]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolved-link.c
projects / thirdparty / systemd.git / blob
? search:


dd8b5a574b003f5ae92902689087f4c790a75ede
[thirdparty/systemd.git] / src / resolve / resolved-link.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2
3 #include <linux/if.h>
4 #include <unistd.h>
5
6 #include "sd-network.h"
7
8 #include "alloc-util.h"
9 #include "env-file.h"
10 #include "fd-util.h"
11 #include "fileio.h"
12 #include "log-link.h"
13 #include "mkdir.h"
14 #include "parse-util.h"
15 #include "resolved-link.h"
16 #include "resolved-llmnr.h"
17 #include "resolved-mdns.h"
18 #include "string-util.h"
19 #include "strv.h"
20 #include "tmpfile-util.h"
21
22 int link_new(Manager *m, Link **ret, int ifindex) {
23 _cleanup_(link_freep) Link *l = NULL;
24 int r;
25
26 assert(m);
27 assert(ifindex > 0);
28
29 r = hashmap_ensure_allocated(&m->links, NULL);
30 if (r < 0)
31 return r;
32
33 l = new(Link, 1);
34 if (!l)
35 return -ENOMEM;
36
37 *l = (Link) {
38 .ifindex = ifindex,
39 .default_route = -1,
40 .llmnr_support = RESOLVE_SUPPORT_YES,
41 .mdns_support = RESOLVE_SUPPORT_NO,
42 .dnssec_mode = _DNSSEC_MODE_INVALID,
43 .dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID,
44 .operstate = IF_OPER_UNKNOWN,
45 };
46
47 if (asprintf(&l->state_file, "/run/systemd/resolve/netif/%i", ifindex) < 0)
48 return -ENOMEM;
49
50 r = hashmap_put(m->links, INT_TO_PTR(ifindex), l);
51 if (r < 0)
52 return r;
53
54 l->manager = m;
55
56 if (ret)
57 *ret = l;
58 l = NULL;
59
60 return 0;
61 }
62
63 void link_flush_settings(Link *l) {
64 assert(l);
65
66 l->default_route = -1;
67 l->llmnr_support = RESOLVE_SUPPORT_YES;
68 l->mdns_support = RESOLVE_SUPPORT_NO;
69 l->dnssec_mode = _DNSSEC_MODE_INVALID;
70 l->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID;
71
72 dns_server_unlink_all(l->dns_servers);
73 dns_search_domain_unlink_all(l->search_domains);
74
75 l->dnssec_negative_trust_anchors = set_free_free(l->dnssec_negative_trust_anchors);
76 }
77
78 Link *link_free(Link *l) {
79 if (!l)
80 return NULL;
81
82 /* Send goodbye messages. */
83 dns_scope_announce(l->mdns_ipv4_scope, true);
84 dns_scope_announce(l->mdns_ipv6_scope, true);
85
86 link_flush_settings(l);
87
88 while (l->addresses)
89 (void) link_address_free(l->addresses);
90
91 if (l->manager)
92 hashmap_remove(l->manager->links, INT_TO_PTR(l->ifindex));
93
94 dns_scope_free(l->unicast_scope);
95 dns_scope_free(l->llmnr_ipv4_scope);
96 dns_scope_free(l->llmnr_ipv6_scope);
97 dns_scope_free(l->mdns_ipv4_scope);
98 dns_scope_free(l->mdns_ipv6_scope);
99
100 free(l->state_file);
101 free(l->ifname);
102
103 return mfree(l);
104 }
105
106 void link_allocate_scopes(Link *l) {
107 bool unicast_relevant;
108 int r;
109
110 assert(l);
111
112 /* If a link that used to be relevant is no longer, or a link that did not use to be relevant now becomes
113 * relevant, let's reinit the learnt global DNS server information, since we might talk to different servers
114 * now, even if they have the same addresses as before. */
115
116 unicast_relevant = link_relevant(l, AF_UNSPEC, false);
117 if (unicast_relevant != l->unicast_relevant) {
118 l->unicast_relevant = unicast_relevant;
119
120 dns_server_reset_features_all(l->manager->fallback_dns_servers);
121 dns_server_reset_features_all(l->manager->dns_servers);
122
123 /* Also, flush the global unicast scope, to deal with split horizon setups, where talking through one
124 * interface reveals different DNS zones than through others. */
125 if (l->manager->unicast_scope)
126 dns_cache_flush(&l->manager->unicast_scope->cache);
127 }
128
129 /* And now, allocate all scopes that makes sense now if we didn't have them yet, and drop those which we don't
130 * need anymore */
131
132 if (unicast_relevant && l->dns_servers) {
133 if (!l->unicast_scope) {
134 dns_server_reset_features_all(l->dns_servers);
135
136 r = dns_scope_new(l->manager, &l->unicast_scope, l, DNS_PROTOCOL_DNS, AF_UNSPEC);
137 if (r < 0)
138 log_warning_errno(r, "Failed to allocate DNS scope: %m");
139 }
140 } else
141 l->unicast_scope = dns_scope_free(l->unicast_scope);
142
143 if (link_relevant(l, AF_INET, true) &&
144 l->llmnr_support != RESOLVE_SUPPORT_NO &&
145 l->manager->llmnr_support != RESOLVE_SUPPORT_NO) {
146 if (!l->llmnr_ipv4_scope) {
147 r = dns_scope_new(l->manager, &l->llmnr_ipv4_scope, l, DNS_PROTOCOL_LLMNR, AF_INET);
148 if (r < 0)
