1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 #include "alloc-util.h"
4 #include "dns-domain.h"
6 #include "resolved-dns-packet.h"
7 #include "resolved-dns-zone.h"
8 #include "resolved-dnssd.h"
9 #include "resolved-manager.h"
10 #include "string-util.h"
12 /* Never allow more than 1K entries */
15 void dns_zone_item_probe_stop(DnsZoneItem
*i
) {
19 if (!i
->probe_transaction
)
22 t
= TAKE_PTR(i
->probe_transaction
);
24 set_remove(t
->notify_zone_items
, i
);
25 set_remove(t
->notify_zone_items_done
, i
);
26 dns_transaction_gc(t
);
29 static void dns_zone_item_free(DnsZoneItem
*i
) {
33 dns_zone_item_probe_stop(i
);
34 dns_resource_record_unref(i
->rr
);
39 DEFINE_TRIVIAL_CLEANUP_FUNC(DnsZoneItem
*, dns_zone_item_free
);
41 static void dns_zone_item_remove_and_free(DnsZone
*z
, DnsZoneItem
*i
) {
49 first
= hashmap_get(z
->by_key
, i
->rr
->key
);
50 LIST_REMOVE(by_key
, first
, i
);
52 assert_se(hashmap_replace(z
->by_key
, first
->rr
->key
, first
) >= 0);
54 hashmap_remove(z
->by_key
, i
->rr
->key
);
56 first
= hashmap_get(z
->by_name
, dns_resource_key_name(i
->rr
->key
));
57 LIST_REMOVE(by_name
, first
, i
);
59 assert_se(hashmap_replace(z
->by_name
, dns_resource_key_name(first
->rr
->key
), first
) >= 0);
61 hashmap_remove(z
->by_name
, dns_resource_key_name(i
->rr
->key
));
63 dns_zone_item_free(i
);
66 void dns_zone_flush(DnsZone
*z
) {
71 while ((i
= hashmap_first(z
->by_key
)))
72 dns_zone_item_remove_and_free(z
, i
);
74 assert(hashmap_size(z
->by_key
) == 0);
75 assert(hashmap_size(z
->by_name
) == 0);
77 z
->by_key
= hashmap_free(z
->by_key
);
78 z
->by_name
= hashmap_free(z
->by_name
);
81 DnsZoneItem
* dns_zone_get(DnsZone
*z
, DnsResourceRecord
*rr
) {
87 LIST_FOREACH(by_key
, i
, hashmap_get(z
->by_key
, rr
->key
))
88 if (dns_resource_record_equal(i
->rr
, rr
) > 0)
94 void dns_zone_remove_rr(DnsZone
*z
, DnsResourceRecord
*rr
) {
100 i
= dns_zone_get(z
, rr
);
102 dns_zone_item_remove_and_free(z
, i
);
105 int dns_zone_remove_rrs_by_key(DnsZone
*z
, DnsResourceKey
*key
) {
106 _cleanup_(dns_answer_unrefp
) DnsAnswer
*answer
= NULL
, *soa
= NULL
;
107 DnsResourceRecord
*rr
;
111 r
= dns_zone_lookup(z
, key
, 0, &answer
, &soa
, &tentative
);
115 DNS_ANSWER_FOREACH(rr
, answer
)
116 dns_zone_remove_rr(z
, rr
);
121 static int dns_zone_init(DnsZone
*z
) {
126 r
= hashmap_ensure_allocated(&z
->by_key
, &dns_resource_key_hash_ops
);
130 r
= hashmap_ensure_allocated(&z
->by_name
, &dns_name_hash_ops
);
137 static int dns_zone_link_item(DnsZone
*z
, DnsZoneItem
*i
) {
141 first
= hashmap_get(z
->by_key
, i
->rr
->key
);
143 LIST_PREPEND(by_key
, first
, i
);
144 assert_se(hashmap_replace(z
->by_key
, first
