1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2014 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
23 #include "alloc-util.h"
24 #include "dns-domain.h"
26 #include "random-util.h"
27 #include "resolved-dns-cache.h"
28 #include "resolved-dns-transaction.h"
29 #include "resolved-llmnr.h"
30 #include "string-table.h"
32 DnsTransaction
* dns_transaction_free(DnsTransaction
*t
) {
39 sd_event_source_unref(t
->timeout_event_source
);
41 dns_packet_unref(t
->sent
);
42 dns_packet_unref(t
->received
);
44 dns_answer_unref(t
->answer
);
46 sd_event_source_unref(t
->dns_udp_event_source
);
47 safe_close(t
->dns_udp_fd
);
49 dns_server_unref(t
->server
);
50 dns_stream_free(t
->stream
);
53 hashmap_remove_value(t
->scope
->transactions_by_key
, t
->key
, t
);
54 LIST_REMOVE(transactions_by_scope
, t
->scope
->transactions
, t
);
57 hashmap_remove(t
->scope
->manager
->dns_transactions
, UINT_TO_PTR(t
->id
));
60 dns_resource_key_unref(t
->key
);
62 while ((c
= set_steal_first(t
->query_candidates
)))
63 set_remove(c
->transactions
, t
);
65 set_free(t
->query_candidates
);
67 while ((i
= set_steal_first(t
->zone_items
)))
68 i
->probe_transaction
= NULL
;
69 set_free(t
->zone_items
);
75 DEFINE_TRIVIAL_CLEANUP_FUNC(DnsTransaction
*, dns_transaction_free
);
77 void dns_transaction_gc(DnsTransaction
*t
) {
83 if (set_isempty(t
->query_candidates
) && set_isempty(t
->zone_items
))
84 dns_transaction_free(t
);
87 int dns_transaction_new(DnsTransaction
**ret
, DnsScope
*s
, DnsResourceKey
*key
) {
88 _cleanup_(dns_transaction_freep
) DnsTransaction
*t
= NULL
;
95 r
= hashmap_ensure_allocated(&s
->manager
->dns_transactions
, NULL
);
99 r
= hashmap_ensure_allocated(&s
->transactions_by_key
, &dns_resource_key_hash_ops
);
103 t
= new0(DnsTransaction
, 1);
108 t
->answer_source
= _DNS_TRANSACTION_SOURCE_INVALID
;
109 t
->key
= dns_resource_key_ref(key
);
111 /* Find a fresh, unused transaction id */
113 random_bytes(&t
->id
, sizeof(t
->id
));
115 hashmap_get(s
->manager
->dns_transactions
, UINT_TO_PTR(t
->id
)));
117 r
= hashmap_put(s
->manager
->dns_transactions
, UINT_TO_PTR(t
->id
), t
);
123 r
= hashmap_replace(s
->transactions_by_key
, t
->key
, t
);
125 hashmap_remove(s
->manager
->dns_transactions
, UINT_TO_PTR(t
->id
));
129 LIST_PREPEND(transactions_by_scope
, s
->transactions
, t
);
140 static void dns_transaction_stop(DnsTransaction
*t
) {
143 t
->timeout_event_source
= sd_event_source_unref(t
->timeout_event_source
);
144 t
->stream
= dns_stream_free(t
->stream
);
146 /* Note that we do not drop the UDP socket here, as we want to
147 * reuse it to repeat the interaction. */
150 static void dns_transaction_tentative(DnsTransaction
*t
, DnsPacket
*p
) {
151 _cleanup_free_
char *pretty
= NULL
;
157 if (manager_our_packet(t
->scope
->manager
, p
) != 0)
160 in_addr_to_string(p
->family
, &p
->sender
, &pretty
);
162 log_debug("Transaction on scope %s on %s/%s got tentative packet from %s",
163 dns_protocol_to_string(t
->scope
->protocol
),
164 t
->scope
->link
? t
->scope
->link
->name
: "*",
165 t
->scope
->family
== AF_UNSPEC
? "*" : af_to_name(t
->scope
->family
),
168 /* RFC 4795, Section 4.1 says that the peer with the
169 * lexicographically smaller IP address loses */
170 if (memcmp(&p
->sender
, &p
->destination
, FAMILY_ADDRESS_SIZE(p
->family
)) >= 0) {
171 log_debug("Peer has lexicographically larger IP address and thus lost in the conflict.");
175 log_debug("We have the lexicographically larger IP address and thus lost in the conflict.");
