]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolved-dns-stub.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #17185 from yuwata/ethtool-update
[thirdparty/systemd.git] / src / resolve / resolved-dns-stub.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2
3 #include <net/if_arp.h>
4
5 #include "errno-util.h"
6 #include "fd-util.h"
7 #include "missing_network.h"
8 #include "missing_socket.h"
9 #include "resolved-dns-stub.h"
10 #include "socket-netlink.h"
11 #include "socket-util.h"
12 #include "string-table.h"
13
14 /* The MTU of the loopback device is 64K on Linux, advertise that as maximum datagram size, but subtract the Ethernet,
15 * IP and UDP header sizes */
16 #define ADVERTISE_DATAGRAM_SIZE_MAX (65536U-14U-20U-8U)
17
18 static int manager_dns_stub_fd_extra(Manager *m, DnsStubListenerExtra *l, int type);
19
20 static void dns_stub_listener_extra_hash_func(const DnsStubListenerExtra *a, struct siphash *state) {
21 assert(a);
22
23 siphash24_compress(&a->mode, sizeof(a->mode), state);
24 siphash24_compress(&a->family, sizeof(a->family), state);
25 siphash24_compress(&a->address, FAMILY_ADDRESS_SIZE(a->family), state);
26 siphash24_compress(&a->port, sizeof(a->port), state);
27 }
28
29 static int dns_stub_listener_extra_compare_func(const DnsStubListenerExtra *a, const DnsStubListenerExtra *b) {
30 int r;
31
32 assert(a);
33 assert(b);
34
35 r = CMP(a->mode, b->mode);
36 if (r != 0)
37 return r;
38
39 r = CMP(a->family, b->family);
40 if (r != 0)
41 return r;
42
43 r = memcmp(&a->address, &b->address, FAMILY_ADDRESS_SIZE(a->family));
44 if (r != 0)
45 return r;
46
47 return CMP(a->port, b->port);
48 }
49
50 DEFINE_HASH_OPS_WITH_KEY_DESTRUCTOR(
51 dns_stub_listener_extra_hash_ops,
52 DnsStubListenerExtra,
53 dns_stub_listener_extra_hash_func,
54 dns_stub_listener_extra_compare_func,
55 dns_stub_listener_extra_free);
56
57 int dns_stub_listener_extra_new(
58 Manager *m,
59 DnsStubListenerExtra **ret) {
60
61 DnsStubListenerExtra *l;
62
63 l = new(DnsStubListenerExtra, 1);
64 if (!l)
65 return -ENOMEM;
66
67 *l = (DnsStubListenerExtra) {
68 .manager = m,
69 };
70
71 *ret = TAKE_PTR(l);
72 return 0;
73 }
74
75 DnsStubListenerExtra *dns_stub_listener_extra_free(DnsStubListenerExtra *p) {
76 if (!p)
77 return NULL;
78
79 p->udp_event_source = sd_event_source_unref(p->udp_event_source);
80 p->tcp_event_source = sd_event_source_unref(p->tcp_event_source);
81
82 return mfree(p);
83 }
84
85 static int dns_stub_make_reply_packet(
86 DnsPacket **p,
87 size_t max_size,
88 DnsQuestion *q,
89 DnsAnswer *answer,
90 bool *ret_truncated) {
91
92 bool truncated = false;
93 DnsResourceRecord *rr;
94 unsigned c = 0;
95 int r;
96
97 assert(p);
98
99 /* Note that we don't bother with any additional RRs, as this is stub is for local lookups only, and hence
100 * roundtrips aren't expensive. */
101
102 if (!*p) {
103 r = dns_packet_new(p, DNS_PROTOCOL_DNS, 0, max_size);
104 if (r < 0)
105 return r;
106
107 r = dns_packet_append_question(*p, q);
108 if (r < 0)
109 return r;
110
111 DNS_PACKET_HEADER(*p)->qdcount = htobe16(dns_question_size(q));
112 }
113
114 DNS_ANSWER_FOREACH(rr, answer) {
115
116 r = dns_question_matches_rr(q, rr, NULL);
