[thirdparty/systemd.git] / src / resolve / resolved-mdns.c

/* SPDX-License-Identifier: LGPL-2.1+ */

#include <resolv.h>
#include <netinet/in.h>
#include <arpa/inet.h>

#include "alloc-util.h"
#include "fd-util.h"
#include "resolved-manager.h"
#include "resolved-mdns.h"

#define CLEAR_CACHE_FLUSH(x) (~MDNS_RR_CACHE_FLUSH & (x))

void manager_mdns_stop(Manager *m) {
        assert(m);

        m->mdns_ipv4_event_source = sd_event_source_unref(m->mdns_ipv4_event_source);
        m->mdns_ipv4_fd = safe_close(m->mdns_ipv4_fd);

        m->mdns_ipv6_event_source = sd_event_source_unref(m->mdns_ipv6_event_source);
        m->mdns_ipv6_fd = safe_close(m->mdns_ipv6_fd);
}

int manager_mdns_start(Manager *m) {
        int r;

        assert(m);

        if (m->mdns_support == RESOLVE_SUPPORT_NO)
                return 0;

        r = manager_mdns_ipv4_fd(m);
        if (r == -EADDRINUSE)
                goto eaddrinuse;
        if (r < 0)
                return r;

        if (socket_ipv6_is_supported()) {
                r = manager_mdns_ipv6_fd(m);
                if (r == -EADDRINUSE)
                        goto eaddrinuse;
                if (r < 0)
                        return r;
        }

        return 0;

eaddrinuse:
        log_warning("Another mDNS responder prohibits binding the socket to the same port. Turning off mDNS support.");
        m->mdns_support = RESOLVE_SUPPORT_NO;
        manager_mdns_stop(m);

        return 0;
}

static int mdns_rr_compare(DnsResourceRecord * const *a, DnsResourceRecord * const *b) {
        DnsResourceRecord *x = *(DnsResourceRecord **) a, *y = *(DnsResourceRecord **) b;
        size_t m;
        int r;

        assert(x);
        assert(y);

        r = CMP(CLEAR_CACHE_FLUSH(x->key->class), CLEAR_CACHE_FLUSH(y->key->class));
        if (r != 0)
                return r;

        r = CMP(x->key->type, y->key->type);
        if (r != 0)
                return r;

        r = dns_resource_record_to_wire_format(x, false);
        if (r < 0) {
                log_warning_errno(r, "Can't wire-format RR: %m");
                return 0;
        }

        r = dns_resource_record_to_wire_format(y, false);
        if (r < 0) {
                log_warning_errno(r, "Can't wire-format RR: %m");
                return 0;
        }

        m = MIN(DNS_RESOURCE_RECORD_RDATA_SIZE(x), DNS_RESOURCE_RECORD_RDATA_SIZE(y));

        r = memcmp(DNS_RESOURCE_RECORD_RDATA(x), DNS_RESOURCE_RECORD_RDATA(y), m);
        if (r != 0)
                return r;

        return CMP(DNS_RESOURCE_RECORD_RDATA_SIZE(x), DNS_RESOURCE_RECORD_RDATA_SIZE(y));
}

static int proposed_rrs_cmp(DnsResourceRecord **x, unsigned x_size, DnsResourceRecord **y, unsigned y_size) {
        unsigned m;
        int r;

        m = MIN(x_size, y_size);
        for (unsigned i = 0; i < m; i++) {
                r = mdns_rr_compare(&x[i], &y[i]);
                if (r != 0)
                        return r;
        }

        if (x_size < y_size)
                return -1;
        if (x_size > y_size)
                return 1;

        return 0;
}

static int mdns_packet_extract_matching_rrs(DnsPacket *p, DnsResourceKey *key, DnsResourceRecord ***ret_rrs) {
        _cleanup_free_ DnsResourceRecord **list = NULL;
        unsigned n = 0, size = 0;
        int r;

        assert(p);
        assert(key);
        assert(ret_rrs);
        assert_return(DNS_PACKET_NSCOUNT(p) > 0, -EINVAL);

        for (size_t i = DNS_PACKET_ANCOUNT(p); i < (DNS_PACKET_ANCOUNT(p) + DNS_PACKET_NSCOUNT(p)); i++) {
                r = dns_resource_key_match_rr(key, p->answer->items[i].rr, NULL);
                if (r < 0)
                        return r;
                if (r > 0)
                        size++;
        }

        if (size == 0)
                return 0;

        list = new(DnsResourceRecord *, size);
        if (!list)
                return -ENOMEM;

        for (size_t i = DNS_PACKET_ANCOUNT(p); i < (DNS_PACKET_ANCOUNT(p) + DNS_PACKET_NSCOUNT(p)); i++) {
                r = dns_resource_key_match_rr(key, p->answer->items[i].rr, NULL);
                if (r < 0)
                        return r;
                if (r > 0)
                        list[n++] = p->answer->items[i].rr;
        }
        assert(n == size);
        typesafe_qsort(list, size, mdns_rr_compare);

        *ret_rrs = TAKE_PTR(list);

        return size;
}

static int mdns_do_tiebreak(DnsResourceKey *key, DnsAnswer *answer, DnsPacket *p) {
        _cleanup_free_ DnsResourceRecord **our = NULL, **remote = NULL;
        DnsResourceRecord *rr;
        size_t i = 0, size;
        int r;

        size = dns_answer_size(answer);
        our = new(DnsResourceRecord *, size);
        if (!our)
                return -ENOMEM;

