1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2014 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
24 #include "resolved-dns-transaction.h"
26 DnsTransaction* dns_transaction_free(DnsTransaction *t) {
33 sd_event_source_unref(t->timeout_event_source);
35 dns_question_unref(t->question);
36 dns_packet_unref(t->sent);
37 dns_packet_unref(t->received);
38 dns_answer_unref(t->cached);
40 dns_stream_free(t->stream);
43 LIST_REMOVE(transactions_by_scope, t->scope->transactions, t);
46 hashmap_remove(t->scope->manager->dns_transactions, UINT_TO_PTR(t->id));
49 while ((q = set_steal_first(t->queries)))
50 set_remove(q->transactions, t);
53 while ((i = set_steal_first(t->zone_items)))
54 i->probe_transaction = NULL;
55 set_free(t->zone_items);
61 DEFINE_TRIVIAL_CLEANUP_FUNC(DnsTransaction*, dns_transaction_free);
63 void dns_transaction_gc(DnsTransaction *t) {
69 if (set_isempty(t->queries) && set_isempty(t->zone_items))
70 dns_transaction_free(t);
73 int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsQuestion *q) {
74 _cleanup_(dns_transaction_freep) DnsTransaction *t = NULL;
81 r = hashmap_ensure_allocated(&s->manager->dns_transactions, NULL, NULL);
85 t = new0(DnsTransaction, 1);
89 t->question = dns_question_ref(q);
92 random_bytes(&t->id, sizeof(t->id));
94 hashmap_get(s->manager->dns_transactions, UINT_TO_PTR(t->id)));
96 r = hashmap_put(s->manager->dns_transactions, UINT_TO_PTR(t->id), t);
102 LIST_PREPEND(transactions_by_scope, s->transactions, t);
113 static void dns_transaction_stop(DnsTransaction *t) {
116 t->timeout_event_source = sd_event_source_unref(t->timeout_event_source);
117 t->stream = dns_stream_free(t->stream);
120 static void dns_transaction_tentative(DnsTransaction *t, DnsPacket *p) {
127 if (manager_our_packet(t->scope->manager, p) != 0)
130 log_debug("Transaction on scope %s on %s/%s got tentative packet",
131 dns_protocol_to_string(t->scope->protocol),
132 t->scope->link ? t->scope->link->name : "*",
133 t->scope->family == AF_UNSPEC ? "*" : af_to_name(t->scope->family));
136 SET_FOREACH(z, t->zone_items, i)
137 dns_zone_item_conflict(z);
140 dns_transaction_gc(t);
143 void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state) {
149 assert(!IN_SET(state, DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING));
151 if (!IN_SET(t->state, DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING))
154 /* Note that this call might invalidate the query. Callers
155 * should hence not attempt to access the query or transaction
156 * after calling this function. */
158 log_debug("Transaction on scope %s on %s/%s now complete with <%s>",
159 dns_protocol_to_string(t->scope->protocol),
160 t->scope->link ? t->scope->link->name : "*",
161 t->scope->family == AF_UNSPEC ? "*" : af_to_name(t->scope->family),
162 dns_transaction_state_to_string(state));
166 dns_transaction_stop(t);
168 /* Notify all queries that are interested, but make sure the
169 * transaction isn't freed while we are still looking at it */
171 SET_FOREACH(q, t->queries, i)
173 SET_FOREACH(z, t->zone_items, i)
174 dns_zone_item_ready(z);
177 dns_transaction_gc(t);
180 static int on_stream_complete(DnsStream *s, int error) {
181 _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
185 assert(s->transaction);
187 /* Copy the data we care about out of the stream before we
190 p = dns_packet_ref(s->read_packet);
192 t->stream = dns_stream_free(t->stream);
195 dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
200 dns_transaction_process_reply(t, p);
203 /* If the response wasn't useful, then complete the transition now */
204 if (t->state == DNS_TRANSACTION_PENDING)
205 dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
210 static int dns_transaction_open_tcp(DnsTransaction *t) {
211 _cleanup_close_ int fd = -1;
219 if (t->scope->protocol == DNS_PROTOCOL_DNS)
220 fd = dns_scope_tcp_socket(t->scope, AF_UNSPEC, NULL, 53);
221 else if (t->scope->protocol == DNS_PROTOCOL_LLMNR) {
223 /* When we already received a query to this (but it was truncated), send to its sender address */
225 fd = dns_scope_tcp_socket(t->scope, t->received->family, &t->received->sender, t->received->sender_port);
227 union in_addr_union address;
