]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/resolve/resolved-manager.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
namespace: Clone root dir descriptor before use (#39939)
[thirdparty/systemd.git] / src / resolve / resolved-manager.c
CommitLineData
db9ecf05 1/* SPDX-License-Identifier: LGPL-2.1-or-later */
091a364c 2
ca78ad1d 3#include <fcntl.h>
47a71f98 4#include <linux/ipv6.h>
07630cea
LP		 5#include <netinet/in.h>
6#include <poll.h>
ca78ad1d 7#include <unistd.h>
091a364c 8
284d7641
DDM		 9#include "sd-bus.h"
10#include "sd-netlink.h"
11#include "sd-network.h"
12
a2a416f7 13#include "af-list.h"
b5efdb8a 14#include "alloc-util.h"
14a52176 15#include "daemon-util.h"
943ef07c 16#include "dirent-util.h"
5751b236 17#include "dns-answer.h"
07630cea 18#include "dns-domain.h"
5751b236
LP		 19#include "dns-packet.h"
20#include "dns-question.h"
21#include "dns-rr.h"
284d7641 22#include "errno-util.h"
ec75e8e0 23#include "event-util.h"
3ffd4af2 24#include "fd-util.h"
98b7c5e2 25#include "hostname-setup.h"
07630cea 26#include "hostname-util.h"
c004493c 27#include "io-util.h"
bd1ae178 28#include "iovec-util.h"
54401c6f 29#include "json-util.h"
2485b7e2 30#include "memstream-util.h"
47f761fd 31#include "missing-network.h"
822db23c 32#include "ordered-set.h"
6bedfcbb 33#include "parse-util.h"
3df3e884 34#include "random-util.h"
39d8db04 35#include "resolved-bus.h"
07630cea 36#include "resolved-conf.h"
7928c0e0 37#include "resolved-dns-delegate.h"
68527d30 38#include "resolved-dns-query.h"
68527d30
DDM		 39#include "resolved-dns-scope.h"
40#include "resolved-dns-search-domain.h"
41#include "resolved-dns-server.h"
b30bf55d 42#include "resolved-dns-stub.h"
68527d30 43#include "resolved-dns-transaction.h"
cb310866 44#include "resolved-dnssd.h"
dd0bc0f1 45#include "resolved-etc-hosts.h"
68527d30 46#include "resolved-link.h"
5f402ae8 47#include "resolved-llmnr.h"
07630cea 48#include "resolved-manager.h"
bc7702b0 49#include "resolved-mdns.h"
dd0bc0f1 50#include "resolved-resolv-conf.h"
68527d30 51#include "resolved-socket-graveyard.h"
75c9d6b5 52#include "resolved-util.h"
9581bb84 53#include "resolved-varlink.h"
284d7641 54#include "set.h"
1cf40697 55#include "socket-util.h"
07630cea 56#include "string-util.h"
284d7641 57#include "time-util.h"
25ff515b 58#include "varlink-util.h"
74b2466e
LP		 59
60#define SEND_TIMEOUT_USEC (200 * USEC_PER_MSEC)
61
1c4baffc 62static int manager_process_link(sd_netlink *rtnl, sd_netlink_message *mm, void *userdata) {
99534007 63 Manager *m = ASSERT_PTR(userdata);
74b2466e
LP		 64 uint16_t type;
65 Link *l;
66 int ifindex, r;
67
68 assert(rtnl);
74b2466e
LP		 69 assert(mm);
70
1c4baffc 71 r = sd_netlink_message_get_type(mm, &type);
74b2466e
LP		 72 if (r < 0)
73 goto fail;
74
75 r = sd_rtnl_message_link_get_ifindex(mm, &ifindex);
76 if (r < 0)
77 goto fail;
78
79 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
80
81 switch (type) {
82
a2a416f7
LP		 83 case RTM_NEWLINK:{
84 bool is_new = !l;
74b2466e 85
a2a416f7 86 if (!l) {
74b2466e
LP		 87 r = link_new(m, &l, ifindex);
88 if (r < 0)
89 goto fail;
90 }
91
943ef07c 92 r = link_process_rtnl(l, mm);
74b2466e
LP		 93 if (r < 0)
94 goto fail;
95
943ef07c 96 r = link_update(l);
21d73c87
LP		 97 if (r < 0)
98 goto fail;
99
a2a416f7 100 if (is_new)
6ff79f76 101 log_debug("Found new link %i/%s", ifindex, l->ifname);
a2a416f7 102
74b2466e 103 break;
a2a416f7 104 }
74b2466e
LP		 105
106 case RTM_DELLINK:
107 if (l) {
6ff79f76 108 log_debug("Removing link %i/%s", l->ifindex, l->ifname);
943ef07c 109 link_remove_user(l);
74b2466e 110 link_free(l);
562f7bde
LP		 111
112 /* Make sure DNS servers are dropped from written resolv.conf if their link goes away */
113 manager_write_resolv_conf(m);
74b2466e
LP		 114 }
115
116 break;
117 }
118
962b757d
YW		 119 /* Now check all the links, and if mDNS/llmr are disabled everywhere, stop them globally too. */
120 manager_llmnr_maybe_stop(m);
121 manager_mdns_maybe_stop(m);
54401c6f
NR		 122
123 /* The accessible flag on link DNS servers will have been reset by
124 * link_update(). Just reset the global DNS servers. */
125 (void) manager_send_dns_configuration_changed(m, NULL, /* reset= */ true);
126
74b2466e
LP		 127 return 0;
128
129fail:
da927ba9 130 log_warning_errno(r, "Failed to process RTNL link message: %m");
74b2466e
LP		 131 return 0;
132}
133
1c4baffc 134static int manager_process_address(sd_netlink *rtnl, sd_netlink_message *mm, void *userdata) {
99534007 135 Manager *m = ASSERT_PTR(userdata);
cad0fc7a 136 union in_addr_union address, broadcast = {};
74b2466e 137 uint16_t type;
0dd25fb9 138 int r, ifindex, family;
74b2466e
LP		 139 LinkAddress *a;
140 Link *l;
141
142 assert(rtnl);
143 assert(mm);
74b2466e 144
1c4baffc 145 r = sd_netlink_message_get_type(mm, &type);
74b2466e
LP		 146 if (r < 0)
147 goto fail;
148
149 r = sd_rtnl_message_addr_get_ifindex(mm, &ifindex);
150 if (r < 0)
151 goto fail;
152
153 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
154 if (!l)
155 return 0;
156
157 r = sd_rtnl_message_addr_get_family(mm, &family);
158 if (r < 0)
159 goto fail;
160
161 switch (family) {
162
163 case AF_INET:
cad0fc7a 164 sd_netlink_message_read_in_addr(mm, IFA_BROADCAST, &broadcast.in);
1c4baffc 165 r = sd_netlink_message_read_in_addr(mm, IFA_LOCAL, &address.in);
74b2466e 166 if (r < 0) {
1c4baffc 167 r = sd_netlink_message_read_in_addr(mm, IFA_ADDRESS, &address.in);
74b2466e
LP		 168 if (r < 0)
169 goto fail;
170 }
171
172 break;
173
174 case AF_INET6:
1c4baffc 175 r = sd_netlink_message_read_in6_addr(mm, IFA_LOCAL, &address.in6);
74b2466e 176 if (r < 0) {
1c4baffc 177 r = sd_netlink_message_read_in6_addr(mm, IFA_ADDRESS, &address.in6);
74b2466e
LP		 178 if (r < 0)
179 goto fail;
180 }
181
182 break;
183
184 default:
185 return 0;
186 }
187
188 a = link_find_address(l, family, &address);
189
190 switch (type) {
191
192 case RTM_NEWADDR:
193
194 if (!a) {
cad0fc7a 195 r = link_address_new(l, &a, family, &address, &broadcast);
74b2466e
LP		 196 if (r < 0)
197 return r;
198 }
199
200 r = link_address_update_rtnl(a, mm);
201 if (r < 0)
202 return r;
203
204 break;
205
206 case RTM_DELADDR:
3e044c49 207 link_address_free(a);
74b2466e
LP		 208 break;
209 }
210
54401c6f
NR		 211 (void) manager_send_dns_configuration_changed(m, l, /* reset= */ true);
212
74b2466e
LP		 213 return 0;
214
215fail:
da927ba9 216 log_warning_errno(r, "Failed to process RTNL address message: %m");
74b2466e
LP		 217 return 0;
218}
219
54401c6f
NR		 220static int manager_process_route(sd_netlink *rtnl, sd_netlink_message *mm, void *userdata) {
221 Manager *m = ASSERT_PTR(userdata);
222 Link *l = NULL;
223 uint16_t type;
224 uint32_t ifindex = 0;
225 int r;
226
227 assert(rtnl);
228 assert(mm);
229
230 r = sd_netlink_message_get_type(mm, &type);
231 if (r < 0) {
5918ba9c 232 log_warning_errno(r, "Failed to get rtnl message type, ignoring: %m");
54401c6f
NR		 233 return 0;
234 }
235
236 if (!IN_SET(type, RTM_NEWROUTE, RTM_DELROUTE)) {
237 log_warning("Unexpected message type %u when processing route, ignoring.", type);
238 return 0;
239 }
240
241 r = sd_netlink_message_read_u32(mm, RTA_OIF, &ifindex);
242 if (r < 0)
243 log_full_errno(r == -ENODATA ? LOG_DEBUG : LOG_WARNING, r, "Failed to get route ifindex, ignoring: %m");
244 else
245 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
246
247 (void) manager_send_dns_configuration_changed(m, l, /* reset= */ true);
248
249 return 0;
250}
251
74b2466e 252static int manager_rtnl_listen(Manager *m) {
4afd3348 253 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
74b2466e
LP		 254 int r;
255
256 assert(m);
257
cc98b302 258 /* First, subscribe to interfaces coming and going */
1c4baffc 259 r = sd_netlink_open(&m->rtnl);
74b2466e
LP		 260 if (r < 0)
261 return r;
262
2d895038 263 r = sd_netlink_attach_event(m->rtnl, m->event, SD_EVENT_PRIORITY_IMPORTANT);
74b2466e
LP		 264 if (r < 0)
265 return r;
266
8190a388 267 r = sd_netlink_add_match(m->rtnl, NULL, RTM_NEWLINK, manager_process_link, NULL, m, "resolve-NEWLINK");
74b2466e
LP		 268 if (r < 0)
269 return r;
270
8190a388 271 r = sd_netlink_add_match(m->rtnl, NULL, RTM_DELLINK, manager_process_link, NULL, m, "resolve-DELLINK");
74b2466e
LP		 272 if (r < 0)
273 return r;
274
8190a388 275 r = sd_netlink_add_match(m->rtnl, NULL, RTM_NEWADDR, manager_process_address, NULL, m, "resolve-NEWADDR");
74b2466e
LP		 276 if (r < 0)
277 return r;
091a364c 278
8190a388 279 r = sd_netlink_add_match(m->rtnl, NULL, RTM_DELADDR, manager_process_address, NULL, m, "resolve-DELADDR");
74b2466e
LP		 280 if (r < 0)
281 return r;
282
283 /* Then, enumerate all links */
284 r = sd_rtnl_message_new_link(m->rtnl, &req, RTM_GETLINK, 0);
285 if (r < 0)
286 return r;
287
24c0f385 288 r = sd_netlink_message_set_request_dump(req, true);
74b2466e
LP		 289 if (r < 0)
290 return r;
291
1c4baffc 292 r = sd_netlink_call(m->rtnl, req, 0, &reply);
74b2466e
LP		 293 if (r < 0)
294 return r;
295
d856e1a7 296 for (sd_netlink_message *i = reply; i; i = sd_netlink_message_next(i)) {
74b2466e
LP		 297 r = manager_process_link(m->rtnl, i, m);
298 if (r < 0)
299 return r;
300 }
301
1c4baffc
TG		 302 req = sd_netlink_message_unref(req);
303 reply = sd_netlink_message_unref(reply);
74b2466e
LP		 304
305 /* Finally, enumerate all addresses, too */
306 r = sd_rtnl_message_new_addr(m->rtnl, &req, RTM_GETADDR, 0, AF_UNSPEC);
307 if (r < 0)
308 return r;
309
24c0f385 310 r = sd_netlink_message_set_request_dump(req, true);
74b2466e
LP		 311 if (r < 0)
312 return r;
313
1c4baffc 314 r = sd_netlink_call(m->rtnl, req, 0, &reply);
74b2466e
LP		 315 if (r < 0)
316 return r;
317
d856e1a7 318 for (sd_netlink_message *i = reply; i; i = sd_netlink_message_next(i)) {
74b2466e
LP		 319 r = manager_process_address(m->rtnl, i, m);
320 if (r < 0)
321 return r;
322 }
323
324 return r;
325}
326
63b21f50 327static int on_network_event(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
99534007 328 Manager *m = ASSERT_PTR(userdata);
74b2466e
LP		 329 Link *l;
330 int r;
331
74b2466e
LP		 332 sd_network_monitor_flush(m->network_monitor);
333
90e74a66 334 HASHMAP_FOREACH(l, m->links) {
943ef07c 335 r = link_update(l);
74b2466e 336 if (r < 0)
da927ba9 337 log_warning_errno(r, "Failed to update monitor information for %i: %m", l->ifindex);
74b2466e
LP		 338 }
339
7207052d 340 (void) manager_write_resolv_conf(m);
5f3340ca 341 (void) manager_send_changed(m, "DNS");
54401c6f 342 (void) manager_send_dns_configuration_changed(m, NULL, /* reset= */ true);
74b2466e 343
962b757d
YW		 344 /* Now check all the links, and if mDNS/llmr are disabled everywhere, stop them globally too. */
345 manager_llmnr_maybe_stop(m);
346 manager_mdns_maybe_stop(m);
74b2466e
LP		 347 return 0;
348}
349
350static int manager_network_monitor_listen(Manager *m) {
351 int r, fd, events;
352
353 assert(m);
354
0014a4ad 355 r = sd_network_monitor_new(&m->network_monitor, NULL);
74b2466e
LP		 356 if (r < 0)
357 return r;
358
359 fd = sd_network_monitor_get_fd(m->network_monitor);
360 if (fd < 0)
361 return fd;
362
363 events = sd_network_monitor_get_events(m->network_monitor);
364 if (events < 0)
365 return events;
366
367 r = sd_event_add_io(m->event, &m->network_event_source, fd, events, &on_network_event, m);
368 if (r < 0)
2d895038
LP		 369 return r;
370
371 r = sd_event_source_set_priority(m->network_event_source, SD_EVENT_PRIORITY_IMPORTANT+5);
372 if (r < 0)
74b2466e
LP		 373 return r;
374
aa4a9deb
LP		 375 (void) sd_event_source_set_description(m->network_event_source, "network-monitor");
376
74b2466e
LP		 377 return 0;
378}
379
90df0fbe
LP		 380static int manager_clock_change_listen(Manager *m);
381
382static int on_clock_change(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
99534007 383 Manager *m = ASSERT_PTR(userdata);
90df0fbe
LP		 384
385 /* The clock has changed, let's flush all caches. Why that? That's because DNSSEC validation takes
386 * the system clock into consideration, and if the clock changes the old validations might have been
387 * wrong. Let's redo all validation with the new, correct time.
