1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2014 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
24 #include "resolved-dns-transaction.h"
26 DnsTransaction* dns_transaction_free(DnsTransaction *t) {
33 sd_event_source_unref(t->timeout_event_source);
35 dns_question_unref(t->question);
36 dns_packet_unref(t->sent);
37 dns_packet_unref(t->received);
38 dns_answer_unref(t->cached);
40 dns_stream_free(t->stream);
43 LIST_REMOVE(transactions_by_scope, t->scope->transactions, t);
46 hashmap_remove(t->scope->manager->dns_transactions, UINT_TO_PTR(t->id));
49 while ((q = set_steal_first(t->queries)))
50 set_remove(q->transactions, t);
53 while ((i = set_steal_first(t->zone_items)))
54 i->probe_transaction = NULL;
55 set_free(t->zone_items);
61 DEFINE_TRIVIAL_CLEANUP_FUNC(DnsTransaction*, dns_transaction_free);
63 void dns_transaction_gc(DnsTransaction *t) {
69 if (set_isempty(t->queries) && set_isempty(t->zone_items))
70 dns_transaction_free(t);
73 int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsQuestion *q) {
74 _cleanup_(dns_transaction_freep) DnsTransaction *t = NULL;
81 r = hashmap_ensure_allocated(&s->manager->dns_transactions, NULL, NULL);
85 t = new0(DnsTransaction, 1);
89 t->question = dns_question_ref(q);
92 random_bytes(&t->id, sizeof(t->id));
94 hashmap_get(s->manager->dns_transactions, UINT_TO_PTR(t->id)));
96 r = hashmap_put(s->manager->dns_transactions, UINT_TO_PTR(t->id), t);
102 LIST_PREPEND(transactions_by_scope, s->transactions, t);
113 static void dns_transaction_stop(DnsTransaction *t) {
116 t->timeout_event_source = sd_event_source_unref(t->timeout_event_source);
117 t->stream = dns_stream_free(t->stream);
120 static void dns_transaction_tentative(DnsTransaction *t, DnsPacket *p) {
127 if (manager_our_packet(t->scope->manager, p) != 0)
130 log_debug("Transaction on scope %s on %s/%s got tentative packet",
131 dns_protocol_to_string(t->scope->protocol),
132 t->scope->link ? t->scope->link->name : "*",
133 t->scope->family == AF_UNSPEC ? "*" : af_to_name(t->scope->family));
135 /* RFC 4795, Section 4.1 says that the peer with the
136 * lexicographically smaller IP address loses */
137 if (memcmp(&p->sender, &p->destination, FAMILY_ADDRESS_SIZE(p->family)) < 0) {
138 log_debug("Peer has lexicographically smaller IP address and thus lost in the conflict.");
142 log_debug("We have the lexicographically smaller IP address and thus lost in the conflict.");
145 SET_FOREACH(z, t->zone_items, i)
146 dns_zone_item_conflict(z);
149 dns_transaction_gc(t);
152 void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state) {
158 assert(!IN_SET(state, DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING));
160 if (!IN_SET(t->state, DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING))
163 /* Note that this call might invalidate the query. Callers
164 * should hence not attempt to access the query or transaction
165 * after calling this function. */
167 log_debug("Transaction on scope %s on %s/%s now complete with <%s>",
168 dns_protocol_to_string(t->scope->protocol),
169 t->scope->link ? t->scope->link->name : "*",
170 t->scope->family == AF_UNSPEC ? "*" : af_to_name(t->scope->family),
171 dns_transaction_state_to_string(state));
175 dns_transaction_stop(t);
177 /* Notify all queries that are interested, but make sure the
178 * transaction isn't freed while we are still looking at it */
180 SET_FOREACH(q, t->queries, i)
182 SET_FOREACH(z, t->zone_items, i)
183 dns_zone_item_ready(z);
186 dns_transaction_gc(t);
189 static int on_stream_complete(DnsStream *s, int error) {
190 _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
194 assert(s->transaction);
196 /* Copy the data we care about out of the stream before we
199 p = dns_packet_ref(s->read_packet);
201 t->stream = dns_stream_free(t->stream);
204 dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
208 if (dns_packet_validate_reply(p) <= 0) {
209 log_debug("Invalid LLMNR TCP packet.");
210 dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
214 dns_scope_check_conflicts(t->scope, p);
217 dns_transaction_process_reply(t, p);
220 /* If the response wasn't useful, then complete the transition now */
221 if (t->state == DNS_TRANSACTION_PENDING)
222 dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
227 static int dns_transaction_open_tcp(DnsTransaction *t) {
228 _cleanup_close_ int fd = -1;
236 if (t->scope->protocol == DNS_PROTOCOL_DNS)