        DNS_ANSWER_FOREACH(rr, answer)
                our[i++] = rr;

        typesafe_qsort(our, size, mdns_rr_compare);

        r = mdns_packet_extract_matching_rrs(p, key, &remote);
        if (r < 0)
                return r;

        assert(r > 0);

        if (proposed_rrs_cmp(remote, r, our, size) > 0)
                return 1;

        return 0;
}

static int mdns_scope_process_query(DnsScope *s, DnsPacket *p) {
        _cleanup_(dns_answer_unrefp) DnsAnswer *full_answer = NULL;
        _cleanup_(dns_packet_unrefp) DnsPacket *reply = NULL;
        DnsResourceKey *key = NULL;
        DnsResourceRecord *rr;
        bool tentative = false;
        int r;

        assert(s);
        assert(p);

        r = dns_packet_extract(p);
        if (r < 0)
                return log_debug_errno(r, "Failed to extract resource records from incoming packet: %m");

        assert_return((dns_question_size(p->question) > 0), -EINVAL);

        DNS_QUESTION_FOREACH(key, p->question) {
                _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL, *soa = NULL;

                r = dns_zone_lookup(&s->zone, key, 0, &answer, &soa, &tentative);
                if (r < 0)
                        return log_debug_errno(r, "Failed to lookup key: %m");

                if (tentative && DNS_PACKET_NSCOUNT(p) > 0) {
                        /*
                         * A race condition detected with the probe packet from
                         * a remote host.
                         * Do simultaneous probe tiebreaking as described in
                         * RFC 6762, Section 8.2. In case we lost don't reply
                         * the question and withdraw conflicting RRs.
                         */
                        r = mdns_do_tiebreak(key, answer, p);
                        if (r < 0)
                                return log_debug_errno(r, "Failed to do tiebreaking");

                        if (r > 0) { /* we lost */
                                DNS_ANSWER_FOREACH(rr, answer) {
                                        DnsZoneItem *i;

                                        i = dns_zone_get(&s->zone, rr);
                                        if (i)
                                                dns_zone_item_conflict(i);
                                }

                                continue;
                        }
                }

                r = dns_answer_extend(&full_answer, answer);
                if (r < 0)
                        return log_debug_errno(r, "Failed to extend answer: %m");
        }

        if (dns_answer_isempty(full_answer))
                return 0;

        r = dns_scope_make_reply_packet(s, DNS_PACKET_ID(p), DNS_RCODE_SUCCESS, NULL, full_answer, NULL, false, &reply);
        if (r < 0)
                return log_debug_errno(r, "Failed to build reply packet: %m");

        if (!ratelimit_below(&s->ratelimit))
                return 0;

        r = dns_scope_emit_udp(s, -1, reply);
        if (r < 0)
                return log_debug_errno(r, "Failed to send reply packet: %m");

        return 0;
}

static int on_mdns_packet(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
        _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
        Manager *m = userdata;
        DnsScope *scope;
        int r;

        r = manager_recv(m, fd, DNS_PROTOCOL_MDNS, &p);
        if (r <= 0)
                return r;

        if (manager_our_packet(m, p))
                return 0;

        scope = manager_find_scope(m, p);
        if (!scope) {
                log_debug("Got mDNS UDP packet on unknown scope. Ignoring.");
                return 0;
        }

        if (dns_packet_validate_reply(p) > 0) {
                DnsResourceRecord *rr;

                log_debug("Got mDNS reply packet");

                /*
                 * mDNS is different from regular DNS and LLMNR with regard to handling responses.
                 * While on other protocols, we can ignore every answer that doesn't match a question
                 * we broadcast earlier, RFC6762, section 18.1 recommends looking at and caching all
                 * incoming information, regardless of the DNS packet ID.
                 *
                 * Hence, extract the packet here, and try to find a transaction for answer the we got
                 * and complete it. Also store the new information in scope's cache.
                 */
                r = dns_packet_extract(p);
                if (r < 0) {
                        log_debug("mDNS packet extraction failed.");
                        return 0;
                }

                dns_scope_check_conflicts(scope, p);

                DNS_ANSWER_FOREACH(rr, p->answer) {
                        const char *name = dns_resource_key_name(rr->key);
                        DnsTransaction *t;

                        /* If the received reply packet contains ANY record that is not .local or .in-addr.arpa,
                         * we assume someone's playing tricks on us and discard the packet completely. */
                        if (!(dns_name_endswith(name, "in-addr.arpa") > 0 ||
                              dns_name_endswith(name, "local") > 0))
                                return 0;

                        if (rr->ttl == 0) {
                                log_debug("Got a goodbye packet");
                                /* See the section 10.1 of RFC6762 */
                                rr->ttl = 1;
                        }

                        t = dns_scope_find_transaction(scope, rr->key, false);
                        if (t)
                                dns_transaction_process_reply(t, p);

                        /* Also look for the various types of ANY transactions */
                        t = dns_scope_find_transaction(scope, &DNS_RESOURCE_KEY_CONST(rr->key->class, DNS_TYPE_ANY, dns_resource_key_name(rr->key)), false);
                        if (t)
                                dns_transaction_process_reply(t, p);

                        t = dns_scope_find_transaction(scope, &DNS_RESOURCE_KEY_CONST(DNS_CLASS_ANY, rr->key->type, dns_resource_key_name(rr->key)), false);
                        if (t)
                                dns_transaction_process_reply(t, p);

                        t = dns_scope_find_transaction(scope, &DNS_RESOURCE_KEY_CONST(DNS_CLASS_ANY, DNS_TYPE_ANY, dns_resource_key_name(rr->key)), false);
                        if (t)
                                dns_transaction_process_reply(t, p);
                }

                dns_cache_put(&scope->cache, NULL, DNS_PACKET_RCODE(p), p->answer, false, (uint32_t) -1, 0, p->family, &p->sender);