117 if (r < 0)
118 return r;
119 if (r > 0)
120 goto add;
121
122 r = dns_question_matches_cname_or_dname(q, rr, NULL);
123 if (r < 0)
124 return r;
125 if (r > 0)
126 goto add;
127
128 continue;
129 add:
130 r = dns_packet_append_rr(*p, rr, 0, NULL, NULL);
131 if (r == -EMSGSIZE) {
132 truncated = true;
133 break;
134 }
135 if (r < 0)
136 return r;
137
138 c++;
139 }
140
141 if (ret_truncated)
142 *ret_truncated = truncated;
143 else if (truncated)
144 return -EMSGSIZE;
145
146 DNS_PACKET_HEADER(*p)->ancount = htobe16(be16toh(DNS_PACKET_HEADER(*p)->ancount) + c);
147
148 return 0;
149 }
150
151 static int dns_stub_finish_reply_packet(
152 DnsPacket *p,
153 uint16_t id,
154 int rcode,
155 bool tc, /* set the Truncated bit? */
156 bool add_opt, /* add an OPT RR to this packet? */
157 bool edns0_do, /* set the EDNS0 DNSSEC OK bit? */
158 bool ad) { /* set the DNSSEC authenticated data bit? */
159
160 int r;
161
162 assert(p);
163
164 if (add_opt) {
165 r = dns_packet_append_opt(p, ADVERTISE_DATAGRAM_SIZE_MAX, edns0_do, /* include_rfc6975 = */ false, rcode, NULL);
166 if (r == -EMSGSIZE) /* Hit the size limit? then indicate truncation */
167 tc = true;
168 else if (r < 0)
169 return r;
170
171 } else {
172 /* If the client can't to EDNS0, don't do DO either */
173 edns0_do = false;
174
175 /* If the client didn't do EDNS, clamp the rcode to 4 bit */
176 if (rcode > 0xF)
177 rcode = DNS_RCODE_SERVFAIL;
178 }
179
180 /* Don't set the AD bit unless DO is on, too */
181 if (!edns0_do)
182 ad = false;
183
184 DNS_PACKET_HEADER(p)->id = id;
185
186 DNS_PACKET_HEADER(p)->flags = htobe16(DNS_PACKET_MAKE_FLAGS(
187 1 /* qr */,
188 0 /* opcode */,
189 0 /* aa */,
190 tc /* tc */,
191 1 /* rd */,
192 1 /* ra */,
193 ad /* ad */,
194 0 /* cd */,
195 rcode));
196
197 return 0;
198 }
199
200 static int dns_stub_send(
201 Manager *m,
202 DnsStubListenerExtra *l,
203 DnsStream *s,
204 DnsPacket *p,
205 DnsPacket *reply) {
206
207 int r;
208
209 assert(m);
210 assert(p);
211 assert(reply);
212
213 if (s)
214 r = dns_stream_write_packet(s, reply);
215 else
216 /* Note that it is essential here that we explicitly choose the source IP address for this packet. This
217 * is because otherwise the kernel will choose it automatically based on the routing table and will
218 * thus pick 127.0.0.1 rather than 127.0.0.53. */
219 r = manager_send(m,
220 manager_dns_stub_fd_extra(m, l, SOCK_DGRAM),
221 l ? p->ifindex : LOOPBACK_IFINDEX, /* force loopback iface if this is the main listener stub */
222 p->family, &p->sender, p->sender_port, &p->destination,
223 reply);
224 if (r < 0)
225 return log_debug_errno(r, "Failed to send reply packet: %m");
226
227 return 0;
228 }
229
230 static int dns_stub_send_failure(
231 Manager *m,
232 DnsStubListenerExtra *l,
233 DnsStream *s,
234 DnsPacket *p,
235 int rcode,
236 bool authenticated) {
237
238 _cleanup_(dns_packet_unrefp) DnsPacket *reply = NULL;
239 int r;
240
241 assert(m);
242 assert(p);
243
244 r = dns_stub_make_reply_packet(&reply, DNS_PACKET_PAYLOAD_SIZE_MAX(p), p->question, NULL, NULL);
245 if (r < 0)
246 return log_debug_errno(r, "Failed to make failure packet: %m");
247