388 *
389 * (Also, this is triggered after system suspend, which is also a good reason to drop caches, since
390 * we might be connected to a different network now without this being visible in a dropped link
391 * carrier or so.) */
392
393 log_info("Clock change detected. Flushing caches.");
394 manager_flush_caches(m, LOG_DEBUG /* downgrade the functions own log message, since we already logged here at LOG_INFO level */);
395
396 /* The clock change timerfd is unusable after it triggered once, create a new one. */
397 return manager_clock_change_listen(m);
398}
399
400static int manager_clock_change_listen(Manager *m) {
90df0fbe
LP		 401 int r;
402
403 assert(m);
404
97935302 405 m->clock_change_event_source = sd_event_source_disable_unref(m->clock_change_event_source);
90df0fbe 406
ec75e8e0 407 r = event_add_time_change(m->event, &m->clock_change_event_source, on_clock_change, m);
90df0fbe
LP		 408 if (r < 0)
409 return log_error_errno(r, "Failed to create clock change event source: %m");
410
90df0fbe
LP		 411 return 0;
412}
413
75c9d6b5 414static int determine_hostnames(char **full_hostname, char **llmnr_hostname, char **mdns_hostname) {
eb60f9cd 415 _cleanup_free_ char *h = NULL, *n = NULL;
87057e24 416 int r;
eb60f9cd 417
e96de0ce 418 assert(full_hostname);
78c6a153
LP		 419 assert(llmnr_hostname);
420 assert(mdns_hostname);
421
75c9d6b5 422 r = resolve_system_hostname(&h, &n);
78c6a153 423 if (r < 0)
75c9d6b5 424 return r;
eb60f9cd 425
7470cc4c 426 r = dns_name_concat(n, "local", 0, mdns_hostname);
78c6a153
LP		 427 if (r < 0)
428 return log_error_errno(r, "Failed to determine mDNS hostname: %m");
429
ae2a15bc
LP		 430 *llmnr_hostname = TAKE_PTR(n);
431 *full_hostname = TAKE_PTR(h);
e96de0ce 432
eb60f9cd
LP		 433 return 0;
434}
435
05c6f341 436static char* fallback_hostname(void) {
a25b0dc8 437
05c6f341
ZJS		 438 /* Determine the fall back hostname. For exposing this system to the outside world, we cannot have it
439 * to be "localhost" even if that's the default hostname. In this case, let's revert to "linux"
440 * instead. */
a25b0dc8 441
05c6f341
ZJS		 442 _cleanup_free_ char *n = get_default_hostname();
443 if (!n)
444 return NULL;
a25b0dc8 445
05c6f341
ZJS		 446 if (is_localhost(n))
447 return strdup("linux");
448
449 return TAKE_PTR(n);
a25b0dc8
LP		 450}
451
452static int make_fallback_hostnames(char **full_hostname, char **llmnr_hostname, char **mdns_hostname) {
05c6f341 453 _cleanup_free_ char *h = NULL, *n = NULL, *m = NULL;
fd7e9887 454 char label[DNS_LABEL_MAX+1];
a25b0dc8
LP		 455 const char *p;
456 int r;
457
458 assert(full_hostname);
459 assert(llmnr_hostname);
460 assert(mdns_hostname);
461
05c6f341
ZJS		 462 p = h = fallback_hostname();
463 if (!h)
464 return log_oom();
465
7470cc4c 466 r = dns_label_unescape(&p, label, sizeof label, 0);
a25b0dc8 467 if (r < 0)
38b38500 468 return log_error_errno(r, "Failed to unescape fallback hostname: %m");
a25b0dc8
LP		 469
470 assert(r > 0); /* The fallback hostname must have at least one label */
471
472 r = dns_label_escape_new(label, r, &n);
473 if (r < 0)
474 return log_error_errno(r, "Failed to escape fallback hostname: %m");
475
7470cc4c 476 r = dns_name_concat(n, "local", 0, &m);
a25b0dc8
LP		 477 if (r < 0)
478 return log_error_errno(r, "Failed to concatenate mDNS hostname: %m");
479
ae2a15bc
LP		 480 *llmnr_hostname = TAKE_PTR(n);
481 *mdns_hostname = TAKE_PTR(m);
05c6f341 482 *full_hostname = TAKE_PTR(h);
a25b0dc8
LP		 483
484 return 0;
485}
486
eb60f9cd 487static int on_hostname_change(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
e96de0ce 488 _cleanup_free_ char *full_hostname = NULL, *llmnr_hostname = NULL, *mdns_hostname = NULL;
99534007 489 Manager *m = ASSERT_PTR(userdata);
86c0411e 490 bool llmnr_hostname_changed;
eb60f9cd
LP		 491 int r;
492
75c9d6b5
ZJS		 493 r = determine_hostnames(&full_hostname, &llmnr_hostname, &mdns_hostname);
494 if (r < 0) {
495 log_warning_errno(r, "Failed to determine the local hostname and LLMNR/mDNS names, ignoring: %m");
eb60f9cd 496 return 0; /* ignore invalid hostnames */
75c9d6b5 497 }
eb60f9cd 498
86c0411e 499 llmnr_hostname_changed = !streq(llmnr_hostname, m->llmnr_hostname);
e96de0ce 500 if (streq(full_hostname, m->full_hostname) &&
86c0411e 501 !llmnr_hostname_changed &&
e96de0ce 502 streq(mdns_hostname, m->mdns_hostname))
eb60f9cd
LP		 503 return 0;
504
e96de0ce 505 log_info("System hostname changed to '%s'.", full_hostname);
78c6a153 506
e96de0ce
LP		 507 free_and_replace(m->full_hostname, full_hostname);
508 free_and_replace(m->llmnr_hostname, llmnr_hostname);
509 free_and_replace(m->mdns_hostname, mdns_hostname);
eb60f9cd
LP		 510
511 manager_refresh_rrs(m);
86c0411e 512 (void) manager_send_changed(m, "LLMNRHostname");
eb60f9cd
LP		 513
514 return 0;
515}
516
517static int manager_watch_hostname(Manager *m) {
eb60f9cd
LP		 518 int r;
519
520 assert(m);
521
db4a47e9
LP		 522 m->hostname_fd = open("/proc/sys/kernel/hostname",
523 O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
eb60f9cd 524 if (m->hostname_fd < 0) {
56f64d95 525 log_warning_errno(errno, "Failed to watch hostname: %m");
eb60f9cd
LP		 526 return 0;
527 }
528
529 r = sd_event_add_io(m->event, &m->hostname_event_source, m->hostname_fd, 0, on_hostname_change, m);
cc983fc9
YW		 530 if (r < 0)
531 return log_error_errno(r, "Failed to add hostname event source: %m");
eb60f9cd 532
aa4a9deb
LP		 533 (void) sd_event_source_set_description(m->hostname_event_source, "hostname");
534
75c9d6b5 535 r = determine_hostnames(&m->full_hostname, &m->llmnr_hostname, &m->mdns_hostname);
eb60f9cd 536 if (r < 0) {
999c2486
LP		 537 _cleanup_free_ char *d = NULL;
538
539 d = fallback_hostname();
540 if (!d)
541 return log_oom();
542
543 log_info("Defaulting to hostname '%s'.", d);
78c6a153 544
a25b0dc8
LP		 545 r = make_fallback_hostnames(&m->full_hostname, &m->llmnr_hostname, &m->mdns_hostname);
546 if (r < 0)
547 return r;
eb60f9cd 548 } else
e96de0ce 549 log_info("Using system hostname '%s'.", m->full_hostname);
eb60f9cd
LP		 550
551 return 0;
552}
553
4d506d6b 554static int manager_sigusr1(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
2485b7e2 555 _cleanup_(memstream_done) MemStream ms = {};
99534007 556 Manager *m = ASSERT_PTR(userdata);
cf84484a 557 Link *l;
2485b7e2 558 FILE *f;
4d506d6b
LP		 559
560 assert(s);
561 assert(si);
4d506d6b 562
2485b7e2 563 f = memstream_init(&ms);
4d506d6b
LP		 564 if (!f)
565 return log_oom();
566
567 LIST_FOREACH(scopes, scope, m->dns_scopes)
568 dns_scope_dump(scope, f);
569
cf84484a
LP		 570 LIST_FOREACH(servers, server, m->dns_servers)
571 dns_server_dump(server, f);
572 LIST_FOREACH(servers, server, m->fallback_dns_servers)
573 dns_server_dump(server, f);
90e74a66 574 HASHMAP_FOREACH(l, m->links)
cf84484a
LP		 575 LIST_FOREACH(servers, server, l->dns_servers)
576 dns_server_dump(server, f);
7928c0e0
LP		 577 DnsDelegate *delegate;
578 HASHMAP_FOREACH(delegate, m->delegates)
579 LIST_FOREACH(servers, server, delegate->dns_servers)
580 dns_server_dump(server, f);
cf84484a 581
2485b7e2 582 return memstream_dump(LOG_INFO, &ms);
4d506d6b
LP		 583}
584
bc81447e 585static int manager_sigusr2(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
99534007 586 Manager *m = ASSERT_PTR(userdata);
bc81447e
LP		 587
588 assert(s);
589 assert(si);
bc81447e 590
90df0fbe 591 manager_flush_caches(m, LOG_INFO);
ba35662f 592
bc81447e
LP		 593 return 0;
594}
595
d55b0463 596static int manager_sigrtmin1(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
99534007 597 Manager *m = ASSERT_PTR(userdata);
d55b0463
LP		 598
599 assert(s);
600 assert(si);
d55b0463
LP		 601
602 manager_reset_server_features(m);
603 return 0;
604}
605
bb351718
LP		 606static int manager_memory_pressure(sd_event_source *s, void *userdata) {
607 Manager *m = ASSERT_PTR(userdata);
608
609 log_info("Under memory pressure, flushing caches.");
610
611 manager_flush_caches(m, LOG_INFO);
612 sd_event_trim_memory();
613
614 return 0;
615}
616
617static int manager_memory_pressure_listen(Manager *m) {
618 int r;
619
620 assert(m);
621
622 r = sd_event_add_memory_pressure(m->event, NULL, manager_memory_pressure, m);
623 if (r < 0)
624 log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) || ERRNO_IS_PRIVILEGE(r) || (r == -EHOSTDOWN )? LOG_DEBUG : LOG_NOTICE, r,
625 "Failed to install memory pressure event source, ignoring: %m");
626
627 return 0;
628}
629
14a52176
LB		 630static void manager_set_defaults(Manager *m) {
631 assert(m);
632
633 m->llmnr_support = DEFAULT_LLMNR_MODE;
634 m->mdns_support = DEFAULT_MDNS_MODE;
635 m->dnssec_mode = DEFAULT_DNSSEC_MODE;
636 m->dns_over_tls_mode = DEFAULT_DNS_OVER_TLS_MODE;
637 m->enable_cache = DNS_CACHE_MODE_YES;
638 m->dns_stub_listener_mode = DNS_STUB_LISTENER_YES;
639 m->read_etc_hosts = true;
640 m->resolve_unicast_single_label = false;
641 m->cache_from_localhost = false;
642 m->stale_retention_usec = 0;
e644b332 643 m->refuse_record_types = set_free(m->refuse_record_types);
ca1d2ae5 644 m->resolv_conf_stat = (struct stat) {};
14a52176
LB		 645}
646
647static int manager_dispatch_reload_signal(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
648 Manager *m = ASSERT_PTR(userdata);
6d224720 649 Link *l;
14a52176
LB		 650 int r;
651
652 (void) notify_reloading();
653
14a52176
LB		 654 dns_server_unlink_on_reload(m->dns_servers);
655 dns_server_unlink_on_reload(m->fallback_dns_servers);
656 m->dns_extra_stub_listeners = ordered_set_free(m->dns_extra_stub_listeners);