        } else if (dns_packet_validate_query(p) > 0)  {
                log_debug("Got mDNS query packet for id %u", DNS_PACKET_ID(p));

                r = mdns_scope_process_query(scope, p);
                if (r < 0) {
                        log_debug_errno(r, "mDNS query processing failed: %m");
                        return 0;
                }
        } else
                log_debug("Invalid mDNS UDP packet.");

        return 0;
}

int manager_mdns_ipv4_fd(Manager *m) {
        union sockaddr_union sa = {
                .in.sin_family = AF_INET,
                .in.sin_port = htobe16(MDNS_PORT),
        };
        static const int one = 1, pmtu = IP_PMTUDISC_DONT, ttl = 255;
        int r;

        assert(m);

        if (m->mdns_ipv4_fd >= 0)
                return m->mdns_ipv4_fd;

        m->mdns_ipv4_fd = socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
        if (m->mdns_ipv4_fd < 0)
                return log_error_errno(errno, "mDNS-IPv4: Failed to create socket: %m");

        r = setsockopt(m->mdns_ipv4_fd, IPPROTO_IP, IP_TTL, &ttl, sizeof(ttl));
        if (r < 0) {
                r = log_error_errno(errno, "mDNS-IPv4: Failed to set IP_TTL: %m");
                goto fail;
        }

        r = setsockopt(m->mdns_ipv4_fd, IPPROTO_IP, IP_MULTICAST_TTL, &ttl, sizeof(ttl));
        if (r < 0) {
                r = log_error_errno(errno, "mDNS-IPv4: Failed to set IP_MULTICAST_TTL: %m");
                goto fail;
        }

        r = setsockopt(m->mdns_ipv4_fd, IPPROTO_IP, IP_MULTICAST_LOOP, &one, sizeof(one));
        if (r < 0) {
                r = log_error_errno(errno, "mDNS-IPv4: Failed to set IP_MULTICAST_LOOP: %m");
                goto fail;
        }

        r = setsockopt(m->mdns_ipv4_fd, IPPROTO_IP, IP_PKTINFO, &one, sizeof(one));
        if (r < 0) {
                r = log_error_errno(errno, "mDNS-IPv4: Failed to set IP_PKTINFO: %m");
                goto fail;
        }

        r = setsockopt(m->mdns_ipv4_fd, IPPROTO_IP, IP_RECVTTL, &one, sizeof(one));
        if (r < 0) {
                r = log_error_errno(errno, "mDNS-IPv4: Failed to set IP_RECVTTL: %m");
                goto fail;
        }

        /* Disable Don't-Fragment bit in the IP header */
        r = setsockopt(m->mdns_ipv4_fd, IPPROTO_IP, IP_MTU_DISCOVER, &pmtu, sizeof(pmtu));
        if (r < 0) {
                r = log_error_errno(errno, "mDNS-IPv4: Failed to set IP_MTU_DISCOVER: %m");
                goto fail;
        }

        /* See the section 15.1 of RFC6762 */
        /* first try to bind without SO_REUSEADDR to detect another mDNS responder */
        r = bind(m->mdns_ipv4_fd, &sa.sa, sizeof(sa.in));
        if (r < 0) {
                if (errno != EADDRINUSE) {
                        r = log_error_errno(errno, "mDNS-IPv4: Failed to bind socket: %m");
                        goto fail;
                }

                log_warning("mDNS-IPv4: There appears to be another mDNS responder running, or previously systemd-resolved crashed with some outstanding transfers.");

                /* try again with SO_REUSEADDR */
                r = setsockopt(m->mdns_ipv4_fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));
                if (r < 0) {
                        r = log_error_errno(errno, "mDNS-IPv4: Failed to set SO_REUSEADDR: %m");
                        goto fail;
                }

                r = bind(m->mdns_ipv4_fd, &sa.sa, sizeof(sa.in));
                if (r < 0) {
                        r = log_error_errno(errno, "mDNS-IPv4: Failed to bind socket: %m");
                        goto fail;
                }
        } else {
                /* enable SO_REUSEADDR for the case that the user really wants multiple mDNS responders */
                r = setsockopt(m->mdns_ipv4_fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));
                if (r < 0) {
                        r = log_error_errno(errno, "mDNS-IPv4: Failed to set SO_REUSEADDR: %m");
                        goto fail;
                }
        }

        r = sd_event_add_io(m->event, &m->mdns_ipv4_event_source, m->mdns_ipv4_fd, EPOLLIN, on_mdns_packet, m);
        if (r < 0)
                goto fail;

        return m->mdns_ipv4_fd;

fail:
        m->mdns_ipv4_fd = safe_close(m->mdns_ipv4_fd);
        return r;
}

int manager_mdns_ipv6_fd(Manager *m) {
        union sockaddr_union sa = {
                .in6.sin6_family = AF_INET6,
                .in6.sin6_port = htobe16(MDNS_PORT),
        };
        static const int one = 1, ttl = 255;
        int r;

        assert(m);

        if (m->mdns_ipv6_fd >= 0)
                return m->mdns_ipv6_fd;

        m->mdns_ipv6_fd = socket(AF_INET6, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
        if (m->mdns_ipv6_fd < 0)
                return log_error_errno(errno, "mDNS-IPv6: Failed to create socket: %m");

        r = setsockopt(m->mdns_ipv6_fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &ttl, sizeof(ttl));
        if (r < 0) {
                r = log_error_errno(errno, "mDNS-IPv6: Failed to set IPV6_UNICAST_HOPS: %m");
                goto fail;
        }

