resolved-dns-cache.c revision 7778dffff3d8bd7438fe19a248c16203668324c9
/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
/***
This file is part of systemd.
Copyright 2014 Lennart Poettering
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
#include "alloc-util.h"
#include "dns-domain.h"
#include "resolved-dns-cache.h"
#include "resolved-dns-packet.h"
#include "string-util.h"
/* Never cache more than 1K entries */
#define CACHE_MAX 1024
/* We never keep any item longer than 10min in our cache */
typedef enum DnsCacheItemType DnsCacheItemType;
typedef struct DnsCacheItem DnsCacheItem;
enum DnsCacheItemType {
};
struct DnsCacheItem {
unsigned prioq_idx;
bool authenticated;
int owner_family;
union in_addr_union owner_address;
};
static void dns_cache_item_free(DnsCacheItem *i) {
if (!i)
return;
free(i);
}
assert(c);
if (!i)
return;
if (first)
else
}
void dns_cache_flush(DnsCache *c) {
DnsCacheItem *i;
assert(c);
while ((i = hashmap_first(c->by_key)))
}
DnsCacheItem *i;
bool exist = false;
assert(c);
exist = true;
}
return exist;
}
assert(c);
if (add <= 0)
return;
/* Makes space for n new entries. Note that we actually allow
* the cache to grow beyond CACHE_MAX, but only when we shall
* add more RRs to the cache than CACHE_MAX at once. In that
* case the cache will be emptied completely otherwise. */
for (;;) {
DnsCacheItem *i;
if (prioq_size(c->by_expiry) <= 0)
break;
break;
i = prioq_peek(c->by_expiry);
assert(i);
/* Take an extra reference to the key so that it
* doesn't go away in the middle of the remove call */
dns_cache_remove(c, key);
}
}
void dns_cache_prune(DnsCache *c) {
usec_t t = 0;
assert(c);
/* Remove all entries that are past their TTL */
for (;;) {
DnsCacheItem *i;
i = prioq_peek(c->by_expiry);
if (!i)
break;
if (t <= 0)
t = now(clock_boottime_or_monotonic());
if (i->until > t)
break;
/* Take an extra reference to the key so that it
* doesn't go away in the middle of the remove call */
dns_cache_remove(c, key);
}
}
static int dns_cache_item_prioq_compare_func(const void *a, const void *b) {
const DnsCacheItem *x = a, *y = b;
return -1;
return 1;
return 0;
}
static int dns_cache_init(DnsCache *c) {
int r;
assert(c);
if (r < 0)
return r;
if (r < 0)
return r;
return r;
}
int r;
assert(c);
assert(i);
if (r < 0)
return r;
if (first) {
} else {
if (r < 0) {
return r;
}
}
return 0;
}
DnsCacheItem *i;
assert(c);
return i;
return NULL;
}
static void dns_cache_item_update_positive(DnsCache *c, DnsCacheItem *i, DnsResourceRecord *rr, bool authenticated, usec_t timestamp) {
assert(c);
assert(i);
i->type = DNS_CACHE_POSITIVE;
if (!i->by_key_prev)
/* We are the first item in the list, we need to
* update the key used in the hashmap */
i->authenticated = authenticated;
}
static int dns_cache_put_positive(
DnsCache *c,
bool authenticated,
int owner_family,
const union in_addr_union *owner_address) {
int r;
assert(c);
/* New TTL is 0? Delete the entry... */
if (r < 0)
return r;
else
return 0;
}
return 0;
return 0;
/* Entry exists already? Update TTL and timestamp */
if (existing) {
return 0;
}
/* Otherwise, add the new RR */
r = dns_cache_init(c);
if (r < 0)
return r;
dns_cache_make_space(c, 1);
if (!i)
return -ENOMEM;
i->type = DNS_CACHE_POSITIVE;
i->prioq_idx = PRIOQ_IDX_NULL;
i->owner_family = owner_family;
i->owner_address = *owner_address;
i->authenticated = authenticated;
r = dns_cache_link_item(c, i);
if (r < 0)
return r;
if (r < 0)
return r;
i = NULL;
return 0;
}
static int dns_cache_put_negative(
DnsCache *c,
int rcode,
bool authenticated,
int owner_family,
const union in_addr_union *owner_address) {
int r;
assert(c);
dns_cache_remove(c, key);
return 0;
return 0;
if (soa_ttl <= 0) {
if (r < 0)
return r;
return 0;
}
return 0;
r = dns_cache_init(c);
if (r < 0)
return r;
dns_cache_make_space(c, 1);
if (!i)
return -ENOMEM;
i->prioq_idx = PRIOQ_IDX_NULL;
i->owner_family = owner_family;
i->owner_address = *owner_address;
i->authenticated = authenticated;
r = dns_cache_link_item(c, i);
if (r < 0)
return r;
if (r < 0)
return r;
log_debug("Added %s cache entry for %s", i->type == DNS_CACHE_NODATA ? "NODATA" : "NXDOMAIN", key_str);
i = NULL;
return 0;
}
int dns_cache_put(
DnsCache *c,
int rcode,
unsigned max_rrs,
bool authenticated,
int owner_family,
const union in_addr_union *owner_address) {
unsigned cache_keys, i;
int r;
assert(c);
if (key) {
/* First, if we were passed a key, delete all matching old RRs,
* so that we only keep complete by_key in place. */
