1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2014 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
24 #include "resolved-llmnr.h"
25 #include "resolved-dns-transaction.h"
26 #include "random-util.h"
28 DnsTransaction
* dns_transaction_free(DnsTransaction
*t
) {
35 sd_event_source_unref(t
->timeout_event_source
);
37 dns_question_unref(t
->question
);
38 dns_packet_unref(t
->sent
);
39 dns_packet_unref(t
->received
);
40 dns_answer_unref(t
->cached
);
42 sd_event_source_unref(t
->dns_event_source
);
43 safe_close(t
->dns_fd
);
45 dns_server_unref(t
->server
);
46 dns_stream_free(t
->stream
);
49 LIST_REMOVE(transactions_by_scope
, t
->scope
->transactions
, t
);
52 hashmap_remove(t
->scope
->manager
->dns_transactions
, UINT_TO_PTR(t
->id
));
55 while ((q
= set_steal_first(t
->queries
)))
56 set_remove(q
->transactions
, t
);
59 while ((i
= set_steal_first(t
->zone_items
)))
60 i
->probe_transaction
= NULL
;
61 set_free(t
->zone_items
);
67 DEFINE_TRIVIAL_CLEANUP_FUNC(DnsTransaction
*, dns_transaction_free
);
69 void dns_transaction_gc(DnsTransaction
*t
) {
75 if (set_isempty(t
->queries
) && set_isempty(t
->zone_items
))
76 dns_transaction_free(t
);
79 int dns_transaction_new(DnsTransaction
**ret
, DnsScope
*s
, DnsQuestion
*q
) {
80 _cleanup_(dns_transaction_freep
) DnsTransaction
*t
= NULL
;
87 r
= hashmap_ensure_allocated(&s
->manager
->dns_transactions
, NULL
);
91 t
= new0(DnsTransaction
, 1);
97 t
->question
= dns_question_ref(q
);
100 random_bytes(&t
->id
, sizeof(t
->id
));
102 hashmap_get(s
->manager
->dns_transactions
, UINT_TO_PTR(t
->id
)));
104 r
= hashmap_put(s
->manager
->dns_transactions
, UINT_TO_PTR(t
->id
), t
);
110 LIST_PREPEND(transactions_by_scope
, s
->transactions
, t
);
121 static void dns_transaction_stop(DnsTransaction
*t
) {
124 t
->timeout_event_source
= sd_event_source_unref(t
->timeout_event_source
);
125 t
->stream
= dns_stream_free(t
->stream
);
128 static void dns_transaction_tentative(DnsTransaction
*t
, DnsPacket
*p
) {
129 _cleanup_free_
char *pretty
= NULL
;
135 if (manager_our_packet(t
->scope
->manager
, p
) != 0)
138 in_addr_to_string(p
->family
, &p
->sender
, &pretty
);
140 log_debug("Transaction on scope %s on %s/%s got tentative packet from %s",
141 dns_protocol_to_string(t
->scope
->protocol
),
142 t
->scope
->link
? t
->scope
->link
->name
: "*",
143 t
->scope
->family
== AF_UNSPEC
? "*" : af_to_name(t
->scope
->family
),
146 /* RFC 4795, Section 4.1 says that the peer with the
147 * lexicographically smaller IP address loses */
148 if (memcmp(&p
->sender
, &p
->destination
, FAMILY_ADDRESS_SIZE(p
->family
)) >= 0) {
149 log_debug("Peer has lexicographically larger IP address and thus lost in the conflict.");
153 log_debug("We have the lexicographically larger IP address and thus lost in the conflict.");
156 while ((z
= set_first(t
->zone_items
))) {
157 /* First, make sure the zone item drops the reference
159 dns_zone_item_probe_stop(z
);
161 /* Secondly, report this as conflict, so that we might
162 * look for a different hostname */
163 dns_zone_item_conflict(z
);