149 log_warning_errno(r, "Failed to allocate LLMNR IPv4 scope: %m");
150 }
151 } else
152 l->llmnr_ipv4_scope = dns_scope_free(l->llmnr_ipv4_scope);
153
154 if (link_relevant(l, AF_INET6, true) &&
155 l->llmnr_support != RESOLVE_SUPPORT_NO &&
156 l->manager->llmnr_support != RESOLVE_SUPPORT_NO &&
157 socket_ipv6_is_supported()) {
158 if (!l->llmnr_ipv6_scope) {
159 r = dns_scope_new(l->manager, &l->llmnr_ipv6_scope, l, DNS_PROTOCOL_LLMNR, AF_INET6);
160 if (r < 0)
161 log_warning_errno(r, "Failed to allocate LLMNR IPv6 scope: %m");
162 }
163 } else
164 l->llmnr_ipv6_scope = dns_scope_free(l->llmnr_ipv6_scope);
165
166 if (link_relevant(l, AF_INET, true) &&
167 l->mdns_support != RESOLVE_SUPPORT_NO &&
168 l->manager->mdns_support != RESOLVE_SUPPORT_NO) {
169 if (!l->mdns_ipv4_scope) {
170 r = dns_scope_new(l->manager, &l->mdns_ipv4_scope, l, DNS_PROTOCOL_MDNS, AF_INET);
171 if (r < 0)
172 log_warning_errno(r, "Failed to allocate mDNS IPv4 scope: %m");
173 }
174 } else
175 l->mdns_ipv4_scope = dns_scope_free(l->mdns_ipv4_scope);
176
177 if (link_relevant(l, AF_INET6, true) &&
178 l->mdns_support != RESOLVE_SUPPORT_NO &&
179 l->manager->mdns_support != RESOLVE_SUPPORT_NO) {
180 if (!l->mdns_ipv6_scope) {
181 r = dns_scope_new(l->manager, &l->mdns_ipv6_scope, l, DNS_PROTOCOL_MDNS, AF_INET6);
182 if (r < 0)
183 log_warning_errno(r, "Failed to allocate mDNS IPv6 scope: %m");
184 }
185 } else
186 l->mdns_ipv6_scope = dns_scope_free(l->mdns_ipv6_scope);
187 }
188
189 void link_add_rrs(Link *l, bool force_remove) {
190 LinkAddress *a;
191 int r;
192
193 LIST_FOREACH(addresses, a, l->addresses)
194 link_address_add_rrs(a, force_remove);
195
196 if (!force_remove &&
197 l->mdns_support == RESOLVE_SUPPORT_YES &&
198 l->manager->mdns_support == RESOLVE_SUPPORT_YES) {
199
200 if (l->mdns_ipv4_scope) {
201 r = dns_scope_add_dnssd_services(l->mdns_ipv4_scope);
202 if (r < 0)
203 log_warning_errno(r, "Failed to add IPv4 DNS-SD services: %m");
204 }
205
206 if (l->mdns_ipv6_scope) {
207 r = dns_scope_add_dnssd_services(l->mdns_ipv6_scope);
208 if (r < 0)
209 log_warning_errno(r, "Failed to add IPv6 DNS-SD services: %m");
210 }
211
212 } else {
213
214 if (l->mdns_ipv4_scope) {
215 r = dns_scope_remove_dnssd_services(l->mdns_ipv4_scope);
216 if (r < 0)
217 log_warning_errno(r, "Failed to remove IPv4 DNS-SD services: %m");
218 }
219
220 if (l->mdns_ipv6_scope) {
221 r = dns_scope_remove_dnssd_services(l->mdns_ipv6_scope);
222 if (r < 0)
223 log_warning_errno(r, "Failed to remove IPv6 DNS-SD services: %m");
224 }
225 }
226 }
227
228 int link_process_rtnl(Link *l, sd_netlink_message *m) {
229 const char *n = NULL;
230 int r;
231
232 assert(l);
233 assert(m);
234
235 r = sd_rtnl_message_link_get_flags(m, &l->flags);
236 if (r < 0)
237 return r;
238
239 (void) sd_netlink_message_read_u32(m, IFLA_MTU, &l->mtu);
240 (void) sd_netlink_message_read_u8(m, IFLA_OPERSTATE, &l->operstate);
241
242 if (sd_netlink_message_read_string(m, IFLA_IFNAME, &n) >= 0) {
243 r = free_and_strdup(&l->ifname, n);
244 if (r < 0)
245 return r;
246 }
247
248 link_allocate_scopes(l);
249 link_add_rrs(l, false);
250
251 return 0;
252 }
253
254 static int link_update_dns_server_one(Link *l, const char *name) {
255 union in_addr_union a;
256 DnsServer *s;
257 int family, r;
258
259 assert(l);
260 assert(name);
261
262 r = in_addr_from_string_auto(name, &family, &a);
263 if (r < 0)
264 return r;
265
266 s = dns_server_find(l->dns_servers, family, &a, 0);
267 if (s) {
268 dns_server_move_back_and_unmark(s);
269 return 0;
270 }
271
272 return dns_server_new(l->manager, NULL, DNS_SERVER_LINK, l, family, &a, 0);
273 }
274
275 static int link_update_dns_servers(Link *l) {
276 _cleanup_strv_free_ char **nameservers = NULL;
277 char **nameserver;
278 int r;
279
280 assert(l);
281
282 r = sd_network_link_get_dns(l->ifindex, &nameservers);
283 if (r == -ENODATA) {
284 r = 0;
285 goto clear;
286 }
287 if (r < 0)
288 goto clear;
289
290 dns_server_mark_all(l->dns_servers);
291
292 STRV_FOREACH(nameserver, nameservers) {
293 r = link_update_dns_server_one(l, *nameserver);
294 if (r < 0)
295 goto clear;
296 }
297
298 dns_server_unlink_marked(l->dns_servers);
299 return 0;
300
301 clear:
302 dns_server_unlink_all(l->dns_servers);
303 return r;
304 }
305
306 static int link_update_default_route(Link *l) {
307 int r;
308
309 assert(l);
310
311 r = sd_network_link_get_dns_default_route(l->ifindex);
