blob: 1348be3d971c34f3bb3937114097abea45260661 [file] [log] [blame]
Baptiste Assmann325137d2015-04-13 23:40:55 +02001/*
2 * Name server resolution
3 *
4 * Copyright 2014 Baptiste Assmann <bedis9@gmail.com>
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 */
12
13#include <errno.h>
14#include <fcntl.h>
15#include <stdio.h>
16#include <stdlib.h>
17#include <string.h>
18#include <unistd.h>
19
20#include <sys/types.h>
21
22#include <common/time.h>
23#include <common/ticks.h>
24
25#include <types/global.h>
26#include <types/dns.h>
27#include <types/proto_udp.h>
28
29#include <proto/checks.h>
30#include <proto/dns.h>
31#include <proto/fd.h>
32#include <proto/log.h>
33#include <proto/server.h>
34#include <proto/task.h>
35#include <proto/proto_udp.h>
36
37struct list dns_resolvers = LIST_HEAD_INIT(dns_resolvers);
38struct dns_resolution *resolution = NULL;
39
40static int64_t dns_query_id_seed; /* random seed */
41
42/* proto_udp callback functions for a DNS resolution */
43struct dgram_data_cb resolve_dgram_cb = {
44 .recv = dns_resolve_recv,
45 .send = dns_resolve_send,
46};
47
48#if DEBUG
49/*
50 * go through the resolutions associated to a resolvers section and print the ID and hostname in
51 * domain name format
52 * should be used for debug purpose only
53 */
54void dns_print_current_resolutions(struct dns_resolvers *resolvers)
55{
56 list_for_each_entry(resolution, &resolvers->curr_resolution, list) {
57 printf(" resolution %d for %s\n", resolution->query_id, resolution->hostname_dn);
58 }
59}
60#endif
61
62/*
63 * check if there is more than 1 resolution in the resolver's resolution list
64 * return value:
65 * 0: empty list
66 * 1: exactly one entry in the list
67 * 2: more than one entry in the list
68 */
69int dns_check_resolution_queue(struct dns_resolvers *resolvers)
70{
71
72 if (LIST_ISEMPTY(&resolvers->curr_resolution))
73 return 0;
74
75 if ((resolvers->curr_resolution.n) && (resolvers->curr_resolution.n == resolvers->curr_resolution.p))
76 return 1;
77
78 if (! ((resolvers->curr_resolution.n == resolvers->curr_resolution.p)
79 && (&resolvers->curr_resolution != resolvers->curr_resolution.n)))
80 return 2;
81
82 return 0;
83}
84
85/*
86 * reset all parameters of a DNS resolution to 0 (or equivalent)
87 * and clean it up from all associated lists (resolution->qid and resolution->list)
88 */
89void dns_reset_resolution(struct dns_resolution *resolution)
90{
91 /* update resolution status */
92 resolution->step = RSLV_STEP_NONE;
93
94 resolution->try = 0;
95 resolution->try_cname = 0;
96 resolution->last_resolution = now_ms;
97 resolution->nb_responses = 0;
98
99 /* clean up query id */
100 eb32_delete(&resolution->qid);
101 resolution->query_id = 0;
102 resolution->qid.key = 0;
103
104 /* default values */
Andrew Hayworthe6a4a322015-10-19 22:29:51 +0000105 if (resolution->resolver_family_priority == AF_INET) {
106 resolution->query_type = DNS_RTYPE_A;
107 } else {
108 resolution->query_type = DNS_RTYPE_AAAA;
109 }
Baptiste Assmann325137d2015-04-13 23:40:55 +0200110
111 /* the second resolution in the queue becomes the first one */
112 LIST_DEL(&resolution->list);
113}
114
115/*
116 * function called when a network IO is generated on a name server socket for an incoming packet
117 * It performs the following actions:
118 * - check if the packet requires processing (not outdated resolution)
119 * - ensure the DNS packet received is valid and call requester's callback
120 * - call requester's error callback if invalid response
121 */
122void dns_resolve_recv(struct dgram_conn *dgram)
123{
124 struct dns_nameserver *nameserver;
125 struct dns_resolvers *resolvers;
126 struct dns_resolution *resolution;
127 unsigned char buf[DNS_MAX_UDP_MESSAGE + 1];
128 unsigned char *bufend;
129 int fd, buflen, ret;
130 unsigned short query_id;
131 struct eb32_node *eb;
132
133 fd = dgram->t.sock.fd;
134
135 /* check if ready for reading */
136 if (!fd_recv_ready(fd))
137 return;
138
139 /* no need to go further if we can't retrieve the nameserver */
140 if ((nameserver = (struct dns_nameserver *)dgram->owner) == NULL)
141 return;
142
143 resolvers = nameserver->resolvers;
144
145 /* process all pending input messages */
146 while (1) {
147 /* read message received */
148 memset(buf, '\0', DNS_MAX_UDP_MESSAGE + 1);
149 if ((buflen = recv(fd, (char*)buf , DNS_MAX_UDP_MESSAGE, 0)) < 0) {
150 /* FIXME : for now we consider EAGAIN only */
151 fd_cant_recv(fd);
152 break;
153 }
154
155 /* message too big */
156 if (buflen > DNS_MAX_UDP_MESSAGE) {
157 nameserver->counters.too_big += 1;
158 continue;
159 }
160
161 /* initializing variables */
162 bufend = buf + buflen; /* pointer to mark the end of the buffer */
163
164 /* read the query id from the packet (16 bits) */
165 if (buf + 2 > bufend) {
166 nameserver->counters.invalid += 1;
167 continue;
168 }
169 query_id = dns_response_get_query_id(buf);
170
171 /* search the query_id in the pending resolution tree */
Baptiste Assmann01daef32015-09-02 22:05:24 +0200172 eb = eb32_lookup(&resolvers->query_ids, query_id);
173 if (eb == NULL) {