230 /* Otherwise, try to talk to the owner of a
231 * the IP address, in case this is a reverse
233 r = dns_question_extract_reverse_address(t->question, &family, &address);
239 fd = dns_scope_tcp_socket(t->scope, family, &address, 5355);
242 return -EAFNOSUPPORT;
247 r = dns_stream_new(t->scope->manager, &t->stream, t->scope->protocol, fd);
253 r = dns_stream_write_packet(t->stream, t->sent);
255 t->stream = dns_stream_free(t->stream);
259 t->received = dns_packet_unref(t->received);
260 t->stream->complete = on_stream_complete;
261 t->stream->transaction = t;
263 /* The interface index is difficult to determine if we are
264 * connecting to the local host, hence fill this in right away
265 * instead of determining it from the socket */
267 t->stream->ifindex = t->scope->link->ifindex;
272 void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p) {
277 assert(t->state == DNS_TRANSACTION_PENDING);
279 /* Note that this call might invalidate the query. Callers
280 * should hence not attempt to access the query or transaction
281 * after calling this function. */
283 if (t->scope->protocol == DNS_PROTOCOL_LLMNR) {
284 assert(t->scope->link);
286 /* For LLMNR we will not accept any packets from other
289 if (p->ifindex != t->scope->link->ifindex)
292 if (p->family != t->scope->family)
295 /* Tentative packets are not full responses but still
296 * useful for identifying uniqueness conflicts during
298 if (DNS_PACKET_T(p)) {
299 dns_transaction_tentative(t, p);
304 if (t->scope->protocol == DNS_PROTOCOL_DNS) {
306 /* For DNS we are fine with accepting packets on any
307 * interface, but the source IP address must be one of
308 * a valid DNS server */
310 if (!dns_scope_good_dns_server(t->scope, p->family, &p->sender))
313 if (p->sender_port != 53)
317 if (t->received != p) {
318 dns_packet_unref(t->received);
319 t->received = dns_packet_ref(p);
322 if (p->ipproto == IPPROTO_TCP) {
323 if (DNS_PACKET_TC(p)) {
324 /* Truncated via TCP? Somebody must be fucking with us */
325 dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
329 if (DNS_PACKET_ID(p) != t->id) {
330 /* Not the reply to our query? Somebody must be fucking with us */
331 dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
336 if (DNS_PACKET_TC(p)) {
337 /* Response was truncated, let's try again with good old TCP */
338 r = dns_transaction_open_tcp(t);
340 /* No servers found? Damn! */
341 dns_transaction_complete(t, DNS_TRANSACTION_NO_SERVERS);
345 /* On LLMNR, if we cannot connect to the host,
346 * we immediately give up */
347 if (t->scope->protocol == DNS_PROTOCOL_LLMNR) {
348 dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
352 /* On DNS, couldn't send? Try immediately again, with a new server */
353 dns_scope_next_dns_server(t->scope);
355 r = dns_transaction_go(t);
357 dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
365 /* Parse and update the cache */
366 r = dns_packet_extract(p);
368 dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
372 /* According to RFC 4795, section 2.9. only the RRs from the answer section shall be cached */
373 dns_cache_put(&t->scope->cache, p->question, DNS_PACKET_RCODE(p), p->answer, DNS_PACKET_ANCOUNT(p), 0);
375 if (DNS_PACKET_RCODE(p) == DNS_RCODE_SUCCESS)
376 dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS);
378 dns_transaction_complete(t, DNS_TRANSACTION_FAILURE);
381 static int on_transaction_timeout(sd_event_source *s, usec_t usec, void *userdata) {
382 DnsTransaction *t = userdata;
388 /* Timeout reached? Try again, with a new server */
389 dns_scope_next_dns_server(t->scope);
391 r = dns_transaction_go(t);
393 dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
398 static int dns_transaction_make_packet(DnsTransaction *t) {
399 _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
400 unsigned n, added = 0;
408 r = dns_packet_new_query(&p, t->scope->protocol, 0);
412 for (n = 0; n < t->question->n_keys; n++) {
413 r = dns_scope_good_key(t->scope, t->question->keys[n]);
419 r = dns_packet_append_key(p, t->question->keys[n], NULL);
429 DNS_PACKET_HEADER(p)->qdcount = htobe16(added);
430 DNS_PACKET_HEADER(p)->id = t->id;
438 int dns_transaction_go(DnsTransaction *t) {