312 if (r == -ENODATA) {
313 r = 0;
314 goto clear;
315 }
316 if (r < 0)
317 goto clear;
318
319 l->default_route = r > 0;
320 return 0;
321
322 clear:
323 l->default_route = -1;
324 return r;
325 }
326
327 static int link_update_llmnr_support(Link *l) {
328 _cleanup_free_ char *b = NULL;
329 int r;
330
331 assert(l);
332
333 r = sd_network_link_get_llmnr(l->ifindex, &b);
334 if (r == -ENODATA) {
335 r = 0;
336 goto clear;
337 }
338 if (r < 0)
339 goto clear;
340
341 l->llmnr_support = resolve_support_from_string(b);
342 if (l->llmnr_support < 0) {
343 r = -EINVAL;
344 goto clear;
345 }
346
347 return 0;
348
349 clear:
350 l->llmnr_support = RESOLVE_SUPPORT_YES;
351 return r;
352 }
353
354 static int link_update_mdns_support(Link *l) {
355 _cleanup_free_ char *b = NULL;
356 int r;
357
358 assert(l);
359
360 r = sd_network_link_get_mdns(l->ifindex, &b);
361 if (r == -ENODATA) {
362 r = 0;
363 goto clear;
364 }
365 if (r < 0)
366 goto clear;
367
368 l->mdns_support = resolve_support_from_string(b);
369 if (l->mdns_support < 0) {
370 r = -EINVAL;
371 goto clear;
372 }
373
374 return 0;
375
376 clear:
377 l->mdns_support = RESOLVE_SUPPORT_NO;
378 return r;
379 }
380
381 void link_set_dns_over_tls_mode(Link *l, DnsOverTlsMode mode) {
382
383 assert(l);
384
385 #if ! ENABLE_DNS_OVER_TLS
386 if (mode != DNS_OVER_TLS_NO)
387 log_warning("DNS-over-TLS option for the link cannot be set to opportunistic when systemd-resolved is built without DNS-over-TLS support. Turning off DNS-over-TLS support.");
388 return;
389 #endif
390
391 l->dns_over_tls_mode = mode;
392 }
393
394 static int link_update_dns_over_tls_mode(Link *l) {
395 _cleanup_free_ char *b = NULL;
396 int r;
397
398 assert(l);
399
400 r = sd_network_link_get_dns_over_tls(l->ifindex, &b);
401 if (r == -ENODATA) {
402 r = 0;
403 goto clear;
404 }
405 if (r < 0)
406 goto clear;
407
408 l->dns_over_tls_mode = dns_over_tls_mode_from_string(b);
409 if (l->dns_over_tls_mode < 0) {
410 r = -EINVAL;
411 goto clear;
412 }
413
414 return 0;
415
416 clear:
417 l->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID;
418 return r;
419 }
420
421 void link_set_dnssec_mode(Link *l, DnssecMode mode) {
422
423 assert(l);
424
425 #if ! HAVE_GCRYPT
426 if (IN_SET(mode, DNSSEC_YES, DNSSEC_ALLOW_DOWNGRADE))
427 log_warning("DNSSEC option for the link cannot be enabled or set to allow-downgrade when systemd-resolved is built without gcrypt support. Turning off DNSSEC support.");
428 return;
429 #endif
430
431 if (l->dnssec_mode == mode)
432 return;
433
434 if ((l->dnssec_mode == _DNSSEC_MODE_INVALID) ||
435 (l->dnssec_mode == DNSSEC_NO && mode != DNSSEC_NO) ||
436 (l->dnssec_mode == DNSSEC_ALLOW_DOWNGRADE && mode == DNSSEC_YES)) {
437
438 /* When switching from non-DNSSEC mode to DNSSEC mode, flush the cache. Also when switching from the
439 * allow-downgrade mode to full DNSSEC mode, flush it too. */
440 if (l->unicast_scope)
441 dns_cache_flush(&l->unicast_scope->cache);
442 }
443
444 l->dnssec_mode = mode;
445 }
446
447 static int link_update_dnssec_mode(Link *l) {
448 _cleanup_free_ char *m = NULL;
449 DnssecMode mode;
450 int r;
451
452 assert(l);
453
454 r = sd_network_link_get_dnssec(l->ifindex, &m);
455 if (r == -ENODATA) {
456 r = 0;
457 goto clear;
458 }
459 if (r < 0)
460 goto clear;
461
462 mode = dnssec_mode_from_string(m);
463 if (mode < 0) {
464 r = -EINVAL;
465 goto clear;
466 }
467
468 link_set_dnssec_mode(l, mode);
469
470 return 0;
471
472 clear:
473 l->dnssec_mode = _DNSSEC_MODE_INVALID;
474 return r;
475 }
476
477 static int link_update_dnssec_negative_trust_anchors(Link *l) {
478 _cleanup_strv_free_ char **ntas = NULL;
479 _cleanup_set_free_free_ Set *ns = NULL;
480 int r;
481
482 assert(l);
483
484 r = sd_network_link_get_dnssec_negative_trust_anchors(l->ifindex, &ntas);
485 if (r == -ENODATA) {
486 r = 0;
487 goto clear;
488 }
489 if (r < 0)
490 goto clear;
491
492 ns = set_new(&dns_name_hash_ops);
493 if (!ns)
494 return -ENOMEM;
495
496 r = set_put_strdupv(ns, ntas);
497 if (r < 0)
498 return r;
499
500 set_free_free(l->dnssec_negative_trust_anchors);
501 l->dnssec_negative_trust_anchors = TAKE_PTR(ns);
502
503 return 0;
504
505 clear:
506 l->dnssec_negative_trust_anchors = set_free_free(l->dnssec_negative_trust_anchors);
507 return r;
508 }
509
510 static int link_update_search_domain_one(Link *l, const char *name, bool route_only) {
511 DnsSearchDomain *d;
512 int r;
513
