[thirdparty/systemd.git] / src / resolve / resolved-dns-transaction.h

#pragma once

/***
  This file is part of systemd.

  Copyright 2014 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

typedef struct DnsTransaction DnsTransaction;
typedef enum DnsTransactionState DnsTransactionState;
typedef enum DnsTransactionSource DnsTransactionSource;

enum DnsTransactionState {
        DNS_TRANSACTION_NULL,
        DNS_TRANSACTION_PENDING,
        DNS_TRANSACTION_VALIDATING,
        DNS_TRANSACTION_RCODE_FAILURE,
        DNS_TRANSACTION_SUCCESS,
        DNS_TRANSACTION_NO_SERVERS,
        DNS_TRANSACTION_TIMEOUT,
        DNS_TRANSACTION_ATTEMPTS_MAX_REACHED,
        DNS_TRANSACTION_INVALID_REPLY,
        DNS_TRANSACTION_ERRNO,
        DNS_TRANSACTION_ABORTED,
        DNS_TRANSACTION_DNSSEC_FAILED,
        DNS_TRANSACTION_NO_TRUST_ANCHOR,
        DNS_TRANSACTION_RR_TYPE_UNSUPPORTED,
        DNS_TRANSACTION_NETWORK_DOWN,
        DNS_TRANSACTION_NOT_FOUND, /* like NXDOMAIN, but when LLMNR/TCP connections fail */
        _DNS_TRANSACTION_STATE_MAX,
        _DNS_TRANSACTION_STATE_INVALID = -1
};

#define DNS_TRANSACTION_IS_LIVE(state) IN_SET((state), DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING, DNS_TRANSACTION_VALIDATING)

enum DnsTransactionSource {
        DNS_TRANSACTION_NETWORK,
        DNS_TRANSACTION_CACHE,
        DNS_TRANSACTION_ZONE,
        DNS_TRANSACTION_TRUST_ANCHOR,
        _DNS_TRANSACTION_SOURCE_MAX,
        _DNS_TRANSACTION_SOURCE_INVALID = -1
};

#include "resolved-dns-answer.h"
#include "resolved-dns-packet.h"
#include "resolved-dns-question.h"
#include "resolved-dns-scope.h"
#include "resolved-dns-server.h"
#include "resolved-dns-stream.h"

struct DnsTransaction {
        DnsScope *scope;

        DnsResourceKey *key;

        DnsTransactionState state;

        uint16_t id;

        bool tried_stream:1;

        bool initial_jitter_scheduled:1;
        bool initial_jitter_elapsed:1;

        bool clamp_ttl:1;

        bool probing:1;

        DnsPacket *sent, *received;

        DnsAnswer *answer;
        int answer_rcode;
        DnssecResult answer_dnssec_result;
        DnsTransactionSource answer_source;
        uint32_t answer_nsec_ttl;
        int answer_errno; /* if state is DNS_TRANSACTION_ERRNO */

        /* Indicates whether the primary answer is authenticated,
         * i.e. whether the RRs from answer which directly match the
         * question are authenticated, or, if there are none, whether
         * the NODATA or NXDOMAIN case is. It says nothing about
         * additional RRs listed in the answer, however they have
         * their own DNS_ANSWER_AUTHORIZED FLAGS. Note that this bit
         * is defined different than the AD bit in DNS packets, as
         * that covers more than just the actual primary answer. */
        bool answer_authenticated;

        /* Contains DNSKEY, DS, SOA RRs we already verified and need
         * to authenticate this reply */
        DnsAnswer *validated_keys;

        usec_t start_usec;
        usec_t next_attempt_after;
        sd_event_source *timeout_event_source;
        unsigned n_attempts;

        /* UDP connection logic, if we need it */
        int dns_udp_fd;
        sd_event_source *dns_udp_event_source;

        /* TCP connection logic, if we need it */
        DnsStream *stream;

        /* The active server */
        DnsServer *server;

        /* The features of the DNS server at time of transaction start */
        DnsServerFeatureLevel current_feature_level;

        /* If we got SERVFAIL back, we retry the lookup, using a lower feature level than we used before. */
        DnsServerFeatureLevel clamp_feature_level;

        /* Query candidates this transaction is referenced by and that
         * shall be notified about this specific transaction
         * completing. */
        Set *notify_query_candidates, *notify_query_candidates_done;