Baptiste Assmann325137d2015-04-13 23:40:55 +0200174 /* unknown query id means an outdated response and can be safely ignored */
175 nameserver->counters.outdated += 1;
176 continue;
177 }
178
179 /* known query id means a resolution in prgress */
180 resolution = eb32_entry(eb, struct dns_resolution, qid);
181
182 if (!resolution) {
183 nameserver->counters.outdated += 1;
184 continue;
185 }
186
187 /* number of responses received */
188 resolution->nb_responses += 1;
189
190 ret = dns_validate_dns_response(buf, bufend, resolution->hostname_dn, resolution->hostname_dn_len);
191
192 /* treat only errors */
193 switch (ret) {
194 case DNS_RESP_INVALID:
195 case DNS_RESP_WRONG_NAME:
196 nameserver->counters.invalid += 1;
197 resolution->requester_error_cb(resolution, DNS_RESP_INVALID);
198 continue;
199
200 case DNS_RESP_ERROR:
201 nameserver->counters.other += 1;
202 resolution->requester_error_cb(resolution, DNS_RESP_ERROR);
203 continue;
204
205 case DNS_RESP_ANCOUNT_ZERO:
206 nameserver->counters.any_err += 1;
207 resolution->requester_error_cb(resolution, DNS_RESP_ANCOUNT_ZERO);
208 continue;
209
210 case DNS_RESP_NX_DOMAIN:
211 nameserver->counters.nx += 1;
212 resolution->requester_error_cb(resolution, DNS_RESP_NX_DOMAIN);
213 continue;
214
215 case DNS_RESP_REFUSED:
216 nameserver->counters.refused += 1;
217 resolution->requester_error_cb(resolution, DNS_RESP_REFUSED);
218 continue;
219
220 case DNS_RESP_CNAME_ERROR:
221 nameserver->counters.cname_error += 1;
222 resolution->requester_error_cb(resolution, DNS_RESP_CNAME_ERROR);
223 continue;
224
Baptiste Assmann0df5d962015-09-02 21:58:32 +0200225 case DNS_RESP_TRUNCATED:
226 nameserver->counters.truncated += 1;
227 resolution->requester_error_cb(resolution, DNS_RESP_TRUNCATED);
228 continue;
Baptiste Assmann96972bc2015-09-09 00:46:58 +0200229
230 case DNS_RESP_NO_EXPECTED_RECORD:
231 nameserver->counters.other += 1;
232 resolution->requester_error_cb(resolution, DNS_RESP_NO_EXPECTED_RECORD);
233 continue;
Baptiste Assmann325137d2015-04-13 23:40:55 +0200234 }
235
Baptiste Assmann37bb3722015-08-07 10:18:32 +0200236 nameserver->counters.valid += 1;
Baptiste Assmann325137d2015-04-13 23:40:55 +0200237 resolution->requester_cb(resolution, nameserver, buf, buflen);
238 }
239}
240
241/*
242 * function called when a resolvers network socket is ready to send data
243 * It performs the following actions:
244 */
245void dns_resolve_send(struct dgram_conn *dgram)
246{
247 int fd;
248 struct dns_nameserver *nameserver;
249 struct dns_resolvers *resolvers;
250 struct dns_resolution *resolution;
251
252 fd = dgram->t.sock.fd;
253
254 /* check if ready for sending */
255 if (!fd_send_ready(fd))
256 return;
257
258 /* we don't want/need to be waked up any more for sending */
259 fd_stop_send(fd);
260
261 /* no need to go further if we can't retrieve the nameserver */
262 if ((nameserver = (struct dns_nameserver *)dgram->owner) == NULL)
263 return;
264
265 resolvers = nameserver->resolvers;
266 resolution = LIST_NEXT(&resolvers->curr_resolution, struct dns_resolution *, list);
267
268 dns_send_query(resolution);
269 dns_update_resolvers_timeout(resolvers);
270}
271
272/*
273 * forge and send a DNS query to resolvers associated to a resolution
274 * It performs the following actions:
275 * returns:
276 * 0 in case of error or safe ignorance
277 * 1 if no error
278 */
279int dns_send_query(struct dns_resolution *resolution)
280{
281 struct dns_resolvers *resolvers;
282 struct dns_nameserver *nameserver;
283 int ret, send_error, bufsize, fd;
284
285 resolvers = resolution->resolvers;
286
287 ret = send_error = 0;
288 bufsize = dns_build_query(resolution->query_id, resolution->query_type, resolution->hostname_dn,
289 resolution->hostname_dn_len, trash.str, trash.size);
290
291 if (bufsize == -1)
292 return 0;
293
294 list_for_each_entry(nameserver, &resolvers->nameserver_list, list) {
295 fd = nameserver->dgram->t.sock.fd;
296 errno = 0;
297
298 ret = send(fd, trash.str, bufsize, 0);
299
300 if (ret > 0)
301 nameserver->counters.sent += 1;
302
303 if (ret == 0 || errno == EAGAIN) {
304 /* nothing written, let's update the poller that we wanted to send
305 * but we were not able to */
306 fd_want_send(fd);
307 fd_cant_send(fd);
308 }
309 }
310
311 /* update resolution */
Baptiste Assmann325137d2015-04-13 23:40:55 +0200312 resolution->nb_responses = 0;
313 resolution->last_sent_packet = now_ms;
314
315 return 1;
316}
317
318/*
319 * update a resolvers' task timeout for next wake up
320 */
321void dns_update_resolvers_timeout(struct dns_resolvers *resolvers)
322{
323 struct dns_resolution *resolution;
324
325 if (LIST_ISEMPTY(&resolvers->curr_resolution)) {
326 /* no more resolution pending, so no wakeup anymore */
327 resolvers->t->expire = TICK_ETERNITY;
328 }
329 else {
330 resolution = LIST_NEXT(&resolvers->curr_resolution, struct dns_resolution *, list);
331 resolvers->t->expire = tick_add(resolution->last_sent_packet, resolvers->timeout.retry);
332 }
333}
334
335/*
336 * Function to validate that the buffer DNS response provided in <resp> and
337 * finishing before <bufend> is valid from a DNS protocol point of view.
