Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 3580b03fc07f9a7003fd1fec7fa70d75637cb354 / . / src / dns.c
blob: 4bc54489f36a2b84ffc2bbece1910582b0254eeb [file] [log] [blame]
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]1/*
2 * Name server resolution
3 *
4 * Copyright 2014 Baptiste Assmann <bedis9@gmail.com>
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 */
12
13#include <errno.h>
14#include <fcntl.h>
15#include <stdio.h>
16#include <stdlib.h>
17#include <string.h>
18#include <unistd.h>
19
20#include <sys/types.h>
21
22#include <common/time.h>
23#include <common/ticks.h>
24
25#include <types/global.h>
26#include <types/dns.h>
27#include <types/proto_udp.h>
28
29#include <proto/checks.h>
30#include <proto/dns.h>
31#include <proto/fd.h>
32#include <proto/log.h>
33#include <proto/server.h>
34#include <proto/task.h>
35#include <proto/proto_udp.h>
36
37struct list dns_resolvers = LIST_HEAD_INIT(dns_resolvers);
38struct dns_resolution *resolution = NULL;
39
40static int64_t dns_query_id_seed; /* random seed */
41
42/* proto_udp callback functions for a DNS resolution */
43struct dgram_data_cb resolve_dgram_cb = {
44 .recv = dns_resolve_recv,
45 .send = dns_resolve_send,
46};
47
48#if DEBUG
49/*
50 * go through the resolutions associated to a resolvers section and print the ID and hostname in
51 * domain name format
52 * should be used for debug purpose only
53 */
54void dns_print_current_resolutions(struct dns_resolvers *resolvers)
55{
56 list_for_each_entry(resolution, &resolvers->curr_resolution, list) {
57 printf(" resolution %d for %s\n", resolution->query_id, resolution->hostname_dn);
58 }
59}
60#endif
61
62/*
63 * check if there is more than 1 resolution in the resolver's resolution list
64 * return value:
65 * 0: empty list
66 * 1: exactly one entry in the list
67 * 2: more than one entry in the list
68 */
69int dns_check_resolution_queue(struct dns_resolvers *resolvers)
70{
71
72 if (LIST_ISEMPTY(&resolvers->curr_resolution))
73 return 0;
74
75 if ((resolvers->curr_resolution.n) && (resolvers->curr_resolution.n == resolvers->curr_resolution.p))
76 return 1;
77
78 if (! ((resolvers->curr_resolution.n == resolvers->curr_resolution.p)
79 && (&resolvers->curr_resolution != resolvers->curr_resolution.n)))
80 return 2;
81
82 return 0;
83}
84
85/*
86 * reset all parameters of a DNS resolution to 0 (or equivalent)
87 * and clean it up from all associated lists (resolution->qid and resolution->list)
88 */
89void dns_reset_resolution(struct dns_resolution *resolution)
90{
91 /* update resolution status */
92 resolution->step = RSLV_STEP_NONE;
93
94 resolution->try = 0;
95 resolution->try_cname = 0;
96 resolution->last_resolution = now_ms;
97 resolution->nb_responses = 0;
98
99 /* clean up query id */
100 eb32_delete(&resolution->qid);
101 resolution->query_id = 0;
102 resolution->qid.key = 0;
103
104 /* default values */
105 resolution->query_type = DNS_RTYPE_ANY;
106
107 /* the second resolution in the queue becomes the first one */
108 LIST_DEL(&resolution->list);
109}
110
111/*
112 * function called when a network IO is generated on a name server socket for an incoming packet
113 * It performs the following actions:
114 * - check if the packet requires processing (not outdated resolution)
115 * - ensure the DNS packet received is valid and call requester's callback
116 * - call requester's error callback if invalid response
117 */
118void dns_resolve_recv(struct dgram_conn *dgram)
119{
120 struct dns_nameserver *nameserver;
121 struct dns_resolvers *resolvers;
122 struct dns_resolution *resolution;
123 unsigned char buf[DNS_MAX_UDP_MESSAGE + 1];
124 unsigned char *bufend;
125 int fd, buflen, ret;
126 unsigned short query_id;
127 struct eb32_node *eb;
128
129 fd = dgram->t.sock.fd;
130
131 /* check if ready for reading */
132 if (!fd_recv_ready(fd))
133 return;
134
135 /* no need to go further if we can't retrieve the nameserver */
136 if ((nameserver = (struct dns_nameserver *)dgram->owner) == NULL)
137 return;
138
