Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 8c1ad716dff4d99f1a70bd5c541f3630ea9589ea / . / src / dns.c
blob: fee5f5fc2894f77cc1fb02abd2434c121687cb2d [file] [log] [blame]
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]1/*
2 * Name server resolution
3 *
4 * Copyright 2014 Baptiste Assmann <bedis9@gmail.com>
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 */
12
13#include <errno.h>
14#include <fcntl.h>
15#include <stdio.h>
16#include <stdlib.h>
17#include <string.h>
18#include <unistd.h>
19
20#include <sys/types.h>
21
22#include <common/time.h>
23#include <common/ticks.h>
24
25#include <types/global.h>
26#include <types/dns.h>
27#include <types/proto_udp.h>
28
29#include <proto/checks.h>
30#include <proto/dns.h>
31#include <proto/fd.h>
32#include <proto/log.h>
33#include <proto/server.h>
34#include <proto/task.h>
35#include <proto/proto_udp.h>
36
37struct list dns_resolvers = LIST_HEAD_INIT(dns_resolvers);
38struct dns_resolution *resolution = NULL;
39
40static int64_t dns_query_id_seed; /* random seed */
41
42/* proto_udp callback functions for a DNS resolution */
43struct dgram_data_cb resolve_dgram_cb = {
44 .recv = dns_resolve_recv,
45 .send = dns_resolve_send,
46};
47
48#if DEBUG
49/*
50 * go through the resolutions associated to a resolvers section and print the ID and hostname in
51 * domain name format
52 * should be used for debug purpose only
53 */
54void dns_print_current_resolutions(struct dns_resolvers *resolvers)
55{
56 list_for_each_entry(resolution, &resolvers->curr_resolution, list) {
57 printf(" resolution %d for %s\n", resolution->query_id, resolution->hostname_dn);
58 }
59}
60#endif
61
62/*
63 * check if there is more than 1 resolution in the resolver's resolution list
64 * return value:
65 * 0: empty list
66 * 1: exactly one entry in the list
67 * 2: more than one entry in the list
68 */
69int dns_check_resolution_queue(struct dns_resolvers *resolvers)
70{
71
72 if (LIST_ISEMPTY(&resolvers->curr_resolution))
73 return 0;
74
75 if ((resolvers->curr_resolution.n) && (resolvers->curr_resolution.n == resolvers->curr_resolution.p))
76 return 1;
77
78 if (! ((resolvers->curr_resolution.n == resolvers->curr_resolution.p)
79 && (&resolvers->curr_resolution != resolvers->curr_resolution.n)))
80 return 2;
81
82 return 0;
83}
84
85/*
86 * reset all parameters of a DNS resolution to 0 (or equivalent)
87 * and clean it up from all associated lists (resolution->qid and resolution->list)
88 */
89void dns_reset_resolution(struct dns_resolution *resolution)
90{
91 /* update resolution status */
92 resolution->step = RSLV_STEP_NONE;
93
94 resolution->try = 0;
95 resolution->try_cname = 0;
96 resolution->last_resolution = now_ms;
97 resolution->nb_responses = 0;
98
99 /* clean up query id */
100 eb32_delete(&resolution->qid);
101 resolution->query_id = 0;
102 resolution->qid.key = 0;
103
104 /* default values */
105 resolution->query_type = DNS_RTYPE_ANY;
106
107 /* the second resolution in the queue becomes the first one */
108 LIST_DEL(&resolution->list);
109}
110
111/*
112 * function called when a network IO is generated on a name server socket for an incoming packet
113 * It performs the following actions:
114 * - check if the packet requires processing (not outdated resolution)
115 * - ensure the DNS packet received is valid and call requester's callback
116 * - call requester's error callback if invalid response
117 */
118void dns_resolve_recv(struct dgram_conn *dgram)
119{
120 struct dns_nameserver *nameserver;
121 struct dns_resolvers *resolvers;
122 struct dns_resolution *resolution;
123 unsigned char buf[DNS_MAX_UDP_MESSAGE + 1];
124 unsigned char *bufend;
125 int fd, buflen, ret;
126 unsigned short query_id;
127 struct eb32_node *eb;
128
129 fd = dgram->t.sock.fd;
130
131 /* check if ready for reading */
132 if (!fd_recv_ready(fd))
133 return;
134
135 /* no need to go further if we can't retrieve the nameserver */
136 if ((nameserver = (struct dns_nameserver *)dgram->owner) == NULL)
137 return;
138
139 resolvers = nameserver->resolvers;
140
141 /* process all pending input messages */
142 while (1) {
143 /* read message received */
144 memset(buf, '\0', DNS_MAX_UDP_MESSAGE + 1);
145 if ((buflen = recv(fd, (char*)buf , DNS_MAX_UDP_MESSAGE, 0)) < 0) {
146 /* FIXME : for now we consider EAGAIN only */
147 fd_cant_recv(fd);
148 break;
149 }
150
151 /* message too big */
152 if (buflen > DNS_MAX_UDP_MESSAGE) {
153 nameserver->counters.too_big += 1;
154 continue;
155 }
156
157 /* initializing variables */
158 bufend = buf + buflen; /* pointer to mark the end of the buffer */
159
160 /* read the query id from the packet (16 bits) */
161 if (buf + 2 > bufend) {
162 nameserver->counters.invalid += 1;
163 continue;
164 }
165 query_id = dns_response_get_query_id(buf);
166
167 /* search the query_id in the pending resolution tree */
Baptiste Assmann01daef32015-09-02 22:05:24 +0200[diff] [blame]168 eb = eb32_lookup(&resolvers->query_ids, query_id);
169 if (eb == NULL) {
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]170 /* unknown query id means an outdated response and can be safely ignored */
