Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 5554e2983d5d46abc5ebe752a03c7cd9fb749662 / . / src / dns.c
blob: ec3c9d1ee3ad96987a577184595f8acb74051d19 [file] [log] [blame]
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]1/*
2 * Name server resolution
3 *
4 * Copyright 2014 Baptiste Assmann <bedis9@gmail.com>
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 */
12
13#include <errno.h>
14#include <fcntl.h>
15#include <stdio.h>
16#include <stdlib.h>
17#include <string.h>
18#include <unistd.h>
19
20#include <sys/types.h>
21
22#include <common/time.h>
23#include <common/ticks.h>
24
25#include <types/global.h>
26#include <types/dns.h>
27#include <types/proto_udp.h>
28
29#include <proto/checks.h>
30#include <proto/dns.h>
31#include <proto/fd.h>
32#include <proto/log.h>
33#include <proto/server.h>
34#include <proto/task.h>
35#include <proto/proto_udp.h>
36
37struct list dns_resolvers = LIST_HEAD_INIT(dns_resolvers);
38struct dns_resolution *resolution = NULL;
39
40static int64_t dns_query_id_seed; /* random seed */
41
42/* proto_udp callback functions for a DNS resolution */
43struct dgram_data_cb resolve_dgram_cb = {
44 .recv = dns_resolve_recv,
45 .send = dns_resolve_send,
46};
47
48#if DEBUG
49/*
50 * go through the resolutions associated to a resolvers section and print the ID and hostname in
51 * domain name format
52 * should be used for debug purpose only
53 */
54void dns_print_current_resolutions(struct dns_resolvers *resolvers)
55{
56 list_for_each_entry(resolution, &resolvers->curr_resolution, list) {
57 printf(" resolution %d for %s\n", resolution->query_id, resolution->hostname_dn);
58 }
59}
60#endif
61
62/*
63 * check if there is more than 1 resolution in the resolver's resolution list
64 * return value:
65 * 0: empty list
66 * 1: exactly one entry in the list
67 * 2: more than one entry in the list
68 */
69int dns_check_resolution_queue(struct dns_resolvers *resolvers)
70{
71
72 if (LIST_ISEMPTY(&resolvers->curr_resolution))
73 return 0;
74
75 if ((resolvers->curr_resolution.n) && (resolvers->curr_resolution.n == resolvers->curr_resolution.p))
76 return 1;
77
78 if (! ((resolvers->curr_resolution.n == resolvers->curr_resolution.p)
79 && (&resolvers->curr_resolution != resolvers->curr_resolution.n)))
80 return 2;
81
82 return 0;
83}
84
85/*
86 * reset all parameters of a DNS resolution to 0 (or equivalent)
87 * and clean it up from all associated lists (resolution->qid and resolution->list)
88 */
89void dns_reset_resolution(struct dns_resolution *resolution)
90{
91 /* update resolution status */
92 resolution->step = RSLV_STEP_NONE;
93
94 resolution->try = 0;
95 resolution->try_cname = 0;
96 resolution->last_resolution = now_ms;
97 resolution->nb_responses = 0;
98
99 /* clean up query id */
100 eb32_delete(&resolution->qid);
101 resolution->query_id = 0;
102 resolution->qid.key = 0;
103
104 /* default values */
105 resolution->query_type = DNS_RTYPE_ANY;
106
107 /* the second resolution in the queue becomes the first one */
108 LIST_DEL(&resolution->list);
109}
110
111/*
112 * function called when a network IO is generated on a name server socket for an incoming packet
113 * It performs the following actions:
114 * - check if the packet requires processing (not outdated resolution)
115 * - ensure the DNS packet received is valid and call requester's callback
116 * - call requester's error callback if invalid response
117 */
118void dns_resolve_recv(struct dgram_conn *dgram)
119{
120 struct dns_nameserver *nameserver;
121 struct dns_resolvers *resolvers;
122 struct dns_resolution *resolution;
123 unsigned char buf[DNS_MAX_UDP_MESSAGE + 1];
124 unsigned char *bufend;
125 int fd, buflen, ret;
126 unsigned short query_id;
127 struct eb32_node *eb;
128
129 fd = dgram->t.sock.fd;
130
131 /* check if ready for reading */
132 if (!fd_recv_ready(fd))
133 return;
134
135 /* no need to go further if we can't retrieve the nameserver */
136 if ((nameserver = (struct dns_nameserver *)dgram->owner) == NULL)
137 return;
138
139 resolvers = nameserver->resolvers;
140
141 /* process all pending input messages */
142 while (1) {
143 /* read message received */
144 memset(buf, '\0', DNS_MAX_UDP_MESSAGE + 1);
145 if ((buflen = recv(fd, (char*)buf , DNS_MAX_UDP_MESSAGE, 0)) < 0) {
146 /* FIXME : for now we consider EAGAIN only */
147 fd_cant_recv(fd);
