[systemd.git] / src / resolve / resolved-dns-transaction.h

#pragma once

/***
  This file is part of systemd.

  Copyright 2014 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

typedef struct DnsTransaction DnsTransaction;
typedef enum DnsTransactionState DnsTransactionState;
typedef enum DnsTransactionSource DnsTransactionSource;

enum DnsTransactionState {
        DNS_TRANSACTION_NULL,
        DNS_TRANSACTION_PENDING,
        DNS_TRANSACTION_VALIDATING,
        DNS_TRANSACTION_RCODE_FAILURE,
        DNS_TRANSACTION_SUCCESS,
        DNS_TRANSACTION_NO_SERVERS,
        DNS_TRANSACTION_TIMEOUT,
        DNS_TRANSACTION_ATTEMPTS_MAX_REACHED,
        DNS_TRANSACTION_INVALID_REPLY,
        DNS_TRANSACTION_ERRNO,
        DNS_TRANSACTION_ABORTED,
        DNS_TRANSACTION_DNSSEC_FAILED,
        DNS_TRANSACTION_NO_TRUST_ANCHOR,
        DNS_TRANSACTION_RR_TYPE_UNSUPPORTED,
        DNS_TRANSACTION_NETWORK_DOWN,
        DNS_TRANSACTION_NOT_FOUND, /* like NXDOMAIN, but when LLMNR/TCP connections fail */
        _DNS_TRANSACTION_STATE_MAX,
        _DNS_TRANSACTION_STATE_INVALID = -1
};

#define DNS_TRANSACTION_IS_LIVE(state) IN_SET((state), DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING, DNS_TRANSACTION_VALIDATING)

enum DnsTransactionSource {
        DNS_TRANSACTION_NETWORK,
        DNS_TRANSACTION_CACHE,
        DNS_TRANSACTION_ZONE,
        DNS_TRANSACTION_TRUST_ANCHOR,
        _DNS_TRANSACTION_SOURCE_MAX,
        _DNS_TRANSACTION_SOURCE_INVALID = -1
};

#include "resolved-dns-answer.h"
#include "resolved-dns-packet.h"
#include "resolved-dns-question.h"
#include "resolved-dns-scope.h"

struct DnsTransaction {
        DnsScope *scope;

        DnsResourceKey *key;
        char *key_string;

        DnsTransactionState state;

        uint16_t id;

        bool tried_stream:1;

        bool initial_jitter_scheduled:1;
        bool initial_jitter_elapsed:1;

        DnsPacket *sent, *received;

        DnsAnswer *answer;
        int answer_rcode;
        DnssecResult answer_dnssec_result;
        DnsTransactionSource answer_source;
        uint32_t answer_nsec_ttl;
        int answer_errno; /* if state is DNS_TRANSACTION_ERRNO */

        /* Indicates whether the primary answer is authenticated,
         * i.e. whether the RRs from answer which directly match the
         * question are authenticated, or, if there are none, whether
         * the NODATA or NXDOMAIN case is. It says nothing about
         * additional RRs listed in the answer, however they have
         * their own DNS_ANSWER_AUTHORIZED FLAGS. Note that this bit
         * is defined different than the AD bit in DNS packets, as
         * that covers more than just the actual primary answer. */
        bool answer_authenticated;

        /* Contains DNSKEY, DS, SOA RRs we already verified and need
         * to authenticate this reply */
        DnsAnswer *validated_keys;

        usec_t start_usec;
        usec_t next_attempt_after;
        sd_event_source *timeout_event_source;
        unsigned n_attempts;

        /* UDP connection logic, if we need it */
        int dns_udp_fd;
        sd_event_source *dns_udp_event_source;

        /* TCP connection logic, if we need it */
        DnsStream *stream;

        /* The active server */
        DnsServer *server;

        /* The features of the DNS server at time of transaction start */
        DnsServerFeatureLevel current_feature_level;

        /* Query candidates this transaction is referenced by and that
         * shall be notified about this specific transaction
         * completing. */
        Set *notify_query_candidates;

        /* Zone items this transaction is referenced by and that shall
         * be notified about completion. */
        Set *notify_zone_items;

        /* Other transactions that this transactions is referenced by
         * and that shall be notified about completion. This is used
         * when transactions want to validate their RRsets, but need
         * another DNSKEY or DS RR to do so. */
        Set *notify_transactions;

        /* The opposite direction: the transactions this transaction
         * created in order to request DNSKEY or DS RRs. */
        Set *dnssec_transactions;

        unsigned block_gc;

        LIST_FIELDS(DnsTransaction, transactions_by_scope);
};

int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsResourceKey *key);
DnsTransaction* dns_transaction_free(DnsTransaction *t);

bool dns_transaction_gc(DnsTransaction *t);
int dns_transaction_go(DnsTransaction *t);

void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p);
void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state);

void dns_transaction_notify(DnsTransaction *t, DnsTransaction *source);
int dns_transaction_validate_dnssec(DnsTransaction *t);
int dns_transaction_request_dnssec_keys(DnsTransaction *t);

const char *dns_transaction_key_string(DnsTransaction *t);

const char* dns_transaction_state_to_string(DnsTransactionState p) _const_;
DnsTransactionState dns_transaction_state_from_string(const char *s) _pure_;

const char* dns_transaction_source_to_string(DnsTransactionSource p) _const_;
DnsTransactionSource dns_transaction_source_from_string(const char *s) _pure_;