171 nameserver->counters.outdated += 1;
172 continue;
173 }
174
175 /* known query id means a resolution in prgress */
176 resolution = eb32_entry(eb, struct dns_resolution, qid);
177
178 if (!resolution) {
179 nameserver->counters.outdated += 1;
180 continue;
181 }
182
183 /* number of responses received */
184 resolution->nb_responses += 1;
185
186 ret = dns_validate_dns_response(buf, bufend, resolution->hostname_dn, resolution->hostname_dn_len);
187
188 /* treat only errors */
189 switch (ret) {
190 case DNS_RESP_INVALID:
191 case DNS_RESP_WRONG_NAME:
192 nameserver->counters.invalid += 1;
193 resolution->requester_error_cb(resolution, DNS_RESP_INVALID);
194 continue;
195
196 case DNS_RESP_ERROR:
197 nameserver->counters.other += 1;
198 resolution->requester_error_cb(resolution, DNS_RESP_ERROR);
199 continue;
200
201 case DNS_RESP_ANCOUNT_ZERO:
202 nameserver->counters.any_err += 1;
203 resolution->requester_error_cb(resolution, DNS_RESP_ANCOUNT_ZERO);
204 continue;
205
206 case DNS_RESP_NX_DOMAIN:
207 nameserver->counters.nx += 1;
208 resolution->requester_error_cb(resolution, DNS_RESP_NX_DOMAIN);
209 continue;
210
211 case DNS_RESP_REFUSED:
212 nameserver->counters.refused += 1;
213 resolution->requester_error_cb(resolution, DNS_RESP_REFUSED);
214 continue;
215
216 case DNS_RESP_CNAME_ERROR:
217 nameserver->counters.cname_error += 1;
218 resolution->requester_error_cb(resolution, DNS_RESP_CNAME_ERROR);
219 continue;
220
Baptiste Assmann0df5d962015-09-02 21:58:32 +0200[diff] [blame]221 case DNS_RESP_TRUNCATED:
222 nameserver->counters.truncated += 1;
223 resolution->requester_error_cb(resolution, DNS_RESP_TRUNCATED);
224 continue;
Baptiste Assmann96972bc2015-09-09 00:46:58 +0200[diff] [blame]225
226 case DNS_RESP_NO_EXPECTED_RECORD:
227 nameserver->counters.other += 1;
228 resolution->requester_error_cb(resolution, DNS_RESP_NO_EXPECTED_RECORD);
229 continue;
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]230 }
231
Baptiste Assmann37bb3722015-08-07 10:18:32 +0200[diff] [blame]232 nameserver->counters.valid += 1;
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]233 resolution->requester_cb(resolution, nameserver, buf, buflen);
234 }
235}
236
237/*
238 * function called when a resolvers network socket is ready to send data
239 * It performs the following actions:
240 */
241void dns_resolve_send(struct dgram_conn *dgram)
242{
243 int fd;
244 struct dns_nameserver *nameserver;
245 struct dns_resolvers *resolvers;
246 struct dns_resolution *resolution;
247
248 fd = dgram->t.sock.fd;
249
250 /* check if ready for sending */
251 if (!fd_send_ready(fd))
252 return;
253
254 /* we don't want/need to be waked up any more for sending */
255 fd_stop_send(fd);
256
257 /* no need to go further if we can't retrieve the nameserver */
258 if ((nameserver = (struct dns_nameserver *)dgram->owner) == NULL)
259 return;
260
261 resolvers = nameserver->resolvers;
262 resolution = LIST_NEXT(&resolvers->curr_resolution, struct dns_resolution *, list);
263
264 dns_send_query(resolution);
265 dns_update_resolvers_timeout(resolvers);
266}
267
268/*
269 * forge and send a DNS query to resolvers associated to a resolution
270 * It performs the following actions:
271 * returns:
272 * 0 in case of error or safe ignorance
273 * 1 if no error
274 */
275int dns_send_query(struct dns_resolution *resolution)
276{
277 struct dns_resolvers *resolvers;
278 struct dns_nameserver *nameserver;
279 int ret, send_error, bufsize, fd;
280
281 resolvers = resolution->resolvers;
282
283 ret = send_error = 0;
284 bufsize = dns_build_query(resolution->query_id, resolution->query_type, resolution->hostname_dn,
285 resolution->hostname_dn_len, trash.str, trash.size);
286
287 if (bufsize == -1)
288 return 0;
289
290 list_for_each_entry(nameserver, &resolvers->nameserver_list, list) {
291 fd = nameserver->dgram->t.sock.fd;
292 errno = 0;
293
294 ret = send(fd, trash.str, bufsize, 0);
295
296 if (ret > 0)
297 nameserver->counters.sent += 1;
298
299 if (ret == 0 || errno == EAGAIN) {
300 /* nothing written, let's update the poller that we wanted to send
301 * but we were not able to */
302 fd_want_send(fd);
303 fd_cant_send(fd);
304 }
305 }
306
307 /* update resolution */
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]308 resolution->nb_responses = 0;
309 resolution->last_sent_packet = now_ms;
310
311 return 1;
312}
313
314/*
315 * update a resolvers' task timeout for next wake up
316 */
317void dns_update_resolvers_timeout(struct dns_resolvers *resolvers)
318{
319 struct dns_resolution *resolution;
320
321 if (LIST_ISEMPTY(&resolvers->curr_resolution)) {
322 /* no more resolution pending, so no wakeup anymore */
323 resolvers->t->expire = TICK_ETERNITY;
324 }
325 else {
326 resolution = LIST_NEXT(&resolvers->curr_resolution, struct dns_resolution *, list);
327 resolvers->t->expire = tick_add(resolution->last_sent_packet, resolvers->timeout.retry);
328 }
329}
330
331/*
332 * Function to validate that the buffer DNS response provided in <resp> and
333 * finishing before <bufend> is valid from a DNS protocol point of view.
