]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolved-manager.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tree-wide: use memstream-util
[thirdparty/systemd.git] / src / resolve / resolved-manager.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <fcntl.h>
4 #include <netinet/in.h>
5 #include <poll.h>
6 #include <sys/ioctl.h>
7 #include <sys/stat.h>
8 #include <sys/types.h>
9 #include <unistd.h>
10
11 #include "af-list.h"
12 #include "alloc-util.h"
13 #include "bus-polkit.h"
14 #include "dirent-util.h"
15 #include "dns-domain.h"
16 #include "event-util.h"
17 #include "fd-util.h"
18 #include "fileio.h"
19 #include "hostname-util.h"
20 #include "idn-util.h"
21 #include "io-util.h"
22 #include "memstream-util.h"
23 #include "missing_network.h"
24 #include "missing_socket.h"
25 #include "netlink-util.h"
26 #include "ordered-set.h"
27 #include "parse-util.h"
28 #include "random-util.h"
29 #include "resolved-bus.h"
30 #include "resolved-conf.h"
31 #include "resolved-dns-stub.h"
32 #include "resolved-dnssd.h"
33 #include "resolved-etc-hosts.h"
34 #include "resolved-llmnr.h"
35 #include "resolved-manager.h"
36 #include "resolved-mdns.h"
37 #include "resolved-resolv-conf.h"
38 #include "resolved-util.h"
39 #include "resolved-varlink.h"
40 #include "socket-util.h"
41 #include "string-table.h"
42 #include "string-util.h"
43 #include "utf8.h"
44
45 #define SEND_TIMEOUT_USEC (200 * USEC_PER_MSEC)
46
47 static int manager_process_link(sd_netlink *rtnl, sd_netlink_message *mm, void *userdata) {
48 Manager *m = ASSERT_PTR(userdata);
49 uint16_t type;
50 Link *l;
51 int ifindex, r;
52
53 assert(rtnl);
54 assert(mm);
55
56 r = sd_netlink_message_get_type(mm, &type);
57 if (r < 0)
58 goto fail;
59
60 r = sd_rtnl_message_link_get_ifindex(mm, &ifindex);
61 if (r < 0)
62 goto fail;
63
64 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
65
66 switch (type) {
67
68 case RTM_NEWLINK:{
69 bool is_new = !l;
70
71 if (!l) {
72 r = link_new(m, &l, ifindex);
73 if (r < 0)
74 goto fail;
75 }
76
77 r = link_process_rtnl(l, mm);
78 if (r < 0)
79 goto fail;
80
81 r = link_update(l);
82 if (r < 0)
83 goto fail;
84
85 if (is_new)
86 log_debug("Found new link %i/%s", ifindex, l->ifname);
87
88 break;
89 }
90
91 case RTM_DELLINK:
92 if (l) {
93 log_debug("Removing link %i/%s", l->ifindex, l->ifname);
94 link_remove_user(l);
95 link_free(l);
96 }
97
98 break;
99 }
100
101 return 0;
102
103 fail:
104 log_warning_errno(r, "Failed to process RTNL link message: %m");
105 return 0;
106 }
107
108 static int manager_process_address(sd_netlink *rtnl, sd_netlink_message *mm, void *userdata) {
109 Manager *m = ASSERT_PTR(userdata);
110 union in_addr_union address, broadcast = {};
111 uint16_t type;
112 int r, ifindex, family;
113 LinkAddress *a;
114 Link *l;
115
116 assert(rtnl);
117 assert(mm);
118
119 r = sd_netlink_message_get_type(mm, &type);
120 if (r < 0)
121 goto fail;
122
123 r = sd_rtnl_message_addr_get_ifindex(mm, &ifindex);
124 if (r < 0)
125 goto fail;
126
127 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
128 if (!l)
129 return 0;
130
131 r = sd_rtnl_message_addr_get_family(mm, &family);
132 if (r < 0)
133 goto fail;
134
135 switch (family) {
136
137 case AF_INET:
138 sd_netlink_message_read_in_addr(mm, IFA_BROADCAST, &broadcast.in);
139 r = sd_netlink_message_read_in_addr(mm, IFA_LOCAL, &address.in);
140 if (r < 0) {
141 r = sd_netlink_message_read_in_addr(mm, IFA_ADDRESS, &address.in);
142 if (r < 0)
143 goto fail;
144 }
145
146 break;
147
148 case AF_INET6:
149 r = sd_netlink_message_read_in6_addr(mm, IFA_LOCAL, &address.in6);
150 if (r < 0) {
151 r = sd_netlink_message_read_in6_addr(mm, IFA_ADDRESS, &address.in6);
152 if (r < 0)
153 goto fail;
154 }
155
156 break;
157
158 default:
159 return 0;
160 }
161
162 a = link_find_address(l, family, &address);
163
164 switch (type) {
165
166 case RTM_NEWADDR:
167
168 if (!a) {
169 r = link_address_new(l, &a, family, &address, &broadcast);
170 if (r < 0)
171 return r;
172 }
173
174 r = link_address_update_rtnl(a, mm);
175 if (r < 0)
176 return r;
177
178 break;
179
180 case RTM_DELADDR:
181 link_address_free(a);
182 break;
183 }
184
185 return 0;
186
187 fail:
188 log_warning_errno(r, "Failed to process RTNL address message: %m");
189 return 0;
190 }
191
192 static int manager_rtnl_listen(Manager *m) {
193 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
194 int r;
195
196 assert(m);
197
198 /* First, subscribe to interfaces coming and going */
199 r = sd_netlink_open(&m->rtnl);
200 if (r < 0)
201 return r;
202
203 r = sd_netlink_attach_event(m->rtnl, m->event, SD_EVENT_PRIORITY_IMPORTANT);
204 if (r < 0)
205 return r;
206
207 r = sd_netlink_add_match(m->rtnl, NULL, RTM_NEWLINK, manager_process_link, NULL, m, "resolve-NEWLINK");
208 if (r < 0)
209 return r;
210
211 r = sd_netlink_add_match(m->rtnl, NULL, RTM_DELLINK, manager_process_link, NULL, m, "resolve-DELLINK");
212 if (r < 0)
213 return r;
214
215 r = sd_netlink_add_match(m->rtnl, NULL, RTM_NEWADDR, manager_process_address, NULL, m, "resolve-NEWADDR");
216 if (r < 0)
217 return r;
218
219 r = sd_netlink_add_match(m->rtnl, NULL, RTM_DELADDR, manager_process_address, NULL, m, "resolve-DELADDR");
220 if (r < 0)
221 return r;
222
223 /* Then, enumerate all links */
224 r = sd_rtnl_message_new_link(m->rtnl, &req, RTM_GETLINK, 0);
225 if (r < 0)
226 return r;
227
228 r = sd_netlink_message_set_request_dump(req, true);
229 if (r < 0)
230 return r;
231
232 r = sd_netlink_call(m->rtnl, req, 0, &reply);
233 if (r < 0)
234 return r;
235
236 for (sd_netlink_message *i = reply; i; i = sd_netlink_message_next(i)) {
237 r = manager_process_link(m->rtnl, i, m);
238 if (r < 0)
239 return r;
240 }
241
242 req = sd_netlink_message_unref(req);
243 reply = sd_netlink_message_unref(reply);
244
245 /* Finally, enumerate all addresses, too */
246 r = sd_rtnl_message_new_addr(m->rtnl, &req, RTM_GETADDR, 0, AF_UNSPEC);
247 if (r < 0)
248 return r;
249
250 r = sd_netlink_message_set_request_dump(req, true);
251 if (r < 0)
252 return r;
253
254 r = sd_netlink_call(m->rtnl, req, 0, &reply);
255 if (r < 0)
256 return r;
257
258 for (sd_netlink_message *i = reply; i; i = sd_netlink_message_next(i)) {
259 r = manager_process_address(m->rtnl, i, m);
260 if (r < 0)
261 return r;
262 }
263
264 return r;
265 }
266
267 static int on_network_event(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
268 Manager *m = ASSERT_PTR(userdata);
269 Link *l;
270 int r;
271
272 sd_network_monitor_flush(m->network_monitor);
273
274 HASHMAP_FOREACH(l, m->links) {
275 r = link_update(l);
276 if (r < 0)
277 log_warning_errno(r, "Failed to update monitor information for %i: %m", l->ifindex);
278 }
279
280 (void) manager_write_resolv_conf(m);
281 (void) manager_send_changed(m, "DNS");
282
283 return 0;
284 }
285
286 static int manager_network_monitor_listen(Manager *m) {
287 int r, fd, events;
288
289 assert(m);
290
291 r = sd_network_monitor_new(&m->network_monitor, NULL);
292 if (r < 0)
293 return r;
294
295 fd = sd_network_monitor_get_fd(m->network_monitor);
296 if (fd < 0)
297 return fd;
298
299 events = sd_network_monitor_get_events(m->network_monitor);
300 if (events < 0)
301 return events;
302
303 r = sd_event_add_io(m->event, &m->network_event_source, fd, events, &on_network_event, m);
304 if (r < 0)
305 return r;
306
307 r = sd_event_source_set_priority(m->network_event_source, SD_EVENT_PRIORITY_IMPORTANT+5);
308 if (r < 0)
309 return r;
310
311 (void) sd_event_source_set_description(m->network_event_source, "network-monitor");
312
313 return 0;
314 }
315
316 static int manager_clock_change_listen(Manager *m);
317
318 static int on_clock_change(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
319 Manager *m = ASSERT_PTR(userdata);
320
321 /* The clock has changed, let's flush all caches. Why that? That's because DNSSEC validation takes
322 * the system clock into consideration, and if the clock changes the old validations might have been
323 * wrong. Let's redo all validation with the new, correct time.