->rr
->key
, first
) >= 0);
146 r
= hashmap_put(z
->by_key
, i
->rr
->key
, i
);
151 first
= hashmap_get(z
->by_name
, dns_resource_key_name(i
->rr
->key
));
153 LIST_PREPEND(by_name
, first
, i
);
154 assert_se(hashmap_replace(z
->by_name
, dns_resource_key_name(first
->rr
->key
), first
) >= 0);
156 r
= hashmap_put(z
->by_name
, dns_resource_key_name(i
->rr
->key
), i
);
164 static int dns_zone_item_probe_start(DnsZoneItem
*i
) {
165 _cleanup_(dns_transaction_gcp
) DnsTransaction
*t
= NULL
;
170 if (i
->probe_transaction
)
173 t
= dns_scope_find_transaction(i
->scope
, &DNS_RESOURCE_KEY_CONST(i
->rr
->key
->class, DNS_TYPE_ANY
, dns_resource_key_name(i
->rr
->key
)), false);
175 _cleanup_(dns_resource_key_unrefp
) DnsResourceKey
*key
= NULL
;
177 key
= dns_resource_key_new(i
->rr
->key
->class, DNS_TYPE_ANY
, dns_resource_key_name(i
->rr
->key
));
181 r
= dns_transaction_new(&t
, i
->scope
, key
);
186 r
= set_ensure_allocated(&t
->notify_zone_items_done
, NULL
);
190 r
= set_ensure_put(&t
->notify_zone_items
, NULL
, i
);
195 i
->probe_transaction
= TAKE_PTR(t
);
197 if (i
->probe_transaction
->state
== DNS_TRANSACTION_NULL
) {
199 r
= dns_transaction_go(i
->probe_transaction
);
203 dns_zone_item_probe_stop(i
);
208 dns_zone_item_notify(i
);
212 int dns_zone_put(DnsZone
*z
, DnsScope
*s
, DnsResourceRecord
*rr
, bool probe
) {
213 _cleanup_(dns_zone_item_freep
) DnsZoneItem
*i
= NULL
;
214 DnsZoneItem
*existing
;
221 if (dns_class_is_pseudo(rr
->key
->class))
223 if (dns_type_is_pseudo(rr
->key
->type
))
226 existing
= dns_zone_get(z
, rr
);
230 r
= dns_zone_init(z
);
234 i
= new0(DnsZoneItem
, 1);
239 i
->rr
= dns_resource_record_ref(rr
);
240 i
->probing_enabled
= probe
;
242 r
= dns_zone_link_item(z
, i
);
247 DnsZoneItem
*first
, *j
;
248 bool established
= false;
250 /* Check if there's already an RR with the same name
251 * established. If so, it has been probed already, and
252 * we don't need to probe again. */
254 LIST_FIND_HEAD(by_name
, i
, first
);
255 LIST_FOREACH(by_name
, j
, first
) {
259 if (j
->state
== DNS_ZONE_ITEM_ESTABLISHED
)
264 i
->state
= DNS_ZONE_ITEM_ESTABLISHED
;
266 i
->state
= DNS_ZONE_ITEM_PROBING
;
268 r
= dns_zone_item_probe_start(i
);
270 dns_zone_item_remove_and_free(z
, i
);
276 i
->state
= DNS_ZONE_ITEM_ESTABLISHED
;
282 static int dns_zone_add_authenticated_answer(DnsAnswer
*a
, DnsZoneItem
*i
, int ifindex
) {
283 DnsAnswerFlags flags
;
285 /* From RFC 6762, Section 10.2
286 * "They (the rules about when to set the cache-flush bit) apply to
287 * startup announcements as described in Section 8.3, "Announcing",
288 * and to responses generated as a result of receiving query messages."
