blob: ab13636bc182d3bb99ff2b3e038c7042932af08d [file] [log] [blame] [raw]
/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
/***
This file is part of systemd.
Copyright 2014 Lennart Poettering
systemd is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
#include "resolved-dns-cache.h"
#include "resolved-dns-packet.h"
/* Never cache more than 1K entries */
#define CACHE_MAX 1024
/* We never keep any item longer than 10min in our cache */
#define CACHE_TTL_MAX_USEC (10 * USEC_PER_MINUTE)
typedef enum DnsCacheItemType DnsCacheItemType;
typedef struct DnsCacheItem DnsCacheItem;
enum DnsCacheItemType {
DNS_CACHE_POSITIVE,
DNS_CACHE_NODATA,
DNS_CACHE_NXDOMAIN,
};
struct DnsCacheItem {
DnsResourceKey *key;
DnsResourceRecord *rr;
usec_t until;
DnsCacheItemType type;
unsigned prioq_idx;
int owner_family;
union in_addr_union owner_address;
LIST_FIELDS(DnsCacheItem, by_key);
};
static void dns_cache_item_free(DnsCacheItem *i) {
if (!i)
return;
dns_resource_record_unref(i->rr);
dns_resource_key_unref(i->key);
free(i);
}
DEFINE_TRIVIAL_CLEANUP_FUNC(DnsCacheItem*, dns_cache_item_free);
static void dns_cache_item_remove_and_free(DnsCache *c, DnsCacheItem *i) {
DnsCacheItem *first;
assert(c);
if (!i)
return;
first = hashmap_get(c->by_key, i->key);
LIST_REMOVE(by_key, first, i);
if (first)
assert_se(hashmap_replace(c->by_key, first->key, first) >= 0);
else
hashmap_remove(c->by_key, i->key);
prioq_remove(c->by_expiry, i, &i->prioq_idx);
dns_cache_item_free(i);
}
void dns_cache_flush(DnsCache *c) {
DnsCacheItem *i;
assert(c);
while ((i = hashmap_first(c->by_key)))
dns_cache_item_remove_and_free(c, i);
assert(hashmap_size(c->by_key) == 0);
assert(prioq_size(c->by_expiry) == 0);
c->by_key = hashmap_free(c->by_key);
c->by_expiry = prioq_free(c->by_expiry);
}
static bool dns_cache_remove(DnsCache *c, DnsResourceKey *key) {
DnsCacheItem *i;
bool exist = false;
assert(c);
assert(key);
while ((i = hashmap_get(c->by_key, key))) {
dns_cache_item_remove_and_free(c, i);
exist = true;
}
return exist;
}
static void dns_cache_make_space(DnsCache *c, unsigned add) {
assert(c);
if (add <= 0)
return;
/* Makes space for n new entries. Note that we actually allow
* the cache to grow beyond CACHE_MAX, but only when we shall
* add more RRs to the cache than CACHE_MAX at once. In that
* case the cache will be emptied completely otherwise. */
for (;;) {
_cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
DnsCacheItem *i;
if (prioq_size(c->by_expiry) <= 0)
break;
if (prioq_size(c->by_expiry) + add < CACHE_MAX)
break;
i = prioq_peek(c->by_expiry);
assert(i);
/* Take an extra reference to the key so that it
* doesn't go away in the middle of the remove call */
key = dns_resource_key_ref(i->key);
dns_cache_remove(c, key);
}
}
void dns_cache_prune(DnsCache *c) {
usec_t t = 0;
assert(c);
/* Remove all entries that are past their TTL */
for (;;) {
_cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
DnsCacheItem *i;
i = prioq_peek(c->by_expiry);
if (!i)
break;
if (t <= 0)
t = now(clock_boottime_or_monotonic());
if (i->until > t)
break;
/* Take an extra reference to the key so that it
* doesn't go away in the middle of the remove call */
key = dns_resource_key_ref(i->key);
dns_cache_remove(c, key);
}
}
static int dns_cache_item_prioq_compare_func(const void *a, const void *b) {
const DnsCacheItem *x = a, *y = b;
if (x->until < y->until)
return -1;
if (x->until > y->until)
return 1;
return 0;
}
static int dns_cache_init(DnsCache *c) {
int r;
assert(c);
r = prioq_ensure_allocated(&c->by_expiry, dns_cache_item_prioq_compare_func);
