1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
6 #include "sd-network.h"
8 #include "alloc-util.h"
14 #include "netif-util.h"
15 #include "parse-util.h"
16 #include "resolved-link.h"
17 #include "resolved-llmnr.h"
18 #include "resolved-mdns.h"
19 #include "socket-netlink.h"
20 #include "stat-util.h"
21 #include "string-util.h"
23 #include "tmpfile-util.h"
25 int link_new(Manager
*m
, Link
**ret
, int ifindex
) {
26 _cleanup_(link_freep
) Link
*l
= NULL
;
39 .llmnr_support
= RESOLVE_SUPPORT_YES
,
40 .mdns_support
= RESOLVE_SUPPORT_NO
,
41 .dnssec_mode
= _DNSSEC_MODE_INVALID
,
42 .dns_over_tls_mode
= _DNS_OVER_TLS_MODE_INVALID
,
43 .operstate
= IF_OPER_UNKNOWN
,
46 if (asprintf(&l
->state_file
, "/run/systemd/resolve/netif/%i", ifindex
) < 0)
49 r
= hashmap_ensure_put(&m
->links
, NULL
, INT_TO_PTR(ifindex
), l
);
62 void link_flush_settings(Link
*l
) {
65 l
->default_route
= -1;
66 l
->llmnr_support
= RESOLVE_SUPPORT_YES
;
67 l
->mdns_support
= RESOLVE_SUPPORT_NO
;
68 l
->dnssec_mode
= _DNSSEC_MODE_INVALID
;
69 l
->dns_over_tls_mode
= _DNS_OVER_TLS_MODE_INVALID
;
71 dns_server_unlink_all(l
->dns_servers
);
72 dns_search_domain_unlink_all(l
->search_domains
);
74 l
->dnssec_negative_trust_anchors
= set_free_free(l
->dnssec_negative_trust_anchors
);
77 Link
*link_free(Link
*l
) {
81 /* Send goodbye messages. */
82 dns_scope_announce(l
->mdns_ipv4_scope
, true);
83 dns_scope_announce(l
->mdns_ipv6_scope
, true);
85 link_flush_settings(l
);
88 (void) link_address_free(l
->addresses
);
91 hashmap_remove(l
->manager
->links
, INT_TO_PTR(l
->ifindex
));
93 dns_scope_free(l
->unicast_scope
);
94 dns_scope_free(l
->llmnr_ipv4_scope
);
95 dns_scope_free(l
->llmnr_ipv6_scope
);
96 dns_scope_free(l
->mdns_ipv4_scope
);
97 dns_scope_free(l
->mdns_ipv6_scope
);
105 void link_allocate_scopes(Link
*l
) {
106 bool unicast_relevant
;
111 /* If a link that used to be relevant is no longer, or a link that did not use to be relevant now becomes
112 * relevant, let's reinit the learnt global DNS server information, since we might talk to different servers
113 * now, even if they have the same addresses as before. */
115 unicast_relevant
= link_relevant(l
, AF_UNSPEC
, false);
116 if (unicast_relevant
!= l
->unicast_relevant
) {
117 l
->unicast_relevant
= unicast_relevant
;
119 dns_server_reset_features_all(l
->manager
->fallback_dns_servers
);
120 dns_server_reset_features_all(l
->manager
->dns_servers
);
122 /* Also, flush the global unicast scope, to deal with split horizon setups, where talking through one
123 * interface reveals different DNS zones than through others. */
124 if (l
->manager
->unicast_scope
)
125 dns_cache_flush(&l
->manager
->unicast_scope
->cache
);
128 /* And now, allocate all scopes that makes sense now if we didn't have them yet, and drop those which we don't
131 if (unicast_relevant
&& l
->dns_servers
) {
132 if (!l
->unicast_scope
) {
133 dns_server_reset_features_all(l
->dns_servers
);
135 r
= dns_scope_new(l
->manager
, &l
->unicast_scope
, l
, DNS_PROTOCOL_DNS
, AF_UNSPEC
);
137 log_link_warning_errno(l
, r
, "Failed to allocate DNS scope, ignoring: %m");
140 l
->unicast_scope
= dns_scope_free(l
->unicast_scope
);
142 if (link_relevant(l
, AF_INET
, true) &&
143 l
->llmnr_support
!= RESOLVE_SUPPORT_NO
&&
144 l
->manager
->llmnr_support
!= RESOLVE_SUPPORT_NO
) {
145 if (!l
->llmnr_ipv4_scope
) {
146 r
= dns_scope_new(l
->manager
, &l
->llmnr_ipv4_scope
