diff options
Diffstat (limited to 'src/resolve/resolved-dns-query.c')
| -rw-r--r-- | src/resolve/resolved-dns-query.c | 150 | 
1 files changed, 86 insertions, 64 deletions
| diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c index 089d9fb70d..1948d59fc4 100644 --- a/src/resolve/resolved-dns-query.c +++ b/src/resolve/resolved-dns-query.c @@ -59,7 +59,7 @@ static void dns_query_candidate_stop(DnsQueryCandidate *c) {          assert(c);          while ((t = set_steal_first(c->transactions))) { -                set_remove(t->query_candidates, c); +                set_remove(t->notify_query_candidates, c);                  dns_transaction_gc(t);          }  } @@ -116,32 +116,35 @@ static int dns_query_candidate_add_transaction(DnsQueryCandidate *c, DnsResource          assert(c);          assert(key); -        r = set_ensure_allocated(&c->transactions, NULL); -        if (r < 0) -                return r; -          t = dns_scope_find_transaction(c->scope, key, true);          if (!t) {                  r = dns_transaction_new(&t, c->scope, key);                  if (r < 0)                          return r; +        } else { +                if (set_contains(c->transactions, t)) +                        return 0;          } -        r = set_ensure_allocated(&t->query_candidates, NULL); +        r = set_ensure_allocated(&c->transactions, NULL); +        if (r < 0) +                goto gc; + +        r = set_ensure_allocated(&t->notify_query_candidates, NULL);          if (r < 0)                  goto gc; -        r = set_put(t->query_candidates, c); +        r = set_put(t->notify_query_candidates, c);          if (r < 0)                  goto gc;          r = set_put(c->transactions, t);          if (r < 0) { -                set_remove(t->query_candidates, c); +                (void) set_remove(t->notify_query_candidates, c);                  goto gc;          } -        return 0; +        return 1;  gc:          dns_transaction_gc(t); @@ -182,9 +185,21 @@ static DnsTransactionState dns_query_candidate_state(DnsQueryCandidate *c) {                  switch (t->state) { -                case DNS_TRANSACTION_PENDING:                  case DNS_TRANSACTION_NULL: -                        return t->state; +                        /* If there's a NULL transaction pending, then +                         * this means not all transactions where +                         * started yet, and we were called from within +                         * the stackframe that is supposed to start +                         * remaining transactions. In this case, +                         * simply claim the candidate is pending. */ + +                case DNS_TRANSACTION_PENDING: +                case DNS_TRANSACTION_VALIDATING: +                        /* If there's one transaction currently in +                         * VALIDATING state, then this means there's +                         * also one in PENDING state, hence we can +                         * return PENDING immediately. */ +                        return DNS_TRANSACTION_PENDING;                  case DNS_TRANSACTION_SUCCESS:                          state = t->state; @@ -233,7 +248,7 @@ fail:          return r;  } -void dns_query_candidate_ready(DnsQueryCandidate *c) { +void dns_query_candidate_notify(DnsQueryCandidate *c) {          DnsTransactionState state;          int r; @@ -241,7 +256,7 @@ void dns_query_candidate_ready(DnsQueryCandidate *c) {          state = dns_query_candidate_state(c); -        if (IN_SET(state, DNS_TRANSACTION_PENDING, DNS_TRANSACTION_NULL)) +        if (DNS_TRANSACTION_IS_LIVE(state))                  return;          if (state != DNS_TRANSACTION_SUCCESS && c->search_domain) { @@ -394,8 +409,8 @@ int dns_query_make_auxiliary(DnsQuery *q, DnsQuery *auxiliary_for) {  static void dns_query_complete(DnsQuery *q, DnsTransactionState state) {          assert(q); -        assert(!IN_SET(state, DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING)); -        assert(IN_SET(q->state, DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING)); +        assert(!DNS_TRANSACTION_IS_LIVE(state)); +        assert(DNS_TRANSACTION_IS_LIVE(q->state));          /* Note that this call might invalidate the