178 while ((z
= set_first(t
->zone_items
))) {
179 /* First, make sure the zone item drops the reference
181 dns_zone_item_probe_stop(z
);
183 /* Secondly, report this as conflict, so that we might
184 * look for a different hostname */
185 dns_zone_item_conflict(z
);
189 dns_transaction_gc(t
);
192 void dns_transaction_complete(DnsTransaction
*t
, DnsTransactionState state
) {
193 DnsQueryCandidate
*c
;
198 assert(!IN_SET(state
, DNS_TRANSACTION_NULL
, DNS_TRANSACTION_PENDING
));
200 /* Note that this call might invalidate the query. Callers
201 * should hence not attempt to access the query or transaction
202 * after calling this function. */
204 log_debug("Transaction on scope %s on %s/%s now complete with <%s> from %s",
205 dns_protocol_to_string(t
->scope
->protocol
),
206 t
->scope
->link
? t
->scope
->link
->name
: "*",
207 t
->scope
->family
== AF_UNSPEC
? "*" : af_to_name(t
->scope
->family
),
208 dns_transaction_state_to_string(state
),
209 t
->answer_source
< 0 ? "none" : dns_transaction_source_to_string(t
->answer_source
));
213 dns_transaction_stop(t
);
215 /* Notify all queries that are interested, but make sure the
216 * transaction isn't freed while we are still looking at it */
218 SET_FOREACH(c
, t
->query_candidates
, i
)
219 dns_query_candidate_ready(c
);
220 SET_FOREACH(z
, t
->zone_items
, i
)
221 dns_zone_item_ready(z
);
224 dns_transaction_gc(t
);
227 static int on_stream_complete(DnsStream
*s
, int error
) {
228 _cleanup_(dns_packet_unrefp
) DnsPacket
*p
= NULL
;
232 assert(s
->transaction
);
234 /* Copy the data we care about out of the stream before we
237 p
= dns_packet_ref(s
->read_packet
);
239 t
->stream
= dns_stream_free(t
->stream
);
242 dns_transaction_complete(t
, DNS_TRANSACTION_RESOURCES
);
246 if (dns_packet_validate_reply(p
) <= 0) {
247 log_debug("Invalid TCP reply packet.");
248 dns_transaction_complete(t
, DNS_TRANSACTION_INVALID_REPLY
);
252 dns_scope_check_conflicts(t
->scope
, p
);
255 dns_transaction_process_reply(t
, p
);
258 /* If the response wasn't useful, then complete the transition now */
259 if (t
->state
== DNS_TRANSACTION_PENDING
)
260 dns_transaction_complete(t
, DNS_TRANSACTION_INVALID_REPLY
);
265 static int dns_transaction_open_tcp(DnsTransaction
*t
) {
266 DnsServer
*server
= NULL
;
267 _cleanup_close_
int fd
= -1;
275 switch (t
->scope
->protocol
) {
276 case DNS_PROTOCOL_DNS
:
277 fd
= dns_scope_tcp_socket(t
->scope
, AF_UNSPEC
, NULL
, 53, &server
);
280 case DNS_PROTOCOL_LLMNR
:
281 /* When we already received a reply to this (but it was truncated), send to its sender address */
283 fd
= dns_scope_tcp_socket(t
->scope
, t
->received
->family
, &t
->received
->sender
, t
->received
->sender_port
, NULL
);
285 union in_addr_union address
;
286 int family
= AF_UNSPEC
;
288 /* Otherwise, try to talk to the owner of a
289 * the IP address, in case this is a reverse
292 r
= dns_name_address(DNS_RESOURCE_KEY_NAME(t
->key
), &family
, &address
);
297 if (family
!= t
->scope
->family
)
300 fd
= dns_scope_tcp_socket(t
->scope
, family
, &address
, LLMNR_PORT
, NULL
);
306 return -EAFNOSUPPORT
;
312 r
= dns_stream_new(t
->scope
->manager
, &t
->stream
, t
->scope
->protocol
, fd
);
318 r
= dns_stream_write_packet(t
->stream
, t
->sent
);
320 t
->stream
= dns_stream_free(t
->stream
);
324 dns_server_unref(t
->server
);
325 t
->server
= dns_server_ref(server
);
326 t
->received
= dns_packet_unref(t
->received
);
327 t
->answer