752cdf50 657 manager_dns_stub_stop(m);
108bd5c2 658 dnssd_registered_service_clear_on_reload(m->dnssd_registered_services);
14a52176 659 m->unicast_scope = dns_scope_free(m->unicast_scope);
7928c0e0 660 m->delegates = hashmap_free(m->delegates);
14a52176
LB		 661 dns_trust_anchor_flush(&m->trust_anchor);
662
9ed99b07
YW		 663 manager_set_defaults(m);
664
14a52176
LB		 665 r = dns_trust_anchor_load(&m->trust_anchor);
666 if (r < 0)
9ed99b07 667 return sd_event_exit(sd_event_source_get_event(s), r);
14a52176
LB		 668
669 r = manager_parse_config_file(m);
670 if (r < 0)
9ed99b07 671 log_warning_errno(r, "Failed to parse configuration file on reload, ignoring: %m");
14a52176
LB		 672 else
673 log_info("Config file reloaded.");
674
9ed99b07
YW		 675 (void) dnssd_load(m);
676 (void) manager_load_delegates(m);
7928c0e0 677
14a52176
LB		 678 /* The default scope configuration is influenced by the manager's configuration (modes, etc.), so
679 * recreate it on reload. */
7928c0e0 680 r = dns_scope_new(m, &m->unicast_scope, DNS_SCOPE_GLOBAL, /* link= */ NULL, /* delegate= */ NULL, DNS_PROTOCOL_DNS, AF_UNSPEC);
14a52176 681 if (r < 0)
9ed99b07 682 return sd_event_exit(sd_event_source_get_event(s), r);
14a52176 683
6d224720
NR		 684 /* A link's unicast scope may also be influenced by the manager's configuration. I.e., DNSSEC= and DNSOverTLS=
685 * from the manager will be used if not explicitly configured on the link. Free the scopes here so that
686 * link_allocate_scopes() in on_network_event() re-creates them. */
687 HASHMAP_FOREACH(l, m->links)
688 l->unicast_scope = dns_scope_free(l->unicast_scope);
689
14a52176
LB		 690 /* The configuration has changed, so reload the per-interface configuration too in order to take
691 * into account any changes (e.g.: enable/disable DNSSEC). */
63b21f50 692 r = on_network_event(/* source= */ NULL, -EBADF, /* revents= */ 0, m);
14a52176 693 if (r < 0)
9ed99b07 694 log_warning_errno(r, "Failed to update network information on reload, ignoring: %m");
14a52176
LB		 695
696 /* We have new configuration, which means potentially new servers, so close all connections and drop
697 * all caches, so that we can start fresh. */
698 (void) dns_stream_disconnect_all(m);
699 manager_flush_caches(m, LOG_INFO);
700 manager_verify_all(m);
701
752cdf50
YW		 702 r = manager_dns_stub_start(m);
703 if (r < 0)
704 return sd_event_exit(sd_event_source_get_event(s), r);
705
c147cd9a 706 (void) sd_notify(/* unset_environment= */ false, NOTIFY_READY_MESSAGE);
14a52176
LB		 707 return 0;
708}
709
091a364c 710int manager_new(Manager **ret) {
74b2466e 711 _cleanup_(manager_freep) Manager *m = NULL;
091a364c
TG		 712 int r;
713
c92e531c
LP		 714 assert(ret);
715
f55f2dce 716 m = new(Manager, 1);
091a364c
TG		 717 if (!m)
718 return -ENOMEM;
719
f55f2dce 720 *m = (Manager) {
254d1313
ZJS		 721 .llmnr_ipv4_udp_fd = -EBADF,
722 .llmnr_ipv6_udp_fd = -EBADF,
723 .llmnr_ipv4_tcp_fd = -EBADF,
724 .llmnr_ipv6_tcp_fd = -EBADF,
725 .mdns_ipv4_fd = -EBADF,
726 .mdns_ipv6_fd = -EBADF,
727 .hostname_fd = -EBADF,
f55f2dce 728
f55f2dce
YW		 729 .read_resolv_conf = true,
730 .need_builtin_fallbacks = true,
731 .etc_hosts_last = USEC_INFINITY,
bb351718
LP		 732
733 .sigrtmin18_info.memory_pressure_handler = manager_memory_pressure,
734 .sigrtmin18_info.memory_pressure_userdata = m,
f55f2dce 735 };
091a364c 736
14a52176
LB		 737 manager_set_defaults(m);
738
0d2cd476
LP		 739 r = dns_trust_anchor_load(&m->trust_anchor);
740 if (r < 0)
741 return r;
742
ad6c0475
LP		 743 r = manager_parse_config_file(m);
744 if (r < 0)
872603b5 745 log_warning_errno(r, "Failed to parse configuration file, ignoring: %m");
ad6c0475 746
e22c5b20 747#if ENABLE_DNS_OVER_TLS
71a681ae
IT		 748 r = dnstls_manager_init(m);
749 if (r < 0)
750 return r;
e22c5b20
IT		 751#endif
752
091a364c
TG		 753 r = sd_event_default(&m->event);
754 if (r < 0)
755 return r;
756
d7a6bb98
LP		 757 r = sd_event_set_signal_exit(m->event, true);
758 if (r < 0)
759 return r;
091a364c 760
1ae17292 761 (void) sd_event_set_watchdog(m->event, true);
091a364c 762
eb60f9cd
LP		 763 r = manager_watch_hostname(m);
764 if (r < 0)
765 return r;
766
872603b5
YW		 767 (void) dnssd_load(m);
768 (void) manager_load_delegates(m);
7928c0e0
LP		 769
770 r = dns_scope_new(m, &m->unicast_scope, DNS_SCOPE_GLOBAL, /* link= */ NULL, /* delegate= */ NULL, DNS_PROTOCOL_DNS, AF_UNSPEC);
74b2466e
LP		 771 if (r < 0)
772 return r;
773
774 r = manager_network_monitor_listen(m);
775 if (r < 0)
776 return r;
777
778 r = manager_rtnl_listen(m);
779 if (r < 0)
780 return r;
781
90df0fbe
LP		 782 r = manager_clock_change_listen(m);
783 if (r < 0)
784 return r;
785
bb351718
LP		 786 r = manager_memory_pressure_listen(m);
787 if (r < 0)
788 return r;
789
74b2466e
LP		 790 r = manager_connect_bus(m);
791 if (r < 0)
792 return r;
793
00299a80 794 r = sd_event_add_signal(m->event, /* ret= */ NULL, SIGHUP | SD_EVENT_SIGNAL_PROCMASK, manager_dispatch_reload_signal, m);
d7a6bb98 795 if (r < 0)
5918ba9c 796 return log_debug_errno(r, "Failed to install SIGHUP handler: %m");
d7a6bb98 797
00299a80 798 r = sd_event_add_signal(m->event, /* ret= */ NULL, SIGUSR1 | SD_EVENT_SIGNAL_PROCMASK, manager_sigusr1, m);
d7a6bb98 799 if (r < 0)
5918ba9c 800 return log_debug_errno(r, "Failed to install SIGUSR1 handler: %m");
d7a6bb98 801
00299a80 802 r = sd_event_add_signal(m->event, /* ret= */ NULL, SIGUSR2 | SD_EVENT_SIGNAL_PROCMASK, manager_sigusr2, m);
d7a6bb98 803 if (r < 0)
5918ba9c 804 return log_debug_errno(r, "Failed to install SIGUSR2 handler: %m");
d7a6bb98 805
00299a80 806 r = sd_event_add_signal(m->event, /* ret= */ NULL, (SIGRTMIN+1) | SD_EVENT_SIGNAL_PROCMASK, manager_sigrtmin1, m);
d7a6bb98 807 if (r < 0)
5918ba9c 808 return log_debug_errno(r, "Failed to install SIGRTMIN+1 handler: %m");
d7a6bb98 809
00299a80 810 r = sd_event_add_signal(m->event, /* ret= */ NULL, (SIGRTMIN+18) | SD_EVENT_SIGNAL_PROCMASK, sigrtmin18_handler, &m->sigrtmin18_info);
d7a6bb98 811 if (r < 0)
5918ba9c 812 return log_debug_errno(r, "Failed to install SIGRTMIN+18 handler: %m");
4d506d6b 813
943ef07c
LP		 814 manager_cleanup_saved_user(m);
815
1cc6c93a 816 *ret = TAKE_PTR(m);
091a364c
TG		 817
818 return 0;
819}
820
edc501d4
LP		 821int manager_start(Manager *m) {
822 int r;
823
824 assert(m);
825
b30bf55d
LP		 826 r = manager_dns_stub_start(m);
827 if (r < 0)
828 return r;
829
9581bb84
LP		 830 r = manager_varlink_init(m);
831 if (r < 0)
832 return r;
833
edc501d4
LP		 834 return 0;
835}
836
450a4edf 837Manager* manager_free(Manager *m) {
74b2466e 838 Link *l;
108bd5c2 839 DnssdRegisteredService *s;
8458b7fb 840 DnsServiceBrowser *sb;
091a364c
TG		 841
842 if (!m)
74b2466e
LP		 843 return NULL;
844
4b95f179
LP		 845 dns_server_unlink_all(m->dns_servers);
846 dns_server_unlink_all(m->fallback_dns_servers);
a51c1048
LP		 847 dns_search_domain_unlink_all(m->search_domains);
848
74b2466e
LP		 849 while ((l = hashmap_first(m->links)))
850 link_free(l);
f0e15467 851
7928c0e0
LP		 852 m->delegates = hashmap_free(m->delegates);
853
f0e15467
LP		 854 while (m->dns_queries)
855 dns_query_free(m->dns_queries);
74b2466e 856
bde69bbd 857 m->stub_queries_by_packet = hashmap_free(m->stub_queries_by_packet);
7928c0e0 858 m->unicast_scope = dns_scope_free(m->unicast_scope);
cab5b059 859
b30bf55d
LP		 860 /* At this point only orphaned streams should remain. All others should have been freed already by their
861 * owners */
862 while (m->dns_streams)
863 dns_stream_unref(m->dns_streams);
864
e22c5b20
IT		 865#if ENABLE_DNS_OVER_TLS
866 dnstls_manager_free(m);
867#endif
868
81ae2237 869 set_free(m->refuse_record_types);
f0e15467
LP		 870 hashmap_free(m->links);
871 hashmap_free(m->dns_transactions);
872
096b6773
LP		 873 sd_event_source_unref(m->network_event_source);
874 sd_network_monitor_unref(m->network_monitor);
091a364c 875
54401c6f
NR		 876 sd_netlink_slot_unref(m->netlink_new_route_slot);
877 sd_netlink_slot_unref(m->netlink_del_route_slot);
a564ca2f
LP		 878 sd_netlink_unref(m->rtnl);
879 sd_event_source_unref(m->rtnl_event_source);
90df0fbe 880 sd_event_source_unref(m->clock_change_event_source);
a564ca2f 881
54401c6f
NR		 882 sd_json_variant_unref(m->dns_configuration_json);
883
edc501d4 884 manager_llmnr_stop(m);
bc7702b0 885 manager_mdns_stop(m);
b30bf55d 886 manager_dns_stub_stop(m);
9581bb84 887 manager_varlink_done(m);
623a4c97 888
80710ade
LP		 889 manager_socket_graveyard_clear(m);
890
46505826 891 ordered_set_free(m->dns_extra_stub_listeners);
1f05101f 892
2a1ffd3e 893 hashmap_free(m->polkit_registry);
2400ae29 894
92e31da1 895 sd_bus_flush_close_unref(m->bus);
091a364c 896
78c6a153
LP		 897 dns_resource_key_unref(m->llmnr_host_ipv4_key);
898 dns_resource_key_unref(m->llmnr_host_ipv6_key);
400cb36e
DR		 899 dns_resource_key_unref(m->mdns_host_ipv4_key);
900 dns_resource_key_unref(m->mdns_host_ipv6_key);
eb60f9cd 901
eb60f9cd 902 sd_event_source_unref(m->hostname_event_source);
d9fcf2ba 903 safe_close(m->hostname_fd);
e96de0ce 904
f2ec080e
ZJS		 905 sd_event_unref(m->event);
906
e96de0ce 907 free(m->full_hostname);
78c6a153
LP		 908 free(m->llmnr_hostname);
909 free(m->mdns_hostname);
eb60f9cd 910
108bd5c2
VCS		 911 while ((s = hashmap_first(m->dnssd_registered_services)))
912 dnssd_registered_service_free(s);
913 hashmap_free(m->dnssd_registered_services);
6501dd31 914
0d2cd476 915 dns_trust_anchor_flush(&m->trust_anchor);
dd0bc0f1 916 manager_etc_hosts_flush(m);
0d2cd476 917
8458b7fb
VCS		 918 while ((sb = hashmap_first(m->dns_service_browsers)))