167 dns_transaction_gc(t
);
170 void dns_transaction_complete(DnsTransaction
*t
, DnsTransactionState state
) {
176 assert(!IN_SET(state
, DNS_TRANSACTION_NULL
, DNS_TRANSACTION_PENDING
));
178 if (!IN_SET(t
->state
, DNS_TRANSACTION_NULL
, DNS_TRANSACTION_PENDING
))
181 /* Note that this call might invalidate the query. Callers
182 * should hence not attempt to access the query or transaction
183 * after calling this function. */
185 log_debug("Transaction on scope %s on %s/%s now complete with <%s>",
186 dns_protocol_to_string(t
->scope
->protocol
),
187 t
->scope
->link
? t
->scope
->link
->name
: "*",
188 t
->scope
->family
== AF_UNSPEC
? "*" : af_to_name(t
->scope
->family
),
189 dns_transaction_state_to_string(state
));
193 dns_transaction_stop(t
);
195 /* Notify all queries that are interested, but make sure the
196 * transaction isn't freed while we are still looking at it */
198 SET_FOREACH(q
, t
->queries
, i
)
200 SET_FOREACH(z
, t
->zone_items
, i
)
201 dns_zone_item_ready(z
);
204 dns_transaction_gc(t
);
207 static int on_stream_complete(DnsStream
*s
, int error
) {
208 _cleanup_(dns_packet_unrefp
) DnsPacket
*p
= NULL
;
212 assert(s
->transaction
);
214 /* Copy the data we care about out of the stream before we
217 p
= dns_packet_ref(s
->read_packet
);
219 t
->stream
= dns_stream_free(t
->stream
);
222 dns_transaction_complete(t
, DNS_TRANSACTION_RESOURCES
);
226 if (dns_packet_validate_reply(p
) <= 0) {
227 log_debug("Invalid LLMNR TCP packet.");
228 dns_transaction_complete(t
, DNS_TRANSACTION_INVALID_REPLY
);
232 dns_scope_check_conflicts(t
->scope
, p
);
235 dns_transaction_process_reply(t
, p
);
238 /* If the response wasn't useful, then complete the transition now */
239 if (t
->state
== DNS_TRANSACTION_PENDING
)
240 dns_transaction_complete(t
, DNS_TRANSACTION_INVALID_REPLY
);
245 static int dns_transaction_open_tcp(DnsTransaction
*t
) {
246 DnsServer
*server
= NULL
;
247 _cleanup_close_
int fd
= -1;
255 if (t
->scope
->protocol
== DNS_PROTOCOL_DNS
)
256 fd
= dns_scope_tcp_socket(t
->scope
, AF_UNSPEC
, NULL
, 53, &server
);
257 else if (t
->scope
->protocol
== DNS_PROTOCOL_LLMNR
) {
259 /* When we already received a query to this (but it was truncated), send to its sender address */
261 fd
= dns_scope_tcp_socket(t
->scope
, t
->received
->family
, &t
->received
->sender
, t
->received
->sender_port
, NULL
);
263 union in_addr_union address
;
264 int family
= AF_UNSPEC
;
266 /* Otherwise, try to talk to the owner of a
267 * the IP address, in case this is a reverse
269 r
= dns_question_extract_reverse_address(t
->question
, &family
, &address
);
275 fd
= dns_scope_tcp_socket(t
->scope
, family
, &address
, LLMNR_PORT
, NULL
);
278 return -EAFNOSUPPORT
;
283 r
= dns_stream_new(t
->scope
->manager
, &t
->stream
, t
->scope
->protocol
, fd
);
289 r
= dns_stream_write_packet(t
->stream
, t
->sent
);
291 t
->stream
= dns_stream_free(t
->stream
);
296 dns_server_unref(t
->server
);
297 t
->server
= dns_server_ref(server
);
298 t
->received
= dns_packet_unref(t
->received
);
299 t
->stream
->complete
= on_stream_complete
;
300 t