139 resolvers = nameserver->resolvers;
140
141 /* process all pending input messages */
142 while (1) {
143 /* read message received */
144 memset(buf, '\0', DNS_MAX_UDP_MESSAGE + 1);
145 if ((buflen = recv(fd, (char*)buf , DNS_MAX_UDP_MESSAGE, 0)) < 0) {
146 /* FIXME : for now we consider EAGAIN only */
147 fd_cant_recv(fd);
148 break;
149 }
150
151 /* message too big */
152 if (buflen > DNS_MAX_UDP_MESSAGE) {
153 nameserver->counters.too_big += 1;
154 continue;
155 }
156
157 /* initializing variables */
158 bufend = buf + buflen; /* pointer to mark the end of the buffer */
159
160 /* read the query id from the packet (16 bits) */
161 if (buf + 2 > bufend) {
162 nameserver->counters.invalid += 1;
163 continue;
164 }
165 query_id = dns_response_get_query_id(buf);
166
167 /* search the query_id in the pending resolution tree */
168 if ((eb = eb32_lookup(&resolvers->query_ids, query_id)) == NULL) {
169 /* unknown query id means an outdated response and can be safely ignored */
170 nameserver->counters.outdated += 1;
171 continue;
172 }
173
174 /* known query id means a resolution in prgress */
175 resolution = eb32_entry(eb, struct dns_resolution, qid);
176
177 if (!resolution) {
178 nameserver->counters.outdated += 1;
179 continue;
180 }
181
182 /* number of responses received */
183 resolution->nb_responses += 1;
184
185 ret = dns_validate_dns_response(buf, bufend, resolution->hostname_dn, resolution->hostname_dn_len);
186
187 /* treat only errors */
188 switch (ret) {
189 case DNS_RESP_INVALID:
190 case DNS_RESP_WRONG_NAME:
191 nameserver->counters.invalid += 1;
192 resolution->requester_error_cb(resolution, DNS_RESP_INVALID);
193 continue;
194
195 case DNS_RESP_ERROR:
196 nameserver->counters.other += 1;
197 resolution->requester_error_cb(resolution, DNS_RESP_ERROR);
198 continue;
199
200 case DNS_RESP_ANCOUNT_ZERO:
201 nameserver->counters.any_err += 1;
202 resolution->requester_error_cb(resolution, DNS_RESP_ANCOUNT_ZERO);
203 continue;
204
205 case DNS_RESP_NX_DOMAIN:
206 nameserver->counters.nx += 1;
207 resolution->requester_error_cb(resolution, DNS_RESP_NX_DOMAIN);
208 continue;
209
210 case DNS_RESP_REFUSED:
211 nameserver->counters.refused += 1;
212 resolution->requester_error_cb(resolution, DNS_RESP_REFUSED);
213 continue;
214
215 case DNS_RESP_CNAME_ERROR:
216 nameserver->counters.cname_error += 1;
217 resolution->requester_error_cb(resolution, DNS_RESP_CNAME_ERROR);
218 continue;
219
220 }
221
Baptiste Assmann37bb3722015-08-07 10:18:32 +0200[diff] [blame]222 nameserver->counters.valid += 1;
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]223 resolution->requester_cb(resolution, nameserver, buf, buflen);
224 }
225}
226
227/*
228 * function called when a resolvers network socket is ready to send data
229 * It performs the following actions:
230 */
231void dns_resolve_send(struct dgram_conn *dgram)
232{
233 int fd;
234 struct dns_nameserver *nameserver;
235 struct dns_resolvers *resolvers;
236 struct dns_resolution *resolution;
237
238 fd = dgram->t.sock.fd;
239
240 /* check if ready for sending */
241 if (!fd_send_ready(fd))
242 return;
243
244 /* we don't want/need to be waked up any more for sending */
245 fd_stop_send(fd);
246
247 /* no need to go further if we can't retrieve the nameserver */
248 if ((nameserver = (struct dns_nameserver *)dgram->owner) == NULL)
249 return;
250
251 resolvers = nameserver->resolvers;
252 resolution = LIST_NEXT(&resolvers->curr_resolution, struct dns_resolution *, list);
253
254 dns_send_query(resolution);
255 dns_update_resolvers_timeout(resolvers);
256}
257
258/*
259 * forge and send a DNS query to resolvers associated to a resolution
260 * It performs the following actions:
261 * returns:
262 * 0 in case of error or safe ignorance
263 * 1 if no error
264 */
265int dns_send_query(struct dns_resolution *resolution)
266{
267 struct dns_resolvers *resolvers;
268 struct dns_nameserver *nameserver;
269 int ret, send_error, bufsize, fd;
270
271 resolvers = resolution->resolvers;
272
273 ret = send_error = 0;
