2 This file is part of systemd.
4 Copyright 2014 Lennart Poettering
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 #include "alloc-util.h"
21 #include "dns-domain.h"
23 #include "resolved-dns-packet.h"
24 #include "resolved-dns-zone.h"
25 #include "string-util.h"
27 /* Never allow more than 1K entries */
30 void dns_zone_item_probe_stop(DnsZoneItem
*i
) {
34 if (!i
->probe_transaction
)
37 t
= i
->probe_transaction
;
38 i
->probe_transaction
= NULL
;
40 set_remove(t
->notify_zone_items
, i
);
41 dns_transaction_gc(t
);
44 static void dns_zone_item_free(DnsZoneItem
*i
) {
48 dns_zone_item_probe_stop(i
);
49 dns_resource_record_unref(i
->rr
);
54 DEFINE_TRIVIAL_CLEANUP_FUNC(DnsZoneItem
*, dns_zone_item_free
);
56 static void dns_zone_item_remove_and_free(DnsZone
*z
, DnsZoneItem
*i
) {
64 first
= hashmap_get(z
->by_key
, i
->rr
->key
);
65 LIST_REMOVE(by_key
, first
, i
);
67 assert_se(hashmap_replace(z
->by_key
, first
->rr
->key
, first
) >= 0);
69 hashmap_remove(z
->by_key
, i
->rr
->key
);
71 first
= hashmap_get(z
->by_name
, DNS_RESOURCE_KEY_NAME(i
->rr
->key
));
72 LIST_REMOVE(by_name
, first
, i
);
74 assert_se(hashmap_replace(z
->by_name
, DNS_RESOURCE_KEY_NAME(first
->rr
->key
), first
) >= 0);
76 hashmap_remove(z
->by_name
, DNS_RESOURCE_KEY_NAME(i
->rr
->key
));
78 dns_zone_item_free(i
);
81 void dns_zone_flush(DnsZone
*z
) {
86 while ((i
= hashmap_first(z
->by_key
)))
87 dns_zone_item_remove_and_free(z
, i
);
89 assert(hashmap_size(z
->by_key
) == 0);
90 assert(hashmap_size(z
->by_name
) == 0);
92 z
->by_key
= hashmap_free(z
->by_key
);
93 z
->by_name
= hashmap_free(z
->by_name
);
96 static DnsZoneItem
* dns_zone_get(DnsZone
*z
, DnsResourceRecord
*rr
) {
102 LIST_FOREACH(by_key
, i
, hashmap_get(z
->by_key
, rr
->key
))
103 if (dns_resource_record_equal(i
->rr
, rr
) > 0)
109 void dns_zone_remove_rr(DnsZone
*z
, DnsResourceRecord
*rr
) {
115 i
= dns_zone_get(z
, rr
);
117 dns_zone_item_remove_and_free(z
, i
);
120 static int dns_zone_init(DnsZone
*z
) {
125 r
= hashmap_ensure_allocated(&z
->by_key
, &dns_resource_key_hash_ops
);
129 r
= hashmap_ensure_allocated(&z
->by_name
, &dns_name_hash_ops
);
136 static int dns_zone_link_item(DnsZone
*z
, DnsZoneItem
*i
) {
140 first
= hashmap_get(z
->by_key
, i
->rr
->key
);
142 LIST_PREPEND(by_key
, first
, i
);
143 assert_se(hashmap_replace(z
->by_key
, first
->rr
->key
, first
) >= 0);
145 r
= hashmap_put(z
->by_key
, i
->rr
->key
, i
);
150 first
= hashmap_get(z
->by_name
, DNS_RESOURCE_KEY_NAME(i
->rr
->key
));
152 LIST_PREPEND(by_name
, first
, i
);
153 assert_se(hashmap_replace(z
->by_name
, DNS_RESOURCE_KEY_NAME(first
->rr
->key
), first
) >= 0);
155 r
= hashmap_put(z
->by_name
, DNS_RESOURCE_KEY_NAME(i
->rr
->key
), i
);
163 static int dns_zone_item_probe_start(DnsZoneItem
*i
) {
169 if (i
->probe_transaction
)
172 t
= dns_scope_find_transaction(i
->scope
, &DNS_RESOURCE_KEY_CONST(i
->rr
->key
->class, DNS_TYPE_ANY
, DNS_RESOURCE_KEY_NAME(i
->rr
->key
)), false);
174 _cleanup_(dns_resource_key_unrefp
) DnsResourceKey
*key
= NULL
;
176 key
= dns_resource_key_new(i
->rr
->key
->class, DNS_TYPE_ANY
, DNS_RESOURCE_KEY_NAME(i
->rr
->key
));
180 r
= dns_transaction_new(&t
, i
->scope
, key
);
185 r
= set_ensure_allocated(&t
->notify_zone_items
, NULL
);
189 r
= set_put(t
->notify_zone_items
, i
);
193 i
->probe_transaction
= t
;
195 if (t
->state
== DNS_TRANSACTION_NULL
) {
198 r
= dns_transaction_go(t
);
202 dns_zone_item_probe_stop(i
);
207 dns_zone_item_notify(i
);
211 dns_transaction_gc(t
);
215 int dns_zone_put(DnsZone
*z
, DnsScope
*s
, DnsResourceRecord
*rr
, bool probe
) {
216 _cleanup_(dns_zone_item_freep
) DnsZoneItem
*i
= NULL
;
217 DnsZoneItem
*existing
;
224 if (dns_class_is_pseudo(rr
->key
->class))