, l
, DNS_PROTOCOL_LLMNR
, AF_INET
);
148 log_link_warning_errno(l
, r
, "Failed to allocate LLMNR IPv4 scope, ignoring: %m");
151 l
->llmnr_ipv4_scope
= dns_scope_free(l
->llmnr_ipv4_scope
);
153 if (link_relevant(l
, AF_INET6
, true) &&
154 l
->llmnr_support
!= RESOLVE_SUPPORT_NO
&&
155 l
->manager
->llmnr_support
!= RESOLVE_SUPPORT_NO
&&
156 socket_ipv6_is_supported()) {
157 if (!l
->llmnr_ipv6_scope
) {
158 r
= dns_scope_new(l
->manager
, &l
->llmnr_ipv6_scope
, l
, DNS_PROTOCOL_LLMNR
, AF_INET6
);
160 log_link_warning_errno(l
, r
, "Failed to allocate LLMNR IPv6 scope, ignoring: %m");
163 l
->llmnr_ipv6_scope
= dns_scope_free(l
->llmnr_ipv6_scope
);
165 if (link_relevant(l
, AF_INET
, true) &&
166 l
->mdns_support
!= RESOLVE_SUPPORT_NO
&&
167 l
->manager
->mdns_support
!= RESOLVE_SUPPORT_NO
) {
168 if (!l
->mdns_ipv4_scope
) {
169 r
= dns_scope_new(l
->manager
, &l
->mdns_ipv4_scope
, l
, DNS_PROTOCOL_MDNS
, AF_INET
);
171 log_link_warning_errno(l
, r
, "Failed to allocate mDNS IPv4 scope, ignoring: %m");
174 l
->mdns_ipv4_scope
= dns_scope_free(l
->mdns_ipv4_scope
);
176 if (link_relevant(l
, AF_INET6
, true) &&
177 l
->mdns_support
!= RESOLVE_SUPPORT_NO
&&
178 l
->manager
->mdns_support
!= RESOLVE_SUPPORT_NO
) {
179 if (!l
->mdns_ipv6_scope
) {
180 r
= dns_scope_new(l
->manager
, &l
->mdns_ipv6_scope
, l
, DNS_PROTOCOL_MDNS
, AF_INET6
);
182 log_link_warning_errno(l
, r
, "Failed to allocate mDNS IPv6 scope, ignoring: %m");
185 l
->mdns_ipv6_scope
= dns_scope_free(l
->mdns_ipv6_scope
);
188 void link_add_rrs(Link
*l
, bool force_remove
) {
192 LIST_FOREACH(addresses
, a
, l
->addresses
)
193 link_address_add_rrs(a
, force_remove
);
196 l
->mdns_support
== RESOLVE_SUPPORT_YES
&&
197 l
->manager
->mdns_support
== RESOLVE_SUPPORT_YES
) {
199 if (l
->mdns_ipv4_scope
) {
200 r
= dns_scope_add_dnssd_services(l
->mdns_ipv4_scope
);
202 log_link_warning_errno(l
, r
, "Failed to add IPv4 DNS-SD services, ignoring: %m");
205 if (l
->mdns_ipv6_scope
) {
206 r
= dns_scope_add_dnssd_services(l
->mdns_ipv6_scope
);
208 log_link_warning_errno(l
, r
, "Failed to add IPv6 DNS-SD services, ignoring: %m");
213 if (l
->mdns_ipv4_scope
) {
214 r
= dns_scope_remove_dnssd_services(l
->mdns_ipv4_scope
);
216 log_link_warning_errno(l
, r
, "Failed to remove IPv4 DNS-SD services, ignoring: %m");
219 if (l
->mdns_ipv6_scope
) {
220 r
= dns_scope_remove_dnssd_services(l
->mdns_ipv6_scope
);
222 log_link_warning_errno(l
, r
, "Failed to remove IPv6 DNS-SD services, ignoring: %m");
227 int link_process_rtnl(Link
*l
, sd_netlink_message
*m
) {
228 const char *n
= NULL
;
234 r
= sd_rtnl_message_link_get_flags(m
, &l
->flags
);
238 (void) sd_netlink_message_read_u32(m
, IFLA_MTU
, &l
->mtu
);
239 (void) sd_netlink_message_read_u8(m
, IFLA_OPERSTATE
, &l
->operstate
);
241 if (sd_netlink_message_read_string(m
, IFLA_IFNAME
, &n
) >= 0 &&
242 !streq_ptr(l
->ifname
, n
)) {
244 log_link_debug(l
, "Interface name change detected: %s -> %s", l
->ifname
, n
);
246 r
= free_and_strdup(&l
->ifname
, n
);
254 static int link_update_dns_server_one(Link
*l
, const char *str
) {
255 _cleanup_free_
char *name
= NULL
;
256 int family
, ifindex
, r
;
257 union in_addr_union a
;
264 r
= in_addr_port_ifindex_name_from_string_auto(str
, &family
, &a
, &port
, &ifindex
, &name
);
268 if (ifindex
!= 0 && ifindex
!= l
->ifindex
)
271 /* By default, the port number is determined with the transaction feature level.