324 *
325 * (Also, this is triggered after system suspend, which is also a good reason to drop caches, since
326 * we might be connected to a different network now without this being visible in a dropped link
327 * carrier or so.) */
328
329 log_info("Clock change detected. Flushing caches.");
330 manager_flush_caches(m, LOG_DEBUG /* downgrade the functions own log message, since we already logged here at LOG_INFO level */);
331
332 /* The clock change timerfd is unusable after it triggered once, create a new one. */
333 return manager_clock_change_listen(m);
334 }
335
336 static int manager_clock_change_listen(Manager *m) {
337 int r;
338
339 assert(m);
340
341 m->clock_change_event_source = sd_event_source_disable_unref(m->clock_change_event_source);
342
343 r = event_add_time_change(m->event, &m->clock_change_event_source, on_clock_change, m);
344 if (r < 0)
345 return log_error_errno(r, "Failed to create clock change event source: %m");
346
347 return 0;
348 }
349
350 static int determine_hostnames(char **full_hostname, char **llmnr_hostname, char **mdns_hostname) {
351 _cleanup_free_ char *h = NULL, *n = NULL;
352 int r;
353
354 assert(full_hostname);
355 assert(llmnr_hostname);
356 assert(mdns_hostname);
357
358 r = resolve_system_hostname(&h, &n);
359 if (r < 0)
360 return r;
361
362 r = dns_name_concat(n, "local", 0, mdns_hostname);
363 if (r < 0)
364 return log_error_errno(r, "Failed to determine mDNS hostname: %m");
365
366 *llmnr_hostname = TAKE_PTR(n);
367 *full_hostname = TAKE_PTR(h);
368
369 return 0;
370 }
371
372 static char* fallback_hostname(void) {
373
374 /* Determine the fall back hostname. For exposing this system to the outside world, we cannot have it
375 * to be "localhost" even if that's the default hostname. In this case, let's revert to "linux"
376 * instead. */
377
378 _cleanup_free_ char *n = get_default_hostname();
379 if (!n)
380 return NULL;
381
382 if (is_localhost(n))
383 return strdup("linux");
384
385 return TAKE_PTR(n);
386 }
387
388 static int make_fallback_hostnames(char **full_hostname, char **llmnr_hostname, char **mdns_hostname) {
389 _cleanup_free_ char *h = NULL, *n = NULL, *m = NULL;
390 char label[DNS_LABEL_MAX];
391 const char *p;
392 int r;
393
394 assert(full_hostname);
395 assert(llmnr_hostname);
396 assert(mdns_hostname);
397
398 p = h = fallback_hostname();
399 if (!h)
400 return log_oom();
401
402 r = dns_label_unescape(&p, label, sizeof label, 0);
403 if (r < 0)
404 return log_error_errno(r, "Failed to unescape fallback hostname: %m");
405
406 assert(r > 0); /* The fallback hostname must have at least one label */
407
408 r = dns_label_escape_new(label, r, &n);
409 if (r < 0)
410 return log_error_errno(r, "Failed to escape fallback hostname: %m");
411
412 r = dns_name_concat(n, "local", 0, &m);
413 if (r < 0)
414 return log_error_errno(r, "Failed to concatenate mDNS hostname: %m");
415
416 *llmnr_hostname = TAKE_PTR(n);
417 *mdns_hostname = TAKE_PTR(m);
418 *full_hostname = TAKE_PTR(h);
419
420 return 0;
421 }
422
423 static int on_hostname_change(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
424 _cleanup_free_ char *full_hostname = NULL, *llmnr_hostname = NULL, *mdns_hostname = NULL;
425 Manager *m = ASSERT_PTR(userdata);
426 bool llmnr_hostname_changed;
427 int r;
428
429 r = determine_hostnames(&full_hostname, &llmnr_hostname, &mdns_hostname);
430 if (r < 0) {
431 log_warning_errno(r, "Failed to determine the local hostname and LLMNR/mDNS names, ignoring: %m");
432 return 0; /* ignore invalid hostnames */
433 }
434
435 llmnr_hostname_changed = !streq(llmnr_hostname, m->llmnr_hostname);
436 if (streq(full_hostname, m->full_hostname) &&
437 !llmnr_hostname_changed &&
438 streq(mdns_hostname, m->mdns_hostname))
439 return 0;
440
441 log_info("System hostname changed to '%s'.", full_hostname);
442
443 free_and_replace(m->full_hostname, full_hostname);
444 free_and_replace(m->llmnr_hostname, llmnr_hostname);
445 free_and_replace(m->mdns_hostname, mdns_hostname);
446
447 manager_refresh_rrs(m);
448 (void) manager_send_changed(m, "LLMNRHostname");
449
450 return 0;
451 }
452
453 static int manager_watch_hostname(Manager *m) {
454 int r;
455
456 assert(m);
457
458 m->hostname_fd = open("/proc/sys/kernel/hostname",
459 O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
460 if (m->hostname_fd < 0) {
461 log_warning_errno(errno, "Failed to watch hostname: %m");
462 return 0;
463 }
464
465 r = sd_event_add_io(m->event, &m->hostname_event_source, m->hostname_fd, 0, on_hostname_change, m);
466 if (r < 0) {
467 if (r == -EPERM)
468 /* kernels prior to 3.2 don't support polling this file. Ignore the failure. */
469 m->hostname_fd = safe_close(m->hostname_fd);
470 else
471 return log_error_errno(r, "Failed to add hostname event source: %m");
472 }
473
474 (void) sd_event_source_set_description(m->hostname_event_source, "hostname");
475
476 r = determine_hostnames(&m->full_hostname, &m->llmnr_hostname, &m->mdns_hostname);
477 if (r < 0) {
478 _cleanup_free_ char *d = NULL;
479
480 d = fallback_hostname();
481 if (!d)
482 return log_oom();
483
484 log_info("Defaulting to hostname '%s'.", d);
485
486 r = make_fallback_hostnames(&m->full_hostname, &m->llmnr_hostname, &m->mdns_hostname);
487 if (r < 0)
488 return r;
489 } else
490 log_info("Using system hostname '%s'.", m->full_hostname);
491
492 return 0;
493 }
494
495 static int manager_sigusr1(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
496 _cleanup_(memstream_done) MemStream ms = {};
497 Manager *m = ASSERT_PTR(userdata);
498 Link *l;
499 FILE *f;
500
501 assert(s);
502 assert(si);
503
504 f = memstream_init(&ms);
505 if (!f)
506 return log_oom();
507
508 LIST_FOREACH(scopes, scope, m->dns_scopes)
509 dns_scope_dump(scope, f);
510