= dns_answer_unref(t
->answer
);
329 t
->stream
->complete
= on_stream_complete
;
330 t
->stream
->transaction
= t
;
332 /* The interface index is difficult to determine if we are
333 * connecting to the local host, hence fill this in right away
334 * instead of determining it from the socket */
336 t
->stream
->ifindex
= t
->scope
->link
->ifindex
;
341 static void dns_transaction_next_dns_server(DnsTransaction
*t
) {
344 t
->server
= dns_server_unref(t
->server
);
345 t
->dns_udp_event_source
= sd_event_source_unref(t
->dns_udp_event_source
);
346 t
->dns_udp_fd
= safe_close(t
->dns_udp_fd
);
348 dns_scope_next_dns_server(t
->scope
);
351 void dns_transaction_process_reply(DnsTransaction
*t
, DnsPacket
*p
) {
357 assert(t
->state
== DNS_TRANSACTION_PENDING
);
359 assert(t
->scope
->manager
);
361 /* Note that this call might invalidate the query. Callers
362 * should hence not attempt to access the query or transaction
363 * after calling this function. */
365 switch (t
->scope
->protocol
) {
366 case DNS_PROTOCOL_LLMNR
:
367 assert(t
->scope
->link
);
369 /* For LLMNR we will not accept any packets from other
372 if (p
->ifindex
!= t
->scope
->link
->ifindex
)
375 if (p
->family
!= t
->scope
->family
)
378 /* Tentative packets are not full responses but still
379 * useful for identifying uniqueness conflicts during
381 if (DNS_PACKET_LLMNR_T(p
)) {
382 dns_transaction_tentative(t
, p
);
388 case DNS_PROTOCOL_MDNS
:
389 assert(t
->scope
->link
);
391 /* For mDNS we will not accept any packets from other interfaces */
392 if (p
->ifindex
!= t
->scope
->link
->ifindex
)
395 if (p
->family
!= t
->scope
->family
)
400 case DNS_PROTOCOL_DNS
:
404 assert_not_reached("Invalid DNS protocol.");
407 if (t
->received
!= p
) {
408 dns_packet_unref(t
->received
);
409 t
->received
= dns_packet_ref(p
);
412 t
->answer_source
= DNS_TRANSACTION_NETWORK
;
414 if (p
->ipproto
== IPPROTO_TCP
) {
415 if (DNS_PACKET_TC(p
)) {
416 /* Truncated via TCP? Somebody must be fucking with us */
417 dns_transaction_complete(t
, DNS_TRANSACTION_INVALID_REPLY
);
421 if (DNS_PACKET_ID(p
) != t
->id
) {
422 /* Not the reply to our query? Somebody must be fucking with us */
423 dns_transaction_complete(t
, DNS_TRANSACTION_INVALID_REPLY
);
428 assert_se(sd_event_now(t
->scope
->manager
->event
, clock_boottime_or_monotonic(), &ts
) >= 0);
430 switch (t
->scope
->protocol
) {
431 case DNS_PROTOCOL_DNS
:
434 if (IN_SET(DNS_PACKET_RCODE(p
), DNS_RCODE_FORMERR
, DNS_RCODE_SERVFAIL
, DNS_RCODE_NOTIMP
)) {
436 /* request failed, immediately try again with reduced features */
437 log_debug("Server returned error: %s", dns_rcode_to_string(DNS_PACKET_RCODE(p
)));
439 dns_server_packet_failed(t
->server
, t
->current_features
);
441 r
= dns_transaction_go(t
);
443 dns_transaction_complete(t
, DNS_TRANSACTION_RESOURCES
);
449 dns_server_packet_received(t
->server
, t
->current_features
, ts
- t
->start_usec
, p
->size
);
452 case DNS_PROTOCOL_LLMNR
:
453 case DNS_PROTOCOL_MDNS
:
454 dns_scope_packet_received(t
->scope
, ts
- t
->start_usec
);
461 if (DNS_PACKET_TC(p
)) {
463 /* Truncated packets for mDNS are not allowed. Give up immediately. */
464 if (t
->scope
->protocol
== DNS_PROTOCOL_MDNS
) {
465 dns_transaction_complete(t
, DNS_TRANSACTION_INVALID_REPLY
);
469 /* Response was truncated, let's try again with good old TCP */
470 r
= dns_transaction_open_tcp(t
);
472 /* No servers found? Damn! */
473 dns_transaction_complete(t
, DNS_TRANSACTION_NO_SERVERS
);
