1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2014 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
24 #include "resolved-dns-transaction.h"
26 DnsTransaction* dns_transaction_free(DnsTransaction *t) {
33 sd_event_source_unref(t->timeout_event_source);
35 dns_question_unref(t->question);
36 dns_packet_unref(t->sent);
37 dns_packet_unref(t->received);
38 dns_answer_unref(t->cached);
40 dns_stream_free(t->stream);
43 LIST_REMOVE(transactions_by_scope, t->scope->transactions, t);
46 hashmap_remove(t->scope->manager->dns_transactions, UINT_TO_PTR(t->id));
49 while ((q = set_steal_first(t->queries)))
50 set_remove(q->transactions, t);
53 while ((i = set_steal_first(t->zone_items)))
54 i->probe_transaction = NULL;
55 set_free(t->zone_items);
61 DEFINE_TRIVIAL_CLEANUP_FUNC(DnsTransaction*, dns_transaction_free);
63 void dns_transaction_gc(DnsTransaction *t) {
69 if (set_isempty(t->queries) && set_isempty(t->zone_items))
70 dns_transaction_free(t);
73 int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsQuestion *q) {
74 _cleanup_(dns_transaction_freep) DnsTransaction *t = NULL;
81 r = hashmap_ensure_allocated(&s->manager->dns_transactions, NULL);
85 t = new0(DnsTransaction, 1);
89 t->question = dns_question_ref(q);
92 random_bytes(&t->id, sizeof(t->id));
94 hashmap_get(s->manager->dns_transactions, UINT_TO_PTR(t->id)));
96 r = hashmap_put(s->manager->dns_transactions, UINT_TO_PTR(t->id), t);
102 LIST_PREPEND(transactions_by_scope, s->transactions, t);
113 static void dns_transaction_stop(DnsTransaction *t) {
116 t->timeout_event_source = sd_event_source_unref(t->timeout_event_source);
117 t->stream = dns_stream_free(t->stream);
120 static void dns_transaction_tentative(DnsTransaction *t, DnsPacket *p) {
121 _cleanup_free_ char *pretty = NULL;
127 if (manager_our_packet(t->scope->manager, p) != 0)
130 in_addr_to_string(p->family, &p->sender, &pretty);
132 log_debug("Transaction on scope %s on %s/%s got tentative packet from %s",
133 dns_protocol_to_string(t->scope->protocol),
134 t->scope->link ? t->scope->link->name : "*",
135 t->scope->family == AF_UNSPEC ? "*" : af_to_name(t->scope->family),
138 /* RFC 4795, Section 4.1 says that the peer with the
139 * lexicographically smaller IP address loses */
140 if (memcmp(&p->sender, &p->destination, FAMILY_ADDRESS_SIZE(p->family)) >= 0) {
141 log_debug("Peer has lexicographically larger IP address and thus lost in the conflict.");
145 log_debug("We have the lexicographically larger IP address and thus lost in the conflict.");
148 while ((z = set_first(t->zone_items))) {
149 /* First, make sure the zone item drops the reference
151 dns_zone_item_probe_stop(z);
153 /* Secondly, report this as conflict, so that we might
154 * look for a different hostname */
155 dns_zone_item_conflict(z);
159 dns_transaction_gc(t);
162 void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state) {
168 assert(!IN_SET(state, DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING));
170 if (!IN_SET(t->state, DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING))
173 /* Note that this call might invalidate the query. Callers
174 * should hence not attempt to access the query or transaction
175 * after calling this function. */
177 log_debug("Transaction on scope %s on %s/%s now complete with <%s>",
178 dns_protocol_to_string(t->scope->protocol),
179 t->scope->link ? t->scope->link->name : "*",
180 t->scope->family == AF_UNSPEC ? "*" : af_to_name(t->scope->family),
181 dns_transaction_state_to_string(state));
185 dns_transaction_stop(t);
187 /* Notify all queries that are interested, but make sure the
188 * transaction isn't freed while we are still looking at it */
190 SET_FOREACH(q, t->queries, i)
192 SET_FOREACH(z, t->zone_items, i)
193 dns_zone_item_ready(z);
196 dns_transaction_gc(t);
199 static int on_stream_complete(DnsStream *s, int error) {
200 _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
204 assert(s->transaction);
206 /* Copy the data we care about out of the stream before we
209 p = dns_packet_ref(s->read_packet);
211 t->stream = dns_stream_free(t->stream);
214 dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
218 if (dns_packet_validate_reply(p) <= 0) {
219 log_debug("Invalid LLMNR TCP packet.");
220 dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
224 dns_scope_check_conflicts(t->scope, p);
227 dns_transaction_process_reply(t, p);
230 /* If the response wasn't useful, then complete the transition now */
231 if (t->state == DNS_TRANSACTION_PENDING)