->stream
->transaction
= t
;
302 /* The interface index is difficult to determine if we are
303 * connecting to the local host, hence fill this in right away
304 * instead of determining it from the socket */
306 t
->stream
->ifindex
= t
->scope
->link
->ifindex
;
311 static void dns_transaction_next_dns_server(DnsTransaction
*t
) {
314 t
->server
= dns_server_unref(t
->server
);
315 t
->dns_event_source
= sd_event_source_unref(t
->dns_event_source
);
316 t
->dns_fd
= safe_close(t
->dns_fd
);
318 dns_scope_next_dns_server(t
->scope
);
321 void dns_transaction_process_reply(DnsTransaction
*t
, DnsPacket
*p
) {
326 assert(t
->state
== DNS_TRANSACTION_PENDING
);
328 /* Note that this call might invalidate the query. Callers
329 * should hence not attempt to access the query or transaction
330 * after calling this function. */
332 if (t
->scope
->protocol
== DNS_PROTOCOL_LLMNR
) {
333 assert(t
->scope
->link
);
335 /* For LLMNR we will not accept any packets from other
338 if (p
->ifindex
!= t
->scope
->link
->ifindex
)
341 if (p
->family
!= t
->scope
->family
)
344 /* Tentative packets are not full responses but still
345 * useful for identifying uniqueness conflicts during
347 if (DNS_PACKET_LLMNR_T(p
)) {
348 dns_transaction_tentative(t
, p
);
353 if (t
->received
!= p
) {
354 dns_packet_unref(t
->received
);
355 t
->received
= dns_packet_ref(p
);
358 if (p
->ipproto
== IPPROTO_TCP
) {
359 if (DNS_PACKET_TC(p
)) {
360 /* Truncated via TCP? Somebody must be fucking with us */
361 dns_transaction_complete(t
, DNS_TRANSACTION_INVALID_REPLY
);
365 if (DNS_PACKET_ID(p
) != t
->id
) {
366 /* Not the reply to our query? Somebody must be fucking with us */
367 dns_transaction_complete(t
, DNS_TRANSACTION_INVALID_REPLY
);
372 if (DNS_PACKET_TC(p
)) {
373 /* Response was truncated, let's try again with good old TCP */
374 r
= dns_transaction_open_tcp(t
);
376 /* No servers found? Damn! */
377 dns_transaction_complete(t
, DNS_TRANSACTION_NO_SERVERS
);
381 /* On LLMNR, if we cannot connect to the host,
382 * we immediately give up */
383 if (t
->scope
->protocol
== DNS_PROTOCOL_LLMNR
) {
384 dns_transaction_complete(t
, DNS_TRANSACTION_RESOURCES
);
388 /* On DNS, couldn't send? Try immediately again, with a new server */
389 dns_transaction_next_dns_server(t
);
391 r
= dns_transaction_go(t
);
393 dns_transaction_complete(t
, DNS_TRANSACTION_RESOURCES
);
401 /* Parse and update the cache */
402 r
= dns_packet_extract(p
);
404 dns_transaction_complete(t
, DNS_TRANSACTION_INVALID_REPLY
);
408 /* Only consider responses with equivalent query section to the request */
409 if (!dns_question_is_superset(p
->question
, t
->question
) ||
410 !dns_question_is_superset(t
->question
, p
->question
)) {
411 dns_transaction_complete(t
, DNS_TRANSACTION_INVALID_REPLY
);
415 /* According to RFC 4795, section 2.9. only the RRs from the answer section shall be cached */
416 dns_cache_put(&t
->scope
->cache
, p
->question
, DNS_PACKET_RCODE(p
), p
->answer
, DNS_PACKET_ANCOUNT(p
), 0, p
->family
, &p
->sender
);
418 if (DNS_PACKET_RCODE(p
) == DNS_RCODE_SUCCESS
)
