]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
74b2466e | 2 | |
01234e1f | 3 | #include <linux/if.h> |
01234e1f | 4 | #include <unistd.h> |
74b2466e LP |
5 | |
6 | #include "sd-network.h" | |
07630cea | 7 | |
b5efdb8a | 8 | #include "alloc-util.h" |
686d13b9 | 9 | #include "env-file.h" |
943ef07c LP |
10 | #include "fd-util.h" |
11 | #include "fileio.h" | |
603192b2 | 12 | #include "log-link.h" |
943ef07c | 13 | #include "mkdir.h" |
6bedfcbb | 14 | #include "parse-util.h" |
74b2466e | 15 | #include "resolved-link.h" |
c6a8f6f6 YW |
16 | #include "resolved-llmnr.h" |
17 | #include "resolved-mdns.h" | |
8aa5afd2 | 18 | #include "socket-netlink.h" |
07630cea LP |
19 | #include "string-util.h" |
20 | #include "strv.h" | |
e4de7287 | 21 | #include "tmpfile-util.h" |
74b2466e LP |
22 | |
23 | int link_new(Manager *m, Link **ret, int ifindex) { | |
24 | _cleanup_(link_freep) Link *l = NULL; | |
25 | int r; | |
26 | ||
27 | assert(m); | |
28 | assert(ifindex > 0); | |
29 | ||
d5099efc | 30 | r = hashmap_ensure_allocated(&m->links, NULL); |
74b2466e LP |
31 | if (r < 0) |
32 | return r; | |
33 | ||
ca5394d2 | 34 | l = new(Link, 1); |
74b2466e LP |
35 | if (!l) |
36 | return -ENOMEM; | |
37 | ||
ca5394d2 LP |
38 | *l = (Link) { |
39 | .ifindex = ifindex, | |
40 | .default_route = -1, | |
41 | .llmnr_support = RESOLVE_SUPPORT_YES, | |
42 | .mdns_support = RESOLVE_SUPPORT_NO, | |
43 | .dnssec_mode = _DNSSEC_MODE_INVALID, | |
44 | .dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID, | |
45 | .operstate = IF_OPER_UNKNOWN, | |
46 | }; | |
74b2466e | 47 | |
943ef07c LP |
48 | if (asprintf(&l->state_file, "/run/systemd/resolve/netif/%i", ifindex) < 0) |
49 | return -ENOMEM; | |
50 | ||
74b2466e LP |
51 | r = hashmap_put(m->links, INT_TO_PTR(ifindex), l); |
52 | if (r < 0) | |
53 | return r; | |
54 | ||
55 | l->manager = m; | |
56 | ||
57 | if (ret) | |
58 | *ret = l; | |
59 | l = NULL; | |
60 | ||
61 | return 0; | |
62 | } | |
63 | ||
97e5d693 LP |
64 | void link_flush_settings(Link *l) { |
65 | assert(l); | |
66 | ||
ca5394d2 | 67 | l->default_route = -1; |
97e5d693 LP |
68 | l->llmnr_support = RESOLVE_SUPPORT_YES; |
69 | l->mdns_support = RESOLVE_SUPPORT_NO; | |
70 | l->dnssec_mode = _DNSSEC_MODE_INVALID; | |
c9299be2 | 71 | l->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID; |
97e5d693 LP |
72 | |
73 | dns_server_unlink_all(l->dns_servers); | |
74 | dns_search_domain_unlink_all(l->search_domains); | |
75 | ||
76 | l->dnssec_negative_trust_anchors = set_free_free(l->dnssec_negative_trust_anchors); | |
77 | } | |
78 | ||
74b2466e | 79 | Link *link_free(Link *l) { |
74b2466e LP |
80 | if (!l) |
81 | return NULL; | |
82 | ||
c3ae4188 DR |
83 | /* Send goodbye messages. */ |
84 | dns_scope_announce(l->mdns_ipv4_scope, true); | |
85 | dns_scope_announce(l->mdns_ipv6_scope, true); | |
86 | ||
97e5d693 | 87 | link_flush_settings(l); |
0eac4623 | 88 | |
74b2466e | 89 | while (l->addresses) |
97e5d693 | 90 | (void) link_address_free(l->addresses); |
74b2466e LP |
91 | |
92 | if (l->manager) | |
93 | hashmap_remove(l->manager->links, INT_TO_PTR(l->ifindex)); | |
94 | ||
95 | dns_scope_free(l->unicast_scope); | |
1716f6dc LP |
96 | dns_scope_free(l->llmnr_ipv4_scope); |
97 | dns_scope_free(l->llmnr_ipv6_scope); | |
b4f1862d DM |
98 | dns_scope_free(l->mdns_ipv4_scope); |
99 | dns_scope_free(l->mdns_ipv6_scope); | |
74b2466e | 100 | |
943ef07c | 101 | free(l->state_file); |
6ff79f76 | 102 | free(l->ifname); |
943ef07c | 103 | |
6b430fdb | 104 | return mfree(l); |
1716f6dc LP |
105 | } |
106 | ||
97e5d693 | 107 | void link_allocate_scopes(Link *l) { |
59c0fd0e | 108 | bool unicast_relevant; |
1716f6dc LP |
109 | int r; |
110 | ||
111 | assert(l); | |
112 | ||
59c0fd0e LP |
113 | /* If a link that used to be relevant is no longer, or a link that did not use to be relevant now becomes |
114 | * relevant, let's reinit the learnt global DNS server information, since we might talk to different servers | |
115 | * now, even if they have the same addresses as before. */ | |
116 | ||
117 | unicast_relevant = link_relevant(l, AF_UNSPEC, false); | |
118 | if (unicast_relevant != l->unicast_relevant) { | |
119 | l->unicast_relevant = unicast_relevant; | |
120 | ||
121 | dns_server_reset_features_all(l->manager->fallback_dns_servers); | |
122 | dns_server_reset_features_all(l->manager->dns_servers); | |
63b12191 LP |
123 | |
124 | /* Also, flush the global unicast scope, to deal with split horizon setups, where talking through one | |
125 | * interface reveals different DNS zones than through others. */ | |
126 | if (l->manager->unicast_scope) | |
127 | dns_cache_flush(&l->manager->unicast_scope->cache); | |
59c0fd0e LP |
128 | } |
129 | ||
130 | /* And now, allocate all scopes that makes sense now if we didn't have them yet, and drop those which we don't | |
131 | * need anymore */ | |
132 | ||
133 | if (unicast_relevant && l->dns_servers) { | |
1716f6dc | 134 | if (!l->unicast_scope) { |
59c0fd0e LP |
135 | dns_server_reset_features_all(l->dns_servers); |
136 | ||
1716f6dc LP |
137 | r = dns_scope_new(l->manager, &l->unicast_scope, l, DNS_PROTOCOL_DNS, AF_UNSPEC); |
138 | if (r < 0) | |
da927ba9 | 139 | log_warning_errno(r, "Failed to allocate DNS scope: %m"); |
1716f6dc LP |
140 | } |
141 | } else | |
142 | l->unicast_scope = dns_scope_free(l->unicast_scope); | |
143 | ||
dfc1091b | 144 | if (link_relevant(l, AF_INET, true) && |
af49ca27 LP |
145 | l->llmnr_support != RESOLVE_SUPPORT_NO && |
146 | l->manager->llmnr_support != RESOLVE_SUPPORT_NO) { | |
1716f6dc LP |
147 | if (!l->llmnr_ipv4_scope) { |
148 | r = dns_scope_new(l->manager, &l->llmnr_ipv4_scope, l, DNS_PROTOCOL_LLMNR, AF_INET); | |
149 | if (r < 0) | |
da927ba9 | 150 | log_warning_errno(r, "Failed to allocate LLMNR IPv4 scope: %m"); |
1716f6dc LP |
151 | } |
152 | } else | |
153 | l->llmnr_ipv4_scope = dns_scope_free(l->llmnr_ipv4_scope); | |
154 | ||
dfc1091b | 155 | if (link_relevant(l, AF_INET6, true) && |
af49ca27 LP |
156 | l->llmnr_support != RESOLVE_SUPPORT_NO && |
157 | l->manager->llmnr_support != RESOLVE_SUPPORT_NO && | |
db97a66a | 158 | socket_ipv6_is_supported()) { |
1716f6dc LP |
159 | if (!l->llmnr_ipv6_scope) { |
160 | r = dns_scope_new(l->manager, &l->llmnr_ipv6_scope, l, DNS_PROTOCOL_LLMNR, AF_INET6); | |
161 | if (r < 0) | |
