]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/resolve/resolved-manager.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ci: enable arm64 runner for build/unit jobs
[thirdparty/systemd.git] / src / resolve / resolved-manager.c
CommitLineData
db9ecf05 1/* SPDX-License-Identifier: LGPL-2.1-or-later */
091a364c 2
ca78ad1d 3#include <fcntl.h>
47a71f98 4#include <linux/ipv6.h>
07630cea
LP		 5#include <netinet/in.h>
6#include <poll.h>
ca78ad1d 7#include <unistd.h>
091a364c 8
284d7641
DDM		 9#include "sd-bus.h"
10#include "sd-netlink.h"
11#include "sd-network.h"
12
a2a416f7 13#include "af-list.h"
b5efdb8a 14#include "alloc-util.h"
14a52176 15#include "daemon-util.h"
943ef07c 16#include "dirent-util.h"
07630cea 17#include "dns-domain.h"
284d7641 18#include "errno-util.h"
ec75e8e0 19#include "event-util.h"
3ffd4af2 20#include "fd-util.h"
98b7c5e2 21#include "hostname-setup.h"
07630cea 22#include "hostname-util.h"
c004493c 23#include "io-util.h"
bd1ae178 24#include "iovec-util.h"
54401c6f 25#include "json-util.h"
2485b7e2 26#include "memstream-util.h"
ef118d00 27#include "missing_network.h"
822db23c 28#include "ordered-set.h"
6bedfcbb 29#include "parse-util.h"
3df3e884 30#include "random-util.h"
39d8db04 31#include "resolved-bus.h"
07630cea 32#include "resolved-conf.h"
68527d30 33#include "resolved-dns-answer.h"
7928c0e0 34#include "resolved-dns-delegate.h"
68527d30
DDM		 35#include "resolved-dns-packet.h"
36#include "resolved-dns-query.h"
37#include "resolved-dns-question.h"
38#include "resolved-dns-rr.h"
39#include "resolved-dns-scope.h"
40#include "resolved-dns-search-domain.h"
41#include "resolved-dns-server.h"
b30bf55d 42#include "resolved-dns-stub.h"
68527d30 43#include "resolved-dns-transaction.h"
cb310866 44#include "resolved-dnssd.h"
dd0bc0f1 45#include "resolved-etc-hosts.h"
68527d30 46#include "resolved-link.h"
5f402ae8 47#include "resolved-llmnr.h"
07630cea 48#include "resolved-manager.h"
bc7702b0 49#include "resolved-mdns.h"
dd0bc0f1 50#include "resolved-resolv-conf.h"
68527d30 51#include "resolved-socket-graveyard.h"
75c9d6b5 52#include "resolved-util.h"
9581bb84 53#include "resolved-varlink.h"
284d7641 54#include "set.h"
1cf40697 55#include "socket-util.h"
07630cea 56#include "string-util.h"
284d7641 57#include "time-util.h"
25ff515b 58#include "varlink-util.h"
74b2466e
LP		 59
60#define SEND_TIMEOUT_USEC (200 * USEC_PER_MSEC)
61
1c4baffc 62static int manager_process_link(sd_netlink *rtnl, sd_netlink_message *mm, void *userdata) {
99534007 63 Manager *m = ASSERT_PTR(userdata);
74b2466e
LP		 64 uint16_t type;
65 Link *l;
66 int ifindex, r;
67
68 assert(rtnl);
74b2466e
LP		 69 assert(mm);
70
1c4baffc 71 r = sd_netlink_message_get_type(mm, &type);
74b2466e
LP		 72 if (r < 0)
73 goto fail;
74
75 r = sd_rtnl_message_link_get_ifindex(mm, &ifindex);
76 if (r < 0)
77 goto fail;
78
79 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
80
81 switch (type) {
82
a2a416f7
LP		 83 case RTM_NEWLINK:{
84 bool is_new = !l;
74b2466e 85
a2a416f7 86 if (!l) {