        /* RFC 4795, section 2.5 recommends setting the TTL of UDP packets to 255. */
        r = setsockopt(m->mdns_ipv6_fd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, &ttl, sizeof(ttl));
        if (r < 0) {
                r = log_error_errno(errno, "mDNS-IPv6: Failed to set IPV6_MULTICAST_HOPS: %m");
                goto fail;
        }

        r = setsockopt(m->mdns_ipv6_fd, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, &one, sizeof(one));
        if (r < 0) {
                r = log_error_errno(errno, "mDNS-IPv6: Failed to set IPV6_MULTICAST_LOOP: %m");
                goto fail;
        }

        r = setsockopt(m->mdns_ipv6_fd, IPPROTO_IPV6, IPV6_V6ONLY, &one, sizeof(one));
        if (r < 0) {
                r = log_error_errno(errno, "mDNS-IPv6: Failed to set IPV6_V6ONLY: %m");
                goto fail;
        }

        r = setsockopt(m->mdns_ipv6_fd, IPPROTO_IPV6, IPV6_RECVPKTINFO, &one, sizeof(one));
        if (r < 0) {
                r = log_error_errno(errno, "mDNS-IPv6: Failed to set IPV6_RECVPKTINFO: %m");
                goto fail;
        }

        r = setsockopt(m->mdns_ipv6_fd, IPPROTO_IPV6, IPV6_RECVHOPLIMIT, &one, sizeof(one));
        if (r < 0) {
                r = log_error_errno(errno, "mDNS-IPv6: Failed to set IPV6_RECVHOPLIMIT: %m");
                goto fail;
        }

        /* See the section 15.1 of RFC6762 */
        /* first try to bind without SO_REUSEADDR to detect another mDNS responder */
        r = bind(m->mdns_ipv6_fd, &sa.sa, sizeof(sa.in6));
        if (r < 0) {
                if (errno != EADDRINUSE) {
                        r = log_error_errno(errno, "mDNS-IPv6: Failed to bind socket: %m");
                        goto fail;
                }

                log_warning("mDNS-IPv6: There appears to be another mDNS responder running, or previously systemd-resolved crashed with some outstanding transfers.");

                /* try again with SO_REUSEADDR */
                r = setsockopt(m->mdns_ipv6_fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));
                if (r < 0) {
                        r = log_error_errno(errno, "mDNS-IPv6: Failed to set SO_REUSEADDR: %m");
                        goto fail;
                }

                r = bind(m->mdns_ipv6_fd, &sa.sa, sizeof(sa.in6));
                if (r < 0) {
                        r = log_error_errno(errno, "mDNS-IPv6: Failed to bind socket: %m");
                        goto fail;
                }
        } else {
                /* enable SO_REUSEADDR for the case that the user really wants multiple mDNS responders */
                r = setsockopt(m->mdns_ipv6_fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));
                if (r < 0) {
                        r = log_error_errno(errno, "mDNS-IPv6: Failed to set SO_REUSEADDR: %m");
                        goto fail;
                }
        }

        r = sd_event_add_io(m->event, &m->mdns_ipv6_event_source, m->mdns_ipv6_fd, EPOLLIN, on_mdns_packet, m);
        if (r < 0)
                goto fail;

        return m->mdns_ipv6_fd;