248 r = dns_stub_finish_reply_packet(reply, DNS_PACKET_ID(p), rcode, false, !!p->opt, DNS_PACKET_DO(p), authenticated);
249 if (r < 0)
250 return log_debug_errno(r, "Failed to build failure packet: %m");
251
252 return dns_stub_send(m, l, s, p, reply);
253 }
254
255 static void dns_stub_query_complete(DnsQuery *q) {
256 int r;
257
258 assert(q);
259 assert(q->request_dns_packet);
260
261 switch (q->state) {
262
263 case DNS_TRANSACTION_SUCCESS: {
264 bool truncated;
265
266 r = dns_stub_make_reply_packet(&q->reply_dns_packet, DNS_PACKET_PAYLOAD_SIZE_MAX(q->request_dns_packet), q->question_idna, q->answer, &truncated);
267 if (r < 0) {
268 log_debug_errno(r, "Failed to build reply packet: %m");
269 break;
270 }
271
272 if (!truncated) {
273 r = dns_query_process_cname(q);
274 if (r == -ELOOP) {
275 (void) dns_stub_send_failure(q->manager, q->stub_listener_extra, q->request_dns_stream, q->request_dns_packet, DNS_RCODE_SERVFAIL, false);
276 break;
277 }
278 if (r < 0) {
279 log_debug_errno(r, "Failed to process CNAME: %m");
280 break;
281 }
282 if (r == DNS_QUERY_RESTARTED)
283 return;
284 }
285
286 r = dns_stub_finish_reply_packet(
287 q->reply_dns_packet,
288 DNS_PACKET_ID(q->request_dns_packet),
289 q->answer_rcode,
290 truncated,
291 !!q->request_dns_packet->opt,
292 DNS_PACKET_DO(q->request_dns_packet),
293 dns_query_fully_authenticated(q));
294 if (r < 0) {
295 log_debug_errno(r, "Failed to finish reply packet: %m");
296 break;
297 }
298
299 (void) dns_stub_send(q->manager, q->stub_listener_extra, q->request_dns_stream, q->request_dns_packet, q->reply_dns_packet);
300 break;
301 }
302
303 case DNS_TRANSACTION_RCODE_FAILURE:
304 (void) dns_stub_send_failure(q->manager, q->stub_listener_extra, q->request_dns_stream, q->request_dns_packet, q->answer_rcode, dns_query_fully_authenticated(q));
305 break;
306
307 case DNS_TRANSACTION_NOT_FOUND:
308 (void) dns_stub_send_failure(q->manager, q->stub_listener_extra, q->request_dns_stream, q->request_dns_packet, DNS_RCODE_NXDOMAIN, dns_query_fully_authenticated(q));
309 break;
310
311 case DNS_TRANSACTION_TIMEOUT:
312 case DNS_TRANSACTION_ATTEMPTS_MAX_REACHED:
313 /* Propagate a timeout as a no packet, i.e. that the client also gets a timeout */
314 break;
315
316 case DNS_TRANSACTION_NO_SERVERS:
317 case DNS_TRANSACTION_INVALID_REPLY:
318 case DNS_TRANSACTION_ERRNO:
319 case DNS_TRANSACTION_ABORTED:
320 case DNS_TRANSACTION_DNSSEC_FAILED:
321 case DNS_TRANSACTION_NO_TRUST_ANCHOR:
322 case DNS_TRANSACTION_RR_TYPE_UNSUPPORTED:
323 case DNS_TRANSACTION_NETWORK_DOWN:
324 (void) dns_stub_send_failure(q->manager, q->stub_listener_extra, q->request_dns_stream, q->request_dns_packet, DNS_RCODE_SERVFAIL, false);
325 break;
326
327 case DNS_TRANSACTION_NULL:
328 case DNS_TRANSACTION_PENDING:
329 case DNS_TRANSACTION_VALIDATING:
330 default:
331 assert_not_reached("Impossible state");
332 }
333
334 dns_query_free(q);
335 }
336
337 static int dns_stub_stream_complete(DnsStream *s, int error) {
338 assert(s);
339
340 log_debug_errno(error, "DNS TCP connection terminated, destroying queries: %m");
341
342 for (;;) {
343 DnsQuery *q;
344
345 q = set_first(s->queries);
346 if (!q)
347 break;
348
349 dns_query_free(q);
