Systemd/src/resolve/resolved-dns-zone.h

/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once

#include "hashmap.h"

typedef struct DnsZone {
        Hashmap *by_key;
        Hashmap *by_name;
} DnsZone;

typedef struct DnsZoneItem DnsZoneItem;
typedef enum DnsZoneItemState DnsZoneItemState;

#include "resolved-dns-answer.h"
#include "resolved-dns-question.h"
#include "resolved-dns-rr.h"
#include "resolved-dns-transaction.h"

/* RFC 4795 Section 2.8. suggests a TTL of 30s by default */
#define LLMNR_DEFAULT_TTL (30)

/* RFC 6762 Section 10. suggests a TTL of 120s by default */
#define MDNS_DEFAULT_TTL (120)

enum DnsZoneItemState {
        DNS_ZONE_ITEM_PROBING,
        DNS_ZONE_ITEM_ESTABLISHED,
        DNS_ZONE_ITEM_VERIFYING,
        DNS_ZONE_ITEM_WITHDRAWN,
};

struct DnsZoneItem {
        DnsScope *scope;
        DnsResourceRecord *rr;

        DnsZoneItemState state;

        unsigned block_ready;

        bool probing_enabled;

        LIST_FIELDS(DnsZoneItem, by_key);
        LIST_FIELDS(DnsZoneItem, by_name);

        DnsTransaction *probe_transaction;
};

void dns_zone_flush(DnsZone *z);

int dns_zone_put(DnsZone *z, DnsScope *s, DnsResourceRecord *rr, bool probe);
DnsZoneItem* dns_zone_get(DnsZone *z, DnsResourceRecord *rr);
void dns_zone_remove_rr(DnsZone *z, DnsResourceRecord *rr);
int dns_zone_remove_rrs_by_key(DnsZone *z, DnsResourceKey *key);

int dns_zone_lookup(DnsZone *z, DnsResourceKey *key, int ifindex, DnsAnswer **answer, DnsAnswer **soa, bool *tentative);

void dns_zone_item_conflict(DnsZoneItem *i);
void dns_zone_item_notify(DnsZoneItem *i);

int dns_zone_check_conflicts(DnsZone *zone, DnsResourceRecord *rr);
int dns_zone_verify_conflicts(DnsZone *zone, DnsResourceKey *key);

void dns_zone_verify_all(DnsZone *zone);

void dns_zone_item_probe_stop(DnsZoneItem *i);

void dns_zone_dump(DnsZone *zone, FILE *f);
bool dns_zone_is_empty(DnsZone *zone);
bool dns_zone_contains_name(DnsZone *z, const char *name);
license: LGPL-2.1+ -> LGPL-2.1-or-later 2020-11-09 05:23:58 +01:00			`/* SPDX-License-Identifier: LGPL-2.1-or-later */`
resolve: add llmnr responder side for UDP and TCP Name defending is still missing. 2014-07-29 14:24:02 +02:00			`#pragma once`

			`#include "hashmap.h"`

			`typedef struct DnsZone {`
			`Hashmap *by_key;`
			`Hashmap *by_name;`
			`} DnsZone;`

resolved: implement LLMNR uniqueness verification 2014-07-31 17:46:40 +02:00			`typedef struct DnsZoneItem DnsZoneItem;`
			`typedef enum DnsZoneItemState DnsZoneItemState;`

resolve: add llmnr responder side for UDP and TCP Name defending is still missing. 2014-07-29 14:24:02 +02:00			`#include "resolved-dns-answer.h"`
tree-wide: sort includes in *.h This is a continuation of the previous include sort patch, which only sorted for .c files. 2015-11-18 22:46:33 +01:00			`#include "resolved-dns-question.h"`
			`#include "resolved-dns-rr.h"`
resolved: implement LLMNR uniqueness verification 2014-07-31 17:46:40 +02:00			`#include "resolved-dns-transaction.h"`

			`/* RFC 4795 Section 2.8. suggests a TTL of 30s by default */`
			`#define LLMNR_DEFAULT_TTL (30)`

resolved: populate mDNS scopes' zones with RRs for the host Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com> 2016-12-02 10:58:00 +01:00			`/* RFC 6762 Section 10. suggests a TTL of 120s by default */`
			`#define MDNS_DEFAULT_TTL (120)`

resolved: implement LLMNR uniqueness verification 2014-07-31 17:46:40 +02:00			`enum DnsZoneItemState {`
			`DNS_ZONE_ITEM_PROBING,`
			`DNS_ZONE_ITEM_ESTABLISHED,`
			`DNS_ZONE_ITEM_VERIFYING,`
			`DNS_ZONE_ITEM_WITHDRAWN,`
			`};`