148 break;
149 }
150
151 /* message too big */
152 if (buflen > DNS_MAX_UDP_MESSAGE) {
153 nameserver->counters.too_big += 1;
154 continue;
155 }
156
157 /* initializing variables */
158 bufend = buf + buflen; /* pointer to mark the end of the buffer */
159
160 /* read the query id from the packet (16 bits) */
161 if (buf + 2 > bufend) {
162 nameserver->counters.invalid += 1;
163 continue;
164 }
165 query_id = dns_response_get_query_id(buf);
166
167 /* search the query_id in the pending resolution tree */
Baptiste Assmann01daef32015-09-02 22:05:24 +0200[diff] [blame]168 eb = eb32_lookup(&resolvers->query_ids, query_id);
169 if (eb == NULL) {
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]170 /* unknown query id means an outdated response and can be safely ignored */
171 nameserver->counters.outdated += 1;
172 continue;
173 }
174
175 /* known query id means a resolution in prgress */
176 resolution = eb32_entry(eb, struct dns_resolution, qid);
177
178 if (!resolution) {
179 nameserver->counters.outdated += 1;
180 continue;
181 }
182
183 /* number of responses received */
184 resolution->nb_responses += 1;
185
186 ret = dns_validate_dns_response(buf, bufend, resolution->hostname_dn, resolution->hostname_dn_len);
187
188 /* treat only errors */
189 switch (ret) {
190 case DNS_RESP_INVALID:
191 case DNS_RESP_WRONG_NAME:
192 nameserver->counters.invalid += 1;
193 resolution->requester_error_cb(resolution, DNS_RESP_INVALID);
194 continue;
195
196 case DNS_RESP_ERROR:
197 nameserver->counters.other += 1;
198 resolution->requester_error_cb(resolution, DNS_RESP_ERROR);
199 continue;
200
201 case DNS_RESP_ANCOUNT_ZERO:
202 nameserver->counters.any_err += 1;
203 resolution->requester_error_cb(resolution, DNS_RESP_ANCOUNT_ZERO);
204 continue;
205
206 case DNS_RESP_NX_DOMAIN:
207 nameserver->counters.nx += 1;
208 resolution->requester_error_cb(resolution, DNS_RESP_NX_DOMAIN);
209 continue;
210
211 case DNS_RESP_REFUSED:
212 nameserver->counters.refused += 1;
213 resolution->requester_error_cb(resolution, DNS_RESP_REFUSED);
214 continue;
215
216 case DNS_RESP_CNAME_ERROR:
217 nameserver->counters.cname_error += 1;
218 resolution->requester_error_cb(resolution, DNS_RESP_CNAME_ERROR);
219 continue;
220
Baptiste Assmann0df5d962015-09-02 21:58:32 +0200[diff] [blame]221 case DNS_RESP_TRUNCATED:
222 nameserver->counters.truncated += 1;
223 resolution->requester_error_cb(resolution, DNS_RESP_TRUNCATED);
224 continue;
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]225 }
226
Baptiste Assmann37bb3722015-08-07 10:18:32 +0200[diff] [blame]227 nameserver->counters.valid += 1;
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]228 resolution->requester_cb(resolution, nameserver, buf, buflen);
229 }
230}
231
232/*
233 * function called when a resolvers network socket is ready to send data
234 * It performs the following actions:
235 */
236void dns_resolve_send(struct dgram_conn *dgram)
237{
238 int fd;
239 struct dns_nameserver *nameserver;
240 struct dns_resolvers *resolvers;
241 struct dns_resolution *resolution;
242
243 fd = dgram->t.sock.fd;
244
245 /* check if ready for sending */
246 if (!fd_send_ready(fd))
247 return;
248
249 /* we don't want/need to be waked up any more for sending */
250 fd_stop_send(fd);
251
252 /* no need to go further if we can't retrieve the nameserver */
253 if ((nameserver = (struct dns_nameserver *)dgram->owner) == NULL)
254 return;
255
256 resolvers = nameserver->resolvers;
257 resolution = LIST_NEXT(&resolvers->curr_resolution, struct dns_resolution *, list);
258
259 dns_send_query(resolution);
260 dns_update_resolvers_timeout(resolvers);
261}
262
263/*
264 * forge and send a DNS query to resolvers associated to a resolution
265 * It performs the following actions:
266 * returns:
267 * 0 in case of error or safe ignorance
268 * 1 if no error
269 */
270int dns_send_query(struct dns_resolution *resolution)
271{
272 struct dns_resolvers *resolvers;
273 struct dns_nameserver *nameserver;
274 int ret, send_error, bufsize, fd;
275
276 resolvers = resolution->resolvers;
277
278 ret = send_error = 0;
279 bufsize = dns_build_query(resolution->query_id, resolution->query_type, resolution->hostname_dn,
280 resolution->hostname_dn_len, trash.str, trash.size);
281
282 if (bufsize == -1)
283 return 0;
284