334 * The caller can also ask the function to check if the response contains data
335 * for a domain name <dn_name> whose length is <dn_name_len> returns one of the
336 * DNS_RESP_* code.
337 */
338int dns_validate_dns_response(unsigned char *resp, unsigned char *bufend, char *dn_name, int dn_name_len)
339{
340 unsigned char *reader, *cname, *ptr;
Baptiste Assmann96972bc2015-09-09 00:46:58 +0200[diff] [blame]341 int i, len, flags, type, ancount, cnamelen, expected_record;
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]342
343 reader = resp;
344 cname = NULL;
345 cnamelen = 0;
346 len = 0;
Baptiste Assmann96972bc2015-09-09 00:46:58 +0200[diff] [blame]347 expected_record = 0; /* flag to report if at least one expected record type is found in the response.
348 * For now, only records containing an IP address (A and AAAA) are
349 * considered as expected.
350 * Later, this function may be updated to let the caller decide what type
351 * of record is expected to consider the response as valid. (SRV or TXT types)
352 */
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]353
354 /* move forward 2 bytes for the query id */
355 reader += 2;
356 if (reader >= bufend)
357 return DNS_RESP_INVALID;
358
359 /*
Baptiste Assmann3440f0d2015-09-02 22:08:38 +0200[diff] [blame]360 * flags are stored over 2 bytes
361 * First byte contains:
362 * - response flag (1 bit)
363 * - opcode (4 bits)
364 * - authoritative (1 bit)
365 * - truncated (1 bit)
366 * - recursion desired (1 bit)
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]367 */
Baptiste Assmann3440f0d2015-09-02 22:08:38 +0200[diff] [blame]368 if (reader + 2 >= bufend)
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]369 return DNS_RESP_INVALID;
370
Baptiste Assmann3440f0d2015-09-02 22:08:38 +0200[diff] [blame]371 flags = reader[0] * 256 + reader[1];
372
373 if (flags & DNS_FLAG_TRUNCATED)
374 return DNS_RESP_TRUNCATED;
375
376 if ((flags & DNS_FLAG_REPLYCODE) != DNS_RCODE_NO_ERROR) {
377 if ((flags & DNS_FLAG_REPLYCODE) == DNS_RCODE_NX_DOMAIN)
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]378 return DNS_RESP_NX_DOMAIN;
Baptiste Assmann3440f0d2015-09-02 22:08:38 +0200[diff] [blame]379 else if ((flags & DNS_FLAG_REPLYCODE) == DNS_RCODE_REFUSED)
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]380 return DNS_RESP_REFUSED;
381
382 return DNS_RESP_ERROR;
383 }
384
Baptiste Assmann3440f0d2015-09-02 22:08:38 +0200[diff] [blame]385 /* move forward 2 bytes for flags */
386 reader += 2;
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]387 if (reader >= bufend)
388 return DNS_RESP_INVALID;
389
390 /* move forward 2 bytes for question count */
391 reader += 2;
392 if (reader >= bufend)
393 return DNS_RESP_INVALID;
394
395 /* analyzing answer count */
396 if (reader + 2 > bufend)
397 return DNS_RESP_INVALID;
398 ancount = reader[0] * 256 + reader[1];
399
400 if (ancount == 0)
401 return DNS_RESP_ANCOUNT_ZERO;
402
403 /* move forward 2 bytes for answer count */
404 reader += 2;
405 if (reader >= bufend)
406 return DNS_RESP_INVALID;
407
408 /* move forward 4 bytes authority and additional count */
409 reader += 4;
410 if (reader >= bufend)
411 return DNS_RESP_INVALID;
412
413 /* check if the name can stand in response */
414 if (dn_name && ((reader + dn_name_len + 1) > bufend))
415 return DNS_RESP_INVALID;
416
417 /* check hostname */
418 if (dn_name && (memcmp(reader, dn_name, dn_name_len) != 0))
419 return DNS_RESP_WRONG_NAME;
420
421 /* move forward hostname len bytes + 1 for NULL byte */
422 if (dn_name) {
423 reader = reader + dn_name_len + 1;
424 }
425 else {
426 ptr = reader;
427 while (*ptr) {
428 ptr++;
429 if (ptr >= bufend)
430 return DNS_RESP_INVALID;
431 }
432 reader = ptr + 1;
433 }
434
435 /* move forward 4 bytes for question type and question class */
436 reader += 4;
437 if (reader >= bufend)
438 return DNS_RESP_INVALID;
439
440 /* now parsing response records */
441 for (i = 1; i <= ancount; i++) {
442 if (reader >= bufend)
443 return DNS_RESP_INVALID;
444
445 /*
446 * name can be a pointer, so move forward reader cursor accordingly
447 * if 1st byte is '11XXXXXX', it means name is a pointer