if (r < 0)
return r;
r = hashmap_ensure_allocated(&c->by_key, &dns_resource_key_hash_ops);
if (r < 0)
return r;
return r;
}
static int dns_cache_link_item(DnsCache *c, DnsCacheItem *i) {
DnsCacheItem *first;
int r;
assert(c);
assert(i);
r = prioq_put(c->by_expiry, i, &i->prioq_idx);
if (r < 0)
return r;
first = hashmap_get(c->by_key, i->key);
if (first) {
LIST_PREPEND(by_key, first, i);
assert_se(hashmap_replace(c->by_key, first->key, first) >= 0);
} else {
r = hashmap_put(c->by_key, i->key, i);
if (r < 0) {
prioq_remove(c->by_expiry, i, &i->prioq_idx);
return r;
}
}
return 0;
}
static DnsCacheItem* dns_cache_get(DnsCache *c, DnsResourceRecord *rr) {
DnsCacheItem *i;
assert(c);
assert(rr);
LIST_FOREACH(by_key, i, hashmap_get(c->by_key, rr->key))
if (i->rr && dns_resource_record_equal(i->rr, rr) > 0)
return i;
return NULL;
}
static void dns_cache_item_update_positive(DnsCache *c, DnsCacheItem *i, DnsResourceRecord *rr, usec_t timestamp) {
assert(c);
assert(i);
assert(rr);
i->type = DNS_CACHE_POSITIVE;
if (!i->by_key_prev)
/* We are the first item in the list, we need to
* update the key used in the hashmap */
assert_se(hashmap_replace(c->by_key, rr->key, i) >= 0);
dns_resource_record_ref(rr);
dns_resource_record_unref(i->rr);
i->rr = rr;
dns_resource_key_unref(i->key);
i->key = dns_resource_key_ref(rr->key);
i->until = timestamp + MIN(rr->ttl * USEC_PER_SEC, CACHE_TTL_MAX_USEC);
prioq_reshuffle(c->by_expiry, i, &i->prioq_idx);
}
static int dns_cache_put_positive(
DnsCache *c,
DnsResourceRecord *rr,
usec_t timestamp,
int owner_family,
const union in_addr_union *owner_address) {
_cleanup_(dns_cache_item_freep) DnsCacheItem *i = NULL;
_cleanup_free_ char *key_str = NULL;
DnsCacheItem *existing;
int r;
assert(c);
assert(rr);
assert(owner_address);
/* New TTL is 0? Delete the entry... */
if (rr->ttl <= 0) {
r = dns_resource_key_to_string(rr->key, &key_str);
if (r < 0)
return r;
if (dns_cache_remove(c, rr->key))
log_debug("Removed zero TTL entry from cache: %s", key_str);
else
log_debug("Not caching zero TTL cache entry: %s", key_str);
return 0;
}
if (rr->key->class == DNS_CLASS_ANY)
return 0;
if (rr->key->type == DNS_TYPE_ANY)
return 0;
/* Entry exists already? Update TTL and timestamp */
existing = dns_cache_get(c, rr);
if (existing) {
dns_cache_item_update_positive(c, existing, rr, timestamp);
return 0;
}
/* Otherwise, add the new RR */
r = dns_cache_init(c);
if (r < 0)
return r;
dns_cache_make_space(c, 1);
i = new0(DnsCacheItem, 1);
if (!i)
return -ENOMEM;
i->type = DNS_CACHE_POSITIVE;
i->key = dns_resource_key_ref(rr->key);
i->rr = dns_resource_record_ref(rr);
i->until = timestamp + MIN(i->rr->ttl * USEC_PER_SEC, CACHE_TTL_MAX_USEC);
i->prioq_idx = PRIOQ_IDX_NULL;
i->owner_family = owner_family;
i->owner_address = *owner_address;
r = dns_cache_link_item(c, i);
if (r < 0)
return r;
r = dns_resource_key_to_string(i->key, &key_str);
if (r < 0)
return r;
log_debug("Added cache entry for %s", key_str);
i = NULL;
return 0;
}
static int dns_cache_put_negative(
DnsCache *c,
DnsResourceKey *key,
int rcode,
usec_t timestamp,
uint32_t soa_ttl,
int owner_family,
const union in_addr_union *owner_address) {
_cleanup_(dns_cache_item_freep) DnsCacheItem *i = NULL;
_cleanup_free_ char *key_str = NULL;
int r;
assert(c);
assert(key);
assert(owner_address);
dns_cache_remove(c, key);
if (key->class == DNS_CLASS_ANY)
return 0;
if (key->type == DNS_TYPE_ANY)
return 0;
if (soa_ttl <= 0) {
r = dns_resource_key_to_string(key, &key_str);
if (r < 0)
return r;
log_debug("Not caching negative entry with zero SOA TTL: %s", key_str);