da927ba9 | 162 | log_warning_errno(r, "Failed to allocate LLMNR IPv6 scope: %m"); |
1716f6dc LP |
163 | } |
164 | } else | |
165 | l->llmnr_ipv6_scope = dns_scope_free(l->llmnr_ipv6_scope); | |
b4f1862d | 166 | |
dfc1091b | 167 | if (link_relevant(l, AF_INET, true) && |
af49ca27 LP |
168 | l->mdns_support != RESOLVE_SUPPORT_NO && |
169 | l->manager->mdns_support != RESOLVE_SUPPORT_NO) { | |
b4f1862d DM |
170 | if (!l->mdns_ipv4_scope) { |
171 | r = dns_scope_new(l->manager, &l->mdns_ipv4_scope, l, DNS_PROTOCOL_MDNS, AF_INET); | |
172 | if (r < 0) | |
173 | log_warning_errno(r, "Failed to allocate mDNS IPv4 scope: %m"); | |
174 | } | |
175 | } else | |
176 | l->mdns_ipv4_scope = dns_scope_free(l->mdns_ipv4_scope); | |
177 | ||
dfc1091b | 178 | if (link_relevant(l, AF_INET6, true) && |
af49ca27 LP |
179 | l->mdns_support != RESOLVE_SUPPORT_NO && |
180 | l->manager->mdns_support != RESOLVE_SUPPORT_NO) { | |
b4f1862d DM |
181 | if (!l->mdns_ipv6_scope) { |
182 | r = dns_scope_new(l->manager, &l->mdns_ipv6_scope, l, DNS_PROTOCOL_MDNS, AF_INET6); | |
183 | if (r < 0) | |
184 | log_warning_errno(r, "Failed to allocate mDNS IPv6 scope: %m"); | |
185 | } | |
186 | } else | |
187 | l->mdns_ipv6_scope = dns_scope_free(l->mdns_ipv6_scope); | |
1716f6dc | 188 | } |
74b2466e | 189 | |
ec2c5e43 | 190 | void link_add_rrs(Link *l, bool force_remove) { |
623a4c97 | 191 | LinkAddress *a; |
6db6a464 | 192 | int r; |
623a4c97 LP |
193 | |
194 | LIST_FOREACH(addresses, a, l->addresses) | |
ec2c5e43 | 195 | link_address_add_rrs(a, force_remove); |
6db6a464 DR |
196 | |
197 | if (!force_remove && | |
198 | l->mdns_support == RESOLVE_SUPPORT_YES && | |
199 | l->manager->mdns_support == RESOLVE_SUPPORT_YES) { | |
200 | ||
201 | if (l->mdns_ipv4_scope) { | |
202 | r = dns_scope_add_dnssd_services(l->mdns_ipv4_scope); | |
203 | if (r < 0) | |
204 | log_warning_errno(r, "Failed to add IPv4 DNS-SD services: %m"); | |
205 | } | |
206 | ||
207 | if (l->mdns_ipv6_scope) { | |
208 | r = dns_scope_add_dnssd_services(l->mdns_ipv6_scope); | |
209 | if (r < 0) | |
210 | log_warning_errno(r, "Failed to add IPv6 DNS-SD services: %m"); | |
211 | } | |
212 | ||
213 | } else { | |
214 | ||
215 | if (l->mdns_ipv4_scope) { | |
216 | r = dns_scope_remove_dnssd_services(l->mdns_ipv4_scope); | |
217 | if (r < 0) | |
218 | log_warning_errno(r, "Failed to remove IPv4 DNS-SD services: %m"); | |
219 | } | |
220 | ||
221 | if (l->mdns_ipv6_scope) { | |
222 | r = dns_scope_remove_dnssd_services(l->mdns_ipv6_scope); | |
223 | if (r < 0) | |
224 | log_warning_errno(r, "Failed to remove IPv6 DNS-SD services: %m"); | |
225 | } | |
226 | } | |
623a4c97 LP |
227 | } |
228 | ||
943ef07c | 229 | int link_process_rtnl(Link *l, sd_netlink_message *m) { |
1716f6dc | 230 | const char *n = NULL; |
74b2466e LP |
231 | int r; |
232 | ||
233 | assert(l); | |
234 | assert(m); | |
235 | ||
236 | r = sd_rtnl_message_link_get_flags(m, &l->flags); | |
237 | if (r < 0) | |
238 | return r; | |
239 | ||
6955a3ba LP |
240 | (void) sd_netlink_message_read_u32(m, IFLA_MTU, &l->mtu); |
241 | (void) sd_netlink_message_read_u8(m, IFLA_OPERSTATE, &l->operstate); | |
1716f6dc | 242 | |
1c4baffc | 243 | if (sd_netlink_message_read_string(m, IFLA_IFNAME, &n) >= 0) { |
6ff79f76 YW |
244 | r = free_and_strdup(&l->ifname, n); |
245 | if (r < 0) | |
246 | return r; | |
1716f6dc LP |
247 | } |
248 | ||
249 | link_allocate_scopes(l); | |
ec2c5e43 | 250 | link_add_rrs(l, false); |
623a4c97 | 251 | |
74b2466e LP |
252 | return 0; |
253 | } | |
254 | ||
8aa5afd2 YW |
255 | static int link_update_dns_server_one(Link *l, const char *str) { |
256 | _cleanup_free_ char *name = NULL; | |
257 | int family, ifindex, r; | |
55e99f20 LP |
258 | union in_addr_union a; |
259 | DnsServer *s; | |
8aa5afd2 | 260 | uint16_t port; |
55e99f20 LP |
261 | |
262 | assert(l); | |
8aa5afd2 | 263 | assert(str); |
55e99f20 | 264 | |
8aa5afd2 | 265 | r = in_addr_port_ifindex_name_from_string_auto(str, &family, &a, &port, &ifindex, &name); |
55e99f20 LP |
266 | if (r < 0) |
267 | return r; | |
268 | ||
8aa5afd2 YW |
269 | if (ifindex != 0 && ifindex != l->ifindex) |
270 | return -EINVAL; | |
271 | ||
272 | /* By default, the port number is determined with the transaction feature level. | |
273 | * See dns_transaction_port() and dns_server_port(). */ | |
274 | if (IN_SET(port, 53, 853)) | |
275 | port = 0; | |
276 | ||
277 | s = dns_server_find(l->dns_servers, family, &a, port, 0, name); | |
55e99f20 LP |
278 | if (s) { |
279 | dns_server_move_back_and_unmark(s); | |
280 | return 0; | |
281 | } | |
282 | ||
8aa5afd2 | 283 | return dns_server_new(l->manager, NULL, DNS_SERVER_LINK, l, family, &a, port, 0, name); |
55e99f20 LP |
284 | } |
285 | ||
6073b6f2 | 286 | static int link_update_dns_servers(Link *l) { |
6f4dedb2 TG |
287 | _cleanup_strv_free_ char **nameservers = NULL; |
288 | char **nameserver; | |
6f4dedb2 | 289 | int r; |
74b2466e LP |
290 | |
291 | assert(l); | |
292 | ||
d6731e4c | 293 | r = sd_network_link_get_dns(l->ifindex, &nameservers); |
1ade96e9 LP |
294 | if (r == -ENODATA) { |
295 | r = 0; | |
296 | goto clear; | |
297 | } | |
6f4dedb2 | 298 | if (r < 0) |
74b2466e | 299 | goto clear; |
74b2466e | 300 | |
4b95f179 | 301 | dns_server_mark_all(l->dns_servers); |
5cb36f41 | 302 | |
6f4dedb2 | 303 | STRV_FOREACH(nameserver, nameservers) { |
55e99f20 | 304 | r = link_update_dns_server_one(l, *nameserver); |
6f4dedb2 TG |
305 | if (r < 0) |
306 | goto clear; | |
74b2466e LP |
307 | } |
308 | ||
4b95f179 | 309 | dns_server_unlink_marked(l->dns_servers); |
74b2466e LP |
310 | return 0; |
311 | ||
312 | clear: | |
4b95f179 | 313 | dns_server_unlink_all(l->dns_servers); |
74b2466e LP |
314 | return r; |
315 | } | |
316 | ||
fdb4d313 LP |
317 | static int link_update_default_route(Link *l) { |
318 | int r; | |
319 | ||
320 | assert(l); | |
321 | ||
322 | r = sd_network_link_get_dns_default_route(l->ifindex); | |
323 | if (r == -ENODATA) { | |
324 | r = 0; | |
325 | goto clear; | |
326 | } | |
327 | if (r < 0) | |
328 | goto clear; | |
329 | ||
330 | l->default_route = r > 0; | |
331 | return 0; | |
332 | ||
333 | clear: | |
334 | l->default_route = -1; | |
335 | return r; | |
336 | } | |
337 | ||
19b50b5b LP |
338 | static int link_update_llmnr_support(Link *l) { |
339 | _cleanup_free_ char *b = NULL; | |
340 | int r; | |
341 | ||
342 | assert(l); | |