fail:
        m->mdns_ipv6_fd = safe_close(m->mdns_ipv6_fd);
        return r;
}
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
bc7702b0 DM	2
	3	#include <resolv.h>
	4	#include <netinet/in.h>
	5	#include <arpa/inet.h>
	6
8d67e72c	7	#include "alloc-util.h"
bc7702b0 DM	8	#include "fd-util.h"
	9	#include "resolved-manager.h"
	10	#include "resolved-mdns.h"
	11
8d67e72c DR	12	#define CLEAR_CACHE_FLUSH(x) (~MDNS_RR_CACHE_FLUSH & (x))
8d67e72c DR	13
bc7702b0 DM	14	void manager_mdns_stop(Manager *m) {
	15	assert(m);
	16
	17	m->mdns_ipv4_event_source = sd_event_source_unref(m->mdns_ipv4_event_source);
	18	m->mdns_ipv4_fd = safe_close(m->mdns_ipv4_fd);
	19
	20	m->mdns_ipv6_event_source = sd_event_source_unref(m->mdns_ipv6_event_source);
	21	m->mdns_ipv6_fd = safe_close(m->mdns_ipv6_fd);
	22	}
	23
	24	int manager_mdns_start(Manager *m) {
	25	int r;
	26
	27	assert(m);
	28
af49ca27	29	if (m->mdns_support == RESOLVE_SUPPORT_NO)
bc7702b0 DM	30	return 0;
	31
	32	r = manager_mdns_ipv4_fd(m);
	33	if (r == -EADDRINUSE)
	34	goto eaddrinuse;
	35	if (r < 0)
	36	return r;
	37
	38	if (socket_ipv6_is_supported()) {
	39	r = manager_mdns_ipv6_fd(m);
	40	if (r == -EADDRINUSE)
	41	goto eaddrinuse;
	42	if (r < 0)
	43	return r;
	44	}
	45
	46	return 0;
	47
	48	eaddrinuse:
71a047d2	49	log_warning("Another mDNS responder prohibits binding the socket to the same port. Turning off mDNS support.");
af49ca27	50	m->mdns_support = RESOLVE_SUPPORT_NO;
bc7702b0 DM	51	manager_mdns_stop(m);
	52
	53	return 0;
	54	}
	55
93bab288 YW	56	static int mdns_rr_compare(DnsResourceRecord * const a, DnsResourceRecord const *b) {
93bab288 YW	57	DnsResourceRecord x = (DnsResourceRecord *) a, y = (DnsResourceRecord *) b;
8d67e72c DR	58	size_t m;
	59	int r;
	60
	61	assert(x);
8d67e72c	62	assert(y);
8d67e72c	63
93bab288 YW	64	r = CMP(CLEAR_CACHE_FLUSH(x->key->class), CLEAR_CACHE_FLUSH(y->key->class));
	65	if (r != 0)
	66	return r;
8d67e72c	67
93bab288 YW	68	r = CMP(x->key->type, y->key->type);
	69	if (r != 0)
	70	return r;
8d67e72c	71
93bab288	72	r = dns_resource_record_to_wire_format(x, false);
8d67e72c DR	73	if (r < 0) {
	74	log_warning_errno(r, "Can't wire-format RR: %m");
	75	return 0;
	76	}
	77
93bab288	78	r = dns_resource_record_to_wire_format(y, false);
8d67e72c DR	79	if (r < 0) {
	80	log_warning_errno(r, "Can't wire-format RR: %m");
	81	return 0;
	82	}
	83
93bab288	84	m = MIN(DNS_RESOURCE_RECORD_RDATA_SIZE(x), DNS_RESOURCE_RECORD_RDATA_SIZE(y));
8d67e72c	85
93bab288	86	r = memcmp(DNS_RESOURCE_RECORD_RDATA(x), DNS_RESOURCE_RECORD_RDATA(y), m);
8d67e72c DR	87	if (r != 0)
	88	return r;
	89
93bab288	90	return CMP(DNS_RESOURCE_RECORD_RDATA_SIZE(x), DNS_RESOURCE_RECORD_RDATA_SIZE(y));
8d67e72c DR	91	}
	92
	93	static int proposed_rrs_cmp(DnsResourceRecord x, unsigned x_size, DnsResourceRecord y, unsigned y_size) {
	94	unsigned m;
	95	int r;
	96
	97	m = MIN(x_size, y_size);
	98	for (unsigned i = 0; i < m; i++) {
	99	r = mdns_rr_compare(&x[i], &y[i]);
	100	if (r != 0)
	101	return r;
	102	}
	103
	104	if (x_size < y_size)
	105	return -1;
	106	if (x_size > y_size)
	107	return 1;
	108
	109	return 0;
	110	}
	111
	112	static int mdns_packet_extract_matching_rrs(DnsPacket p, DnsResourceKey key, DnsResourceRecord ***ret_rrs) {
	113	_cleanup_free_ DnsResourceRecord **list = NULL;
	114	unsigned n = 0, size = 0;
	115	int r;
	116
	117	assert(p);
	118	assert(key);
	119	assert(ret_rrs);
	120	assert_return(DNS_PACKET_NSCOUNT(p) > 0, -EINVAL);
	121
da6053d0	122	for (size_t i = DNS_PACKET_ANCOUNT(p); i < (DNS_PACKET_ANCOUNT(p) + DNS_PACKET_NSCOUNT(p)); i++) {
8d67e72c DR	123	r = dns_resource_key_match_rr(key, p->answer->items[i].rr, NULL);
	124	if (r < 0)
	125	return r;
	126	if (r > 0)
	127	size++;
	128	}
	129
	130	if (size == 0)
	131	return 0;
	132
	133	list = new(DnsResourceRecord *, size);
	134	if (!list)
	135	return -ENOMEM;
	136
da6053d0	137	for (size_t i = DNS_PACKET_ANCOUNT(p); i < (DNS_PACKET_ANCOUNT(p) + DNS_PACKET_NSCOUNT(p)); i++) {
8d67e72c DR	138	r = dns_resource_key_match_rr(key, p->answer->items[i].rr, NULL);
	139	if (r < 0)
	140	return r;
	141	if (r > 0)
	142	list[n++] = p->answer->items[i].rr;
	143	}
	144	assert(n == size);
93bab288	145	typesafe_qsort(list, size, mdns_rr_compare);
8d67e72c	146
1cc6c93a	147	*ret_rrs = TAKE_PTR(list);
8d67e72c DR	148
	149	return size;
	150	}
	151
	152	static int mdns_do_tiebreak(DnsResourceKey key, DnsAnswer answer, DnsPacket *p) {
	153	_cleanup_free_ DnsResourceRecord our = NULL, remote = NULL;
	154	DnsResourceRecord *rr;
da6053d0	155	size_t i = 0, size;