419 dns_transaction_complete(t
, DNS_TRANSACTION_SUCCESS
);
421 dns_transaction_complete(t
, DNS_TRANSACTION_FAILURE
);
424 static int on_dns_packet(sd_event_source
*s
, int fd
, uint32_t revents
, void *userdata
) {
425 _cleanup_(dns_packet_unrefp
) DnsPacket
*p
= NULL
;
426 DnsTransaction
*t
= userdata
;
432 r
= manager_recv(t
->scope
->manager
, fd
, DNS_PROTOCOL_DNS
, &p
);
436 if (dns_packet_validate_reply(p
) > 0 &&
437 DNS_PACKET_ID(p
) == t
->id
) {
438 dns_transaction_process_reply(t
, p
);
440 log_debug("Invalid DNS packet.");
445 static int dns_transaction_emit(DnsTransaction
*t
) {
450 if (t
->scope
->protocol
== DNS_PROTOCOL_DNS
&& !t
->server
) {
451 DnsServer
*server
= NULL
;
452 _cleanup_close_
int fd
= -1;
454 fd
= dns_scope_udp_dns_socket(t
->scope
, &server
);
458 r
= sd_event_add_io(t
->scope
->manager
->event
, &t
->dns_event_source
, fd
, EPOLLIN
, on_dns_packet
, t
);
464 t
->server
= dns_server_ref(server
);
467 r
= dns_scope_emit(t
->scope
, t
->dns_fd
, t
->sent
);
474 static int on_transaction_timeout(sd_event_source
*s
, usec_t usec
, void *userdata
) {
475 DnsTransaction
*t
= userdata
;
481 /* Timeout reached? Try again, with a new server */
482 dns_transaction_next_dns_server(t
);
484 r
= dns_transaction_go(t
);
486 dns_transaction_complete(t
, DNS_TRANSACTION_RESOURCES
);
491 static int dns_transaction_make_packet(DnsTransaction
*t
) {
492 _cleanup_(dns_packet_unrefp
) DnsPacket
*p
= NULL
;
493 unsigned n
, added
= 0;
501 r
= dns_packet_new_query(&p
, t
->scope
->protocol
, 0);
505 for (n
= 0; n
< t
->question
->n_keys
; n
++) {
506 r
= dns_scope_good_key(t
->scope
, t
->question
->keys
[n
]);
512 r
= dns_packet_append_key(p
, t
->question
->keys
[n
], NULL
);
522 DNS_PACKET_HEADER(p
)->qdcount
= htobe16(added
);
523 DNS_PACKET_HEADER(p
)->id
= t
->id
;
531 int dns_transaction_go(DnsTransaction
*t
) {
537 had_stream
= !!t
->stream
;
539 dns_transaction_stop(t
);
541 log_debug("Excercising transaction on scope %s on %s/%s",
542 dns_protocol_to_string(t
->scope
->protocol
),
543 t
->scope
->link
? t
->scope
->link
->name
: "*",
544 t
->scope
->family
== AF_UNSPEC
? "*" : af_to_name(t
->scope
->family
));
546 if (t
->n_attempts
>= TRANSACTION_ATTEMPTS_MAX(t
->scope
->protocol
)) {
547 dns_transaction_complete(t
, DNS_TRANSACTION_ATTEMPTS_MAX_REACHED
);
551 if (t
->scope
->protocol
== DNS_PROTOCOL_LLMNR
&& had_stream
) {
552 /* If we already tried via a stream, then we don't
553 * retry on LLMNR. See RFC 4795, Section 2.7. */
554 dns_transaction_complete(t
, DNS_TRANSACTION_ATTEMPTS_MAX_REACHED
);
559 t
->received
= dns_packet_unref(t
->received
);
560 t
->cached
= dns_answer_unref(t
->cached
);
563 /* Check the cache, but only if this transaction is not used
564 * for probing or verifying a zone item. */
565 if (set_isempty(t
->zone_items
)) {
567 /* Before trying the cache, let's make sure we figured out a
568 * server to use. Should this cause a change of server this
569 * might flush the cache. */
570 dns_scope_get_dns_server(t
->scope
);
572 /* Let's then prune all outdated entries */
573 dns_cache_prune(&t