74b2466e
LP		 87 r = link_new(m, &l, ifindex);
88 if (r < 0)
89 goto fail;
90 }
91
943ef07c 92 r = link_process_rtnl(l, mm);
74b2466e
LP		 93 if (r < 0)
94 goto fail;
95
943ef07c 96 r = link_update(l);
21d73c87
LP		 97 if (r < 0)
98 goto fail;
99
a2a416f7 100 if (is_new)
6ff79f76 101 log_debug("Found new link %i/%s", ifindex, l->ifname);
a2a416f7 102
74b2466e 103 break;
a2a416f7 104 }
74b2466e
LP		 105
106 case RTM_DELLINK:
107 if (l) {
6ff79f76 108 log_debug("Removing link %i/%s", l->ifindex, l->ifname);
943ef07c 109 link_remove_user(l);
74b2466e 110 link_free(l);
562f7bde
LP		 111
112 /* Make sure DNS servers are dropped from written resolv.conf if their link goes away */
113 manager_write_resolv_conf(m);
74b2466e
LP		 114 }
115
116 break;
117 }
118
962b757d
YW		 119 /* Now check all the links, and if mDNS/llmr are disabled everywhere, stop them globally too. */
120 manager_llmnr_maybe_stop(m);
121 manager_mdns_maybe_stop(m);
54401c6f
NR		 122
123 /* The accessible flag on link DNS servers will have been reset by
124 * link_update(). Just reset the global DNS servers. */
125 (void) manager_send_dns_configuration_changed(m, NULL, /* reset= */ true);
126
74b2466e
LP		 127 return 0;
128
129fail:
da927ba9 130 log_warning_errno(r, "Failed to process RTNL link message: %m");
74b2466e
LP		 131 return 0;
132}
133
1c4baffc 134static int manager_process_address(sd_netlink *rtnl, sd_netlink_message *mm, void *userdata) {
99534007 135 Manager *m = ASSERT_PTR(userdata);
cad0fc7a 136 union in_addr_union address, broadcast = {};
74b2466e 137 uint16_t type;
0dd25fb9 138 int r, ifindex, family;
74b2466e
LP		 139 LinkAddress *a;
140 Link *l;
141
142 assert(rtnl);
143 assert(mm);
74b2466e 144
1c4baffc 145 r = sd_netlink_message_get_type(mm, &type);
74b2466e
LP		 146 if (r < 0)
147 goto fail;
148
149 r = sd_rtnl_message_addr_get_ifindex(mm, &ifindex);
150 if (r < 0)
151 goto fail;
152
153 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
154 if (!l)
155 return 0;
156
157 r = sd_rtnl_message_addr_get_family(mm, &family);
158 if (r < 0)
159 goto fail;
160
161 switch (family) {
162
163 case AF_INET:
cad0fc7a 164 sd_netlink_message_read_in_addr(mm, IFA_BROADCAST, &broadcast.in);
1c4baffc 165 r = sd_netlink_message_read_in_addr(mm, IFA_LOCAL, &address.in);
74b2466e 166 if (r < 0) {
1c4baffc 167 r = sd_netlink_message_read_in_addr(mm, IFA_ADDRESS, &address.in);
74b2466e
LP		 168 if (r < 0)
169 goto fail;
170 }
171
172 break;
173
174 case AF_INET6:
1c4baffc 175 r = sd_netlink_message_read_in6_addr(mm, IFA_LOCAL, &address.in6);
74b2466e 176 if (r < 0) {
1c4baffc 177 r = sd_netlink_message_read_in6_addr(mm, IFA_ADDRESS, &address.in6);
74b2466e
LP		 178 if (r < 0)
179 goto fail;
180 }
181
182 break;
183
184 default:
185 return 0;
186 }
187
188 a = link_find_address(l, family, &address);
189
190 switch (type) {
191
192 case RTM_NEWADDR:
193
194 if (!a) {
cad0fc7a 195 r = link_address_new(l, &a, family, &address, &broadcast);
74b2466e
LP		 196 if (r < 0)
197 return r;