232 dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
237 static int dns_transaction_open_tcp(DnsTransaction *t) {
238 _cleanup_close_ int fd = -1;
246 if (t->scope->protocol == DNS_PROTOCOL_DNS)
247 fd = dns_scope_tcp_socket(t->scope, AF_UNSPEC, NULL, 53);
248 else if (t->scope->protocol == DNS_PROTOCOL_LLMNR) {
250 /* When we already received a query to this (but it was truncated), send to its sender address */
252 fd = dns_scope_tcp_socket(t->scope, t->received->family, &t->received->sender, t->received->sender_port);
254 union in_addr_union address;
257 /* Otherwise, try to talk to the owner of a
258 * the IP address, in case this is a reverse
260 r = dns_question_extract_reverse_address(t->question, &family, &address);
266 fd = dns_scope_tcp_socket(t->scope, family, &address, 5355);
269 return -EAFNOSUPPORT;
274 r = dns_stream_new(t->scope->manager, &t->stream, t->scope->protocol, fd);
280 r = dns_stream_write_packet(t->stream, t->sent);
282 t->stream = dns_stream_free(t->stream);
286 t->received = dns_packet_unref(t->received);
287 t->stream->complete = on_stream_complete;
288 t->stream->transaction = t;
290 /* The interface index is difficult to determine if we are
291 * connecting to the local host, hence fill this in right away
292 * instead of determining it from the socket */
294 t->stream->ifindex = t->scope->link->ifindex;
299 void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p) {
304 assert(t->state == DNS_TRANSACTION_PENDING);
306 /* Note that this call might invalidate the query. Callers
307 * should hence not attempt to access the query or transaction
308 * after calling this function. */
310 if (t->scope->protocol == DNS_PROTOCOL_LLMNR) {
311 assert(t->scope->link);
313 /* For LLMNR we will not accept any packets from other
316 if (p->ifindex != t->scope->link->ifindex)
319 if (p->family != t->scope->family)
322 /* Tentative packets are not full responses but still
323 * useful for identifying uniqueness conflicts during
325 if (DNS_PACKET_T(p)) {
326 dns_transaction_tentative(t, p);
331 if (t->scope->protocol == DNS_PROTOCOL_DNS) {
333 /* For DNS we are fine with accepting packets on any
334 * interface, but the source IP address must be one of
335 * a valid DNS server */
337 if (!dns_scope_good_dns_server(t->scope, p->family, &p->sender))
340 if (p->sender_port != 53)
344 if (t->received != p) {
345 dns_packet_unref(t->received);
346 t->received = dns_packet_ref(p);
349 if (p->ipproto == IPPROTO_TCP) {
350 if (DNS_PACKET_TC(p)) {
351 /* Truncated via TCP? Somebody must be fucking with us */
352 dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
356 if (DNS_PACKET_ID(p) != t->id) {
357 /* Not the reply to our query? Somebody must be fucking with us */
358 dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
363 if (DNS_PACKET_TC(p)) {
364 /* Response was truncated, let's try again with good old TCP */
365 r = dns_transaction_open_tcp(t);
367 /* No servers found? Damn! */
368 dns_transaction_complete(t, DNS_TRANSACTION_NO_SERVERS);
372 /* On LLMNR, if we cannot connect to the host,
373 * we immediately give up */
374 if (t->scope->protocol == DNS_PROTOCOL_LLMNR) {
375 dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
379 /* On DNS, couldn't send? Try immediately again, with a new server */
380 dns_scope_next_dns_server(t->scope);
382 r = dns_transaction_go(t);
384 dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
392 /* Parse and update the cache */
393 r = dns_packet_extract(p);
395 dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
399 /* According to RFC 4795, section 2.9. only the RRs from the answer section shall be cached */
400 dns_cache_put(&t->scope->cache, p->question, DNS_PACKET_RCODE(p), p->answer, DNS_PACKET_ANCOUNT(p), 0, p->family, &p->sender);
402 if (DNS_PACKET_RCODE(p) == DNS_RCODE_SUCCESS)
403 dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS);
405 dns_transaction_complete(t, DNS_TRANSACTION_FAILURE);
408 static int on_transaction_timeout(sd_event_source *s, usec_t usec, void *userdata) {
409 DnsTransaction *t = userdata;
415 /* Timeout reached? Try again, with a new server */
416 dns_scope_next_dns_server(t->scope);
418 r = dns_transaction_go(t);
420 dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
425 static int dns_transaction_make_packet(DnsTransaction *t) {
426 _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
427 unsigned n, added = 0;
435 r = dns_packet_new_query(&p, t->scope->protocol, 0);