477 /* On LLMNR and mDNS, if we cannot connect to the host,
478 * we immediately give up */
479 if (t
->scope
->protocol
== DNS_PROTOCOL_LLMNR
) {
480 dns_transaction_complete(t
, DNS_TRANSACTION_RESOURCES
);
484 /* On DNS, couldn't send? Try immediately again, with a new server */
485 dns_transaction_next_dns_server(t
);
487 r
= dns_transaction_go(t
);
489 dns_transaction_complete(t
, DNS_TRANSACTION_RESOURCES
);
497 /* Parse and update the cache */
498 r
= dns_packet_extract(p
);
500 dns_transaction_complete(t
, DNS_TRANSACTION_INVALID_REPLY
);
504 if (t
->scope
->protocol
== DNS_PROTOCOL_DNS
) {
505 /* Only consider responses with equivalent query section to the request */
506 if (p
->question
->n_keys
!= 1 || dns_resource_key_equal(p
->question
->keys
[0], t
->key
) <= 0) {
507 dns_transaction_complete(t
, DNS_TRANSACTION_INVALID_REPLY
);
511 /* Install the answer as answer to the transaction */
512 dns_answer_unref(t
->answer
);
513 t
->answer
= dns_answer_ref(p
->answer
);
514 t
->answer_rcode
= DNS_PACKET_RCODE(p
);
515 t
->answer_authenticated
= t
->scope
->dnssec_mode
== DNSSEC_TRUST
&& DNS_PACKET_AD(p
);
517 /* According to RFC 4795, section 2.9. only the RRs from the answer section shall be cached */
518 if (DNS_PACKET_SHALL_CACHE(p
))
519 dns_cache_put(&t
->scope
->cache
,
523 DNS_PACKET_ANCOUNT(p
),
524 t
->answer_authenticated
,
530 if (DNS_PACKET_RCODE(p
) == DNS_RCODE_SUCCESS
)
531 dns_transaction_complete(t
, DNS_TRANSACTION_SUCCESS
);
533 dns_transaction_complete(t
, DNS_TRANSACTION_FAILURE
);
536 static int on_dns_packet(sd_event_source
*s
, int fd
, uint32_t revents
, void *userdata
) {
537 _cleanup_(dns_packet_unrefp
) DnsPacket
*p
= NULL
;
538 DnsTransaction
*t
= userdata
;
544 r
= manager_recv(t
->scope
->manager
, fd
, DNS_PROTOCOL_DNS
, &p
);
548 if (dns_packet_validate_reply(p
) > 0 &&
549 DNS_PACKET_ID(p
) == t
->id
)
550 dns_transaction_process_reply(t
, p
);
552 log_debug("Invalid DNS packet.");
557 static int dns_transaction_emit(DnsTransaction
*t
) {
562 if (t
->scope
->protocol
== DNS_PROTOCOL_DNS
&& !t
->server
) {
563 DnsServer
*server
= NULL
;
564 _cleanup_close_
int fd
= -1;
566 fd
= dns_scope_udp_dns_socket(t
->scope
, &server
);
570 r
= sd_event_add_io(t
->scope
->manager
->event
, &t
->dns_udp_event_source
, fd
, EPOLLIN
, on_dns_packet
, t
);
576 t
->server
= dns_server_ref(server
);
579 r
= dns_scope_emit(t
->scope
, t
->dns_udp_fd
, t
->server
, t
->sent
);
584 t
->current_features
= t
->server
->possible_features
;
589 static int on_transaction_timeout(sd_event_source
*s
, usec_t usec
, void *userdata
) {
590 DnsTransaction
*t
= userdata
;
596 if (!t
->initial_jitter_scheduled
|| t
->initial_jitter_elapsed
) {
597 /* Timeout reached? Increase the timeout for the server used */
598 switch (t
->scope
->protocol
) {
599 case DNS_PROTOCOL_DNS
:
602 dns_server_packet_lost(t
->server
, t
->current_features
, usec
- t
->start_usec
);
605 case DNS_PROTOCOL_LLMNR
:
606 case DNS_PROTOCOL_MDNS
:
607 dns_scope_packet_lost(t
->scope
, usec
- t
->start_usec
);
611 assert_not_reached("Invalid DNS protocol.");
614 if (t
->initial_jitter_scheduled
)
615 t
->initial_jitter_elapsed
= true;
618 /* ...and try again with a new server */
619 dns_transaction_next_dns_server(t
);
621 r
= dns_transaction_go(t
);
623 dns_transaction_complete(t
, DNS_TRANSACTION_RESOURCES
);
628 static usec_t
transaction_get_resend_timeout(DnsTransaction
*t
) {
632 switch (t
->scope
->protocol
) {
633 case DNS_PROTOCOL_DNS
:
636 return t
->server
->resend_timeout
;
637 case DNS_PROTOCOL_MDNS
:
638 assert(t
->n_attempts
> 0);
639 return (1 << (t
->n_attempts
- 1)) * USEC_PER_SEC
;
640 case DNS_PROTOCOL_LLMNR
:
641 return t
->scope
->resend_timeout
;
643 assert_not_reached("Invalid DNS protocol.");
647 static int dns_transaction_prepare_next_attempt(DnsTransaction
*t
, usec_t ts
) {
653 had_stream
= !!t
->stream
;
655 dns_transaction_stop(t
);
657 if (t
->n_attempts
>= TRANSACTION_ATTEMPTS_MAX(t
->scope
->protocol
)) {
658 dns_transaction_complete(t
, DNS_TRANSACTION_ATTEMPTS_MAX_REACHED
);
662 if (t
->scope
->protocol
== DNS_PROTOCOL_LLMNR
&& had_stream
) {
663 /* If we already tried via a stream, then we don't
664 * retry on LLMNR. See RFC 4795, Section 2.7. */
665 dns_transaction_complete(t
, DNS_TRANSACTION_ATTEMPTS_MAX_REACHED
);
671 t
->received
= dns_packet_unref(t
->received
);
672 t
->answer
= dns_answer_unref(t
->answer
);
674 t
->answer_source
= _DNS_TRANSACTION_SOURCE_INVALID
;
676 /* Check the trust anchor. Do so only on classic DNS, since DNSSEC does not apply otherwise. */
677 if (t
->scope
->protocol
== DNS_PROTOCOL_DNS
) {
678 r
= dns_trust_anchor_lookup(&t
->scope
->manager
->trust_anchor
, t
->key
, &t
->answer
);
682 t
->answer_rcode
= DNS_RCODE_SUCCESS
;
683 t
->answer_source
= DNS_TRANSACTION_TRUST_ANCHOR
;
684 t
->answer_authenticated
= true;
685 dns_transaction_complete(t
, DNS_TRANSACTION_SUCCESS
);
690 /* Check the zone, but only if this transaction is not used
691 * for probing or verifying a zone item. */
692 if (set_isempty(t
->zone_items
)) {
694 r
= dns_zone_lookup(&t
->scope
->zone
, t
->key
, &t
->answer
, NULL
, NULL
);
698 t
->answer_rcode
= DNS_RCODE_SUCCESS
;
699 t
->answer_source
= DNS_TRANSACTION_ZONE
;
700 t
->answer_authenticated
= true;
701 dns_transaction_complete(t
, DNS_TRANSACTION_SUCCESS
);
706 /* Check the cache, but only if this transaction is not used
707 * for probing or verifying a zone item. */
708 if (set_isempty(t
->zone_items
)) {
710 /* Before trying the cache, let's make sure we figured out a
711 * server to use. Should this cause a change of server this
712 * might flush the cache. */
713 dns_scope_get_dns_server(t
->scope
);
715 /* Let's then prune all outdated entries */
716 dns_cache_prune(&t
->scope
->cache
);
718 r
= dns_cache_lookup(&t
->scope
->cache
, t
->key
, &t
->answer_rcode
, &t
->answer
, &t
->answer_authenticated
);
722 t
->answer_source
= DNS_TRANSACTION_CACHE
;
723 if (t
->answer_rcode
== DNS_RCODE_SUCCESS
)
724 dns_transaction_complete(t
, DNS_TRANSACTION_SUCCESS
);
726 dns_transaction_complete(t
, DNS_TRANSACTION_FAILURE
);
734 static int dns_transaction_make_packet_mdns(DnsTransaction
*t
) {
736 _cleanup_(dns_packet_unrefp
) DnsPacket
*p
= NULL
;
737 bool add_known_answers
= false;
738 DnsTransaction
*other
;
744 assert(t
->scope
->protocol
== DNS_PROTOCOL_MDNS
);
746 /* Discard any previously prepared packet, so we can start over and coaleasce again */
747 t
->sent
= dns_packet_unref(t
->sent
);
749 r
= dns_packet_new_query(&p
, t
->scope
->protocol
, 0, false);
753 r
= dns_packet_append_key(p
, t
->key
, NULL
);
759 if (dns_key_is_shared(t
->key
))
760 add_known_answers
= true;
763 * For mDNS, we want to coalesce as many open queries in pending transactions into one single
764 * query packet on the wire as possible. To achieve that, we iterate through all pending transactions
765 * in our current scope, and see whether their timing contraints allow them to be sent.