198 }
199
200 r = link_address_update_rtnl(a, mm);
201 if (r < 0)
202 return r;
203
204 break;
205
206 case RTM_DELADDR:
3e044c49 207 link_address_free(a);
74b2466e
LP		 208 break;
209 }
210
54401c6f
NR		 211 (void) manager_send_dns_configuration_changed(m, l, /* reset= */ true);
212
74b2466e
LP		 213 return 0;
214
215fail:
da927ba9 216 log_warning_errno(r, "Failed to process RTNL address message: %m");
74b2466e
LP		 217 return 0;
218}
219
54401c6f
NR		 220static int manager_process_route(sd_netlink *rtnl, sd_netlink_message *mm, void *userdata) {
221 Manager *m = ASSERT_PTR(userdata);
222 Link *l = NULL;
223 uint16_t type;
224 uint32_t ifindex = 0;
225 int r;
226
227 assert(rtnl);
228 assert(mm);
229
230 r = sd_netlink_message_get_type(mm, &type);
231 if (r < 0) {
232 log_warning_errno(r, "Failed not get message type, ignoring: %m");
233 return 0;
234 }
235
236 if (!IN_SET(type, RTM_NEWROUTE, RTM_DELROUTE)) {
237 log_warning("Unexpected message type %u when processing route, ignoring.", type);
238 return 0;
239 }
240
241 r = sd_netlink_message_read_u32(mm, RTA_OIF, &ifindex);
242 if (r < 0)
243 log_full_errno(r == -ENODATA ? LOG_DEBUG : LOG_WARNING, r, "Failed to get route ifindex, ignoring: %m");
244 else
245 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
246
247 (void) manager_send_dns_configuration_changed(m, l, /* reset= */ true);
248
249 return 0;
250}
251
74b2466e 252static int manager_rtnl_listen(Manager *m) {
4afd3348 253 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
74b2466e
LP		 254 int r;
255
256 assert(m);
257
cc98b302 258 /* First, subscribe to interfaces coming and going */
1c4baffc 259 r = sd_netlink_open(&m->rtnl);
74b2466e
LP		 260 if (r < 0)
261 return r;
262
2d895038 263 r = sd_netlink_attach_event(m->rtnl, m->event, SD_EVENT_PRIORITY_IMPORTANT);
74b2466e
LP		 264 if (r < 0)
265 return r;
266
8190a388 267 r = sd_netlink_add_match(m->rtnl, NULL, RTM_NEWLINK, manager_process_link, NULL, m, "resolve-NEWLINK");
74b2466e
LP		 268 if (r < 0)
269 return r;
270
8190a388 271 r = sd_netlink_add_match(m->rtnl, NULL, RTM_DELLINK, manager_process_link, NULL, m, "resolve-DELLINK");
74b2466e
LP		 272 if (r < 0)
273 return r;
274
8190a388 275 r = sd_netlink_add_match(m->rtnl, NULL, RTM_NEWADDR, manager_process_address, NULL, m, "resolve-NEWADDR");
74b2466e
LP		 276 if (r < 0)
277 return r;
091a364c 278
8190a388 279 r = sd_netlink_add_match(m->rtnl, NULL, RTM_DELADDR, manager_process_address, NULL, m, "resolve-DELADDR");
74b2466e
LP		 280 if (r < 0)
281 return r;
282
283 /* Then, enumerate all links */
284 r = sd_rtnl_message_new_link(m->rtnl, &req, RTM_GETLINK, 0);
285 if (r < 0)
286 return r;
287
24c0f385 288 r = sd_netlink_message_set_request_dump(req, true);
74b2466e
LP		 289 if (r < 0)
290 return r;
291
1c4baffc 292 r = sd_netlink_call(m->rtnl, req, 0, &reply);
74b2466e
LP		 293 if (r < 0)
294 return r;
295
d856e1a7 296 for (sd_netlink_message *i = reply; i; i = sd_netlink_message_next(i)) {
74b2466e