448 * and 2nd byte gives the offset from resp where the hostname can
449 * be found
450 */
451 if ((*reader & 0xc0) == 0xc0) {
452 /*
453 * pointer, hostname can be found at resp + *(reader + 1)
454 */
455 if (reader + 1 > bufend)
456 return DNS_RESP_INVALID;
457
458 ptr = resp + *(reader + 1);
459
460 /* check if the pointer points inside the buffer */
461 if (ptr >= bufend)
462 return DNS_RESP_INVALID;
463 }
464 else {
465 /*
466 * name is a string which starts at first byte
467 * checking against last cname when recursing through the response
468 */
469 /* look for the end of the string and ensure it's in the buffer */
470 ptr = reader;
471 len = 0;
472 while (*ptr) {
473 ++len;
474 ++ptr;
475 if (ptr >= bufend)
476 return DNS_RESP_INVALID;
477 }
478
479 /* if cname is set, it means a CNAME recursion is in progress */
480 ptr = reader;
481 }
482
483 /* ptr now points to the name */
Baptiste Assmann2359ff12015-08-07 11:24:05 +0200[diff] [blame]484 if ((*reader & 0xc0) != 0xc0) {
485 /* if cname is set, it means a CNAME recursion is in progress */
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]486 if (cname) {
Baptiste Assmann2359ff12015-08-07 11:24:05 +0200[diff] [blame]487 /* check if the name can stand in response */
488 if ((reader + cnamelen) > bufend)
489 return DNS_RESP_INVALID;
490 /* compare cname and current name */
491 if (memcmp(ptr, cname, cnamelen) != 0)
492 return DNS_RESP_CNAME_ERROR;
493
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]494 cname = reader;
495 cnamelen = dns_str_to_dn_label_len((const char *)cname);
496
497 /* move forward cnamelen bytes + NULL byte */
498 reader += (cnamelen + 1);
499 }
Baptiste Assmann2359ff12015-08-07 11:24:05 +0200[diff] [blame]500 /* compare server hostname to current name */
501 else if (dn_name) {
502 /* check if the name can stand in response */
503 if ((reader + dn_name_len) > bufend)
504 return DNS_RESP_INVALID;
505 if (memcmp(ptr, dn_name, dn_name_len) != 0)
506 return DNS_RESP_WRONG_NAME;
507 }
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]508 else {
509 reader += (len + 1);
510 }
511 }
Baptiste Assmann2359ff12015-08-07 11:24:05 +0200[diff] [blame]512 else {
513 /* shortname in progress */
514 /* move forward 2 bytes for information pointer and address pointer */
515 reader += 2;
516 }
517
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]518 if (reader >= bufend)
519 return DNS_RESP_INVALID;
520
521 /*
522 * we know the record is either for our server hostname
523 * or a valid CNAME in a crecursion
524 */
525
526 /* now reading record type (A, AAAA, CNAME, etc...) */
527 if (reader + 2 > bufend)
528 return DNS_RESP_INVALID;
529 type = reader[0] * 256 + reader[1];
530
531 /* move forward 2 bytes for type (2) */
532 reader += 2;
533
534 /* move forward 6 bytes for class (2) and ttl (4) */
535 reader += 6;
536 if (reader >= bufend)
537 return DNS_RESP_INVALID;
538
539 /* now reading data len */
540 if (reader + 2 > bufend)
541 return DNS_RESP_INVALID;
542 len = reader[0] * 256 + reader[1];
543
544 /* move forward 2 bytes for data len */
545 reader += 2;
546
547 /* analyzing record content */
548 switch (type) {
549 case DNS_RTYPE_A:
550 /* ipv4 is stored on 4 bytes */
551 if (len != 4)
552 return DNS_RESP_INVALID;
Baptiste Assmann96972bc2015-09-09 00:46:58 +0200[diff] [blame]553 expected_record = 1;
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]554 break;
555
556 case DNS_RTYPE_CNAME:
557 cname = reader;
558 cnamelen = len;
559 break;
560
561 case DNS_RTYPE_AAAA:
562 /* ipv6 is stored on 16 bytes */
563 if (len != 16)
564 return DNS_RESP_INVALID;
Baptiste Assmann96972bc2015-09-09 00:46:58 +0200[diff] [blame]565 expected_record = 1;
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]566 break;
567 } /* switch (record type) */
568
569 /* move forward len for analyzing next record in the response */
570 reader += len;
571 } /* for i 0 to ancount */
572
Baptiste Assmann96972bc2015-09-09 00:46:58 +0200[diff] [blame]573 if (expected_record == 0)
574 return DNS_RESP_NO_EXPECTED_RECORD;
575
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]576 return DNS_RESP_VALID;
577}
578
579/*
580 * search dn_name resolution in resp.