return 0;
}
if (!IN_SET(rcode, DNS_RCODE_SUCCESS, DNS_RCODE_NXDOMAIN))
return 0;
r = dns_cache_init(c);
if (r < 0)
return r;
dns_cache_make_space(c, 1);
i = new0(DnsCacheItem, 1);
if (!i)
return -ENOMEM;
i->type = rcode == DNS_RCODE_SUCCESS ? DNS_CACHE_NODATA : DNS_CACHE_NXDOMAIN;
i->key = dns_resource_key_ref(key);
i->until = timestamp + MIN(soa_ttl * USEC_PER_SEC, CACHE_TTL_MAX_USEC);
i->prioq_idx = PRIOQ_IDX_NULL;
i->owner_family = owner_family;
i->owner_address = *owner_address;
r = dns_cache_link_item(c, i);
if (r < 0)
return r;
r = dns_resource_key_to_string(i->key, &key_str);
if (r < 0)
return r;
log_debug("Added %s cache entry for %s", i->type == DNS_CACHE_NODATA ? "NODATA" : "NXDOMAIN", key_str);
i = NULL;
return 0;
}
int dns_cache_put(
DnsCache *c,
DnsResourceKey *key,
int rcode,
DnsAnswer *answer,
unsigned max_rrs,
usec_t timestamp,
int owner_family,
const union in_addr_union *owner_address) {
DnsResourceRecord *soa = NULL;
unsigned cache_keys, i;
int r;
assert(c);
if (key) {
/* First, if we were passed a key, delete all matching old RRs,
* so that we only keep complete by_key in place. */
dns_cache_remove(c, key);
}
if (!answer)
return 0;
for (i = 0; i < answer->n_rrs; i++)
dns_cache_remove(c, answer->items[i].rr->key);
/* We only care for positive replies and NXDOMAINs, on all
* other replies we will simply flush the respective entries,
* and that's it */
if (!IN_SET(rcode, DNS_RCODE_SUCCESS, DNS_RCODE_NXDOMAIN))
return 0;
cache_keys = answer->n_rrs;
if (key)
cache_keys ++;
/* Make some space for our new entries */
dns_cache_make_space(c, cache_keys);
if (timestamp <= 0)
timestamp = now(clock_boottime_or_monotonic());
/* Second, add in positive entries for all contained RRs */
for (i = 0; i < MIN(max_rrs, answer->n_rrs); i++) {
r = dns_cache_put_positive(c, answer->items[i].rr, timestamp, owner_family, owner_address);
if (r < 0)
goto fail;
}
if (!key)
return 0;
/* Third, add in negative entries if the key has no RR */
r = dns_answer_contains(answer, key);
if (r < 0)
goto fail;
if (r > 0)
return 0;
/* See https://tools.ietf.org/html/rfc2308, which
* say that a matching SOA record in the packet
* is used to to enable negative caching. */
r = dns_answer_find_soa(answer, key, &soa);
if (r < 0)
goto fail;
if (r == 0)
return 0;
/* Also, if the requested key is an alias, the negative response should
be cached for each name in the redirect chain. Any CNAME record in
the response is from the redirection chain, though only the final one
is guaranteed to be included. This means that we cannot verify the
chain and that we need to cache them all as it may be incomplete. */
for (i = 0; i < answer->n_rrs; i++) {
DnsResourceRecord *answer_rr = answer->items[i].rr;
if (answer_rr->key->type == DNS_TYPE_CNAME) {
_cleanup_(dns_resource_key_unrefp) DnsResourceKey *canonical_key = NULL;
canonical_key = dns_resource_key_new_redirect(key, answer_rr);
if (!canonical_key)
goto fail;
/* Let's not add negative cache entries for records outside the current zone. */
if (!dns_answer_match_soa(canonical_key, soa->key))
continue;
r = dns_cache_put_negative(c, canonical_key, rcode, timestamp, MIN(soa->soa.minimum, soa->ttl), owner_family, owner_address);
if (r < 0)
goto fail;
}
}
r = dns_cache_put_negative(c, key, rcode, timestamp, MIN(soa->soa.minimum, soa->ttl), owner_family, owner_address);
if (r < 0)
goto fail;
return 0;
fail:
/* Adding all RRs failed. Let's clean up what we already
* added, just in case */
if (key)
dns_cache_remove(c, key);
for (i = 0; i < answer->n_rrs; i++)