237 fd = dns_scope_tcp_socket(t->scope, AF_UNSPEC, NULL, 53);
238 else if (t->scope->protocol == DNS_PROTOCOL_LLMNR) {
240 /* When we already received a query to this (but it was truncated), send to its sender address */
242 fd = dns_scope_tcp_socket(t->scope, t->received->family, &t->received->sender, t->received->sender_port);
244 union in_addr_union address;
247 /* Otherwise, try to talk to the owner of a
248 * the IP address, in case this is a reverse
250 r = dns_question_extract_reverse_address(t->question, &family, &address);
256 fd = dns_scope_tcp_socket(t->scope, family, &address, 5355);
259 return -EAFNOSUPPORT;
264 r = dns_stream_new(t->scope->manager, &t->stream, t->scope->protocol, fd);
270 r = dns_stream_write_packet(t->stream, t->sent);
272 t->stream = dns_stream_free(t->stream);
276 t->received = dns_packet_unref(t->received);
277 t->stream->complete = on_stream_complete;
278 t->stream->transaction = t;
280 /* The interface index is difficult to determine if we are
281 * connecting to the local host, hence fill this in right away
282 * instead of determining it from the socket */
284 t->stream->ifindex = t->scope->link->ifindex;
289 void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p) {
294 assert(t->state == DNS_TRANSACTION_PENDING);
296 /* Note that this call might invalidate the query. Callers
297 * should hence not attempt to access the query or transaction
298 * after calling this function. */
300 if (t->scope->protocol == DNS_PROTOCOL_LLMNR) {
301 assert(t->scope->link);
303 /* For LLMNR we will not accept any packets from other
306 if (p->ifindex != t->scope->link->ifindex)
309 if (p->family != t->scope->family)
312 /* Tentative packets are not full responses but still
313 * useful for identifying uniqueness conflicts during
315 if (DNS_PACKET_T(p)) {
316 dns_transaction_tentative(t, p);
321 if (t->scope->protocol == DNS_PROTOCOL_DNS) {
323 /* For DNS we are fine with accepting packets on any
324 * interface, but the source IP address must be one of
325 * a valid DNS server */
327 if (!dns_scope_good_dns_server(t->scope, p->family, &p->sender))
330 if (p->sender_port != 53)
334 if (t->received != p) {
335 dns_packet_unref(t->received);
336 t->received = dns_packet_ref(p);
339 if (p->ipproto == IPPROTO_TCP) {
340 if (DNS_PACKET_TC(p)) {
341 /* Truncated via TCP? Somebody must be fucking with us */
342 dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
346 if (DNS_PACKET_ID(p) != t->id) {
347 /* Not the reply to our query? Somebody must be fucking with us */
348 dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
353 if (DNS_PACKET_TC(p)) {
354 /* Response was truncated, let's try again with good old TCP */
355 r = dns_transaction_open_tcp(t);
357 /* No servers found? Damn! */
358 dns_transaction_complete(t, DNS_TRANSACTION_NO_SERVERS);
362 /* On LLMNR, if we cannot connect to the host,
363 * we immediately give up */
364 if (t->scope->protocol == DNS_PROTOCOL_LLMNR) {
365 dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
369 /* On DNS, couldn't send? Try immediately again, with a new server */
370 dns_scope_next_dns_server(t->scope);
372 r = dns_transaction_go(t);
374 dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
382 /* Parse and update the cache */
383 r = dns_packet_extract(p);
385 dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
389 /* According to RFC 4795, section 2.9. only the RRs from the answer section shall be cached */
390 dns_cache_put(&t->scope->cache, p->question, DNS_PACKET_RCODE(p), p->answer, DNS_PACKET_ANCOUNT(p), 0, p->family, &p->sender);
392 if (DNS_PACKET_RCODE(p) == DNS_RCODE_SUCCESS)
393 dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS);
395 dns_transaction_complete(t, DNS_TRANSACTION_FAILURE);
398 static int on_transaction_timeout(sd_event_source *s, usec_t usec, void *userdata) {
399 DnsTransaction *t = userdata;
405 /* Timeout reached? Try again, with a new server */
406 dns_scope_next_dns_server(t->scope);
408 r = dns_transaction_go(t);
410 dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
415 static int dns_transaction_make_packet(DnsTransaction *t) {
416 _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
417 unsigned n, added = 0;
425 r = dns_packet_new_query(&p, t->scope->protocol, 0);
429 for (n = 0; n < t->question->n_keys; n++) {
430 r = dns_scope_good_key(t->scope, t->question->keys[n]);