285 list_for_each_entry(nameserver, &resolvers->nameserver_list, list) {
286 fd = nameserver->dgram->t.sock.fd;
287 errno = 0;
288
289 ret = send(fd, trash.str, bufsize, 0);
290
291 if (ret > 0)
292 nameserver->counters.sent += 1;
293
294 if (ret == 0 || errno == EAGAIN) {
295 /* nothing written, let's update the poller that we wanted to send
296 * but we were not able to */
297 fd_want_send(fd);
298 fd_cant_send(fd);
299 }
300 }
301
302 /* update resolution */
303 resolution->try += 1;
304 resolution->nb_responses = 0;
305 resolution->last_sent_packet = now_ms;
306
307 return 1;
308}
309
310/*
311 * update a resolvers' task timeout for next wake up
312 */
313void dns_update_resolvers_timeout(struct dns_resolvers *resolvers)
314{
315 struct dns_resolution *resolution;
316
317 if (LIST_ISEMPTY(&resolvers->curr_resolution)) {
318 /* no more resolution pending, so no wakeup anymore */
319 resolvers->t->expire = TICK_ETERNITY;
320 }
321 else {
322 resolution = LIST_NEXT(&resolvers->curr_resolution, struct dns_resolution *, list);
323 resolvers->t->expire = tick_add(resolution->last_sent_packet, resolvers->timeout.retry);
324 }
325}
326
327/*
328 * Function to validate that the buffer DNS response provided in <resp> and
329 * finishing before <bufend> is valid from a DNS protocol point of view.
330 * The caller can also ask the function to check if the response contains data
331 * for a domain name <dn_name> whose length is <dn_name_len> returns one of the
332 * DNS_RESP_* code.
333 */
334int dns_validate_dns_response(unsigned char *resp, unsigned char *bufend, char *dn_name, int dn_name_len)
335{
336 unsigned char *reader, *cname, *ptr;
Baptiste Assmann3440f0d2015-09-02 22:08:38 +0200[diff] [blame]337 int i, len, flags, type, ancount, cnamelen;
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]338
339 reader = resp;
340 cname = NULL;
341 cnamelen = 0;
342 len = 0;
343
344 /* move forward 2 bytes for the query id */
345 reader += 2;
346 if (reader >= bufend)
347 return DNS_RESP_INVALID;
348
349 /*
Baptiste Assmann3440f0d2015-09-02 22:08:38 +0200[diff] [blame]350 * flags are stored over 2 bytes
351 * First byte contains:
352 * - response flag (1 bit)
353 * - opcode (4 bits)
354 * - authoritative (1 bit)
355 * - truncated (1 bit)
356 * - recursion desired (1 bit)
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]357 */
Baptiste Assmann3440f0d2015-09-02 22:08:38 +0200[diff] [blame]358 if (reader + 2 >= bufend)
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]359 return DNS_RESP_INVALID;
360
Baptiste Assmann3440f0d2015-09-02 22:08:38 +0200[diff] [blame]361 flags = reader[0] * 256 + reader[1];
362
363 if (flags & DNS_FLAG_TRUNCATED)
364 return DNS_RESP_TRUNCATED;
365
366 if ((flags & DNS_FLAG_REPLYCODE) != DNS_RCODE_NO_ERROR) {
367 if ((flags & DNS_FLAG_REPLYCODE) == DNS_RCODE_NX_DOMAIN)
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]368 return DNS_RESP_NX_DOMAIN;
Baptiste Assmann3440f0d2015-09-02 22:08:38 +0200[diff] [blame]369 else if ((flags & DNS_FLAG_REPLYCODE) == DNS_RCODE_REFUSED)
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]370 return DNS_RESP_REFUSED;
371
372 return DNS_RESP_ERROR;
373 }
374
Baptiste Assmann3440f0d2015-09-02 22:08:38 +0200[diff] [blame]375 /* move forward 2 bytes for flags */
376 reader += 2;
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]377 if (reader >= bufend)
378 return DNS_RESP_INVALID;
379
380 /* move forward 2 bytes for question count */
381 reader += 2;
382 if (reader >= bufend)
383 return DNS_RESP_INVALID;
384
385 /* analyzing answer count */
386 if (reader + 2 > bufend)
387 return DNS_RESP_INVALID;
388 ancount = reader[0] * 256 + reader[1];
389
390 if (ancount == 0)
391 return DNS_RESP_ANCOUNT_ZERO;
392
393 /* move forward 2 bytes for answer count */
394 reader += 2;
395 if (reader >= bufend)
396 return DNS_RESP_INVALID;
397
398 /* move forward 4 bytes authority and additional count */
399 reader += 4;
400 if (reader >= bufend)
401 return DNS_RESP_INVALID;
402
403 /* check if the name can stand in response */
404 if (dn_name && ((reader + dn_name_len + 1) > bufend))
405 return DNS_RESP_INVALID;
406
407 /* check hostname */
408 if (dn_name && (memcmp(reader, dn_name, dn_name_len) != 0))
409 return DNS_RESP_WRONG_NAME;
410
411 /* move forward hostname len bytes + 1 for NULL byte */
412 if (dn_name) {