        /* Zone items this transaction is referenced by and that shall
         * be notified about completion. */
        Set *notify_zone_items, *notify_zone_items_done;

        /* Other transactions that this transactions is referenced by
         * and that shall be notified about completion. This is used
         * when transactions want to validate their RRsets, but need
         * another DNSKEY or DS RR to do so. */
        Set *notify_transactions, *notify_transactions_done;

        /* The opposite direction: the transactions this transaction
         * created in order to request DNSKEY or DS RRs. */
        Set *dnssec_transactions;

        unsigned block_gc;

        LIST_FIELDS(DnsTransaction, transactions_by_scope);
};

int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsResourceKey *key);
DnsTransaction* dns_transaction_free(DnsTransaction *t);

bool dns_transaction_gc(DnsTransaction *t);
int dns_transaction_go(DnsTransaction *t);

void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p);
void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state);

void dns_transaction_notify(DnsTransaction *t, DnsTransaction *source);
int dns_transaction_validate_dnssec(DnsTransaction *t);
int dns_transaction_request_dnssec_keys(DnsTransaction *t);

const char* dns_transaction_state_to_string(DnsTransactionState p) _const_;
DnsTransactionState dns_transaction_state_from_string(const char *s) _pure_;

const char* dns_transaction_source_to_string(DnsTransactionSource p) _const_;
DnsTransactionSource dns_transaction_source_from_string(const char *s) _pure_;

/* LLMNR Jitter interval, see RFC 4795 Section 7 */
#define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC)

/* mDNS Jitter interval, see RFC 6762 Section 5.2 */
#define MDNS_JITTER_MIN_USEC   (20 * USEC_PER_MSEC)
#define MDNS_JITTER_RANGE_USEC (100 * USEC_PER_MSEC)

/* mDNS probing interval, see RFC 6762 Section 8.1 */
#define MDNS_PROBING_INTERVAL_USEC (250 * USEC_PER_MSEC)

/* Maximum attempts to send DNS requests, across all DNS servers */
#define DNS_TRANSACTION_ATTEMPTS_MAX 24

/* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */
#define LLMNR_TRANSACTION_ATTEMPTS_MAX 3

/* Maximum attempts to send MDNS requests, see RFC 6762 Section 8.1 */
#define MDNS_TRANSACTION_ATTEMPTS_MAX 3