919 dns_service_browser_free(sb);
920 hashmap_free(m->dns_service_browsers);
921
8209f4ad
LP		 922 hashmap_free(m->hooks);
923
6b430fdb 924 return mfree(m);
091a364c
TG		 925}
926
1716f6dc 927int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) {
74b2466e 928 _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
fb29cdbe
LP		 929 CMSG_BUFFER_TYPE(CMSG_SPACE(MAXSIZE(struct in_pktinfo, struct in6_pktinfo))
930 + CMSG_SPACE(int) /* ttl/hoplimit */
931 + EXTRA_CMSG_SPACE /* kernel appears to require extra buffer space */) control;
1716f6dc 932 union sockaddr_union sa;
74b2466e 933 struct iovec iov;
f55f2dce
YW		 934 struct msghdr mh = {
935 .msg_name = &sa.sa,
936 .msg_namelen = sizeof(sa),
937 .msg_iov = &iov,
938 .msg_iovlen = 1,
939 .msg_control = &control,
940 .msg_controllen = sizeof(control),
941 };
942 struct cmsghdr *cmsg;
4edc2c9b
LP		 943 ssize_t ms, l;
944 int r;
74b2466e
LP		 945
946 assert(m);
1716f6dc 947 assert(fd >= 0);
74b2466e
LP		 948 assert(ret);
949
4edc2c9b 950 ms = next_datagram_size_fd(fd);
74b2466e 951 if (ms < 0)
4edc2c9b 952 return ms;
74b2466e 953
51027656 954 r = dns_packet_new(&p, protocol, ms, DNS_PACKET_SIZE_MAX);
74b2466e
LP		 955 if (r < 0)
956 return r;
957
cb310866 958 iov = IOVEC_MAKE(DNS_PACKET_DATA(p), p->allocated);
74b2466e 959
3691bcf3 960 l = recvmsg_safe(fd, &mh, 0);
bb44fd07 961 if (ERRNO_IS_NEG_TRANSIENT(l))
8add30a0 962 return 0;
bb44fd07
ZJS		 963 if (l <= 0)
964 return l;
091a364c 965
74b2466e 966 p->size = (size_t) l;
091a364c 967
1716f6dc 968 p->family = sa.sa.sa_family;
623a4c97
LP		 969 p->ipproto = IPPROTO_UDP;
970 if (p->family == AF_INET) {
1716f6dc 971 p->sender.in = sa.in.sin_addr;
623a4c97
LP		 972 p->sender_port = be16toh(sa.in.sin_port);
973 } else if (p->family == AF_INET6) {
1716f6dc 974 p->sender.in6 = sa.in6.sin6_addr;
623a4c97
LP		 975 p->sender_port = be16toh(sa.in6.sin6_port);
976 p->ifindex = sa.in6.sin6_scope_id;
977 } else
1716f6dc 978 return -EAFNOSUPPORT;
74b2466e 979
ba4e0427 980 p->timestamp = now(CLOCK_BOOTTIME);
5777c613 981
2a1288ff 982 CMSG_FOREACH(cmsg, &mh) {
74b2466e 983
1716f6dc
LP		 984 if (cmsg->cmsg_level == IPPROTO_IPV6) {
985 assert(p->family == AF_INET6);
74b2466e 986
1716f6dc 987 switch (cmsg->cmsg_type) {
74b2466e 988
1716f6dc 989 case IPV6_PKTINFO: {
b1d02191 990 struct in6_pktinfo *i = CMSG_TYPED_DATA(cmsg, struct in6_pktinfo);
74b2466e 991
623a4c97
LP		 992 if (p->ifindex <= 0)
993 p->ifindex = i->ipi6_ifindex;
994
1716f6dc
LP		 995 p->destination.in6 = i->ipi6_addr;
996 break;
997 }
74b2466e 998
1716f6dc 999 case IPV6_HOPLIMIT:
b1d02191 1000 p->ttl = *CMSG_TYPED_DATA(cmsg, int);
1716f6dc 1001 break;
74b2466e 1002
20a001bd 1003 case IPV6_RECVFRAGSIZE:
b1d02191 1004 p->fragsize = *CMSG_TYPED_DATA(cmsg, int);
20a001bd 1005 break;
1716f6dc
LP		 1006 }
1007 } else if (cmsg->cmsg_level == IPPROTO_IP) {
1008 assert(p->family == AF_INET);
74b2466e 1009
1716f6dc 1010 switch (cmsg->cmsg_type) {
74b2466e 1011
1716f6dc 1012 case IP_PKTINFO: {
b1d02191 1013 struct in_pktinfo *i = CMSG_TYPED_DATA(cmsg, struct in_pktinfo);
091a364c 1014
623a4c97
LP		 1015 if (p->ifindex <= 0)
1016 p->ifindex = i->ipi_ifindex;
1017
1716f6dc
LP		 1018 p->destination.in = i->ipi_addr;
1019 break;
1020 }
74b2466e 1021
623a4c97 1022 case IP_TTL:
b1d02191 1023 p->ttl = *CMSG_TYPED_DATA(cmsg, int);
1716f6dc 1024 break;
20a001bd
LP		 1025
1026 case IP_RECVFRAGSIZE:
b1d02191 1027 p->fragsize = *CMSG_TYPED_DATA(cmsg, int);
20a001bd 1028 break;
1716f6dc
LP		 1029 }
1030 }
1031 }
74b2466e 1032
623a4c97
LP		 1033 /* The Linux kernel sets the interface index to the loopback
1034 * device if the packet came from the local host since it
1035 * avoids the routing table in such a case. Let's unset the
1036 * interface index in such a case. */
a5f03596 1037 if (p->ifindex == LOOPBACK_IFINDEX)
623a4c97
LP		 1038 p->ifindex = 0;
1039
86ad4cd7
TG		 1040 if (protocol != DNS_PROTOCOL_DNS) {
1041 /* If we don't know the interface index still, we look for the
1042 * first local interface with a matching address. Yuck! */
1043 if (p->ifindex <= 0)
1044 p->ifindex = manager_find_ifindex(m, p->family, &p->destination);
1045 }
623a4c97 1046
c0f86d66 1047 log_debug("Received %s UDP packet of size %zu, ifindex=%i, ttl=%u, fragsize=%zu, sender=%s, destination=%s",
84dbb3fd
ZJS		 1048 dns_protocol_to_string(protocol), p->size, p->ifindex, p->ttl, p->fragsize,
1049 IN_ADDR_TO_STRING(p->family, &p->sender),
1050 IN_ADDR_TO_STRING(p->family, &p->destination));
74b2466e 1051
f7155840 1052 *ret = TAKE_PTR(p);
74b2466e
LP		 1053 return 1;
1054}
1055
ed6c5178 1056int sendmsg_loop(int fd, struct msghdr *mh, int flags) {
6d66a221 1057 usec_t end;
74b2466e
LP		 1058 int r;
1059
1060 assert(fd >= 0);
1061 assert(mh);
1062
6d66a221
LP		 1063 end = usec_add(now(CLOCK_MONOTONIC), SEND_TIMEOUT_USEC);
1064
74b2466e
LP		 1065 for (;;) {
1066 if (sendmsg(fd, mh, flags) >= 0)
1067 return 0;
74b2466e
LP		 1068 if (errno == EINTR)
1069 continue;
74b2466e
LP		 1070 if (errno != EAGAIN)
1071 return -errno;
1072
6d66a221 1073 r = fd_wait_for_event(fd, POLLOUT, LESS_BY(end, now(CLOCK_MONOTONIC)));
bb44fd07
ZJS		 1074 if (ERRNO_IS_NEG_TRANSIENT(r))
1075 continue;
1076 if (r < 0)
74b2466e
LP		 1077 return r;
1078 if (r == 0)
1079 return -ETIMEDOUT;
1080 }
1081}
1082
72290734 1083static int write_loop(int fd, void *message, size_t length) {
6d66a221 1084 usec_t end;
72290734
TG		 1085 int r;
1086
1087 assert(fd >= 0);
1088 assert(message);
1089
6d66a221
LP		 1090 end = usec_add(now(CLOCK_MONOTONIC), SEND_TIMEOUT_USEC);
1091
72290734
TG		 1092 for (;;) {
1093 if (write(fd, message, length) >= 0)
1094 return 0;
72290734
TG		 1095 if (errno == EINTR)
1096 continue;
72290734
TG		 1097 if (errno != EAGAIN)
1098 return -errno;
1099
6d66a221 1100 r = fd_wait_for_event(fd, POLLOUT, LESS_BY(end, now(CLOCK_MONOTONIC)));
bb44fd07
ZJS		 1101 if (ERRNO_IS_NEG_TRANSIENT(r))
1102 continue;
1103 if (r < 0)
72290734
TG		 1104 return r;
1105 if (r == 0)
1106 return -ETIMEDOUT;
1107 }
1108}
1109
1110int manager_write(Manager *m, int fd, DnsPacket *p) {
1111 int r;
1112
76f77229
LP		 1113 log_debug("Sending %s%s packet with id %" PRIu16 " of size %zu.",
1114 DNS_PACKET_TC(p) ? "truncated (!) " : "",
1115 DNS_PACKET_QR(p) ? "response" : "query",
1116 DNS_PACKET_ID(p),
1117 p->size);
72290734
TG		 1118
1119 r = write_loop(fd, DNS_PACKET_DATA(p), p->size);
1120 if (r < 0)
1121 return r;
1122
1123 return 0;
1124}
1125
b30bf55d
LP		 1126static int manager_ipv4_send(
1127 Manager *m,
1128 int fd,
1129 int ifindex,
1130 const struct in_addr *destination,
1131 uint16_t port,
1132 const struct in_addr *source,
1133 DnsPacket *p) {
fb29cdbe
LP		 1134
1135 CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct in_pktinfo))) control = {};
f55f2dce 1136 union sockaddr_union sa;
74b2466e 1137 struct iovec iov;
f55f2dce
YW		 1138 struct msghdr mh = {
1139 .msg_iov = &iov,
1140 .msg_iovlen = 1,
1141 .msg_name = &sa.sa,
1142 .msg_namelen = sizeof(sa.in),
1143 };
74b2466e
LP		 1144
1145 assert(m);
1716f6dc 1146 assert(fd >= 0);
b30bf55d 1147 assert(destination);
1716f6dc 1148 assert(port > 0);
74b2466e
LP		 1149 assert(p);
1150
cb310866 1151 iov = IOVEC_MAKE(DNS_PACKET_DATA(p), p->size);
091a364c 1152
f55f2dce
YW		 1153 sa = (union sockaddr_union) {
1154 .in.sin_family = AF_INET,
1155 .in.sin_addr = *destination,
1156 .in.sin_port = htobe16(port),
1157 };
091a364c 1158
74b2466e
LP		 1159 if (ifindex > 0) {
1160 struct cmsghdr *cmsg;
1161 struct in_pktinfo *pi;
1162
1716f6dc 1163 mh.msg_control = &control;
a258f491 1164 mh.msg_controllen = sizeof(control);
74b2466e
LP		 1165
1166 cmsg = CMSG_FIRSTHDR(&mh);
a258f491 1167 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
74b2466e
LP		 1168 cmsg->cmsg_level = IPPROTO_IP;
1169 cmsg->cmsg_type = IP_PKTINFO;
1170
b5d39bb3 1171 pi = CMSG_TYPED_DATA(cmsg, struct in_pktinfo);
74b2466e 1172 pi->ipi_ifindex = ifindex;
b30bf55d
LP		 1173
1174 if (source)
1175 pi->ipi_spec_dst = *source;
74b2466e
LP		 1176 }
1177
1178 return sendmsg_loop(fd, &mh, 0);
1179}
1180
b30bf55d
LP		 1181static int manager_ipv6_send(
1182 Manager *m,
1183 int fd,
1184 int ifindex,
1185 const struct in6_addr *destination,
1186 uint16_t port,
1187 const struct in6_addr *source,
1188 DnsPacket *p) {
1189
fb29cdbe 1190 CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct in6_pktinfo))) control = {};
f55f2dce 1191 union sockaddr_union sa;
74b2466e 1192 struct iovec iov;
f55f2dce
YW		 1193 struct msghdr mh = {
1194 .msg_iov = &iov,
1195 .msg_iovlen = 1,
1196 .msg_name = &sa.sa,
1197 .msg_namelen = sizeof(sa.in6),
1198 };
74b2466e
LP		 1199
1200 assert(m);
1716f6dc 1201 assert(fd >= 0);
b30bf55d 1202 assert(destination);
1716f6dc 1203 assert(port > 0);
74b2466e
LP		 1204 assert(p);
1205
cb310866 1206 iov = IOVEC_MAKE(DNS_PACKET_DATA(p), p->size);
74b2466e 1207
f55f2dce
YW		 1208 sa = (union sockaddr_union) {
1209 .in6.sin6_family = AF_INET6,
1210 .in6.sin6_addr = *destination,
1211 .in6.sin6_port = htobe16(port),
1212 .in6.sin6_scope_id = ifindex,
1213 };
74b2466e
LP		 1214
1215 if (ifindex > 0) {
1216 struct cmsghdr *cmsg;
1217 struct in6_pktinfo *pi;
1218
1716f6dc 1219 mh.msg_control = &control;
a258f491 1220 mh.msg_controllen = sizeof(control);
74b2466e
LP		 1221
1222 cmsg = CMSG_FIRSTHDR(&mh);
a258f491 1223 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
74b2466e
LP		 1224 cmsg->cmsg_level = IPPROTO_IPV6;
1225 cmsg->cmsg_type = IPV6_PKTINFO;
1226
b5d39bb3 1227 pi = CMSG_TYPED_DATA(cmsg, struct in6_pktinfo);