dns_cache_remove(c, answer->items[i].rr->key);
return r;
}
static DnsCacheItem *dns_cache_get_by_key_follow_cname(DnsCache *c, DnsResourceKey *k) {
_cleanup_(dns_resource_key_unrefp) DnsResourceKey *cname_key = NULL;
DnsCacheItem *i, *j;
assert(c);
assert(k);
i = hashmap_get(c->by_key, k);
if (i || k->type == DNS_TYPE_CNAME)
return i;
/* check if we have a CNAME record instead */
cname_key = dns_resource_key_new_cname(k);
if (!cname_key)
return NULL;
j = hashmap_get(c->by_key, cname_key);
if (j)
return j;
return i;
}
int dns_cache_lookup(DnsCache *c, DnsResourceKey *key, int *rcode, DnsAnswer **ret) {
_cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL;
unsigned n = 0;
int r;
bool nxdomain = false;
_cleanup_free_ char *key_str = NULL;
DnsCacheItem *j, *first;
assert(c);
assert(key);
assert(rcode);
assert(ret);
if (key->type == DNS_TYPE_ANY ||
key->class == DNS_CLASS_ANY) {
/* If we have ANY lookups we simply refresh */
r = dns_resource_key_to_string(key, &key_str);
if (r < 0)
return r;
log_debug("Ignoring cache for ANY lookup: %s", key_str);
*ret = NULL;
*rcode = DNS_RCODE_SUCCESS;
return 0;
}
first = dns_cache_get_by_key_follow_cname(c, key);
if (!first) {
/* If one question cannot be answered we need to refresh */
r = dns_resource_key_to_string(key, &key_str);
if (r < 0)
return r;
log_debug("Cache miss for %s", key_str);
*ret = NULL;
*rcode = DNS_RCODE_SUCCESS;
return 0;
}
LIST_FOREACH(by_key, j, first) {
if (j->rr)
n++;
else if (j->type == DNS_CACHE_NXDOMAIN)
nxdomain = true;
}
r = dns_resource_key_to_string(key, &key_str);
if (r < 0)
return r;
log_debug("%s cache hit for %s",
nxdomain ? "NXDOMAIN" :
n > 0 ? "Positive" : "NODATA",
key_str);
if (n <= 0) {
*ret = NULL;
*rcode = nxdomain ? DNS_RCODE_NXDOMAIN : DNS_RCODE_SUCCESS;
return 1;
}
answer = dns_answer_new(n);
if (!answer)
return -ENOMEM;
LIST_FOREACH(by_key, j, first) {
if (!j->rr)
continue;
r = dns_answer_add(answer, j->rr, 0);
if (r < 0)
return r;
}
*ret = answer;
*rcode = DNS_RCODE_SUCCESS;
answer = NULL;
return n;
}
int dns_cache_check_conflicts(DnsCache *cache, DnsResourceRecord *rr, int owner_family, const union in_addr_union *owner_address) {
DnsCacheItem *i, *first;
bool same_owner = true;
assert(cache);
assert(rr);
dns_cache_prune(cache);
/* See if there's a cache entry for the same key. If there
* isn't there's no conflict */
first = hashmap_get(cache->by_key, rr->key);
if (!first)
return 0;
/* See if the RR key is owned by the same owner, if so, there
* isn't a conflict either */
LIST_FOREACH(by_key, i, first) {
if (i->owner_family != owner_family ||
!in_addr_equal(owner_family, &i->owner_address, owner_address)) {
same_owner = false;
break;
}
}
if (same_owner)
return 0;
/* See if there's the exact same RR in the cache. If yes, then
* there's no conflict. */
if (dns_cache_get(cache, rr))
return 0;
/* There's a conflict */
return 1;
}
void dns_cache_dump(DnsCache *cache, FILE *f) {
Iterator iterator;
DnsCacheItem *i;
int r;
if (!cache)
return;
if (!f)
f = stdout;
HASHMAP_FOREACH(i, cache->by_key, iterator) {
DnsCacheItem *j;
LIST_FOREACH(by_key, j, i) {
_cleanup_free_ char *t = NULL;
fputc('\t', f);
if (j->rr) {
r = dns_resource_record_to_string(j->rr, &t);
if (r < 0) {
log_oom();
continue;
}
fputs(t, f);
fputc('\n', f);
} else {
r = dns_resource_key_to_string(j->key, &t);
if (r < 0) {
log_oom();
continue;
}
fputs(t, f);
fputs(" -- ", f);
fputs(j->type == DNS_CACHE_NODATA ? "NODATA" : "NXDOMAIN", f);
fputc('\n', f);
}
}
}
}
bool dns_cache_is_empty(DnsCache *cache) {
if (!cache)
return true;
return hashmap_isempty(cache->by_key);
}