511 LIST_FOREACH(servers, server, m->dns_servers)
512 dns_server_dump(server, f);
513 LIST_FOREACH(servers, server, m->fallback_dns_servers)
514 dns_server_dump(server, f);
515 HASHMAP_FOREACH(l, m->links)
516 LIST_FOREACH(servers, server, l->dns_servers)
517 dns_server_dump(server, f);
518
519 return memstream_dump(LOG_INFO, &ms);
520 }
521
522 static int manager_sigusr2(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
523 Manager *m = ASSERT_PTR(userdata);
524
525 assert(s);
526 assert(si);
527
528 manager_flush_caches(m, LOG_INFO);
529
530 return 0;
531 }
532
533 static int manager_sigrtmin1(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
534 Manager *m = ASSERT_PTR(userdata);
535
536 assert(s);
537 assert(si);
538
539 manager_reset_server_features(m);
540 return 0;
541 }
542
543 static int manager_memory_pressure(sd_event_source *s, void *userdata) {
544 Manager *m = ASSERT_PTR(userdata);
545
546 log_info("Under memory pressure, flushing caches.");
547
548 manager_flush_caches(m, LOG_INFO);
549 sd_event_trim_memory();
550
551 return 0;
552 }
553
554 static int manager_memory_pressure_listen(Manager *m) {
555 int r;
556
557 assert(m);
558
559 r = sd_event_add_memory_pressure(m->event, NULL, manager_memory_pressure, m);
560 if (r < 0)
561 log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) || ERRNO_IS_PRIVILEGE(r) || (r == -EHOSTDOWN )? LOG_DEBUG : LOG_NOTICE, r,
562 "Failed to install memory pressure event source, ignoring: %m");
563
564 return 0;
565 }
566
567 int manager_new(Manager **ret) {
568 _cleanup_(manager_freep) Manager *m = NULL;
569 int r;
570
571 assert(ret);
572
573 m = new(Manager, 1);
574 if (!m)
575 return -ENOMEM;
576
577 *m = (Manager) {
578 .llmnr_ipv4_udp_fd = -EBADF,
579 .llmnr_ipv6_udp_fd = -EBADF,
580 .llmnr_ipv4_tcp_fd = -EBADF,
581 .llmnr_ipv6_tcp_fd = -EBADF,
582 .mdns_ipv4_fd = -EBADF,
583 .mdns_ipv6_fd = -EBADF,
584 .hostname_fd = -EBADF,
585
586 .llmnr_support = DEFAULT_LLMNR_MODE,
587 .mdns_support = DEFAULT_MDNS_MODE,
588 .dnssec_mode = DEFAULT_DNSSEC_MODE,
589 .dns_over_tls_mode = DEFAULT_DNS_OVER_TLS_MODE,
590 .enable_cache = DNS_CACHE_MODE_YES,
591 .dns_stub_listener_mode = DNS_STUB_LISTENER_YES,
592 .read_resolv_conf = true,
593 .need_builtin_fallbacks = true,
594 .etc_hosts_last = USEC_INFINITY,
595 .read_etc_hosts = true,
596
597 .sigrtmin18_info.memory_pressure_handler = manager_memory_pressure,
598 .sigrtmin18_info.memory_pressure_userdata = m,
599 };
600
601 r = dns_trust_anchor_load(&m->trust_anchor);
602 if (r < 0)
603 return r;
604
605 r = manager_parse_config_file(m);
606 if (r < 0)
607 log_warning_errno(r, "Failed to parse configuration file: %m");
608
609 #if ENABLE_DNS_OVER_TLS
610 r = dnstls_manager_init(m);
611 if (r < 0)
612 return r;
613 #endif
614
615 r = sd_event_default(&m->event);
616 if (r < 0)
617 return r;
618
619 (void) sd_event_add_signal(m->event, NULL, SIGTERM, NULL, NULL);
620 (void) sd_event_add_signal(m->event, NULL, SIGINT, NULL, NULL);
621
622 (void) sd_event_set_watchdog(m->event, true);
623
624 r = manager_watch_hostname(m);
625 if (r < 0)
626 return r;
627
628 r = dnssd_load(m);
629 if (r < 0)
630 log_warning_errno(r, "Failed to load DNS-SD configuration files: %m");
631
632 r = dns_scope_new(m, &m->unicast_scope, NULL, DNS_PROTOCOL_DNS, AF_UNSPEC);
633 if (r < 0)
634 return r;
635
636 r = manager_network_monitor_listen(m);
637 if (r < 0)
638 return r;
639
640 r = manager_rtnl_listen(m);
641 if (r < 0)
642 return r;
643
644 r = manager_clock_change_listen(m);
645 if (r < 0)
646 return r;
647
648 r = manager_memory_pressure_listen(m);
649 if (r < 0)
650 return r;
651
652 r = manager_connect_bus(m);
653 if (r < 0)
654 return r;
655
656 (void) sd_event_add_signal(m->event, &m->sigusr1_event_source, SIGUSR1, manager_sigusr1, m);
657 (void) sd_event_add_signal(m->event, &m->sigusr2_event_source, SIGUSR2, manager_sigusr2, m);
658 (void) sd_event_add_signal(m->event, &m->sigrtmin1_event_source, SIGRTMIN+1, manager_sigrtmin1, m);
659 (void) sd_event_add_signal(m->event, NULL, SIGRTMIN+18, sigrtmin18_handler, &m->sigrtmin18_info);
660
661 manager_cleanup_saved_user(m);
662
663 *ret = TAKE_PTR(m);
664
665 return 0;
666 }
667
668 int manager_start(Manager *m) {
669 int r;
670
671 assert(m);
672
673 r = manager_dns_stub_start(m);
674 if (r < 0)
675 return r;
676
677 r = manager_varlink_init(m);
678 if (r < 0)
679 return r;
680
681 return 0;
682 }
683
684 Manager *manager_free(Manager *m) {
685 Link *l;
686 DnssdService *s;
687
688 if (!m)
689 return NULL;
690
691 dns_server_unlink_all(m->dns_servers);
692 dns_server_unlink_all(m->fallback_dns_servers);
693 dns_search_domain_unlink_all(m->search_domains);
694
695 while ((l = hashmap_first(m->links)))
696 link_free(l);
697
698 while (m->dns_queries)
699 dns_query_free(m->dns_queries);
700
701 m->stub_queries_by_packet = hashmap_free(m->stub_queries_by_packet);
702
703 dns_scope_free(m->unicast_scope);
704
705 /* At this point only orphaned streams should remain. All others should have been freed already by their
706 * owners */
707 while (m->dns_streams)
708 dns_stream_unref(m->dns_streams);
709
710 #if ENABLE_DNS_OVER_TLS
711 dnstls_manager_free(m);
712 #endif
713
714 hashmap_free(m->links);
715 hashmap_free(m->dns_transactions);
716
717 sd_event_source_unref(m->network_event_source);
718 sd_network_monitor_unref(m->network_monitor);
719
720 sd_netlink_unref(m->rtnl);
721 sd_event_source_unref(m->rtnl_event_source);
722 sd_event_source_unref(m->clock_change_event_source);
723
724 manager_llmnr_stop(m);
725 manager_mdns_stop(m);
726 manager_dns_stub_stop(m);
727 manager_varlink_done(m);
728
729 manager_socket_graveyard_clear(m);
730
731 ordered_set_free(m->dns_extra_stub_listeners);
732
733 bus_verify_polkit_async_registry_free(m->polkit_registry);