74b2466e 1228 pi->ipi6_ifindex = ifindex;
b30bf55d
LP		 1229
1230 if (source)
1231 pi->ipi6_addr = *source;
74b2466e
LP		 1232 }
1233
1234 return sendmsg_loop(fd, &mh, 0);
1235}
1236
309a747f
LP		 1237static int dns_question_to_json(DnsQuestion *q, sd_json_variant **ret) {
1238 _cleanup_(sd_json_variant_unrefp) sd_json_variant *l = NULL;
72c2d39e
LP		 1239 DnsResourceKey *key;
1240 int r;
1241
1242 assert(ret);
1243
1244 DNS_QUESTION_FOREACH(key, q) {
309a747f 1245 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
72c2d39e
LP		 1246
1247 r = dns_resource_key_to_json(key, &v);
1248 if (r < 0)
1249 return r;
1250
309a747f 1251 r = sd_json_variant_append_array(&l, v);
72c2d39e
LP		 1252 if (r < 0)
1253 return r;
1254 }
1255
1256 *ret = TAKE_PTR(l);
1257 return 0;
1258}
1259
d9f9b8ce 1260int manager_monitor_send(Manager *m, DnsQuery *q) {
309a747f 1261 _cleanup_(sd_json_variant_unrefp) sd_json_variant *jquestion = NULL, *jcollected_questions = NULL, *janswer = NULL;
72c2d39e 1262 _cleanup_(dns_question_unrefp) DnsQuestion *merged = NULL;
72c2d39e
LP		 1263 DnsAnswerItem *rri;
1264 int r;
cb456374
SK		 1265
1266 assert(m);
1267
cf22b5c5 1268 if (set_isempty(m->varlink_query_results_subscription))
cb456374
SK		 1269 return 0;
1270
ae55c9c0 1271 /* Merge all questions into one */
d9f9b8ce 1272 r = dns_question_merge(q->question_idna, q->question_utf8, &merged);
72c2d39e
LP		 1273 if (r < 0)
1274 return log_error_errno(r, "Failed to merge UTF8/IDNA questions: %m");
1275
d9f9b8ce 1276 if (q->question_bypass) {
ae55c9c0
LP		 1277 _cleanup_(dns_question_unrefp) DnsQuestion *merged2 = NULL;
1278
d9f9b8ce 1279 r = dns_question_merge(merged, q->question_bypass->question, &merged2);
ae55c9c0
LP		 1280 if (r < 0)
1281 return log_error_errno(r, "Failed to merge UTF8/IDNA questions and DNS packet question: %m");
1282
1283 dns_question_unref(merged);
1284 merged = TAKE_PTR(merged2);
1285 }
1286
72c2d39e
LP		 1287 /* Convert the current primary question to JSON */
1288 r = dns_question_to_json(merged, &jquestion);
1289 if (r < 0)
1290 return log_error_errno(r, "Failed to convert question to JSON: %m");
cb456374 1291
64ebc0da 1292 /* Generate a JSON array of the questions preceding the current one in the CNAME chain */
d9f9b8ce 1293 r = dns_question_to_json(q->collected_questions, &jcollected_questions);
72c2d39e
LP		 1294 if (r < 0)
1295 return log_error_errno(r, "Failed to convert question to JSON: %m");
1296
d9f9b8ce 1297 DNS_ANSWER_FOREACH_ITEM(rri, q->answer) {
309a747f 1298 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
72c2d39e
LP		 1299
1300 r = dns_resource_record_to_json(rri->rr, &v);
cb456374 1301 if (r < 0)
72c2d39e 1302 return log_error_errno(r, "Failed to convert answer resource record to JSON: %m");
cb456374 1303
72c2d39e
LP		 1304 r = dns_resource_record_to_wire_format(rri->rr, /* canonical= */ false); /* don't use DNSSEC canonical format, since it removes casing, but we want that for DNS_SD compat */
1305 if (r < 0)
1306 return log_error_errno(r, "Failed to generate RR wire format: %m");
cb456374 1307
be5bee2a 1308 r = sd_json_variant_append_arraybo(
c91f581c 1309 &janswer,
be5bee2a 1310 SD_JSON_BUILD_PAIR_CONDITION(!!v, "rr", SD_JSON_BUILD_VARIANT(v)),
2a3f0540 1311 SD_JSON_BUILD_PAIR_BASE64("raw", rri->rr->wire_format, rri->rr->wire_format_size),
be5bee2a 1312 SD_JSON_BUILD_PAIR_CONDITION(rri->ifindex > 0, "ifindex", SD_JSON_BUILD_INTEGER(rri->ifindex)));
72c2d39e
LP		 1313 if (r < 0)
1314 return log_debug_errno(r, "Failed to append notification entry to array: %m");
1315 }
cb456374 1316
05f47839 1317 r = varlink_many_notifybo(
cf22b5c5 1318 m->varlink_query_results_subscription,
2a3f0540 1319 SD_JSON_BUILD_PAIR_STRING("state", dns_transaction_state_to_string(q->state)),
05f47839
LP		 1320 SD_JSON_BUILD_PAIR_CONDITION(q->state == DNS_TRANSACTION_DNSSEC_FAILED,
1321 "result", SD_JSON_BUILD_STRING(dnssec_result_to_string(q->answer_dnssec_result))),
1322 SD_JSON_BUILD_PAIR_CONDITION(q->state == DNS_TRANSACTION_RCODE_FAILURE,
1323 "rcode", SD_JSON_BUILD_INTEGER(q->answer_rcode)),
1324 SD_JSON_BUILD_PAIR_CONDITION(q->state == DNS_TRANSACTION_ERRNO,
1325 "errno", SD_JSON_BUILD_INTEGER(q->answer_errno)),
1326 SD_JSON_BUILD_PAIR_CONDITION(IN_SET(q->state,
1327 DNS_TRANSACTION_DNSSEC_FAILED,
1328 DNS_TRANSACTION_RCODE_FAILURE) &&
1329 q->answer_ede_rcode >= 0,
1330 "extendedDNSErrorCode", SD_JSON_BUILD_INTEGER(q->answer_ede_rcode)),
1331 SD_JSON_BUILD_PAIR_CONDITION(IN_SET(q->state,
1332 DNS_TRANSACTION_DNSSEC_FAILED,
1333 DNS_TRANSACTION_RCODE_FAILURE) &&
1334 q->answer_ede_rcode >= 0 && !isempty(q->answer_ede_msg),
1335 "extendedDNSErrorMessage", SD_JSON_BUILD_STRING(q->answer_ede_msg)),
2a3f0540 1336 SD_JSON_BUILD_PAIR_VARIANT("question", jquestion),
05f47839
LP		 1337 SD_JSON_BUILD_PAIR_CONDITION(!!jcollected_questions,
1338 "collectedQuestions", SD_JSON_BUILD_VARIANT(jcollected_questions)),
1339 SD_JSON_BUILD_PAIR_CONDITION(!!janswer,
be5bee2a 1340 "answer", SD_JSON_BUILD_VARIANT(janswer)));
05f47839
LP		 1341 if (r < 0)
1342 log_debug_errno(r, "Failed to send monitor event, ignoring: %m");
72c2d39e 1343
cb456374
SK		 1344 return 0;
1345}
1346
b30bf55d
LP		 1347int manager_send(
1348 Manager *m,
1349 int fd,
1350 int ifindex,
1351 int family,
1352 const union in_addr_union *destination,
1353 uint16_t port,
1354 const union in_addr_union *source,
1355 DnsPacket *p) {
1356
1716f6dc
LP		 1357 assert(m);
1358 assert(fd >= 0);
b30bf55d 1359 assert(destination);
1716f6dc
LP		 1360 assert(port > 0);
1361 assert(p);
1362
614af79c
YW		 1363 /* For mDNS, it is natural that the packet have truncated flag when we have many known answers. */
1364 bool truncated = DNS_PACKET_TC(p) && (p->protocol != DNS_PROTOCOL_MDNS || !p->more);
1365
76f77229 1366 log_debug("Sending %s%s packet with id %" PRIu16 " on interface %i/%s of size %zu.",
614af79c 1367 truncated ? "truncated (!) " : "",
76f77229
LP		 1368 DNS_PACKET_QR(p) ? "response" : "query",
1369 DNS_PACKET_ID(p),
1370 ifindex, af_to_name(family),
1371 p->size);
a2a416f7 1372
1716f6dc 1373 if (family == AF_INET)
25270cf3 1374 return manager_ipv4_send(m, fd, ifindex, &destination->in, port, source ? &source->in : NULL, p);
2817157b 1375 if (family == AF_INET6)
25270cf3 1376 return manager_ipv6_send(m, fd, ifindex, &destination->in6, port, source ? &source->in6 : NULL, p);
1716f6dc
LP		 1377
1378 return -EAFNOSUPPORT;
1379}
1380
e1c95994
LP		 1381uint32_t manager_find_mtu(Manager *m) {
1382 uint32_t mtu = 0;
1383 Link *l;
e1c95994 1384
5a0d0b8f 1385 /* If we don't know on which link a DNS packet would be delivered, let's find the largest MTU that
4301cb32 1386 * works on all interfaces we know of that have an IP address associated */
e1c95994 1387
90e74a66 1388 HASHMAP_FOREACH(l, m->links) {
5a0d0b8f
LP		 1389 /* Let's filter out links without IP addresses (e.g. AF_CAN links and suchlike) */
1390 if (!l->addresses)
1391 continue;
1392
1393 /* Safety check: MTU shorter than what we need for the absolutely shortest DNS request? Then
1394 * let's ignore this link. */
1395 if (l->mtu < MIN(UDP4_PACKET_HEADER_SIZE + DNS_PACKET_HEADER_SIZE,
1396 UDP6_PACKET_HEADER_SIZE + DNS_PACKET_HEADER_SIZE))
e1c95994
LP		 1397 continue;
1398
1399 if (mtu <= 0 || l->mtu < mtu)
1400 mtu = l->mtu;
1401 }
1402
5a0d0b8f
LP		 1403 if (mtu == 0) /* found nothing? then let's assume the typical Ethernet MTU for lack of anything more precise */
1404 return 1500;
1405
e1c95994
LP		 1406 return mtu;
1407}
1716f6dc 1408
623a4c97 1409int manager_find_ifindex(Manager *m, int family, const union in_addr_union *in_addr) {
ec2c5e43
LP		 1410 LinkAddress *a;
1411
1412 assert(m);
1413
bb3b08ad
YW		 1414 if (!IN_SET(family, AF_INET, AF_INET6))
1415 return 0;
1416
1417 if (!in_addr)
1418 return 0;
1419
4e945a6f 1420 a = manager_find_link_address(m, family, in_addr);
ec2c5e43
LP		 1421 if (a)
1422 return a->link->ifindex;
1423
1424 return 0;
1425}
1426
eb60f9cd 1427void manager_refresh_rrs(Manager *m) {
eb60f9cd 1428 Link *l;
108bd5c2 1429 DnssdRegisteredService *s;
eb60f9cd
LP		 1430
1431 assert(m);
1432
78c6a153
LP		 1433 m->llmnr_host_ipv4_key = dns_resource_key_unref(m->llmnr_host_ipv4_key);
1434 m->llmnr_host_ipv6_key = dns_resource_key_unref(m->llmnr_host_ipv6_key);
400cb36e
DR		 1435 m->mdns_host_ipv4_key = dns_resource_key_unref(m->mdns_host_ipv4_key);
1436 m->mdns_host_ipv6_key = dns_resource_key_unref(m->mdns_host_ipv6_key);
eb60f9cd 1437
ee3713b7
RB		 1438 HASHMAP_FOREACH(l, m->links)
1439 link_add_rrs(l, true);
1440
6db6a464 1441 if (m->mdns_support == RESOLVE_SUPPORT_YES)
108bd5c2 1442 HASHMAP_FOREACH(s, m->dnssd_registered_services)
6db6a464 1443 if (dnssd_update_rrs(s) < 0)
0ef0e269 1444 log_warning("Failed to refresh DNS-SD service '%s'", s->id);
6db6a464 1445
ee3713b7 1446 HASHMAP_FOREACH(l, m->links)
eb60f9cd 1447 link_add_rrs(l, false);
eb60f9cd
LP		 1448}
1449
e7c1b0e4 1450static int manager_next_random_name(const char *old, char **ret_new) {
ec2c5e43 1451 const char *p;
556a2294 1452 uint64_t u, a;
e7c1b0e4 1453 char *n;
623a4c97 1454
e7c1b0e4 1455 p = strchr(old, 0);
ec2c5e43
LP		 1456 assert(p);
1457
e7c1b0e4 1458 while (p > old) {
ff25d338 1459 if (!ascii_isdigit(p[-1]))
ec2c5e43
LP		 1460 break;
1461
1462 p--;
1463 }
1464
1465 if (*p == 0 || safe_atou64(p, &u) < 0 || u <= 0)
1466 u = 1;
1467
556a2294
LP		 1468 /* Add a random number to the old value. This way we can avoid
1469 * that two hosts pick the same hostname, win on IPv4 and lose