350 }
351
352 /* This drops the implicit ref we keep around since it was allocated, as incoming stub connections
353 * should be kept as long as the client wants to. */
354 dns_stream_unref(s);
355 return 0;
356 }
357
358 static void dns_stub_process_query(Manager *m, DnsStubListenerExtra *l, DnsStream *s, DnsPacket *p) {
359 _cleanup_(dns_query_freep) DnsQuery *q = NULL;
360 int r;
361
362 assert(m);
363 assert(p);
364 assert(p->protocol == DNS_PROTOCOL_DNS);
365
366 if (!l && /* l == NULL if this is the main stub */
367 (in_addr_is_localhost(p->family, &p->sender) <= 0 ||
368 in_addr_is_localhost(p->family, &p->destination) <= 0)) {
369 log_error("Got packet on unexpected IP range, refusing.");
370 dns_stub_send_failure(m, l, s, p, DNS_RCODE_SERVFAIL, false);
371 return;
372 }
373
374 r = dns_packet_extract(p);
375 if (r < 0) {
376 log_debug_errno(r, "Failed to extract resources from incoming packet, ignoring packet: %m");
377 dns_stub_send_failure(m, l, s, p, DNS_RCODE_FORMERR, false);
378 return;
379 }
380
381 if (!DNS_PACKET_VERSION_SUPPORTED(p)) {
382 log_debug("Got EDNS OPT field with unsupported version number.");
383 dns_stub_send_failure(m, l, s, p, DNS_RCODE_BADVERS, false);
384 return;
385 }
386
387 if (dns_type_is_obsolete(p->question->keys[0]->type)) {
388 log_debug("Got message with obsolete key type, refusing.");
389 dns_stub_send_failure(m, l, s, p, DNS_RCODE_NOTIMP, false);
390 return;
391 }
392
393 if (dns_type_is_zone_transer(p->question->keys[0]->type)) {
394 log_debug("Got request for zone transfer, refusing.");
395 dns_stub_send_failure(m, l, s, p, DNS_RCODE_NOTIMP, false);
396 return;
397 }
398
399 if (!DNS_PACKET_RD(p)) {
400 /* If the "rd" bit is off (i.e. recursion was not requested), then refuse operation */
401 log_debug("Got request with recursion disabled, refusing.");
402 dns_stub_send_failure(m, l, s, p, DNS_RCODE_REFUSED, false);
403 return;
404 }
405
406 if (DNS_PACKET_DO(p) && DNS_PACKET_CD(p)) {
407 log_debug("Got request with DNSSEC CD bit set, refusing.");
408 dns_stub_send_failure(m, l, s, p, DNS_RCODE_NOTIMP, false);
409 return;
410 }
411
412 r = dns_query_new(m, &q, p->question, p->question, 0, SD_RESOLVED_PROTOCOLS_ALL|SD_RESOLVED_NO_SEARCH);
413 if (r < 0) {
414 log_error_errno(r, "Failed to generate query object: %m");
415 dns_stub_send_failure(m, l, s, p, DNS_RCODE_SERVFAIL, false);
416 return;
417 }
418
419 /* Request that the TTL is corrected by the cached time for this lookup, so that we return vaguely useful TTLs */
420 q->clamp_ttl = true;
421
422 q->request_dns_packet = dns_packet_ref(p);
423 q->request_dns_stream = dns_stream_ref(s); /* make sure the stream stays around until we can send a reply through it */
424 q->stub_listener_extra = l;
425 q->complete = dns_stub_query_complete;
426
427 if (s) {
428 /* Remember which queries belong to this stream, so that we can cancel them when the stream
429 * is disconnected early */
430
431 r = set_ensure_put(&s->queries, NULL, q);
432 if (r < 0) {
433 log_oom();
434 return;
435 }
436 assert(r > 0);
437 }
438
439 r = dns_query_go(q);
440 if (r < 0) {
441 log_error_errno(r, "Failed to start query: %m");