581 * If existing IP not found, return the first IP matching family_priority,
582 * otherwise, first ip found
583 * The following tasks are the responsibility of the caller:
584 * - resp contains an error free DNS response
585 * - the response matches the dn_name
586 * For both cases above, dns_validate_dns_response is required
587 * returns one of the DNS_UPD_* code
588 */
589int dns_get_ip_from_response(unsigned char *resp, unsigned char *resp_end,
590 char *dn_name, int dn_name_len, void *currentip, short currentip_sin_family,
591 int family_priority, void **newip, short *newip_sin_family)
592{
593 int i, ancount, cnamelen, type, data_len, currentip_found;
594 unsigned char *reader, *cname, *ptr, *newip4, *newip6;
595
596 cname = *newip = newip4 = newip6 = NULL;
597 cnamelen = currentip_found = 0;
598 *newip_sin_family = AF_UNSPEC;
599 ancount = (((struct dns_header *)resp)->ancount);
600 ancount = *(resp + 7);
601
602 /* bypass DNS response header */
603 reader = resp + sizeof(struct dns_header);
604
605 /* bypass DNS query section */
606 /* move forward hostname len bytes + 1 for NULL byte */
607 reader = reader + dn_name_len + 1;
608
609 /* move forward 4 bytes for question type and question class */
610 reader += 4;
611
612 /* now parsing response records */
613 for (i = 1; i <= ancount; i++) {
614 /*
615 * name can be a pointer, so move forward reader cursor accordingly
616 * if 1st byte is '11XXXXXX', it means name is a pointer
617 * and 2nd byte gives the offset from buf where the hostname can
618 * be found
619 */
620 if ((*reader & 0xc0) == 0xc0)
621 ptr = resp + *(reader + 1);
622 else
623 ptr = reader;
624
625 if (cname && memcmp(ptr, cname, cnamelen))
626 return DNS_UPD_NAME_ERROR;
627 else if (memcmp(ptr, dn_name, dn_name_len))
628 return DNS_UPD_NAME_ERROR;
629
630 if ((*reader & 0xc0) == 0xc0) {
631 /* move forward 2 bytes for information pointer and address pointer */
632 reader += 2;
633 }
634 else {
635 if (cname) {
636 cname = reader;
637 cnamelen = dns_str_to_dn_label_len((char *)cname);
638
639 /* move forward cnamelen bytes + NULL byte */
640 reader += (cnamelen + 1);
641 }
642 else {
643 /* move forward dn_name_len bytes + NULL byte */
644 reader += (dn_name_len + 1);
645 }
646 }
647
648 /*
649 * we know the record is either for our server hostname
650 * or a valid CNAME in a crecursion
651 */
652
653 /* now reading record type (A, AAAA, CNAME, etc...) */
654 type = reader[0] * 256 + reader[1];
655
656 /* move forward 2 bytes for type (2) */
657 reader += 2;
658
659 /* move forward 6 bytes for class (2) and ttl (4) */
660 reader += 6;
661
662 /* now reading data len */
663 data_len = reader[0] * 256 + reader[1];
664
665 /* move forward 2 bytes for data len */
666 reader += 2;
667
668 /* analyzing record content */
669 switch (type) {
670 case DNS_RTYPE_A:
671 /* check if current reccord's IP is the same as server one's */
672 if ((currentip_sin_family == AF_INET)
673 && (*(uint32_t *)reader == *(uint32_t *)currentip)) {
674 currentip_found = 1;
675 newip4 = reader;
676 /* we can stop now if server's family preference is IPv4
677 * and its current IP is found in the response list */
678 if (family_priority == AF_INET)
679 return DNS_UPD_NO; /* DNS_UPD matrix #1 */
680 }
681 else if (!newip4) {
682 newip4 = reader;
683 }
684
685 /* move forward data_len for analyzing next record in the response */
686 reader += data_len;
687 break;
688
689 case DNS_RTYPE_CNAME:
690 cname = reader;
691 cnamelen = data_len;
692
693 reader += data_len;
694 break;
695
696 case DNS_RTYPE_AAAA:
697 /* check if current record's IP is the same as server's one */
698 if ((currentip_sin_family == AF_INET6) && (memcmp(reader, currentip, 16) == 0)) {
699 currentip_found = 1;
700 newip6 = reader;
701 /* we can stop now if server's preference is IPv6 or is not
702 * set (which implies we prioritize IPv6 over IPv4 */
703 if (family_priority == AF_INET6)
704 return DNS_UPD_NO;
705 }
706 else if (!newip6) {
707 newip6 = reader;
708 }
709
710 /* move forward data_len for analyzing next record in the response */
711 reader += data_len;
712 break;
713
714 default:
715 /* not supported record type */
716 /* move forward data_len for analyzing next record in the response */
717 reader += data_len;
718 } /* switch (record type) */
719 } /* for i 0 to ancount */
720
721 /* only CNAMEs in the response, no IP found */
722 if (cname && !newip4 && !newip6) {
723 return DNS_UPD_CNAME;
724 }
725
Baptiste Assmann0453a1d2015-09-09 00:51:08 +0200[diff] [blame]726 /* no IP found in the response */
727 if (!newip4 && !newip6) {
728 return DNS_UPD_NO_IP_FOUND;
729 }
730