1470 * on IPv6 (or vice versa), and pick the same hostname
1471 * replacement hostname, ad infinitum. We still want the
1472 * numbers to go up monotonically, hence we just add a random
1473 * value 1..10 */
1474
1475 random_bytes(&a, sizeof(a));
1476 u += 1 + a % 10;
ec2c5e43 1477
e7c1b0e4 1478 if (asprintf(&n, "%.*s%" PRIu64, (int) (p - old), old, u) < 0)
ec2c5e43
LP		 1479 return -ENOMEM;
1480
e7c1b0e4
DR		 1481 *ret_new = n;
1482
1483 return 0;
1484}
1485
1486int manager_next_hostname(Manager *m) {
1487 _cleanup_free_ char *h = NULL, *k = NULL;
1488 int r;
1489
1490 assert(m);
1491
1492 r = manager_next_random_name(m->llmnr_hostname, &h);
1493 if (r < 0)
1494 return r;
1495
7470cc4c 1496 r = dns_name_concat(h, "local", 0, &k);
e7c1b0e4 1497 if (r < 0)
78c6a153 1498 return r;
78c6a153
LP		 1499
1500 log_info("Hostname conflict, changing published hostname from '%s' to '%s'.", m->llmnr_hostname, h);
1501
e7c1b0e4
DR		 1502 free_and_replace(m->llmnr_hostname, h);
1503 free_and_replace(m->mdns_hostname, k);
ec2c5e43 1504
eb60f9cd 1505 manager_refresh_rrs(m);
86c0411e 1506 (void) manager_send_changed(m, "LLMNRHostname");
623a4c97
LP		 1507
1508 return 0;
1509}
ec2c5e43 1510
4e945a6f 1511LinkAddress* manager_find_link_address(Manager *m, int family, const union in_addr_union *in_addr) {
ec2c5e43
LP		 1512 Link *l;
1513
1514 assert(m);
1515
bb3b08ad
YW		 1516 if (!IN_SET(family, AF_INET, AF_INET6))
1517 return NULL;
1518
1519 if (!in_addr)
1520 return NULL;
1521
90e74a66 1522 HASHMAP_FOREACH(l, m->links) {
ec2c5e43
LP		 1523 LinkAddress *a;
1524
1525 a = link_find_address(l, family, in_addr);
1526 if (a)
1527 return a;
1528 }
1529
1530 return NULL;
1531}
1532
94378145 1533bool manager_packet_from_local_address(Manager *m, DnsPacket *p) {
ec2c5e43
LP		 1534 assert(m);
1535 assert(p);
1536
94378145
LP		 1537 /* Let's see if this packet comes from an IP address we have on any local interface */
1538
4e945a6f 1539 return !!manager_find_link_address(m, p->family, &p->sender);
ec2c5e43 1540}
4e945a6f 1541
a9fd8837
LP		 1542bool manager_packet_from_our_transaction(Manager *m, DnsPacket *p) {
1543 DnsTransaction *t;
1544
1545 assert(m);
1546 assert(p);
1547
1548 /* Let's see if we have a transaction with a query message with the exact same binary contents as the
1549 * one we just got. If so, it's almost definitely a packet loop of some kind. */
1550
1551 t = hashmap_get(m->dns_transactions, UINT_TO_PTR(DNS_PACKET_ID(p)));
1552 if (!t)
1553 return false;
1554
1555 return t->sent && dns_packet_equal(t->sent, p);
1556}
1557
8458b7fb 1558DnsScope* manager_find_scope_from_protocol(Manager *m, int ifindex, DnsProtocol protocol, int family) {
a4076574
LP		 1559 Link *l;
1560
1561 assert(m);
a4076574 1562
8458b7fb 1563 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
a4076574
LP		 1564 if (!l)
1565 return NULL;
1566
8458b7fb 1567 switch (protocol) {
b4f1862d 1568 case DNS_PROTOCOL_LLMNR:
8458b7fb 1569 if (family == AF_INET)
a4076574 1570 return l->llmnr_ipv4_scope;
8458b7fb 1571 else if (family == AF_INET6)
a4076574 1572 return l->llmnr_ipv6_scope;
b4f1862d
DM		 1573
1574 break;
1575
1576 case DNS_PROTOCOL_MDNS:
8458b7fb 1577 if (family == AF_INET)
b4f1862d 1578 return l->mdns_ipv4_scope;
8458b7fb 1579 else if (family == AF_INET6)
b4f1862d
DM		 1580 return l->mdns_ipv6_scope;
1581
1582 break;
1583
1584 default:
5c9feb2d 1585 ;
a4076574
LP		 1586 }
1587
1588 return NULL;
1589}
1590
902bb5d8 1591void manager_verify_all(Manager *m) {
902bb5d8
LP		 1592 assert(m);
1593
1594 LIST_FOREACH(scopes, s, m->dns_scopes)
1595 dns_zone_verify_all(&s->zone);
1596}
1597
78c6a153 1598int manager_is_own_hostname(Manager *m, const char *name) {
78c6a153
LP		 1599 int r;
1600
1601 assert(m);
1602 assert(name);
1603
1604 if (m->llmnr_hostname) {
1605 r = dns_name_equal(name, m->llmnr_hostname);
1606 if (r != 0)
1607 return r;
1608 }
1609
e96de0ce
LP		 1610 if (m->mdns_hostname) {
1611 r = dns_name_equal(name, m->mdns_hostname);
1612 if (r != 0)
1613 return r;
1614 }
1615
1616 if (m->full_hostname)
1617 return dns_name_equal(name, m->full_hostname);
78c6a153
LP		 1618
1619 return 0;
1620}
1621
6a9f0641 1622int manager_compile_dns_servers(Manager *m, OrderedSet **servers) {
9176a57c
LP		 1623 Link *l;
1624 int r;
1625
1626 assert(m);
6a9f0641 1627 assert(servers);
9176a57c 1628
6a9f0641 1629 r = ordered_set_ensure_allocated(servers, &dns_server_hash_ops);
9176a57c
LP		 1630 if (r < 0)
1631 return r;
1632
1633 /* First add the system-wide servers and domains */
1634 LIST_FOREACH(servers, s, m->dns_servers) {
6a9f0641 1635 r = ordered_set_put(*servers, s);
9176a57c
LP		 1636 if (r == -EEXIST)
1637 continue;
1638 if (r < 0)
1639 return r;
1640 }
1641
1642 /* Then, add the per-link servers */
7928c0e0 1643 HASHMAP_FOREACH(l, m->links)
9176a57c 1644 LIST_FOREACH(servers, s, l->dns_servers) {
6a9f0641 1645 r = ordered_set_put(*servers, s);
9176a57c
LP		 1646 if (r == -EEXIST)
1647 continue;
1648 if (r < 0)
1649 return r;
1650 }
7928c0e0
LP		 1651
1652 /* Third, add the delegate servers and domains */
1653 DnsDelegate *d;
1654 HASHMAP_FOREACH(d, m->delegates)
1655 LIST_FOREACH(servers, s, d->dns_servers) {
6a9f0641 1656 r = ordered_set_put(*servers, s);
7928c0e0
LP		 1657 if (r == -EEXIST)
1658 continue;
1659 if (r < 0)
1660 return r;
1661 }
9176a57c
LP		 1662
1663 /* If we found nothing, add the fallback servers */
6a9f0641 1664 if (ordered_set_isempty(*servers)) {
9176a57c 1665 LIST_FOREACH(servers, s, m->fallback_dns_servers) {
6a9f0641 1666 r = ordered_set_put(*servers, s);
9176a57c
LP		 1667 if (r == -EEXIST)
1668 continue;
1669 if (r < 0)
1670 return r;
1671 }
1672 }
1673
1674 return 0;
1675}
1676
94363cbb
MP		 1677/* filter_route is a tri-state:
1678 * < 0: no filtering
1679 * = 0 or false: return only domains which should be used for searching
1680 * > 0 or true: return only domains which are for routing only
1681 */
6f7da49d 1682int manager_compile_search_domains(Manager *m, OrderedSet **domains, int filter_route) {
9176a57c
LP		 1683 int r;
1684
1685 assert(m);
1686 assert(domains);
1687
1688 r = ordered_set_ensure_allocated(domains, &dns_name_hash_ops);
1689 if (r < 0)
1690 return r;
1691
1692 LIST_FOREACH(domains, d, m->search_domains) {
6f7da49d
LP		 1693
1694 if (filter_route >= 0 &&
1695 d->route_only != !!filter_route)
1696 continue;
1697
9176a57c
LP		 1698 r = ordered_set_put(*domains, d->name);
1699 if (r == -EEXIST)
1700 continue;
1701 if (r < 0)
1702 return r;
1703 }
1704
7928c0e0
LP		 1705 DnsDelegate *delegate;
1706 HASHMAP_FOREACH(delegate, m->delegates)
1707 LIST_FOREACH(domains, d, delegate->search_domains) {
1708
1709 if (filter_route >= 0 &&
1710 d->route_only != !!filter_route)
1711 continue;
1712
1713 r = ordered_set_put(*domains, d->name);
1714 if (r == -EEXIST)
1715 continue;
1716 if (r < 0)
1717 return r;
1718 }
9176a57c 1719
7928c0e0
LP		 1720 Link *l;
1721 HASHMAP_FOREACH(l, m->links)
9176a57c 1722 LIST_FOREACH(domains, d, l->search_domains) {
6f7da49d
LP		 1723
1724 if (filter_route >= 0 &&
1725 d->route_only != !!filter_route)
1726 continue;
1727
9176a57c
LP		 1728 r = ordered_set_put(*domains, d->name);
1729 if (r == -EEXIST)
1730 continue;
1731 if (r < 0)
1732 return r;
1733 }
9176a57c
LP		 1734
1735 return 0;
1736}
c69fa7e3
LP		 1737
1738DnssecMode manager_get_dnssec_mode(Manager *m) {
1739 assert(m);
1740
1741 if (m->dnssec_mode != _DNSSEC_MODE_INVALID)
1742 return m->dnssec_mode;
1743
1744 return DNSSEC_NO;
1745}
1746
1747bool manager_dnssec_supported(Manager *m) {
1748 DnsServer *server;
c69fa7e3
LP		 1749 Link *l;
1750
1751 assert(m);
1752
1753 if (manager_get_dnssec_mode(m) == DNSSEC_NO)
1754 return false;
1755
1756 server = manager_get_dns_server(m);
1757 if (server && !dns_server_dnssec_supported(server))
1758 return false;
1759
90e74a66 1760 HASHMAP_FOREACH(l, m->links)
c69fa7e3
LP		 1761 if (!link_dnssec_supported(l))
1762 return false;
1763
1764 return true;
1765}
59c5b597 1766
c9299be2 1767DnsOverTlsMode manager_get_dns_over_tls_mode(Manager *m) {
5d67a7ae
IT		 1768 assert(m);
1769
c9299be2
IT		 1770 if (m->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
1771 return m->dns_over_tls_mode;
5d67a7ae 1772
c9299be2 1773 return DNS_OVER_TLS_NO;
5d67a7ae
IT		 1774}
1775
59c5b597
LP		 1776void manager_dnssec_verdict(Manager *m, DnssecVerdict verdict, const DnsResourceKey *key) {
1777
1778 assert(verdict >= 0);
1779 assert(verdict < _DNSSEC_VERDICT_MAX);
1780
f1d34068 1781 if (DEBUG_LOGGING) {
202b76ae 1782 char s[DNS_RESOURCE_KEY_STRING_MAX];
59c5b597 1783
202b76ae
ZJS		 1784 log_debug("Found verdict for lookup %s: %s",
1785 dns_resource_key_to_string(key, s, sizeof s),
1786 dnssec_verdict_to_string(verdict));
59c5b597
LP		 1787 }
1788
1789 m->n_dnssec_verdict[verdict]++;
1790}
011696f7 1791
de4a0138 1792bool manager_routable(Manager *m) {
011696f7
LP		 1793 Link *l;
1794
1795 assert(m);
1796
de4a0138 1797 /* Returns true if the host has at least one interface with a routable address (regardless if IPv4 or IPv6) */
011696f7 1798
90e74a66 1799 HASHMAP_FOREACH(l, m->links)
de4a0138 1800 if (link_relevant(l, AF_UNSPEC, false))
011696f7
LP		 1801 return true;
1802
1803 return false;
1804}
ba35662f 1805
90df0fbe 1806void manager_flush_caches(Manager *m, int log_level) {
ba35662f
LP		 1807 assert(m);
1808
1809 LIST_FOREACH(scopes, scope, m->dns_scopes)
1810 dns_cache_flush(&scope->cache);
aac57b35 1811
8458b7fb
VCS		 1812 dns_browse_services_purge(m, AF_UNSPEC); /* Clear records of DNS service browse subscriber, since caches are flushed */