			`struct DnsZoneItem {`
			`DnsScope *scope;`
			`DnsResourceRecord *rr;`

			`DnsZoneItemState state;`

			`unsigned block_ready;`

			`bool probing_enabled;`

			`LIST_FIELDS(DnsZoneItem, by_key);`
			`LIST_FIELDS(DnsZoneItem, by_name);`

			`DnsTransaction *probe_transaction;`
			`};`
resolve: add llmnr responder side for UDP and TCP Name defending is still missing. 2014-07-29 14:24:02 +02:00
			`void dns_zone_flush(DnsZone *z);`

resolved: implement LLMNR uniqueness verification 2014-07-31 17:46:40 +02:00			`int dns_zone_put(DnsZone z, DnsScope s, DnsResourceRecord *rr, bool probe);`
resolved: detect and handle mDNS race condition upon probing As discussed in RFC 6762, Section 8.2 a race condition may happen when two hosts are probing for the same name simultaniously. Detect and handle such race conditions. 2017-10-17 10:35:06 +02:00			`DnsZoneItem* dns_zone_get(DnsZone z, DnsResourceRecord rr);`
resolve: add llmnr responder side for UDP and TCP Name defending is still missing. 2014-07-29 14:24:02 +02:00			`void dns_zone_remove_rr(DnsZone z, DnsResourceRecord rr);`
resolved: put DNS-SD records to mDNS-enabled zones. 2017-10-04 10:34:39 +02:00			`int dns_zone_remove_rrs_by_key(DnsZone z, DnsResourceKey key);`
resolve: add llmnr responder side for UDP and TCP Name defending is still missing. 2014-07-29 14:24:02 +02:00
resolved: make sure we initialize the ifindex of direct zone answers properly Previously, after checking the local zone for a reply and finding one we'd not initialize the answer ifindex from that. Let's fix that. 2016-06-14 23:28:54 +02:00			`int dns_zone_lookup(DnsZone z, DnsResourceKey key, int ifindex, DnsAnswer answer, DnsAnswer soa, bool *tentative);`
resolved: properly set TTL in SOA records 2014-07-30 19:34:50 +02:00
resolved: implement LLMNR uniqueness verification 2014-07-31 17:46:40 +02:00			`void dns_zone_item_conflict(DnsZoneItem *i);`
resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled This adds initial support for validating RRSIG/DNSKEY/DS chains when doing lookups. Proof-of-non-existance, or proof-of-unsigned-zones is not implemented yet. With this change DnsTransaction objects will generate additional DnsTransaction objects when looking for DNSKEY or DS RRs to validate an RRSIG on a response. DnsTransaction objects are thus created for three reasons now: 1) Because a user asked for something to be resolved, i.e. requested by a DnsQuery/DnsQueryCandidate object. 2) As result of LLMNR RR probing, requested by a DnsZoneItem. 3) Because another DnsTransaction requires the requested RRs for validation of its own response. DnsTransactions are shared between all these users, and are GC automatically as soon as all of these users don't need a specific transaction anymore. To unify the handling of these three reasons for existance for a DnsTransaction, a new common naming is introduced: each DnsTransaction now tracks its "owners" via a Set* object named "notify_xyz", containing all owners to notify on completion. A new DnsTransaction state is introduced called "VALIDATING" that is entered after a response has been receieved which needs to be validated, as long as we are still waiting for the DNSKEY/DS RRs from other DnsTransactions. This patch will request the DNSKEY/DS RRs bottom-up, and then validate them top-down. Caching of RRs is now only done after verification, so that the cache is not poisoned with known invalid data. The "DnsAnswer" object gained a substantial number of new calls, since we need to add/remove RRs to it dynamically now. 2015-12-09 18:13:16 +01:00			`void dns_zone_item_notify(DnsZoneItem *i);`
resolved: implement full LLMNR conflict detection logic 2014-08-06 16:15:35 +02:00
			`int dns_zone_check_conflicts(DnsZone zone, DnsResourceRecord rr);`
			`int dns_zone_verify_conflicts(DnsZone zone, DnsResourceKey key);`
resolved: verify all RRs when we come back from suspend 2014-08-06 16:59:48 +02:00
			`void dns_zone_verify_all(DnsZone *zone);`
resolved: make sure we don't mark the wrong zone RRs conflicting 2014-08-10 22:28:12 +02:00
			`void dns_zone_item_probe_stop(DnsZoneItem *i);`
resolved: dump cache and zone contents to syslog on SIGUSR1 2015-08-26 09:41:45 +02:00
			`void dns_zone_dump(DnsZone zone, FILE f);`
			`bool dns_zone_is_empty(DnsZone *zone);`
resolved: announce DNS-SD records in mDNS scopes 2017-10-04 09:07:44 +02:00			`bool dns_zone_contains_name(DnsZone z, const char name);`