734
735 sd_bus_flush_close_unref(m->bus);
736
737 sd_event_source_unref(m->sigusr1_event_source);
738 sd_event_source_unref(m->sigusr2_event_source);
739 sd_event_source_unref(m->sigrtmin1_event_source);
740
741 dns_resource_key_unref(m->llmnr_host_ipv4_key);
742 dns_resource_key_unref(m->llmnr_host_ipv6_key);
743 dns_resource_key_unref(m->mdns_host_ipv4_key);
744 dns_resource_key_unref(m->mdns_host_ipv6_key);
745
746 sd_event_source_unref(m->hostname_event_source);
747 safe_close(m->hostname_fd);
748
749 sd_event_unref(m->event);
750
751 free(m->full_hostname);
752 free(m->llmnr_hostname);
753 free(m->mdns_hostname);
754
755 while ((s = hashmap_first(m->dnssd_services)))
756 dnssd_service_free(s);
757 hashmap_free(m->dnssd_services);
758
759 dns_trust_anchor_flush(&m->trust_anchor);
760 manager_etc_hosts_flush(m);
761
762 return mfree(m);
763 }
764
765 int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) {
766 _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
767 CMSG_BUFFER_TYPE(CMSG_SPACE(MAXSIZE(struct in_pktinfo, struct in6_pktinfo))
768 + CMSG_SPACE(int) /* ttl/hoplimit */
769 + EXTRA_CMSG_SPACE /* kernel appears to require extra buffer space */) control;
770 union sockaddr_union sa;
771 struct iovec iov;
772 struct msghdr mh = {
773 .msg_name = &sa.sa,
774 .msg_namelen = sizeof(sa),
775 .msg_iov = &iov,
776 .msg_iovlen = 1,
777 .msg_control = &control,
778 .msg_controllen = sizeof(control),
779 };
780 struct cmsghdr *cmsg;
781 ssize_t ms, l;
782 int r;
783
784 assert(m);
785 assert(fd >= 0);
786 assert(ret);
787
788 ms = next_datagram_size_fd(fd);
789 if (ms < 0)
790 return ms;
791
792 r = dns_packet_new(&p, protocol, ms, DNS_PACKET_SIZE_MAX);
793 if (r < 0)
794 return r;
795
796 iov = IOVEC_MAKE(DNS_PACKET_DATA(p), p->allocated);
797
798 l = recvmsg_safe(fd, &mh, 0);
799 if (l < 0) {
800 if (ERRNO_IS_TRANSIENT(l))
801 return 0;
802 return l;
803 }
804 if (l == 0)
805 return 0;
806
807 assert(!(mh.msg_flags & MSG_TRUNC));
808
809 p->size = (size_t) l;
810
811 p->family = sa.sa.sa_family;
812 p->ipproto = IPPROTO_UDP;
813 if (p->family == AF_INET) {
814 p->sender.in = sa.in.sin_addr;
815 p->sender_port = be16toh(sa.in.sin_port);
816 } else if (p->family == AF_INET6) {
817 p->sender.in6 = sa.in6.sin6_addr;
818 p->sender_port = be16toh(sa.in6.sin6_port);
819 p->ifindex = sa.in6.sin6_scope_id;
820 } else
821 return -EAFNOSUPPORT;
822
823 p->timestamp = now(CLOCK_BOOTTIME);
824
825 CMSG_FOREACH(cmsg, &mh) {
826
827 if (cmsg->cmsg_level == IPPROTO_IPV6) {
828 assert(p->family == AF_INET6);
829
830 switch (cmsg->cmsg_type) {
831
832 case IPV6_PKTINFO: {
833 struct in6_pktinfo *i = CMSG_TYPED_DATA(cmsg, struct in6_pktinfo);
834
835 if (p->ifindex <= 0)
836 p->ifindex = i->ipi6_ifindex;
837
838 p->destination.in6 = i->ipi6_addr;
839 break;
840 }
841
842 case IPV6_HOPLIMIT:
843 p->ttl = *CMSG_TYPED_DATA(cmsg, int);
844 break;
845
846 case IPV6_RECVFRAGSIZE:
847 p->fragsize = *CMSG_TYPED_DATA(cmsg, int);
848 break;
849 }
850 } else if (cmsg->cmsg_level == IPPROTO_IP) {
851 assert(p->family == AF_INET);
852
853 switch (cmsg->cmsg_type) {
854
855 case IP_PKTINFO: {
856 struct in_pktinfo *i = CMSG_TYPED_DATA(cmsg, struct in_pktinfo);
857
858 if (p->ifindex <= 0)
859 p->ifindex = i->ipi_ifindex;
860
861 p->destination.in = i->ipi_addr;
862 break;
863 }
864
865 case IP_TTL:
866 p->ttl = *CMSG_TYPED_DATA(cmsg, int);
867 break;
868
869 case IP_RECVFRAGSIZE:
870 p->fragsize = *CMSG_TYPED_DATA(cmsg, int);
871 break;
872 }
873 }
874 }
875
876 /* The Linux kernel sets the interface index to the loopback
877 * device if the packet came from the local host since it
878 * avoids the routing table in such a case. Let's unset the
879 * interface index in such a case. */
880 if (p->ifindex == LOOPBACK_IFINDEX)
881 p->ifindex = 0;
882
883 if (protocol != DNS_PROTOCOL_DNS) {
884 /* If we don't know the interface index still, we look for the
885 * first local interface with a matching address. Yuck! */
886 if (p->ifindex <= 0)
887 p->ifindex = manager_find_ifindex(m, p->family, &p->destination);
888 }
889
890 log_debug("Received %s UDP packet of size %zu, ifindex=%i, ttl=%u, fragsize=%zu, sender=%s, destination=%s",
891 dns_protocol_to_string(protocol), p->size, p->ifindex, p->ttl, p->fragsize,
892 IN_ADDR_TO_STRING(p->family, &p->sender),
893 IN_ADDR_TO_STRING(p->family, &p->destination));
894
895 *ret = TAKE_PTR(p);
896 return 1;
897 }
898
899 static int sendmsg_loop(int fd, struct msghdr *mh, int flags) {
900 usec_t end;
901 int r;
902
903 assert(fd >= 0);
904 assert(mh);
905
906 end = usec_add(now(CLOCK_MONOTONIC), SEND_TIMEOUT_USEC);
907
908 for (;;) {
909 if (sendmsg(fd, mh, flags) >= 0)
910 return 0;
911 if (errno == EINTR)
912 continue;
913 if (errno != EAGAIN)
914 return -errno;
915
916 r = fd_wait_for_event(fd, POLLOUT, LESS_BY(end, now(CLOCK_MONOTONIC)));
917 if (r < 0) {
918 if (ERRNO_IS_TRANSIENT(r))
919 continue;
920 return r;
921 }
922 if (r == 0)
923 return -ETIMEDOUT;
924 }
925 }
926
927 static int write_loop(int fd, void *message, size_t length) {
928 usec_t end;
929 int r;
930
931 assert(fd >= 0);
932 assert(message);
933
934 end = usec_add(now(CLOCK_MONOTONIC), SEND_TIMEOUT_USEC);
935
936 for (;;) {
937 if (write(fd, message, length) >= 0)
938 return 0;
939 if (errno == EINTR)
940 continue;
941 if (errno != EAGAIN)
942 return -errno;
943
944 r = fd_wait_for_event(fd, POLLOUT, LESS_BY(end, now(CLOCK_MONOTONIC)));
945 if (r < 0) {
946 if (ERRNO_IS_TRANSIENT(r))
947 continue;
948 return r;
949 }
950 if (r == 0)
951 return -ETIMEDOUT;
952 }
953 }
954
955 int manager_write(Manager *m, int fd, DnsPacket *p) {
956 int r;
957
958 log_debug("Sending %s%s packet with id %" PRIu16 " of size %zu.",
959 DNS_PACKET_TC(p) ? "truncated (!) " : "",