343 | ||
d6731e4c | 344 | r = sd_network_link_get_llmnr(l->ifindex, &b); |
1ade96e9 LP |
345 | if (r == -ENODATA) { |
346 | r = 0; | |
347 | goto clear; | |
348 | } | |
19b50b5b LP |
349 | if (r < 0) |
350 | goto clear; | |
351 | ||
af49ca27 LP |
352 | l->llmnr_support = resolve_support_from_string(b); |
353 | if (l->llmnr_support < 0) { | |
354 | r = -EINVAL; | |
355 | goto clear; | |
356 | } | |
19b50b5b LP |
357 | |
358 | return 0; | |
359 | ||
360 | clear: | |
af49ca27 | 361 | l->llmnr_support = RESOLVE_SUPPORT_YES; |
19b50b5b LP |
362 | return r; |
363 | } | |
364 | ||
aaa297d4 LP |
365 | static int link_update_mdns_support(Link *l) { |
366 | _cleanup_free_ char *b = NULL; | |
367 | int r; | |
368 | ||
369 | assert(l); | |
370 | ||
371 | r = sd_network_link_get_mdns(l->ifindex, &b); | |
372 | if (r == -ENODATA) { | |
373 | r = 0; | |
374 | goto clear; | |
375 | } | |
376 | if (r < 0) | |
377 | goto clear; | |
378 | ||
379 | l->mdns_support = resolve_support_from_string(b); | |
380 | if (l->mdns_support < 0) { | |
381 | r = -EINVAL; | |
382 | goto clear; | |
383 | } | |
384 | ||
385 | return 0; | |
386 | ||
387 | clear: | |
388 | l->mdns_support = RESOLVE_SUPPORT_NO; | |
389 | return r; | |
390 | } | |
391 | ||
c9299be2 | 392 | void link_set_dns_over_tls_mode(Link *l, DnsOverTlsMode mode) { |
d050561a IT |
393 | |
394 | assert(l); | |
395 | ||
56ddbf10 | 396 | #if ! ENABLE_DNS_OVER_TLS |
c9299be2 | 397 | if (mode != DNS_OVER_TLS_NO) |
4310bfc2 | 398 | log_warning("DNS-over-TLS option for the link cannot be enabled or set to opportunistic when systemd-resolved is built without DNS-over-TLS support. Turning off DNS-over-TLS support."); |
d050561a IT |
399 | return; |
400 | #endif | |
401 | ||
c9299be2 | 402 | l->dns_over_tls_mode = mode; |
d050561a IT |
403 | } |
404 | ||
c9299be2 | 405 | static int link_update_dns_over_tls_mode(Link *l) { |
d050561a IT |
406 | _cleanup_free_ char *b = NULL; |
407 | int r; | |
408 | ||
409 | assert(l); | |
410 | ||
c9299be2 | 411 | r = sd_network_link_get_dns_over_tls(l->ifindex, &b); |
d050561a IT |
412 | if (r == -ENODATA) { |
413 | r = 0; | |
414 | goto clear; | |
415 | } | |
416 | if (r < 0) | |
417 | goto clear; | |
418 | ||
c9299be2 IT |
419 | l->dns_over_tls_mode = dns_over_tls_mode_from_string(b); |
420 | if (l->dns_over_tls_mode < 0) { | |
d050561a IT |
421 | r = -EINVAL; |
422 | goto clear; | |
423 | } | |
424 | ||
425 | return 0; | |
426 | ||
427 | clear: | |
c9299be2 | 428 | l->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID; |
d050561a IT |
429 | return r; |
430 | } | |
431 | ||
97e5d693 LP |
432 | void link_set_dnssec_mode(Link *l, DnssecMode mode) { |
433 | ||
434 | assert(l); | |
435 | ||
349cc4a5 | 436 | #if ! HAVE_GCRYPT |
3742095b | 437 | if (IN_SET(mode, DNSSEC_YES, DNSSEC_ALLOW_DOWNGRADE)) |
42303dcb YW |
438 | log_warning("DNSSEC option for the link cannot be enabled or set to allow-downgrade when systemd-resolved is built without gcrypt support. Turning off DNSSEC support."); |
439 | return; | |
440 | #endif | |
441 | ||
97e5d693 LP |
442 | if (l->dnssec_mode == mode) |
443 | return; | |
444 | ||
445 | if ((l->dnssec_mode == _DNSSEC_MODE_INVALID) || | |
446 | (l->dnssec_mode == DNSSEC_NO && mode != DNSSEC_NO) || | |
447 | (l->dnssec_mode == DNSSEC_ALLOW_DOWNGRADE && mode == DNSSEC_YES)) { | |
448 | ||
449 | /* When switching from non-DNSSEC mode to DNSSEC mode, flush the cache. Also when switching from the | |
450 | * allow-downgrade mode to full DNSSEC mode, flush it too. */ | |
451 | if (l->unicast_scope) | |
452 | dns_cache_flush(&l->unicast_scope->cache); | |
453 | } | |
454 | ||
455 | l->dnssec_mode = mode; | |
456 | } | |
457 | ||
ad6c0475 LP |
458 | static int link_update_dnssec_mode(Link *l) { |
459 | _cleanup_free_ char *m = NULL; | |
2e1bab34 | 460 | DnssecMode mode; |
ad6c0475 LP |
461 | int r; |
462 | ||
463 | assert(l); | |
464 | ||
465 | r = sd_network_link_get_dnssec(l->ifindex, &m); | |
466 | if (r == -ENODATA) { | |
467 | r = 0; | |
468 | goto clear; | |
469 | } | |
470 | if (r < 0) | |
471 | goto clear; | |
472 | ||
2e1bab34 LP |
473 | mode = dnssec_mode_from_string(m); |
474 | if (mode < 0) { | |
ad6c0475 LP |
475 | r = -EINVAL; |
476 | goto clear; | |
477 | } | |
478 | ||
97e5d693 | 479 | link_set_dnssec_mode(l, mode); |
2e1bab34 | 480 | |
ad6c0475 LP |
481 | return 0; |
482 | ||
483 | clear: | |
484 | l->dnssec_mode = _DNSSEC_MODE_INVALID; | |
485 | return r; | |
486 | } | |
487 | ||
8a516214 LP |
488 | static int link_update_dnssec_negative_trust_anchors(Link *l) { |
489 | _cleanup_strv_free_ char **ntas = NULL; | |
490 | _cleanup_set_free_free_ Set *ns = NULL; | |
8a516214 LP |
491 | int r; |
492 | ||
493 | assert(l); | |
494 | ||
495 | r = sd_network_link_get_dnssec_negative_trust_anchors(l->ifindex, &ntas); | |
496 | if (r == -ENODATA) { | |
497 | r = 0; | |
498 | goto clear; | |
499 | } | |
500 | if (r < 0) | |
501 | goto clear; | |
502 | ||
503 | ns = set_new(&dns_name_hash_ops); | |
504 | if (!ns) | |
505 | return -ENOMEM; | |
506 | ||
be327321 | 507 | r = set_put_strdupv(&ns, ntas); |
39f259e0 LP |
508 | if (r < 0) |
509 | return r; | |
8a516214 LP |
510 | |
511 | set_free_free(l->dnssec_negative_trust_anchors); | |
ae2a15bc | 512 | l->dnssec_negative_trust_anchors = TAKE_PTR(ns); |
8a516214 LP |
513 | |
514 | return 0; | |
515 | ||
516 | clear: | |
517 | l->dnssec_negative_trust_anchors = set_free_free(l->dnssec_negative_trust_anchors); | |
518 | return r; | |
519 | } | |
520 | ||
ad44b56b LP |
521 | static int link_update_search_domain_one(Link *l, const char *name, bool route_only) { |
522 | DnsSearchDomain *d; | |
523 | int r; | |
524 | ||
39f259e0 LP |
525 | assert(l); |
526 | assert(name); | |
527 | ||
ad44b56b LP |
528 | r = dns_search_domain_find(l->search_domains, name, &d); |
529 | if (r < 0) | |
530 | return r; | |
531 | if (r > 0) | |
532 | dns_search_domain_move_back_and_unmark(d); | |
533 | else { | |
534 | r = dns_search_domain_new(l->manager, &d, DNS_SEARCH_DOMAIN_LINK, l, name); | |
535 | if (r < 0) | |
536 | return r; | |
537 | } | |
538 | ||
539 | d->route_only = route_only; | |
540 | return 0; | |
541 | } | |
542 | ||
a51c1048 | 543 | static int link_update_search_domains(Link *l) { |
ad44b56b | 544 | _cleanup_strv_free_ char **sdomains = NULL, **rdomains = NULL; |
a51c1048 | 545 | char **i; |