289 * So, set the cache-flush bit for mDNS answers except for DNS-SD
290 * service enumeration PTRs described in RFC 6763, Section 4.1. */
291 if (i
->scope
->protocol
== DNS_PROTOCOL_MDNS
&&
292 !dns_resource_key_is_dnssd_ptr(i
->rr
->key
))
293 flags
= DNS_ANSWER_AUTHENTICATED
|DNS_ANSWER_CACHE_FLUSH
;
295 flags
= DNS_ANSWER_AUTHENTICATED
;
297 return dns_answer_add(a
, i
->rr
, ifindex
, flags
);
300 int dns_zone_lookup(DnsZone
*z
, DnsResourceKey
*key
, int ifindex
, DnsAnswer
**ret_answer
, DnsAnswer
**ret_soa
, bool *ret_tentative
) {
301 _cleanup_(dns_answer_unrefp
) DnsAnswer
*answer
= NULL
, *soa
= NULL
;
302 unsigned n_answer
= 0;
303 DnsZoneItem
*j
, *first
;
304 bool tentative
= true, need_soa
= false;
307 /* Note that we don't actually need the ifindex for anything. However when it is passed we'll initialize the
308 * ifindex field in the answer with it */
314 /* First iteration, count what we have */
316 if (key
->type
== DNS_TYPE_ANY
|| key
->class == DNS_CLASS_ANY
) {
317 bool found
= false, added
= false;
320 /* If this is a generic match, then we have to
321 * go through the list by the name and look
322 * for everything manually */
324 first
= hashmap_get(z
->by_name
, dns_resource_key_name(key
));
325 LIST_FOREACH(by_name
, j
, first
) {
326 if (!IN_SET(j
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
))
331 k
= dns_resource_key_match_rr(key
, j
->rr
, NULL
);
347 /* If this is a specific match, then look for
348 * the right key immediately */
350 first
= hashmap_get(z
->by_key
, key
);
351 LIST_FOREACH(by_key
, j
, first
) {
352 if (!IN_SET(j
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
))
360 first
= hashmap_get(z
->by_name
, dns_resource_key_name(key
));
361 LIST_FOREACH(by_name
, j
, first
) {
362 if (!IN_SET(j
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
))
371 if (n_answer
<= 0 && !need_soa
)
375 answer
= dns_answer_new(n_answer
);
381 soa
= dns_answer_new(1);
386 /* Second iteration, actually add the RRs to the answers */
387 if (key
->type
== DNS_TYPE_ANY
|| key
->class == DNS_CLASS_ANY
) {
388 bool found
= false, added
= false;
391 first
= hashmap_get(z
->by_name
, dns_resource_key_name(key
));
392 LIST_FOREACH(by_name
, j
, first
) {
393 if (!IN_SET(j
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
))
398 if (j
->state
!= DNS_ZONE_ITEM_PROBING
)
401 k
= dns_resource_key_match_rr(key
, j
->rr
, NULL
);
405 r
= dns_zone_add_authenticated_answer(answer
, j
, ifindex
);
413 if (found
&& !added
) {
414 r
= dns_answer_add_soa(soa
, dns_resource_key_name(key
), LLMNR_DEFAULT_TTL
, ifindex
);
421 first
= hashmap_get(z
->by_key
, key
);
422 LIST_FOREACH(by_key
, j
, first
) {
423 if (!IN_SET(j
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
))
428 if (j
->state
!= DNS_ZONE_ITEM_PROBING
)
431 r
= dns_zone_add_authenticated_answer(answer
, j
, ifindex
);
437 bool add_soa
= false;
439 first
= hashmap_get(z
->by_name
, dns_resource_key_name(key
));
440 LIST_FOREACH(by_name
, j
, first
) {
441 if (!IN_SET(j
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
))
444 if (j
->state
!= DNS_ZONE_ITEM_PROBING
)
451 r
= dns_answer_add_soa(soa
, dns_resource_key_name(key
), LLMNR_DEFAULT_TTL
, ifindex
);
458 /* If the caller sets ret_tentative to NULL, then use this as
459 * indication to not return tentative entries */
461 if (!ret_tentative
&& tentative
)
464 *ret_answer
= TAKE_PTR(answer
);
467 *ret_soa
= TAKE_PTR(soa
);
470 *ret_tentative
= tentative
;
481 *ret_tentative
= false;
486 void dns_zone_item_conflict(DnsZoneItem
*i
) {
489 if (!IN_SET(i
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_VERIFYING
, DNS_ZONE_ITEM_ESTABLISHED
))
492 log_info("Detected conflict on %s", strna(dns_resource_record_to_string(i
->rr
)));
494 dns_zone_item_probe_stop(i
);
496 /* Withdraw the conflict item */
497 i
->state
= DNS_ZONE_ITEM_WITHDRAWN
;
499 dnssd_signal_conflict(i
->scope
->manager
, dns_resource_key_name(i
->rr
->key
));
501 /* Maybe change the hostname */
502 if (manager_is_own_hostname(i
->scope
->manager
, dns_resource_key_name(i
->rr
->key
)) > 0)
503 manager_next_hostname(i
->scope
->manager
);
506 void dns_zone_item_notify(DnsZoneItem
*i
) {
508 assert(i
->probe_transaction
);
510 if (i
->block_ready
> 0)
513 if (IN_SET(i
->probe_transaction
->state
, DNS_TRANSACTION_NULL
, DNS_TRANSACTION_PENDING
, DNS_TRANSACTION_VALIDATING
))
516 if (i
->probe_transaction
->state
== DNS_TRANSACTION_SUCCESS
) {
517 bool we_lost
= false;
519 /* The probe got a successful reply. If we so far
520 * weren't established we just give up.