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]731 /* case when the caller looks first for an IPv4 address */
732 if (family_priority == AF_INET) {
733 if (newip4) {
734 *newip = newip4;
735 *newip_sin_family = AF_INET;
736 if (currentip_found == 1)
737 return DNS_UPD_NO;
738 return DNS_UPD_SRVIP_NOT_FOUND;
739 }
740 else if (newip6) {
741 *newip = newip6;
742 *newip_sin_family = AF_INET6;
743 if (currentip_found == 1)
744 return DNS_UPD_NO;
745 return DNS_UPD_SRVIP_NOT_FOUND;
746 }
747 }
748 /* case when the caller looks first for an IPv6 address */
749 else if (family_priority == AF_INET6) {
750 if (newip6) {
751 *newip = newip6;
752 *newip_sin_family = AF_INET6;
753 if (currentip_found == 1)
754 return DNS_UPD_NO;
755 return DNS_UPD_SRVIP_NOT_FOUND;
756 }
757 else if (newip4) {
758 *newip = newip4;
759 *newip_sin_family = AF_INET;
760 if (currentip_found == 1)
761 return DNS_UPD_NO;
762 return DNS_UPD_SRVIP_NOT_FOUND;
763 }
764 }
765 /* case when the caller have no preference (we prefer IPv6) */
766 else if (family_priority == AF_UNSPEC) {
767 if (newip6) {
768 *newip = newip6;
769 *newip_sin_family = AF_INET6;
770 if (currentip_found == 1)
771 return DNS_UPD_NO;
772 return DNS_UPD_SRVIP_NOT_FOUND;
773 }
774 else if (newip4) {
775 *newip = newip4;
776 *newip_sin_family = AF_INET;
777 if (currentip_found == 1)
778 return DNS_UPD_NO;
779 return DNS_UPD_SRVIP_NOT_FOUND;
780 }
781 }
782
783 /* no reason why we should change the server's IP address */
784 return DNS_UPD_NO;
785}
786
787/*
788 * returns the query id contained in a DNS response
789 */
790int dns_response_get_query_id(unsigned char *resp)
791{
792 /* read the query id from the response */
793 return resp[0] * 256 + resp[1];
794}
795
796/*
797 * used during haproxy's init phase
798 * parses resolvers sections and initializes:
799 * - task (time events) for each resolvers section
800 * - the datagram layer (network IO events) for each nameserver
801 * returns:
802 * 0 in case of error
803 * 1 when no error
804 */
805int dns_init_resolvers(void)
806{
807 struct dns_resolvers *curr_resolvers;
808 struct dns_nameserver *curnameserver;
809 struct dgram_conn *dgram;
810 struct task *t;
811 int fd;
812
813 /* give a first random value to our dns query_id seed */
814 dns_query_id_seed = random();
815
816 /* run through the resolvers section list */
817 list_for_each_entry(curr_resolvers, &dns_resolvers, list) {
818 /* create the task associated to the resolvers section */
819 if ((t = task_new()) == NULL) {
820 Alert("Starting [%s] resolvers: out of memory.\n", curr_resolvers->id);
821 return 0;
822 }
823
824 /* update task's parameters */
825 t->process = dns_process_resolve;
826 t->context = curr_resolvers;
827 t->expire = TICK_ETERNITY;
828
829 curr_resolvers->t = t;
830
831 list_for_each_entry(curnameserver, &curr_resolvers->nameserver_list, list) {
832 if ((dgram = calloc(1, sizeof(struct dgram_conn))) == NULL) {
833 Alert("Starting [%s/%s] nameserver: out of memory.\n", curr_resolvers->id,
834 curnameserver->id);
835 return 0;
836 }
837 /* update datagram's parameters */
838 dgram->owner = (void *)curnameserver;
839 dgram->data = &resolve_dgram_cb;
840
841 /* create network UDP socket for this nameserver */
842 if ((fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) {
843 Alert("Starting [%s/%s] nameserver: can't create socket.\n", curr_resolvers->id,
844 curnameserver->id);
845 free(dgram);
846 dgram = NULL;
847 return 0;
848 }
849
850 /* "connect" the UDP socket to the name server IP */
Baptiste Assmann8c62c472015-09-21 20:55:08 +0200[diff] [blame]851 if (connect(fd, (struct sockaddr*)&curnameserver->addr, get_addr_len(&curnameserver->addr)) == -1) {
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]852 Alert("Starting [%s/%s] nameserver: can't connect socket.\n", curr_resolvers->id,
853 curnameserver->id);
854 close(fd);
855 free(dgram);
856 dgram = NULL;
857 return 0;
858 }
859
860 /* make the socket non blocking */
861 fcntl(fd, F_SETFL, O_NONBLOCK);
862
863 /* add the fd in the fd list and update its parameters */
864 fd_insert(fd);
865 fdtab[fd].owner = dgram;
866 fdtab[fd].iocb = dgram_fd_handler;
867 fd_want_recv(fd);
868 dgram->t.sock.fd = fd;
869
870 /* update nameserver's datagram property */
871 curnameserver->dgram = dgram;
872
873 continue;
874 }
875
876 /* task can be queued */
877 task_queue(t);
878 }
879
880 return 1;
881}
882
883/*
884 * Forge a DNS query. It needs the following information from the caller:
885 * - <query_id>: the DNS query id corresponding to this query
886 * - <query_type>: DNS_RTYPE_* request DNS record type (A, AAAA, ANY, etc...)