338 * The caller can also ask the function to check if the response contains data
339 * for a domain name <dn_name> whose length is <dn_name_len> returns one of the
340 * DNS_RESP_* code.
341 */
342int dns_validate_dns_response(unsigned char *resp, unsigned char *bufend, char *dn_name, int dn_name_len)
343{
344 unsigned char *reader, *cname, *ptr;
Baptiste Assmann96972bc2015-09-09 00:46:58 +0200345 int i, len, flags, type, ancount, cnamelen, expected_record;
Baptiste Assmann325137d2015-04-13 23:40:55 +0200346
347 reader = resp;
348 cname = NULL;
349 cnamelen = 0;
350 len = 0;
Baptiste Assmann96972bc2015-09-09 00:46:58 +0200351 expected_record = 0; /* flag to report if at least one expected record type is found in the response.
352 * For now, only records containing an IP address (A and AAAA) are
353 * considered as expected.
354 * Later, this function may be updated to let the caller decide what type
355 * of record is expected to consider the response as valid. (SRV or TXT types)
356 */
Baptiste Assmann325137d2015-04-13 23:40:55 +0200357
358 /* move forward 2 bytes for the query id */
359 reader += 2;
360 if (reader >= bufend)
361 return DNS_RESP_INVALID;
362
363 /*
Baptiste Assmann3440f0d2015-09-02 22:08:38 +0200364 * flags are stored over 2 bytes
365 * First byte contains:
366 * - response flag (1 bit)
367 * - opcode (4 bits)
368 * - authoritative (1 bit)
369 * - truncated (1 bit)
370 * - recursion desired (1 bit)
Baptiste Assmann325137d2015-04-13 23:40:55 +0200371 */
Baptiste Assmann3440f0d2015-09-02 22:08:38 +0200372 if (reader + 2 >= bufend)
Baptiste Assmann325137d2015-04-13 23:40:55 +0200373 return DNS_RESP_INVALID;
374
Baptiste Assmann3440f0d2015-09-02 22:08:38 +0200375 flags = reader[0] * 256 + reader[1];
376
377 if (flags & DNS_FLAG_TRUNCATED)
378 return DNS_RESP_TRUNCATED;
379
380 if ((flags & DNS_FLAG_REPLYCODE) != DNS_RCODE_NO_ERROR) {
381 if ((flags & DNS_FLAG_REPLYCODE) == DNS_RCODE_NX_DOMAIN)
Baptiste Assmann325137d2015-04-13 23:40:55 +0200382 return DNS_RESP_NX_DOMAIN;
Baptiste Assmann3440f0d2015-09-02 22:08:38 +0200383 else if ((flags & DNS_FLAG_REPLYCODE) == DNS_RCODE_REFUSED)
Baptiste Assmann325137d2015-04-13 23:40:55 +0200384 return DNS_RESP_REFUSED;
385
386 return DNS_RESP_ERROR;
387 }
388
Baptiste Assmann3440f0d2015-09-02 22:08:38 +0200389 /* move forward 2 bytes for flags */
390 reader += 2;
Baptiste Assmann325137d2015-04-13 23:40:55 +0200391 if (reader >= bufend)
392 return DNS_RESP_INVALID;
393
394 /* move forward 2 bytes for question count */
395 reader += 2;
396 if (reader >= bufend)
397 return DNS_RESP_INVALID;
398
399 /* analyzing answer count */
400 if (reader + 2 > bufend)
401 return DNS_RESP_INVALID;
402 ancount = reader[0] * 256 + reader[1];
403
404 if (ancount == 0)
405 return DNS_RESP_ANCOUNT_ZERO;
406
407 /* move forward 2 bytes for answer count */
408 reader += 2;
409 if (reader >= bufend)
410 return DNS_RESP_INVALID;
411
412 /* move forward 4 bytes authority and additional count */
413 reader += 4;
414 if (reader >= bufend)
415 return DNS_RESP_INVALID;
416
417 /* check if the name can stand in response */
418 if (dn_name && ((reader + dn_name_len + 1) > bufend))
419 return DNS_RESP_INVALID;
420
421 /* check hostname */
422 if (dn_name && (memcmp(reader, dn_name, dn_name_len) != 0))
423 return DNS_RESP_WRONG_NAME;
424
425 /* move forward hostname len bytes + 1 for NULL byte */
426 if (dn_name) {
427 reader = reader + dn_name_len + 1;
428 }
429 else {
430 ptr = reader;
431 while (*ptr) {
432 ptr++;
433 if (ptr >= bufend)
434 return DNS_RESP_INVALID;
435 }
436 reader = ptr + 1;
437 }
438
439 /* move forward 4 bytes for question type and question class */
440 reader += 4;
441 if (reader >= bufend)
442 return DNS_RESP_INVALID;
443
444 /* now parsing response records */
445 for (i = 1; i <= ancount; i++) {
446 if (reader >= bufend)
447 return DNS_RESP_INVALID;
448
449 /*
450 * name can be a pointer, so move forward reader cursor accordingly
451 * if 1st byte is '11XXXXXX', it means name is a pointer
452 * and 2nd byte gives the offset from resp where the hostname can
453 * be found
454 */