274 bufsize = dns_build_query(resolution->query_id, resolution->query_type, resolution->hostname_dn,
275 resolution->hostname_dn_len, trash.str, trash.size);
276
277 if (bufsize == -1)
278 return 0;
279
280 list_for_each_entry(nameserver, &resolvers->nameserver_list, list) {
281 fd = nameserver->dgram->t.sock.fd;
282 errno = 0;
283
284 ret = send(fd, trash.str, bufsize, 0);
285
286 if (ret > 0)
287 nameserver->counters.sent += 1;
288
289 if (ret == 0 || errno == EAGAIN) {
290 /* nothing written, let's update the poller that we wanted to send
291 * but we were not able to */
292 fd_want_send(fd);
293 fd_cant_send(fd);
294 }
295 }
296
297 /* update resolution */
298 resolution->try += 1;
299 resolution->nb_responses = 0;
300 resolution->last_sent_packet = now_ms;
301
302 return 1;
303}
304
305/*
306 * update a resolvers' task timeout for next wake up
307 */
308void dns_update_resolvers_timeout(struct dns_resolvers *resolvers)
309{
310 struct dns_resolution *resolution;
311
312 if (LIST_ISEMPTY(&resolvers->curr_resolution)) {
313 /* no more resolution pending, so no wakeup anymore */
314 resolvers->t->expire = TICK_ETERNITY;
315 }
316 else {
317 resolution = LIST_NEXT(&resolvers->curr_resolution, struct dns_resolution *, list);
318 resolvers->t->expire = tick_add(resolution->last_sent_packet, resolvers->timeout.retry);
319 }
320}
321
322/*
323 * Function to validate that the buffer DNS response provided in <resp> and
324 * finishing before <bufend> is valid from a DNS protocol point of view.
325 * The caller can also ask the function to check if the response contains data
326 * for a domain name <dn_name> whose length is <dn_name_len> returns one of the
327 * DNS_RESP_* code.
328 */
329int dns_validate_dns_response(unsigned char *resp, unsigned char *bufend, char *dn_name, int dn_name_len)
330{
331 unsigned char *reader, *cname, *ptr;
332 int i, len, type, ancount, cnamelen;
333
334 reader = resp;
335 cname = NULL;
336 cnamelen = 0;
337 len = 0;
338
339 /* move forward 2 bytes for the query id */
340 reader += 2;
341 if (reader >= bufend)
342 return DNS_RESP_INVALID;
343
344 /*
345 * analyzing flags
346 * 1st byte can be ignored for now
347 * rcode is at the beginning of the second byte
348 */
349 reader += 1;
350 if (reader >= bufend)
351 return DNS_RESP_INVALID;
352
353 /*
354 * rcode is 4 latest bits
355 * ignore response if it contains an error
356 */
357 if ((*reader & 0x0f) != DNS_RCODE_NO_ERROR) {
358 if ((*reader & 0x0f) == DNS_RCODE_NX_DOMAIN)
359 return DNS_RESP_NX_DOMAIN;
360 else if ((*reader & 0x0f) == DNS_RCODE_REFUSED)
361 return DNS_RESP_REFUSED;
362
363 return DNS_RESP_ERROR;
364 }
365
366 /* move forward 1 byte for rcode */
367 reader += 1;
368 if (reader >= bufend)
369 return DNS_RESP_INVALID;
370
371 /* move forward 2 bytes for question count */
372 reader += 2;
373 if (reader >= bufend)
374 return DNS_RESP_INVALID;
375
376 /* analyzing answer count */
377 if (reader + 2 > bufend)
378 return DNS_RESP_INVALID;
379 ancount = reader[0] * 256 + reader[1];
380
381 if (ancount == 0)
382 return DNS_RESP_ANCOUNT_ZERO;
383
384 /* move forward 2 bytes for answer count */
385 reader += 2;
386 if (reader >= bufend)
387 return DNS_RESP_INVALID;
388
389 /* move forward 4 bytes authority and additional count */
390 reader += 4;
391 if (reader >= bufend)
392 return DNS_RESP_INVALID;
393
394 /* check if the name can stand in response */
395 if (dn_name && ((reader + dn_name_len + 1) > bufend))
396 return DNS_RESP_INVALID;
397
398 /* check hostname */
399 if (dn_name && (memcmp(reader, dn_name, dn_name_len) != 0))
400 return DNS_RESP_WRONG_NAME;
401
402 /* move forward hostname len bytes + 1 for NULL byte */
403 if (dn_name) {
404 reader = reader + dn_name_len + 1;
405 }
406 else {
407 ptr = reader;
408 while (*ptr) {
409 ptr++;
410 if (ptr >= bufend)
411 return DNS_RESP_INVALID;
412 }
413 reader = ptr + 1;
414 }
415
416 /* move forward 4 bytes for question type and question class */
417 reader += 4;
418 if (reader >= bufend)