887 * - <hostname_dn>: hostname in domain name format
888 * - <hostname_dn_len>: length of <hostname_dn>
889 * To store the query, the caller must pass a buffer <buf> and its size <bufsize>
890 *
891 * the DNS query is stored in <buf>
892 * returns:
893 * -1 if <buf> is too short
894 */
895int dns_build_query(int query_id, int query_type, char *hostname_dn, int hostname_dn_len, char *buf, int bufsize)
896{
897 struct dns_header *dns;
898 struct dns_question *qinfo;
899 char *ptr, *bufend;
900
901 memset(buf, '\0', bufsize);
902 ptr = buf;
903 bufend = buf + bufsize;
904
905 /* check if there is enough room for DNS headers */
906 if (ptr + sizeof(struct dns_header) >= bufend)
907 return -1;
908
909 /* set dns query headers */
910 dns = (struct dns_header *)ptr;
911 dns->id = (unsigned short) htons(query_id);
912 dns->qr = 0; /* query */
913 dns->opcode = 0;
914 dns->aa = 0;
915 dns->tc = 0;
916 dns->rd = 1; /* recursion desired */
917 dns->ra = 0;
918 dns->z = 0;
919 dns->rcode = 0;
920 dns->qdcount = htons(1); /* 1 question */
921 dns->ancount = 0;
922 dns->nscount = 0;
923 dns->arcount = 0;
924
925 /* move forward ptr */
926 ptr += sizeof(struct dns_header);
927
928 /* check if there is enough room for query hostname */
929 if ((ptr + hostname_dn_len) >= bufend)
930 return -1;
931
932 /* set up query hostname */
933 memcpy(ptr, hostname_dn, hostname_dn_len);
934 ptr[hostname_dn_len + 1] = '\0';
935
936 /* move forward ptr */
937 ptr += (hostname_dn_len + 1);
938
939 /* check if there is enough room for query hostname*/
940 if (ptr + sizeof(struct dns_question) >= bufend)
941 return -1;
942
943 /* set up query info (type and class) */
944 qinfo = (struct dns_question *)ptr;
945 qinfo->qtype = htons(query_type);
946 qinfo->qclass = htons(DNS_RCLASS_IN);
947
948 ptr += sizeof(struct dns_question);
949
950 return ptr - buf;
951}
952
953/*
954 * turn a string into domain name label:
955 * www.haproxy.org into 3www7haproxy3org
956 * if dn memory is pre-allocated, you must provide its size in dn_len
957 * if dn memory isn't allocated, dn_len must be set to 0.
958 * In the second case, memory will be allocated.
959 * in case of error, -1 is returned, otherwise, number of bytes copied in dn
960 */
Willy Tarreau2100b492015-07-22 16:42:43 +0200[diff] [blame]961char *dns_str_to_dn_label(const char *string, char *dn, int dn_len)
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]962{
963 char *c, *d;
964 int i, offset;
965
966 /* offset between string size and theorical dn size */
967 offset = 1;
968
969 /*
970 * first, get the size of the string turned into its domain name version
971 * This function also validates the string respect the RFC
972 */
973 if ((i = dns_str_to_dn_label_len(string)) == -1)
974 return NULL;
975
976 /* yes, so let's check there is enough memory */
977 if (dn_len < i + offset)
978 return NULL;
979
Willy Tarreaud69d6f32015-07-22 16:45:36 +0200[diff] [blame]980 i = strlen(string);
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]981 memcpy(dn + offset, string, i);
982 dn[i + offset] = '\0';
983 /* avoid a '\0' at the beginning of dn string which may prevent the for loop
984 * below from working.