455 if ((*reader & 0xc0) == 0xc0) {
456 /*
457 * pointer, hostname can be found at resp + *(reader + 1)
458 */
459 if (reader + 1 > bufend)
460 return DNS_RESP_INVALID;
461
462 ptr = resp + *(reader + 1);
463
464 /* check if the pointer points inside the buffer */
465 if (ptr >= bufend)
466 return DNS_RESP_INVALID;
467 }
468 else {
469 /*
470 * name is a string which starts at first byte
471 * checking against last cname when recursing through the response
472 */
473 /* look for the end of the string and ensure it's in the buffer */
474 ptr = reader;
475 len = 0;
476 while (*ptr) {
477 ++len;
478 ++ptr;
479 if (ptr >= bufend)
480 return DNS_RESP_INVALID;
481 }
482
483 /* if cname is set, it means a CNAME recursion is in progress */
484 ptr = reader;
485 }
486
487 /* ptr now points to the name */
Baptiste Assmann2359ff12015-08-07 11:24:05 +0200488 if ((*reader & 0xc0) != 0xc0) {
489 /* if cname is set, it means a CNAME recursion is in progress */
Baptiste Assmann325137d2015-04-13 23:40:55 +0200490 if (cname) {
Baptiste Assmann2359ff12015-08-07 11:24:05 +0200491 /* check if the name can stand in response */
492 if ((reader + cnamelen) > bufend)
493 return DNS_RESP_INVALID;
494 /* compare cname and current name */
495 if (memcmp(ptr, cname, cnamelen) != 0)
496 return DNS_RESP_CNAME_ERROR;
497
Baptiste Assmann325137d2015-04-13 23:40:55 +0200498 cname = reader;
499 cnamelen = dns_str_to_dn_label_len((const char *)cname);
500
501 /* move forward cnamelen bytes + NULL byte */
502 reader += (cnamelen + 1);
503 }
Baptiste Assmann2359ff12015-08-07 11:24:05 +0200504 /* compare server hostname to current name */
505 else if (dn_name) {
506 /* check if the name can stand in response */
507 if ((reader + dn_name_len) > bufend)
508 return DNS_RESP_INVALID;
509 if (memcmp(ptr, dn_name, dn_name_len) != 0)
510 return DNS_RESP_WRONG_NAME;
Baptiste Assmann5d681ba2015-10-15 15:23:28 +0200511
512 reader += (dn_name_len + 1);
Baptiste Assmann2359ff12015-08-07 11:24:05 +0200513 }
Baptiste Assmann325137d2015-04-13 23:40:55 +0200514 else {
515 reader += (len + 1);
516 }
517 }
Baptiste Assmann2359ff12015-08-07 11:24:05 +0200518 else {
519 /* shortname in progress */
520 /* move forward 2 bytes for information pointer and address pointer */
521 reader += 2;
522 }
523
Baptiste Assmann325137d2015-04-13 23:40:55 +0200524 if (reader >= bufend)
525 return DNS_RESP_INVALID;
526
527 /*
528 * we know the record is either for our server hostname
529 * or a valid CNAME in a crecursion
530 */
531
532 /* now reading record type (A, AAAA, CNAME, etc...) */
533 if (reader + 2 > bufend)
534 return DNS_RESP_INVALID;
535 type = reader[0] * 256 + reader[1];
536
537 /* move forward 2 bytes for type (2) */
538 reader += 2;
539
540 /* move forward 6 bytes for class (2) and ttl (4) */
541 reader += 6;
542 if (reader >= bufend)
543 return DNS_RESP_INVALID;
544
545 /* now reading data len */
546 if (reader + 2 > bufend)
547 return DNS_RESP_INVALID;
548 len = reader[0] * 256 + reader[1];
549
550 /* move forward 2 bytes for data len */
551 reader += 2;
552
553 /* analyzing record content */
554 switch (type) {
555 case DNS_RTYPE_A:
556 /* ipv4 is stored on 4 bytes */
557 if (len != 4)
558 return DNS_RESP_INVALID;
Baptiste Assmann96972bc2015-09-09 00:46:58 +0200559 expected_record = 1;
Baptiste Assmann325137d2015-04-13 23:40:55 +0200560 break;
561
562 case DNS_RTYPE_CNAME:
563 cname = reader;
564 cnamelen = len;
565 break;
566
567 case DNS_RTYPE_AAAA:
568 /* ipv6 is stored on 16 bytes */
569 if (len != 16)
570 return DNS_RESP_INVALID;
Baptiste Assmann96972bc2015-09-09 00:46:58 +0200571 expected_record = 1;
Baptiste Assmann325137d2015-04-13 23:40:55 +0200572 break;
573 } /* switch (record type) */
574
575 /* move forward len for analyzing next record in the response */
576 reader += len;
577 } /* for i 0 to ancount */
578
Baptiste Assmann96972bc2015-09-09 00:46:58 +0200579 if (expected_record == 0)
580 return DNS_RESP_NO_EXPECTED_RECORD;
581
Baptiste Assmann325137d2015-04-13 23:40:55 +0200582 return DNS_RESP_VALID;
583}
584
585/*
586 * search dn_name resolution in resp.