444 had_stream = !!t->stream;
446 dns_transaction_stop(t);
448 log_debug("Excercising transaction on scope %s on %s/%s",
449 dns_protocol_to_string(t->scope->protocol),
450 t->scope->link ? t->scope->link->name : "*",
451 t->scope->family == AF_UNSPEC ? "*" : af_to_name(t->scope->family));
453 if (t->n_attempts >= TRANSACTION_ATTEMPTS_MAX(t->scope->protocol)) {
454 dns_transaction_complete(t, DNS_TRANSACTION_ATTEMPTS_MAX_REACHED);
458 if (t->scope->protocol == DNS_PROTOCOL_LLMNR && had_stream) {
459 /* If we already tried via a stream, then we don't
460 * retry on LLMNR. See RFC 4795, Section 2.7. */
461 dns_transaction_complete(t, DNS_TRANSACTION_ATTEMPTS_MAX_REACHED);
466 t->received = dns_packet_unref(t->received);
467 t->cached = dns_answer_unref(t->cached);
470 /* Check the cache, but only if this transaction is not used
471 * for probing or verifying a zone item. */
472 if (set_isempty(t->zone_items)) {
474 /* Before trying the cache, let's make sure we figured out a
475 * server to use. Should this cause a change of server this
476 * might flush the cache. */
477 dns_scope_get_dns_server(t->scope);
479 /* Let's then prune all outdated entries */
480 dns_cache_prune(&t->scope->cache);
482 r = dns_cache_lookup(&t->scope->cache, t->question, &t->cached_rcode, &t->cached);
486 log_debug("Cache hit!");
487 if (t->cached_rcode == DNS_RCODE_SUCCESS)
488 dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS);
490 dns_transaction_complete(t, DNS_TRANSACTION_FAILURE);
495 if (t->scope->protocol == DNS_PROTOCOL_LLMNR && !t->initial_jitter) {
498 /* RFC 4795 Section 2.7 suggests all queries should be
499 * delayed by a random time from 0 to JITTER_INTERVAL. */
501 t->initial_jitter = true;
503 random_bytes(&jitter, sizeof(jitter));
504 jitter %= LLMNR_JITTER_INTERVAL_USEC;
506 r = sd_event_add_time(
507 t->scope->manager->event,
508 &t->timeout_event_source,
509 clock_boottime_or_monotonic(),
510 now(clock_boottime_or_monotonic()) + jitter, LLMNR_JITTER_INTERVAL_USEC,
511 on_transaction_timeout, t);
516 t->state = DNS_TRANSACTION_PENDING;
518 log_debug("Delaying LLMNR transaction for " USEC_FMT "us.", jitter);
522 log_debug("Cache miss!");
524 /* Otherwise, we need to ask the network */
525 r = dns_transaction_make_packet(t);
527 /* Not the right request to make on this network?
528 * (i.e. an A request made on IPv6 or an AAAA request
529 * made on IPv4, on LLMNR or mDNS.) */
530 dns_transaction_complete(t, DNS_TRANSACTION_NO_SERVERS);
536 if (t->scope->protocol == DNS_PROTOCOL_LLMNR &&
537 (dns_question_endswith(t->question, "in-addr.arpa") > 0 ||
538 dns_question_endswith(t->question, "ip6.arpa") > 0)) {
540 /* RFC 4795, Section 2.4. says reverse lookups shall
541 * always be made via TCP on LLMNR */
542 r = dns_transaction_open_tcp(t);
544 /* Try via UDP, and if that fails due to large size try via TCP */
545 r = dns_scope_send(t->scope, t->sent);
547 r = dns_transaction_open_tcp(t);
550 /* No servers to send this to? */
551 dns_transaction_complete(t, DNS_TRANSACTION_NO_SERVERS);
555 if (t->scope->protocol != DNS_PROTOCOL_DNS) {
556 dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
560 /* Couldn't send? Try immediately again, with a new server */
561 dns_scope_next_dns_server(t->scope);
563 return dns_transaction_go(t);
566 r = sd_event_add_time(
567 t->scope->manager->event,
568 &t->timeout_event_source,
569 clock_boottime_or_monotonic(),
570 now(clock_boottime_or_monotonic()) + TRANSACTION_TIMEOUT_USEC(t->scope->protocol), 0,
571 on_transaction_timeout, t);
575 t->state = DNS_TRANSACTION_PENDING;
579 static const char* const dns_transaction_state_table[_DNS_TRANSACTION_STATE_MAX] = {
580 [DNS_TRANSACTION_NULL] = "null",
581 [DNS_TRANSACTION_PENDING] = "pending",
582 [DNS_TRANSACTION_FAILURE] = "failure",
583 [DNS_TRANSACTION_SUCCESS] = "success",
584 [DNS_TRANSACTION_NO_SERVERS] = "no-servers",
585 [DNS_TRANSACTION_TIMEOUT] = "timeout",
586 [DNS_TRANSACTION_ATTEMPTS_MAX_REACHED] = "attempts-max-reached",
587 [DNS_TRANSACTION_INVALID_REPLY] = "invalid-reply",
588 [DNS_TRANSACTION_RESOURCES] = "resources",
589 [DNS_TRANSACTION_ABORTED] = "aborted",
591 DEFINE_STRING_TABLE_LOOKUP(dns_transaction_state, DnsTransactionState);