272 * See dns_transaction_port() and dns_server_port(). */
273 if (IN_SET(port
, 53, 853))
276 s
= dns_server_find(l
->dns_servers
, family
, &a
, port
, 0, name
);
278 dns_server_move_back_and_unmark(s
);
282 return dns_server_new(l
->manager
, NULL
, DNS_SERVER_LINK
, l
, family
, &a
, port
, 0, name
);
285 static int link_update_dns_servers(Link
*l
) {
286 _cleanup_strv_free_
char **nameservers
= NULL
;
292 r
= sd_network_link_get_dns(l
->ifindex
, &nameservers
);
300 dns_server_mark_all(l
->dns_servers
);
302 STRV_FOREACH(nameserver
, nameservers
) {
303 r
= link_update_dns_server_one(l
, *nameserver
);
308 dns_server_unlink_marked(l
->dns_servers
);
312 dns_server_unlink_all(l
->dns_servers
);
316 static int link_update_default_route(Link
*l
) {
321 r
= sd_network_link_get_dns_default_route(l
->ifindex
);
329 l
->default_route
= r
> 0;
333 l
->default_route
= -1;
337 static int link_update_llmnr_support(Link
*l
) {
338 _cleanup_free_
char *b
= NULL
;
343 l
->llmnr_support
= RESOLVE_SUPPORT_YES
; /* yes, yes, we set it twice which is ugly */
345 r
= sd_network_link_get_llmnr(l
->ifindex
, &b
);
351 r
= resolve_support_from_string(b
);
355 l
->llmnr_support
= r
;
359 static int link_update_mdns_support(Link
*l
) {
360 _cleanup_free_
char *b
= NULL
;
365 l
->mdns_support
= RESOLVE_SUPPORT_NO
;
367 r
= sd_network_link_get_mdns(l
->ifindex
, &b
);
373 r
= resolve_support_from_string(b
);
381 void link_set_dns_over_tls_mode(Link
*l
, DnsOverTlsMode mode
) {
385 #if ! ENABLE_DNS_OVER_TLS
386 if (mode
!= DNS_OVER_TLS_NO
)
388 "DNS-over-TLS option for the link cannot be enabled or set to opportunistic "
389 "when systemd-resolved is built without DNS-over-TLS support. "
390 "Turning off DNS-over-TLS support.");
394 l
->dns_over_tls_mode
= mode
;
397 static int link_update_dns_over_tls_mode(Link
*l
) {
398 _cleanup_free_
char *b
= NULL
;
403 l
->dns_over_tls_mode
= _DNS_OVER_TLS_MODE_INVALID
;
405 r
= sd_network_link_get_dns_over_tls(l
->ifindex
, &b
);
411 r
= dns_over_tls_mode_from_string(b
);
415 l
->dns_over_tls_mode
= r
;
419 void link_set_dnssec_mode(Link
*l
, DnssecMode mode
) {
423 #if !HAVE_OPENSSL_OR_GCRYPT
424 if (IN_SET(mode
, DNSSEC_YES
, DNSSEC_ALLOW_DOWNGRADE
))
426 "DNSSEC option for the link cannot be enabled or set to allow-downgrade "
427 "when systemd-resolved is built without a cryptographic library. "
428 "Turning off DNSSEC support.");
432 if (l
->dnssec_mode
== mode
)
435 if ((l
->dnssec_mode
== _DNSSEC_MODE_INVALID
) ||
436 (l
->dnssec_mode
== DNSSEC_NO
&& mode
!= DNSSEC_NO
) ||
437 (l
->dnssec_mode
== DNSSEC_ALLOW_DOWNGRADE
&& mode
== DNSSEC_YES
)) {
439 /* When switching from non-DNSSEC mode to DNSSEC mode, flush the cache. Also when switching from the
440 * allow-downgrade mode to full DNSSEC mode, flush it too. */
441 if (l
->unicast_scope
)
442 dns_cache_flush(&l
->unicast_scope
->cache
);
445 l
->dnssec_mode
= mode
;
448 static int link_update_dnssec_mode(Link
*l
) {
449 _cleanup_free_
char *m
= NULL
;
455 l
->dnssec_mode
= _DNSSEC_MODE_INVALID
;
457 r
= sd_network_link_get_dnssec(l
->ifindex
, &m
);
463 mode
= dnssec_mode_from_string(m
);
467 link_set_dnssec_mode(l
, mode
);
471 static int link_update_dnssec_negative_trust_anchors(Link
*l
) {
472 _cleanup_strv_free_
char **ntas
= NULL
;
473 _cleanup_set_free_free_ Set
*ns
= NULL
;
478 l
->dnssec_negative_trust_anchors
= set_free_free(l
->dnssec_negative_trust_anchors
);
480 r
= sd_network_link_get_dnssec_negative_trust_anchors(l
->ifindex
, &ntas
);
486 ns
= set_new(&dns_name_hash_ops
);
490 r
= set_put_strdupv(&ns
, ntas
);
494 l
->dnssec_negative_trust_anchors
= TAKE_PTR(ns
);
498 static int link_update_search_domain_one(Link
*l
, const char *name
, bool route_only
) {
505 r
= dns_search_domain_find(l
->search_domains
, name
, &d
);
509 dns_search_domain_move_back_and_unmark(d
);
511 r
= dns_search_domain_new(l
->manager
, &d
, DNS_SEARCH_DOMAIN_LINK
, l
, name
);
516 d
->route_only
= route_only
;
520 static int link_update_search_domains(Link
*l
) {
521 _cleanup_strv_free_
char **sdomains
= NULL
, **rdomains
= NULL
;
527 r
= sd_network_link_get_search_domains(l
->ifindex
, &sdomains
);
528 if (r
< 0 && r