442 dns_stub_send_failure(m, l, s, p, DNS_RCODE_SERVFAIL, false);
443 return;
444 }
445
446 log_debug("Processing query...");
447 TAKE_PTR(q);
448 }
449
450 static int on_dns_stub_packet_internal(sd_event_source *s, int fd, uint32_t revents, Manager *m, DnsStubListenerExtra *l) {
451 _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
452 int r;
453
454 r = manager_recv(m, fd, DNS_PROTOCOL_DNS, &p);
455 if (r <= 0)
456 return r;
457
458 if (dns_packet_validate_query(p) > 0) {
459 log_debug("Got DNS stub UDP query packet for id %u", DNS_PACKET_ID(p));
460
461 dns_stub_process_query(m, l, NULL, p);
462 } else
463 log_debug("Invalid DNS stub UDP packet, ignoring.");
464
465 return 0;
466 }
467
468 static int on_dns_stub_packet(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
469 return on_dns_stub_packet_internal(s, fd, revents, userdata, NULL);
470 }
471
472 static int on_dns_stub_packet_extra(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
473 DnsStubListenerExtra *l = userdata;
474
475 assert(l);
476
477 return on_dns_stub_packet_internal(s, fd, revents, l->manager, l);
478 }
479
480 static int on_dns_stub_stream_packet(DnsStream *s) {
481 _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
482
483 assert(s);
484
485 p = dns_stream_take_read_packet(s);
486 assert(p);
487
488 if (dns_packet_validate_query(p) > 0) {
489 log_debug("Got DNS stub TCP query packet for id %u", DNS_PACKET_ID(p));
490
491 dns_stub_process_query(s->manager, s->stub_listener_extra, s, p);
492 } else
493 log_debug("Invalid DNS stub TCP packet, ignoring.");
494
495 return 0;
496 }
497
498 static int on_dns_stub_stream_internal(sd_event_source *s, int fd, uint32_t revents, Manager *m, DnsStubListenerExtra *l) {
499 DnsStream *stream;
500 int cfd, r;
501
502 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
503 if (cfd < 0) {
504 if (ERRNO_IS_ACCEPT_AGAIN(errno))
505 return 0;
506
507 return -errno;
508 }
509
510 r = dns_stream_new(m, &stream, DNS_STREAM_STUB, DNS_PROTOCOL_DNS, cfd, NULL);
511 if (r < 0) {
512 safe_close(cfd);
513 return r;
514 }
515
516 stream->stub_listener_extra = l;
517 stream->on_packet = on_dns_stub_stream_packet;
518 stream->complete = dns_stub_stream_complete;
519
520 /* We let the reference to the stream dangle here, it will be dropped later by the complete callback. */
521
522 return 0;
523 }
524
525 static int on_dns_stub_stream(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
526 return on_dns_stub_stream_internal(s, fd, revents, userdata, NULL);
527 }
528
529 static int on_dns_stub_stream_extra(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
530 DnsStubListenerExtra *l = userdata;
531
532 assert(l);
533 return on_dns_stub_stream_internal(s, fd, revents, l->manager, l);
534 }
535
536 static int set_dns_stub_common_socket_options(int fd, int family) {
537 int r;
538
539 assert(fd >= 0);
540 assert(IN_SET(family, AF_INET, AF_INET6));
541
542 r = setsockopt_int(fd, SOL_SOCKET, SO_REUSEADDR, true);
543 if (r < 0)
544 return r;
545
546 r = socket_set_recvpktinfo(fd, family, true);
547 if (r < 0)
548 return r;
549
550 r = socket_set_recvttl(fd, family, true);
551 if (r < 0)
552 return r;
553
554 return 0;
555 }
556