LP		 297 r = manager_process_link(m->rtnl, i, m);
298 if (r < 0)
299 return r;
300 }
301
1c4baffc
TG		 302 req = sd_netlink_message_unref(req);
303 reply = sd_netlink_message_unref(reply);
74b2466e
LP		 304
305 /* Finally, enumerate all addresses, too */
306 r = sd_rtnl_message_new_addr(m->rtnl, &req, RTM_GETADDR, 0, AF_UNSPEC);
307 if (r < 0)
308 return r;
309
24c0f385 310 r = sd_netlink_message_set_request_dump(req, true);
74b2466e
LP		 311 if (r < 0)
312 return r;
313
1c4baffc 314 r = sd_netlink_call(m->rtnl, req, 0, &reply);
74b2466e
LP		 315 if (r < 0)
316 return r;
317
d856e1a7 318 for (sd_netlink_message *i = reply; i; i = sd_netlink_message_next(i)) {
74b2466e
LP		 319 r = manager_process_address(m->rtnl, i, m);
320 if (r < 0)
321 return r;
322 }
323
324 return r;
325}
326
63b21f50 327static int on_network_event(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
99534007 328 Manager *m = ASSERT_PTR(userdata);
74b2466e
LP		 329 Link *l;
330 int r;
331
74b2466e
LP		 332 sd_network_monitor_flush(m->network_monitor);
333
90e74a66 334 HASHMAP_FOREACH(l, m->links) {
943ef07c 335 r = link_update(l);
74b2466e 336 if (r < 0)
da927ba9 337 log_warning_errno(r, "Failed to update monitor information for %i: %m", l->ifindex);
74b2466e
LP		 338 }
339
7207052d 340 (void) manager_write_resolv_conf(m);
5f3340ca 341 (void) manager_send_changed(m, "DNS");
54401c6f 342 (void) manager_send_dns_configuration_changed(m, NULL, /* reset= */ true);
74b2466e 343
962b757d
YW		 344 /* Now check all the links, and if mDNS/llmr are disabled everywhere, stop them globally too. */
345 manager_llmnr_maybe_stop(m);
346 manager_mdns_maybe_stop(m);
74b2466e
LP		 347 return 0;
348}
349
350static int manager_network_monitor_listen(Manager *m) {
351 int r, fd, events;
352
353 assert(m);
354
0014a4ad 355 r = sd_network_monitor_new(&m->network_monitor, NULL);
74b2466e
LP		 356 if (r < 0)
357 return r;
358
359 fd = sd_network_monitor_get_fd(m->network_monitor);
360 if (fd < 0)
361 return fd;
362
363 events = sd_network_monitor_get_events(m->network_monitor);
364 if (events < 0)
365 return events;
366
367 r = sd_event_add_io(m->event, &m->network_event_source, fd, events, &on_network_event, m);
368 if (r < 0)
2d895038
LP		 369 return r;
370
371 r = sd_event_source_set_priority(m->network_event_source, SD_EVENT_PRIORITY_IMPORTANT+5);
372 if (r < 0)
74b2466e
LP		 373 return r;
374
aa4a9deb
LP		 375 (void) sd_event_source_set_description(m->network_event_source, "network-monitor");
376
74b2466e
LP		 377 return 0;
378}
379
90df0fbe
LP		 380static int manager_clock_change_listen(Manager *m);
381
382static int on_clock_change(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
99534007 383 Manager *m = ASSERT_PTR(userdata);
90df0fbe
LP		 384
385 /* The clock has changed, let's flush all caches. Why that? That's because DNSSEC validation takes
386 * the system clock into consideration, and if the clock changes the old validations might have been
387 * wrong. Let's redo all validation with the new, correct time.