8d67e72c DR	156	int r;
	157
	158	size = dns_answer_size(answer);
	159	our = new(DnsResourceRecord *, size);
	160	if (!our)
	161	return -ENOMEM;
	162
	163	DNS_ANSWER_FOREACH(rr, answer)
	164	our[i++] = rr;
93bab288 YW	165
93bab288 YW	166	typesafe_qsort(our, size, mdns_rr_compare);
8d67e72c DR	167
	168	r = mdns_packet_extract_matching_rrs(p, key, &remote);
	169	if (r < 0)
	170	return r;
	171
	172	assert(r > 0);
	173
	174	if (proposed_rrs_cmp(remote, r, our, size) > 0)
	175	return 1;
	176
	177	return 0;
	178	}
	179
3b991089	180	static int mdns_scope_process_query(DnsScope s, DnsPacket p) {
9c5e7b73	181	_cleanup_(dns_answer_unrefp) DnsAnswer *full_answer = NULL;
3b991089 DR	182	_cleanup_(dns_packet_unrefp) DnsPacket *reply = NULL;
3b991089 DR	183	DnsResourceKey *key = NULL;
8d67e72c	184	DnsResourceRecord *rr;
3b991089 DR	185	bool tentative = false;
	186	int r;
	187
	188	assert(s);
	189	assert(p);
	190
	191	r = dns_packet_extract(p);
1a63fc54 LP	192	if (r < 0)
1a63fc54 LP	193	return log_debug_errno(r, "Failed to extract resource records from incoming packet: %m");
3b991089	194
3b991089	195	assert_return((dns_question_size(p->question) > 0), -EINVAL);
3b991089	196
9c5e7b73 DR	197	DNS_QUESTION_FOREACH(key, p->question) {
	198	_cleanup_(dns_answer_unrefp) DnsAnswer answer = NULL, soa = NULL;
	199
	200	r = dns_zone_lookup(&s->zone, key, 0, &answer, &soa, &tentative);
	201	if (r < 0)
	202	return log_debug_errno(r, "Failed to lookup key: %m");
	203
8d67e72c DR	204	if (tentative && DNS_PACKET_NSCOUNT(p) > 0) {
	205	/*
	206	* A race condition detected with the probe packet from
	207	* a remote host.
	208	* Do simultaneous probe tiebreaking as described in
	209	* RFC 6762, Section 8.2. In case we lost don't reply
	210	* the question and withdraw conflicting RRs.
	211	*/
	212	r = mdns_do_tiebreak(key, answer, p);
	213	if (r < 0)
	214	return log_debug_errno(r, "Failed to do tiebreaking");
	215
	216	if (r > 0) { /* we lost */
	217	DNS_ANSWER_FOREACH(rr, answer) {
	218	DnsZoneItem *i;
	219
	220	i = dns_zone_get(&s->zone, rr);
	221	if (i)
	222	dns_zone_item_conflict(i);
	223	}
	224
	225	continue;
	226	}
	227	}
	228
9c5e7b73 DR	229	r = dns_answer_extend(&full_answer, answer);
	230	if (r < 0)
	231	return log_debug_errno(r, "Failed to extend answer: %m");
	232	}
	233
	234	if (dns_answer_isempty(full_answer))
3b991089 DR	235	return 0;
3b991089 DR	236
9c5e7b73	237	r = dns_scope_make_reply_packet(s, DNS_PACKET_ID(p), DNS_RCODE_SUCCESS, NULL, full_answer, NULL, false, &reply);
9886b6b1 LP	238	if (r < 0)
9886b6b1 LP	239	return log_debug_errno(r, "Failed to build reply packet: %m");
3b991089	240
7994ac1d	241	if (!ratelimit_below(&s->ratelimit))
3b991089 DR	242	return 0;
	243
	244	r = dns_scope_emit_udp(s, -1, reply);
9886b6b1 LP	245	if (r < 0)
9886b6b1 LP	246	return log_debug_errno(r, "Failed to send reply packet: %m");
3b991089 DR	247
	248	return 0;
	249	}
	250
bc7702b0	251	static int on_mdns_packet(sd_event_source s, int fd, uint32_t revents, void userdata) {
124602ae DM	252	_cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
	253	Manager *m = userdata;
	254	DnsScope *scope;
	255	int r;
	256
	257	r = manager_recv(m, fd, DNS_PROTOCOL_MDNS, &p);
	258	if (r <= 0)
	259	return r;
	260
cfb17f45 DR	261	if (manager_our_packet(m, p))
	262	return 0;
	263
124602ae DM	264	scope = manager_find_scope(m, p);
124602ae DM	265	if (!scope) {
f1b1a5c4	266	log_debug("Got mDNS UDP packet on unknown scope. Ignoring.");
124602ae DM	267	return 0;
	268	}
	269
	270	if (dns_packet_validate_reply(p) > 0) {
40fa4728	271	DnsResourceRecord *rr;
124602ae DM	272
	273	log_debug("Got mDNS reply packet");
	274
	275	/*
	276	* mDNS is different from regular DNS and LLMNR with regard to handling responses.
	277	* While on other protocols, we can ignore every answer that doesn't match a question
	278	* we broadcast earlier, RFC6762, section 18.1 recommends looking at and caching all
	279	* incoming information, regardless of the DNS packet ID.
	280	*
	281	* Hence, extract the packet here, and try to find a transaction for answer the we got
	282	* and complete it. Also store the new information in scope's cache.
	283	*/
	284	r = dns_packet_extract(p);
	285	if (r < 0) {
	286	log_debug("mDNS packet extraction failed.");
	287	return 0;
	288	}
	289
	290	dns_scope_check_conflicts(scope, p);
	291
40fa4728	292	DNS_ANSWER_FOREACH(rr, p->answer) {
1c02e7ba	293	const char *name = dns_resource_key_name(rr->key);
124602ae DM	294	DnsTransaction *t;
124602ae DM	295
40fa4728 DM	296	/* If the received reply packet contains ANY record that is not .local or .in-addr.arpa,