419 return DNS_RESP_INVALID;
420
421 /* now parsing response records */
422 for (i = 1; i <= ancount; i++) {
423 if (reader >= bufend)
424 return DNS_RESP_INVALID;
425
426 /*
427 * name can be a pointer, so move forward reader cursor accordingly
428 * if 1st byte is '11XXXXXX', it means name is a pointer
429 * and 2nd byte gives the offset from resp where the hostname can
430 * be found
431 */
432 if ((*reader & 0xc0) == 0xc0) {
433 /*
434 * pointer, hostname can be found at resp + *(reader + 1)
435 */
436 if (reader + 1 > bufend)
437 return DNS_RESP_INVALID;
438
439 ptr = resp + *(reader + 1);
440
441 /* check if the pointer points inside the buffer */
442 if (ptr >= bufend)
443 return DNS_RESP_INVALID;
444 }
445 else {
446 /*
447 * name is a string which starts at first byte
448 * checking against last cname when recursing through the response
449 */
450 /* look for the end of the string and ensure it's in the buffer */
451 ptr = reader;
452 len = 0;
453 while (*ptr) {
454 ++len;
455 ++ptr;
456 if (ptr >= bufend)
457 return DNS_RESP_INVALID;
458 }
459
460 /* if cname is set, it means a CNAME recursion is in progress */
461 ptr = reader;
462 }
463
464 /* ptr now points to the name */
Baptiste Assmann2359ff12015-08-07 11:24:05 +0200[diff] [blame]465 if ((*reader & 0xc0) != 0xc0) {
466 /* if cname is set, it means a CNAME recursion is in progress */
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]467 if (cname) {
Baptiste Assmann2359ff12015-08-07 11:24:05 +0200[diff] [blame]468 /* check if the name can stand in response */
469 if ((reader + cnamelen) > bufend)
470 return DNS_RESP_INVALID;
471 /* compare cname and current name */
472 if (memcmp(ptr, cname, cnamelen) != 0)
473 return DNS_RESP_CNAME_ERROR;
474
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]475 cname = reader;
476 cnamelen = dns_str_to_dn_label_len((const char *)cname);
477
478 /* move forward cnamelen bytes + NULL byte */
479 reader += (cnamelen + 1);
480 }
Baptiste Assmann2359ff12015-08-07 11:24:05 +0200[diff] [blame]481 /* compare server hostname to current name */
482 else if (dn_name) {
483 /* check if the name can stand in response */
484 if ((reader + dn_name_len) > bufend)
485 return DNS_RESP_INVALID;
486 if (memcmp(ptr, dn_name, dn_name_len) != 0)
487 return DNS_RESP_WRONG_NAME;
488 }
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]489 else {
490 reader += (len + 1);
491 }
492 }
Baptiste Assmann2359ff12015-08-07 11:24:05 +0200[diff] [blame]493 else {
494 /* shortname in progress */
495 /* move forward 2 bytes for information pointer and address pointer */
496 reader += 2;
497 }
498
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]499 if (reader >= bufend)
500 return DNS_RESP_INVALID;
501
502 /*
503 * we know the record is either for our server hostname
504 * or a valid CNAME in a crecursion
505 */
506
507 /* now reading record type (A, AAAA, CNAME, etc...) */
508 if (reader + 2 > bufend)
509 return DNS_RESP_INVALID;
510 type = reader[0] * 256 + reader[1];
511
512 /* move forward 2 bytes for type (2) */
513 reader += 2;
514
515 /* move forward 6 bytes for class (2) and ttl (4) */
516 reader += 6;
517 if (reader >= bufend)
518 return DNS_RESP_INVALID;
519
520 /* now reading data len */
521 if (reader + 2 > bufend)
522 return DNS_RESP_INVALID;
523 len = reader[0] * 256 + reader[1];
524
525 /* move forward 2 bytes for data len */
526 reader += 2;
527
528 /* analyzing record content */
529 switch (type) {
530 case DNS_RTYPE_A:
531 /* ipv4 is stored on 4 bytes */
532 if (len != 4)
533 return DNS_RESP_INVALID;
534 break;
535
536 case DNS_RTYPE_CNAME:
537 cname = reader;
538 cnamelen = len;
539 break;
540
541 case DNS_RTYPE_AAAA:
542 /* ipv6 is stored on 16 bytes */
543 if (len != 16)
544 return DNS_RESP_INVALID;
545 break;
546 } /* switch (record type) */
547
548 /* move forward len for analyzing next record in the response */
549 reader += len;
550 } /* for i 0 to ancount */
551
552 return DNS_RESP_VALID;
553}
554
555/*
556 * search dn_name resolution in resp.