388 *
389 * (Also, this is triggered after system suspend, which is also a good reason to drop caches, since
390 * we might be connected to a different network now without this being visible in a dropped link
391 * carrier or so.) */
392
393 log_info("Clock change detected. Flushing caches.");
394 manager_flush_caches(m, LOG_DEBUG /* downgrade the functions own log message, since we already logged here at LOG_INFO level */);
395
396 /* The clock change timerfd is unusable after it triggered once, create a new one. */
397 return manager_clock_change_listen(m);
398}
399
400static int manager_clock_change_listen(Manager *m) {
90df0fbe
LP		 401 int r;
402
403 assert(m);
404
97935302 405 m->clock_change_event_source = sd_event_source_disable_unref(m->clock_change_event_source);
90df0fbe 406
ec75e8e0 407 r = event_add_time_change(m->event, &m->clock_change_event_source, on_clock_change, m);
90df0fbe
LP		 408 if (r < 0)
409 return log_error_errno(r, "Failed to create clock change event source: %m");
410
90df0fbe
LP		 411 return 0;
412}
413
75c9d6b5 414static int determine_hostnames(char **full_hostname, char **llmnr_hostname, char **mdns_hostname) {
eb60f9cd 415 _cleanup_free_ char *h = NULL, *n = NULL;
87057e24 416 int r;
eb60f9cd 417
e96de0ce 418 assert(full_hostname);
78c6a153
LP		 419 assert(llmnr_hostname);
420 assert(mdns_hostname);
421
75c9d6b5 422 r = resolve_system_hostname(&h, &n);
78c6a153 423 if (r < 0)
75c9d6b5 424 return r;
eb60f9cd 425
7470cc4c 426 r = dns_name_concat(n, "local", 0, mdns_hostname);
78c6a153
LP		 427 if (r < 0)
428 return log_error_errno(r, "Failed to determine mDNS hostname: %m");
429
ae2a15bc
LP		 430 *llmnr_hostname = TAKE_PTR(n);
431 *full_hostname = TAKE_PTR(h);
e96de0ce 432
eb60f9cd
LP		 433 return 0;
434}
435
05c6f341 436static char* fallback_hostname(void) {
a25b0dc8 437
05c6f341
ZJS		 438 /* Determine the fall back hostname. For exposing this system to the outside world, we cannot have it
439 * to be "localhost" even if that's the default hostname. In this case, let's revert to "linux"
440 * instead. */
a25b0dc8 441
05c6f341
ZJS		 442 _cleanup_free_ char *n = get_default_hostname();
443 if (!n)
444 return NULL;
a25b0dc8 445
05c6f341
ZJS		 446 if (is_localhost(n))
447 return strdup("linux");
448
449 return TAKE_PTR(n);
a25b0dc8
LP		 450}
451
452static int make_fallback_hostnames(char **full_hostname, char **llmnr_hostname, char **mdns_hostname) {
05c6f341 453 _cleanup_free_ char *h = NULL, *n = NULL, *m = NULL;
fd7e9887 454 char label[DNS_LABEL_MAX+1];
a25b0dc8
LP		 455 const char *p;
456 int r;
457
458 assert(full_hostname);
459 assert(llmnr_hostname);
460 assert(mdns_hostname);
461
05c6f341
ZJS		 462 p = h = fallback_hostname();
463 if (!h)
464 return log_oom();
465
7470cc4c 466 r = dns_label_unescape(&p, label, sizeof label, 0);
a25b0dc8 467 if (r < 0)
38b38500 468 return log_error_errno(r, "Failed to unescape fallback hostname: %m");
a25b0dc8
LP		 469
470 assert(r > 0); /* The fallback hostname must have at least one label */
471
472 r = dns_label_escape_new(label, r, &n);
473 if (r < 0)