557 static int manager_dns_stub_fd(Manager *m, int type) {
558 union sockaddr_union sa = {
559 .in.sin_family = AF_INET,
560 .in.sin_addr.s_addr = htobe32(INADDR_DNS_STUB),
561 .in.sin_port = htobe16(53),
562 };
563 _cleanup_close_ int fd = -1;
564 int r;
565
566 assert(IN_SET(type, SOCK_DGRAM, SOCK_STREAM));
567
568 sd_event_source **event_source = type == SOCK_DGRAM ? &m->dns_stub_udp_event_source : &m->dns_stub_tcp_event_source;
569 if (*event_source)
570 return sd_event_source_get_io_fd(*event_source);
571
572 fd = socket(AF_INET, type | SOCK_CLOEXEC | SOCK_NONBLOCK, 0);
573 if (fd < 0)
574 return -errno;
575
576 r = set_dns_stub_common_socket_options(fd, AF_INET);
577 if (r < 0)
578 return r;
579
580 /* Make sure no traffic from outside the local host can leak to onto this socket */
581 r = socket_bind_to_ifindex(fd, LOOPBACK_IFINDEX);
582 if (r < 0)
583 return r;
584
585 r = setsockopt_int(fd, IPPROTO_IP, IP_TTL, 1);
586 if (r < 0)
587 return r;
588
589 if (bind(fd, &sa.sa, sizeof(sa.in)) < 0)
590 return -errno;
591
592 if (type == SOCK_STREAM &&
593 listen(fd, SOMAXCONN) < 0)
594 return -errno;
595
596 r = sd_event_add_io(m->event, event_source, fd, EPOLLIN,
597 type == SOCK_DGRAM ? on_dns_stub_packet : on_dns_stub_stream,
598 m);
599 if (r < 0)
600 return r;
601
602 r = sd_event_source_set_io_fd_own(*event_source, true);
603 if (r < 0)
604 return r;
605
606 (void) sd_event_source_set_description(*event_source,
607 type == SOCK_DGRAM ? "dns-stub-udp" : "dns-stub-tcp");
608
609 return TAKE_FD(fd);
610 }
611
612 static int manager_dns_stub_fd_extra(Manager *m, DnsStubListenerExtra *l, int type) {
613 _cleanup_free_ char *pretty = NULL;
614 _cleanup_close_ int fd = -1;
615 union sockaddr_union sa;
616 int r;
617
618 assert(m);
619 assert(IN_SET(type, SOCK_DGRAM, SOCK_STREAM));
620
621 if (!l)
622 return manager_dns_stub_fd(m, type);
623
624 sd_event_source **event_source = type == SOCK_DGRAM ? &l->udp_event_source : &l->tcp_event_source;
625 if (*event_source)
626 return sd_event_source_get_io_fd(*event_source);
627
628 if (l->family == AF_INET)
629 sa = (union sockaddr_union) {
630 .in.sin_family = l->family,
631 .in.sin_port = htobe16(l->port != 0 ? l->port : 53U),
632 .in.sin_addr = l->address.in,
633 };
634 else
635 sa = (union sockaddr_union) {
636 .in6.sin6_family = l->family,
637 .in6.sin6_port = htobe16(l->port != 0 ? l->port : 53U),
638 .in6.sin6_addr = l->address.in6,
639 };
640
641 fd = socket(l->family, type | SOCK_CLOEXEC | SOCK_NONBLOCK, 0);
642 if (fd < 0) {
643 r = -errno;
644 goto fail;
645 }
646
647 r = set_dns_stub_common_socket_options(fd, l->family);
648 if (r < 0)
649 goto fail;
650
651 /* Do not set IP_TTL for extra DNS stub listeners, as the address may not be local and in that case
652 * people may want ttl > 1. */
653
654 r = socket_set_freebind(fd, l->family, true);
655 if (r < 0)
656 goto fail;
657
658 if (bind(fd, &sa.sa, SOCKADDR_LEN(sa)) < 0) {
659 r = -errno;
660 goto fail;
661 }
662
663 if (type == SOCK_STREAM &&
664 listen(fd, SOMAXCONN) < 0) {
665 r = -errno;
666 goto fail;
667 }
668
669 r = sd_event_add_io(m->event, event_source, fd, EPOLLIN,
670 type == SOCK_DGRAM ? on_dns_stub_packet_extra : on_dns_stub_stream_extra,