557 * If existing IP not found, return the first IP matching family_priority,
558 * otherwise, first ip found
559 * The following tasks are the responsibility of the caller:
560 * - resp contains an error free DNS response
561 * - the response matches the dn_name
562 * For both cases above, dns_validate_dns_response is required
563 * returns one of the DNS_UPD_* code
564 */
565int dns_get_ip_from_response(unsigned char *resp, unsigned char *resp_end,
566 char *dn_name, int dn_name_len, void *currentip, short currentip_sin_family,
567 int family_priority, void **newip, short *newip_sin_family)
568{
569 int i, ancount, cnamelen, type, data_len, currentip_found;
570 unsigned char *reader, *cname, *ptr, *newip4, *newip6;
571
572 cname = *newip = newip4 = newip6 = NULL;
573 cnamelen = currentip_found = 0;
574 *newip_sin_family = AF_UNSPEC;
575 ancount = (((struct dns_header *)resp)->ancount);
576 ancount = *(resp + 7);
577
578 /* bypass DNS response header */
579 reader = resp + sizeof(struct dns_header);
580
581 /* bypass DNS query section */
582 /* move forward hostname len bytes + 1 for NULL byte */
583 reader = reader + dn_name_len + 1;
584
585 /* move forward 4 bytes for question type and question class */
586 reader += 4;
587
588 /* now parsing response records */
589 for (i = 1; i <= ancount; i++) {
590 /*
591 * name can be a pointer, so move forward reader cursor accordingly
592 * if 1st byte is '11XXXXXX', it means name is a pointer
593 * and 2nd byte gives the offset from buf where the hostname can
594 * be found
595 */
596 if ((*reader & 0xc0) == 0xc0)
597 ptr = resp + *(reader + 1);
598 else
599 ptr = reader;
600
601 if (cname && memcmp(ptr, cname, cnamelen))
602 return DNS_UPD_NAME_ERROR;
603 else if (memcmp(ptr, dn_name, dn_name_len))
604 return DNS_UPD_NAME_ERROR;
605
606 if ((*reader & 0xc0) == 0xc0) {
607 /* move forward 2 bytes for information pointer and address pointer */
608 reader += 2;
609 }
610 else {
611 if (cname) {
612 cname = reader;
613 cnamelen = dns_str_to_dn_label_len((char *)cname);
614
615 /* move forward cnamelen bytes + NULL byte */
616 reader += (cnamelen + 1);
617 }
618 else {
619 /* move forward dn_name_len bytes + NULL byte */
620 reader += (dn_name_len + 1);
621 }
622 }
623
624 /*
625 * we know the record is either for our server hostname
626 * or a valid CNAME in a crecursion
627 */
628
629 /* now reading record type (A, AAAA, CNAME, etc...) */
630 type = reader[0] * 256 + reader[1];
631
632 /* move forward 2 bytes for type (2) */
633 reader += 2;
634
635 /* move forward 6 bytes for class (2) and ttl (4) */
636 reader += 6;
637
638 /* now reading data len */
639 data_len = reader[0] * 256 + reader[1];
640
641 /* move forward 2 bytes for data len */
642 reader += 2;
643
644 /* analyzing record content */
645 switch (type) {
646 case DNS_RTYPE_A:
647 /* check if current reccord's IP is the same as server one's */
648 if ((currentip_sin_family == AF_INET)
649 && (*(uint32_t *)reader == *(uint32_t *)currentip)) {
650 currentip_found = 1;
651 newip4 = reader;
652 /* we can stop now if server's family preference is IPv4
653 * and its current IP is found in the response list */
654 if (family_priority == AF_INET)
655 return DNS_UPD_NO; /* DNS_UPD matrix #1 */
656 }
657 else if (!newip4) {
658 newip4 = reader;
659 }
660
661 /* move forward data_len for analyzing next record in the response */
662 reader += data_len;
663 break;
664
665 case DNS_RTYPE_CNAME:
666 cname = reader;
667 cnamelen = data_len;
668
669 reader += data_len;
670 break;
671
672 case DNS_RTYPE_AAAA:
673 /* check if current record's IP is the same as server's one */
674 if ((currentip_sin_family == AF_INET6) && (memcmp(reader, currentip, 16) == 0)) {
675 currentip_found = 1;
676 newip6 = reader;
677 /* we can stop now if server's preference is IPv6 or is not
678 * set (which implies we prioritize IPv6 over IPv4 */
679 if (family_priority == AF_INET6)
680 return DNS_UPD_NO;
681 }
682 else if (!newip6) {
683 newip6 = reader;
684 }
685
686 /* move forward data_len for analyzing next record in the response */
687 reader += data_len;
688 break;
689
690 default:
691 /* not supported record type */
692 /* move forward data_len for analyzing next record in the response */
693 reader += data_len;
694 } /* switch (record type) */
695 } /* for i 0 to ancount */
696
697 /* only CNAMEs in the response, no IP found */
698 if (cname && !newip4 && !newip6) {
699 return DNS_UPD_CNAME;
700 }
701