436 r = dns_packet_append_key(p, t->question->keys[n], NULL);
446 DNS_PACKET_HEADER(p)->qdcount = htobe16(added);
447 DNS_PACKET_HEADER(p)->id = t->id;
455 int dns_transaction_go(DnsTransaction *t) {
461 had_stream = !!t->stream;
463 dns_transaction_stop(t);
465 log_debug("Excercising transaction on scope %s on %s/%s",
466 dns_protocol_to_string(t->scope->protocol),
467 t->scope->link ? t->scope->link->name : "*",
468 t->scope->family == AF_UNSPEC ? "*" : af_to_name(t->scope->family));
470 if (t->n_attempts >= TRANSACTION_ATTEMPTS_MAX(t->scope->protocol)) {
471 dns_transaction_complete(t, DNS_TRANSACTION_ATTEMPTS_MAX_REACHED);
475 if (t->scope->protocol == DNS_PROTOCOL_LLMNR && had_stream) {
476 /* If we already tried via a stream, then we don't
477 * retry on LLMNR. See RFC 4795, Section 2.7. */
478 dns_transaction_complete(t, DNS_TRANSACTION_ATTEMPTS_MAX_REACHED);
483 t->received = dns_packet_unref(t->received);
484 t->cached = dns_answer_unref(t->cached);
487 /* Check the cache, but only if this transaction is not used
488 * for probing or verifying a zone item. */
489 if (set_isempty(t->zone_items)) {
491 /* Before trying the cache, let's make sure we figured out a
492 * server to use. Should this cause a change of server this
493 * might flush the cache. */
494 dns_scope_get_dns_server(t->scope);
496 /* Let's then prune all outdated entries */
497 dns_cache_prune(&t->scope->cache);
499 r = dns_cache_lookup(&t->scope->cache, t->question, &t->cached_rcode, &t->cached);
503 log_debug("Cache hit!");
504 if (t->cached_rcode == DNS_RCODE_SUCCESS)
505 dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS);
507 dns_transaction_complete(t, DNS_TRANSACTION_FAILURE);
512 if (t->scope->protocol == DNS_PROTOCOL_LLMNR && !t->initial_jitter) {
515 /* RFC 4795 Section 2.7 suggests all queries should be
516 * delayed by a random time from 0 to JITTER_INTERVAL. */
518 t->initial_jitter = true;
520 random_bytes(&jitter, sizeof(jitter));
521 jitter %= LLMNR_JITTER_INTERVAL_USEC;
523 r = sd_event_add_time(
524 t->scope->manager->event,
525 &t->timeout_event_source,
526 clock_boottime_or_monotonic(),
527 now(clock_boottime_or_monotonic()) + jitter,
528 LLMNR_JITTER_INTERVAL_USEC,
529 on_transaction_timeout, t);
534 t->state = DNS_TRANSACTION_PENDING;
536 log_debug("Delaying LLMNR transaction for " USEC_FMT "us.", jitter);
540 log_debug("Cache miss!");
542 /* Otherwise, we need to ask the network */
543 r = dns_transaction_make_packet(t);
545 /* Not the right request to make on this network?
546 * (i.e. an A request made on IPv6 or an AAAA request
547 * made on IPv4, on LLMNR or mDNS.) */
548 dns_transaction_complete(t, DNS_TRANSACTION_NO_SERVERS);
554 if (t->scope->protocol == DNS_PROTOCOL_LLMNR &&
555 (dns_question_endswith(t->question, "in-addr.arpa") > 0 ||
556 dns_question_endswith(t->question, "ip6.arpa") > 0)) {
558 /* RFC 4795, Section 2.4. says reverse lookups shall
559 * always be made via TCP on LLMNR */
560 r = dns_transaction_open_tcp(t);
562 /* Try via UDP, and if that fails due to large size try via TCP */
563 r = dns_scope_emit(t->scope, t->sent);
565 r = dns_transaction_open_tcp(t);
568 /* No servers to send this to? */
569 dns_transaction_complete(t, DNS_TRANSACTION_NO_SERVERS);
573 if (t->scope->protocol != DNS_PROTOCOL_DNS) {
574 dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
578 /* Couldn't send? Try immediately again, with a new server */
579 dns_scope_next_dns_server(t->scope);
581 return dns_transaction_go(t);
584 r = sd_event_add_time(
585 t->scope->manager->event,
586 &t->timeout_event_source,
587 clock_boottime_or_monotonic(),
588 now(clock_boottime_or_monotonic()) + TRANSACTION_TIMEOUT_USEC(t->scope->protocol), 0,
589 on_transaction_timeout, t);
593 t->state = DNS_TRANSACTION_PENDING;
597 static const char* const dns_transaction_state_table[_DNS_TRANSACTION_STATE_MAX] = {
598 [DNS_TRANSACTION_NULL] = "null",
599 [DNS_TRANSACTION_PENDING] = "pending",
600 [DNS_TRANSACTION_FAILURE] = "failure",
601 [DNS_TRANSACTION_SUCCESS] = "success",
602 [DNS_TRANSACTION_NO_SERVERS] = "no-servers",
603 [DNS_TRANSACTION_TIMEOUT] = "timeout",
604 [DNS_TRANSACTION_ATTEMPTS_MAX_REACHED] = "attempts-max-reached",
605 [DNS_TRANSACTION_INVALID_REPLY] = "invalid-reply",
606 [DNS_TRANSACTION_RESOURCES] = "resources",
607 [DNS_TRANSACTION_ABORTED] = "aborted",
609 DEFINE_STRING_TABLE_LOOKUP(dns_transaction_state, DnsTransactionState);