587 * If existing IP not found, return the first IP matching family_priority,
588 * otherwise, first ip found
589 * The following tasks are the responsibility of the caller:
590 * - resp contains an error free DNS response
591 * - the response matches the dn_name
592 * For both cases above, dns_validate_dns_response is required
593 * returns one of the DNS_UPD_* code
594 */
595int dns_get_ip_from_response(unsigned char *resp, unsigned char *resp_end,
596 char *dn_name, int dn_name_len, void *currentip, short currentip_sin_family,
597 int family_priority, void **newip, short *newip_sin_family)
598{
599 int i, ancount, cnamelen, type, data_len, currentip_found;
600 unsigned char *reader, *cname, *ptr, *newip4, *newip6;
601
602 cname = *newip = newip4 = newip6 = NULL;
603 cnamelen = currentip_found = 0;
604 *newip_sin_family = AF_UNSPEC;
605 ancount = (((struct dns_header *)resp)->ancount);
606 ancount = *(resp + 7);
607
608 /* bypass DNS response header */
609 reader = resp + sizeof(struct dns_header);
610
611 /* bypass DNS query section */
612 /* move forward hostname len bytes + 1 for NULL byte */
613 reader = reader + dn_name_len + 1;
614
615 /* move forward 4 bytes for question type and question class */
616 reader += 4;
617
618 /* now parsing response records */
619 for (i = 1; i <= ancount; i++) {
620 /*
621 * name can be a pointer, so move forward reader cursor accordingly
622 * if 1st byte is '11XXXXXX', it means name is a pointer
623 * and 2nd byte gives the offset from buf where the hostname can
624 * be found
625 */
626 if ((*reader & 0xc0) == 0xc0)
627 ptr = resp + *(reader + 1);
628 else
629 ptr = reader;
630
Baptiste Assmanne4c4b7d2015-10-28 02:10:02 +0100631 if (cname) {
632 if (memcmp(ptr, cname, cnamelen)) {
633 return DNS_UPD_NAME_ERROR;
634 }
635 }
Baptiste Assmann325137d2015-04-13 23:40:55 +0200636 else if (memcmp(ptr, dn_name, dn_name_len))
637 return DNS_UPD_NAME_ERROR;
638
639 if ((*reader & 0xc0) == 0xc0) {
640 /* move forward 2 bytes for information pointer and address pointer */
641 reader += 2;
642 }
643 else {
644 if (cname) {
645 cname = reader;
646 cnamelen = dns_str_to_dn_label_len((char *)cname);
647
648 /* move forward cnamelen bytes + NULL byte */
649 reader += (cnamelen + 1);
650 }
651 else {
652 /* move forward dn_name_len bytes + NULL byte */
653 reader += (dn_name_len + 1);
654 }
655 }
656
657 /*
658 * we know the record is either for our server hostname
659 * or a valid CNAME in a crecursion
660 */
661
662 /* now reading record type (A, AAAA, CNAME, etc...) */
663 type = reader[0] * 256 + reader[1];
664
665 /* move forward 2 bytes for type (2) */
666 reader += 2;
667
668 /* move forward 6 bytes for class (2) and ttl (4) */
669 reader += 6;
670
671 /* now reading data len */
672 data_len = reader[0] * 256 + reader[1];
673
674 /* move forward 2 bytes for data len */
675 reader += 2;
676
677 /* analyzing record content */
678 switch (type) {
679 case DNS_RTYPE_A:
680 /* check if current reccord's IP is the same as server one's */
681 if ((currentip_sin_family == AF_INET)
682 && (*(uint32_t *)reader == *(uint32_t *)currentip)) {
683 currentip_found = 1;
684 newip4 = reader;
685 /* we can stop now if server's family preference is IPv4
686 * and its current IP is found in the response list */
687 if (family_priority == AF_INET)
688 return DNS_UPD_NO; /* DNS_UPD matrix #1 */
689 }
690 else if (!newip4) {
691 newip4 = reader;
692 }
693
694 /* move forward data_len for analyzing next record in the response */
695 reader += data_len;
696 break;
697
698 case DNS_RTYPE_CNAME:
699 cname = reader;
700 cnamelen = data_len;
701
702 reader += data_len;
703 break;
704
705 case DNS_RTYPE_AAAA:
706 /* check if current record's IP is the same as server's one */
707 if ((currentip_sin_family == AF_INET6) && (memcmp(reader, currentip, 16) == 0)) {
708 currentip_found = 1;
709 newip6 = reader;
710 /* we can stop now if server's preference is IPv6 or is not
711 * set (which implies we prioritize IPv6 over IPv4 */
712 if (family_priority == AF_INET6)
713 return DNS_UPD_NO;
714 }
715 else if (!newip6) {
716 newip6 = reader;
717 }
718