!= -ENODATA
)
531 q
= sd_network_link_get_route_domains(l
->ifindex
, &rdomains
);
532 if (q
< 0 && q
!= -ENODATA
) {
537 if (r
== -ENODATA
&& q
== -ENODATA
) {
538 /* networkd knows nothing about this interface, and that's fine. */
543 dns_search_domain_mark_all(l
->search_domains
);
545 STRV_FOREACH(i
, sdomains
) {
546 r
= link_update_search_domain_one(l
, *i
, false);
551 STRV_FOREACH(i
, rdomains
) {
552 r
= link_update_search_domain_one(l
, *i
, true);
557 dns_search_domain_unlink_marked(l
->search_domains
);
561 dns_search_domain_unlink_all(l
->search_domains
);
565 static int link_is_managed(Link
*l
) {
566 _cleanup_free_
char *state
= NULL
;
571 r
= sd_network_link_get_setup_state(l
->ifindex
, &state
);
577 return !STR_IN_SET(state
, "pending", "initialized", "unmanaged");
580 static void link_enter_unmanaged(Link
*l
) {
583 /* If this link used to be managed, but is now unmanaged, flush all our settings — but only once. */
585 link_flush_settings(l
);
587 l
->is_managed
= false;
590 static void link_read_settings(Link
*l
) {
596 /* Read settings from networkd, except when networkd is not managing this interface. */
598 r
= sd_network_link_get_stat(l
->ifindex
, &st
);
600 return link_enter_unmanaged(l
);
602 return (void) log_link_warning_errno(l
, r
, "Failed to stat() networkd's link state file, ignoring: %m");
604 if (stat_inode_unmodified(&l
->networkd_state_file_stat
, &st
))
605 /* The state file is unmodified. Not necessary to re-read settings. */
608 /* Save the new stat for the next event. */
609 l
->networkd_state_file_stat
= st
;
611 r
= link_is_managed(l
);
613 return (void) log_link_warning_errno(l
, r
, "Failed to determine whether the interface is managed, ignoring: %m");
615 return link_enter_unmanaged(l
);
617 l
->is_managed
= true;
619 r
= network_link_get_operational_state(l
->ifindex
, &l
->networkd_operstate
);
621 log_link_warning_errno(l
, r
, "Failed to read networkd's link operational state, ignoring: %m");
623 r
= link_update_dns_servers(l
);
625 log_link_warning_errno(l
, r
, "Failed to read DNS servers for the interface, ignoring: %m");
627 r
= link_update_llmnr_support(l
);
629 log_link_warning_errno(l
, r
, "Failed to read LLMNR support for the interface, ignoring: %m");
631 r
= link_update_mdns_support(l
);
633 log_link_warning_errno(l
, r
, "Failed to read mDNS support for the interface, ignoring: %m");
635 r
= link_update_dns_over_tls_mode(l
);
637 log_link_warning_errno(l
, r
, "Failed to read DNS-over-TLS mode for the interface, ignoring: %m");
639 r
= link_update_dnssec_mode(l
);
641 log_link_warning_errno(l
, r
, "Failed to read DNSSEC mode for the interface, ignoring: %m");
643 r
= link_update_dnssec_negative_trust_anchors(l
);
645 log_link_warning_errno(l
, r
, "Failed to read DNSSEC negative trust anchors for the interface, ignoring: %m");
647 r
= link_update_search_domains(l
);
649 log_link_warning_errno(l
, r
, "Failed to read search domains for the interface, ignoring: %m");
651 r
= link_update_default_route(l
);
653 log_link_warning_errno(l
, r
, "Failed to read default route setting for the interface, proceeding anyway: %m");
656 int link_update(Link
*l
) {
661 link_read_settings(l
);
662 r
= link_load_user(l
);
666 if (l
->llmnr_support
!= RESOLVE_SUPPORT_NO
) {
667 r
= manager_llmnr_start(l
->manager
);
672 if (l
->mdns_support
!= RESOLVE_SUPPORT_NO
) {
673 r
= manager_mdns_start(l
->manager
);
678 link_allocate_scopes(l
);
679 link_add_rrs(l
, false);
684 bool link_relevant(Link
*l
, int family
, bool local_multicast
) {
689 /* A link is relevant for local multicast traffic if it isn't a loopback device, has a link
690 * beat, can do multicast and has at least one link-local (or better) IP address.
692 * A link is relevant for non-multicast traffic if it isn't a loopback device, has a link beat, and has at
693 * least one routable address. */
695 if ((l
->flags
& (IFF_LOOPBACK
| IFF_DORMANT
)) != 0)
698 if (!FLAGS_SET(l
->flags
, IFF_UP
| IFF_LOWER_UP
))
701 if (local_multicast
&&
702 !FLAGS_SET(l
->flags
, IFF_MULTICAST
))
705 if (!netif_has_carrier(l
->operstate
, l
->flags
))
709 !IN_SET(l
->networkd_operstate
