1 /* SPDX-License-Identifier: LGPL-2.1+ */
4 typedef struct DnsTransaction DnsTransaction
;
5 typedef enum DnsTransactionState DnsTransactionState
;
6 typedef enum DnsTransactionSource DnsTransactionSource
;
8 enum DnsTransactionState
{
10 DNS_TRANSACTION_PENDING
,
11 DNS_TRANSACTION_VALIDATING
,
12 DNS_TRANSACTION_RCODE_FAILURE
,
13 DNS_TRANSACTION_SUCCESS
,
14 DNS_TRANSACTION_NO_SERVERS
,
15 DNS_TRANSACTION_TIMEOUT
,
16 DNS_TRANSACTION_ATTEMPTS_MAX_REACHED
,
17 DNS_TRANSACTION_INVALID_REPLY
,
18 DNS_TRANSACTION_ERRNO
,
19 DNS_TRANSACTION_ABORTED
,
20 DNS_TRANSACTION_DNSSEC_FAILED
,
21 DNS_TRANSACTION_NO_TRUST_ANCHOR
,
22 DNS_TRANSACTION_RR_TYPE_UNSUPPORTED
,
23 DNS_TRANSACTION_NETWORK_DOWN
,
24 DNS_TRANSACTION_NOT_FOUND
, /* like NXDOMAIN, but when LLMNR/TCP connections fail */
25 _DNS_TRANSACTION_STATE_MAX
,
26 _DNS_TRANSACTION_STATE_INVALID
= -1
29 #define DNS_TRANSACTION_IS_LIVE(state) IN_SET((state), DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING, DNS_TRANSACTION_VALIDATING)
31 enum DnsTransactionSource
{
32 DNS_TRANSACTION_NETWORK
,
33 DNS_TRANSACTION_CACHE
,
35 DNS_TRANSACTION_TRUST_ANCHOR
,
36 _DNS_TRANSACTION_SOURCE_MAX
,
37 _DNS_TRANSACTION_SOURCE_INVALID
= -1
40 #include "resolved-dns-answer.h"
41 #include "resolved-dns-packet.h"
42 #include "resolved-dns-question.h"
43 #include "resolved-dns-scope.h"
44 #include "resolved-dns-server.h"
45 #include "resolved-dns-stream.h"
47 struct DnsTransaction
{
52 DnsTransactionState state
;
58 bool initial_jitter_scheduled
:1;
59 bool initial_jitter_elapsed
:1;
65 DnsPacket
*sent
, *received
;
69 DnssecResult answer_dnssec_result
;
70 DnsTransactionSource answer_source
;
71 uint32_t answer_nsec_ttl
;
72 int answer_errno
; /* if state is DNS_TRANSACTION_ERRNO */
74 /* Indicates whether the primary answer is authenticated,
75 * i.e. whether the RRs from answer which directly match the
76 * question are authenticated, or, if there are none, whether
77 * the NODATA or NXDOMAIN case is. It says nothing about
78 * additional RRs listed in the answer, however they have
79 * their own DNS_ANSWER_AUTHORIZED FLAGS. Note that this bit
80 * is defined different than the AD bit in DNS packets, as
81 * that covers more than just the actual primary answer. */
82 bool answer_authenticated
;
84 /* Contains DNSKEY, DS, SOA RRs we already verified and need
85 * to authenticate this reply */
86 DnsAnswer
*validated_keys
;
89 usec_t next_attempt_after
;
90 sd_event_source
*timeout_event_source
;
93 unsigned n_picked_servers
;
95 /* UDP connection logic, if we need it */
97 sd_event_source
*dns_udp_event_source
;
99 /* TCP connection logic, if we need it */
102 /* The active server */
105 /* The features of the DNS server at time of transaction start */
106 DnsServerFeatureLevel current_feature_level
;
108 /* If we got SERVFAIL back, we retry the lookup, using a lower feature level than we used before. */
109 DnsServerFeatureLevel clamp_feature_level
;
111 /* Query candidates this transaction is referenced by and that
112 * shall be notified about this specific transaction
114 Set
*notify_query_candidates
, *notify_query_candidates_done
;
116 /* Zone items this transaction is referenced by and that shall
117 * be notified about completion. */
118 Set
*notify_zone_items
, *notify_zone_items_done
;
120 /* Other transactions that this transactions is referenced by
121 * and that shall be notified about completion. This is used
122 * when transactions want to validate their RRsets, but need
123 * another DNSKEY or DS RR to do so. */
124 Set
*notify_transactions
, *notify_transactions_done
;
126 /* The opposite direction: the transactions this transaction
127 * created in order to request DNSKEY or DS RRs. */
128 Set
*dnssec_transactions
;
132 LIST_FIELDS(DnsTransaction
, transactions_by_scope
);
133 LIST_FIELDS(DnsTransaction
, transactions_by_stream
);
136 int dns_transaction_new(DnsTransaction
**ret
, DnsScope
*s
, DnsResourceKey
*key
);
137 DnsTransaction
* dns_transaction_free(DnsTransaction
*t
);
139 bool dns_transaction_gc(DnsTransaction
*t
);
140 int dns_transaction_go(DnsTransaction
*t
);
142 void dns_transaction_process_reply(DnsTransaction
*t
, DnsPacket
*p
);
143 void dns_transaction_complete(DnsTransaction
*t
, DnsTransactionState state
);
145 void dns_transaction_notify(DnsTransaction
*t
, DnsTransaction
*source
);
146 int dns_transaction_validate_dnssec(DnsTransaction
*t
);
147 int dns_transaction_request_dnssec_keys(DnsTransaction
*t
);
149 const char* dns_transaction_state_to_string(DnsTransactionState p
) _const_
;
150 DnsTransactionState
dns_transaction_state_from_string(const char *s
) _pure_
;
152 const char* dns_transaction_source_to_string(DnsTransactionSource p
) _const_
;
153 DnsTransactionSource
dns_transaction_source_from_string(const char *s
) _pure_
;
155 /* LLMNR Jitter interval, see RFC 4795 Section 7 */
156 #define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC)
158 /* mDNS Jitter interval, see RFC 6762 Section 5.2 */
159 #define MDNS_JITTER_MIN_USEC (20 * USEC_PER_MSEC)
160 #define MDNS_JITTER_RANGE_USEC (100 * USEC_PER_MSEC)
162 /* mDNS probing interval, see RFC 6762 Section 8.1 */
163 #define MDNS_PROBING_INTERVAL_USEC (250 * USEC_PER_MSEC)
165 /* Maximum attempts to send DNS requests, across all DNS servers */
166 #define DNS_TRANSACTION_ATTEMPTS_MAX 24
168 /* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */
169 #define LLMNR_TRANSACTION_ATTEMPTS_MAX 3
171 /* Maximum attempts to send MDNS requests, see RFC 6762 Section 8.1 */
172 #define MDNS_TRANSACTION_ATTEMPTS_MAX 3
174 #define TRANSACTION_ATTEMPTS_MAX(p) (((p) == DNS_PROTOCOL_LLMNR) ? \
175 LLMNR_TRANSACTION_ATTEMPTS_MAX : \
176 (((p) == DNS_PROTOCOL_MDNS) ? \
177 MDNS_TRANSACTION_ATTEMPTS_MAX : \
178 DNS_TRANSACTION_ATTEMPTS_MAX))