]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
ec2c5e43 LP |
2 | #pragma once |
3 | ||
be28f72d DDM |
4 | #include "sd-event.h" |
5 | ||
ec2c5e43 LP |
6 | typedef struct DnsTransaction DnsTransaction; |
7 | typedef enum DnsTransactionState DnsTransactionState; | |
c3bc53e6 | 8 | typedef enum DnsTransactionSource DnsTransactionSource; |
ec2c5e43 | 9 | |
be28f72d DDM |
10 | #include "resolved-dns-answer.h" |
11 | #include "resolved-dns-dnssec.h" | |
12 | #include "resolved-dns-packet.h" | |
13 | #include "resolved-dns-question.h" | |
14 | #include "resolved-dns-server.h" | |
15 | ||
ec2c5e43 LP |
16 | enum DnsTransactionState { |
17 | DNS_TRANSACTION_NULL, | |
18 | DNS_TRANSACTION_PENDING, | |
547973de | 19 | DNS_TRANSACTION_VALIDATING, |
3bbdc31d | 20 | DNS_TRANSACTION_RCODE_FAILURE, |
ec2c5e43 LP |
21 | DNS_TRANSACTION_SUCCESS, |
22 | DNS_TRANSACTION_NO_SERVERS, | |
23 | DNS_TRANSACTION_TIMEOUT, | |
24 | DNS_TRANSACTION_ATTEMPTS_MAX_REACHED, | |
25 | DNS_TRANSACTION_INVALID_REPLY, | |
7cc6ed7b | 26 | DNS_TRANSACTION_ERRNO, |
ec2c5e43 | 27 | DNS_TRANSACTION_ABORTED, |
547973de | 28 | DNS_TRANSACTION_DNSSEC_FAILED, |
b2b796b8 | 29 | DNS_TRANSACTION_NO_TRUST_ANCHOR, |
91adc4db | 30 | DNS_TRANSACTION_RR_TYPE_UNSUPPORTED, |
edbcc1fd | 31 | DNS_TRANSACTION_NETWORK_DOWN, |
0791110f | 32 | DNS_TRANSACTION_NOT_FOUND, /* like NXDOMAIN, but when LLMNR/TCP connections fail */ |
ec2c5e43 LP |
33 | _DNS_TRANSACTION_STATE_MAX, |
34 | _DNS_TRANSACTION_STATE_INVALID = -1 | |
35 | }; | |
36 | ||
547973de LP |
37 | #define DNS_TRANSACTION_IS_LIVE(state) IN_SET((state), DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING, DNS_TRANSACTION_VALIDATING) |
38 | ||
c3bc53e6 LP |
39 | enum DnsTransactionSource { |
40 | DNS_TRANSACTION_NETWORK, | |
41 | DNS_TRANSACTION_CACHE, | |
42 | DNS_TRANSACTION_ZONE, | |
0d2cd476 | 43 | DNS_TRANSACTION_TRUST_ANCHOR, |
c3bc53e6 LP |
44 | _DNS_TRANSACTION_SOURCE_MAX, |
45 | _DNS_TRANSACTION_SOURCE_INVALID = -1 | |
46 | }; | |
47 | ||
ec2c5e43 LP |
48 | struct DnsTransaction { |
49 | DnsScope *scope; | |
50 | ||
f52e61da | 51 | DnsResourceKey *key; |
ec2c5e43 LP |
52 | |
53 | DnsTransactionState state; | |
547973de | 54 | |
ec2c5e43 LP |
55 | uint16_t id; |
56 | ||
cbe4216d LP |
57 | bool tried_stream:1; |
58 | ||
a0c888c7 LP |
59 | bool initial_jitter_scheduled:1; |
60 | bool initial_jitter_elapsed:1; | |
6e068472 | 61 | |
17c8de63 LP |
62 | bool clamp_ttl:1; |
63 | ||
53fda2bb DR |
64 | bool probing:1; |
65 | ||
ec2c5e43 | 66 | DnsPacket *sent, *received; |
ae6a4bbf LP |
67 | |
68 | DnsAnswer *answer; | |
69 | int answer_rcode; | |
019036a4 | 70 | DnssecResult answer_dnssec_result; |
c3bc53e6 | 71 | DnsTransactionSource answer_source; |
d3760be0 | 72 | uint32_t answer_nsec_ttl; |
7cc6ed7b | 73 | int answer_errno; /* if state is DNS_TRANSACTION_ERRNO */ |
105e1512 LP |
74 | |
75 | /* Indicates whether the primary answer is authenticated, | |
76 | * i.e. whether the RRs from answer which directly match the | |
77 | * question are authenticated, or, if there are none, whether | |
78 | * the NODATA or NXDOMAIN case is. It says nothing about | |
79 | * additional RRs listed in the answer, however they have | |
80 | * their own DNS_ANSWER_AUTHORIZED FLAGS. Note that this bit | |
81 | * is defined different than the AD bit in DNS packets, as | |
82 | * that covers more than just the actual primary answer. */ | |
931851e8 | 83 | bool answer_authenticated; |
ec2c5e43 | 84 | |
105e1512 LP |
85 | /* Contains DNSKEY, DS, SOA RRs we already verified and need |
86 | * to authenticate this reply */ | |
547973de LP |
87 | DnsAnswer *validated_keys; |
88 | ||
9df3ba6c | 89 | usec_t start_usec; |
a9da14e1 | 90 | usec_t next_attempt_after; |
ec2c5e43 LP |
91 | sd_event_source *timeout_event_source; |
92 | unsigned n_attempts; | |
93 | ||
44db02d0 LP |
94 | unsigned n_picked_servers; |
95 | ||
f32f0e57 | 96 | /* UDP connection logic, if we need it */ |
4667e00a LP |
97 | int dns_udp_fd; |
98 | sd_event_source *dns_udp_event_source; | |
d20b1667 | 99 | |
f32f0e57 LP |
100 | /* TCP connection logic, if we need it */ |
101 | DnsStream *stream; | |