514 assert(l);
515 assert(name);
516
517 r = dns_search_domain_find(l->search_domains, name, &d);
518 if (r < 0)
519 return r;
520 if (r > 0)
521 dns_search_domain_move_back_and_unmark(d);
522 else {
523 r = dns_search_domain_new(l->manager, &d, DNS_SEARCH_DOMAIN_LINK, l, name);
524 if (r < 0)
525 return r;
526 }
527
528 d->route_only = route_only;
529 return 0;
530 }
531
532 static int link_update_search_domains(Link *l) {
533 _cleanup_strv_free_ char **sdomains = NULL, **rdomains = NULL;
534 char **i;
535 int r, q;
536
537 assert(l);
538
539 r = sd_network_link_get_search_domains(l->ifindex, &sdomains);
540 if (r < 0 && r != -ENODATA)
541 goto clear;
542
543 q = sd_network_link_get_route_domains(l->ifindex, &rdomains);
544 if (q < 0 && q != -ENODATA) {
545 r = q;
546 goto clear;
547 }
548
549 if (r == -ENODATA && q == -ENODATA) {
550 /* networkd knows nothing about this interface, and that's fine. */
551 r = 0;
552 goto clear;
553 }
554
555 dns_search_domain_mark_all(l->search_domains);
556
557 STRV_FOREACH(i, sdomains) {
558 r = link_update_search_domain_one(l, *i, false);
559 if (r < 0)
560 goto clear;
561 }
562
563 STRV_FOREACH(i, rdomains) {
564 r = link_update_search_domain_one(l, *i, true);
565 if (r < 0)
566 goto clear;
567 }
568
569 dns_search_domain_unlink_marked(l->search_domains);
570 return 0;
571
572 clear:
573 dns_search_domain_unlink_all(l->search_domains);
574 return r;
575 }
576
577 static int link_is_managed(Link *l) {
578 _cleanup_free_ char *state = NULL;
579 int r;
580
581 assert(l);
582
583 r = sd_network_link_get_setup_state(l->ifindex, &state);
584 if (r == -ENODATA)
585 return 0;
586 if (r < 0)
587 return r;
588
589 return !STR_IN_SET(state, "pending", "unmanaged");
590 }
591
592 static void link_read_settings(Link *l) {
593 int r;
594
595 assert(l);
596
597 /* Read settings from networkd, except when networkd is not managing this interface. */
598
599 r = link_is_managed(l);
600 if (r < 0) {
601 log_link_warning_errno(l, r, "Failed to determine whether the interface is managed: %m");
602 return;
603 }
604 if (r == 0) {
605
606 /* If this link used to be managed, but is now unmanaged, flush all our settings — but only once. */
607 if (l->is_managed)
608 link_flush_settings(l);
609
610 l->is_managed = false;
611 return;
612 }
613
614 l->is_managed = true;
615
616 r = link_update_dns_servers(l);
617 if (r < 0)
618 log_link_warning_errno(l, r, "Failed to read DNS servers for the interface, ignoring: %m");
619
620 r = link_update_llmnr_support(l);
621 if (r < 0)
622 log_link_warning_errno(l, r, "Failed to read LLMNR support for the interface, ignoring: %m");
623
624 r = link_update_mdns_support(l);
625 if (r < 0)
626 log_link_warning_errno(l, r, "Failed to read mDNS support for the interface, ignoring: %m");
627
628 r = link_update_dns_over_tls_mode(l);
629 if (r < 0)
630 log_link_warning_errno(l, r, "Failed to read DNS-over-TLS mode for the interface, ignoring: %m");
631
632 r = link_update_dnssec_mode(l);
633 if (r < 0)
634 log_link_warning_errno(l, r, "Failed to read DNSSEC mode for the interface, ignoring: %m");
635
636 r = link_update_dnssec_negative_trust_anchors(l);
637 if (r < 0)
638 log_link_warning_errno(l, r, "Failed to read DNSSEC negative trust anchors for the interface, ignoring: %m");
639
640 r = link_update_search_domains(l);
641 if (r < 0)
642 log_link_warning_errno(l, r, "Failed to read search domains for the interface, ignoring: %m");
643
644 r = link_update_default_route(l);
645 if (r < 0)
646 log_link_warning_errno(l, r, "Failed to read default route setting for the interface, proceeding anyway: %m");
647 }
648
649 int link_update(Link *l) {
650 int r;
651
652 assert(l);
653
654 link_read_settings(l);
655 link_load_user(l);
656
657 if (l->llmnr_support != RESOLVE_SUPPORT_NO) {
658 r = manager_llmnr_start(l->manager);
659 if (r < 0)
660 return r;
661 }
662
663 if (l->mdns_support != RESOLVE_SUPPORT_NO) {
664 r = manager_mdns_start(l->manager);
665 if (r < 0)
666 return r;
667 }
668
669 link_allocate_scopes(l);
670 link_add_rrs(l, false);
671
672 return 0;
673 }
674
675 bool link_relevant(Link *l, int family, bool local_multicast) {
676 _cleanup_free_ char *state = NULL;
677 LinkAddress *a;
678
679 assert(l);
680
681 /* A link is relevant for local multicast traffic if it isn't a loopback device, has a link
682 * beat, can do multicast and has at least one link-local (or better) IP address.