702 /* case when the caller looks first for an IPv4 address */
703 if (family_priority == AF_INET) {
704 if (newip4) {
705 *newip = newip4;
706 *newip_sin_family = AF_INET;
707 if (currentip_found == 1)
708 return DNS_UPD_NO;
709 return DNS_UPD_SRVIP_NOT_FOUND;
710 }
711 else if (newip6) {
712 *newip = newip6;
713 *newip_sin_family = AF_INET6;
714 if (currentip_found == 1)
715 return DNS_UPD_NO;
716 return DNS_UPD_SRVIP_NOT_FOUND;
717 }
718 }
719 /* case when the caller looks first for an IPv6 address */
720 else if (family_priority == AF_INET6) {
721 if (newip6) {
722 *newip = newip6;
723 *newip_sin_family = AF_INET6;
724 if (currentip_found == 1)
725 return DNS_UPD_NO;
726 return DNS_UPD_SRVIP_NOT_FOUND;
727 }
728 else if (newip4) {
729 *newip = newip4;
730 *newip_sin_family = AF_INET;
731 if (currentip_found == 1)
732 return DNS_UPD_NO;
733 return DNS_UPD_SRVIP_NOT_FOUND;
734 }
735 }
736 /* case when the caller have no preference (we prefer IPv6) */
737 else if (family_priority == AF_UNSPEC) {
738 if (newip6) {
739 *newip = newip6;
740 *newip_sin_family = AF_INET6;
741 if (currentip_found == 1)
742 return DNS_UPD_NO;
743 return DNS_UPD_SRVIP_NOT_FOUND;
744 }
745 else if (newip4) {
746 *newip = newip4;
747 *newip_sin_family = AF_INET;
748 if (currentip_found == 1)
749 return DNS_UPD_NO;
750 return DNS_UPD_SRVIP_NOT_FOUND;
751 }
752 }
753
754 /* no reason why we should change the server's IP address */
755 return DNS_UPD_NO;
756}
757
758/*
759 * returns the query id contained in a DNS response
760 */
761int dns_response_get_query_id(unsigned char *resp)
762{
763 /* read the query id from the response */
764 return resp[0] * 256 + resp[1];
765}
766
767/*
768 * used during haproxy's init phase
769 * parses resolvers sections and initializes:
770 * - task (time events) for each resolvers section
771 * - the datagram layer (network IO events) for each nameserver
772 * returns:
773 * 0 in case of error
774 * 1 when no error
775 */
776int dns_init_resolvers(void)
777{
778 struct dns_resolvers *curr_resolvers;
779 struct dns_nameserver *curnameserver;
780 struct dgram_conn *dgram;
781 struct task *t;
782 int fd;
783
784 /* give a first random value to our dns query_id seed */
785 dns_query_id_seed = random();
786
787 /* run through the resolvers section list */
788 list_for_each_entry(curr_resolvers, &dns_resolvers, list) {
789 /* create the task associated to the resolvers section */
790 if ((t = task_new()) == NULL) {
791 Alert("Starting [%s] resolvers: out of memory.\n", curr_resolvers->id);
792 return 0;
793 }
794
795 /* update task's parameters */
796 t->process = dns_process_resolve;
797 t->context = curr_resolvers;
798 t->expire = TICK_ETERNITY;
799
800 curr_resolvers->t = t;
801
802 list_for_each_entry(curnameserver, &curr_resolvers->nameserver_list, list) {
803 if ((dgram = calloc(1, sizeof(struct dgram_conn))) == NULL) {
804 Alert("Starting [%s/%s] nameserver: out of memory.\n", curr_resolvers->id,
805 curnameserver->id);
806 return 0;
807 }
808 /* update datagram's parameters */
809 dgram->owner = (void *)curnameserver;
810 dgram->data = &resolve_dgram_cb;
811
812 /* create network UDP socket for this nameserver */
813 if ((fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) {
814 Alert("Starting [%s/%s] nameserver: can't create socket.\n", curr_resolvers->id,
815 curnameserver->id);
816 free(dgram);
817 dgram = NULL;
818 return 0;
819 }
820
821 /* "connect" the UDP socket to the name server IP */
822 if (connect(fd, (struct sockaddr*)&curnameserver->addr, sizeof(curnameserver->addr)) == -1) {
823 Alert("Starting [%s/%s] nameserver: can't connect socket.\n", curr_resolvers->id,
824 curnameserver->id);
825 close(fd);
826 free(dgram);
827 dgram = NULL;
828 return 0;
829 }
830
831 /* make the socket non blocking */
832 fcntl(fd, F_SETFL, O_NONBLOCK);
833
834 /* add the fd in the fd list and update its parameters */
835 fd_insert(fd);
836 fdtab[fd].owner = dgram;
837 fdtab[fd].iocb = dgram_fd_handler;
838 fd_want_recv(fd);
839 dgram->t.sock.fd = fd;
840
841 /* update nameserver's datagram property */
842 curnameserver->dgram = dgram;
843
844 continue;
845 }
846
847 /* task can be queued */
848 task_queue(t);
849 }
850
851 return 1;
852}
853
854/*
855 * Forge a DNS query. It needs the following information from the caller:
856 * - <query_id>: the DNS query id corresponding to this query
857 * - <query_type>: DNS_RTYPE_* request DNS record type (A, AAAA, ANY, etc...)