671 l);
672 if (r < 0)
673 goto fail;
674
675 r = sd_event_source_set_io_fd_own(*event_source, true);
676 if (r < 0)
677 goto fail;
678
679 (void) sd_event_source_set_description(*event_source,
680 type == SOCK_DGRAM ? "dns-stub-udp-extra" : "dns-stub-tcp-extra");
681
682 if (DEBUG_LOGGING) {
683 (void) in_addr_port_to_string(l->family, &l->address, l->port, &pretty);
684 log_debug("Listening on %s socket %s.",
685 type == SOCK_DGRAM ? "UDP" : "TCP",
686 strnull(pretty));
687 }
688
689 return TAKE_FD(fd);
690
691 fail:
692 assert(r < 0);
693 (void) in_addr_port_to_string(l->family, &l->address, l->port, &pretty);
694 return log_warning_errno(r,
695 r == -EADDRINUSE ? "Another process is already listening on %s socket %s: %m" :
696 "Failed to listen on %s socket %s: %m",
697 type == SOCK_DGRAM ? "UDP" : "TCP",
698 strnull(pretty));
699 }
700
701 int manager_dns_stub_start(Manager *m) {
702 const char *t = "UDP";
703 int r = 0;
704
705 assert(m);
706
707 if (m->dns_stub_listener_mode == DNS_STUB_LISTENER_NO)
708 log_debug("Not creating stub listener.");
709 else
710 log_debug("Creating stub listener using %s.",
711 m->dns_stub_listener_mode == DNS_STUB_LISTENER_UDP ? "UDP" :
712 m->dns_stub_listener_mode == DNS_STUB_LISTENER_TCP ? "TCP" :
713 "UDP/TCP");
714
715 if (FLAGS_SET(m->dns_stub_listener_mode, DNS_STUB_LISTENER_UDP))
716 r = manager_dns_stub_fd(m, SOCK_DGRAM);
717
718 if (r >= 0 &&
719 FLAGS_SET(m->dns_stub_listener_mode, DNS_STUB_LISTENER_TCP)) {
720 t = "TCP";
721 r = manager_dns_stub_fd(m, SOCK_STREAM);
722 }
723
724 if (IN_SET(r, -EADDRINUSE, -EPERM)) {
725 log_warning_errno(r,
726 r == -EADDRINUSE ? "Another process is already listening on %s socket 127.0.0.53:53.\n"
727 "Turning off local DNS stub support." :
728 "Failed to listen on %s socket 127.0.0.53:53: %m.\n"
729 "Turning off local DNS stub support.",
730 t);
731 manager_dns_stub_stop(m);
732 } else if (r < 0)
733 return log_error_errno(r, "Failed to listen on %s socket 127.0.0.53:53: %m", t);
734
735 if (!ordered_set_isempty(m->dns_extra_stub_listeners)) {
736 DnsStubListenerExtra *l;
737
738 log_debug("Creating extra stub listeners.");
739
740 ORDERED_SET_FOREACH(l, m->dns_extra_stub_listeners) {
741 if (FLAGS_SET(l->mode, DNS_STUB_LISTENER_UDP))
742 (void) manager_dns_stub_fd_extra(m, l, SOCK_DGRAM);
743 if (FLAGS_SET(l->mode, DNS_STUB_LISTENER_TCP))
744 (void) manager_dns_stub_fd_extra(m, l, SOCK_STREAM);
745 }
746 }
747
748 return 0;
749 }
750
751 void manager_dns_stub_stop(Manager *m) {
752 assert(m);
753
754 m->dns_stub_udp_event_source = sd_event_source_unref(m->dns_stub_udp_event_source);
755 m->dns_stub_tcp_event_source = sd_event_source_unref(m->dns_stub_tcp_event_source);
756 }
757
758 static const char* const dns_stub_listener_mode_table[_DNS_STUB_LISTENER_MODE_MAX] = {
759 [DNS_STUB_LISTENER_NO] = "no",
760 [DNS_STUB_LISTENER_UDP] = "udp",
761 [DNS_STUB_LISTENER_TCP] = "tcp",
762 [DNS_STUB_LISTENER_YES] = "yes",
763 };
764 DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(dns_stub_listener_mode, DnsStubListenerMode, DNS_STUB_LISTENER_YES);
Unnamed repository; edit this file 'description' to name the repository.