1813 dns_browse_services_restart(m);
1814
90df0fbe 1815 log_full(log_level, "Flushed all caches.");
ba35662f 1816}
943ef07c 1817
59c0fd0e 1818void manager_reset_server_features(Manager *m) {
59c0fd0e
LP		 1819
1820 dns_server_reset_features_all(m->dns_servers);
1821 dns_server_reset_features_all(m->fallback_dns_servers);
1822
7928c0e0 1823 Link *l;
90e74a66 1824 HASHMAP_FOREACH(l, m->links)
59c0fd0e
LP		 1825 dns_server_reset_features_all(l->dns_servers);
1826
7928c0e0
LP		 1827 DnsDelegate *d;
1828 HASHMAP_FOREACH(d, m->delegates)
1829 dns_server_reset_features_all(d->dns_servers);
1830
59c0fd0e
LP		 1831 log_info("Resetting learnt feature levels on all servers.");
1832}
1833
943ef07c
LP		 1834void manager_cleanup_saved_user(Manager *m) {
1835 _cleanup_closedir_ DIR *d = NULL;
943ef07c
LP		 1836
1837 assert(m);
1838
1839 /* Clean up all saved per-link files in /run/systemd/resolve/netif/ that don't have a matching interface
1840 * anymore. These files are created to persist settings pushed in by the user via the bus, so that resolved can
1841 * be restarted without losing this data. */
1842
1843 d = opendir("/run/systemd/resolve/netif/");
1844 if (!d) {
1845 if (errno == ENOENT)
1846 return;
1847
1848 log_warning_errno(errno, "Failed to open interface directory: %m");
1849 return;
1850 }
1851
1852 FOREACH_DIRENT_ALL(de, d, log_error_errno(errno, "Failed to read interface directory: %m")) {
943ef07c
LP		 1853 int ifindex;
1854 Link *l;
1855
1856 if (!IN_SET(de->d_type, DT_UNKNOWN, DT_REG))
1857 continue;
1858
49bfc877 1859 if (dot_or_dot_dot(de->d_name))
943ef07c
LP		 1860 continue;
1861
597da51b
ZJS		 1862 ifindex = parse_ifindex(de->d_name);
1863 if (ifindex < 0) /* Probably some temporary file from a previous run. Delete it */
943ef07c
LP		 1864 goto rm;
1865
1866 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
1867 if (!l) /* link vanished */
1868 goto rm;
1869
1870 if (l->is_managed) /* now managed by networkd, hence the bus settings are useless */
1871 goto rm;
1872
1873 continue;
1874
1875 rm:
368051ee
LP		 1876 if (unlinkat(dirfd(d), de->d_name, 0) < 0)
1877 log_warning_errno(errno, "Failed to remove left-over interface configuration file '%s', ignoring: %m", de->d_name);
943ef07c
LP		 1878 }
1879}
e7c1b0e4
DR		 1880
1881bool manager_next_dnssd_names(Manager *m) {
108bd5c2 1882 DnssdRegisteredService *s;
e7c1b0e4
DR		 1883 bool tried = false;
1884 int r;
1885
1886 assert(m);
1887
108bd5c2 1888 HASHMAP_FOREACH(s, m->dnssd_registered_services) {
e7c1b0e4
DR		 1889 _cleanup_free_ char * new_name = NULL;
1890
1891 if (!s->withdrawn)
1892 continue;
1893
1894 r = manager_next_random_name(s->name_template, &new_name);
1895 if (r < 0) {
0ef0e269 1896 log_warning_errno(r, "Failed to get new name for service '%s': %m", s->id);
e7c1b0e4
DR		 1897 continue;
1898 }
1899
1900 free_and_replace(s->name_template, new_name);
1901
1902 s->withdrawn = false;
1903
1904 tried = true;
1905 }
1906
1907 if (tried)
1908 manager_refresh_rrs(m);
1909
1910 return tried;
1911}
49ef064c 1912
281df579 1913bool manager_server_is_stub(Manager *m, DnsServer *s) {
49ef064c
LP		 1914 DnsStubListenerExtra *l;
1915
1916 assert(m);
281df579 1917 assert(s);
49ef064c
LP		 1918
1919 /* Safety check: we generally already skip the main stub when parsing configuration. But let's be
1920 * extra careful, and check here again */
281df579
LP		 1921 if (s->family == AF_INET &&
1922 s->address.in.s_addr == htobe32(INADDR_DNS_STUB) &&
1923 dns_server_port(s) == 53)
49ef064c
LP		 1924 return true;
1925
1926 /* Main reason to call this is to check server data against the extra listeners, and filter things
1927 * out. */
1928 ORDERED_SET_FOREACH(l, m->dns_extra_stub_listeners)
281df579
LP		 1929 if (s->family == l->family &&
1930 in_addr_equal(s->family, &s->address, &l->address) &&
1931 dns_server_port(s) == dns_stub_listener_extra_port(l))
49ef064c
LP		 1932 return true;
1933
1934 return false;
1935}
eb170e75
LP		 1936
1937int socket_disable_pmtud(int fd, int af) {
1938 int r;
1939
1940 assert(fd >= 0);
1941
1942 if (af == AF_UNSPEC) {
5f64d2bf
LP		 1943 af = socket_get_family(fd);
1944 if (af < 0)
1945 return af;
eb170e75
LP		 1946 }
1947
1948 switch (af) {
1949
1950 case AF_INET: {
1951 /* Turn off path MTU discovery, let's rather fragment on the way than to open us up against
1952 * PMTU forgery vulnerabilities.
1953 *
1954 * There appears to be no documentation about IP_PMTUDISC_OMIT, but it has the effect that
1955 * the "Don't Fragment" bit in the IPv4 header is turned off, thus enforcing fragmentation if
1956 * our datagram size exceeds the MTU of a router in the path, and turning off path MTU
1957 * discovery.
1958 *
1959 * This helps mitigating the PMTUD vulnerability described here:
1960 *
1961 * https://blog.apnic.net/2019/07/12/its-time-to-consider-avoiding-ip-fragmentation-in-the-dns/
1962 *
1963 * Similar logic is in place in most DNS servers.
1964 *
1965 * There are multiple conflicting goals: we want to allow the largest datagrams possible (for
1966 * efficiency reasons), but not have fragmentation (for security reasons), nor use PMTUD (for
1967 * security reasons, too). Our strategy to deal with this is: use large packets, turn off
1968 * PMTUD, but watch fragmentation taking place, and then size our packets to the max of the
1969 * fragments seen — and if we need larger packets always go to TCP.
1970 */
1971
1972 r = setsockopt_int(fd, IPPROTO_IP, IP_MTU_DISCOVER, IP_PMTUDISC_OMIT);
1973 if (r < 0)
1974 return r;
1975
1976 return 0;
1977 }
1978
1979 case AF_INET6: {
1980 /* On IPv6 fragmentation only is done by the sender — never by routers on the path. PMTUD is
1981 * mandatory. If we want to turn off PMTUD, the only way is by sending with minimal MTU only,
1982 * so that we apply maximum fragmentation locally already, and thus PMTUD doesn't happen
1983 * because there's nothing that could be fragmented further anymore. */
1984
1985 r = setsockopt_int(fd, IPPROTO_IPV6, IPV6_MTU, IPV6_MIN_MTU);
1986 if (r < 0)
1987 return r;
1988
1989 return 0;
1990 }
1991
1992 default:
1993 return -EAFNOSUPPORT;
1994 }
1995}
bc837621 1996
309a747f 1997int dns_manager_dump_statistics_json(Manager *m, sd_json_variant **ret) {
bc837621
KV		 1998 uint64_t size = 0, hit = 0, miss = 0;
1999
2000 assert(m);
2001 assert(ret);
2002
2003 LIST_FOREACH(scopes, s, m->dns_scopes) {
2004 size += dns_cache_size(&s->cache);
2005 hit += s->cache.n_hit;
2006 miss += s->cache.n_miss;
2007 }
2008
be5bee2a
LP		 2009 return sd_json_buildo(ret,
2010 SD_JSON_BUILD_PAIR("transactions", SD_JSON_BUILD_OBJECT(
2011 SD_JSON_BUILD_PAIR_UNSIGNED("currentTransactions", hashmap_size(m->dns_transactions)),
2012 SD_JSON_BUILD_PAIR_UNSIGNED("totalTransactions", m->n_transactions_total),
2013 SD_JSON_BUILD_PAIR_UNSIGNED("totalTimeouts", m->n_timeouts_total),
2014 SD_JSON_BUILD_PAIR_UNSIGNED("totalTimeoutsServedStale", m->n_timeouts_served_stale_total),
2015 SD_JSON_BUILD_PAIR_UNSIGNED("totalFailedResponses", m->n_failure_responses_total),
2016 SD_JSON_BUILD_PAIR_UNSIGNED("totalFailedResponsesServedStale", m->n_failure_responses_served_stale_total)
2017 )),
2018 SD_JSON_BUILD_PAIR("cache", SD_JSON_BUILD_OBJECT(
2019 SD_JSON_BUILD_PAIR_UNSIGNED("size", size),
2020 SD_JSON_BUILD_PAIR_UNSIGNED("hits", hit),
2021 SD_JSON_BUILD_PAIR_UNSIGNED("misses", miss)
2022 )),
2023 SD_JSON_BUILD_PAIR("dnssec", SD_JSON_BUILD_OBJECT(
2024 SD_JSON_BUILD_PAIR_UNSIGNED("secure", m->n_dnssec_verdict[DNSSEC_SECURE]),
2025 SD_JSON_BUILD_PAIR_UNSIGNED("insecure", m->n_dnssec_verdict[DNSSEC_INSECURE]),
2026 SD_JSON_BUILD_PAIR_UNSIGNED("bogus", m->n_dnssec_verdict[DNSSEC_BOGUS]),
2027 SD_JSON_BUILD_PAIR_UNSIGNED("indeterminate", m->n_dnssec_verdict[DNSSEC_INDETERMINATE])
2028 )));
bc837621
KV		 2029}
2030
a67e5c6e 2031void dns_manager_reset_statistics(Manager *m) {
bc837621
KV		 2032
2033 assert(m);
2034
2035 LIST_FOREACH(scopes, s, m->dns_scopes)
2036 s->cache.n_hit = s->cache.n_miss = 0;
2037
2038 m->n_transactions_total = 0;
2039 m->n_timeouts_total = 0;
2040 m->n_timeouts_served_stale_total = 0;
2041 m->n_failure_responses_total = 0;
2042 m->n_failure_responses_served_stale_total = 0;
2043 zero(m->n_dnssec_verdict);
2044}
54401c6f
NR		 2045
2046static int dns_configuration_json_append(
2047 const char *ifname,
2048 int ifindex,
34be1fad 2049 const char *delegate,
54401c6f
NR		 2050 int default_route,
2051 DnsServer *current_dns_server,
2052 DnsServer *dns_servers,
f5d5ef9c 2053 DnsServer *fallback_dns_servers,
54401c6f 2054 DnsSearchDomain *search_domains,
a80f9291 2055 Set *negative_trust_anchors,
306375c3 2056 Set *dns_scopes,
ed4d43f8
NR		 2057 DnssecMode dnssec_mode,
2058 DnsOverTlsMode dns_over_tls_mode,
2059 ResolveSupport llmnr_support,
2060 ResolveSupport mdns_support,
9f9264e3 2061 ResolvConfMode resolv_conf_mode,
54401c6f
NR		 2062 sd_json_variant **configuration) {
2063
2064 _cleanup_(sd_json_variant_unrefp) sd_json_variant *dns_servers_json = NULL,
f5d5ef9c 2065 *fallback_dns_servers_json = NULL,
54401c6f 2066 *search_domains_json = NULL,
306375c3
NR		 2067 *current_dns_server_json = NULL,
2068 *scopes_json = NULL;
2069 DnsScope *scope;
54401c6f
NR		 2070 int r;
2071
2072 assert(configuration);
2073
306375c3
NR		 2074 SET_FOREACH(scope, dns_scopes) {
2075 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
2076
6f841e58 2077 r = dns_scope_to_json(scope, /* with_cache= */ false, &v);
306375c3
NR		 2078 if (r < 0)
2079 return r;
2080