query. Callers           * should hence not attempt to access the query or transaction @@ -539,7 +554,7 @@ static int synthesize_localhost_rr(DnsQuery *q, DnsResourceKey *key, DnsAnswer *                  rr->a.in_addr.s_addr = htobe32(INADDR_LOOPBACK); -                r = dns_answer_add(*answer, rr, SYNTHESIZE_IFINDEX(q->ifindex)); +                r = dns_answer_add(*answer, rr, SYNTHESIZE_IFINDEX(q->ifindex), DNS_ANSWER_AUTHENTICATED);                  if (r < 0)                          return r;          } @@ -553,7 +568,7 @@ static int synthesize_localhost_rr(DnsQuery *q, DnsResourceKey *key, DnsAnswer *                  rr->aaaa.in6_addr = in6addr_loopback; -                r = dns_answer_add(*answer, rr, SYNTHESIZE_IFINDEX(q->ifindex)); +                r = dns_answer_add(*answer, rr, SYNTHESIZE_IFINDEX(q->ifindex), DNS_ANSWER_AUTHENTICATED);                  if (r < 0)                          return r;          } @@ -561,7 +576,7 @@ static int synthesize_localhost_rr(DnsQuery *q, DnsResourceKey *key, DnsAnswer *          return 0;  } -static int answer_add_ptr(DnsAnswer **answer, const char *from, const char *to, int ifindex) { +static int answer_add_ptr(DnsAnswer **answer, const char *from, const char *to, int ifindex, DnsAnswerFlags flags) {          _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;          rr = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_PTR, from); @@ -572,7 +587,7 @@ static int answer_add_ptr(DnsAnswer **answer, const char *from, const char *to,          if (!rr->ptr.name)                  return -ENOMEM; -        return dns_answer_add(*answer, rr, ifindex); +        return dns_answer_add(*answer, rr, ifindex, flags);  }  static int synthesize_localhost_ptr(DnsQuery *q, DnsResourceKey *key, DnsAnswer **answer) { @@ -582,12 +597,12 @@ static int synthesize_localhost_ptr(DnsQuery *q, DnsResourceKey *key, DnsAnswer          assert(key);          assert(answer); -        r = dns_answer_reserve(answer, 1); -        if (r < 0) -                return r; -          if (IN_SET(key->type, DNS_TYPE_PTR, DNS_TYPE_ANY)) { -                r = answer_add_ptr(answer, DNS_RESOURCE_KEY_NAME(key), "localhost", SYNTHESIZE_IFINDEX(q->ifindex)); +                r = dns_answer_reserve(answer, 1); +                if (r < 0) +                        return r; + +                r = answer_add_ptr(answer, DNS_RESOURCE_KEY_NAME(key), "localhost", SYNTHESIZE_IFINDEX(q->ifindex), DNS_ANSWER_AUTHENTICATED);                  if (r < 0)                          return r;          } @@ -618,7 +633,7 @@ static int answer_add_addresses_rr(                  if (r < 0)                          return r; -                r = dns_answer_add(*answer, rr, addresses[j].ifindex); +                r = dns_answer_add(*answer, rr, addresses[j].ifindex, DNS_ANSWER_AUTHENTICATED);                  if (r < 0)                          return r;          } @@ -659,7 +674,7 @@ static int answer_add_addresses_ptr(                  if (r < 0)                          return r; -                r = dns_answer_add(*answer, rr, addresses[j].ifindex); +                r = dns_answer_add(*answer, rr, addresses[j].ifindex, DNS_ANSWER_AUTHENTICATED);                  if (r < 0)                          return r;          } @@ -725,15 +740,15 @@ static int synthesize_system_hostname_ptr(DnsQuery *q, int af, const union in_ad                  if (r < 0)                          return r; -                r = answer_add_ptr(answer, "2.0.0.127.in-addr.arpa", q->manager->llmnr_hostname, SYNTHESIZE_IFINDEX(q->ifindex)); +                r = answer_add_ptr(answer, "2.0.0.127.in-addr.arpa", q->manager->llmnr_hostname, SYNTHESIZE_IFINDEX(q->ifindex), DNS_ANSWER_AUTHENTICATED);                  if (r < 0)                          return r; -                r = answer_add_ptr(answer, "2.0.0.127.in-addr.arpa", q->manager->mdns_hostname, SYNTHESIZE_IFINDEX(q->ifindex)); +                r = answer_add_ptr(answer, "2.0.0.127.in-addr.arpa", q->manager->mdns_hostname, SYNTHESIZE_IFINDEX(q->ifindex), DNS_ANSWER_AUTHENTICATED);                  if (r < 0)                          return r; -                r = answer_add_ptr(answer, "2.0.0.127.in-addr.arpa", "localhost", SYNTHESIZE_IFINDEX(q->ifindex)); +                