683 *
684 * A link is relevant for non-multicast traffic if it isn't a loopback device, has a link beat, and has at
685 * least one routable address. */
686
687 if (l->flags & (IFF_LOOPBACK|IFF_DORMANT))
688 return false;
689
690 if ((l->flags & (IFF_UP|IFF_LOWER_UP)) != (IFF_UP|IFF_LOWER_UP))
691 return false;
692
693 if (local_multicast) {
694 if ((l->flags & IFF_MULTICAST) != IFF_MULTICAST)
695 return false;
696 }
697
698 /* Check kernel operstate
699 * https://www.kernel.org/doc/Documentation/networking/operstates.txt */
700 if (!IN_SET(l->operstate, IF_OPER_UNKNOWN, IF_OPER_UP))
701 return false;
702
703 (void) sd_network_link_get_operational_state(l->ifindex, &state);
704 if (state && !STR_IN_SET(state, "unknown", "degraded", "degraded-carrier", "routable"))
705 return false;
706
707 LIST_FOREACH(addresses, a, l->addresses)
708 if ((family == AF_UNSPEC || a->family == family) && link_address_relevant(a, local_multicast))
709 return true;
710
711 return false;
712 }
713
714 LinkAddress *link_find_address(Link *l, int family, const union in_addr_union *in_addr) {
715 LinkAddress *a;
716
717 assert(l);
718
719 LIST_FOREACH(addresses, a, l->addresses)
720 if (a->family == family && in_addr_equal(family, &a->in_addr, in_addr))
721 return a;
722
723 return NULL;
724 }
725
726 DnsServer* link_set_dns_server(Link *l, DnsServer *s) {
727 assert(l);
728
729 if (l->current_dns_server == s)
730 return s;
731
732 if (s)
733 log_debug("Switching to DNS server %s for interface %s.", dns_server_string(s), l->ifname);
734
735 dns_server_unref(l->current_dns_server);
736 l->current_dns_server = dns_server_ref(s);
737
738 if (l->unicast_scope)
739 dns_cache_flush(&l->unicast_scope->cache);
740
741 return s;
742 }
743
744 DnsServer *link_get_dns_server(Link *l) {
745 assert(l);
746
747 if (!l->current_dns_server)
748 link_set_dns_server(l, l->dns_servers);
749
750 return l->current_dns_server;
751 }
752
753 void link_next_dns_server(Link *l) {
754 assert(l);
755
756 if (!l->current_dns_server)
757 return;
758
759 /* Change to the next one, but make sure to follow the linked
760 * list only if this server is actually still linked. */
761 if (l->current_dns_server->linked && l->current_dns_server->servers_next) {
762 link_set_dns_server(l, l->current_dns_server->servers_next);
763 return;
764 }
765
766 link_set_dns_server(l, l->dns_servers);
767 }
768
769 DnsOverTlsMode link_get_dns_over_tls_mode(Link *l) {
770 assert(l);
771
772 if (l->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
773 return l->dns_over_tls_mode;
774
775 return manager_get_dns_over_tls_mode(l->manager);
776 }
777
778 DnssecMode link_get_dnssec_mode(Link *l) {
779 assert(l);
780
781 if (l->dnssec_mode != _DNSSEC_MODE_INVALID)
782 return l->dnssec_mode;
783
784 return manager_get_dnssec_mode(l->manager);
785 }
786
787 bool link_dnssec_supported(Link *l) {
788 DnsServer *server;
789
790 assert(l);
791
792 if (link_get_dnssec_mode(l) == DNSSEC_NO)
793 return false;
794
795 server = link_get_dns_server(l);
796 if (server)
797 return dns_server_dnssec_supported(server);
798
799 return true;
800 }
801
802 int link_address_new(Link *l, LinkAddress **ret, int family, const union in_addr_union *in_addr) {
803 LinkAddress *a;
804
805 assert(l);
806 assert(in_addr);
807
808 a = new0(LinkAddress, 1);
809 if (!a)
810 return -ENOMEM;
811
812 a->family = family;
813 a->in_addr = *in_addr;
814
815 a->link = l;
816 LIST_PREPEND(addresses, l->addresses, a);
817 l->n_addresses++;
818
819 if (ret)
820 *ret = a;
821
822 return 0;
823 }
824
825 LinkAddress *link_address_free(LinkAddress *a) {
826 if (!a)
827 return NULL;
828
829 if (a->link) {
830 LIST_REMOVE(addresses, a->link->addresses, a);
831
832 assert(a->link->n_addresses > 0);
833 a->link->n_addresses--;
834
835 if (a->llmnr_address_rr) {
836 if (a->family == AF_INET && a->link->llmnr_ipv4_scope)
837 dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_address_rr);
838 else if (a->family == AF_INET6 && a->link->llmnr_ipv6_scope)
839 dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_address_rr);
840 }
841
842 if (a->llmnr_ptr_rr) {
843 if (a->family == AF_INET && a->link->llmnr_ipv4_scope)
844 dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_ptr_rr);
845 else if (a->family == AF_INET6 && a->link->llmnr_ipv6_scope)
846 dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_ptr_rr);
847 }
848
849 if (a->mdns_address_rr) {
850 if (a->family == AF_INET && a->link->mdns_ipv4_scope)
851 dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_address_rr);
852 else if (a->family == AF_INET6 && a->link->mdns_ipv6_scope)
853 dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_address_rr);
854 }
855
856 if (a->mdns_ptr_rr) {
857 if (a->family == AF_INET && a->link->mdns_ipv4_scope)
858 dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_ptr_rr);
859 else if (a->family == AF_INET6 && a->link->mdns_ipv6_scope)
860 dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_ptr_rr);