#define TRANSACTION_ATTEMPTS_MAX(p) (((p) == DNS_PROTOCOL_LLMNR) ? \
                                         LLMNR_TRANSACTION_ATTEMPTS_MAX : \
                                         (((p) == DNS_PROTOCOL_MDNS) ? \
                                             MDNS_TRANSACTION_ATTEMPTS_MAX : \
                                             DNS_TRANSACTION_ATTEMPTS_MAX))
Commit	Line	Data
ec2c5e43 LP	1	#pragma once
	2
	3	/***
	4	This file is part of systemd.
	5
	6	Copyright 2014 Lennart Poettering
	7
	8	systemd is free software; you can redistribute it and/or modify it
	9	under the terms of the GNU Lesser General Public License as published by
	10	the Free Software Foundation; either version 2.1 of the License, or
	11	(at your option) any later version.
	12
	13	systemd is distributed in the hope that it will be useful, but
	14	WITHOUT ANY WARRANTY; without even the implied warranty of
	15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	16	Lesser General Public License for more details.
	17
	18	You should have received a copy of the GNU Lesser General Public License
	19	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	20	***/
	21
	22	typedef struct DnsTransaction DnsTransaction;
	23	typedef enum DnsTransactionState DnsTransactionState;
c3bc53e6	24	typedef enum DnsTransactionSource DnsTransactionSource;
ec2c5e43 LP	25
	26	enum DnsTransactionState {
	27	DNS_TRANSACTION_NULL,
	28	DNS_TRANSACTION_PENDING,
547973de	29	DNS_TRANSACTION_VALIDATING,
3bbdc31d	30	DNS_TRANSACTION_RCODE_FAILURE,
ec2c5e43 LP	31	DNS_TRANSACTION_SUCCESS,
	32	DNS_TRANSACTION_NO_SERVERS,
	33	DNS_TRANSACTION_TIMEOUT,
	34	DNS_TRANSACTION_ATTEMPTS_MAX_REACHED,
	35	DNS_TRANSACTION_INVALID_REPLY,
7cc6ed7b	36	DNS_TRANSACTION_ERRNO,
ec2c5e43	37	DNS_TRANSACTION_ABORTED,
547973de	38	DNS_TRANSACTION_DNSSEC_FAILED,
b2b796b8	39	DNS_TRANSACTION_NO_TRUST_ANCHOR,
91adc4db	40	DNS_TRANSACTION_RR_TYPE_UNSUPPORTED,
edbcc1fd	41	DNS_TRANSACTION_NETWORK_DOWN,
0791110f	42	DNS_TRANSACTION_NOT_FOUND, /* like NXDOMAIN, but when LLMNR/TCP connections fail */
ec2c5e43 LP	43	_DNS_TRANSACTION_STATE_MAX,
	44	_DNS_TRANSACTION_STATE_INVALID = -1
	45	};
	46
547973de LP	47	#define DNS_TRANSACTION_IS_LIVE(state) IN_SET((state), DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING, DNS_TRANSACTION_VALIDATING)
547973de LP	48
c3bc53e6 LP	49	enum DnsTransactionSource {
	50	DNS_TRANSACTION_NETWORK,
	51	DNS_TRANSACTION_CACHE,
	52	DNS_TRANSACTION_ZONE,
0d2cd476	53	DNS_TRANSACTION_TRUST_ANCHOR,
c3bc53e6 LP	54	_DNS_TRANSACTION_SOURCE_MAX,
	55	_DNS_TRANSACTION_SOURCE_INVALID = -1
	56	};
	57
71d35b6b	58	#include "resolved-dns-answer.h"
ec2c5e43 LP	59	#include "resolved-dns-packet.h"
ec2c5e43 LP	60	#include "resolved-dns-question.h"
71d35b6b	61	#include "resolved-dns-scope.h"
07f264e4 DM	62	#include "resolved-dns-server.h"
07f264e4 DM	63	#include "resolved-dns-stream.h"
ec2c5e43 LP	64
	65	struct DnsTransaction {
	66	DnsScope *scope;
	67
f52e61da	68	DnsResourceKey *key;
ec2c5e43 LP	69
ec2c5e43 LP	70	DnsTransactionState state;
547973de	71
ec2c5e43 LP	72	uint16_t id;
ec2c5e43 LP	73
cbe4216d LP	74	bool tried_stream:1;
cbe4216d LP	75
a0c888c7 LP	76	bool initial_jitter_scheduled:1;
a0c888c7 LP	77	bool initial_jitter_elapsed:1;
6e068472	78
17c8de63 LP	79	bool clamp_ttl:1;
17c8de63 LP	80
53fda2bb DR	81	bool probing:1;
53fda2bb DR	82
ec2c5e43	83	DnsPacket sent, received;
ae6a4bbf LP	84
	85	DnsAnswer *answer;
	86	int answer_rcode;
019036a4	87	DnssecResult answer_dnssec_result;
c3bc53e6	88	DnsTransactionSource answer_source;
d3760be0	89	uint32_t answer_nsec_ttl;
7cc6ed7b	90	int answer_errno; /* if state is DNS_TRANSACTION_ERRNO */
105e1512 LP	91
	92	/* Indicates whether the primary answer is authenticated,
	93	* i.e. whether the RRs from answer which directly match the
	94	* question are authenticated, or, if there are none, whether
	95	* the NODATA or NXDOMAIN case is. It says nothing about
	96	* additional RRs listed in the answer, however they have
	97	* their own DNS_ANSWER_AUTHORIZED FLAGS. Note that this bit
	98	* is defined different than the AD bit in DNS packets, as
	99	* that covers more than just the actual primary answer. */
931851e8	100	bool answer_authenticated;