	297	* we assume someone's playing tricks on us and discard the packet completely. */
	298	if (!(dns_name_endswith(name, "in-addr.arpa") > 0 \|\|
	299	dns_name_endswith(name, "local") > 0))
	300	return 0;
124602ae	301
3755027c DR	302	if (rr->ttl == 0) {
	303	log_debug("Got a goodbye packet");
	304	/* See the section 10.1 of RFC6762 */
	305	rr->ttl = 1;
	306	}
	307
124602ae DM	308	t = dns_scope_find_transaction(scope, rr->key, false);
124602ae DM	309	if (t)
48413582 LP	310	dns_transaction_process_reply(t, p);
	311
	312	/* Also look for the various types of ANY transactions */
	313	t = dns_scope_find_transaction(scope, &DNS_RESOURCE_KEY_CONST(rr->key->class, DNS_TYPE_ANY, dns_resource_key_name(rr->key)), false);
	314	if (t)
	315	dns_transaction_process_reply(t, p);
	316
	317	t = dns_scope_find_transaction(scope, &DNS_RESOURCE_KEY_CONST(DNS_CLASS_ANY, rr->key->type, dns_resource_key_name(rr->key)), false);
	318	if (t)
	319	dns_transaction_process_reply(t, p);
	320
	321	t = dns_scope_find_transaction(scope, &DNS_RESOURCE_KEY_CONST(DNS_CLASS_ANY, DNS_TYPE_ANY, dns_resource_key_name(rr->key)), false);
	322	if (t)
124602ae DM	323	dns_transaction_process_reply(t, p);
	324	}
	325
d3760be0	326	dns_cache_put(&scope->cache, NULL, DNS_PACKET_RCODE(p), p->answer, false, (uint32_t) -1, 0, p->family, &p->sender);
124602ae DM	327
	328	} else if (dns_packet_validate_query(p) > 0) {
	329	log_debug("Got mDNS query packet for id %u", DNS_PACKET_ID(p));
	330
3b991089 DR	331	r = mdns_scope_process_query(scope, p);
3b991089 DR	332	if (r < 0) {
1a63fc54	333	log_debug_errno(r, "mDNS query processing failed: %m");
3b991089 DR	334	return 0;
3b991089 DR	335	}
124602ae DM	336	} else
	337	log_debug("Invalid mDNS UDP packet.");
	338
bc7702b0 DM	339	return 0;
	340	}
	341
	342	int manager_mdns_ipv4_fd(Manager *m) {
	343	union sockaddr_union sa = {
	344	.in.sin_family = AF_INET,
	345	.in.sin_port = htobe16(MDNS_PORT),
	346	};
	347	static const int one = 1, pmtu = IP_PMTUDISC_DONT, ttl = 255;
	348	int r;
	349
	350	assert(m);
	351
	352	if (m->mdns_ipv4_fd >= 0)
	353	return m->mdns_ipv4_fd;
	354
	355	m->mdns_ipv4_fd = socket(AF_INET, SOCK_DGRAM\|SOCK_CLOEXEC\|SOCK_NONBLOCK, 0);
	356	if (m->mdns_ipv4_fd < 0)
71a047d2	357	return log_error_errno(errno, "mDNS-IPv4: Failed to create socket: %m");
bc7702b0 DM	358
	359	r = setsockopt(m->mdns_ipv4_fd, IPPROTO_IP, IP_TTL, &ttl, sizeof(ttl));
	360	if (r < 0) {
71a047d2	361	r = log_error_errno(errno, "mDNS-IPv4: Failed to set IP_TTL: %m");
bc7702b0 DM	362	goto fail;
	363	}
	364
	365	r = setsockopt(m->mdns_ipv4_fd, IPPROTO_IP, IP_MULTICAST_TTL, &ttl, sizeof(ttl));
	366	if (r < 0) {
71a047d2	367	r = log_error_errno(errno, "mDNS-IPv4: Failed to set IP_MULTICAST_TTL: %m");
bc7702b0 DM	368	goto fail;
	369	}
	370
	371	r = setsockopt(m->mdns_ipv4_fd, IPPROTO_IP, IP_MULTICAST_LOOP, &one, sizeof(one));
	372	if (r < 0) {
71a047d2	373	r = log_error_errno(errno, "mDNS-IPv4: Failed to set IP_MULTICAST_LOOP: %m");
bc7702b0 DM	374	goto fail;
	375	}
	376
	377	r = setsockopt(m->mdns_ipv4_fd, IPPROTO_IP, IP_PKTINFO, &one, sizeof(one));
	378	if (r < 0) {
71a047d2	379	r = log_error_errno(errno, "mDNS-IPv4: Failed to set IP_PKTINFO: %m");
bc7702b0 DM	380	goto fail;
	381	}
	382
	383	r = setsockopt(m->mdns_ipv4_fd, IPPROTO_IP, IP_RECVTTL, &one, sizeof(one));
	384	if (r < 0) {
71a047d2	385	r = log_error_errno(errno, "mDNS-IPv4: Failed to set IP_RECVTTL: %m");
bc7702b0 DM	386	goto fail;
	387	}
	388
	389	/* Disable Don't-Fragment bit in the IP header */
	390	r = setsockopt(m->mdns_ipv4_fd, IPPROTO_IP, IP_MTU_DISCOVER, &pmtu, sizeof(pmtu));
	391	if (r < 0) {
71a047d2	392	r = log_error_errno(errno, "mDNS-IPv4: Failed to set IP_MTU_DISCOVER: %m");
bc7702b0 DM	393	goto fail;
	394	}
	395
71a047d2 YW	396	/* See the section 15.1 of RFC6762 */
71a047d2 YW	397	/* first try to bind without SO_REUSEADDR to detect another mDNS responder */
bc7702b0 DM	398	r = bind(m->mdns_ipv4_fd, &sa.sa, sizeof(sa.in));
bc7702b0 DM	399	if (r < 0) {
71a047d2 YW	400	if (errno != EADDRINUSE) {
	401	r = log_error_errno(errno, "mDNS-IPv4: Failed to bind socket: %m");
	402	goto fail;
	403	}
	404
	405	log_warning("mDNS-IPv4: There appears to be another mDNS responder running, or previously systemd-resolved crashed with some outstanding transfers.");
	406
	407	/* try again with SO_REUSEADDR */
	408	r = setsockopt(m->mdns_ipv4_fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));
	409	if (r < 0) {
	410	r = log_error_errno(errno, "mDNS-IPv4: Failed to set SO_REUSEADDR: %m");