, LINK_OPERSTATE_DEGRADED_CARRIER
, LINK_OPERSTATE_DEGRADED
, LINK_OPERSTATE_ROUTABLE
))
712 LIST_FOREACH(addresses
, a
, l
->addresses
)
713 if ((family
== AF_UNSPEC
|| a
->family
== family
) && link_address_relevant(a
, local_multicast
))
719 LinkAddress
*link_find_address(Link
*l
, int family
, const union in_addr_union
*in_addr
) {
724 if (!IN_SET(family
, AF_INET
, AF_INET6
))
730 LIST_FOREACH(addresses
, a
, l
->addresses
)
731 if (a
->family
== family
&& in_addr_equal(family
, &a
->in_addr
, in_addr
))
737 DnsServer
* link_set_dns_server(Link
*l
, DnsServer
*s
) {
740 if (l
->current_dns_server
== s
)
744 log_link_debug(l
, "Switching to DNS server %s.", strna(dns_server_string_full(s
)));
746 dns_server_unref(l
->current_dns_server
);
747 l
->current_dns_server
= dns_server_ref(s
);
749 if (l
->unicast_scope
)
750 dns_cache_flush(&l
->unicast_scope
->cache
);
755 DnsServer
*link_get_dns_server(Link
*l
) {
758 if (!l
->current_dns_server
)
759 link_set_dns_server(l
, l
->dns_servers
);
761 return l
->current_dns_server
;
764 void link_next_dns_server(Link
*l
, DnsServer
*if_current
) {
767 /* If the current server of the transaction is specified, and we already are at a different one,
768 * don't do anything */
769 if (if_current
&& l
->current_dns_server
!= if_current
)
772 /* If currently have no DNS server, then don't do anything, we'll pick it lazily the next time a DNS
773 * server is needed. */
774 if (!l
->current_dns_server
)
777 /* Change to the next one, but make sure to follow the linked list only if this server is actually
779 if (l
->current_dns_server
->linked
&& l
->current_dns_server
->servers_next
) {
780 link_set_dns_server(l
, l
->current_dns_server
->servers_next
);
784 /* Pick the first one again, after we reached the end */
785 link_set_dns_server(l
, l
->dns_servers
);
788 DnsOverTlsMode
link_get_dns_over_tls_mode(Link
*l
) {
791 if (l
->dns_over_tls_mode
!= _DNS_OVER_TLS_MODE_INVALID
)
792 return l
->dns_over_tls_mode
;
794 return manager_get_dns_over_tls_mode(l
->manager
);
797 DnssecMode
link_get_dnssec_mode(Link
*l
) {
800 if (l
->dnssec_mode
!= _DNSSEC_MODE_INVALID
)
801 return l
->dnssec_mode
;
803 return manager_get_dnssec_mode(l
->manager
);
806 bool link_dnssec_supported(Link
*l
) {
811 if (link_get_dnssec_mode(l
) == DNSSEC_NO
)
814 server
= link_get_dns_server(l
);
816 return dns_server_dnssec_supported(server
);
821 int link_address_new(Link
*l
, LinkAddress
**ret
, int family
, const union in_addr_union
*in_addr
) {
827 a
= new(LinkAddress
, 1);
835 .prefixlen
= UCHAR_MAX
,
838 LIST_PREPEND(addresses
, l
->addresses
, a
);
847 LinkAddress
*link_address_free(LinkAddress
*a
) {
852 LIST_REMOVE(addresses
, a
->link
->addresses
, a
);
854 assert(a
->link
->n_addresses
> 0);
855 a
->link
->n_addresses
--;
857 if (a
->llmnr_address_rr
) {
858 if (a
->family
== AF_INET
&& a
->link
->llmnr_ipv4_scope
)
859 dns_zone_remove_rr(&a
->link
->llmnr_ipv4_scope
->zone
, a
->llmnr_address_rr
);
860 else if (a
->family
== AF_INET6
&& a
->link
->llmnr_ipv6_scope
)
861 dns_zone_remove_rr(&a
->link
->llmnr_ipv6_scope
->zone
, a
->llmnr_address_rr
);
864 if (a
->llmnr_ptr_rr
) {
865 if (a
->family
== AF_INET
&& a
->link
->llmnr_ipv4_scope
)
866 dns_zone_remove_rr(&a
->link
->llmnr_ipv4_scope
->zone
, a
->llmnr_ptr_rr
);
867 else if (a
->family
== AF_INET6
&& a
->link
->llmnr_ipv6_scope
)
868 dns_zone_remove_rr(&a
->link
->llmnr_ipv6_scope
->zone
, a
->llmnr_ptr_rr
);
871 if (a
->mdns_address_rr
) {
872 if (a
->family
== AF_INET
&& a
->link
->mdns_ipv4_scope
)
873 dns_zone_remove_rr(&a
->link
->mdns_ipv4_scope
->zone
, a
->mdns_address_rr
);
874 else if (a
->family
== AF_INET6
&& a
->link
->mdns_ipv6_scope
)
875 dns_zone_remove_rr(&a
->link
->mdns_ipv6_scope
->zone
, a
->mdns_address_rr
);
878 if (a
->mdns_ptr_rr
) {
879 if (a
->family
== AF_INET
&& a
->link
->mdns_ipv4_scope
)
880 dns_zone_remove_rr(&a
->link
->mdns_ipv4_scope
->zone
, a
->mdns_ptr_rr
);
881 else if (a
->family
== AF_INET6
&& a
->link
->mdns_ipv6_scope
)
882 dns_zone_remove_rr(&a
->link
->mdns_ipv6_scope
->zone
, a
->mdns_ptr_rr
);
886 dns_resource_record_unref(a
->llmnr_address_rr
);
887 dns_resource_record_unref(a