r = answer_add_ptr(answer, "2.0.0.127.in-addr.arpa", "localhost", SYNTHESIZE_IFINDEX(q->ifindex), DNS_ANSWER_AUTHENTICATED);                  if (r < 0)                          return r; @@ -795,7 +810,7 @@ static int dns_query_synthesize_reply(DnsQuery *q, DnsTransactionState *state) {          /* Tries to synthesize localhost RR replies where appropriate */          if (!IN_SET(*state, -                    DNS_TRANSACTION_FAILURE, +                    DNS_TRANSACTION_RCODE_FAILURE,                      DNS_TRANSACTION_NO_SERVERS,                      DNS_TRANSACTION_TIMEOUT,                      DNS_TRANSACTION_ATTEMPTS_MAX_REACHED)) @@ -946,6 +961,8 @@ int dns_query_go(DnsQuery *q) {          if (r < 0)                  goto fail; +        (void) sd_event_source_set_description(q->timeout_event_source, "query-timeout"); +          q->state = DNS_TRANSACTION_PENDING;          q->block_ready++; @@ -970,9 +987,11 @@ fail:  static void dns_query_accept(DnsQuery *q, DnsQueryCandidate *c) {          DnsTransactionState state = DNS_TRANSACTION_NO_SERVERS; +        bool has_authenticated = false, has_non_authenticated = false; +        DnssecResult dnssec_result_authenticated = _DNSSEC_RESULT_INVALID, dnssec_result_non_authenticated = _DNSSEC_RESULT_INVALID;          DnsTransaction *t;          Iterator i; -        bool has_authenticated = false, has_non_authenticated = false; +        int r;          assert(q); @@ -988,29 +1007,29 @@ static void dns_query_accept(DnsQuery *q, DnsQueryCandidate *c) {                  case DNS_TRANSACTION_SUCCESS: {                          /* We found a successfuly reply, merge it into the answer */ -                        DnsAnswer *merged; - -                        merged = dns_answer_merge(q->answer, t->answer); -                        if (!merged) { +                        r = dns_answer_extend(&q->answer, t->answer); +                        if (r < 0) {                                  dns_query_complete(q, DNS_TRANSACTION_RESOURCES);                                  return;                          } -                        dns_answer_unref(q->answer); -                        q->answer = merged;                          q->answer_rcode = t->answer_rcode; -                        if (t->answer_authenticated) +                        if (t->answer_authenticated) {                                  has_authenticated = true; -                        else +                                dnssec_result_authenticated = t->answer_dnssec_result; +                        } else {                                  has_non_authenticated = true; +                                dnssec_result_non_authenticated = t->answer_dnssec_result; +                        }                          state = DNS_TRANSACTION_SUCCESS;                          break;                  } -                case DNS_TRANSACTION_PENDING:                  case DNS_TRANSACTION_NULL: +                case DNS_TRANSACTION_PENDING: +                case DNS_TRANSACTION_VALIDATING:                  case DNS_TRANSACTION_ABORTED:                          /* Ignore transactions that didn't complete */                          continue; @@ -1019,22 +1038,25 @@ static void dns_query_accept(DnsQuery *q, DnsQueryCandidate *c) {                          /* Any kind of failure? Store the data away,                           * if there's nothing stored yet. */ -                        if (state != DNS_TRANSACTION_SUCCESS) { - -                                dns_answer_unref(q->answer); -                                q->answer = dns_answer_ref(t->answer); -                                q->answer_rcode = t->answer_rcode; +                        if (state == DNS_TRANSACTION_SUCCESS) +                                continue; -                                state = t->state; -                        } +                        q->answer = dns_answer_unref(q->answer); +                        q->answer_rcode = t->answer_rcode; +                        q->answer_dnssec_result = t->answer_dnssec_result; +                        state = t->state;                          break;                  }          } +        if (state == DNS_TRANSACTION_SUCCESS) { +                