->scope
->cache
);
575 r
= dns_cache_lookup(&t
->scope
->cache
, t
->question
, &t
->cached_rcode
, &t
->cached
);
579 log_debug("Cache hit!");
580 if (t
->cached_rcode
== DNS_RCODE_SUCCESS
)
581 dns_transaction_complete(t
, DNS_TRANSACTION_SUCCESS
);
583 dns_transaction_complete(t
, DNS_TRANSACTION_FAILURE
);
588 if (t
->scope
->protocol
== DNS_PROTOCOL_LLMNR
&& !t
->initial_jitter
) {
591 /* RFC 4795 Section 2.7 suggests all queries should be
592 * delayed by a random time from 0 to JITTER_INTERVAL. */
594 t
->initial_jitter
= true;
596 random_bytes(&jitter
, sizeof(jitter
));
597 jitter
%= LLMNR_JITTER_INTERVAL_USEC
;
599 r
= sd_event_add_time(
600 t
->scope
->manager
->event
,
601 &t
->timeout_event_source
,
602 clock_boottime_or_monotonic(),
603 now(clock_boottime_or_monotonic()) + jitter
,
604 LLMNR_JITTER_INTERVAL_USEC
,
605 on_transaction_timeout
, t
);
610 t
->state
= DNS_TRANSACTION_PENDING
;
612 log_debug("Delaying LLMNR transaction for " USEC_FMT
"us.", jitter
);
616 log_debug("Cache miss!");
618 /* Otherwise, we need to ask the network */
619 r
= dns_transaction_make_packet(t
);
621 /* Not the right request to make on this network?
622 * (i.e. an A request made on IPv6 or an AAAA request
623 * made on IPv4, on LLMNR or mDNS.) */
624 dns_transaction_complete(t
, DNS_TRANSACTION_NO_SERVERS
);
630 if (t
->scope
->protocol
== DNS_PROTOCOL_LLMNR
&&
631 (dns_question_endswith(t
->question
, "in-addr.arpa") > 0 ||
632 dns_question_endswith(t
->question
, "ip6.arpa") > 0)) {
634 /* RFC 4795, Section 2.4. says reverse lookups shall
635 * always be made via TCP on LLMNR */
636 r
= dns_transaction_open_tcp(t
);
638 /* Try via UDP, and if that fails due to large size try via TCP */
639 r
= dns_transaction_emit(t
);
641 r
= dns_transaction_open_tcp(t
);
644 /* No servers to send this to? */
645 dns_transaction_complete(t
, DNS_TRANSACTION_NO_SERVERS
);
648 if (t
->scope
->protocol
!= DNS_PROTOCOL_DNS
) {
649 dns_transaction_complete(t
, DNS_TRANSACTION_RESOURCES
);
653 /* Couldn't send? Try immediately again, with a new server */
654 dns_transaction_next_dns_server(t
);
656 return dns_transaction_go(t
);
659 r
= sd_event_add_time(
660 t
->scope
->manager
->event
,
661 &t
->timeout_event_source
,
662 clock_boottime_or_monotonic(),
663 now(clock_boottime_or_monotonic()) + TRANSACTION_TIMEOUT_USEC(t
->scope
->protocol
), 0,
664 on_transaction_timeout
, t
);
668 t
->state
= DNS_TRANSACTION_PENDING
;
672 static const char* const dns_transaction_state_table
[_DNS_TRANSACTION_STATE_MAX
] = {
673 [DNS_TRANSACTION_NULL
] = "null",
674 [DNS_TRANSACTION_PENDING
] = "pending",
675 [DNS_TRANSACTION_FAILURE
] = "failure",
676 [DNS_TRANSACTION_SUCCESS
] = "success",
677 [DNS_TRANSACTION_NO_SERVERS
] = "no-servers",
678 [DNS_TRANSACTION_TIMEOUT
] = "timeout",
679 [DNS_TRANSACTION_ATTEMPTS_MAX_REACHED
] = "attempts-max-reached",
680 [DNS_TRANSACTION_INVALID_REPLY
] = "invalid-reply",
681 [DNS_TRANSACTION_RESOURCES
] = "resources",
682 [DNS_TRANSACTION_ABORTED
] = "aborted",
684 DEFINE_STRING_TABLE_LOOKUP(dns_transaction_state
, DnsTransactionState
);