ad44b56b | 546 | int r, q; |
bda2c408 | 547 | |
a51c1048 | 548 | assert(l); |
bda2c408 | 549 | |
ad44b56b LP |
550 | r = sd_network_link_get_search_domains(l->ifindex, &sdomains); |
551 | if (r < 0 && r != -ENODATA) | |
552 | goto clear; | |
553 | ||
554 | q = sd_network_link_get_route_domains(l->ifindex, &rdomains); | |
555 | if (q < 0 && q != -ENODATA) { | |
556 | r = q; | |
557 | goto clear; | |
558 | } | |
559 | ||
560 | if (r == -ENODATA && q == -ENODATA) { | |
1ade96e9 LP |
561 | /* networkd knows nothing about this interface, and that's fine. */ |
562 | r = 0; | |
563 | goto clear; | |
564 | } | |
a51c1048 LP |
565 | |
566 | dns_search_domain_mark_all(l->search_domains); | |
567 | ||
ad44b56b LP |
568 | STRV_FOREACH(i, sdomains) { |
569 | r = link_update_search_domain_one(l, *i, false); | |
a51c1048 LP |
570 | if (r < 0) |
571 | goto clear; | |
ad44b56b | 572 | } |
a51c1048 | 573 | |
ad44b56b LP |
574 | STRV_FOREACH(i, rdomains) { |
575 | r = link_update_search_domain_one(l, *i, true); | |
576 | if (r < 0) | |
577 | goto clear; | |
a51c1048 LP |
578 | } |
579 | ||
580 | dns_search_domain_unlink_marked(l->search_domains); | |
bda2c408 | 581 | return 0; |
a51c1048 LP |
582 | |
583 | clear: | |
584 | dns_search_domain_unlink_all(l->search_domains); | |
585 | return r; | |
bda2c408 TG |
586 | } |
587 | ||
b6274a0e | 588 | static int link_is_managed(Link *l) { |
97e5d693 | 589 | _cleanup_free_ char *state = NULL; |
a51c1048 LP |
590 | int r; |
591 | ||
74b2466e LP |
592 | assert(l); |
593 | ||
97e5d693 LP |
594 | r = sd_network_link_get_setup_state(l->ifindex, &state); |
595 | if (r == -ENODATA) | |
b6274a0e | 596 | return 0; |
97e5d693 LP |
597 | if (r < 0) |
598 | return r; | |
599 | ||
b6274a0e | 600 | return !STR_IN_SET(state, "pending", "unmanaged"); |
97e5d693 LP |
601 | } |
602 | ||
603 | static void link_read_settings(Link *l) { | |
604 | int r; | |
605 | ||
606 | assert(l); | |
607 | ||
608 | /* Read settings from networkd, except when networkd is not managing this interface. */ | |
609 | ||
b6274a0e | 610 | r = link_is_managed(l); |
97e5d693 | 611 | if (r < 0) { |
603192b2 | 612 | log_link_warning_errno(l, r, "Failed to determine whether the interface is managed: %m"); |
97e5d693 LP |
613 | return; |
614 | } | |
b6274a0e | 615 | if (r == 0) { |
97e5d693 | 616 | |
ccddd104 | 617 | /* If this link used to be managed, but is now unmanaged, flush all our settings — but only once. */ |
97e5d693 LP |
618 | if (l->is_managed) |
619 | link_flush_settings(l); | |
620 | ||
621 | l->is_managed = false; | |
622 | return; | |
623 | } | |
624 | ||
625 | l->is_managed = true; | |
626 | ||
125ae29d LP |
627 | r = link_update_dns_servers(l); |
628 | if (r < 0) | |
603192b2 | 629 | log_link_warning_errno(l, r, "Failed to read DNS servers for the interface, ignoring: %m"); |
125ae29d LP |
630 | |
631 | r = link_update_llmnr_support(l); | |
632 | if (r < 0) | |
603192b2 | 633 | log_link_warning_errno(l, r, "Failed to read LLMNR support for the interface, ignoring: %m"); |
125ae29d LP |
634 | |
635 | r = link_update_mdns_support(l); | |
636 | if (r < 0) | |
603192b2 | 637 | log_link_warning_errno(l, r, "Failed to read mDNS support for the interface, ignoring: %m"); |
125ae29d | 638 | |
c9299be2 | 639 | r = link_update_dns_over_tls_mode(l); |
d050561a | 640 | if (r < 0) |
603192b2 | 641 | log_link_warning_errno(l, r, "Failed to read DNS-over-TLS mode for the interface, ignoring: %m"); |
d050561a | 642 | |
ad6c0475 LP |
643 | r = link_update_dnssec_mode(l); |
644 | if (r < 0) | |
603192b2 | 645 | log_link_warning_errno(l, r, "Failed to read DNSSEC mode for the interface, ignoring: %m"); |
a51c1048 | 646 | |
8a516214 LP |
647 | r = link_update_dnssec_negative_trust_anchors(l); |
648 | if (r < 0) | |
603192b2 | 649 | log_link_warning_errno(l, r, "Failed to read DNSSEC negative trust anchors for the interface, ignoring: %m"); |
8a516214 | 650 | |
a51c1048 LP |
651 | r = link_update_search_domains(l); |
652 | if (r < 0) | |
603192b2 | 653 | log_link_warning_errno(l, r, "Failed to read search domains for the interface, ignoring: %m"); |
fdb4d313 LP |
654 | |
655 | r = link_update_default_route(l); | |
656 | if (r < 0) | |
603192b2 | 657 | log_link_warning_errno(l, r, "Failed to read default route setting for the interface, proceeding anyway: %m"); |
97e5d693 LP |
658 | } |
659 | ||
943ef07c | 660 | int link_update(Link *l) { |
c6a8f6f6 YW |
661 | int r; |
662 | ||
97e5d693 | 663 | assert(l); |
a51c1048 | 664 | |
97e5d693 | 665 | link_read_settings(l); |
cbe194b3 YW |
666 | r = link_load_user(l); |
667 | if (r < 0) | |
668 | return r; | |
c6a8f6f6 YW |
669 | |
670 | if (l->llmnr_support != RESOLVE_SUPPORT_NO) { | |
671 | r = manager_llmnr_start(l->manager); | |
672 | if (r < 0) | |
673 | return r; | |
674 | } | |
675 | ||
676 | if (l->mdns_support != RESOLVE_SUPPORT_NO) { | |
677 | r = manager_mdns_start(l->manager); | |
678 | if (r < 0) | |
679 | return r; | |
680 | } | |
681 | ||
ad6c0475 | 682 | link_allocate_scopes(l); |
ec2c5e43 | 683 | link_add_rrs(l, false); |
74b2466e LP |
684 | |
685 | return 0; | |
686 | } | |
687 | ||
011696f7 | 688 | bool link_relevant(Link *l, int family, bool local_multicast) { |
1716f6dc | 689 | _cleanup_free_ char *state = NULL; |
74b2466e LP |
690 | LinkAddress *a; |
691 | ||
692 | assert(l); | |
693 | ||
c1edab7a | 694 | /* A link is relevant for local multicast traffic if it isn't a loopback device, has a link |
011696f7 LP |
695 | * beat, can do multicast and has at least one link-local (or better) IP address. |
696 | * | |
697 | * A link is relevant for non-multicast traffic if it isn't a loopback device, has a link beat, and has at | |
13e785f7 | 698 | * least one routable address. */ |
ec2c5e43 | 699 | |
dfc1091b | 700 | if (l->flags & (IFF_LOOPBACK|IFF_DORMANT)) |
ec2c5e43 | 701 | return false; |
74b2466e | 702 | |
dfc1091b | 703 | if ((l->flags & (IFF_UP|IFF_LOWER_UP)) != (IFF_UP|IFF_LOWER_UP)) |
74b2466e LP |
704 | return false; |
705 | ||
011696f7 | 706 | if (local_multicast) { |
dfc1091b LP |
707 | if ((l->flags & IFF_MULTICAST) != IFF_MULTICAST) |
708 | return false; | |
709 | } | |
710 | ||
6955a3ba LP |
711 | /* Check kernel operstate |
712 | * https://www.kernel.org/doc/Documentation/networking/operstates.txt */ | |
713 | if (!IN_SET(l->operstate, IF_OPER_UNKNOWN, IF_OPER_UP)) | |