861 }
862 }
863
864 dns_resource_record_unref(a->llmnr_address_rr);
865 dns_resource_record_unref(a->llmnr_ptr_rr);
866 dns_resource_record_unref(a->mdns_address_rr);
867 dns_resource_record_unref(a->mdns_ptr_rr);
868
869 return mfree(a);
870 }
871
872 void link_address_add_rrs(LinkAddress *a, bool force_remove) {
873 int r;
874
875 assert(a);
876
877 if (a->family == AF_INET) {
878
879 if (!force_remove &&
880 link_address_relevant(a, true) &&
881 a->link->llmnr_ipv4_scope &&
882 a->link->llmnr_support == RESOLVE_SUPPORT_YES &&
883 a->link->manager->llmnr_support == RESOLVE_SUPPORT_YES) {
884
885 if (!a->link->manager->llmnr_host_ipv4_key) {
886 a->link->manager->llmnr_host_ipv4_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_A, a->link->manager->llmnr_hostname);
887 if (!a->link->manager->llmnr_host_ipv4_key) {
888 r = -ENOMEM;
889 goto fail;
890 }
891 }
892
893 if (!a->llmnr_address_rr) {
894 a->llmnr_address_rr = dns_resource_record_new(a->link->manager->llmnr_host_ipv4_key);
895 if (!a->llmnr_address_rr) {
896 r = -ENOMEM;
897 goto fail;
898 }
899
900 a->llmnr_address_rr->a.in_addr = a->in_addr.in;
901 a->llmnr_address_rr->ttl = LLMNR_DEFAULT_TTL;
902 }
903
904 if (!a->llmnr_ptr_rr) {
905 r = dns_resource_record_new_reverse(&a->llmnr_ptr_rr, a->family, &a->in_addr, a->link->manager->llmnr_hostname);
906 if (r < 0)
907 goto fail;
908
909 a->llmnr_ptr_rr->ttl = LLMNR_DEFAULT_TTL;
910 }
911
912 r = dns_zone_put(&a->link->llmnr_ipv4_scope->zone, a->link->llmnr_ipv4_scope, a->llmnr_address_rr, true);
913 if (r < 0)
914 log_warning_errno(r, "Failed to add A record to LLMNR zone: %m");
915
916 r = dns_zone_put(&a->link->llmnr_ipv4_scope->zone, a->link->llmnr_ipv4_scope, a->llmnr_ptr_rr, false);
917 if (r < 0)
918 log_warning_errno(r, "Failed to add IPv4 PTR record to LLMNR zone: %m");
919 } else {
920 if (a->llmnr_address_rr) {
921 if (a->link->llmnr_ipv4_scope)
922 dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_address_rr);
923 a->llmnr_address_rr = dns_resource_record_unref(a->llmnr_address_rr);
924 }
925
926 if (a->llmnr_ptr_rr) {
927 if (a->link->llmnr_ipv4_scope)
928 dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_ptr_rr);
929 a->llmnr_ptr_rr = dns_resource_record_unref(a->llmnr_ptr_rr);
930 }
931 }
932
933 if (!force_remove &&
934 link_address_relevant(a, true) &&
935 a->link->mdns_ipv4_scope &&
936 a->link->mdns_support == RESOLVE_SUPPORT_YES &&
937 a->link->manager->mdns_support == RESOLVE_SUPPORT_YES) {
938 if (!a->link->manager->mdns_host_ipv4_key) {
939 a->link->manager->mdns_host_ipv4_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_A, a->link->manager->mdns_hostname);
940 if (!a->link->manager->mdns_host_ipv4_key) {
941 r = -ENOMEM;
942 goto fail;
943 }
944 }
945
946 if (!a->mdns_address_rr) {
947 a->mdns_address_rr = dns_resource_record_new(a->link->manager->mdns_host_ipv4_key);
948 if (!a->mdns_address_rr) {
949 r = -ENOMEM;
950 goto fail;
951 }
952
953 a->mdns_address_rr->a.in_addr = a->in_addr.in;
954 a->mdns_address_rr->ttl = MDNS_DEFAULT_TTL;
955 }
956
957 if (!a->mdns_ptr_rr) {
958 r = dns_resource_record_new_reverse(&a->mdns_ptr_rr, a->family, &a->in_addr, a->link->manager->mdns_hostname);
959 if (r < 0)
960 goto fail;
961
962 a->mdns_ptr_rr->ttl = MDNS_DEFAULT_TTL;
963 }
964
965 r = dns_zone_put(&a->link->mdns_ipv4_scope->zone, a->link->mdns_ipv4_scope, a->mdns_address_rr, true);
966 if (r < 0)
967 log_warning_errno(r, "Failed to add A record to MDNS zone: %m");
968
969 r = dns_zone_put(&a->link->mdns_ipv4_scope->zone, a->link->mdns_ipv4_scope, a->mdns_ptr_rr, false);
970 if (r < 0)
971 log_warning_errno(r, "Failed to add IPv4 PTR record to MDNS zone: %m");
972 } else {
973 if (a->mdns_address_rr) {
974 if (a->link->mdns_ipv4_scope)
975 dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_address_rr);
976 a->mdns_address_rr = dns_resource_record_unref(a->mdns_address_rr);
977 }
978
979 if (a->mdns_ptr_rr) {
980 if (a->link->mdns_ipv4_scope)
981 dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_ptr_rr);
982 a->mdns_ptr_rr = dns_resource_record_unref(a->mdns_ptr_rr);
983 }
984 }
985 }
986
987 if (a->family == AF_INET6) {
988
989 if (!force_remove &&
990 link_address_relevant(a, true) &&
991 a->link->llmnr_ipv6_scope &&
992 a->link->llmnr_support == RESOLVE_SUPPORT_YES &&
993 a->link->manager->llmnr_support == RESOLVE_SUPPORT_YES) {
994
995 if (!a->link->manager->llmnr_host_ipv6_key) {
996 a->link->manager->llmnr_host_ipv6_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_AAAA, a->link->manager->llmnr_hostname);
997 if (!a->link->manager->llmnr_host_ipv6_key) {
998 r = -ENOMEM;
999 goto fail;
1000 }
1001 }
1002
1003 if (!a->llmnr_address_rr) {
1004 a->llmnr_address_rr = dns_resource_record_new(a->link->manager->llmnr_host_ipv6_key);
1005 if (!a->llmnr_address_rr) {
1006 r = -ENOMEM;
1007 goto fail;
1008 }
1009
1010 a->llmnr_address_rr->aaaa.in6_addr = a->in_addr.in6;