ec2c5e43	101
105e1512 LP	102	/* Contains DNSKEY, DS, SOA RRs we already verified and need
105e1512 LP	103	* to authenticate this reply */
547973de LP	104	DnsAnswer *validated_keys;
547973de LP	105
9df3ba6c	106	usec_t start_usec;
a9da14e1	107	usec_t next_attempt_after;
ec2c5e43 LP	108	sd_event_source *timeout_event_source;
	109	unsigned n_attempts;
	110
f32f0e57	111	/* UDP connection logic, if we need it */
4667e00a LP	112	int dns_udp_fd;
4667e00a LP	113	sd_event_source *dns_udp_event_source;
d20b1667	114
f32f0e57 LP	115	/* TCP connection logic, if we need it */
	116	DnsStream *stream;
	117
4667e00a	118	/* The active server */
8300ba21 TG	119	DnsServer *server;
8300ba21 TG	120
547973de	121	/* The features of the DNS server at time of transaction start */
274b8748	122	DnsServerFeatureLevel current_feature_level;
be808ea0	123
d001e0a3 LP	124	/* If we got SERVFAIL back, we retry the lookup, using a lower feature level than we used before. */
	125	DnsServerFeatureLevel clamp_feature_level;
	126
801ad6a6 LP	127	/* Query candidates this transaction is referenced by and that
	128	* shall be notified about this specific transaction
	129	* completing. */
35aa04e9	130	Set notify_query_candidates, notify_query_candidates_done;
ec2c5e43 LP	131
	132	/* Zone items this transaction is referenced by and that shall
	133	* be notified about completion. */
35aa04e9	134	Set notify_zone_items, notify_zone_items_done;
547973de LP	135
	136	/* Other transactions that this transactions is referenced by
	137	* and that shall be notified about completion. This is used
	138	* when transactions want to validate their RRsets, but need
	139	* another DNSKEY or DS RR to do so. */
35aa04e9	140	Set notify_transactions, notify_transactions_done;
547973de LP	141
	142	/* The opposite direction: the transactions this transaction
	143	* created in order to request DNSKEY or DS RRs. */
	144	Set *dnssec_transactions;
ec2c5e43 LP	145
	146	unsigned block_gc;
	147
	148	LIST_FIELDS(DnsTransaction, transactions_by_scope);
	149	};
	150
f52e61da	151	int dns_transaction_new(DnsTransaction *ret, DnsScope s, DnsResourceKey *key);
ec2c5e43 LP	152	DnsTransaction* dns_transaction_free(DnsTransaction *t);
ec2c5e43 LP	153
51e399bc	154	bool dns_transaction_gc(DnsTransaction *t);
ec2c5e43 LP	155	int dns_transaction_go(DnsTransaction *t);
	156
	157	void dns_transaction_process_reply(DnsTransaction t, DnsPacket p);
	158	void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state);
	159
547973de LP	160	void dns_transaction_notify(DnsTransaction t, DnsTransaction source);
	161	int dns_transaction_validate_dnssec(DnsTransaction *t);
	162	int dns_transaction_request_dnssec_keys(DnsTransaction *t);
	163
ec2c5e43 LP	164	const char* dns_transaction_state_to_string(DnsTransactionState p) _const_;
	165	DnsTransactionState dns_transaction_state_from_string(const char *s) _pure_;
	166
c3bc53e6 LP	167	const char* dns_transaction_source_to_string(DnsTransactionSource p) _const_;
	168	DnsTransactionSource dns_transaction_source_from_string(const char *s) _pure_;
	169
ec2c5e43	170	/* LLMNR Jitter interval, see RFC 4795 Section 7 */
6e068472	171	#define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC)
ec2c5e43	172
ea12bcc7 DM	173	/* mDNS Jitter interval, see RFC 6762 Section 5.2 */
	174	#define MDNS_JITTER_MIN_USEC (20 * USEC_PER_MSEC)
	175	#define MDNS_JITTER_RANGE_USEC (100 * USEC_PER_MSEC)
	176
53fda2bb DR	177	/* mDNS probing interval, see RFC 6762 Section 8.1 */
	178	#define MDNS_PROBING_INTERVAL_USEC (250 * USEC_PER_MSEC)
	179
ec2c5e43	180	/* Maximum attempts to send DNS requests, across all DNS servers */
74a3ed74	181	#define DNS_TRANSACTION_ATTEMPTS_MAX 24
ec2c5e43 LP	182
	183	/* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */
	184	#define LLMNR_TRANSACTION_ATTEMPTS_MAX 3
	185
53fda2bb DR	186	/* Maximum attempts to send MDNS requests, see RFC 6762 Section 8.1 */
	187	#define MDNS_TRANSACTION_ATTEMPTS_MAX 3
	188
	189	#define TRANSACTION_ATTEMPTS_MAX(p) (((p) == DNS_PROTOCOL_LLMNR) ? \
	190	LLMNR_TRANSACTION_ATTEMPTS_MAX : \
	191	(((p) == DNS_PROTOCOL_MDNS) ? \
	192	MDNS_TRANSACTION_ATTEMPTS_MAX : \
	193	DNS_TRANSACTION_ATTEMPTS_MAX))