dns_cache_remove(c, key);
}
if (!answer)
return 0;
/* We only care for positive replies and NXDOMAINs, on all
* other replies we will simply flush the respective entries,
* and that's it */
return 0;
if (key)
cache_keys ++;
/* Make some space for our new entries */
if (timestamp <= 0)
/* Second, add in positive entries for all contained RRs */
if (r < 0)
goto fail;
}
if (!key)
return 0;
/* Third, add in negative entries if the key has no RR */
if (r < 0)
goto fail;
if (r > 0)
return 0;
/* See https://tools.ietf.org/html/rfc2308, which
* say that a matching SOA record in the packet
* is used to to enable negative caching. */
if (r < 0)
goto fail;
if (r == 0)
return 0;
/* Also, if the requested key is an alias, the negative response should
be cached for each name in the redirect chain. Any CNAME record in
the response is from the redirection chain, though only the final one
is guaranteed to be included. This means that we cannot verify the
chain and that we need to cache them all as it may be incomplete. */
if (!canonical_key)
goto fail;
/* Let's not add negative cache entries for records outside the current zone. */
continue;
r = dns_cache_put_negative(c, canonical_key, rcode, authenticated, timestamp, MIN(soa->soa.minimum, soa->ttl), owner_family, owner_address);
if (r < 0)
goto fail;
}
}
r = dns_cache_put_negative(c, key, rcode, authenticated, timestamp, MIN(soa->soa.minimum, soa->ttl), owner_family, owner_address);
if (r < 0)
goto fail;
return 0;
fail:
/* Adding all RRs failed. Let's clean up what we already
* added, just in case */
if (key)
dns_cache_remove(c, key);
return r;
}
DnsCacheItem *i;
const char *n;
int r;
assert(c);
assert(k);
/* If we hit some OOM error, or suchlike, we don't care too
* much, after all this is just a cache */
i = hashmap_get(c->by_key, k);
return i;
n = DNS_RESOURCE_KEY_NAME(k);
/* Check if we have an NSEC record instead for the name. */
if (i)
return i;
/* Check if we have a CNAME record instead */
if (i)
return i;
/* OK, let's look for cached DNAME records. */
for (;;) {
char label[DNS_LABEL_MAX];
if (isempty(n))
return NULL;
if (i)
return i;
/* Jump one label ahead */
if (r <= 0)
return NULL;
}
return NULL;
}
int dns_cache_lookup(DnsCache *c, DnsResourceKey *key, int *rcode, DnsAnswer **ret, bool *authenticated) {
unsigned n = 0;
int r;
bool nxdomain = false;
bool have_authenticated = false, have_non_authenticated = false;
assert(c);
/* If we have ANY lookups we don't use the cache, so
* that the caller refreshes via the network. */
if (r < 0)
return r;
return 0;
}
if (!first) {
/* If one question cannot be answered we need to refresh */
if (r < 0)
return r;
return 0;
}
if (j->rr) {
nsec = j;
n++;
} else if (j->type == DNS_CACHE_NXDOMAIN)
nxdomain = true;
if (j->authenticated)
have_authenticated = true;
else
have_non_authenticated = true;
}
if (r < 0)
return r;
/* We only found an NSEC record that matches our name.
* If it says the type doesn't exit report
* NODATA. Otherwise report a cache miss. */
}
log_debug("%s cache hit for %s",
n > 0 ? "Positive" :
key_str);
if (n <= 0) {
return 1;
}
answer = dns_answer_new(n);
if (!answer)
return -ENOMEM;
if (!j->rr)
continue;
if (r < 0)
return r;
}
return n;
}
int dns_cache_check_conflicts(DnsCache *cache, DnsResourceRecord *rr, int owner_family, const union in_addr_union *owner_address) {
DnsCacheItem *i, *first;
bool same_owner = true;
/* See if there's a cache entry for the same key. If there
* isn't there's no conflict */
if (!first)
return 0;
/* See if the RR key is owned by the same owner, if so, there
* isn't a conflict either */
if (i->owner_family != owner_family ||
same_owner = false;
break;
}
}
if (same_owner)
return 0;
/* See if there's the exact same RR in the cache. If yes, then
* there's no conflict. */
return 0;
/* There's a conflict */
return 1;
}
unsigned ancount = 0;
DnsCacheItem *i;
int r;
DnsCacheItem *j;
LIST_FOREACH(by_key, j, i) {
_cleanup_free_ char *t = NULL;
if (!j->rr)
continue;
continue;
if (r < 0)
return r;
ancount ++;
}
}
return 0;
}
DnsCacheItem *i;
int r;
if (!cache)
return;
if (!f)
f = stdout;
DnsCacheItem *j;
LIST_FOREACH(by_key, j, i) {
_cleanup_free_ char *t = NULL;
fputc('\t', f);
if (j->rr) {
r = dns_resource_record_to_string(j->rr, &t);
if (r < 0) {
log_oom();
continue;
}
fputs(t, f);
fputc('\n', f);
} else {
r = dns_resource_key_to_string(j->key, &t);
if (r < 0) {
log_oom();
continue;
}
fputs(t, f);
fputs(" -- ", f);
fputc('\n', f);
}
}
}
}
if (!cache)
return true;
}