/* LLMNR Jitter interval, see RFC 4795 Section 7 */
#define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC)

/* mDNS Jitter interval, see RFC 6762 Section 5.2 */
#define MDNS_JITTER_MIN_USEC   (20 * USEC_PER_MSEC)
#define MDNS_JITTER_RANGE_USEC (100 * USEC_PER_MSEC)

/* Maximum attempts to send DNS requests, across all DNS servers */
#define DNS_TRANSACTION_ATTEMPTS_MAX 16

/* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */
#define LLMNR_TRANSACTION_ATTEMPTS_MAX 3

#define TRANSACTION_ATTEMPTS_MAX(p) ((p) == DNS_PROTOCOL_LLMNR ? LLMNR_TRANSACTION_ATTEMPTS_MAX : DNS_TRANSACTION_ATTEMPTS_MAX)
Commit	Line	Data
5eef597e MP	1	#pragma once
	2
	3	/***
	4	This file is part of systemd.
	5
	6	Copyright 2014 Lennart Poettering
	7
	8	systemd is free software; you can redistribute it and/or modify it
	9	under the terms of the GNU Lesser General Public License as published by
	10	the Free Software Foundation; either version 2.1 of the License, or
	11	(at your option) any later version.
	12
	13	systemd is distributed in the hope that it will be useful, but
	14	WITHOUT ANY WARRANTY; without even the implied warranty of
	15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	16	Lesser General Public License for more details.
	17
	18	You should have received a copy of the GNU Lesser General Public License
	19	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	20	***/
	21
	22	typedef struct DnsTransaction DnsTransaction;
	23	typedef enum DnsTransactionState DnsTransactionState;
4c89c718	24	typedef enum DnsTransactionSource DnsTransactionSource;
5eef597e MP	25
	26	enum DnsTransactionState {
	27	DNS_TRANSACTION_NULL,
	28	DNS_TRANSACTION_PENDING,
4c89c718 MP	29	DNS_TRANSACTION_VALIDATING,
4c89c718 MP	30	DNS_TRANSACTION_RCODE_FAILURE,
5eef597e MP	31	DNS_TRANSACTION_SUCCESS,
	32	DNS_TRANSACTION_NO_SERVERS,
	33	DNS_TRANSACTION_TIMEOUT,
	34	DNS_TRANSACTION_ATTEMPTS_MAX_REACHED,
	35	DNS_TRANSACTION_INVALID_REPLY,
4c89c718	36	DNS_TRANSACTION_ERRNO,
5eef597e	37	DNS_TRANSACTION_ABORTED,
4c89c718 MP	38	DNS_TRANSACTION_DNSSEC_FAILED,
	39	DNS_TRANSACTION_NO_TRUST_ANCHOR,
	40	DNS_TRANSACTION_RR_TYPE_UNSUPPORTED,
	41	DNS_TRANSACTION_NETWORK_DOWN,
	42	DNS_TRANSACTION_NOT_FOUND, /* like NXDOMAIN, but when LLMNR/TCP connections fail */
5eef597e MP	43	_DNS_TRANSACTION_STATE_MAX,
	44	_DNS_TRANSACTION_STATE_INVALID = -1
	45	};
	46
4c89c718 MP	47	#define DNS_TRANSACTION_IS_LIVE(state) IN_SET((state), DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING, DNS_TRANSACTION_VALIDATING)
	48
	49	enum DnsTransactionSource {
	50	DNS_TRANSACTION_NETWORK,
	51	DNS_TRANSACTION_CACHE,
	52	DNS_TRANSACTION_ZONE,
	53	DNS_TRANSACTION_TRUST_ANCHOR,
	54	_DNS_TRANSACTION_SOURCE_MAX,
	55	_DNS_TRANSACTION_SOURCE_INVALID = -1
	56	};
	57
	58	#include "resolved-dns-answer.h"
5eef597e MP	59	#include "resolved-dns-packet.h"
5eef597e MP	60	#include "resolved-dns-question.h"
4c89c718	61	#include "resolved-dns-scope.h"
5eef597e MP	62
	63	struct DnsTransaction {
	64	DnsScope *scope;
	65
13d276d0	66	DnsResourceKey *key;
4c89c718	67	char *key_string;
5eef597e MP	68
5eef597e MP	69	DnsTransactionState state;
4c89c718	70
5eef597e MP	71	uint16_t id;
5eef597e MP	72
4c89c718 MP	73	bool tried_stream:1;
	74
	75	bool initial_jitter_scheduled:1;
	76	bool initial_jitter_elapsed:1;
5eef597e MP	77
5eef597e MP	78	DnsPacket sent, received;
4c89c718 MP	79
	80	DnsAnswer *answer;
	81	int answer_rcode;
	82	DnssecResult answer_dnssec_result;
	83	DnsTransactionSource answer_source;
	84	uint32_t answer_nsec_ttl;
	85	int answer_errno; /* if state is DNS_TRANSACTION_ERRNO */
	86
	87	/* Indicates whether the primary answer is authenticated,
	88	* i.e. whether the RRs from answer which directly match the
	89	* question are authenticated, or, if there are none, whether
	90	* the NODATA or NXDOMAIN case is. It says nothing about