768 assert_se(sd_event_now(t
->scope
->manager
->event
, clock_boottime_or_monotonic(), &ts
) >= 0);
770 LIST_FOREACH(transactions_by_scope
, other
, t
->scope
->transactions
) {
776 if (other
->state
!= DNS_TRANSACTION_PENDING
)
779 if (other
->next_attempt_after
> ts
)
782 if (qdcount
>= UINT16_MAX
)
785 r
= dns_packet_append_key(p
, other
->key
, NULL
);
788 * If we can't stuff more questions into the packet, just give up.
789 * One of the 'other' transactions will fire later and take care of the rest.
797 r
= dns_transaction_prepare_next_attempt(other
, ts
);
801 ts
+= transaction_get_resend_timeout(other
);
803 r
= sd_event_add_time(
804 other
->scope
->manager
->event
,
805 &other
->timeout_event_source
,
806 clock_boottime_or_monotonic(),
808 on_transaction_timeout
, other
);
812 other
->state
= DNS_TRANSACTION_PENDING
;
813 other
->next_attempt_after
= ts
;
817 if (dns_key_is_shared(other
->key
))
818 add_known_answers
= true;
821 DNS_PACKET_HEADER(p
)->qdcount
= htobe16(qdcount
);
822 DNS_PACKET_HEADER(p
)->id
= t
->id
;
824 /* Append known answer section if we're asking for any shared record */
825 if (add_known_answers
) {
826 r
= dns_cache_export_shared_to_packet(&t
->scope
->cache
, p
);
837 static int dns_transaction_make_packet(DnsTransaction
*t
) {
838 _cleanup_(dns_packet_unrefp
) DnsPacket
*p
= NULL
;
843 if (t
->scope
->protocol
== DNS_PROTOCOL_MDNS
)
844 return dns_transaction_make_packet_mdns(t
);
849 r
= dns_packet_new_query(&p
, t
->scope
->protocol
, 0, t
->scope
->dnssec_mode
== DNSSEC_YES
);
853 r
= dns_scope_good_key(t
->scope
, t
->key
);
859 r
= dns_packet_append_key(p
, t
->key
, NULL
);
863 DNS_PACKET_HEADER(p
)->qdcount
= htobe16(1);
864 DNS_PACKET_HEADER(p
)->id
= t
->id
;
872 int dns_transaction_go(DnsTransaction
*t
) {
878 assert_se(sd_event_now(t
->scope
->manager
->event
, clock_boottime_or_monotonic(), &ts
) >= 0);
879 r
= dns_transaction_prepare_next_attempt(t
, ts
);
883 log_debug("Excercising transaction on scope %s on %s/%s",
884 dns_protocol_to_string(t
->scope
->protocol
),
885 t
->scope
->link
? t
->scope
->link
->name
: "*",
886 t
->scope
->family
== AF_UNSPEC
? "*" : af_to_name(t
->scope
->family
));
888 if (!t
->initial_jitter_scheduled
&&
889 (t
->scope
->protocol
== DNS_PROTOCOL_LLMNR
||
890 t
->scope
->protocol
== DNS_PROTOCOL_MDNS
)) {
891 usec_t jitter
, accuracy
;
893 /* RFC 4795 Section 2.7 suggests all queries should be
894 * delayed by a random time from 0 to JITTER_INTERVAL. */
896 t
->initial_jitter_scheduled
= true;
898 random_bytes(&jitter
, sizeof(jitter
));
900 switch (t
->scope
->protocol
) {
901 case DNS_PROTOCOL_LLMNR
:
902 jitter
%= LLMNR_JITTER_INTERVAL_USEC
;
903 accuracy
= LLMNR_JITTER_INTERVAL_USEC
;
905 case DNS_PROTOCOL_MDNS
:
906 jitter
%= MDNS_JITTER_RANGE_USEC
;
907 jitter
+= MDNS_JITTER_MIN_USEC
;
908 accuracy
= MDNS_JITTER_RANGE_USEC
;
911 assert_not_reached("bad protocol");
914 r
= sd_event_add_time(
915 t
->scope
->manager
->event
,
916 &t
->timeout_event_source
,
917 clock_boottime_or_monotonic(),
918 ts
+ jitter
, accuracy
,
919 on_transaction_timeout
, t
);
924 t
->next_attempt_after
= ts
;
925 t
->state
= DNS_TRANSACTION_PENDING
;
927 log_debug("Delaying %s transaction for " USEC_FMT
"us.", dns_protocol_to_string(t
->scope
->protocol
), jitter
);
931 /* Otherwise, we need to ask the network */
932 r
= dns_transaction_make_packet(t
);
934 /* Not the right request to make on this network?