1011 a->llmnr_address_rr->ttl = LLMNR_DEFAULT_TTL;
1012 }
1013
1014 if (!a->llmnr_ptr_rr) {
1015 r = dns_resource_record_new_reverse(&a->llmnr_ptr_rr, a->family, &a->in_addr, a->link->manager->llmnr_hostname);
1016 if (r < 0)
1017 goto fail;
1018
1019 a->llmnr_ptr_rr->ttl = LLMNR_DEFAULT_TTL;
1020 }
1021
1022 r = dns_zone_put(&a->link->llmnr_ipv6_scope->zone, a->link->llmnr_ipv6_scope, a->llmnr_address_rr, true);
1023 if (r < 0)
1024 log_warning_errno(r, "Failed to add AAAA record to LLMNR zone: %m");
1025
1026 r = dns_zone_put(&a->link->llmnr_ipv6_scope->zone, a->link->llmnr_ipv6_scope, a->llmnr_ptr_rr, false);
1027 if (r < 0)
1028 log_warning_errno(r, "Failed to add IPv6 PTR record to LLMNR zone: %m");
1029 } else {
1030 if (a->llmnr_address_rr) {
1031 if (a->link->llmnr_ipv6_scope)
1032 dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_address_rr);
1033 a->llmnr_address_rr = dns_resource_record_unref(a->llmnr_address_rr);
1034 }
1035
1036 if (a->llmnr_ptr_rr) {
1037 if (a->link->llmnr_ipv6_scope)
1038 dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_ptr_rr);
1039 a->llmnr_ptr_rr = dns_resource_record_unref(a->llmnr_ptr_rr);
1040 }
1041 }
1042
1043 if (!force_remove &&
1044 link_address_relevant(a, true) &&
1045 a->link->mdns_ipv6_scope &&
1046 a->link->mdns_support == RESOLVE_SUPPORT_YES &&
1047 a->link->manager->mdns_support == RESOLVE_SUPPORT_YES) {
1048
1049 if (!a->link->manager->mdns_host_ipv6_key) {
1050 a->link->manager->mdns_host_ipv6_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_AAAA, a->link->manager->mdns_hostname);
1051 if (!a->link->manager->mdns_host_ipv6_key) {
1052 r = -ENOMEM;
1053 goto fail;
1054 }
1055 }
1056
1057 if (!a->mdns_address_rr) {
1058 a->mdns_address_rr = dns_resource_record_new(a->link->manager->mdns_host_ipv6_key);
1059 if (!a->mdns_address_rr) {
1060 r = -ENOMEM;
1061 goto fail;
1062 }
1063
1064 a->mdns_address_rr->aaaa.in6_addr = a->in_addr.in6;
1065 a->mdns_address_rr->ttl = MDNS_DEFAULT_TTL;
1066 }
1067
1068 if (!a->mdns_ptr_rr) {
1069 r = dns_resource_record_new_reverse(&a->mdns_ptr_rr, a->family, &a->in_addr, a->link->manager->mdns_hostname);
1070 if (r < 0)
1071 goto fail;
1072
1073 a->mdns_ptr_rr->ttl = MDNS_DEFAULT_TTL;
1074 }
1075
1076 r = dns_zone_put(&a->link->mdns_ipv6_scope->zone, a->link->mdns_ipv6_scope, a->mdns_address_rr, true);
1077 if (r < 0)
1078 log_warning_errno(r, "Failed to add AAAA record to MDNS zone: %m");
1079
1080 r = dns_zone_put(&a->link->mdns_ipv6_scope->zone, a->link->mdns_ipv6_scope, a->mdns_ptr_rr, false);
1081 if (r < 0)
1082 log_warning_errno(r, "Failed to add IPv6 PTR record to MDNS zone: %m");
1083 } else {
1084 if (a->mdns_address_rr) {
1085 if (a->link->mdns_ipv6_scope)
1086 dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_address_rr);
1087 a->mdns_address_rr = dns_resource_record_unref(a->mdns_address_rr);
1088 }
1089
1090 if (a->mdns_ptr_rr) {
1091 if (a->link->mdns_ipv6_scope)
1092 dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_ptr_rr);
1093 a->mdns_ptr_rr = dns_resource_record_unref(a->mdns_ptr_rr);
1094 }
1095 }
1096 }
1097
1098 return;
1099
1100 fail:
1101 log_debug_errno(r, "Failed to update address RRs: %m");
1102 }
1103
1104 int link_address_update_rtnl(LinkAddress *a, sd_netlink_message *m) {
1105 int r;
1106 assert(a);
1107 assert(m);
1108
1109 r = sd_rtnl_message_addr_get_flags(m, &a->flags);
1110 if (r < 0)
1111 return r;
1112
1113 sd_rtnl_message_addr_get_scope(m, &a->scope);
1114
1115 link_allocate_scopes(a->link);
1116 link_add_rrs(a->link, false);
1117
1118 return 0;
1119 }
1120
1121 bool link_address_relevant(LinkAddress *a, bool local_multicast) {
1122 assert(a);
1123
1124 if (a->flags & (IFA_F_DEPRECATED|IFA_F_TENTATIVE))
1125 return false;
1126
1127 if (a->scope >= (local_multicast ? RT_SCOPE_HOST : RT_SCOPE_LINK))
1128 return false;
1129
1130 return true;
1131 }
1132
1133 static bool link_needs_save(Link *l) {
1134 assert(l);
1135
1136 /* Returns true if any of the settings where set different from the default */
1137
1138 if (l->is_managed)
1139 return false;
1140
1141 if (l->llmnr_support != RESOLVE_SUPPORT_YES ||
1142 l->mdns_support != RESOLVE_SUPPORT_NO ||
1143 l->dnssec_mode != _DNSSEC_MODE_INVALID ||
1144 l->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
1145 return true;
1146
1147 if (l->dns_servers ||
1148 l->search_domains)
1149 return true;
1150
1151 if (!set_isempty(l->dnssec_negative_trust_anchors))
1152 return true;
1153
1154 if (l->default_route >= 0)
1155 return true;
1156
1157 return false;
1158 }
1159
1160 int link_save_user(Link *l) {
1161 _cleanup_free_ char *temp_path = NULL;
1162 _cleanup_fclose_ FILE *f = NULL;
1163 const char *v;
1164 int r;
1165
1166 assert(l);
1167 assert(l->state_file);
1168
1169 if (!link_needs_save(l)) {
1170 (void) unlink(l->state_file);
1171 return 0;
1172 }
1173
1174 r = mkdir_parents(l->state_file, 0700);
1175 if (r < 0)
1176 goto fail;
1177