413 reader = reader + dn_name_len + 1;
414 }
415 else {
416 ptr = reader;
417 while (*ptr) {
418 ptr++;
419 if (ptr >= bufend)
420 return DNS_RESP_INVALID;
421 }
422 reader = ptr + 1;
423 }
424
425 /* move forward 4 bytes for question type and question class */
426 reader += 4;
427 if (reader >= bufend)
428 return DNS_RESP_INVALID;
429
430 /* now parsing response records */
431 for (i = 1; i <= ancount; i++) {
432 if (reader >= bufend)
433 return DNS_RESP_INVALID;
434
435 /*
436 * name can be a pointer, so move forward reader cursor accordingly
437 * if 1st byte is '11XXXXXX', it means name is a pointer
438 * and 2nd byte gives the offset from resp where the hostname can
439 * be found
440 */
441 if ((*reader & 0xc0) == 0xc0) {
442 /*
443 * pointer, hostname can be found at resp + *(reader + 1)
444 */
445 if (reader + 1 > bufend)
446 return DNS_RESP_INVALID;
447
448 ptr = resp + *(reader + 1);
449
450 /* check if the pointer points inside the buffer */
451 if (ptr >= bufend)
452 return DNS_RESP_INVALID;
453 }
454 else {
455 /*
456 * name is a string which starts at first byte
457 * checking against last cname when recursing through the response
458 */
459 /* look for the end of the string and ensure it's in the buffer */
460 ptr = reader;
461 len = 0;
462 while (*ptr) {
463 ++len;
464 ++ptr;
465 if (ptr >= bufend)
466 return DNS_RESP_INVALID;
467 }
468
469 /* if cname is set, it means a CNAME recursion is in progress */
470 ptr = reader;
471 }
472
473 /* ptr now points to the name */
Baptiste Assmann2359ff12015-08-07 11:24:05 +0200[diff] [blame]474 if ((*reader & 0xc0) != 0xc0) {
475 /* if cname is set, it means a CNAME recursion is in progress */
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]476 if (cname) {
Baptiste Assmann2359ff12015-08-07 11:24:05 +0200[diff] [blame]477 /* check if the name can stand in response */
478 if ((reader + cnamelen) > bufend)
479 return DNS_RESP_INVALID;
480 /* compare cname and current name */
481 if (memcmp(ptr, cname, cnamelen) != 0)
482 return DNS_RESP_CNAME_ERROR;
483
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]484 cname = reader;
485 cnamelen = dns_str_to_dn_label_len((const char *)cname);
486
487 /* move forward cnamelen bytes + NULL byte */
488 reader += (cnamelen + 1);
489 }
Baptiste Assmann2359ff12015-08-07 11:24:05 +0200[diff] [blame]490 /* compare server hostname to current name */
491 else if (dn_name) {
492 /* check if the name can stand in response */
493 if ((reader + dn_name_len) > bufend)
494 return DNS_RESP_INVALID;
495 if (memcmp(ptr, dn_name, dn_name_len) != 0)
496 return DNS_RESP_WRONG_NAME;
497 }
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]498 else {
499 reader += (len + 1);
500 }
501 }
Baptiste Assmann2359ff12015-08-07 11:24:05 +0200[diff] [blame]502 else {
503 /* shortname in progress */
504 /* move forward 2 bytes for information pointer and address pointer */
505 reader += 2;
506 }
507
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]508 if (reader >= bufend)
509 return DNS_RESP_INVALID;
510
511 /*
512 * we know the record is either for our server hostname
513 * or a valid CNAME in a crecursion
514 */
515
516 /* now reading record type (A, AAAA, CNAME, etc...) */
517 if (reader + 2 > bufend)
518 return DNS_RESP_INVALID;
519 type = reader[0] * 256 + reader[1];
520
521 /* move forward 2 bytes for type (2) */
522 reader += 2;
523
524 /* move forward 6 bytes for class (2) and ttl (4) */
525 reader += 6;
526 if (reader >= bufend)
527 return DNS_RESP_INVALID;
528
529 /* now reading data len */
530 if (reader + 2 > bufend)
531 return DNS_RESP_INVALID;
532 len = reader[0] * 256 + reader[1];
533
534 /* move forward 2 bytes for data len */
535 reader += 2;
536
537 /* analyzing record content */
538 switch (type) {
539 case DNS_RTYPE_A:
540 /* ipv4 is stored on 4 bytes */
541 if (len != 4)
542 return DNS_RESP_INVALID;
543 break;
544
545 case DNS_RTYPE_CNAME:
546 cname = reader;
547 cnamelen = len;
548 break;
549
550 case DNS_RTYPE_AAAA:
551 /* ipv6 is stored on 16 bytes */
552 if (len != 16)
553 return DNS_RESP_INVALID;
554 break;
555 } /* switch (record type) */
556
557 /* move forward len for analyzing next record in the response */
558 reader += len;
559 } /* for i 0 to ancount */
560
561 return DNS_RESP_VALID;
562}
563
564/*
565 * search dn_name resolution in resp.