	91	* additional RRs listed in the answer, however they have
	92	* their own DNS_ANSWER_AUTHORIZED FLAGS. Note that this bit
	93	* is defined different than the AD bit in DNS packets, as
	94	* that covers more than just the actual primary answer. */
	95	bool answer_authenticated;
	96
	97	/* Contains DNSKEY, DS, SOA RRs we already verified and need
	98	* to authenticate this reply */
	99	DnsAnswer *validated_keys;
5eef597e	100
13d276d0	101	usec_t start_usec;
4c89c718	102	usec_t next_attempt_after;
5eef597e MP	103	sd_event_source *timeout_event_source;
	104	unsigned n_attempts;
	105
4c89c718	106	/* UDP connection logic, if we need it */
13d276d0 MP	107	int dns_udp_fd;
13d276d0 MP	108	sd_event_source *dns_udp_event_source;
7035cd9e	109
4c89c718 MP	110	/* TCP connection logic, if we need it */
	111	DnsStream *stream;
	112
13d276d0	113	/* The active server */
7035cd9e MP	114	DnsServer *server;
7035cd9e MP	115
4c89c718 MP	116	/* The features of the DNS server at time of transaction start */
4c89c718 MP	117	DnsServerFeatureLevel current_feature_level;
5eef597e	118
4c89c718 MP	119	/* Query candidates this transaction is referenced by and that
	120	* shall be notified about this specific transaction
	121	* completing. */
	122	Set *notify_query_candidates;
5eef597e MP	123
	124	/* Zone items this transaction is referenced by and that shall
	125	* be notified about completion. */
4c89c718 MP	126	Set *notify_zone_items;
	127
	128	/* Other transactions that this transactions is referenced by
	129	* and that shall be notified about completion. This is used
	130	* when transactions want to validate their RRsets, but need
	131	* another DNSKEY or DS RR to do so. */
	132	Set *notify_transactions;
	133
	134	/* The opposite direction: the transactions this transaction
	135	* created in order to request DNSKEY or DS RRs. */
	136	Set *dnssec_transactions;
5eef597e MP	137
	138	unsigned block_gc;
	139
	140	LIST_FIELDS(DnsTransaction, transactions_by_scope);
	141	};
	142
13d276d0	143	int dns_transaction_new(DnsTransaction *ret, DnsScope s, DnsResourceKey *key);
5eef597e MP	144	DnsTransaction* dns_transaction_free(DnsTransaction *t);
5eef597e MP	145
4c89c718	146	bool dns_transaction_gc(DnsTransaction *t);
5eef597e MP	147	int dns_transaction_go(DnsTransaction *t);
	148
	149	void dns_transaction_process_reply(DnsTransaction t, DnsPacket p);
	150	void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state);
	151
4c89c718 MP	152	void dns_transaction_notify(DnsTransaction t, DnsTransaction source);
	153	int dns_transaction_validate_dnssec(DnsTransaction *t);
	154	int dns_transaction_request_dnssec_keys(DnsTransaction *t);
	155
	156	const char dns_transaction_key_string(DnsTransaction t);
	157
5eef597e MP	158	const char* dns_transaction_state_to_string(DnsTransactionState p) _const_;
	159	DnsTransactionState dns_transaction_state_from_string(const char *s) _pure_;
	160
4c89c718 MP	161	const char* dns_transaction_source_to_string(DnsTransactionSource p) _const_;
	162	DnsTransactionSource dns_transaction_source_from_string(const char *s) _pure_;
	163
5eef597e MP	164	/* LLMNR Jitter interval, see RFC 4795 Section 7 */
	165	#define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC)
	166
4c89c718 MP	167	/* mDNS Jitter interval, see RFC 6762 Section 5.2 */
	168	#define MDNS_JITTER_MIN_USEC (20 * USEC_PER_MSEC)
	169	#define MDNS_JITTER_RANGE_USEC (100 * USEC_PER_MSEC)
	170
5eef597e	171	/* Maximum attempts to send DNS requests, across all DNS servers */
13d276d0	172	#define DNS_TRANSACTION_ATTEMPTS_MAX 16
5eef597e MP	173
	174	/* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */
	175	#define LLMNR_TRANSACTION_ATTEMPTS_MAX 3
	176
4c89c718	177	#define TRANSACTION_ATTEMPTS_MAX(p) ((p) == DNS_PROTOCOL_LLMNR ? LLMNR_TRANSACTION_ATTEMPTS_MAX : DNS_TRANSACTION_ATTEMPTS_MAX)