714 | return false; | |
715 | ||
716 | (void) sd_network_link_get_operational_state(l->ifindex, &state); | |
aeafd03a | 717 | if (state && !STR_IN_SET(state, "unknown", "degraded", "degraded-carrier", "routable")) |
74b2466e LP |
718 | return false; |
719 | ||
720 | LIST_FOREACH(addresses, a, l->addresses) | |
011696f7 | 721 | if ((family == AF_UNSPEC || a->family == family) && link_address_relevant(a, local_multicast)) |
74b2466e LP |
722 | return true; |
723 | ||
724 | return false; | |
725 | } | |
726 | ||
623a4c97 | 727 | LinkAddress *link_find_address(Link *l, int family, const union in_addr_union *in_addr) { |
74b2466e LP |
728 | LinkAddress *a; |
729 | ||
730 | assert(l); | |
731 | ||
1716f6dc LP |
732 | LIST_FOREACH(addresses, a, l->addresses) |
733 | if (a->family == family && in_addr_equal(family, &a->in_addr, in_addr)) | |
74b2466e | 734 | return a; |
74b2466e LP |
735 | |
736 | return NULL; | |
737 | } | |
738 | ||
2c27fbca | 739 | DnsServer* link_set_dns_server(Link *l, DnsServer *s) { |
4e945a6f LP |
740 | assert(l); |
741 | ||
742 | if (l->current_dns_server == s) | |
743 | return s; | |
744 | ||
6cb08a89 | 745 | if (s) |
8aa5afd2 | 746 | log_debug("Switching to DNS server %s for interface %s.", strna(dns_server_string_full(s)), l->ifname); |
4e945a6f | 747 | |
0eac4623 LP |
748 | dns_server_unref(l->current_dns_server); |
749 | l->current_dns_server = dns_server_ref(s); | |
2c27fbca LP |
750 | |
751 | if (l->unicast_scope) | |
752 | dns_cache_flush(&l->unicast_scope->cache); | |
753 | ||
4e945a6f LP |
754 | return s; |
755 | } | |
756 | ||
74b2466e LP |
757 | DnsServer *link_get_dns_server(Link *l) { |
758 | assert(l); | |
759 | ||
760 | if (!l->current_dns_server) | |
4e945a6f | 761 | link_set_dns_server(l, l->dns_servers); |
74b2466e LP |
762 | |
763 | return l->current_dns_server; | |
764 | } | |
765 | ||
766 | void link_next_dns_server(Link *l) { | |
767 | assert(l); | |
768 | ||
74b2466e LP |
769 | if (!l->current_dns_server) |
770 | return; | |
771 | ||
0eac4623 LP |
772 | /* Change to the next one, but make sure to follow the linked |
773 | * list only if this server is actually still linked. */ | |
774 | if (l->current_dns_server->linked && l->current_dns_server->servers_next) { | |
4e945a6f | 775 | link_set_dns_server(l, l->current_dns_server->servers_next); |
74b2466e LP |
776 | return; |
777 | } | |
778 | ||
4e945a6f | 779 | link_set_dns_server(l, l->dns_servers); |
74b2466e LP |
780 | } |
781 | ||
c9299be2 | 782 | DnsOverTlsMode link_get_dns_over_tls_mode(Link *l) { |
d050561a IT |
783 | assert(l); |
784 | ||
c9299be2 IT |
785 | if (l->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID) |
786 | return l->dns_over_tls_mode; | |
d050561a | 787 | |
c9299be2 | 788 | return manager_get_dns_over_tls_mode(l->manager); |
d050561a IT |
789 | } |
790 | ||
c69fa7e3 LP |
791 | DnssecMode link_get_dnssec_mode(Link *l) { |
792 | assert(l); | |
793 | ||
794 | if (l->dnssec_mode != _DNSSEC_MODE_INVALID) | |
795 | return l->dnssec_mode; | |
796 | ||
797 | return manager_get_dnssec_mode(l->manager); | |
798 | } | |
799 | ||
800 | bool link_dnssec_supported(Link *l) { | |
801 | DnsServer *server; | |
802 | ||
803 | assert(l); | |
804 | ||
805 | if (link_get_dnssec_mode(l) == DNSSEC_NO) | |
806 | return false; | |
807 | ||
808 | server = link_get_dns_server(l); | |
809 | if (server) | |
810 | return dns_server_dnssec_supported(server); | |
811 | ||
812 | return true; | |
813 | } | |
814 | ||
623a4c97 | 815 | int link_address_new(Link *l, LinkAddress **ret, int family, const union in_addr_union *in_addr) { |
74b2466e LP |
816 | LinkAddress *a; |
817 | ||
818 | assert(l); | |
819 | assert(in_addr); | |
820 | ||
1ed31408 | 821 | a = new(LinkAddress, 1); |
74b2466e LP |
822 | if (!a) |
823 | return -ENOMEM; | |
824 | ||
1ed31408 LP |
825 | *a = (LinkAddress) { |
826 | .family = family, | |
827 | .in_addr = *in_addr, | |
828 | .link = l, | |
829 | }; | |
74b2466e | 830 | |
74b2466e | 831 | LIST_PREPEND(addresses, l->addresses, a); |
bceaa99d | 832 | l->n_addresses++; |
74b2466e LP |
833 | |
834 | if (ret) | |
835 | *ret = a; | |
836 | ||
837 | return 0; | |
838 | } | |
839 | ||
840 | LinkAddress *link_address_free(LinkAddress *a) { | |
841 | if (!a) | |
842 | return NULL; | |
843 | ||
623a4c97 | 844 | if (a->link) { |
74b2466e LP |
845 | LIST_REMOVE(addresses, a->link->addresses, a); |
846 | ||
bceaa99d LP |
847 | assert(a->link->n_addresses > 0); |
848 | a->link->n_addresses--; | |
849 | ||
623a4c97 | 850 | if (a->llmnr_address_rr) { |
623a4c97 LP |
851 | if (a->family == AF_INET && a->link->llmnr_ipv4_scope) |
852 | dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_address_rr); | |
853 | else if (a->family == AF_INET6 && a->link->llmnr_ipv6_scope) | |
854 | dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_address_rr); | |
623a4c97 LP |
855 | } |
856 | ||
857 | if (a->llmnr_ptr_rr) { | |
858 | if (a->family == AF_INET && a->link->llmnr_ipv4_scope) | |
859 | dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_ptr_rr); | |
860 | else if (a->family == AF_INET6 && a->link->llmnr_ipv6_scope) | |
861 | dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_ptr_rr); | |
623a4c97 | 862 | } |
400cb36e DR |
863 | |
864 | if (a->mdns_address_rr) { | |
865 | if (a->family == AF_INET && a->link->mdns_ipv4_scope) | |
866 | dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_address_rr); | |
867 | else if (a->family == AF_INET6 && a->link->mdns_ipv6_scope) | |
868 | dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_address_rr); | |
869 | } | |
870 | ||
871 | if (a->mdns_ptr_rr) { | |
872 | if (a->family == AF_INET && a->link->mdns_ipv4_scope) | |
873 | dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_ptr_rr); | |
874 | else if (a->family == AF_INET6 && a->link->mdns_ipv6_scope) | |
875 | dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_ptr_rr); | |
876 | } | |
623a4c97 LP |
877 | } |
878 | ||
ec2c5e43 LP |
879 | dns_resource_record_unref(a->llmnr_address_rr); |
880 | dns_resource_record_unref(a->llmnr_ptr_rr); | |
400cb36e DR |
881 | dns_resource_record_unref(a->mdns_address_rr); |
882 | dns_resource_record_unref(a->mdns_ptr_rr); | |
ec2c5e43 | 883 | |
6b430fdb | 884 | return mfree(a); |
74b2466e LP |
885 | } |
886 | ||
ec2c5e43 | 887 | void link_address_add_rrs(LinkAddress *a, bool force_remove) { |
