src/resolve/resolved-dns-transaction.h

   1 /* SPDX-License-Identifier: LGPL-2.1+ */
   2 #pragma once
   3
   4 typedef struct DnsTransaction DnsTransaction;
   5 typedef enum DnsTransactionState DnsTransactionState;
   6 typedef enum DnsTransactionSource DnsTransactionSource;
   7
   8 enum DnsTransactionState {
   9         DNS_TRANSACTION_NULL,
  10         DNS_TRANSACTION_PENDING,
  11         DNS_TRANSACTION_VALIDATING,
  12         DNS_TRANSACTION_RCODE_FAILURE,
  13         DNS_TRANSACTION_SUCCESS,
  14         DNS_TRANSACTION_NO_SERVERS,
  15         DNS_TRANSACTION_TIMEOUT,
  16         DNS_TRANSACTION_ATTEMPTS_MAX_REACHED,
  17         DNS_TRANSACTION_INVALID_REPLY,
  18         DNS_TRANSACTION_ERRNO,
  19         DNS_TRANSACTION_ABORTED,
  20         DNS_TRANSACTION_DNSSEC_FAILED,
  21         DNS_TRANSACTION_NO_TRUST_ANCHOR,
  22         DNS_TRANSACTION_RR_TYPE_UNSUPPORTED,
  23         DNS_TRANSACTION_NETWORK_DOWN,
  24         DNS_TRANSACTION_NOT_FOUND, /* like NXDOMAIN, but when LLMNR/TCP connections fail */
  25         _DNS_TRANSACTION_STATE_MAX,
  26         _DNS_TRANSACTION_STATE_INVALID = -1
  27 };
  28
  29 #define DNS_TRANSACTION_IS_LIVE(state) IN_SET((state), DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING, DNS_TRANSACTION_VALIDATING)
  30
  31 enum DnsTransactionSource {
  32         DNS_TRANSACTION_NETWORK,
  33         DNS_TRANSACTION_CACHE,
  34         DNS_TRANSACTION_ZONE,
  35         DNS_TRANSACTION_TRUST_ANCHOR,
  36         _DNS_TRANSACTION_SOURCE_MAX,
  37         _DNS_TRANSACTION_SOURCE_INVALID = -1
  38 };
  39
  40 #include "resolved-dns-answer.h"
  41 #include "resolved-dns-packet.h"
  42 #include "resolved-dns-question.h"
  43 #include "resolved-dns-scope.h"
  44 #include "resolved-dns-server.h"
  45 #include "resolved-dns-stream.h"
  46
  47 struct DnsTransaction {
  48         DnsScope *scope;
  49
  50         DnsResourceKey *key;
  51
  52         DnsTransactionState state;
  53
  54         uint16_t id;
  55
  56         bool tried_stream:1;
  57
  58         bool initial_jitter_scheduled:1;
  59         bool initial_jitter_elapsed:1;
  60
  61         bool clamp_ttl:1;
  62
  63         bool probing:1;
  64
  65         DnsPacket *sent, *received;
  66
  67         DnsAnswer *answer;
  68         int answer_rcode;
  69         DnssecResult answer_dnssec_result;
  70         DnsTransactionSource answer_source;
  71         uint32_t answer_nsec_ttl;
  72         int answer_errno; /* if state is DNS_TRANSACTION_ERRNO */
  73
  74         /* Indicates whether the primary answer is authenticated,
  75          * i.e. whether the RRs from answer which directly match the
  76          * question are authenticated, or, if there are none, whether
  77          * the NODATA or NXDOMAIN case is. It says nothing about
  78          * additional RRs listed in the answer, however they have
  79          * their own DNS_ANSWER_AUTHORIZED FLAGS. Note that this bit
  80          * is defined different than the AD bit in DNS packets, as
  81          * that covers more than just the actual primary answer. */
  82         bool answer_authenticated;
  83
  84         /* Contains DNSKEY, DS, SOA RRs we already verified and need
  85          * to authenticate this reply */
  86         DnsAnswer *validated_keys;
  87
  88         usec_t start_usec;
  89         usec_t next_attempt_after;
  90         sd_event_source *timeout_event_source;
  91         unsigned n_attempts;
  92
  93         unsigned n_picked_servers;
  94
  95         /* UDP connection logic, if we need it */
  96         int dns_udp_fd;
  97         sd_event_source *dns_udp_event_source;
  98
  99         /* TCP connection logic, if we need it */