	411	goto fail;
	412	}
	413
	414	r = bind(m->mdns_ipv4_fd, &sa.sa, sizeof(sa.in));
	415	if (r < 0) {
	416	r = log_error_errno(errno, "mDNS-IPv4: Failed to bind socket: %m");
	417	goto fail;
	418	}
	419	} else {
	420	/* enable SO_REUSEADDR for the case that the user really wants multiple mDNS responders */
	421	r = setsockopt(m->mdns_ipv4_fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));
	422	if (r < 0) {
	423	r = log_error_errno(errno, "mDNS-IPv4: Failed to set SO_REUSEADDR: %m");
	424	goto fail;
	425	}
bc7702b0 DM	426	}
	427
	428	r = sd_event_add_io(m->event, &m->mdns_ipv4_event_source, m->mdns_ipv4_fd, EPOLLIN, on_mdns_packet, m);
	429	if (r < 0)
	430	goto fail;
	431
	432	return m->mdns_ipv4_fd;
	433
	434	fail:
	435	m->mdns_ipv4_fd = safe_close(m->mdns_ipv4_fd);
	436	return r;
	437	}
	438
	439	int manager_mdns_ipv6_fd(Manager *m) {
	440	union sockaddr_union sa = {
	441	.in6.sin6_family = AF_INET6,
	442	.in6.sin6_port = htobe16(MDNS_PORT),
	443	};
	444	static const int one = 1, ttl = 255;
	445	int r;
	446
	447	assert(m);
	448
	449	if (m->mdns_ipv6_fd >= 0)
	450	return m->mdns_ipv6_fd;
	451
	452	m->mdns_ipv6_fd = socket(AF_INET6, SOCK_DGRAM\|SOCK_CLOEXEC\|SOCK_NONBLOCK, 0);
	453	if (m->mdns_ipv6_fd < 0)
71a047d2	454	return log_error_errno(errno, "mDNS-IPv6: Failed to create socket: %m");
bc7702b0 DM	455
	456	r = setsockopt(m->mdns_ipv6_fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &ttl, sizeof(ttl));
	457	if (r < 0) {
71a047d2	458	r = log_error_errno(errno, "mDNS-IPv6: Failed to set IPV6_UNICAST_HOPS: %m");
bc7702b0 DM	459	goto fail;
	460	}
	461
	462	/* RFC 4795, section 2.5 recommends setting the TTL of UDP packets to 255. */
	463	r = setsockopt(m->mdns_ipv6_fd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, &ttl, sizeof(ttl));
	464	if (r < 0) {
71a047d2	465	r = log_error_errno(errno, "mDNS-IPv6: Failed to set IPV6_MULTICAST_HOPS: %m");
bc7702b0 DM	466	goto fail;
	467	}
	468
	469	r = setsockopt(m->mdns_ipv6_fd, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, &one, sizeof(one));
	470	if (r < 0) {
71a047d2	471	r = log_error_errno(errno, "mDNS-IPv6: Failed to set IPV6_MULTICAST_LOOP: %m");
bc7702b0 DM	472	goto fail;
	473	}
	474
	475	r = setsockopt(m->mdns_ipv6_fd, IPPROTO_IPV6, IPV6_V6ONLY, &one, sizeof(one));
	476	if (r < 0) {
71a047d2	477	r = log_error_errno(errno, "mDNS-IPv6: Failed to set IPV6_V6ONLY: %m");
bc7702b0 DM	478	goto fail;
	479	}
	480
	481	r = setsockopt(m->mdns_ipv6_fd, IPPROTO_IPV6, IPV6_RECVPKTINFO, &one, sizeof(one));
	482	if (r < 0) {
71a047d2	483	r = log_error_errno(errno, "mDNS-IPv6: Failed to set IPV6_RECVPKTINFO: %m");
bc7702b0 DM	484	goto fail;
	485	}
	486
	487	r = setsockopt(m->mdns_ipv6_fd, IPPROTO_IPV6, IPV6_RECVHOPLIMIT, &one, sizeof(one));
	488	if (r < 0) {
71a047d2	489	r = log_error_errno(errno, "mDNS-IPv6: Failed to set IPV6_RECVHOPLIMIT: %m");
bc7702b0 DM	490	goto fail;
	491	}
	492
71a047d2 YW	493	/* See the section 15.1 of RFC6762 */
71a047d2 YW	494	/* first try to bind without SO_REUSEADDR to detect another mDNS responder */
bc7702b0 DM	495	r = bind(m->mdns_ipv6_fd, &sa.sa, sizeof(sa.in6));
bc7702b0 DM	496	if (r < 0) {
71a047d2 YW	497	if (errno != EADDRINUSE) {
	498	r = log_error_errno(errno, "mDNS-IPv6: Failed to bind socket: %m");
	499	goto fail;
	500	}
	501
	502	log_warning("mDNS-IPv6: There appears to be another mDNS responder running, or previously systemd-resolved crashed with some outstanding transfers.");
	503
	504	/* try again with SO_REUSEADDR */
	505	r = setsockopt(m->mdns_ipv6_fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));
	506	if (r < 0) {
	507	r = log_error_errno(errno, "mDNS-IPv6: Failed to set SO_REUSEADDR: %m");
	508	goto fail;
	509	}
	510
	511	r = bind(m->mdns_ipv6_fd, &sa.sa, sizeof(sa.in6));
	512	if (r < 0) {
	513	r = log_error_errno(errno, "mDNS-IPv6: Failed to bind socket: %m");
	514	goto fail;
	515	}
	516	} else {
	517	/* enable SO_REUSEADDR for the case that the user really wants multiple mDNS responders */
	518	r = setsockopt(m->mdns_ipv6_fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));
	519	if (r < 0) {
	520	r = log_error_errno(errno, "mDNS-IPv6: Failed to set SO_REUSEADDR: %m");
	521	goto fail;
	522	}
bc7702b0 DM	523	}
	524
	525	r = sd_event_add_io(m->event, &m->mdns_ipv6_event_source, m->mdns_ipv6_fd, EPOLLIN, on_mdns_packet, m);
ee8d9305	526	if (r < 0)
bc7702b0	527	goto fail;
bc7702b0 DM	528
	529	return m->mdns_ipv6_fd;
	530
	531	fail:
	532	m->mdns_ipv6_fd = safe_close(m->mdns_ipv6_fd);
	533	return r;
	534	}