->llmnr_ptr_rr
);
888 dns_resource_record_unref(a
->mdns_address_rr
);
889 dns_resource_record_unref(a
->mdns_ptr_rr
);
894 void link_address_add_rrs(LinkAddress
*a
, bool force_remove
) {
899 if (a
->family
== AF_INET
) {
902 link_address_relevant(a
, true) &&
903 a
->link
->llmnr_ipv4_scope
&&
904 a
->link
->llmnr_support
== RESOLVE_SUPPORT_YES
&&
905 a
->link
->manager
->llmnr_support
== RESOLVE_SUPPORT_YES
) {
907 if (!a
->link
->manager
->llmnr_host_ipv4_key
) {
908 a
->link
->manager
->llmnr_host_ipv4_key
= dns_resource_key_new(DNS_CLASS_IN
, DNS_TYPE_A
, a
->link
->manager
->llmnr_hostname
);
909 if (!a
->link
->manager
->llmnr_host_ipv4_key
) {
915 if (!a
->llmnr_address_rr
) {
916 a
->llmnr_address_rr
= dns_resource_record_new(a
->link
->manager
->llmnr_host_ipv4_key
);
917 if (!a
->llmnr_address_rr
) {
922 a
->llmnr_address_rr
->a
.in_addr
= a
->in_addr
.in
;
923 a
->llmnr_address_rr
->ttl
= LLMNR_DEFAULT_TTL
;
926 if (!a
->llmnr_ptr_rr
) {
927 r
= dns_resource_record_new_reverse(&a
->llmnr_ptr_rr
, a
->family
, &a
->in_addr
, a
->link
->manager
->llmnr_hostname
);
931 a
->llmnr_ptr_rr
->ttl
= LLMNR_DEFAULT_TTL
;
934 r
= dns_zone_put(&a
->link
->llmnr_ipv4_scope
->zone
, a
->link
->llmnr_ipv4_scope
, a
->llmnr_address_rr
, true);
936 log_link_warning_errno(a
->link
, r
, "Failed to add A record to LLMNR zone, ignoring: %m");
938 r
= dns_zone_put(&a
->link
->llmnr_ipv4_scope
->zone
, a
->link
->llmnr_ipv4_scope
, a
->llmnr_ptr_rr
, false);
940 log_link_warning_errno(a
->link
, r
, "Failed to add IPv4 PTR record to LLMNR zone, ignoring: %m");
942 if (a
->llmnr_address_rr
) {
943 if (a
->link
->llmnr_ipv4_scope
)
944 dns_zone_remove_rr(&a
->link
->llmnr_ipv4_scope
->zone
, a
->llmnr_address_rr
);
945 a
->llmnr_address_rr
= dns_resource_record_unref(a
->llmnr_address_rr
);
948 if (a
->llmnr_ptr_rr
) {
949 if (a
->link
->llmnr_ipv4_scope
)
950 dns_zone_remove_rr(&a
->link
->llmnr_ipv4_scope
->zone
, a
->llmnr_ptr_rr
);
951 a
->llmnr_ptr_rr
= dns_resource_record_unref(a
->llmnr_ptr_rr
);
956 link_address_relevant(a
, true) &&
957 a
->link
->mdns_ipv4_scope
&&
958 a
->link
->mdns_support
== RESOLVE_SUPPORT_YES
&&
959 a
->link
->manager
->mdns_support
== RESOLVE_SUPPORT_YES
) {
960 if (!a
->link
->manager
->mdns_host_ipv4_key
) {
961 a
->link
->manager
->mdns_host_ipv4_key
= dns_resource_key_new(DNS_CLASS_IN
, DNS_TYPE_A
, a
->link
->manager
->mdns_hostname
);
962 if (!a
->link
->manager
->mdns_host_ipv4_key
) {
968 if (!a
->mdns_address_rr
) {
969 a
->mdns_address_rr
= dns_resource_record_new(a
->link
->manager
->mdns_host_ipv4_key
);
970 if (!a
->mdns_address_rr
) {
975 a
->mdns_address_rr
->a
.in_addr
= a
->in_addr
.in
;
976 a
->mdns_address_rr
->ttl
= MDNS_DEFAULT_TTL
;
979 if (!a
->mdns_ptr_rr
) {
980 r
= dns_resource_record_new_reverse(&a
->mdns_ptr_rr
, a
->family
, &a
->in_addr
, a
->link
->manager
->mdns_hostname
);
984 a
->mdns_ptr_rr
->ttl
= MDNS_DEFAULT_TTL
;
987 r
= dns_zone_put(&a
->link
->mdns_ipv4_scope
->zone
, a
->link
->mdns_ipv4_scope
, a
->mdns_address_rr
, true);
989 log_link_warning_errno(a
->link
, r
, "Failed to add A record to MDNS zone, ignoring: %m");
991 r
= dns_zone_put(&a
->link
->mdns_ipv4_scope
->zone
, a
->link
->mdns_ipv4_scope
, a
->mdns_ptr_rr
, false);
993 log_link_warning_errno(a
->link
, r
, "Failed to add IPv4 PTR record to MDNS zone, ignoring: %m");
995 if (a
->mdns_address_rr
) {
996 if (a
->link
->mdns_ipv4_scope
)
997 dns_zone_remove_rr(&a
->link
->mdns_ipv4_scope
->zone
, a
->mdns_address_rr
);
998 a
->mdns_address_rr
= dns_resource_record_unref(a
->mdns_address_rr
);
1001 if (a
->mdns_ptr_rr
) {
1002 if (a
->link
->mdns_ipv4_scope
)
1003 dns_zone_remove_rr(&a
->link
->mdns_ipv4_scope
->zone
, a
->mdns_ptr_rr
);
1004 a
->mdns_ptr_rr
= dns_resource_record_unref(a
->mdns_ptr_rr
);
1009 if (a
->family
== AF_INET6
) {
1011 if (!force_remove
&&
1012 link_address_relevant(a
, true) &&
1013 a
->link
->llmnr_ipv6_scope
&&
1014 a
->link
->llmnr_support
== RESOLVE_SUPPORT_YES
&&
1015 a
->link
->manager
->llmnr_support
== RESOLVE_SUPPORT_YES
) {
1017 if (!a
->link
->manager
->llmnr_host_ipv6_key
) {
1018 a
->link
->manager
->llmnr_host_ipv6_key