q->answer_authenticated = has_authenticated && !has_non_authenticated; +                q->answer_dnssec_result = q->answer_authenticated ? dnssec_result_authenticated : dnssec_result_non_authenticated; +        } +          q->answer_protocol = c->scope->protocol;          q->answer_family = c->scope->family; -        q->answer_authenticated = has_authenticated && !has_non_authenticated;          dns_search_domain_unref(q->answer_search_domain);          q->answer_search_domain = dns_search_domain_ref(c->search_domain); @@ -1049,7 +1071,7 @@ void dns_query_ready(DnsQuery *q) {          bool pending = false;          assert(q); -        assert(IN_SET(q->state, DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING)); +        assert(DNS_TRANSACTION_IS_LIVE(q->state));          /* Note that this call might invalidate the query. Callers           * should hence not attempt to access the query or transaction @@ -1066,14 +1088,16 @@ void dns_query_ready(DnsQuery *q) {                  switch (state) {                  case DNS_TRANSACTION_SUCCESS: -                        /* One of the transactions is successful, +                        /* One of the candidates is successful,                           * let's use it, and copy its data out */                          dns_query_accept(q, c);                          return; -                case DNS_TRANSACTION_PENDING:                  case DNS_TRANSACTION_NULL: -                        /* One of the transactions is still going on, let's maybe wait for it */ +                case DNS_TRANSACTION_PENDING: +                case DNS_TRANSACTION_VALIDATING: +                        /* One of the candidates is still going on, +                         * let's maybe wait for it */                          pending = true;                          break; @@ -1096,6 +1120,8 @@ static int dns_query_cname_redirect(DnsQuery *q, const DnsResourceRecord *cname)          assert(q); +        log_debug("Following CNAME %s → %s", dns_question_first_name(q->question), cname->cname.name); +          q->n_cname_redirects ++;          if (q->n_cname_redirects > CNAME_MAX)                  return -ELOOP; @@ -1121,8 +1147,8 @@ int dns_query_process_cname(DnsQuery *q) {          assert(q); -        if (q->state != DNS_TRANSACTION_SUCCESS) -                return 0; +        if (!IN_SET(q->state, DNS_TRANSACTION_SUCCESS, DNS_TRANSACTION_NULL)) +                return DNS_QUERY_NOMATCH;          DNS_ANSWER_FOREACH(rr, q->answer) { @@ -1130,7 +1156,7 @@ int dns_query_process_cname(DnsQuery *q) {                  if (r < 0)                          return r;                  if (r > 0) -                        return 0; /* The answer matches directly, no need to follow cnames */ +                        return DNS_QUERY_MATCH; /* The answer matches directly, no need to follow cnames */                  r = dns_question_matches_cname(q->question, rr, DNS_SEARCH_DOMAIN_NAME(q->answer_search_domain));                  if (r < 0) @@ -1140,7 +1166,7 @@ int dns_query_process_cname(DnsQuery *q) {          }          if (!cname) -                return 0; /* No cname to follow */ +                return DNS_QUERY_NOMATCH; /* No match and no cname to follow */          if (q->flags & SD_RESOLVED_NO_CNAME)                  return -ELOOP; @@ -1152,20 +1178,16 @@ int dns_query_process_cname(DnsQuery *q) {          /* Let's see if the answer can already answer the new           * redirected question */ -        DNS_ANSWER_FOREACH(rr, q->answer) { -                r = dns_question_matches_rr(q->question, rr, NULL); -                if (r < 0) -                        return r; -                if (r > 0) -                        return 0; /* It can answer it, yay! */ -        } +        r = dns_query_process_cname(q); +        if (r != DNS_QUERY_NOMATCH) +                return r;          /* OK, it cannot, let's begin with the new query */          r = dns_query_go(q);          if (r < 0)                  return r; -        return 1; /* We return > 0, if we restarted the query for a new cname */ +        return DNS_QUERY_RESTARTED; /* We restarted the query for a new cname */  }  static int on_bus_track(sd_bus_track *t, void *userdata) { | 