719 /* move forward data_len for analyzing next record in the response */
720 reader += data_len;
721 break;
722
723 default:
724 /* not supported record type */
725 /* move forward data_len for analyzing next record in the response */
726 reader += data_len;
727 } /* switch (record type) */
728 } /* for i 0 to ancount */
729
730 /* only CNAMEs in the response, no IP found */
731 if (cname && !newip4 && !newip6) {
732 return DNS_UPD_CNAME;
733 }
734
Baptiste Assmann0453a1d2015-09-09 00:51:08 +0200735 /* no IP found in the response */
736 if (!newip4 && !newip6) {
737 return DNS_UPD_NO_IP_FOUND;
738 }
739
Baptiste Assmann325137d2015-04-13 23:40:55 +0200740 /* case when the caller looks first for an IPv4 address */
741 if (family_priority == AF_INET) {
742 if (newip4) {
743 *newip = newip4;
744 *newip_sin_family = AF_INET;
745 if (currentip_found == 1)
746 return DNS_UPD_NO;
747 return DNS_UPD_SRVIP_NOT_FOUND;
748 }
749 else if (newip6) {
750 *newip = newip6;
751 *newip_sin_family = AF_INET6;
752 if (currentip_found == 1)
753 return DNS_UPD_NO;
754 return DNS_UPD_SRVIP_NOT_FOUND;
755 }
756 }
757 /* case when the caller looks first for an IPv6 address */
758 else if (family_priority == AF_INET6) {
759 if (newip6) {
760 *newip = newip6;
761 *newip_sin_family = AF_INET6;
762 if (currentip_found == 1)
763 return DNS_UPD_NO;
764 return DNS_UPD_SRVIP_NOT_FOUND;
765 }
766 else if (newip4) {
767 *newip = newip4;
768 *newip_sin_family = AF_INET;
769 if (currentip_found == 1)
770 return DNS_UPD_NO;
771 return DNS_UPD_SRVIP_NOT_FOUND;
772 }
773 }
774 /* case when the caller have no preference (we prefer IPv6) */
775 else if (family_priority == AF_UNSPEC) {
776 if (newip6) {
777 *newip = newip6;
778 *newip_sin_family = AF_INET6;
779 if (currentip_found == 1)
780 return DNS_UPD_NO;
781 return DNS_UPD_SRVIP_NOT_FOUND;
782 }
783 else if (newip4) {
784 *newip = newip4;
785 *newip_sin_family = AF_INET;
786 if (currentip_found == 1)
787 return DNS_UPD_NO;
788 return DNS_UPD_SRVIP_NOT_FOUND;
789 }
790 }
791
792 /* no reason why we should change the server's IP address */
793 return DNS_UPD_NO;
794}
795
796/*
797 * returns the query id contained in a DNS response
798 */
799int dns_response_get_query_id(unsigned char *resp)
800{
801 /* read the query id from the response */
802 return resp[0] * 256 + resp[1];
803}
804
805/*
806 * used during haproxy's init phase
807 * parses resolvers sections and initializes:
808 * - task (time events) for each resolvers section
809 * - the datagram layer (network IO events) for each nameserver
810 * returns:
811 * 0 in case of error
812 * 1 when no error
813 */
814int dns_init_resolvers(void)
815{
816 struct dns_resolvers *curr_resolvers;
817 struct dns_nameserver *curnameserver;
818 struct dgram_conn *dgram;
819 struct task *t;
820 int fd;
821
822 /* give a first random value to our dns query_id seed */
823 dns_query_id_seed = random();
824
825 /* run through the resolvers section list */
826 list_for_each_entry(curr_resolvers, &dns_resolvers, list) {
827 /* create the task associated to the resolvers section */
828 if ((t = task_new()) == NULL) {
829 Alert("Starting [%s] resolvers: out of memory.\n", curr_resolvers->id);
830 return 0;
831 }
832
833 /* update task's parameters */
834 t->process = dns_process_resolve;
835 t->context = curr_resolvers;
836 t->expire = TICK_ETERNITY;
837
838 curr_resolvers->t = t;
839
840 list_for_each_entry(curnameserver, &curr_resolvers->nameserver_list, list) {
841 if ((dgram = calloc(1, sizeof(struct dgram_conn))) == NULL) {
842 Alert("Starting [%s/%s] nameserver: out of memory.\n", curr_resolvers->id,
843 curnameserver->id);
844 return 0;
845 }
846 /* update datagram's parameters */
847 dgram->owner = (void *)curnameserver;
848 dgram->data = &resolve_dgram_cb;
849
850 /* create network UDP socket for this nameserver */
851 if ((fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) {
852 Alert("Starting [%s/%s] nameserver: can't create socket.\n", curr_resolvers->id,
853 curnameserver->id);
854 free(dgram);
855 dgram = NULL;
856 return 0;
857 }
858
859 /* "connect" the UDP socket to the name server IP */