960 DNS_PACKET_QR(p) ? "response" : "query",
961 DNS_PACKET_ID(p),
962 p->size);
963
964 r = write_loop(fd, DNS_PACKET_DATA(p), p->size);
965 if (r < 0)
966 return r;
967
968 return 0;
969 }
970
971 static int manager_ipv4_send(
972 Manager *m,
973 int fd,
974 int ifindex,
975 const struct in_addr *destination,
976 uint16_t port,
977 const struct in_addr *source,
978 DnsPacket *p) {
979
980 CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct in_pktinfo))) control = {};
981 union sockaddr_union sa;
982 struct iovec iov;
983 struct msghdr mh = {
984 .msg_iov = &iov,
985 .msg_iovlen = 1,
986 .msg_name = &sa.sa,
987 .msg_namelen = sizeof(sa.in),
988 };
989
990 assert(m);
991 assert(fd >= 0);
992 assert(destination);
993 assert(port > 0);
994 assert(p);
995
996 iov = IOVEC_MAKE(DNS_PACKET_DATA(p), p->size);
997
998 sa = (union sockaddr_union) {
999 .in.sin_family = AF_INET,
1000 .in.sin_addr = *destination,
1001 .in.sin_port = htobe16(port),
1002 };
1003
1004 if (ifindex > 0) {
1005 struct cmsghdr *cmsg;
1006 struct in_pktinfo *pi;
1007
1008 mh.msg_control = &control;
1009 mh.msg_controllen = sizeof(control);
1010
1011 cmsg = CMSG_FIRSTHDR(&mh);
1012 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
1013 cmsg->cmsg_level = IPPROTO_IP;
1014 cmsg->cmsg_type = IP_PKTINFO;
1015
1016 pi = CMSG_TYPED_DATA(cmsg, struct in_pktinfo);
1017 pi->ipi_ifindex = ifindex;
1018
1019 if (source)
1020 pi->ipi_spec_dst = *source;
1021 }
1022
1023 return sendmsg_loop(fd, &mh, 0);
1024 }
1025
1026 static int manager_ipv6_send(
1027 Manager *m,
1028 int fd,
1029 int ifindex,
1030 const struct in6_addr *destination,
1031 uint16_t port,
1032 const struct in6_addr *source,
1033 DnsPacket *p) {
1034
1035 CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct in6_pktinfo))) control = {};
1036 union sockaddr_union sa;
1037 struct iovec iov;
1038 struct msghdr mh = {
1039 .msg_iov = &iov,
1040 .msg_iovlen = 1,
1041 .msg_name = &sa.sa,
1042 .msg_namelen = sizeof(sa.in6),
1043 };
1044
1045 assert(m);
1046 assert(fd >= 0);
1047 assert(destination);
1048 assert(port > 0);
1049 assert(p);
1050
1051 iov = IOVEC_MAKE(DNS_PACKET_DATA(p), p->size);
1052
1053 sa = (union sockaddr_union) {
1054 .in6.sin6_family = AF_INET6,
1055 .in6.sin6_addr = *destination,
1056 .in6.sin6_port = htobe16(port),
1057 .in6.sin6_scope_id = ifindex,
1058 };
1059
1060 if (ifindex > 0) {
1061 struct cmsghdr *cmsg;
1062 struct in6_pktinfo *pi;
1063
1064 mh.msg_control = &control;
1065 mh.msg_controllen = sizeof(control);
1066
1067 cmsg = CMSG_FIRSTHDR(&mh);
1068 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
1069 cmsg->cmsg_level = IPPROTO_IPV6;
1070 cmsg->cmsg_type = IPV6_PKTINFO;
1071
1072 pi = CMSG_TYPED_DATA(cmsg, struct in6_pktinfo);
1073 pi->ipi6_ifindex = ifindex;
1074
1075 if (source)
1076 pi->ipi6_addr = *source;
1077 }
1078
1079 return sendmsg_loop(fd, &mh, 0);
1080 }
1081
1082 static int dns_question_to_json(DnsQuestion *q, JsonVariant **ret) {
1083 _cleanup_(json_variant_unrefp) JsonVariant *l = NULL;
1084 DnsResourceKey *key;
1085 int r;
1086
1087 assert(ret);
1088
1089 DNS_QUESTION_FOREACH(key, q) {
1090 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
1091
1092 r = dns_resource_key_to_json(key, &v);
1093 if (r < 0)
1094 return r;
1095
1096 r = json_variant_append_array(&l, v);
1097 if (r < 0)
1098 return r;
1099 }
1100
1101 *ret = TAKE_PTR(l);
1102 return 0;
1103 }
1104
1105 int manager_monitor_send(
1106 Manager *m,
1107 int state,
1108 int rcode,
1109 int error,
1110 DnsQuestion *question_idna,
1111 DnsQuestion *question_utf8,
1112 DnsQuestion *collected_questions,
1113 DnsAnswer *answer) {
1114
1115 _cleanup_(json_variant_unrefp) JsonVariant *jquestion = NULL, *jcollected_questions = NULL, *janswer = NULL;
1116 _cleanup_(dns_question_unrefp) DnsQuestion *merged = NULL;
1117 Varlink *connection;
1118 DnsAnswerItem *rri;
1119 int r;
1120
1121 assert(m);
1122
1123 if (set_isempty(m->varlink_subscription))
1124 return 0;
1125
1126 /* Merge both questions format into one */
1127 r = dns_question_merge(question_idna, question_utf8, &merged);
1128 if (r < 0)
1129 return log_error_errno(r, "Failed to merge UTF8/IDNA questions: %m");
1130
1131 /* Convert the current primary question to JSON */
1132 r = dns_question_to_json(merged, &jquestion);
1133 if (r < 0)
1134 return log_error_errno(r, "Failed to convert question to JSON: %m");
1135
1136 /* Generate a JSON array of the questions preceding the current one in the CNAME chain */
1137 r = dns_question_to_json(collected_questions, &jcollected_questions);
1138 if (r < 0)
1139 return log_error_errno(r, "Failed to convert question to JSON: %m");
1140
1141 DNS_ANSWER_FOREACH_ITEM(rri, answer) {
1142 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL, *w = NULL;
1143
1144 r = dns_resource_record_to_json(rri->rr, &v);
1145 if (r < 0)
1146 return log_error_errno(r, "Failed to convert answer resource record to JSON: %m");
1147
1148 r = dns_resource_record_to_wire_format(rri->rr, /* canonical= */ false); /* don't use DNSSEC canonical format, since it removes casing, but we want that for DNS_SD compat */
1149 if (r < 0)
1150 return log_error_errno(r, "Failed to generate RR wire format: %m");
1151
1152 r = json_build(&w, JSON_BUILD_OBJECT(
1153 JSON_BUILD_PAIR_CONDITION(v, "rr", JSON_BUILD_VARIANT(v)),
1154 JSON_BUILD_PAIR("raw", JSON_BUILD_BASE64(rri->rr->wire_format, rri->rr->wire_format_size)),
1155 JSON_BUILD_PAIR_CONDITION(rri->ifindex > 0, "ifindex", JSON_BUILD_INTEGER(rri->ifindex))));
1156 if (r < 0)
1157 return log_error_errno(r, "Failed to make answer RR object: %m");
1158
1159 r = json_variant_append_array(&janswer, w);
1160 if (r < 0)
1161 return log_debug_errno(r, "Failed to append notification entry to array: %m");
1162 }
1163
1164 SET_FOREACH(connection, m->varlink_subscription) {
