec2c5e43 | 83 | DnsPacket *sent, *received; |
ae6a4bbf LP |
84 | |
85 | DnsAnswer *answer; | |
86 | int answer_rcode; | |
019036a4 | 87 | DnssecResult answer_dnssec_result; |
c3bc53e6 | 88 | DnsTransactionSource answer_source; |
d3760be0 | 89 | uint32_t answer_nsec_ttl; |
7cc6ed7b | 90 | int answer_errno; /* if state is DNS_TRANSACTION_ERRNO */ |
105e1512 LP |
91 | |
92 | /* Indicates whether the primary answer is authenticated, | |
93 | * i.e. whether the RRs from answer which directly match the | |
94 | * question are authenticated, or, if there are none, whether | |
95 | * the NODATA or NXDOMAIN case is. It says nothing about | |
96 | * additional RRs listed in the answer, however they have | |
97 | * their own DNS_ANSWER_AUTHORIZED FLAGS. Note that this bit | |
98 | * is defined different than the AD bit in DNS packets, as | |
99 | * that covers more than just the actual primary answer. */ | |
931851e8 | 100 | bool answer_authenticated; |
ec2c5e43 | 101 | |
105e1512 LP |
102 | /* Contains DNSKEY, DS, SOA RRs we already verified and need |
103 | * to authenticate this reply */ | |
547973de LP |
104 | DnsAnswer *validated_keys; |
105 | ||
9df3ba6c | 106 | usec_t start_usec; |
a9da14e1 | 107 | usec_t next_attempt_after; |
ec2c5e43 LP |
108 | sd_event_source *timeout_event_source; |
109 | unsigned n_attempts; | |
110 | ||
f32f0e57 | 111 | /* UDP connection logic, if we need it */ |
4667e00a LP |
112 | int dns_udp_fd; |
113 | sd_event_source *dns_udp_event_source; | |
d20b1667 | 114 | |
f32f0e57 LP |
115 | /* TCP connection logic, if we need it */ |
116 | DnsStream *stream; | |
117 | ||
4667e00a | 118 | /* The active server */ |
8300ba21 TG |
119 | DnsServer *server; |
120 | ||
547973de | 121 | /* The features of the DNS server at time of transaction start */ |
274b8748 | 122 | DnsServerFeatureLevel current_feature_level; |
be808ea0 | 123 | |
d001e0a3 LP |
124 | /* If we got SERVFAIL back, we retry the lookup, using a lower feature level than we used before. */ |
125 | DnsServerFeatureLevel clamp_feature_level; | |
126 | ||
801ad6a6 LP |
127 | /* Query candidates this transaction is referenced by and that |
128 | * shall be notified about this specific transaction | |
129 | * completing. */ | |
35aa04e9 | 130 | Set *notify_query_candidates, *notify_query_candidates_done; |
ec2c5e43 LP |
131 | |
132 | /* Zone items this transaction is referenced by and that shall | |
133 | * be notified about completion. */ | |
35aa04e9 | 134 | Set *notify_zone_items, *notify_zone_items_done; |
547973de LP |
135 | |
136 | /* Other transactions that this transactions is referenced by | |
137 | * and that shall be notified about completion. This is used | |
138 | * when transactions want to validate their RRsets, but need | |
139 | * another DNSKEY or DS RR to do so. */ | |
35aa04e9 | 140 | Set *notify_transactions, *notify_transactions_done; |
547973de LP |
141 | |
142 | /* The opposite direction: the transactions this transaction | |
143 | * created in order to request DNSKEY or DS RRs. */ | |
144 | Set *dnssec_transactions; | |
ec2c5e43 LP |
145 | |
146 | unsigned block_gc; | |
147 | ||
148 | LIST_FIELDS(DnsTransaction, transactions_by_scope); | |
149 | }; | |
150 | ||
f52e61da | 151 | int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsResourceKey *key); |
ec2c5e43 LP |
152 | DnsTransaction* dns_transaction_free(DnsTransaction *t); |
153 | ||
51e399bc | 154 | bool dns_transaction_gc(DnsTransaction *t); |
ec2c5e43 LP |
155 | int dns_transaction_go(DnsTransaction *t); |
156 | ||
157 | void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p); | |
158 | void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state); | |
159 | ||
547973de LP |
160 | void dns_transaction_notify(DnsTransaction *t, DnsTransaction *source); |
161 | int dns_transaction_validate_dnssec(DnsTransaction *t); | |
162 | int dns_transaction_request_dnssec_keys(DnsTransaction *t); | |
163 | ||
ec2c5e43 LP |
164 | const char* dns_transaction_state_to_string(DnsTransactionState p) _const_; |
165 | DnsTransactionState dns_transaction_state_from_string(const char *s) _pure_; | |
166 | ||
c3bc53e6 LP |
167 | const char* dns_transaction_source_to_string(DnsTransactionSource p) _const_; |
168 | DnsTransactionSource dns_transaction_source_from_string(const char *s) _pure_; | |
169 | ||
ec2c5e43 | 170 | /* LLMNR Jitter interval, see RFC 4795 Section 7 */ |
6e068472 | 171 | #define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC) |
ec2c5e43 | 172 | |
ea12bcc7 DM |
173 | /* mDNS Jitter interval, see RFC 6762 Section 5.2 */ |
174 | #define MDNS_JITTER_MIN_USEC (20 * USEC_PER_MSEC) | |
175 | #define MDNS_JITTER_RANGE_USEC (100 * USEC_PER_MSEC) | |
176 | ||
53fda2bb DR |
177 | /* mDNS probing interval, see RFC 6762 Section 8.1 */ |
178 | #define MDNS_PROBING_INTERVAL_USEC (250 * USEC_PER_MSEC) | |
179 | ||
ec2c5e43 | 180 | /* Maximum attempts to send DNS requests, across all DNS servers */ |
74a3ed74 | 181 | #define DNS_TRANSACTION_ATTEMPTS_MAX 24 |
ec2c5e43 LP |
182 | |
183 | /* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */ | |
184 | #define LLMNR_TRANSACTION_ATTEMPTS_MAX 3 | |
185 | ||
53fda2bb DR |
186 | /* Maximum attempts to send MDNS requests, see RFC 6762 Section 8.1 */ |
187 | #define MDNS_TRANSACTION_ATTEMPTS_MAX 3 | |
188 | ||
189 | #define TRANSACTION_ATTEMPTS_MAX(p) (((p) == DNS_PROTOCOL_LLMNR) ? \ | |
190 | LLMNR_TRANSACTION_ATTEMPTS_MAX : \ | |
191 | (((p) == DNS_PROTOCOL_MDNS) ? \ | |
192 | MDNS_TRANSACTION_ATTEMPTS_MAX : \ | |
193 | DNS_TRANSACTION_ATTEMPTS_MAX)) |