566 * If existing IP not found, return the first IP matching family_priority,
567 * otherwise, first ip found
568 * The following tasks are the responsibility of the caller:
569 * - resp contains an error free DNS response
570 * - the response matches the dn_name
571 * For both cases above, dns_validate_dns_response is required
572 * returns one of the DNS_UPD_* code
573 */
574int dns_get_ip_from_response(unsigned char *resp, unsigned char *resp_end,
575 char *dn_name, int dn_name_len, void *currentip, short currentip_sin_family,
576 int family_priority, void **newip, short *newip_sin_family)
577{
578 int i, ancount, cnamelen, type, data_len, currentip_found;
579 unsigned char *reader, *cname, *ptr, *newip4, *newip6;
580
581 cname = *newip = newip4 = newip6 = NULL;
582 cnamelen = currentip_found = 0;
583 *newip_sin_family = AF_UNSPEC;
584 ancount = (((struct dns_header *)resp)->ancount);
585 ancount = *(resp + 7);
586
587 /* bypass DNS response header */
588 reader = resp + sizeof(struct dns_header);
589
590 /* bypass DNS query section */
591 /* move forward hostname len bytes + 1 for NULL byte */
592 reader = reader + dn_name_len + 1;
593
594 /* move forward 4 bytes for question type and question class */
595 reader += 4;
596
597 /* now parsing response records */
598 for (i = 1; i <= ancount; i++) {
599 /*
600 * name can be a pointer, so move forward reader cursor accordingly
601 * if 1st byte is '11XXXXXX', it means name is a pointer
602 * and 2nd byte gives the offset from buf where the hostname can
603 * be found
604 */
605 if ((*reader & 0xc0) == 0xc0)
606 ptr = resp + *(reader + 1);
607 else
608 ptr = reader;
609
610 if (cname && memcmp(ptr, cname, cnamelen))
611 return DNS_UPD_NAME_ERROR;
612 else if (memcmp(ptr, dn_name, dn_name_len))
613 return DNS_UPD_NAME_ERROR;
614
615 if ((*reader & 0xc0) == 0xc0) {
616 /* move forward 2 bytes for information pointer and address pointer */
617 reader += 2;
618 }
619 else {
620 if (cname) {
621 cname = reader;
622 cnamelen = dns_str_to_dn_label_len((char *)cname);
623
624 /* move forward cnamelen bytes + NULL byte */
625 reader += (cnamelen + 1);
626 }
627 else {
628 /* move forward dn_name_len bytes + NULL byte */
629 reader += (dn_name_len + 1);
630 }
631 }
632
633 /*
634 * we know the record is either for our server hostname
635 * or a valid CNAME in a crecursion
636 */
637
638 /* now reading record type (A, AAAA, CNAME, etc...) */
639 type = reader[0] * 256 + reader[1];
640
641 /* move forward 2 bytes for type (2) */
642 reader += 2;
643
644 /* move forward 6 bytes for class (2) and ttl (4) */
645 reader += 6;
646
647 /* now reading data len */
648 data_len = reader[0] * 256 + reader[1];
649
650 /* move forward 2 bytes for data len */
651 reader += 2;
652
653 /* analyzing record content */
654 switch (type) {
655 case DNS_RTYPE_A:
656 /* check if current reccord's IP is the same as server one's */
657 if ((currentip_sin_family == AF_INET)
658 && (*(uint32_t *)reader == *(uint32_t *)currentip)) {
659 currentip_found = 1;
660 newip4 = reader;
661 /* we can stop now if server's family preference is IPv4
662 * and its current IP is found in the response list */
663 if (family_priority == AF_INET)
664 return DNS_UPD_NO; /* DNS_UPD matrix #1 */
665 }
666 else if (!newip4) {
667 newip4 = reader;
668 }
669
670 /* move forward data_len for analyzing next record in the response */
671 reader += data_len;
672 break;
673
674 case DNS_RTYPE_CNAME:
675 cname = reader;
676 cnamelen = data_len;
677
678 reader += data_len;
679 break;
680
681 case DNS_RTYPE_AAAA:
682 /* check if current record's IP is the same as server's one */
683 if ((currentip_sin_family == AF_INET6) && (memcmp(reader, currentip, 16) == 0)) {
684 currentip_found = 1;
685 newip6 = reader;
686 /* we can stop now if server's preference is IPv6 or is not
687 * set (which implies we prioritize IPv6 over IPv4 */
688 if (family_priority == AF_INET6)
689 return DNS_UPD_NO;
690 }
691 else if (!newip6) {
692 newip6 = reader;
693 }
694
695 /* move forward data_len for analyzing next record in the response */
696 reader += data_len;
697 break;
698
699 default:
700 /* not supported record type */
701 /* move forward data_len for analyzing next record in the response */
702 reader += data_len;
703 } /* switch (record type) */
704 } /* for i 0 to ancount */
705
706 /* only CNAMEs in the response, no IP found */
707 if (cname && !newip4 && !newip6) {
708 return DNS_UPD_CNAME;
709 }
710