Baptiste Assmann8c62c472015-09-21 20:55:08 +0200860 if (connect(fd, (struct sockaddr*)&curnameserver->addr, get_addr_len(&curnameserver->addr)) == -1) {
Baptiste Assmann325137d2015-04-13 23:40:55 +0200861 Alert("Starting [%s/%s] nameserver: can't connect socket.\n", curr_resolvers->id,
862 curnameserver->id);
863 close(fd);
864 free(dgram);
865 dgram = NULL;
866 return 0;
867 }
868
869 /* make the socket non blocking */
870 fcntl(fd, F_SETFL, O_NONBLOCK);
871
872 /* add the fd in the fd list and update its parameters */
873 fd_insert(fd);
874 fdtab[fd].owner = dgram;
875 fdtab[fd].iocb = dgram_fd_handler;
876 fd_want_recv(fd);
877 dgram->t.sock.fd = fd;
878
879 /* update nameserver's datagram property */
880 curnameserver->dgram = dgram;
881
882 continue;
883 }
884
885 /* task can be queued */
886 task_queue(t);
887 }
888
889 return 1;
890}
891
892/*
893 * Forge a DNS query. It needs the following information from the caller:
894 * - <query_id>: the DNS query id corresponding to this query
895 * - <query_type>: DNS_RTYPE_* request DNS record type (A, AAAA, ANY, etc...)
896 * - <hostname_dn>: hostname in domain name format
897 * - <hostname_dn_len>: length of <hostname_dn>
898 * To store the query, the caller must pass a buffer <buf> and its size <bufsize>
899 *
900 * the DNS query is stored in <buf>
901 * returns:
902 * -1 if <buf> is too short
903 */
904int dns_build_query(int query_id, int query_type, char *hostname_dn, int hostname_dn_len, char *buf, int bufsize)
905{
906 struct dns_header *dns;
907 struct dns_question *qinfo;
908 char *ptr, *bufend;
909
910 memset(buf, '\0', bufsize);
911 ptr = buf;
912 bufend = buf + bufsize;
913
914 /* check if there is enough room for DNS headers */
915 if (ptr + sizeof(struct dns_header) >= bufend)
916 return -1;
917
918 /* set dns query headers */
919 dns = (struct dns_header *)ptr;
920 dns->id = (unsigned short) htons(query_id);
921 dns->qr = 0; /* query */
922 dns->opcode = 0;
923 dns->aa = 0;
924 dns->tc = 0;
925 dns->rd = 1; /* recursion desired */
926 dns->ra = 0;
927 dns->z = 0;
928 dns->rcode = 0;
929 dns->qdcount = htons(1); /* 1 question */
930 dns->ancount = 0;
931 dns->nscount = 0;
932 dns->arcount = 0;
933
934 /* move forward ptr */
935 ptr += sizeof(struct dns_header);
936
937 /* check if there is enough room for query hostname */
938 if ((ptr + hostname_dn_len) >= bufend)
939 return -1;
940
941 /* set up query hostname */
942 memcpy(ptr, hostname_dn, hostname_dn_len);
943 ptr[hostname_dn_len + 1] = '\0';
944
945 /* move forward ptr */
946 ptr += (hostname_dn_len + 1);
947
948 /* check if there is enough room for query hostname*/
949 if (ptr + sizeof(struct dns_question) >= bufend)
950 return -1;
951
952 /* set up query info (type and class) */
953 qinfo = (struct dns_question *)ptr;
954 qinfo->qtype = htons(query_type);
955 qinfo->qclass = htons(DNS_RCLASS_IN);
956
957 ptr += sizeof(struct dns_question);
958
959 return ptr - buf;
960}
961
962/*
963 * turn a string into domain name label:
964 * www.haproxy.org into 3www7haproxy3org
965 * if dn memory is pre-allocated, you must provide its size in dn_len
966 * if dn memory isn't allocated, dn_len must be set to 0.
967 * In the second case, memory will be allocated.
968 * in case of error, -1 is returned, otherwise, number of bytes copied in dn
969 */
Willy Tarreau2100b492015-07-22 16:42:43 +0200970char *dns_str_to_dn_label(const char *string, char *dn, int dn_len)
Baptiste Assmann325137d2015-04-13 23:40:55 +0200971{
972 char *c, *d;
973 int i, offset;
974
975 /* offset between string size and theorical dn size */
976 offset = 1;
977
978 /*
979 * first, get the size of the string turned into its domain name version
980 * This function also validates the string respect the RFC
981 */
982 if ((i = dns_str_to_dn_label_len(string)) == -1)
983 return NULL;
984
985 /* yes, so let's check there is enough memory */
986 if (dn_len < i + offset)
987 return NULL;
988
Willy Tarreaud69d6f32015-07-22 16:45:36 +0200989 i = strlen(string);
Baptiste Assmann325137d2015-04-13 23:40:55 +0200990 memcpy(dn + offset, string, i);
991 dn[i + offset] = '\0';
992 /* avoid a '\0' at the beginning of dn string which may prevent the for loop
993 * below from working.