985 * Actually, this is the reason of the offset. */
986 dn[0] = '0';
987
988 for (c = dn; *c ; ++c) {
989 /* c points to the first '0' char or a dot, which we don't want to read */
990 d = c + offset;
991 i = 0;
992 while (*d != '.' && *d) {
993 i++;
994 d++;
995 }
996 *c = i;
997
998 c = d - 1; /* because of c++ of the for loop */
999 }
1000
1001 return dn;
1002}
1003
1004/*
1005 * compute and return the length of <string> it it were translated into domain name
1006 * label:
1007 * www.haproxy.org into 3www7haproxy3org would return 16
1008 * NOTE: add +1 for '\0' when allocating memory ;)
1009 */
1010int dns_str_to_dn_label_len(const char *string)
1011{
1012 return strlen(string) + 1;
1013}
1014
1015/*
1016 * validates host name:
1017 * - total size
1018 * - each label size individually
1019 * returns:
1020 * 0 in case of error. If <err> is not NULL, an error message is stored there.
1021 * 1 when no error. <err> is left unaffected.
1022 */
1023int dns_hostname_validation(const char *string, char **err)
1024{
1025 const char *c, *d;
1026 int i;
1027
1028 if (strlen(string) > DNS_MAX_NAME_SIZE) {
1029 if (err)
1030 *err = DNS_TOO_LONG_FQDN;
1031 return 0;
1032 }
1033
1034 c = string;
1035 while (*c) {
1036 d = c;
1037
1038 i = 0;
1039 while (*d != '.' && *d && i <= DNS_MAX_LABEL_SIZE) {
1040 i++;
1041 if (!((*d == '-') || (*d == '_') ||
1042 ((*d >= 'a') && (*d <= 'z')) ||
1043 ((*d >= 'A') && (*d <= 'Z')) ||
1044 ((*d >= '0') && (*d <= '9')))) {
1045 if (err)
1046 *err = DNS_INVALID_CHARACTER;
1047 return 0;
1048 }
1049 d++;
1050 }
1051
1052 if ((i >= DNS_MAX_LABEL_SIZE) && (d[i] != '.')) {
1053 if (err)
1054 *err = DNS_LABEL_TOO_LONG;
1055 return 0;
1056 }
1057
1058 if (*d == '\0')
1059 goto out;
1060
1061 c = ++d;
1062 }
1063 out:
1064 return 1;
1065}
1066
1067/*
1068 * 2 bytes random generator to generate DNS query ID
1069 */
1070uint16_t dns_rnd16(void)
1071{
1072 dns_query_id_seed ^= dns_query_id_seed << 13;
1073 dns_query_id_seed ^= dns_query_id_seed >> 7;
1074 dns_query_id_seed ^= dns_query_id_seed << 17;
1075 return dns_query_id_seed;
1076}
1077
1078
1079/*
1080 * function called when a timeout occurs during name resolution process
1081 * if max number of tries is reached, then stop, otherwise, retry.
1082 */
1083struct task *dns_process_resolve(struct task *t)
1084{
1085 struct dns_resolvers *resolvers = t->context;
1086 struct dns_resolution *resolution, *res_back;
1087
1088 /* timeout occurs inevitably for the first element of the FIFO queue */
1089 if (LIST_ISEMPTY(&resolvers->curr_resolution)) {
1090 /* no first entry, so wake up was useless */
1091 t->expire = TICK_ETERNITY;
1092 return t;
1093 }
1094
1095 /* look for the first resolution which is not expired */
1096 list_for_each_entry_safe(resolution, res_back, &resolvers->curr_resolution, list) {
1097 /* when we find the first resolution in the future, then we can stop here */
1098 if (tick_is_le(now_ms, resolution->last_sent_packet))
1099 goto out;
1100
1101 /*
1102 * if current resolution has been tried too many times and finishes in timeout
1103 * we update its status and remove it from the list
1104 */
Baptiste Assmannf778bb42015-09-09 00:54:38 +0200[diff] [blame]1105 if (resolution->try <= 0) {
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]1106 /* clean up resolution information and remove from the list */
1107 dns_reset_resolution(resolution);
1108
1109 /* notify the result to the requester */
1110 resolution->requester_error_cb(resolution, DNS_RESP_TIMEOUT);
1111 }
1112
Baptiste Assmannf778bb42015-09-09 00:54:38 +0200[diff] [blame]1113 resolution->try -= 1;
1114
Baptiste Assmann325137d2015-04-13 23:40:55 +0200[diff] [blame]1115 /* check current resolution status */
1116 if (resolution->step == RSLV_STEP_RUNNING) {
1117 /* resend the DNS query */
1118 dns_send_query(resolution);
1119
1120 /* check if we have more than one resolution in the list */
1121 if (dns_check_resolution_queue(resolvers) > 1) {
1122 /* move the rsolution to the end of the list */
1123 LIST_DEL(&resolution->list);
1124 LIST_ADDQ(&resolvers->curr_resolution, &resolution->list);
1125 }
1126 }
1127 }
1128
1129 out:
1130 dns_update_resolvers_timeout(resolvers);
1131 return t;
1132}