226 if (dns_type_is_pseudo(rr
->key
->type
))
229 existing
= dns_zone_get(z
, rr
);
233 r
= dns_zone_init(z
);
237 i
= new0(DnsZoneItem
, 1);
242 i
->rr
= dns_resource_record_ref(rr
);
243 i
->probing_enabled
= probe
;
245 r
= dns_zone_link_item(z
, i
);
250 DnsZoneItem
*first
, *j
;
251 bool established
= false;
253 /* Check if there's already an RR with the same name
254 * established. If so, it has been probed already, and
255 * we don't ned to probe again. */
257 LIST_FIND_HEAD(by_name
, i
, first
);
258 LIST_FOREACH(by_name
, j
, first
) {
262 if (j
->state
== DNS_ZONE_ITEM_ESTABLISHED
)
267 i
->state
= DNS_ZONE_ITEM_ESTABLISHED
;
269 i
->state
= DNS_ZONE_ITEM_PROBING
;
271 r
= dns_zone_item_probe_start(i
);
273 dns_zone_item_remove_and_free(z
, i
);
279 i
->state
= DNS_ZONE_ITEM_ESTABLISHED
;
285 int dns_zone_lookup(DnsZone
*z
, DnsResourceKey
*key
, DnsAnswer
**ret_answer
, DnsAnswer
**ret_soa
, bool *ret_tentative
) {
286 _cleanup_(dns_answer_unrefp
) DnsAnswer
*answer
= NULL
, *soa
= NULL
;
287 unsigned n_answer
= 0;
288 DnsZoneItem
*j
, *first
;
289 bool tentative
= true, need_soa
= false;
296 /* First iteration, count what we have */
298 if (key
->type
== DNS_TYPE_ANY
|| key
->class == DNS_CLASS_ANY
) {
299 bool found
= false, added
= false;
302 /* If this is a generic match, then we have to
303 * go through the list by the name and look
304 * for everything manually */
306 first
= hashmap_get(z
->by_name
, DNS_RESOURCE_KEY_NAME(key
));
307 LIST_FOREACH(by_name
, j
, first
) {
308 if (!IN_SET(j
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
))
313 k
= dns_resource_key_match_rr(key
, j
->rr
, NULL
);
329 /* If this is a specific match, then look for
330 * the right key immediately */
332 first
= hashmap_get(z
->by_key
, key
);
333 LIST_FOREACH(by_key
, j
, first
) {
334 if (!IN_SET(j
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
))
342 first
= hashmap_get(z
->by_name
, DNS_RESOURCE_KEY_NAME(key
));
343 LIST_FOREACH(by_name
, j
, first
) {
344 if (!IN_SET(j
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
))
353 if (n_answer
<= 0 && !need_soa
)
357 answer
= dns_answer_new(n_answer
);
363 soa
= dns_answer_new(1);
368 /* Second iteration, actually add the RRs to the answers */
369 if (key
->type
== DNS_TYPE_ANY
|| key
->class == DNS_CLASS_ANY
) {
370 bool found
= false, added
= false;
373 first
= hashmap_get(z
->by_name
, DNS_RESOURCE_KEY_NAME(key
));
374 LIST_FOREACH(by_name
, j
, first
) {
375 if (!IN_SET(j
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
))
380 if (j
->state
!= DNS_ZONE_ITEM_PROBING
)
383 k
= dns_resource_key_match_rr(key
, j
->rr
, NULL
);
387 r
= dns_answer_add(answer
, j
->rr
, 0, DNS_ANSWER_AUTHENTICATED
);
395 if (found
&& !added
) {
396 r
= dns_answer_add_soa(soa
, DNS_RESOURCE_KEY_NAME(key
), LLMNR_DEFAULT_TTL
);
403 first
= hashmap_get(z
->by_key
, key
);
404 LIST_FOREACH(by_key
, j
, first
) {
405 if (!IN_SET(j
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
))
410 if (j
->state
!= DNS_ZONE_ITEM_PROBING
)
413 r
= dns_answer_add(answer
, j
->rr
, 0, DNS_ANSWER_AUTHENTICATED
);
419 bool add_soa
= false;
421 first
= hashmap_get(z
->by_name
, DNS_RESOURCE_KEY_NAME(key
));
422 LIST_FOREACH(by_name
, j
, first
) {
423 if (!IN_SET(j
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
))
426 if (j
->state
!= DNS_ZONE_ITEM_PROBING
)
433 r
= dns_answer_add_soa(soa
, DNS_RESOURCE_KEY_NAME(key
), LLMNR_DEFAULT_TTL
);
440 /* If the caller sets ret_tentative to NULL, then use this as
441 * indication to not return tentative entries */
443 if (!ret_tentative
&& tentative
)
446 *ret_answer
= answer
;
455 *ret_tentative
= tentative
;
466 *ret_tentative
= false;
471 void dns_zone_item_conflict(DnsZoneItem
*i
) {
474 if (!IN_SET(i