 100         DnsStream *stream;
 101
 102         /* The active server */
 103         DnsServer *server;
 104
 105         /* The features of the DNS server at time of transaction start */
 106         DnsServerFeatureLevel current_feature_level;
 107
 108         /* If we got SERVFAIL back, we retry the lookup, using a lower feature level than we used before. */
 109         DnsServerFeatureLevel clamp_feature_level;
 110
 111         /* Query candidates this transaction is referenced by and that
 112          * shall be notified about this specific transaction
 113          * completing. */
 114         Set *notify_query_candidates, *notify_query_candidates_done;
 115
 116         /* Zone items this transaction is referenced by and that shall
 117          * be notified about completion. */
 118         Set *notify_zone_items, *notify_zone_items_done;
 119
 120         /* Other transactions that this transactions is referenced by
 121          * and that shall be notified about completion. This is used
 122          * when transactions want to validate their RRsets, but need
 123          * another DNSKEY or DS RR to do so. */
 124         Set *notify_transactions, *notify_transactions_done;
 125
 126         /* The opposite direction: the transactions this transaction
 127          * created in order to request DNSKEY or DS RRs. */
 128         Set *dnssec_transactions;
 129
 130         unsigned block_gc;
 131
 132         LIST_FIELDS(DnsTransaction, transactions_by_scope);
 133         LIST_FIELDS(DnsTransaction, transactions_by_stream);
 134 };
 135
 136 int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsResourceKey *key);
 137 DnsTransaction* dns_transaction_free(DnsTransaction *t);
 138
 139 bool dns_transaction_gc(DnsTransaction *t);
 140 int dns_transaction_go(DnsTransaction *t);
 141
 142 void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p);
 143 void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state);
 144
 145 void dns_transaction_notify(DnsTransaction *t, DnsTransaction *source);
 146 int dns_transaction_validate_dnssec(DnsTransaction *t);
 147 int dns_transaction_request_dnssec_keys(DnsTransaction *t);
 148
 149 const char* dns_transaction_state_to_string(DnsTransactionState p) _const_;
 150 DnsTransactionState dns_transaction_state_from_string(const char *s) _pure_;
 151
 152 const char* dns_transaction_source_to_string(DnsTransactionSource p) _const_;
 153 DnsTransactionSource dns_transaction_source_from_string(const char *s) _pure_;
 154
 155 /* LLMNR Jitter interval, see RFC 4795 Section 7 */
 156 #define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC)
 157
 158 /* mDNS Jitter interval, see RFC 6762 Section 5.2 */
 159 #define MDNS_JITTER_MIN_USEC   (20 * USEC_PER_MSEC)
 160 #define MDNS_JITTER_RANGE_USEC (100 * USEC_PER_MSEC)
 161
 162 /* mDNS probing interval, see RFC 6762 Section 8.1 */
 163 #define MDNS_PROBING_INTERVAL_USEC (250 * USEC_PER_MSEC)
 164
 165 /* Maximum attempts to send DNS requests, across all DNS servers */
 166 #define DNS_TRANSACTION_ATTEMPTS_MAX 24
 167
 168 /* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */
 169 #define LLMNR_TRANSACTION_ATTEMPTS_MAX 3
 170
 171 /* Maximum attempts to send MDNS requests, see RFC 6762 Section 8.1 */
 172 #define MDNS_TRANSACTION_ATTEMPTS_MAX 3
 173
 174 #define TRANSACTION_ATTEMPTS_MAX(p) (((p) == DNS_PROTOCOL_LLMNR) ? \
 175                                          LLMNR_TRANSACTION_ATTEMPTS_MAX : \
 176                                          (((p) == DNS_PROTOCOL_MDNS) ? \
 177                                              MDNS_TRANSACTION_ATTEMPTS_MAX : \
 178                                              DNS_TRANSACTION_ATTEMPTS_MAX))