994 * Actually, this is the reason of the offset. */
995 dn[0] = '0';
996
997 for (c = dn; *c ; ++c) {
998 /* c points to the first '0' char or a dot, which we don't want to read */
999 d = c + offset;
1000 i = 0;
1001 while (*d != '.' && *d) {
1002 i++;
1003 d++;
1004 }
1005 *c = i;
1006
1007 c = d - 1; /* because of c++ of the for loop */
1008 }
1009
1010 return dn;
1011}
1012
1013/*
1014 * compute and return the length of <string> it it were translated into domain name
1015 * label:
1016 * www.haproxy.org into 3www7haproxy3org would return 16
1017 * NOTE: add +1 for '\0' when allocating memory ;)
1018 */
1019int dns_str_to_dn_label_len(const char *string)
1020{
1021 return strlen(string) + 1;
1022}
1023
1024/*
1025 * validates host name:
1026 * - total size
1027 * - each label size individually
1028 * returns:
1029 * 0 in case of error. If <err> is not NULL, an error message is stored there.
1030 * 1 when no error. <err> is left unaffected.
1031 */
1032int dns_hostname_validation(const char *string, char **err)
1033{
1034 const char *c, *d;
1035 int i;
1036
1037 if (strlen(string) > DNS_MAX_NAME_SIZE) {
1038 if (err)
1039 *err = DNS_TOO_LONG_FQDN;
1040 return 0;
1041 }
1042
1043 c = string;
1044 while (*c) {
1045 d = c;
1046
1047 i = 0;
1048 while (*d != '.' && *d && i <= DNS_MAX_LABEL_SIZE) {
1049 i++;
1050 if (!((*d == '-') || (*d == '_') ||
1051 ((*d >= 'a') && (*d <= 'z')) ||
1052 ((*d >= 'A') && (*d <= 'Z')) ||
1053 ((*d >= '0') && (*d <= '9')))) {
1054 if (err)
1055 *err = DNS_INVALID_CHARACTER;
1056 return 0;
1057 }
1058 d++;
1059 }
1060
1061 if ((i >= DNS_MAX_LABEL_SIZE) && (d[i] != '.')) {
1062 if (err)
1063 *err = DNS_LABEL_TOO_LONG;
1064 return 0;
1065 }
1066
1067 if (*d == '\0')
1068 goto out;
1069
1070 c = ++d;
1071 }
1072 out:
1073 return 1;
1074}
1075
1076/*
1077 * 2 bytes random generator to generate DNS query ID
1078 */
1079uint16_t dns_rnd16(void)
1080{
1081 dns_query_id_seed ^= dns_query_id_seed << 13;
1082 dns_query_id_seed ^= dns_query_id_seed >> 7;
1083 dns_query_id_seed ^= dns_query_id_seed << 17;
1084 return dns_query_id_seed;
1085}
1086
1087
1088/*
1089 * function called when a timeout occurs during name resolution process
1090 * if max number of tries is reached, then stop, otherwise, retry.
1091 */
1092struct task *dns_process_resolve(struct task *t)
1093{
1094 struct dns_resolvers *resolvers = t->context;
1095 struct dns_resolution *resolution, *res_back;
1096
1097 /* timeout occurs inevitably for the first element of the FIFO queue */
1098 if (LIST_ISEMPTY(&resolvers->curr_resolution)) {
1099 /* no first entry, so wake up was useless */
1100 t->expire = TICK_ETERNITY;
1101 return t;
1102 }
1103
1104 /* look for the first resolution which is not expired */
1105 list_for_each_entry_safe(resolution, res_back, &resolvers->curr_resolution, list) {
1106 /* when we find the first resolution in the future, then we can stop here */
1107 if (tick_is_le(now_ms, resolution->last_sent_packet))
1108 goto out;
1109
1110 /*
1111 * if current resolution has been tried too many times and finishes in timeout
1112 * we update its status and remove it from the list
1113 */
Baptiste Assmannf778bb42015-09-09 00:54:38 +02001114 if (resolution->try <= 0) {
Baptiste Assmann325137d2015-04-13 23:40:55 +02001115 /* clean up resolution information and remove from the list */
1116 dns_reset_resolution(resolution);
1117
1118 /* notify the result to the requester */
1119 resolution->requester_error_cb(resolution, DNS_RESP_TIMEOUT);
1120 }
1121
Baptiste Assmannf778bb42015-09-09 00:54:38 +02001122 resolution->try -= 1;
1123
Baptiste Assmann325137d2015-04-13 23:40:55 +02001124 /* check current resolution status */
1125 if (resolution->step == RSLV_STEP_RUNNING) {
1126 /* resend the DNS query */
1127 dns_send_query(resolution);
1128
1129 /* check if we have more than one resolution in the list */
1130 if (dns_check_resolution_queue(resolvers) > 1) {
1131 /* move the rsolution to the end of the list */
1132 LIST_DEL(&resolution->list);
1133 LIST_ADDQ(&resolvers->curr_resolution, &resolution->list);
1134 }
1135 }
1136 }
1137
1138 out:
1139 dns_update_resolvers_timeout(resolvers);
1140 return t;
1141}