858 * - <hostname_dn>: hostname in domain name format
859 * - <hostname_dn_len>: length of <hostname_dn>
860 * To store the query, the caller must pass a buffer <buf> and its size <bufsize>
861 *
862 * the DNS query is stored in <buf>
863 * returns:
864 * -1 if <buf> is too short
865 */
866int dns_build_query(int query_id, int query_type, char *hostname_dn, int hostname_dn_len, char *buf, int bufsize)
867{
868 struct dns_header *dns;
869 struct dns_question *qinfo;
870 char *ptr, *bufend;
871
872 memset(buf, '\0', bufsize);
873 ptr = buf;
874 bufend = buf + bufsize;
875
876 /* check if there is enough room for DNS headers */
877 if (ptr + sizeof(struct dns_header) >= bufend)
878 return -1;
879
880 /* set dns query headers */
881 dns = (struct dns_header *)ptr;
882 dns->id = (unsigned short) htons(query_id);
883 dns->qr = 0; /* query */
884 dns->opcode = 0;
885 dns->aa = 0;
886 dns->tc = 0;
887 dns->rd = 1; /* recursion desired */
888 dns->ra = 0;
889 dns->z = 0;
890 dns->rcode = 0;
891 dns->qdcount = htons(1); /* 1 question */
892 dns->ancount = 0;
893 dns->nscount = 0;
894 dns->arcount = 0;
895
896 /* move forward ptr */
897 ptr += sizeof(struct dns_header);
898
899 /* check if there is enough room for query hostname */
900 if ((ptr + hostname_dn_len) >= bufend)
901 return -1;
902
903 /* set up query hostname */
904 memcpy(ptr, hostname_dn, hostname_dn_len);
905 ptr[hostname_dn_len + 1] = '\0';
906
907 /* move forward ptr */
908 ptr += (hostname_dn_len + 1);
909
910 /* check if there is enough room for query hostname*/
911 if (ptr + sizeof(struct dns_question) >= bufend)
912 return -1;
913
914 /* set up query info (type and class) */
915 qinfo = (struct dns_question *)ptr;
916 qinfo->qtype = htons(query_type);
917 qinfo->qclass = htons(DNS_RCLASS_IN);
918
919 ptr += sizeof(struct dns_question);
920
921 return ptr - buf;
922}
923
924/*
925 * turn a string into domain name label:
926 * www.haproxy.org into 3www7haproxy3org
927 * if dn memory is pre-allocated, you must provide its size in dn_len
928 * if dn memory isn't allocated, dn_len must be set to 0.
929 * In the second case, memory will be allocated.
930 * in case of error, -1 is returned, otherwise, number of bytes copied in dn
931 */
Willy Tarreau2100b492015-07-22 16:42:43 +0200[diff] [blame]932char *dns_str_to_dn_label(const char *string, char *dn, int dn_len)
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]933{
934 char *c, *d;
935 int i, offset;
936
937 /* offset between string size and theorical dn size */
938 offset = 1;
939
940 /*
941 * first, get the size of the string turned into its domain name version
942 * This function also validates the string respect the RFC
943 */
944 if ((i = dns_str_to_dn_label_len(string)) == -1)
945 return NULL;
946
947 /* yes, so let's check there is enough memory */
948 if (dn_len < i + offset)
949 return NULL;
950
Willy Tarreaud69d6f32015-07-22 16:45:36 +0200[diff] [blame]951 i = strlen(string);
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]952 memcpy(dn + offset, string, i);
953 dn[i + offset] = '\0';
954 /* avoid a '\0' at the beginning of dn string which may prevent the for loop
955 * below from working.