623a4c97 LP |
888 | int r; |
889 | ||
890 | assert(a); | |
891 | ||
ec2c5e43 | 892 | if (a->family == AF_INET) { |
623a4c97 | 893 | |
4e945a6f | 894 | if (!force_remove && |
011696f7 | 895 | link_address_relevant(a, true) && |
4e945a6f | 896 | a->link->llmnr_ipv4_scope && |
af49ca27 LP |
897 | a->link->llmnr_support == RESOLVE_SUPPORT_YES && |
898 | a->link->manager->llmnr_support == RESOLVE_SUPPORT_YES) { | |
4e945a6f | 899 | |
78c6a153 LP |
900 | if (!a->link->manager->llmnr_host_ipv4_key) { |
901 | a->link->manager->llmnr_host_ipv4_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_A, a->link->manager->llmnr_hostname); | |
902 | if (!a->link->manager->llmnr_host_ipv4_key) { | |
ec2c5e43 LP |
903 | r = -ENOMEM; |
904 | goto fail; | |
905 | } | |
623a4c97 | 906 | } |
623a4c97 | 907 | |
623a4c97 | 908 | if (!a->llmnr_address_rr) { |
78c6a153 | 909 | a->llmnr_address_rr = dns_resource_record_new(a->link->manager->llmnr_host_ipv4_key); |
ec2c5e43 LP |
910 | if (!a->llmnr_address_rr) { |
911 | r = -ENOMEM; | |
912 | goto fail; | |
913 | } | |
914 | ||
915 | a->llmnr_address_rr->a.in_addr = a->in_addr.in; | |
916 | a->llmnr_address_rr->ttl = LLMNR_DEFAULT_TTL; | |
623a4c97 LP |
917 | } |
918 | ||
ec2c5e43 | 919 | if (!a->llmnr_ptr_rr) { |
78c6a153 | 920 | r = dns_resource_record_new_reverse(&a->llmnr_ptr_rr, a->family, &a->in_addr, a->link->manager->llmnr_hostname); |
ec2c5e43 LP |
921 | if (r < 0) |
922 | goto fail; | |
623a4c97 | 923 | |
ec2c5e43 LP |
924 | a->llmnr_ptr_rr->ttl = LLMNR_DEFAULT_TTL; |
925 | } | |
623a4c97 | 926 | |
ec2c5e43 | 927 | r = dns_zone_put(&a->link->llmnr_ipv4_scope->zone, a->link->llmnr_ipv4_scope, a->llmnr_address_rr, true); |
623a4c97 | 928 | if (r < 0) |
da927ba9 | 929 | log_warning_errno(r, "Failed to add A record to LLMNR zone: %m"); |
623a4c97 | 930 | |
ec2c5e43 | 931 | r = dns_zone_put(&a->link->llmnr_ipv4_scope->zone, a->link->llmnr_ipv4_scope, a->llmnr_ptr_rr, false); |
623a4c97 | 932 | if (r < 0) |
e372a138 | 933 | log_warning_errno(r, "Failed to add IPv4 PTR record to LLMNR zone: %m"); |
623a4c97 | 934 | } else { |
ec2c5e43 LP |
935 | if (a->llmnr_address_rr) { |
936 | if (a->link->llmnr_ipv4_scope) | |
937 | dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_address_rr); | |
938 | a->llmnr_address_rr = dns_resource_record_unref(a->llmnr_address_rr); | |
939 | } | |
940 | ||
941 | if (a->llmnr_ptr_rr) { | |
942 | if (a->link->llmnr_ipv4_scope) | |
943 | dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_ptr_rr); | |
944 | a->llmnr_ptr_rr = dns_resource_record_unref(a->llmnr_ptr_rr); | |
945 | } | |
623a4c97 | 946 | } |
400cb36e DR |
947 | |
948 | if (!force_remove && | |
949 | link_address_relevant(a, true) && | |
950 | a->link->mdns_ipv4_scope && | |
951 | a->link->mdns_support == RESOLVE_SUPPORT_YES && | |
952 | a->link->manager->mdns_support == RESOLVE_SUPPORT_YES) { | |
953 | if (!a->link->manager->mdns_host_ipv4_key) { | |
954 | a->link->manager->mdns_host_ipv4_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_A, a->link->manager->mdns_hostname); | |
955 | if (!a->link->manager->mdns_host_ipv4_key) { | |
956 | r = -ENOMEM; | |
957 | goto fail; | |
958 | } | |
959 | } | |
960 | ||
961 | if (!a->mdns_address_rr) { | |
962 | a->mdns_address_rr = dns_resource_record_new(a->link->manager->mdns_host_ipv4_key); | |
963 | if (!a->mdns_address_rr) { | |
964 | r = -ENOMEM; | |
965 | goto fail; | |
966 | } | |
967 | ||
968 | a->mdns_address_rr->a.in_addr = a->in_addr.in; | |
969 | a->mdns_address_rr->ttl = MDNS_DEFAULT_TTL; | |
970 | } | |
971 | ||
972 | if (!a->mdns_ptr_rr) { | |
973 | r = dns_resource_record_new_reverse(&a->mdns_ptr_rr, a->family, &a->in_addr, a->link->manager->mdns_hostname); | |
974 | if (r < 0) | |
975 | goto fail; | |
976 | ||
977 | a->mdns_ptr_rr->ttl = MDNS_DEFAULT_TTL; | |
978 | } | |
979 | ||
980 | r = dns_zone_put(&a->link->mdns_ipv4_scope->zone, a->link->mdns_ipv4_scope, a->mdns_address_rr, true); | |
981 | if (r < 0) | |
982 | log_warning_errno(r, "Failed to add A record to MDNS zone: %m"); | |
983 | ||
984 | r = dns_zone_put(&a->link->mdns_ipv4_scope->zone, a->link->mdns_ipv4_scope, a->mdns_ptr_rr, false); | |
985 | if (r < 0) | |
986 | log_warning_errno(r, "Failed to add IPv4 PTR record to MDNS zone: %m"); | |
987 | } else { | |
988 | if (a->mdns_address_rr) { | |
989 | if (a->link->mdns_ipv4_scope) | |
990 | dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_address_rr); | |
991 | a->mdns_address_rr = dns_resource_record_unref(a->mdns_address_rr); | |
992 | } | |
993 | ||
994 | if (a->mdns_ptr_rr) { | |
995 | if (a->link->mdns_ipv4_scope) | |
996 | dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_ptr_rr); | |
997 | a->mdns_ptr_rr = dns_resource_record_unref(a->mdns_ptr_rr); | |
998 | } | |
999 | } | |
623a4c97 LP |
1000 | } |
1001 | ||
ec2c5e43 | 1002 | if (a->family == AF_INET6) { |
623a4c97 | 1003 | |
4e945a6f | 1004 | if (!force_remove && |
011696f7 | 1005 | link_address_relevant(a, true) && |
4e945a6f | 1006 | a->link->llmnr_ipv6_scope && |
af49ca27 LP |
1007 | a->link->llmnr_support == RESOLVE_SUPPORT_YES && |
1008 | a->link->manager->llmnr_support == RESOLVE_SUPPORT_YES) { | |
4e945a6f | 1009 | |
78c6a153 LP |
1010 | if (!a->link->manager->llmnr_host_ipv6_key) { |
1011 | a->link->manager->llmnr_host_ipv6_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_AAAA, a->link->manager->llmnr_hostname); | |
1012 | if (!a->link->manager->llmnr_host_ipv6_key) { | |
ec2c5e43 LP |
1013 | r = -ENOMEM; |
1014 | goto fail; | |
1015 | } | |
623a4c97 | 1016 | } |
623a4c97 | 1017 | |
623a4c97 | 1018 | if (!a->llmnr_address_rr) { |
78c6a153 | 1019 | a->llmnr_address_rr = dns_resource_record_new(a->link->manager->llmnr_host_ipv6_key); |
ec2c5e43 LP |
1020 | if (!a->llmnr_address_rr) { |
1021 | r = -ENOMEM; | |
1022 | goto fail; | |
1023 | } | |
1024 | ||
1025 | a->llmnr_address_rr->aaaa.in6_addr = a->in_addr.in6; | |
1026 | a->llmnr_address_rr->ttl = LLMNR_DEFAULT_TTL; | |
623a4c97 LP |
1027 | } |
1028 | ||
ec2c5e43 | 1029 | if (!a->llmnr_ptr_rr) { |
78c6a153 | 1030 | r = dns_resource_record_new_reverse(&a->llmnr_ptr_rr, a->family, &a->in_addr, a->link->manager->llmnr_hostname); |
ec2c5e43 LP |
1031 | if (r < 0) |
1032 | goto fail; | |
623a4c97 | 1033 | |
ec2c5e43 LP |
1034 | a->llmnr_ptr_rr->ttl = LLMNR_DEFAULT_TTL; |
1035 | } | |