474 return log_error_errno(r, "Failed to escape fallback hostname: %m");
475
7470cc4c 476 r = dns_name_concat(n, "local", 0, &m);
a25b0dc8
LP		 477 if (r < 0)
478 return log_error_errno(r, "Failed to concatenate mDNS hostname: %m");
479
ae2a15bc
LP		 480 *llmnr_hostname = TAKE_PTR(n);
481 *mdns_hostname = TAKE_PTR(m);
05c6f341 482 *full_hostname = TAKE_PTR(h);
a25b0dc8
LP		 483
484 return 0;
485}
486
eb60f9cd 487static int on_hostname_change(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
e96de0ce 488 _cleanup_free_ char *full_hostname = NULL, *llmnr_hostname = NULL, *mdns_hostname = NULL;
99534007 489 Manager *m = ASSERT_PTR(userdata);
86c0411e 490 bool llmnr_hostname_changed;
eb60f9cd
LP		 491 int r;
492
75c9d6b5
ZJS		 493 r = determine_hostnames(&full_hostname, &llmnr_hostname, &mdns_hostname);
494 if (r < 0) {
495 log_warning_errno(r, "Failed to determine the local hostname and LLMNR/mDNS names, ignoring: %m");
eb60f9cd 496 return 0; /* ignore invalid hostnames */
75c9d6b5 497 }
eb60f9cd 498
86c0411e 499 llmnr_hostname_changed = !streq(llmnr_hostname, m->llmnr_hostname);
e96de0ce 500 if (streq(full_hostname, m->full_hostname) &&
86c0411e 501 !llmnr_hostname_changed &&
e96de0ce 502 streq(mdns_hostname, m->mdns_hostname))
eb60f9cd
LP		 503 return 0;
504
e96de0ce 505 log_info("System hostname changed to '%s'.", full_hostname);
78c6a153 506
e96de0ce
LP		 507 free_and_replace(m->full_hostname, full_hostname);
508 free_and_replace(m->llmnr_hostname, llmnr_hostname);
509 free_and_replace(m->mdns_hostname, mdns_hostname);
eb60f9cd
LP		 510
511 manager_refresh_rrs(m);
86c0411e 512 (void) manager_send_changed(m, "LLMNRHostname");
eb60f9cd
LP		 513
514 return 0;
515}
516
517static int manager_watch_hostname(Manager *m) {
eb60f9cd
LP		 518 int r;
519
520 assert(m);
521
db4a47e9
LP		 522 m->hostname_fd = open("/proc/sys/kernel/hostname",
523 O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
eb60f9cd 524 if (m->hostname_fd < 0) {
56f64d95 525 log_warning_errno(errno, "Failed to watch hostname: %m");
eb60f9cd
LP		 526 return 0;
527 }
528
529 r = sd_event_add_io(m->event, &m->hostname_event_source, m->hostname_fd, 0, on_hostname_change, m);
cc983fc9
YW		 530 if (r < 0)
531 return log_error_errno(r, "Failed to add hostname event source: %m");
eb60f9cd 532
aa4a9deb
LP		 533 (void) sd_event_source_set_description(m->hostname_event_source, "hostname");
534
75c9d6b5 535 r = determine_hostnames(&m->full_hostname, &m->llmnr_hostname, &m->mdns_hostname);
eb60f9cd 536 if (r < 0) {
999c2486
LP		 537 _cleanup_free_ char *d = NULL;
538
539 d = fallback_hostname();
540 if (!d)
541 return log_oom();
542
543 log_info("Defaulting to hostname '%s'.", d);
78c6a153 544
a25b0dc8
LP		 545 r = make_fallback_hostnames(&m->full_hostname, &m->llmnr_hostname, &m->mdns_hostname);
546 if (r < 0)
547 return r;
eb60f9cd 548 } else
e96de0ce 549 log_info("Using system hostname '%s'.", m->full_hostname);
eb60f9cd
LP		 550
551 return 0;
552}
553
4d506d6b 554static int manager_sigusr1(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
2485b7e2 555 _cleanup_(memstream_done) MemStream ms = {};