1165 r = varlink_notifyb(connection,
1166 JSON_BUILD_OBJECT(JSON_BUILD_PAIR("state", JSON_BUILD_STRING(dns_transaction_state_to_string(state))),
1167 JSON_BUILD_PAIR_CONDITION(state == DNS_TRANSACTION_RCODE_FAILURE, "rcode", JSON_BUILD_INTEGER(rcode)),
1168 JSON_BUILD_PAIR_CONDITION(state == DNS_TRANSACTION_ERRNO, "errno", JSON_BUILD_INTEGER(error)),
1169 JSON_BUILD_PAIR("question", JSON_BUILD_VARIANT(jquestion)),
1170 JSON_BUILD_PAIR_CONDITION(jcollected_questions, "collectedQuestions", JSON_BUILD_VARIANT(jcollected_questions)),
1171 JSON_BUILD_PAIR_CONDITION(janswer, "answer", JSON_BUILD_VARIANT(janswer))));
1172 if (r < 0)
1173 log_debug_errno(r, "Failed to send monitor event, ignoring: %m");
1174 }
1175
1176 return 0;
1177 }
1178
1179 int manager_send(
1180 Manager *m,
1181 int fd,
1182 int ifindex,
1183 int family,
1184 const union in_addr_union *destination,
1185 uint16_t port,
1186 const union in_addr_union *source,
1187 DnsPacket *p) {
1188
1189 assert(m);
1190 assert(fd >= 0);
1191 assert(destination);
1192 assert(port > 0);
1193 assert(p);
1194
1195 log_debug("Sending %s%s packet with id %" PRIu16 " on interface %i/%s of size %zu.",
1196 DNS_PACKET_TC(p) ? "truncated (!) " : "",
1197 DNS_PACKET_QR(p) ? "response" : "query",
1198 DNS_PACKET_ID(p),
1199 ifindex, af_to_name(family),
1200 p->size);
1201
1202 if (family == AF_INET)
1203 return manager_ipv4_send(m, fd, ifindex, &destination->in, port, source ? &source->in : NULL, p);
1204 if (family == AF_INET6)
1205 return manager_ipv6_send(m, fd, ifindex, &destination->in6, port, source ? &source->in6 : NULL, p);
1206
1207 return -EAFNOSUPPORT;
1208 }
1209
1210 uint32_t manager_find_mtu(Manager *m) {
1211 uint32_t mtu = 0;
1212 Link *l;
1213
1214 /* If we don't know on which link a DNS packet would be delivered, let's find the largest MTU that
1215 * works on all interfaces we know of that have an IP address associated */
1216
1217 HASHMAP_FOREACH(l, m->links) {
1218 /* Let's filter out links without IP addresses (e.g. AF_CAN links and suchlike) */
1219 if (!l->addresses)
1220 continue;
1221
1222 /* Safety check: MTU shorter than what we need for the absolutely shortest DNS request? Then
1223 * let's ignore this link. */
1224 if (l->mtu < MIN(UDP4_PACKET_HEADER_SIZE + DNS_PACKET_HEADER_SIZE,
1225 UDP6_PACKET_HEADER_SIZE + DNS_PACKET_HEADER_SIZE))
1226 continue;
1227
1228 if (mtu <= 0 || l->mtu < mtu)
1229 mtu = l->mtu;
1230 }
1231
1232 if (mtu == 0) /* found nothing? then let's assume the typical Ethernet MTU for lack of anything more precise */
1233 return 1500;
1234
1235 return mtu;
1236 }
1237
1238 int manager_find_ifindex(Manager *m, int family, const union in_addr_union *in_addr) {
1239 LinkAddress *a;
1240
1241 assert(m);
1242
1243 if (!IN_SET(family, AF_INET, AF_INET6))
1244 return 0;
1245
1246 if (!in_addr)
1247 return 0;
1248
1249 a = manager_find_link_address(m, family, in_addr);
1250 if (a)
1251 return a->link->ifindex;
1252
1253 return 0;
1254 }
1255
1256 void manager_refresh_rrs(Manager *m) {
1257 Link *l;
1258 DnssdService *s;
1259
1260 assert(m);
1261
1262 m->llmnr_host_ipv4_key = dns_resource_key_unref(m->llmnr_host_ipv4_key);
1263 m->llmnr_host_ipv6_key = dns_resource_key_unref(m->llmnr_host_ipv6_key);
1264 m->mdns_host_ipv4_key = dns_resource_key_unref(m->mdns_host_ipv4_key);
1265 m->mdns_host_ipv6_key = dns_resource_key_unref(m->mdns_host_ipv6_key);
1266
1267 HASHMAP_FOREACH(l, m->links)
1268 link_add_rrs(l, true);
1269
1270 if (m->mdns_support == RESOLVE_SUPPORT_YES)
1271 HASHMAP_FOREACH(s, m->dnssd_services)
1272 if (dnssd_update_rrs(s) < 0)
1273 log_warning("Failed to refresh DNS-SD service '%s'", s->name);
1274
1275 HASHMAP_FOREACH(l, m->links)
1276 link_add_rrs(l, false);
1277 }
1278
1279 static int manager_next_random_name(const char *old, char **ret_new) {
1280 const char *p;
1281 uint64_t u, a;
1282 char *n;
1283
1284 p = strchr(old, 0);
1285 assert(p);
1286
1287 while (p > old) {
1288 if (!ascii_isdigit(p[-1]))
1289 break;
1290
1291 p--;
1292 }
1293
1294 if (*p == 0 || safe_atou64(p, &u) < 0 || u <= 0)
1295 u = 1;
1296
1297 /* Add a random number to the old value. This way we can avoid
1298 * that two hosts pick the same hostname, win on IPv4 and lose
1299 * on IPv6 (or vice versa), and pick the same hostname
1300 * replacement hostname, ad infinitum. We still want the
1301 * numbers to go up monotonically, hence we just add a random
1302 * value 1..10 */
1303
1304 random_bytes(&a, sizeof(a));
1305 u += 1 + a % 10;
1306
1307 if (asprintf(&n, "%.*s%" PRIu64, (int) (p - old), old, u) < 0)
1308 return -ENOMEM;
1309
1310 *ret_new = n;
1311
1312 return 0;
1313 }
1314
1315 int manager_next_hostname(Manager *m) {
1316 _cleanup_free_ char *h = NULL, *k = NULL;
1317 int r;
1318
1319 assert(m);
1320
1321 r = manager_next_random_name(m->llmnr_hostname, &h);
1322 if (r < 0)
1323 return r;
1324
1325 r = dns_name_concat(h, "local", 0, &k);
1326 if (r < 0)
1327 return r;
1328
1329 log_info("Hostname conflict, changing published hostname from '%s' to '%s'.", m->llmnr_hostname, h);
1330
1331 free_and_replace(m->llmnr_hostname, h);
1332 free_and_replace(m->mdns_hostname, k);
1333
1334 manager_refresh_rrs(m);
1335 (void) manager_send_changed(m, "LLMNRHostname");
1336
1337 return 0;
1338 }
1339
1340 LinkAddress* manager_find_link_address(Manager *m, int family, const union in_addr_union *in_addr) {
1341 Link *l;
1342
1343 assert(m);
1344
1345 if (!IN_SET(family, AF_INET, AF_INET6))
1346 return NULL;
1347
1348 if (!in_addr)
1349 return NULL;
1350
1351 HASHMAP_FOREACH(l, m->links) {
1352 LinkAddress *a;
1353
1354 a = link_find_address(l, family, in_addr);
1355 if (a)
1356 return a;
1357 }
1358
1359 return NULL;
1360 }
1361
1362 bool manager_packet_from_local_address(Manager *m, DnsPacket *p) {