956 * Actually, this is the reason of the offset. */
957 dn[0] = '0';
958
959 for (c = dn; *c ; ++c) {
960 /* c points to the first '0' char or a dot, which we don't want to read */
961 d = c + offset;
962 i = 0;
963 while (*d != '.' && *d) {
964 i++;
965 d++;
966 }
967 *c = i;
968
969 c = d - 1; /* because of c++ of the for loop */
970 }
971
972 return dn;
973}
974
975/*
976 * compute and return the length of <string> it it were translated into domain name
977 * label:
978 * www.haproxy.org into 3www7haproxy3org would return 16
979 * NOTE: add +1 for '\0' when allocating memory ;)
980 */
981int dns_str_to_dn_label_len(const char *string)
982{
983 return strlen(string) + 1;
984}
985
986/*
987 * validates host name:
988 * - total size
989 * - each label size individually
990 * returns:
991 * 0 in case of error. If <err> is not NULL, an error message is stored there.
992 * 1 when no error. <err> is left unaffected.
993 */
994int dns_hostname_validation(const char *string, char **err)
995{
996 const char *c, *d;
997 int i;
998
999 if (strlen(string) > DNS_MAX_NAME_SIZE) {
1000 if (err)
1001 *err = DNS_TOO_LONG_FQDN;
1002 return 0;
1003 }
1004
1005 c = string;
1006 while (*c) {
1007 d = c;
1008
1009 i = 0;
1010 while (*d != '.' && *d && i <= DNS_MAX_LABEL_SIZE) {
1011 i++;
1012 if (!((*d == '-') || (*d == '_') ||
1013 ((*d >= 'a') && (*d <= 'z')) ||
1014 ((*d >= 'A') && (*d <= 'Z')) ||
1015 ((*d >= '0') && (*d <= '9')))) {
1016 if (err)
1017 *err = DNS_INVALID_CHARACTER;
1018 return 0;
1019 }
1020 d++;
1021 }
1022
1023 if ((i >= DNS_MAX_LABEL_SIZE) && (d[i] != '.')) {
1024 if (err)
1025 *err = DNS_LABEL_TOO_LONG;
1026 return 0;
1027 }
1028
1029 if (*d == '\0')
1030 goto out;
1031
1032 c = ++d;
1033 }
1034 out:
1035 return 1;
1036}
1037
1038/*
1039 * 2 bytes random generator to generate DNS query ID
1040 */
1041uint16_t dns_rnd16(void)
1042{
1043 dns_query_id_seed ^= dns_query_id_seed << 13;
1044 dns_query_id_seed ^= dns_query_id_seed >> 7;
1045 dns_query_id_seed ^= dns_query_id_seed << 17;
1046 return dns_query_id_seed;
1047}
1048
1049
1050/*
1051 * function called when a timeout occurs during name resolution process
1052 * if max number of tries is reached, then stop, otherwise, retry.
1053 */
1054struct task *dns_process_resolve(struct task *t)
1055{
1056 struct dns_resolvers *resolvers = t->context;
1057 struct dns_resolution *resolution, *res_back;
1058
1059 /* timeout occurs inevitably for the first element of the FIFO queue */
1060 if (LIST_ISEMPTY(&resolvers->curr_resolution)) {
1061 /* no first entry, so wake up was useless */
1062 t->expire = TICK_ETERNITY;
1063 return t;
1064 }
1065
1066 /* look for the first resolution which is not expired */
1067 list_for_each_entry_safe(resolution, res_back, &resolvers->curr_resolution, list) {
1068 /* when we find the first resolution in the future, then we can stop here */
1069 if (tick_is_le(now_ms, resolution->last_sent_packet))
1070 goto out;
1071
1072 /*
1073 * if current resolution has been tried too many times and finishes in timeout
1074 * we update its status and remove it from the list
1075 */
1076 if (resolution->try >= resolvers->resolve_retries) {
1077 /* clean up resolution information and remove from the list */
1078 dns_reset_resolution(resolution);
1079
1080 /* notify the result to the requester */
1081 resolution->requester_error_cb(resolution, DNS_RESP_TIMEOUT);
1082 }
1083
1084 /* check current resolution status */
1085 if (resolution->step == RSLV_STEP_RUNNING) {
1086 /* resend the DNS query */
1087 dns_send_query(resolution);
1088
1089 /* check if we have more than one resolution in the list */
1090 if (dns_check_resolution_queue(resolvers) > 1) {
1091 /* move the rsolution to the end of the list */
1092 LIST_DEL(&resolution->list);
1093 LIST_ADDQ(&resolvers->curr_resolution, &resolution->list);
1094 }
1095 }
1096 }
1097
1098 out:
1099 dns_update_resolvers_timeout(resolvers);
1100 return t;
1101}