2081 r = sd_json_variant_append_array(&scopes_json, v);
2082 if (r < 0)
2083 return r;
2084 }
2085
54401c6f
NR		 2086 LIST_FOREACH(servers, s, dns_servers) {
2087 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
2088
54401c6f
NR		 2089 r = dns_server_dump_configuration_to_json(s, &v);
2090 if (r < 0)
2091 return r;
2092
2093 r = sd_json_variant_append_array(&dns_servers_json, v);
2094 if (r < 0)
2095 return r;
2096 }
2097
2098 LIST_FOREACH(domains, d, search_domains) {
2099 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
2100
54401c6f
NR		 2101 r = dns_search_domain_dump_to_json(d, &v);
2102 if (r < 0)
2103 return r;
2104
2105 r = sd_json_variant_append_array(&search_domains_json, v);
2106 if (r < 0)
2107 return r;
2108 }
2109
f5d5ef9c
NR		 2110 LIST_FOREACH(servers, s, fallback_dns_servers) {
2111 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
2112
f5d5ef9c
NR		 2113 r = dns_server_dump_configuration_to_json(s, &v);
2114 if (r < 0)
2115 return r;
2116
2117 r = sd_json_variant_append_array(&fallback_dns_servers_json, v);
2118 if (r < 0)
2119 return r;
2120 }
2121
54401c6f
NR		 2122 return sd_json_variant_append_arraybo(
2123 configuration,
2124 JSON_BUILD_PAIR_STRING_NON_EMPTY("ifname", ifname),
2125 SD_JSON_BUILD_PAIR_CONDITION(ifindex > 0, "ifindex", SD_JSON_BUILD_UNSIGNED(ifindex)),
34be1fad 2126 JSON_BUILD_PAIR_STRING_NON_EMPTY("delegate", delegate),
a37239d0 2127 JSON_BUILD_PAIR_TRISTATE_NON_NULL("defaultRoute", default_route),
54401c6f
NR		 2128 JSON_BUILD_PAIR_VARIANT_NON_NULL("currentServer", current_dns_server_json),
2129 JSON_BUILD_PAIR_VARIANT_NON_NULL("servers", dns_servers_json),
f5d5ef9c 2130 JSON_BUILD_PAIR_VARIANT_NON_NULL("fallbackServers", fallback_dns_servers_json),
a80f9291
NR		 2131 JSON_BUILD_PAIR_VARIANT_NON_NULL("searchDomains", search_domains_json),
2132 SD_JSON_BUILD_PAIR_CONDITION(!set_isempty(negative_trust_anchors),
2133 "negativeTrustAnchors",
306375c3 2134 JSON_BUILD_STRING_SET(negative_trust_anchors)),
ed4d43f8
NR		 2135 JSON_BUILD_PAIR_STRING_NON_EMPTY("dnssec", dnssec_mode_to_string(dnssec_mode)),
2136 JSON_BUILD_PAIR_STRING_NON_EMPTY("dnsOverTLS", dns_over_tls_mode_to_string(dns_over_tls_mode)),
2137 JSON_BUILD_PAIR_STRING_NON_EMPTY("llmnr", resolve_support_to_string(llmnr_support)),
2138 JSON_BUILD_PAIR_STRING_NON_EMPTY("mDNS", resolve_support_to_string(mdns_support)),
9f9264e3 2139 JSON_BUILD_PAIR_STRING_NON_EMPTY("resolvConfMode", resolv_conf_mode_to_string(resolv_conf_mode)),
306375c3 2140 JSON_BUILD_PAIR_VARIANT_NON_NULL("scopes", scopes_json));
54401c6f
NR		 2141}
2142
994b3508 2143static int global_dns_configuration_json_append(Manager *m, sd_json_variant **configuration) {
306375c3
NR		 2144 _cleanup_set_free_ Set *scopes = NULL;
2145 int r;
2146
994b3508
NR		 2147 assert(m);
2148 assert(configuration);
2149
306375c3
NR		 2150 r = set_ensure_put(&scopes, NULL, m->unicast_scope);
2151 if (r < 0)
2152 return r;
2153
994b3508
NR		 2154 return dns_configuration_json_append(
2155 /* ifname = */ NULL,
2156 /* ifindex = */ 0,
34be1fad 2157 /* delegate = */ NULL,
a37239d0 2158 /* default_route = */ -1,
994b3508
NR		 2159 manager_get_dns_server(m),
2160 m->dns_servers,
f5d5ef9c 2161 m->fallback_dns_servers,
994b3508 2162 m->search_domains,
a80f9291 2163 m->trust_anchor.negative_by_name,
306375c3 2164 scopes,
ed4d43f8
NR		 2165 manager_get_dnssec_mode(m),
2166 manager_get_dns_over_tls_mode(m),
2167 m->llmnr_support,
2168 m->mdns_support,
9f9264e3 2169 resolv_conf_mode(),
994b3508
NR		 2170 configuration);
2171}
2172
2173static int link_dns_configuration_json_append(Link *l, sd_json_variant **configuration) {
306375c3
NR		 2174 _cleanup_set_free_ Set *scopes = NULL;
2175 int r;
2176
994b3508
NR		 2177 assert(l);
2178 assert(configuration);
2179
306375c3
NR		 2180 if (l->unicast_scope) {
2181 r = set_ensure_put(&scopes, NULL, l->unicast_scope);
2182 if (r < 0)
2183 return r;
2184 }
2185
2186 if (l->llmnr_ipv4_scope) {
2187 r = set_ensure_put(&scopes, NULL, l->llmnr_ipv4_scope);
2188 if (r < 0)
2189 return r;
2190 }
2191
2192 if (l->llmnr_ipv6_scope) {
2193 r = set_ensure_put(&scopes, NULL, l->llmnr_ipv6_scope);
2194 if (r < 0)
2195 return r;
2196 }
2197
2198 if (l->mdns_ipv4_scope) {
2199 r = set_ensure_put(&scopes, NULL, l->mdns_ipv4_scope);
2200 if (r < 0)
2201 return r;
2202 }
2203
2204 if (l->mdns_ipv6_scope) {
2205 r = set_ensure_put(&scopes, NULL, l->mdns_ipv6_scope);
2206 if (r < 0)
2207 return r;
2208 }
2209
994b3508
NR		 2210 return dns_configuration_json_append(
2211 l->ifname,
2212 l->ifindex,
34be1fad 2213 /* delegate = */ NULL,
994b3508
NR		 2214 link_get_default_route(l),
2215 link_get_dns_server(l),
2216 l->dns_servers,
f5d5ef9c 2217 /* fallback_dns_servers = */ NULL,
994b3508 2218 l->search_domains,
a80f9291 2219 l->dnssec_negative_trust_anchors,
306375c3 2220 scopes,
ed4d43f8
NR		 2221 link_get_dnssec_mode(l),
2222 link_get_dns_over_tls_mode(l),
2223 link_get_llmnr_support(l),
2224 link_get_mdns_support(l),
9f9264e3 2225 /* resolv_conf_mode = */ _RESOLV_CONF_MODE_INVALID,
994b3508
NR		 2226 configuration);
2227}
2228
34be1fad 2229static int delegate_dns_configuration_json_append(DnsDelegate *d, sd_json_variant **configuration) {
306375c3
NR		 2230 _cleanup_set_free_ Set *scopes = NULL;
2231 int r;
2232
34be1fad
NR		 2233 assert(d);
2234 assert(configuration);
2235
306375c3
NR		 2236 r = set_ensure_put(&scopes, NULL, d->scope);
2237 if (r < 0)
2238 return r;
2239
34be1fad
NR		 2240 return dns_configuration_json_append(
2241 /* ifname = */ NULL,
2242 /* ifindex = */ 0,
2243 d->id,
a37239d0 2244 d->default_route > 0, /* Defaults to false. See dns_scope_is_default_route(). */
34be1fad
NR		 2245 dns_delegate_get_dns_server(d),
2246 d->dns_servers,
f5d5ef9c 2247 /* fallback_dns_servers = */ NULL,
34be1fad 2248 d->search_domains,
a80f9291 2249 /* negative_trust_anchors = */ NULL,
306375c3 2250 scopes,
ed4d43f8
NR		 2251 /* dnssec_mode = */ _DNSSEC_MODE_INVALID,
2252 /* dns_over_tls_mode = */ _DNS_OVER_TLS_MODE_INVALID,
2253 /* llmnr_support = */ _RESOLVE_SUPPORT_INVALID,
2254 /* mdns_support = */ _RESOLVE_SUPPORT_INVALID,
9f9264e3 2255 /* resolv_conf_mode = */ _RESOLV_CONF_MODE_INVALID,
34be1fad
NR		 2256 configuration);
2257}
2258
54401c6f
NR		 2259int manager_dump_dns_configuration_json(Manager *m, sd_json_variant **ret) {
2260 _cleanup_(sd_json_variant_unrefp) sd_json_variant *configuration = NULL;
2261 Link *l;
34be1fad 2262 DnsDelegate *d;
54401c6f
NR		 2263 int r;
2264
2265 assert(m);
2266 assert(ret);
2267
2268 /* Global DNS configuration */
994b3508 2269 r = global_dns_configuration_json_append(m, &configuration);
54401c6f
NR		 2270 if (r < 0)
2271 return r;
2272
2273 /* Append configuration for each link */
2274 HASHMAP_FOREACH(l, m->links) {
994b3508 2275 r = link_dns_configuration_json_append(l, &configuration);
54401c6f
NR		 2276 if (r < 0)
2277 return r;
2278 }
2279
34be1fad
NR		 2280 /* Append configuration for each delegate */
2281 HASHMAP_FOREACH(d, m->delegates) {
2282 r = delegate_dns_configuration_json_append(d, &configuration);
2283 if (r < 0)
2284 return r;
2285 }
2286
54401c6f
NR		 2287 return sd_json_buildo(ret, SD_JSON_BUILD_PAIR_VARIANT("configuration", configuration));
2288}
2289
2290int manager_send_dns_configuration_changed(Manager *m, Link *l, bool reset) {
2291 _cleanup_(sd_json_variant_unrefp) sd_json_variant *configuration = NULL;
2292 int r;
2293
2294 assert(m);
2295
2296 if (set_isempty(m->varlink_dns_configuration_subscription))
2297 return 0;
2298
2299 if (reset) {
2300 dns_server_reset_accessible_all(m->dns_servers);
2301
2302 if (l)
2303 dns_server_reset_accessible_all(l->dns_servers);
2304 }
2305
2306 r = manager_dump_dns_configuration_json(m, &configuration);
2307 if (r < 0)
2308 return log_warning_errno(r, "Failed to dump DNS configuration json: %m");
2309
2310 if (sd_json_variant_equal(configuration, m->dns_configuration_json))
2311 return 0;
2312
2313 JSON_VARIANT_REPLACE(m->dns_configuration_json, TAKE_PTR(configuration));
2314
2315 r = varlink_many_notify(m->varlink_dns_configuration_subscription, m->dns_configuration_json);
2316 if (r < 0)
2317 return log_warning_errno(r, "Failed to send DNS configuration event: %m");
2318
2319 return 0;
2320}
2321
2322int manager_start_dns_configuration_monitor(Manager *m) {
2323 Link *l;
2324 int r;
2325
2326 assert(m);
2327 assert(!m->dns_configuration_json);
2328 assert(!m->netlink_new_route_slot);
2329 assert(!m->netlink_del_route_slot);
2330
2331 dns_server_reset_accessible_all(m->dns_servers);
2332
2333 HASHMAP_FOREACH(l, m->links)
2334 dns_server_reset_accessible_all(l->dns_servers);
2335
2336 r = manager_dump_dns_configuration_json(m, &m->dns_configuration_json);
2337 if (r < 0)
2338 return r;
2339
2340 r = sd_netlink_add_match(m->rtnl, &m->netlink_new_route_slot, RTM_NEWROUTE, manager_process_route, NULL, m, "resolve-NEWROUTE");
2341 if (r < 0)
2342 return r;
2343
2344 r = sd_netlink_add_match(m->rtnl, &m->netlink_del_route_slot, RTM_DELROUTE, manager_process_route, NULL, m, "resolve-DELROUTE");
2345 if (r < 0)
2346 return r;
2347
2348 return 0;
2349}
2350
2351void manager_stop_dns_configuration_monitor(Manager *m) {
2352 assert(m);
2353
2354 m->dns_configuration_json = sd_json_variant_unref(m->dns_configuration_json);
2355 m->netlink_new_route_slot = sd_netlink_slot_unref(m->netlink_new_route_slot);
2356 m->netlink_del_route_slot = sd_netlink_slot_unref(m->netlink_del_route_slot);
2357}
Unnamed repository; edit this file 'description' to name the repository.