1363 assert(m);
1364 assert(p);
1365
1366 /* Let's see if this packet comes from an IP address we have on any local interface */
1367
1368 return !!manager_find_link_address(m, p->family, &p->sender);
1369 }
1370
1371 bool manager_packet_from_our_transaction(Manager *m, DnsPacket *p) {
1372 DnsTransaction *t;
1373
1374 assert(m);
1375 assert(p);
1376
1377 /* Let's see if we have a transaction with a query message with the exact same binary contents as the
1378 * one we just got. If so, it's almost definitely a packet loop of some kind. */
1379
1380 t = hashmap_get(m->dns_transactions, UINT_TO_PTR(DNS_PACKET_ID(p)));
1381 if (!t)
1382 return false;
1383
1384 return t->sent && dns_packet_equal(t->sent, p);
1385 }
1386
1387 DnsScope* manager_find_scope(Manager *m, DnsPacket *p) {
1388 Link *l;
1389
1390 assert(m);
1391 assert(p);
1392
1393 l = hashmap_get(m->links, INT_TO_PTR(p->ifindex));
1394 if (!l)
1395 return NULL;
1396
1397 switch (p->protocol) {
1398 case DNS_PROTOCOL_LLMNR:
1399 if (p->family == AF_INET)
1400 return l->llmnr_ipv4_scope;
1401 else if (p->family == AF_INET6)
1402 return l->llmnr_ipv6_scope;
1403
1404 break;
1405
1406 case DNS_PROTOCOL_MDNS:
1407 if (p->family == AF_INET)
1408 return l->mdns_ipv4_scope;
1409 else if (p->family == AF_INET6)
1410 return l->mdns_ipv6_scope;
1411
1412 break;
1413
1414 default:
1415 break;
1416 }
1417
1418 return NULL;
1419 }
1420
1421 void manager_verify_all(Manager *m) {
1422 assert(m);
1423
1424 LIST_FOREACH(scopes, s, m->dns_scopes)
1425 dns_zone_verify_all(&s->zone);
1426 }
1427
1428 int manager_is_own_hostname(Manager *m, const char *name) {
1429 int r;
1430
1431 assert(m);
1432 assert(name);
1433
1434 if (m->llmnr_hostname) {
1435 r = dns_name_equal(name, m->llmnr_hostname);
1436 if (r != 0)
1437 return r;
1438 }
1439
1440 if (m->mdns_hostname) {
1441 r = dns_name_equal(name, m->mdns_hostname);
1442 if (r != 0)
1443 return r;
1444 }
1445
1446 if (m->full_hostname)
1447 return dns_name_equal(name, m->full_hostname);
1448
1449 return 0;
1450 }
1451
1452 int manager_compile_dns_servers(Manager *m, OrderedSet **dns) {
1453 Link *l;
1454 int r;
1455
1456 assert(m);
1457 assert(dns);
1458
1459 r = ordered_set_ensure_allocated(dns, &dns_server_hash_ops);
1460 if (r < 0)
1461 return r;
1462
1463 /* First add the system-wide servers and domains */
1464 LIST_FOREACH(servers, s, m->dns_servers) {
1465 r = ordered_set_put(*dns, s);
1466 if (r == -EEXIST)
1467 continue;
1468 if (r < 0)
1469 return r;
1470 }
1471
1472 /* Then, add the per-link servers */
1473 HASHMAP_FOREACH(l, m->links) {
1474 LIST_FOREACH(servers, s, l->dns_servers) {
1475 r = ordered_set_put(*dns, s);
1476 if (r == -EEXIST)
1477 continue;
1478 if (r < 0)
1479 return r;
1480 }
1481 }
1482
1483 /* If we found nothing, add the fallback servers */
1484 if (ordered_set_isempty(*dns)) {
1485 LIST_FOREACH(servers, s, m->fallback_dns_servers) {
1486 r = ordered_set_put(*dns, s);
1487 if (r == -EEXIST)
1488 continue;
1489 if (r < 0)
1490 return r;
1491 }
1492 }
1493
1494 return 0;
1495 }
1496
1497 /* filter_route is a tri-state:
1498 * < 0: no filtering
1499 * = 0 or false: return only domains which should be used for searching
1500 * > 0 or true: return only domains which are for routing only
1501 */
1502 int manager_compile_search_domains(Manager *m, OrderedSet **domains, int filter_route) {
1503 Link *l;
1504 int r;
1505
1506 assert(m);
1507 assert(domains);
1508
1509 r = ordered_set_ensure_allocated(domains, &dns_name_hash_ops);
1510 if (r < 0)
1511 return r;
1512
1513 LIST_FOREACH(domains, d, m->search_domains) {
1514
1515 if (filter_route >= 0 &&
1516 d->route_only != !!filter_route)
1517 continue;
1518
1519 r = ordered_set_put(*domains, d->name);
1520 if (r == -EEXIST)
1521 continue;
1522 if (r < 0)
1523 return r;
1524 }
1525
1526 HASHMAP_FOREACH(l, m->links) {
1527
1528 LIST_FOREACH(domains, d, l->search_domains) {
1529
1530 if (filter_route >= 0 &&
1531 d->route_only != !!filter_route)
1532 continue;
1533
1534 r = ordered_set_put(*domains, d->name);
1535 if (r == -EEXIST)
1536 continue;
1537 if (r < 0)
1538 return r;
1539 }
1540 }
1541
1542 return 0;
1543 }
1544
1545 DnssecMode manager_get_dnssec_mode(Manager *m) {
1546 assert(m);
1547
1548 if (m->dnssec_mode != _DNSSEC_MODE_INVALID)
1549 return m->dnssec_mode;
1550
1551 return DNSSEC_NO;
1552 }
1553
1554 bool manager_dnssec_supported(Manager *m) {
1555 DnsServer *server;
1556 Link *l;
1557
1558 assert(m);
1559
1560 if (manager_get_dnssec_mode(m) == DNSSEC_NO)
1561 return false;
1562
1563 server = manager_get_dns_server(m);
1564 if (server && !dns_server_dnssec_supported(server))
1565 return false;
1566
1567 HASHMAP_FOREACH(l, m->links)
1568 if (!link_dnssec_supported(l))
1569 return false;
1570
1571 return true;
1572 }
1573
1574 DnsOverTlsMode manager_get_dns_over_tls_mode(Manager *m) {
1575 assert(m);
1576
1577 if (m->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
1578 return m->dns_over_tls_mode;
1579
1580 return DNS_OVER_TLS_NO;
1581 }
1582
1583 void manager_dnssec_verdict(Manager *m, DnssecVerdict verdict, const DnsResourceKey *key) {
1584
1585 assert(verdict >= 0);
1586 assert(verdict < _DNSSEC_VERDICT_MAX);
1587
1588 if (DEBUG_LOGGING) {
1589 char s[DNS_RESOURCE_KEY_STRING_MAX];
1590
1591 log_debug("Found verdict for lookup %s: %s",
1592 dns_resource_key_to_string(key, s, sizeof s),
1593 dnssec_verdict_to_string(verdict));
1594 }
1595
1596 m->n_dnssec_verdict[verdict]++;
1597 }
1598
1599 bool manager_routable(Manager *m) {
1600 Link *l;
1601
1602 assert(m);
1603
1604 /* Returns true if the host has at least one interface with a routable address (regardless if IPv4 or IPv6) */
1605
1606 HASHMAP_FOREACH(l, m->links)
1607 if (link_relevant(l, AF_UNSPEC, false))