522 * In LLMNR case if we already
523 * were established, and the peer has the
524 * lexicographically larger IP address we continue
527 if (!IN_SET(i
->state
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
)) {
528 log_debug("Got a successful probe for not yet established RR, we lost.");
530 } else if (i
->probe_transaction
->scope
->protocol
== DNS_PROTOCOL_LLMNR
) {
531 assert(i
->probe_transaction
->received
);
532 we_lost
= memcmp(&i
->probe_transaction
->received
->sender
, &i
->probe_transaction
->received
->destination
, FAMILY_ADDRESS_SIZE(i
->probe_transaction
->received
->family
)) < 0;
534 log_debug("Got a successful probe reply for an established RR, and we have a lexicographically larger IP address and thus lost.");
538 dns_zone_item_conflict(i
);
542 log_debug("Got a successful probe reply, but peer has lexicographically lower IP address and thus lost.");
545 log_debug("Record %s successfully probed.", strna(dns_resource_record_to_string(i
->rr
)));
547 dns_zone_item_probe_stop(i
);
548 i
->state
= DNS_ZONE_ITEM_ESTABLISHED
;
551 static int dns_zone_item_verify(DnsZoneItem
*i
) {
556 if (i
->state
!= DNS_ZONE_ITEM_ESTABLISHED
)
559 log_debug("Verifying RR %s", strna(dns_resource_record_to_string(i
->rr
)));
561 i
->state
= DNS_ZONE_ITEM_VERIFYING
;
562 r
= dns_zone_item_probe_start(i
);
564 log_error_errno(r
, "Failed to start probing for verifying RR: %m");
565 i
->state
= DNS_ZONE_ITEM_ESTABLISHED
;
572 int dns_zone_check_conflicts(DnsZone
*zone
, DnsResourceRecord
*rr
) {
573 DnsZoneItem
*i
, *first
;
579 /* This checks whether a response RR we received from somebody
580 * else is one that we actually thought was uniquely ours. If
581 * so, we'll verify our RRs. */
583 /* No conflict if we don't have the name at all. */
584 first
= hashmap_get(zone
->by_name
, dns_resource_key_name(rr
->key
));
588 /* No conflict if we have the exact same RR */
589 if (dns_zone_get(zone
, rr
))
592 /* No conflict if it is DNS-SD RR used for service enumeration. */
593 if (dns_resource_key_is_dnssd_ptr(rr
->key
))
596 /* OK, somebody else has RRs for the same name. Yuck! Let's
597 * start probing again */
599 LIST_FOREACH(by_name
, i
, first
) {
600 if (dns_resource_record_equal(i
->rr
, rr
))
603 dns_zone_item_verify(i
);
610 int dns_zone_verify_conflicts(DnsZone
*zone
, DnsResourceKey
*key
) {
611 DnsZoneItem
*i
, *first
;
616 /* Somebody else notified us about a possible conflict. Let's
617 * verify if that's true. */
619 first
= hashmap_get(zone
->by_name
, dns_resource_key_name(key
));
623 LIST_FOREACH(by_name
, i
, first
) {
624 dns_zone_item_verify(i
);
631 void dns_zone_verify_all(DnsZone
*zone
) {
637 HASHMAP_FOREACH(i
, zone
->by_key
, iterator
) {
640 LIST_FOREACH(by_key
, j
, i
)
641 dns_zone_item_verify(j
);
645 void dns_zone_dump(DnsZone
*zone
, FILE *f
) {
655 HASHMAP_FOREACH(i
, zone
->by_key
, iterator
) {
658 LIST_FOREACH(by_key
, j
, i
) {
661 t
= dns_resource_record_to_string(j
->rr
);
674 bool dns_zone_is_empty(DnsZone
*zone
) {
678 return hashmap_isempty(zone
->by_key
);
681 bool dns_zone_contains_name(DnsZone
*z
, const char *name
) {
682 DnsZoneItem
*i
, *first
;
684 first
= hashmap_get(z
->by_name
, name
);
688 LIST_FOREACH(by_name
, i
, first
) {
689 if (!IN_SET(i
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
))