439 for (n = 0; n < t->question->n_keys; n++) {
440 r = dns_scope_good_key(t->scope, t->question->keys[n]);
446 r = dns_packet_append_key(p, t->question->keys[n], NULL);
456 DNS_PACKET_HEADER(p)->qdcount = htobe16(added);
457 DNS_PACKET_HEADER(p)->id = t->id;
465 int dns_transaction_go(DnsTransaction *t) {
471 had_stream = !!t->stream;
473 dns_transaction_stop(t);
475 log_debug("Excercising transaction on scope %s on %s/%s",
476 dns_protocol_to_string(t->scope->protocol),
477 t->scope->link ? t->scope->link->name : "*",
478 t->scope->family == AF_UNSPEC ? "*" : af_to_name(t->scope->family));
480 if (t->n_attempts >= TRANSACTION_ATTEMPTS_MAX(t->scope->protocol)) {
481 dns_transaction_complete(t, DNS_TRANSACTION_ATTEMPTS_MAX_REACHED);
485 if (t->scope->protocol == DNS_PROTOCOL_LLMNR && had_stream) {
486 /* If we already tried via a stream, then we don't
487 * retry on LLMNR. See RFC 4795, Section 2.7. */
488 dns_transaction_complete(t, DNS_TRANSACTION_ATTEMPTS_MAX_REACHED);
493 t->received = dns_packet_unref(t->received);
494 t->cached = dns_answer_unref(t->cached);
497 /* Check the cache, but only if this transaction is not used
498 * for probing or verifying a zone item. */
499 if (set_isempty(t->zone_items)) {
501 /* Before trying the cache, let's make sure we figured out a
502 * server to use. Should this cause a change of server this
503 * might flush the cache. */
504 dns_scope_get_dns_server(t->scope);
506 /* Let's then prune all outdated entries */
507 dns_cache_prune(&t->scope->cache);
509 r = dns_cache_lookup(&t->scope->cache, t->question, &t->cached_rcode, &t->cached);
513 log_debug("Cache hit!");
514 if (t->cached_rcode == DNS_RCODE_SUCCESS)
515 dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS);
517 dns_transaction_complete(t, DNS_TRANSACTION_FAILURE);
522 if (t->scope->protocol == DNS_PROTOCOL_LLMNR && !t->initial_jitter) {
525 /* RFC 4795 Section 2.7 suggests all queries should be
526 * delayed by a random time from 0 to JITTER_INTERVAL. */
528 t->initial_jitter = true;
530 random_bytes(&jitter, sizeof(jitter));
531 jitter %= LLMNR_JITTER_INTERVAL_USEC;
533 r = sd_event_add_time(
534 t->scope->manager->event,
535 &t->timeout_event_source,
536 clock_boottime_or_monotonic(),
537 now(clock_boottime_or_monotonic()) + jitter,
538 LLMNR_JITTER_INTERVAL_USEC,
539 on_transaction_timeout, t);
544 t->state = DNS_TRANSACTION_PENDING;
546 log_debug("Delaying LLMNR transaction for " USEC_FMT "us.", jitter);
550 log_debug("Cache miss!");
552 /* Otherwise, we need to ask the network */
553 r = dns_transaction_make_packet(t);
555 /* Not the right request to make on this network?
556 * (i.e. an A request made on IPv6 or an AAAA request
557 * made on IPv4, on LLMNR or mDNS.) */
558 dns_transaction_complete(t, DNS_TRANSACTION_NO_SERVERS);
564 if (t->scope->protocol == DNS_PROTOCOL_LLMNR &&
565 (dns_question_endswith(t->question, "in-addr.arpa") > 0 ||
566 dns_question_endswith(t->question, "ip6.arpa") > 0)) {
568 /* RFC 4795, Section 2.4. says reverse lookups shall
569 * always be made via TCP on LLMNR */
570 r = dns_transaction_open_tcp(t);
572 /* Try via UDP, and if that fails due to large size try via TCP */
573 r = dns_scope_emit(t->scope, t->sent);
575 r = dns_transaction_open_tcp(t);
578 /* No servers to send this to? */
579 dns_transaction_complete(t, DNS_TRANSACTION_NO_SERVERS);
583 if (t->scope->protocol != DNS_PROTOCOL_DNS) {
584 dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
588 /* Couldn't send? Try immediately again, with a new server */
589 dns_scope_next_dns_server(t->scope);
591 return dns_transaction_go(t);
594 r = sd_event_add_time(
595 t->scope->manager->event,
596 &t->timeout_event_source,
597 clock_boottime_or_monotonic(),
598 now(clock_boottime_or_monotonic()) + TRANSACTION_TIMEOUT_USEC(t->scope->protocol), 0,
599 on_transaction_timeout, t);
603 t->state = DNS_TRANSACTION_PENDING;
607 static const char* const dns_transaction_state_table[_DNS_TRANSACTION_STATE_MAX] = {
608 [DNS_TRANSACTION_NULL] = "null",
609 [DNS_TRANSACTION_PENDING] = "pending",
610 [DNS_TRANSACTION_FAILURE] = "failure",
611 [DNS_TRANSACTION_SUCCESS] = "success",
612 [DNS_TRANSACTION_NO_SERVERS] = "no-servers",
613 [DNS_TRANSACTION_TIMEOUT] = "timeout",
614 [DNS_TRANSACTION_ATTEMPTS_MAX_REACHED] = "attempts-max-reached",
615 [DNS_TRANSACTION_INVALID_REPLY] = "invalid-reply",
616 [DNS_TRANSACTION_RESOURCES] = "resources",
617 [DNS_TRANSACTION_ABORTED] = "aborted",
619 DEFINE_STRING_TABLE_LOOKUP(dns_transaction_state, DnsTransactionState);