711 /* case when the caller looks first for an IPv4 address */
712 if (family_priority == AF_INET) {
713 if (newip4) {
714 *newip = newip4;
715 *newip_sin_family = AF_INET;
716 if (currentip_found == 1)
717 return DNS_UPD_NO;
718 return DNS_UPD_SRVIP_NOT_FOUND;
719 }
720 else if (newip6) {
721 *newip = newip6;
722 *newip_sin_family = AF_INET6;
723 if (currentip_found == 1)
724 return DNS_UPD_NO;
725 return DNS_UPD_SRVIP_NOT_FOUND;
726 }
727 }
728 /* case when the caller looks first for an IPv6 address */
729 else if (family_priority == AF_INET6) {
730 if (newip6) {
731 *newip = newip6;
732 *newip_sin_family = AF_INET6;
733 if (currentip_found == 1)
734 return DNS_UPD_NO;
735 return DNS_UPD_SRVIP_NOT_FOUND;
736 }
737 else if (newip4) {
738 *newip = newip4;
739 *newip_sin_family = AF_INET;
740 if (currentip_found == 1)
741 return DNS_UPD_NO;
742 return DNS_UPD_SRVIP_NOT_FOUND;
743 }
744 }
745 /* case when the caller have no preference (we prefer IPv6) */
746 else if (family_priority == AF_UNSPEC) {
747 if (newip6) {
748 *newip = newip6;
749 *newip_sin_family = AF_INET6;
750 if (currentip_found == 1)
751 return DNS_UPD_NO;
752 return DNS_UPD_SRVIP_NOT_FOUND;
753 }
754 else if (newip4) {
755 *newip = newip4;
756 *newip_sin_family = AF_INET;
757 if (currentip_found == 1)
758 return DNS_UPD_NO;
759 return DNS_UPD_SRVIP_NOT_FOUND;
760 }
761 }
762
763 /* no reason why we should change the server's IP address */
764 return DNS_UPD_NO;
765}
766
767/*
768 * returns the query id contained in a DNS response
769 */
770int dns_response_get_query_id(unsigned char *resp)
771{
772 /* read the query id from the response */
773 return resp[0] * 256 + resp[1];
774}
775
776/*
777 * used during haproxy's init phase
778 * parses resolvers sections and initializes:
779 * - task (time events) for each resolvers section
780 * - the datagram layer (network IO events) for each nameserver
781 * returns:
782 * 0 in case of error
783 * 1 when no error
784 */
785int dns_init_resolvers(void)
786{
787 struct dns_resolvers *curr_resolvers;
788 struct dns_nameserver *curnameserver;
789 struct dgram_conn *dgram;
790 struct task *t;
791 int fd;
792
793 /* give a first random value to our dns query_id seed */
794 dns_query_id_seed = random();
795
796 /* run through the resolvers section list */
797 list_for_each_entry(curr_resolvers, &dns_resolvers, list) {
798 /* create the task associated to the resolvers section */
799 if ((t = task_new()) == NULL) {
800 Alert("Starting [%s] resolvers: out of memory.\n", curr_resolvers->id);
801 return 0;
802 }
803
804 /* update task's parameters */
805 t->process = dns_process_resolve;
806 t->context = curr_resolvers;
807 t->expire = TICK_ETERNITY;
808
809 curr_resolvers->t = t;
810
811 list_for_each_entry(curnameserver, &curr_resolvers->nameserver_list, list) {
812 if ((dgram = calloc(1, sizeof(struct dgram_conn))) == NULL) {
813 Alert("Starting [%s/%s] nameserver: out of memory.\n", curr_resolvers->id,
814 curnameserver->id);
815 return 0;
816 }
817 /* update datagram's parameters */
818 dgram->owner = (void *)curnameserver;
819 dgram->data = &resolve_dgram_cb;
820
821 /* create network UDP socket for this nameserver */
822 if ((fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) {
823 Alert("Starting [%s/%s] nameserver: can't create socket.\n", curr_resolvers->id,
824 curnameserver->id);
825 free(dgram);
826 dgram = NULL;
827 return 0;
828 }
829
830 /* "connect" the UDP socket to the name server IP */
831 if (connect(fd, (struct sockaddr*)&curnameserver->addr, sizeof(curnameserver->addr)) == -1) {
832 Alert("Starting [%s/%s] nameserver: can't connect socket.\n", curr_resolvers->id,
833 curnameserver->id);
834 close(fd);
835 free(dgram);
836 dgram = NULL;
837 return 0;
838 }
839
840 /* make the socket non blocking */
841 fcntl(fd, F_SETFL, O_NONBLOCK);
842
843 /* add the fd in the fd list and update its parameters */
844 fd_insert(fd);
845 fdtab[fd].owner = dgram;
846 fdtab[fd].iocb = dgram_fd_handler;
847 fd_want_recv(fd);
848 dgram->t.sock.fd = fd;
849
850 /* update nameserver's datagram property */
851 curnameserver->dgram = dgram;
852
853 continue;
854 }
855
856 /* task can be queued */
857 task_queue(t);
858 }
859
860 return 1;
861}
862
863/*
864 * Forge a DNS query. It needs the following information from the caller:
865 * - <query_id>: the DNS query id corresponding to this query
866 * - <query_type>: DNS_RTYPE_* request DNS record type (A, AAAA, ANY, etc...)