623a4c97 | 1036 | |
ec2c5e43 | 1037 | r = dns_zone_put(&a->link->llmnr_ipv6_scope->zone, a->link->llmnr_ipv6_scope, a->llmnr_address_rr, true); |
623a4c97 | 1038 | if (r < 0) |
da927ba9 | 1039 | log_warning_errno(r, "Failed to add AAAA record to LLMNR zone: %m"); |
623a4c97 | 1040 | |
ec2c5e43 | 1041 | r = dns_zone_put(&a->link->llmnr_ipv6_scope->zone, a->link->llmnr_ipv6_scope, a->llmnr_ptr_rr, false); |
623a4c97 | 1042 | if (r < 0) |
da927ba9 | 1043 | log_warning_errno(r, "Failed to add IPv6 PTR record to LLMNR zone: %m"); |
623a4c97 | 1044 | } else { |
ec2c5e43 LP |
1045 | if (a->llmnr_address_rr) { |
1046 | if (a->link->llmnr_ipv6_scope) | |
1047 | dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_address_rr); | |
1048 | a->llmnr_address_rr = dns_resource_record_unref(a->llmnr_address_rr); | |
1049 | } | |
1050 | ||
1051 | if (a->llmnr_ptr_rr) { | |
1052 | if (a->link->llmnr_ipv6_scope) | |
1053 | dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_ptr_rr); | |
1054 | a->llmnr_ptr_rr = dns_resource_record_unref(a->llmnr_ptr_rr); | |
1055 | } | |
623a4c97 | 1056 | } |
400cb36e DR |
1057 | |
1058 | if (!force_remove && | |
1059 | link_address_relevant(a, true) && | |
1060 | a->link->mdns_ipv6_scope && | |
1061 | a->link->mdns_support == RESOLVE_SUPPORT_YES && | |
1062 | a->link->manager->mdns_support == RESOLVE_SUPPORT_YES) { | |
1063 | ||
1064 | if (!a->link->manager->mdns_host_ipv6_key) { | |
1065 | a->link->manager->mdns_host_ipv6_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_AAAA, a->link->manager->mdns_hostname); | |
1066 | if (!a->link->manager->mdns_host_ipv6_key) { | |
1067 | r = -ENOMEM; | |
1068 | goto fail; | |
1069 | } | |
1070 | } | |
1071 | ||
1072 | if (!a->mdns_address_rr) { | |
1073 | a->mdns_address_rr = dns_resource_record_new(a->link->manager->mdns_host_ipv6_key); | |
1074 | if (!a->mdns_address_rr) { | |
1075 | r = -ENOMEM; | |
1076 | goto fail; | |
1077 | } | |
1078 | ||
1079 | a->mdns_address_rr->aaaa.in6_addr = a->in_addr.in6; | |
1080 | a->mdns_address_rr->ttl = MDNS_DEFAULT_TTL; | |
1081 | } | |
1082 | ||
1083 | if (!a->mdns_ptr_rr) { | |
1084 | r = dns_resource_record_new_reverse(&a->mdns_ptr_rr, a->family, &a->in_addr, a->link->manager->mdns_hostname); | |
1085 | if (r < 0) | |
1086 | goto fail; | |
1087 | ||
1088 | a->mdns_ptr_rr->ttl = MDNS_DEFAULT_TTL; | |
1089 | } | |
1090 | ||
1091 | r = dns_zone_put(&a->link->mdns_ipv6_scope->zone, a->link->mdns_ipv6_scope, a->mdns_address_rr, true); | |
1092 | if (r < 0) | |
1093 | log_warning_errno(r, "Failed to add AAAA record to MDNS zone: %m"); | |
1094 | ||
1095 | r = dns_zone_put(&a->link->mdns_ipv6_scope->zone, a->link->mdns_ipv6_scope, a->mdns_ptr_rr, false); | |
1096 | if (r < 0) | |
1097 | log_warning_errno(r, "Failed to add IPv6 PTR record to MDNS zone: %m"); | |
1098 | } else { | |
1099 | if (a->mdns_address_rr) { | |
1100 | if (a->link->mdns_ipv6_scope) | |
1101 | dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_address_rr); | |
1102 | a->mdns_address_rr = dns_resource_record_unref(a->mdns_address_rr); | |
1103 | } | |
1104 | ||
1105 | if (a->mdns_ptr_rr) { | |
1106 | if (a->link->mdns_ipv6_scope) | |
1107 | dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_ptr_rr); | |
1108 | a->mdns_ptr_rr = dns_resource_record_unref(a->mdns_ptr_rr); | |
1109 | } | |
1110 | } | |
623a4c97 LP |
1111 | } |
1112 | ||
1113 | return; | |
1114 | ||
1115 | fail: | |
da927ba9 | 1116 | log_debug_errno(r, "Failed to update address RRs: %m"); |
623a4c97 LP |
1117 | } |
1118 | ||
1c4baffc | 1119 | int link_address_update_rtnl(LinkAddress *a, sd_netlink_message *m) { |
74b2466e LP |
1120 | int r; |
1121 | assert(a); | |
1122 | assert(m); | |
1123 | ||
1124 | r = sd_rtnl_message_addr_get_flags(m, &a->flags); | |
1125 | if (r < 0) | |
1126 | return r; | |
1127 | ||
1716f6dc | 1128 | sd_rtnl_message_addr_get_scope(m, &a->scope); |
74b2466e | 1129 | |
1716f6dc | 1130 | link_allocate_scopes(a->link); |
ec2c5e43 | 1131 | link_add_rrs(a->link, false); |
623a4c97 | 1132 | |
74b2466e LP |
1133 | return 0; |
1134 | } | |
1135 | ||
011696f7 | 1136 | bool link_address_relevant(LinkAddress *a, bool local_multicast) { |
74b2466e LP |
1137 | assert(a); |
1138 | ||
7b85d72f | 1139 | if (a->flags & (IFA_F_DEPRECATED|IFA_F_TENTATIVE)) |
74b2466e LP |
1140 | return false; |
1141 | ||
011696f7 | 1142 | if (a->scope >= (local_multicast ? RT_SCOPE_HOST : RT_SCOPE_LINK)) |
74b2466e LP |
1143 | return false; |
1144 | ||
1145 | return true; | |
1146 | } | |
943ef07c LP |
1147 | |
1148 | static bool link_needs_save(Link *l) { | |
1149 | assert(l); | |
1150 | ||
1151 | /* Returns true if any of the settings where set different from the default */ | |
1152 | ||
1153 | if (l->is_managed) | |
1154 | return false; | |
1155 | ||
1156 | if (l->llmnr_support != RESOLVE_SUPPORT_YES || | |
1157 | l->mdns_support != RESOLVE_SUPPORT_NO || | |
dc2bc986 LP |
1158 | l->dnssec_mode != _DNSSEC_MODE_INVALID || |
1159 | l->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID) | |
943ef07c LP |
1160 | return true; |
1161 | ||
1162 | if (l->dns_servers || | |
1163 | l->search_domains) | |
1164 | return true; | |
1165 | ||
1166 | if (!set_isempty(l->dnssec_negative_trust_anchors)) | |
1167 | return true; | |
1168 | ||
ca5394d2 LP |
1169 | if (l->default_route >= 0) |
1170 | return true; | |
1171 | ||
943ef07c LP |
1172 | return false; |
1173 | } | |
1174 | ||
1175 | int link_save_user(Link *l) { | |
1176 | _cleanup_free_ char *temp_path = NULL; | |
1177 | _cleanup_fclose_ FILE *f = NULL; | |
1178 | const char *v; | |
1179 | int r; | |
1180 | ||
1181 | assert(l); | |
1182 | assert(l->state_file); | |
1183 | ||
1184 | if (!link_needs_save(l)) { | |
1185 | (void) unlink(l->state_file); | |
1186 | return 0; | |
1187 | } | |
1188 | ||
1189 | r = mkdir_parents(l->state_file, 0700); | |
1190 | if (r < 0) | |
1191 | goto fail; | |
1192 | ||
1193 | r = fopen_temporary(l->state_file, &f, &temp_path); | |
1194 | if (r < 0) | |
1195 | goto fail; | |
1196 | ||
0d536673 LP |
1197 | (void) fchmod(fileno(f), 0644); |
1198 | ||
1199 | fputs("# This is private data. Do not parse.\n", f); | |
943ef07c LP |
1200 | |
1201 | v = resolve_support_to_string(l->llmnr_support); | |
1202 | if (v) | |
1203 | fprintf(f, "LLMNR=%s\n", v); | |
1204 | ||
1205 | v = resolve_support_to_string(l->mdns_support); | |