102 | ||
4667e00a | 103 | /* The active server */ |
8300ba21 TG |
104 | DnsServer *server; |
105 | ||
547973de | 106 | /* The features of the DNS server at time of transaction start */ |
274b8748 | 107 | DnsServerFeatureLevel current_feature_level; |
be808ea0 | 108 | |
d001e0a3 LP |
109 | /* If we got SERVFAIL back, we retry the lookup, using a lower feature level than we used before. */ |
110 | DnsServerFeatureLevel clamp_feature_level; | |
111 | ||
801ad6a6 LP |
112 | /* Query candidates this transaction is referenced by and that |
113 | * shall be notified about this specific transaction | |
114 | * completing. */ | |
35aa04e9 | 115 | Set *notify_query_candidates, *notify_query_candidates_done; |
ec2c5e43 LP |
116 | |
117 | /* Zone items this transaction is referenced by and that shall | |
118 | * be notified about completion. */ | |
35aa04e9 | 119 | Set *notify_zone_items, *notify_zone_items_done; |
547973de LP |
120 | |
121 | /* Other transactions that this transactions is referenced by | |
122 | * and that shall be notified about completion. This is used | |
123 | * when transactions want to validate their RRsets, but need | |
124 | * another DNSKEY or DS RR to do so. */ | |
35aa04e9 | 125 | Set *notify_transactions, *notify_transactions_done; |
547973de LP |
126 | |
127 | /* The opposite direction: the transactions this transaction | |
128 | * created in order to request DNSKEY or DS RRs. */ | |
129 | Set *dnssec_transactions; | |
ec2c5e43 LP |
130 | |
131 | unsigned block_gc; | |
132 | ||
133 | LIST_FIELDS(DnsTransaction, transactions_by_scope); | |
98767d75 | 134 | LIST_FIELDS(DnsTransaction, transactions_by_stream); |
ec2c5e43 LP |
135 | }; |
136 | ||
f52e61da | 137 | int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsResourceKey *key); |
ec2c5e43 LP |
138 | DnsTransaction* dns_transaction_free(DnsTransaction *t); |
139 | ||
51e399bc | 140 | bool dns_transaction_gc(DnsTransaction *t); |
29bd6012 ZJS |
141 | DEFINE_TRIVIAL_CLEANUP_FUNC(DnsTransaction*, dns_transaction_gc); |
142 | ||
ec2c5e43 LP |
143 | int dns_transaction_go(DnsTransaction *t); |
144 | ||
145 | void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p); | |
146 | void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state); | |
147 | ||
547973de LP |
148 | void dns_transaction_notify(DnsTransaction *t, DnsTransaction *source); |
149 | int dns_transaction_validate_dnssec(DnsTransaction *t); | |
150 | int dns_transaction_request_dnssec_keys(DnsTransaction *t); | |
151 | ||
ec2c5e43 LP |
152 | const char* dns_transaction_state_to_string(DnsTransactionState p) _const_; |
153 | DnsTransactionState dns_transaction_state_from_string(const char *s) _pure_; | |
154 | ||
c3bc53e6 LP |
155 | const char* dns_transaction_source_to_string(DnsTransactionSource p) _const_; |
156 | DnsTransactionSource dns_transaction_source_from_string(const char *s) _pure_; | |
157 | ||
ec2c5e43 | 158 | /* LLMNR Jitter interval, see RFC 4795 Section 7 */ |
6e068472 | 159 | #define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC) |
ec2c5e43 | 160 | |
ea12bcc7 DM |
161 | /* mDNS Jitter interval, see RFC 6762 Section 5.2 */ |
162 | #define MDNS_JITTER_MIN_USEC (20 * USEC_PER_MSEC) | |
163 | #define MDNS_JITTER_RANGE_USEC (100 * USEC_PER_MSEC) | |
164 | ||
53fda2bb DR |
165 | /* mDNS probing interval, see RFC 6762 Section 8.1 */ |
166 | #define MDNS_PROBING_INTERVAL_USEC (250 * USEC_PER_MSEC) | |
167 | ||
ec2c5e43 | 168 | /* Maximum attempts to send DNS requests, across all DNS servers */ |
74a3ed74 | 169 | #define DNS_TRANSACTION_ATTEMPTS_MAX 24 |
ec2c5e43 LP |
170 | |
171 | /* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */ | |
172 | #define LLMNR_TRANSACTION_ATTEMPTS_MAX 3 | |
173 | ||
53fda2bb DR |
174 | /* Maximum attempts to send MDNS requests, see RFC 6762 Section 8.1 */ |
175 | #define MDNS_TRANSACTION_ATTEMPTS_MAX 3 | |
176 | ||
177 | #define TRANSACTION_ATTEMPTS_MAX(p) (((p) == DNS_PROTOCOL_LLMNR) ? \ | |
178 | LLMNR_TRANSACTION_ATTEMPTS_MAX : \ | |
179 | (((p) == DNS_PROTOCOL_MDNS) ? \ | |
180 | MDNS_TRANSACTION_ATTEMPTS_MAX : \ | |
181 | DNS_TRANSACTION_ATTEMPTS_MAX)) |