99534007 556 Manager *m = ASSERT_PTR(userdata);
cf84484a 557 Link *l;
2485b7e2 558 FILE *f;
4d506d6b
LP		 559
560 assert(s);
561 assert(si);
4d506d6b 562
2485b7e2 563 f = memstream_init(&ms);
4d506d6b
LP		 564 if (!f)
565 return log_oom();
566
567 LIST_FOREACH(scopes, scope, m->dns_scopes)
568 dns_scope_dump(scope, f);
569
cf84484a
LP		 570 LIST_FOREACH(servers, server, m->dns_servers)
571 dns_server_dump(server, f);
572 LIST_FOREACH(servers, server, m->fallback_dns_servers)
573 dns_server_dump(server, f);
90e74a66 574 HASHMAP_FOREACH(l, m->links)
cf84484a
LP		 575 LIST_FOREACH(servers, server, l->dns_servers)
576 dns_server_dump(server, f);
7928c0e0
LP		 577 DnsDelegate *delegate;
578 HASHMAP_FOREACH(delegate, m->delegates)
579 LIST_FOREACH(servers, server, delegate->dns_servers)
580 dns_server_dump(server, f);
cf84484a 581
2485b7e2 582 return memstream_dump(LOG_INFO, &ms);
4d506d6b
LP		 583}
584
bc81447e 585static int manager_sigusr2(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
99534007 586 Manager *m = ASSERT_PTR(userdata);
bc81447e
LP		 587
588 assert(s);
589 assert(si);
bc81447e 590
90df0fbe 591 manager_flush_caches(m, LOG_INFO);
ba35662f 592
bc81447e
LP		 593 return 0;
594}
595
d55b0463 596static int manager_sigrtmin1(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
99534007 597 Manager *m = ASSERT_PTR(userdata);
d55b0463
LP		 598
599 assert(s);
600 assert(si);
d55b0463
LP		 601
602 manager_reset_server_features(m);
603 return 0;
604}
605
bb351718
LP		 606static int manager_memory_pressure(sd_event_source *s, void *userdata) {
607 Manager *m = ASSERT_PTR(userdata);
608
609 log_info("Under memory pressure, flushing caches.");
610
611 manager_flush_caches(m, LOG_INFO);
612 sd_event_trim_memory();
613
614 return 0;
615}
616
617static int manager_memory_pressure_listen(Manager *m) {
618 int r;
619
620 assert(m);
621
622 r = sd_event_add_memory_pressure(m->event, NULL, manager_memory_pressure, m);
623 if (r < 0)
624 log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) || ERRNO_IS_PRIVILEGE(r) || (r == -EHOSTDOWN )? LOG_DEBUG : LOG_NOTICE, r,
625 "Failed to install memory pressure event source, ignoring: %m");
626
627 return 0;
628}
629
14a52176
LB		 630static void manager_set_defaults(Manager *m) {
631 assert(m);
632
633 m->llmnr_support = DEFAULT_LLMNR_MODE;
634 m->mdns_support = DEFAULT_MDNS_MODE;
635 m->dnssec_mode = DEFAULT_DNSSEC_MODE;
636 m->dns_over_tls_mode = DEFAULT_DNS_OVER_TLS_MODE;
637 m->enable_cache = DNS_CACHE_MODE_YES;
638 m->dns_stub_listener_mode = DNS_STUB_LISTENER_YES;
639 m->read_etc_hosts = true;
640 m->resolve_unicast_single_label = false;
641 m->cache_from_localhost = false;
642 m->stale_retention_usec = 0;
e644b332 643 m->refuse_record_types = set_free(m->refuse_record_types);
14a52176
LB		 644}
645
646static int manager_dispatch_reload_signal(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
647 Manager *m = ASSERT_PTR(userdata);
648 int r;
649
650 (void) notify_reloading();
651
14a52176
LB		 652 dns_server_unlink_on_reload(m->dns_servers);
653 dns_server_unlink_on_reload(m->fallback_dns_servers);