867 * - <hostname_dn>: hostname in domain name format
868 * - <hostname_dn_len>: length of <hostname_dn>
869 * To store the query, the caller must pass a buffer <buf> and its size <bufsize>
870 *
871 * the DNS query is stored in <buf>
872 * returns:
873 * -1 if <buf> is too short
874 */
875int dns_build_query(int query_id, int query_type, char *hostname_dn, int hostname_dn_len, char *buf, int bufsize)
876{
877 struct dns_header *dns;
878 struct dns_question *qinfo;
879 char *ptr, *bufend;
880
881 memset(buf, '\0', bufsize);
882 ptr = buf;
883 bufend = buf + bufsize;
884
885 /* check if there is enough room for DNS headers */
886 if (ptr + sizeof(struct dns_header) >= bufend)
887 return -1;
888
889 /* set dns query headers */
890 dns = (struct dns_header *)ptr;
891 dns->id = (unsigned short) htons(query_id);
892 dns->qr = 0; /* query */
893 dns->opcode = 0;
894 dns->aa = 0;
895 dns->tc = 0;
896 dns->rd = 1; /* recursion desired */
897 dns->ra = 0;
898 dns->z = 0;
899 dns->rcode = 0;
900 dns->qdcount = htons(1); /* 1 question */
901 dns->ancount = 0;
902 dns->nscount = 0;
903 dns->arcount = 0;
904
905 /* move forward ptr */
906 ptr += sizeof(struct dns_header);
907
908 /* check if there is enough room for query hostname */
909 if ((ptr + hostname_dn_len) >= bufend)
910 return -1;
911
912 /* set up query hostname */
913 memcpy(ptr, hostname_dn, hostname_dn_len);
914 ptr[hostname_dn_len + 1] = '\0';
915
916 /* move forward ptr */
917 ptr += (hostname_dn_len + 1);
918
919 /* check if there is enough room for query hostname*/
920 if (ptr + sizeof(struct dns_question) >= bufend)
921 return -1;
922
923 /* set up query info (type and class) */
924 qinfo = (struct dns_question *)ptr;
925 qinfo->qtype = htons(query_type);
926 qinfo->qclass = htons(DNS_RCLASS_IN);
927
928 ptr += sizeof(struct dns_question);
929
930 return ptr - buf;
931}
932
933/*
934 * turn a string into domain name label:
935 * www.haproxy.org into 3www7haproxy3org
936 * if dn memory is pre-allocated, you must provide its size in dn_len
937 * if dn memory isn't allocated, dn_len must be set to 0.
938 * In the second case, memory will be allocated.
939 * in case of error, -1 is returned, otherwise, number of bytes copied in dn
940 */
Willy Tarreau2100b492015-07-22 16:42:43 +0200[diff] [blame]941char *dns_str_to_dn_label(const char *string, char *dn, int dn_len)
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]942{
943 char *c, *d;
944 int i, offset;
945
946 /* offset between string size and theorical dn size */
947 offset = 1;
948
949 /*
950 * first, get the size of the string turned into its domain name version
951 * This function also validates the string respect the RFC
952 */
953 if ((i = dns_str_to_dn_label_len(string)) == -1)
954 return NULL;
955
956 /* yes, so let's check there is enough memory */
957 if (dn_len < i + offset)
958 return NULL;
959
Willy Tarreaud69d6f32015-07-22 16:45:36 +0200[diff] [blame]960 i = strlen(string);
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]961 memcpy(dn + offset, string, i);
962 dn[i + offset] = '\0';
963 /* avoid a '\0' at the beginning of dn string which may prevent the for loop
964 * below from working.