= dns_resource_key_new(DNS_CLASS_IN
, DNS_TYPE_AAAA
, a
->link
->manager
->llmnr_hostname
);
1019 if (!a
->link
->manager
->llmnr_host_ipv6_key
) {
1025 if (!a
->llmnr_address_rr
) {
1026 a
->llmnr_address_rr
= dns_resource_record_new(a
->link
->manager
->llmnr_host_ipv6_key
);
1027 if (!a
->llmnr_address_rr
) {
1032 a
->llmnr_address_rr
->aaaa
.in6_addr
= a
->in_addr
.in6
;
1033 a
->llmnr_address_rr
->ttl
= LLMNR_DEFAULT_TTL
;
1036 if (!a
->llmnr_ptr_rr
) {
1037 r
= dns_resource_record_new_reverse(&a
->llmnr_ptr_rr
, a
->family
, &a
->in_addr
, a
->link
->manager
->llmnr_hostname
);
1041 a
->llmnr_ptr_rr
->ttl
= LLMNR_DEFAULT_TTL
;
1044 r
= dns_zone_put(&a
->link
->llmnr_ipv6_scope
->zone
, a
->link
->llmnr_ipv6_scope
, a
->llmnr_address_rr
, true);
1046 log_link_warning_errno(a
->link
, r
, "Failed to add AAAA record to LLMNR zone, ignoring: %m");
1048 r
= dns_zone_put(&a
->link
->llmnr_ipv6_scope
->zone
, a
->link
->llmnr_ipv6_scope
, a
->llmnr_ptr_rr
, false);
1050 log_link_warning_errno(a
->link
, r
, "Failed to add IPv6 PTR record to LLMNR zone, ignoring: %m");
1052 if (a
->llmnr_address_rr
) {
1053 if (a
->link
->llmnr_ipv6_scope
)
1054 dns_zone_remove_rr(&a
->link
->llmnr_ipv6_scope
->zone
, a
->llmnr_address_rr
);
1055 a
->llmnr_address_rr
= dns_resource_record_unref(a
->llmnr_address_rr
);
1058 if (a
->llmnr_ptr_rr
) {
1059 if (a
->link
->llmnr_ipv6_scope
)
1060 dns_zone_remove_rr(&a
->link
->llmnr_ipv6_scope
->zone
, a
->llmnr_ptr_rr
);
1061 a
->llmnr_ptr_rr
= dns_resource_record_unref(a
->llmnr_ptr_rr
);
1065 if (!force_remove
&&
1066 link_address_relevant(a
, true) &&
1067 a
->link
->mdns_ipv6_scope
&&
1068 a
->link
->mdns_support
== RESOLVE_SUPPORT_YES
&&
1069 a
->link
->manager
->mdns_support
== RESOLVE_SUPPORT_YES
) {
1071 if (!a
->link
->manager
->mdns_host_ipv6_key
) {
1072 a
->link
->manager
->mdns_host_ipv6_key
= dns_resource_key_new(DNS_CLASS_IN
, DNS_TYPE_AAAA
, a
->link
->manager
->mdns_hostname
);
1073 if (!a
->link
->manager
->mdns_host_ipv6_key
) {
1079 if (!a
->mdns_address_rr
) {
1080 a
->mdns_address_rr
= dns_resource_record_new(a
->link
->manager
->mdns_host_ipv6_key
);
1081 if (!a
->mdns_address_rr
) {
1086 a
->mdns_address_rr
->aaaa
.in6_addr
= a
->in_addr
.in6
;
1087 a
->mdns_address_rr
->ttl
= MDNS_DEFAULT_TTL
;
1090 if (!a
->mdns_ptr_rr
) {
1091 r
= dns_resource_record_new_reverse(&a
->mdns_ptr_rr
, a
->family
, &a
->in_addr
, a
->link
->manager
->mdns_hostname
);
1095 a
->mdns_ptr_rr
->ttl
= MDNS_DEFAULT_TTL
;
1098 r
= dns_zone_put(&a
->link
->mdns_ipv6_scope
->zone
, a
->link
->mdns_ipv6_scope
, a
->mdns_address_rr
, true);
1100 log_link_warning_errno(a
->link
, r
, "Failed to add AAAA record to MDNS zone, ignoring: %m");
1102 r
= dns_zone_put(&a
->link
->mdns_ipv6_scope
->zone
, a
->link
->mdns_ipv6_scope
, a
->mdns_ptr_rr
, false);
1104 log_link_warning_errno(a
->link
, r
, "Failed to add IPv6 PTR record to MDNS zone, ignoring: %m");
1106 if (a
->mdns_address_rr
) {
1107 if (a
->link
->mdns_ipv6_scope
)
1108 dns_zone_remove_rr(&a
->link
->mdns_ipv6_scope
->zone
, a
->mdns_address_rr
);
1109 a
->mdns_address_rr
= dns_resource_record_unref(a
->mdns_address_rr
);
1112 if (a
->mdns_ptr_rr
) {
1113 if (a
->link
->mdns_ipv6_scope
)
1114 dns_zone_remove_rr(&a
->link
->mdns_ipv6_scope
->zone
, a
->mdns_ptr_rr
);
1115 a
->mdns_ptr_rr
= dns_resource_record_unref(a
->mdns_ptr_rr
);
1123 log_link_debug_errno(a
->link
, r
, "Failed to update address RRs, ignoring: %m");
1126 int link_address_update_rtnl(LinkAddress
*a
, sd_netlink_message
*m
) {
1132 r
= sd_rtnl_message_addr_get_flags(m
, &a
->flags
);
1136 (void) sd_rtnl_message_addr_get_prefixlen(m
, &a
->prefixlen
);
1137 (void) sd_rtnl_message_addr_get_scope(m
, &a
->scope
);
1139 link_allocate_scopes(a
->link
);
1140 link_add_rrs(a
->link
, false);
1145 bool link_address_relevant(LinkAddress
*a
, bool local_multicast
) {
1148 if (a
->flags
& (IFA_F_DEPRECATED
|IFA_F_TENTATIVE
))
1151 if (a
->scope
>= (local_multicast
? RT_SCOPE_HOST
: RT_SCOPE_LINK
))
1157 static bool link_needs_save(Link
*l
) {
1160 /* Returns true if any of the settings where set different from the default */
1165 if (l
->llmnr_support