1608 return true;
1609
1610 return false;
1611 }
1612
1613 void manager_flush_caches(Manager *m, int log_level) {
1614 assert(m);
1615
1616 LIST_FOREACH(scopes, scope, m->dns_scopes)
1617 dns_cache_flush(&scope->cache);
1618
1619 log_full(log_level, "Flushed all caches.");
1620 }
1621
1622 void manager_reset_server_features(Manager *m) {
1623 Link *l;
1624
1625 dns_server_reset_features_all(m->dns_servers);
1626 dns_server_reset_features_all(m->fallback_dns_servers);
1627
1628 HASHMAP_FOREACH(l, m->links)
1629 dns_server_reset_features_all(l->dns_servers);
1630
1631 log_info("Resetting learnt feature levels on all servers.");
1632 }
1633
1634 void manager_cleanup_saved_user(Manager *m) {
1635 _cleanup_closedir_ DIR *d = NULL;
1636
1637 assert(m);
1638
1639 /* Clean up all saved per-link files in /run/systemd/resolve/netif/ that don't have a matching interface
1640 * anymore. These files are created to persist settings pushed in by the user via the bus, so that resolved can
1641 * be restarted without losing this data. */
1642
1643 d = opendir("/run/systemd/resolve/netif/");
1644 if (!d) {
1645 if (errno == ENOENT)
1646 return;
1647
1648 log_warning_errno(errno, "Failed to open interface directory: %m");
1649 return;
1650 }
1651
1652 FOREACH_DIRENT_ALL(de, d, log_error_errno(errno, "Failed to read interface directory: %m")) {
1653 _cleanup_free_ char *p = NULL;
1654 int ifindex;
1655 Link *l;
1656
1657 if (!IN_SET(de->d_type, DT_UNKNOWN, DT_REG))
1658 continue;
1659
1660 if (dot_or_dot_dot(de->d_name))
1661 continue;
1662
1663 ifindex = parse_ifindex(de->d_name);
1664 if (ifindex < 0) /* Probably some temporary file from a previous run. Delete it */
1665 goto rm;
1666
1667 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
1668 if (!l) /* link vanished */
1669 goto rm;
1670
1671 if (l->is_managed) /* now managed by networkd, hence the bus settings are useless */
1672 goto rm;
1673
1674 continue;
1675
1676 rm:
1677 p = path_join("/run/systemd/resolve/netif", de->d_name);
1678 if (!p) {
1679 log_oom();
1680 return;
1681 }
1682
1683 (void) unlink(p);
1684 }
1685 }
1686
1687 bool manager_next_dnssd_names(Manager *m) {
1688 DnssdService *s;
1689 bool tried = false;
1690 int r;
1691
1692 assert(m);
1693
1694 HASHMAP_FOREACH(s, m->dnssd_services) {
1695 _cleanup_free_ char * new_name = NULL;
1696
1697 if (!s->withdrawn)
1698 continue;
1699
1700 r = manager_next_random_name(s->name_template, &new_name);
1701 if (r < 0) {
1702 log_warning_errno(r, "Failed to get new name for service '%s': %m", s->name);
1703 continue;
1704 }
1705
1706 free_and_replace(s->name_template, new_name);
1707
1708 s->withdrawn = false;
1709
1710 tried = true;
1711 }
1712
1713 if (tried)
1714 manager_refresh_rrs(m);
1715
1716 return tried;
1717 }
1718
1719 bool manager_server_is_stub(Manager *m, DnsServer *s) {
1720 DnsStubListenerExtra *l;
1721
1722 assert(m);
1723 assert(s);
1724
1725 /* Safety check: we generally already skip the main stub when parsing configuration. But let's be
1726 * extra careful, and check here again */
1727 if (s->family == AF_INET &&
1728 s->address.in.s_addr == htobe32(INADDR_DNS_STUB) &&
1729 dns_server_port(s) == 53)
1730 return true;
1731
1732 /* Main reason to call this is to check server data against the extra listeners, and filter things
1733 * out. */
1734 ORDERED_SET_FOREACH(l, m->dns_extra_stub_listeners)
1735 if (s->family == l->family &&
1736 in_addr_equal(s->family, &s->address, &l->address) &&
1737 dns_server_port(s) == dns_stub_listener_extra_port(l))
1738 return true;
1739
1740 return false;
1741 }
1742
1743 int socket_disable_pmtud(int fd, int af) {
1744 int r;
1745
1746 assert(fd >= 0);
1747
1748 if (af == AF_UNSPEC) {
1749 af = socket_get_family(fd);
1750 if (af < 0)
1751 return af;
1752 }
1753
1754 switch (af) {
1755
1756 case AF_INET: {
1757 /* Turn off path MTU discovery, let's rather fragment on the way than to open us up against
1758 * PMTU forgery vulnerabilities.
1759 *
1760 * There appears to be no documentation about IP_PMTUDISC_OMIT, but it has the effect that
1761 * the "Don't Fragment" bit in the IPv4 header is turned off, thus enforcing fragmentation if
1762 * our datagram size exceeds the MTU of a router in the path, and turning off path MTU
1763 * discovery.
1764 *
1765 * This helps mitigating the PMTUD vulnerability described here:
1766 *
1767 * https://blog.apnic.net/2019/07/12/its-time-to-consider-avoiding-ip-fragmentation-in-the-dns/
1768 *
1769 * Similar logic is in place in most DNS servers.
1770 *
1771 * There are multiple conflicting goals: we want to allow the largest datagrams possible (for
1772 * efficiency reasons), but not have fragmentation (for security reasons), nor use PMTUD (for
1773 * security reasons, too). Our strategy to deal with this is: use large packets, turn off
1774 * PMTUD, but watch fragmentation taking place, and then size our packets to the max of the
1775 * fragments seen — and if we need larger packets always go to TCP.
1776 */
1777
1778 r = setsockopt_int(fd, IPPROTO_IP, IP_MTU_DISCOVER, IP_PMTUDISC_OMIT);
1779 if (r < 0)
1780 return r;
1781
1782 return 0;
1783 }
1784
1785 case AF_INET6: {
1786 /* On IPv6 fragmentation only is done by the sender — never by routers on the path. PMTUD is
1787 * mandatory. If we want to turn off PMTUD, the only way is by sending with minimal MTU only,
1788 * so that we apply maximum fragmentation locally already, and thus PMTUD doesn't happen
1789 * because there's nothing that could be fragmented further anymore. */
1790
1791 r = setsockopt_int(fd, IPPROTO_IPV6, IPV6_MTU, IPV6_MIN_MTU);
1792 if (r < 0)
1793 return r;
1794
1795 return 0;
1796 }
1797
1798 default:
1799 return -EAFNOSUPPORT;
1800 }
1801 }
Unnamed repository; edit this file 'description' to name the repository.