->state
, DNS_ZONE_ITEM_PROBING
, DNS_ZONE_ITEM_VERIFYING
, DNS_ZONE_ITEM_ESTABLISHED
))
477 log_info("Detected conflict on %s", strna(dns_resource_record_to_string(i
->rr
)));
479 dns_zone_item_probe_stop(i
);
481 /* Withdraw the conflict item */
482 i
->state
= DNS_ZONE_ITEM_WITHDRAWN
;
484 /* Maybe change the hostname */
485 if (manager_is_own_hostname(i
->scope
->manager
, DNS_RESOURCE_KEY_NAME(i
->rr
->key
)) > 0)
486 manager_next_hostname(i
->scope
->manager
);
489 void dns_zone_item_notify(DnsZoneItem
*i
) {
491 assert(i
->probe_transaction
);
493 if (i
->block_ready
> 0)
496 if (IN_SET(i
->probe_transaction
->state
, DNS_TRANSACTION_NULL
, DNS_TRANSACTION_PENDING
, DNS_TRANSACTION_VALIDATING
))
499 if (i
->probe_transaction
->state
== DNS_TRANSACTION_SUCCESS
) {
500 bool we_lost
= false;
502 /* The probe got a successful reply. If we so far
503 * weren't established we just give up. If we already
504 * were established, and the peer has the
505 * lexicographically larger IP address we continue
508 if (!IN_SET(i
->state
, DNS_ZONE_ITEM_ESTABLISHED
, DNS_ZONE_ITEM_VERIFYING
)) {
509 log_debug("Got a successful probe for not yet established RR, we lost.");
512 assert(i
->probe_transaction
->received
);
513 we_lost
= memcmp(&i
->probe_transaction
->received
->sender
, &i
->probe_transaction
->received
->destination
, FAMILY_ADDRESS_SIZE(i
->probe_transaction
->received
->family
)) < 0;
515 log_debug("Got a successful probe reply for an established RR, and we have a lexicographically larger IP address and thus lost.");
519 dns_zone_item_conflict(i
);
523 log_debug("Got a successful probe reply, but peer has lexicographically lower IP address and thus lost.");
526 log_debug("Record %s successfully probed.", strna(dns_resource_record_to_string(i
->rr
)));
528 dns_zone_item_probe_stop(i
);
529 i
->state
= DNS_ZONE_ITEM_ESTABLISHED
;
532 static int dns_zone_item_verify(DnsZoneItem
*i
) {
537 if (i
->state
!= DNS_ZONE_ITEM_ESTABLISHED
)
540 log_debug("Verifying RR %s", strna(dns_resource_record_to_string(i
->rr
)));
542 i
->state
= DNS_ZONE_ITEM_VERIFYING
;
543 r
= dns_zone_item_probe_start(i
);
545 log_error_errno(r
, "Failed to start probing for verifying RR: %m");
546 i
->state
= DNS_ZONE_ITEM_ESTABLISHED
;
553 int dns_zone_check_conflicts(DnsZone
*zone
, DnsResourceRecord
*rr
) {
554 DnsZoneItem
*i
, *first
;
560 /* This checks whether a response RR we received from somebody
561 * else is one that we actually thought was uniquely ours. If
562 * so, we'll verify our RRs. */
564 /* No conflict if we don't have the name at all. */
565 first
= hashmap_get(zone
->by_name
, DNS_RESOURCE_KEY_NAME(rr
->key
));
569 /* No conflict if we have the exact same RR */
570 if (dns_zone_get(zone
, rr
))
573 /* OK, somebody else has RRs for the same name. Yuck! Let's
574 * start probing again */
576 LIST_FOREACH(by_name
, i
, first
) {
577 if (dns_resource_record_equal(i
->rr
, rr
))
580 dns_zone_item_verify(i
);
587 int dns_zone_verify_conflicts(DnsZone
*zone
, DnsResourceKey
*key
) {
588 DnsZoneItem
*i
, *first
;
593 /* Somebody else notified us about a possible conflict. Let's
594 * verify if that's true. */
596 first
= hashmap_get(zone
->by_name
, DNS_RESOURCE_KEY_NAME(key
));
600 LIST_FOREACH(by_name
, i
, first
) {
601 dns_zone_item_verify(i
);
608 void dns_zone_verify_all(DnsZone
*zone
) {
614 HASHMAP_FOREACH(i
, zone
->by_key
, iterator
) {
617 LIST_FOREACH(by_key
, j
, i
)
618 dns_zone_item_verify(j
);
622 void dns_zone_dump(DnsZone
*zone
, FILE *f
) {
632 HASHMAP_FOREACH(i
, zone
->by_key
, iterator
) {
635 LIST_FOREACH(by_key
, j
, i
) {
638 t
= dns_resource_record_to_string(j
->rr
);
651 bool dns_zone_is_empty(DnsZone
*zone
) {
655 return hashmap_isempty(zone
->by_key
);