1206 | if (v) | |
1207 | fprintf(f, "MDNS=%s\n", v); | |
1208 | ||
1209 | v = dnssec_mode_to_string(l->dnssec_mode); | |
1210 | if (v) | |
1211 | fprintf(f, "DNSSEC=%s\n", v); | |
1212 | ||
ca5394d2 LP |
1213 | if (l->default_route >= 0) |
1214 | fprintf(f, "DEFAULT_ROUTE=%s\n", yes_no(l->default_route)); | |
1215 | ||
943ef07c LP |
1216 | if (l->dns_servers) { |
1217 | DnsServer *server; | |
1218 | ||
0d536673 | 1219 | fputs("SERVERS=", f); |
943ef07c LP |
1220 | LIST_FOREACH(servers, server, l->dns_servers) { |
1221 | ||
1222 | if (server != l->dns_servers) | |
0d536673 | 1223 | fputc(' ', f); |
943ef07c | 1224 | |
8aa5afd2 | 1225 | v = dns_server_string_full(server); |
943ef07c LP |
1226 | if (!v) { |
1227 | r = -ENOMEM; | |
1228 | goto fail; | |
1229 | } | |
1230 | ||
0d536673 | 1231 | fputs(v, f); |
943ef07c | 1232 | } |
0d536673 | 1233 | fputc('\n', f); |
943ef07c LP |
1234 | } |
1235 | ||
1236 | if (l->search_domains) { | |
1237 | DnsSearchDomain *domain; | |
1238 | ||
0d536673 | 1239 | fputs("DOMAINS=", f); |
943ef07c LP |
1240 | LIST_FOREACH(domains, domain, l->search_domains) { |
1241 | ||
1242 | if (domain != l->search_domains) | |
0d536673 | 1243 | fputc(' ', f); |
943ef07c LP |
1244 | |
1245 | if (domain->route_only) | |
0d536673 | 1246 | fputc('~', f); |
943ef07c | 1247 | |
0d536673 | 1248 | fputs(DNS_SEARCH_DOMAIN_NAME(domain), f); |
943ef07c | 1249 | } |
0d536673 | 1250 | fputc('\n', f); |
943ef07c LP |
1251 | } |
1252 | ||
1253 | if (!set_isempty(l->dnssec_negative_trust_anchors)) { | |
1254 | bool space = false; | |
943ef07c LP |
1255 | char *nta; |
1256 | ||
0d536673 | 1257 | fputs("NTAS=", f); |
90e74a66 | 1258 | SET_FOREACH(nta, l->dnssec_negative_trust_anchors) { |
943ef07c LP |
1259 | |
1260 | if (space) | |
0d536673 | 1261 | fputc(' ', f); |
943ef07c | 1262 | |
0d536673 | 1263 | fputs(nta, f); |
943ef07c LP |
1264 | space = true; |
1265 | } | |
0d536673 | 1266 | fputc('\n', f); |
943ef07c LP |
1267 | } |
1268 | ||
1269 | r = fflush_and_check(f); | |
1270 | if (r < 0) | |
1271 | goto fail; | |
1272 | ||
1273 | if (rename(temp_path, l->state_file) < 0) { | |
1274 | r = -errno; | |
1275 | goto fail; | |
1276 | } | |
1277 | ||
1278 | return 0; | |
1279 | ||
1280 | fail: | |
1281 | (void) unlink(l->state_file); | |
1282 | ||
1283 | if (temp_path) | |
1284 | (void) unlink(temp_path); | |
1285 | ||
1286 | return log_error_errno(r, "Failed to save link data %s: %m", l->state_file); | |
1287 | } | |
1288 | ||
1289 | int link_load_user(Link *l) { | |
1290 | _cleanup_free_ char | |
1291 | *llmnr = NULL, | |
1292 | *mdns = NULL, | |
1293 | *dnssec = NULL, | |
1294 | *servers = NULL, | |
1295 | *domains = NULL, | |
ca5394d2 LP |
1296 | *ntas = NULL, |
1297 | *default_route = NULL; | |
943ef07c LP |
1298 | |
1299 | ResolveSupport s; | |
c58bd76a | 1300 | const char *p; |
943ef07c LP |
1301 | int r; |
1302 | ||
1303 | assert(l); | |
1304 | assert(l->state_file); | |
1305 | ||
1306 | /* Try to load only a single time */ | |
1307 | if (l->loaded) | |
1308 | return 0; | |
1309 | l->loaded = true; | |
1310 | ||
1311 | if (l->is_managed) | |
1312 | return 0; /* if the device is managed, then networkd is our configuration source, not the bus API */ | |
1313 | ||
aa8fbc74 | 1314 | r = parse_env_file(NULL, l->state_file, |
943ef07c LP |
1315 | "LLMNR", &llmnr, |
1316 | "MDNS", &mdns, | |
1317 | "DNSSEC", &dnssec, | |
1318 | "SERVERS", &servers, | |
1319 | "DOMAINS", &domains, | |
ca5394d2 LP |
1320 | "NTAS", &ntas, |
1321 | "DEFAULT_ROUTE", &default_route); | |
943ef07c LP |
1322 | if (r == -ENOENT) |
1323 | return 0; | |
1324 | if (r < 0) | |
1325 | goto fail; | |
1326 | ||
1327 | link_flush_settings(l); | |
1328 | ||
1329 | /* If we can't recognize the LLMNR or MDNS setting we don't override the default */ | |
1330 | s = resolve_support_from_string(llmnr); | |
1331 | if (s >= 0) | |
1332 | l->llmnr_support = s; | |
1333 | ||
1334 | s = resolve_support_from_string(mdns); | |
1335 | if (s >= 0) | |
1336 | l->mdns_support = s; | |
1337 | ||
ca5394d2 LP |
1338 | r = parse_boolean(default_route); |
1339 | if (r >= 0) | |
1340 | l->default_route = r; | |
1341 | ||
943ef07c LP |
1342 | /* If we can't recognize the DNSSEC setting, then set it to invalid, so that the daemon default is used. */ |
1343 | l->dnssec_mode = dnssec_mode_from_string(dnssec); | |
1344 | ||
c58bd76a ZJS |
1345 | for (p = servers;;) { |
1346 | _cleanup_free_ char *word = NULL; | |
943ef07c | 1347 | |
c58bd76a ZJS |
1348 | r = extract_first_word(&p, &word, NULL, 0); |
1349 | if (r < 0) | |
1350 | goto fail; | |
1351 | if (r == 0) | |
1352 | break; | |
943ef07c | 1353 | |
c58bd76a ZJS |
1354 | r = link_update_dns_server_one(l, word); |
1355 | if (r < 0) { | |
1356 | log_debug_errno(r, "Failed to load DNS server '%s', ignoring: %m", word); | |
1357 | continue; | |
943ef07c LP |
1358 | } |
1359 | } | |
1360 | ||
c58bd76a ZJS |
1361 | for (p = domains;;) { |
1362 | _cleanup_free_ char *word = NULL; | |
1363 | const char *n; | |
1364 | bool is_route; | |
943ef07c | 1365 | |
c58bd76a ZJS |
1366 | r = extract_first_word(&p, &word, NULL, 0); |
1367 | if (r < 0) | |
1368 | goto fail; | |
1369 | if (r == 0) | |
1370 | break; | |
943ef07c | 1371 | |
c58bd76a ZJS |
1372 | is_route = word[0] == '~'; |
1373 | n = is_route ? word + 1 : word; | |
943ef07c | 1374 | |
c58bd76a ZJS |
1375 | r = link_update_search_domain_one(l, n, is_route); |
1376 | if (r < 0) { | |
1377 | log_debug_errno(r, "Failed to load search domain '%s', ignoring: %m", word); | |
1378 | continue; | |
943ef07c LP |
1379 | } |
1380 | } | |
1381 | ||
1382 | if (ntas) { | |
1383 | _cleanup_set_free_free_ Set *ns = NULL; | |
1384 | ||
1385 | ns = set_new(&dns_name_hash_ops); | |
1386 | if (!ns) { | |
1387 | r = -ENOMEM; | |
1388 | goto fail; | |
1389 | } | |
1390 | ||
1391 | r = set_put_strsplit(ns, ntas, NULL, 0); | |
1392 | if (r < 0) | |
1393 | goto fail; | |
1394 | ||
ae2a15bc | 1395 | l->dnssec_negative_trust_anchors = TAKE_PTR(ns); |
943ef07c LP |
1396 | } |
1397 | ||
1398 | return 0; | |
1399 | ||
1400 | fail: | |
1401 | return log_error_errno(r, "Failed to load link data %s: %m", l->state_file); | |
1402 | } | |
1403 | ||
1404 | void link_remove_user(Link *l) { | |
1405 | assert(l); | |
1406 | assert(l->state_file); | |
1407 | ||
1408 | (void) unlink(l->state_file); | |
1409 | } |