965 * Actually, this is the reason of the offset. */
966 dn[0] = '0';
967
968 for (c = dn; *c ; ++c) {
969 /* c points to the first '0' char or a dot, which we don't want to read */
970 d = c + offset;
971 i = 0;
972 while (*d != '.' && *d) {
973 i++;
974 d++;
975 }
976 *c = i;
977
978 c = d - 1; /* because of c++ of the for loop */
979 }
980
981 return dn;
982}
983
984/*
985 * compute and return the length of <string> it it were translated into domain name
986 * label:
987 * www.haproxy.org into 3www7haproxy3org would return 16
988 * NOTE: add +1 for '\0' when allocating memory ;)
989 */
990int dns_str_to_dn_label_len(const char *string)
991{
992 return strlen(string) + 1;
993}
994
995/*
996 * validates host name:
997 * - total size
998 * - each label size individually
999 * returns:
1000 * 0 in case of error. If <err> is not NULL, an error message is stored there.
1001 * 1 when no error. <err> is left unaffected.
1002 */
1003int dns_hostname_validation(const char *string, char **err)
1004{
1005 const char *c, *d;
1006 int i;
1007
1008 if (strlen(string) > DNS_MAX_NAME_SIZE) {
1009 if (err)
1010 *err = DNS_TOO_LONG_FQDN;
1011 return 0;
1012 }
1013
1014 c = string;
1015 while (*c) {
1016 d = c;
1017
1018 i = 0;
1019 while (*d != '.' && *d && i <= DNS_MAX_LABEL_SIZE) {
1020 i++;
1021 if (!((*d == '-') || (*d == '_') ||
1022 ((*d >= 'a') && (*d <= 'z')) ||
1023 ((*d >= 'A') && (*d <= 'Z')) ||
1024 ((*d >= '0') && (*d <= '9')))) {
1025 if (err)
1026 *err = DNS_INVALID_CHARACTER;
1027 return 0;
1028 }
1029 d++;
1030 }
1031
1032 if ((i >= DNS_MAX_LABEL_SIZE) && (d[i] != '.')) {
1033 if (err)
1034 *err = DNS_LABEL_TOO_LONG;
1035 return 0;
1036 }
1037
1038 if (*d == '\0')
1039 goto out;
1040
1041 c = ++d;
1042 }
1043 out:
1044 return 1;
1045}
1046
1047/*
1048 * 2 bytes random generator to generate DNS query ID
1049 */
1050uint16_t dns_rnd16(void)
1051{
1052 dns_query_id_seed ^= dns_query_id_seed << 13;
1053 dns_query_id_seed ^= dns_query_id_seed >> 7;
1054 dns_query_id_seed ^= dns_query_id_seed << 17;
1055 return dns_query_id_seed;
1056}
1057
1058
1059/*
1060 * function called when a timeout occurs during name resolution process
1061 * if max number of tries is reached, then stop, otherwise, retry.
1062 */
1063struct task *dns_process_resolve(struct task *t)
1064{
1065 struct dns_resolvers *resolvers = t->context;
1066 struct dns_resolution *resolution, *res_back;
1067
1068 /* timeout occurs inevitably for the first element of the FIFO queue */
1069 if (LIST_ISEMPTY(&resolvers->curr_resolution)) {
1070 /* no first entry, so wake up was useless */
1071 t->expire = TICK_ETERNITY;
1072 return t;
1073 }
1074
1075 /* look for the first resolution which is not expired */
1076 list_for_each_entry_safe(resolution, res_back, &resolvers->curr_resolution, list) {
1077 /* when we find the first resolution in the future, then we can stop here */
1078 if (tick_is_le(now_ms, resolution->last_sent_packet))
1079 goto out;
1080
1081 /*
1082 * if current resolution has been tried too many times and finishes in timeout
1083 * we update its status and remove it from the list
1084 */
1085 if (resolution->try >= resolvers->resolve_retries) {
1086 /* clean up resolution information and remove from the list */
1087 dns_reset_resolution(resolution);
1088
1089 /* notify the result to the requester */
1090 resolution->requester_error_cb(resolution, DNS_RESP_TIMEOUT);
1091 }
1092
1093 /* check current resolution status */
1094 if (resolution->step == RSLV_STEP_RUNNING) {
1095 /* resend the DNS query */
1096 dns_send_query(resolution);
1097
1098 /* check if we have more than one resolution in the list */
1099 if (dns_check_resolution_queue(resolvers) > 1) {
1100 /* move the rsolution to the end of the list */
1101 LIST_DEL(&resolution->list);
1102 LIST_ADDQ(&resolvers->curr_resolution, &resolution->list);
1103 }
1104 }
1105 }
1106
1107 out:
1108 dns_update_resolvers_timeout(resolvers);
1109 return t;
1110}