935 * (i.e. an A request made on IPv6 or an AAAA request
936 * made on IPv4, on LLMNR or mDNS.) */
937 dns_transaction_complete(t
, DNS_TRANSACTION_NO_SERVERS
);
943 if (t
->scope
->protocol
== DNS_PROTOCOL_LLMNR
&&
944 (dns_name_endswith(DNS_RESOURCE_KEY_NAME(t
->key
), "in-addr.arpa") > 0 ||
945 dns_name_endswith(DNS_RESOURCE_KEY_NAME(t
->key
), "ip6.arpa") > 0)) {
947 /* RFC 4795, Section 2.4. says reverse lookups shall
948 * always be made via TCP on LLMNR */
949 r
= dns_transaction_open_tcp(t
);
951 /* Try via UDP, and if that fails due to large size or lack of
952 * support try via TCP */
953 r
= dns_transaction_emit(t
);
954 if (r
== -EMSGSIZE
|| r
== -EAGAIN
)
955 r
= dns_transaction_open_tcp(t
);
959 /* No servers to send this to? */
960 dns_transaction_complete(t
, DNS_TRANSACTION_NO_SERVERS
);
963 if (t
->scope
->protocol
!= DNS_PROTOCOL_DNS
) {
964 dns_transaction_complete(t
, DNS_TRANSACTION_RESOURCES
);
968 /* Couldn't send? Try immediately again, with a new server */
969 dns_transaction_next_dns_server(t
);
971 return dns_transaction_go(t
);
974 ts
+= transaction_get_resend_timeout(t
);
976 r
= sd_event_add_time(
977 t
->scope
->manager
->event
,
978 &t
->timeout_event_source
,
979 clock_boottime_or_monotonic(),
981 on_transaction_timeout
, t
);
985 t
->state
= DNS_TRANSACTION_PENDING
;
986 t
->next_attempt_after
= ts
;
991 static const char* const dns_transaction_state_table
[_DNS_TRANSACTION_STATE_MAX
] = {
992 [DNS_TRANSACTION_NULL
] = "null",
993 [DNS_TRANSACTION_PENDING
] = "pending",
994 [DNS_TRANSACTION_FAILURE
] = "failure",
995 [DNS_TRANSACTION_SUCCESS
] = "success",
996 [DNS_TRANSACTION_NO_SERVERS
] = "no-servers",
997 [DNS_TRANSACTION_TIMEOUT
] = "timeout",
998 [DNS_TRANSACTION_ATTEMPTS_MAX_REACHED
] = "attempts-max-reached",
999 [DNS_TRANSACTION_INVALID_REPLY
] = "invalid-reply",
1000 [DNS_TRANSACTION_RESOURCES
] = "resources",
1001 [DNS_TRANSACTION_ABORTED
] = "aborted",
1003 DEFINE_STRING_TABLE_LOOKUP(dns_transaction_state
, DnsTransactionState
);
1005 static const char* const dns_transaction_source_table
[_DNS_TRANSACTION_SOURCE_MAX
] = {
1006 [DNS_TRANSACTION_NETWORK
] = "network",
1007 [DNS_TRANSACTION_CACHE
] = "cache",
1008 [DNS_TRANSACTION_ZONE
] = "zone",
1009 [DNS_TRANSACTION_TRUST_ANCHOR
] = "trust-anchor",
1011 DEFINE_STRING_TABLE_LOOKUP(dns_transaction_source
, DnsTransactionSource
);