!= RESOLVE_SUPPORT_YES
||
1166 l
->mdns_support
!= RESOLVE_SUPPORT_NO
||
1167 l
->dnssec_mode
!= _DNSSEC_MODE_INVALID
||
1168 l
->dns_over_tls_mode
!= _DNS_OVER_TLS_MODE_INVALID
)
1171 if (l
->dns_servers
||
1175 if (!set_isempty(l
->dnssec_negative_trust_anchors
))
1178 if (l
->default_route
>= 0)
1184 int link_save_user(Link
*l
) {
1185 _cleanup_free_
char *temp_path
= NULL
;
1186 _cleanup_fclose_
FILE *f
= NULL
;
1191 assert(l
->state_file
);
1193 if (!link_needs_save(l
)) {
1194 (void) unlink(l
->state_file
);
1198 r
= mkdir_parents(l
->state_file
, 0700);
1202 r
= fopen_temporary(l
->state_file
, &f
, &temp_path
);
1206 (void) fchmod(fileno(f
), 0644);
1208 fputs("# This is private data. Do not parse.\n", f
);
1210 v
= resolve_support_to_string(l
->llmnr_support
);
1212 fprintf(f
, "LLMNR=%s\n", v
);
1214 v
= resolve_support_to_string(l
->mdns_support
);
1216 fprintf(f
, "MDNS=%s\n", v
);
1218 v
= dnssec_mode_to_string(l
->dnssec_mode
);
1220 fprintf(f
, "DNSSEC=%s\n", v
);
1222 if (l
->default_route
>= 0)
1223 fprintf(f
, "DEFAULT_ROUTE=%s\n", yes_no(l
->default_route
));
1225 if (l
->dns_servers
) {
1228 fputs("SERVERS=", f
);
1229 LIST_FOREACH(servers
, server
, l
->dns_servers
) {
1231 if (server
!= l
->dns_servers
)
1234 v
= dns_server_string_full(server
);
1245 if (l
->search_domains
) {
1246 DnsSearchDomain
*domain
;
1248 fputs("DOMAINS=", f
);
1249 LIST_FOREACH(domains
, domain
, l
->search_domains
) {
1251 if (domain
!= l
->search_domains
)
1254 if (domain
->route_only
)
1257 fputs(DNS_SEARCH_DOMAIN_NAME(domain
), f
);
1262 if (!set_isempty(l
->dnssec_negative_trust_anchors
)) {
1267 SET_FOREACH(nta
, l
->dnssec_negative_trust_anchors
) {
1278 r
= fflush_and_check(f
);
1282 if (rename(temp_path
, l
->state_file
) < 0) {
1290 (void) unlink(l
->state_file
);
1293 (void) unlink(temp_path
);
1295 return log_link_error_errno(l
, r
, "Failed to save link data %s: %m", l
->state_file
);
1298 int link_load_user(Link
*l
) {
1306 *default_route
= NULL
;
1313 assert(l
->state_file
);
1315 /* Try to load only a single time */
1321 return 0; /* if the device is managed, then networkd is our configuration source, not the bus API */
1323 r
= parse_env_file(NULL
, l
->state_file
,
1327 "SERVERS", &servers
,
1328 "DOMAINS", &domains
,
1330 "DEFAULT_ROUTE", &default_route
);
1336 link_flush_settings(l
);
1338 /* If we can't recognize the LLMNR or MDNS setting we don't override the default */
1339 s
= resolve_support_from_string(llmnr
);
1341 l
->llmnr_support
= s
;
1343 s
= resolve_support_from_string(mdns
);
1345 l
->mdns_support
= s
;
1347 r
= parse_boolean(default_route
);
1349 l
->default_route
= r
;
1351 /* If we can't recognize the DNSSEC setting, then set it to invalid, so that the daemon default is used. */
1352 l
->dnssec_mode
= dnssec_mode_from_string(dnssec
);
1354 for (p
= servers
;;) {
1355 _cleanup_free_
char *word
= NULL
;
1357 r
= extract_first_word(&p
, &word
, NULL
, 0);
1363 r
= link_update_dns_server_one(l
, word
);
1365 log_link_debug_errno(l
, r
, "Failed to load DNS server '%s', ignoring: %m", word
);
1370 for (p
= domains
;;) {
1371 _cleanup_free_
char *word
= NULL
;
1375 r
= extract_first_word(&p
, &word
, NULL
, 0);
1381 is_route
= word
[0] == '~';
1382 n
= is_route
? word
+ 1 : word
;
1384 r
= link_update_search_domain_one(l
, n
, is_route
);
1386 log_link_debug_errno(l
, r
, "Failed to load search domain '%s', ignoring: %m", word
);
1392 _cleanup_set_free_free_ Set
*ns
= NULL
;
1394 ns
= set_new(&dns_name_hash_ops
);
1400 r
= set_put_strsplit(ns
, ntas
, NULL
, 0);
1404 l
->dnssec_negative_trust_anchors
= TAKE_PTR(ns
);
1410 return log_link_error_errno(l
, r
, "Failed to load link data %s: %m", l
->state_file
);
1413 void link_remove_user(Link
*l
) {
1415 assert(l
->state_file
);
1417 (void) unlink(l
->state_file
);
1420 bool link_negative_trust_anchor_lookup(Link
*l
, const char *name
) {
1426 /* Checks whether the specified domain (or any of its parent domains) are listed as per-link NTA. */
1429 if (set_contains(l
->dnssec_negative_trust_anchors
, name
))
1432 /* And now, let's look at the parent, and check that too */
1433 r
= dns_name_parent(&name
);