1178 r = fopen_temporary(l->state_file, &f, &temp_path);
1179 if (r < 0)
1180 goto fail;
1181
1182 (void) fchmod(fileno(f), 0644);
1183
1184 fputs("# This is private data. Do not parse.\n", f);
1185
1186 v = resolve_support_to_string(l->llmnr_support);
1187 if (v)
1188 fprintf(f, "LLMNR=%s\n", v);
1189
1190 v = resolve_support_to_string(l->mdns_support);
1191 if (v)
1192 fprintf(f, "MDNS=%s\n", v);
1193
1194 v = dnssec_mode_to_string(l->dnssec_mode);
1195 if (v)
1196 fprintf(f, "DNSSEC=%s\n", v);
1197
1198 if (l->default_route >= 0)
1199 fprintf(f, "DEFAULT_ROUTE=%s\n", yes_no(l->default_route));
1200
1201 if (l->dns_servers) {
1202 DnsServer *server;
1203
1204 fputs("SERVERS=", f);
1205 LIST_FOREACH(servers, server, l->dns_servers) {
1206
1207 if (server != l->dns_servers)
1208 fputc(' ', f);
1209
1210 v = dns_server_string(server);
1211 if (!v) {
1212 r = -ENOMEM;
1213 goto fail;
1214 }
1215
1216 fputs(v, f);
1217 }
1218 fputc('\n', f);
1219 }
1220
1221 if (l->search_domains) {
1222 DnsSearchDomain *domain;
1223
1224 fputs("DOMAINS=", f);
1225 LIST_FOREACH(domains, domain, l->search_domains) {
1226
1227 if (domain != l->search_domains)
1228 fputc(' ', f);
1229
1230 if (domain->route_only)
1231 fputc('~', f);
1232
1233 fputs(DNS_SEARCH_DOMAIN_NAME(domain), f);
1234 }
1235 fputc('\n', f);
1236 }
1237
1238 if (!set_isempty(l->dnssec_negative_trust_anchors)) {
1239 bool space = false;
1240 Iterator i;
1241 char *nta;
1242
1243 fputs("NTAS=", f);
1244 SET_FOREACH(nta, l->dnssec_negative_trust_anchors, i) {
1245
1246 if (space)
1247 fputc(' ', f);
1248
1249 fputs(nta, f);
1250 space = true;
1251 }
1252 fputc('\n', f);
1253 }
1254
1255 r = fflush_and_check(f);
1256 if (r < 0)
1257 goto fail;
1258
1259 if (rename(temp_path, l->state_file) < 0) {
1260 r = -errno;
1261 goto fail;
1262 }
1263
1264 return 0;
1265
1266 fail:
1267 (void) unlink(l->state_file);
1268
1269 if (temp_path)
1270 (void) unlink(temp_path);
1271
1272 return log_error_errno(r, "Failed to save link data %s: %m", l->state_file);
1273 }
1274
1275 int link_load_user(Link *l) {
1276 _cleanup_free_ char
1277 *llmnr = NULL,
1278 *mdns = NULL,
1279 *dnssec = NULL,
1280 *servers = NULL,
1281 *domains = NULL,
1282 *ntas = NULL,
1283 *default_route = NULL;
1284
1285 ResolveSupport s;
1286 const char *p;
1287 int r;
1288
1289 assert(l);
1290 assert(l->state_file);
1291
1292 /* Try to load only a single time */
1293 if (l->loaded)
1294 return 0;
1295 l->loaded = true;
1296
1297 if (l->is_managed)
1298 return 0; /* if the device is managed, then networkd is our configuration source, not the bus API */
1299
1300 r = parse_env_file(NULL, l->state_file,
1301 "LLMNR", &llmnr,
1302 "MDNS", &mdns,
1303 "DNSSEC", &dnssec,
1304 "SERVERS", &servers,
1305 "DOMAINS", &domains,
1306 "NTAS", &ntas,
1307 "DEFAULT_ROUTE", &default_route);
1308 if (r == -ENOENT)
1309 return 0;
1310 if (r < 0)
1311 goto fail;
1312
1313 link_flush_settings(l);
1314
1315 /* If we can't recognize the LLMNR or MDNS setting we don't override the default */
1316 s = resolve_support_from_string(llmnr);
1317 if (s >= 0)
1318 l->llmnr_support = s;
1319
1320 s = resolve_support_from_string(mdns);
1321 if (s >= 0)
1322 l->mdns_support = s;
1323
1324 r = parse_boolean(default_route);
1325 if (r >= 0)
1326 l->default_route = r;
1327
1328 /* If we can't recognize the DNSSEC setting, then set it to invalid, so that the daemon default is used. */
1329 l->dnssec_mode = dnssec_mode_from_string(dnssec);
1330
1331 for (p = servers;;) {
1332 _cleanup_free_ char *word = NULL;
1333
1334 r = extract_first_word(&p, &word, NULL, 0);
1335 if (r < 0)
1336 goto fail;
1337 if (r == 0)
1338 break;
1339
1340 r = link_update_dns_server_one(l, word);
1341 if (r < 0) {
1342 log_debug_errno(r, "Failed to load DNS server '%s', ignoring: %m", word);
1343 continue;
1344 }
1345 }
1346
1347 for (p = domains;;) {
1348 _cleanup_free_ char *word = NULL;
1349 const char *n;
1350 bool is_route;
1351
1352 r = extract_first_word(&p, &word, NULL, 0);
1353 if (r < 0)
1354 goto fail;
1355 if (r == 0)
1356 break;
1357
1358 is_route = word[0] == '~';
1359 n = is_route ? word + 1 : word;
1360
1361 r = link_update_search_domain_one(l, n, is_route);
1362 if (r < 0) {
1363 log_debug_errno(r, "Failed to load search domain '%s', ignoring: %m", word);
1364 continue;
1365 }
1366 }
1367
1368 if (ntas) {
1369 _cleanup_set_free_free_ Set *ns = NULL;
1370
1371 ns = set_new(&dns_name_hash_ops);
1372 if (!ns) {
1373 r = -ENOMEM;
1374 goto fail;
1375 }
1376
1377 r = set_put_strsplit(ns, ntas, NULL, 0);
1378 if (r < 0)
1379 goto fail;
1380
1381 l->dnssec_negative_trust_anchors = TAKE_PTR(ns);
1382 }
1383
1384 return 0;
1385
1386 fail:
1387 return log_error_errno(r, "Failed to load link data %s: %m", l->state_file);
1388 }
1389
1390 void link_remove_user(Link *l) {
1391 assert(l);
1392 assert(l->state_file);
1393
1394 (void) unlink(l->state_file);
1395 }
Unnamed repository; edit this file 'description' to name the repository.