654 m->dns_extra_stub_listeners = ordered_set_free(m->dns_extra_stub_listeners);
752cdf50 655 manager_dns_stub_stop(m);
14a52176
LB		 656 dnssd_service_clear_on_reload(m->dnssd_services);
657 m->unicast_scope = dns_scope_free(m->unicast_scope);
7928c0e0 658 m->delegates = hashmap_free(m->delegates);
14a52176
LB		 659 dns_trust_anchor_flush(&m->trust_anchor);
660
9ed99b07
YW		 661 manager_set_defaults(m);
662
14a52176
LB		 663 r = dns_trust_anchor_load(&m->trust_anchor);
664 if (r < 0)
9ed99b07 665 return sd_event_exit(sd_event_source_get_event(s), r);
14a52176
LB		 666
667 r = manager_parse_config_file(m);
668 if (r < 0)
9ed99b07 669 log_warning_errno(r, "Failed to parse configuration file on reload, ignoring: %m");
14a52176
LB		 670 else
671 log_info("Config file reloaded.");
672
9ed99b07
YW		 673 (void) dnssd_load(m);
674 (void) manager_load_delegates(m);
7928c0e0 675
14a52176
LB		 676 /* The default scope configuration is influenced by the manager's configuration (modes, etc.), so
677 * recreate it on reload. */
7928c0e0 678 r = dns_scope_new(m, &m->unicast_scope, DNS_SCOPE_GLOBAL, /* link= */ NULL, /* delegate= */ NULL, DNS_PROTOCOL_DNS, AF_UNSPEC);
14a52176 679 if (r < 0)
9ed99b07 680 return sd_event_exit(sd_event_source_get_event(s), r);
14a52176
LB		 681
682 /* The configuration has changed, so reload the per-interface configuration too in order to take
683 * into account any changes (e.g.: enable/disable DNSSEC). */
63b21f50 684 r = on_network_event(/* source= */ NULL, -EBADF, /* revents= */ 0, m);
14a52176 685 if (r < 0)
9ed99b07 686 log_warning_errno(r, "Failed to update network information on reload, ignoring: %m");
14a52176
LB		 687
688 /* We have new configuration, which means potentially new servers, so close all connections and drop
689 * all caches, so that we can start fresh. */
690 (void) dns_stream_disconnect_all(m);
691 manager_flush_caches(m, LOG_INFO);
692 manager_verify_all(m);
693
752cdf50
YW		 694 r = manager_dns_stub_start(m);
695 if (r < 0)
696 return sd_event_exit(sd_event_source_get_event(s), r);
697
c147cd9a 698 (void) sd_notify(/* unset_environment= */ false, NOTIFY_READY_MESSAGE);
14a52176
LB		 699 return 0;
700}
701
091a364c 702int manager_new(Manager **ret) {
74b2466e 703 _cleanup_(manager_freep) Manager *m = NULL;
091a364c
TG		 704 int r;
705
c92e531c
LP		 706 assert(ret);
707
f55f2dce 708 m = new(Manager, 1);
091a364c
TG		 709 if (!m)
710 return -ENOMEM;
711
f55f2dce 712 *m = (Manager) {
254d1313
ZJS		 713 .llmnr_ipv4_udp_fd = -EBADF,
714 .llmnr_ipv6_udp_fd = -EBADF,
715 .llmnr_ipv4_tcp_fd = -EBADF,
716 .llmnr_ipv6_tcp_fd = -EBADF,
717 .mdns_ipv4_fd = -EBADF,
718 .mdns_ipv6_fd = -EBADF,
719 .hostname_fd = -EBADF,
f55f2dce 720
f55f2dce
YW		 721 .read_resolv_conf = true,
722 .need_builtin_fallbacks = true,
723 .etc_hosts_last = USEC_INFINITY,
bb351718
LP		 724
725 .sigrtmin18_info.memory_pressure_handler = manager_memory_pressure,
726 .sigrtmin18_info.memory_pressure_userdata = m,
f55f2dce 727 };
091a364c 728
14a52176
LB		 729 manager_set_defaults(m);
730
0d2cd476
LP		 731 r = dns_trust_anchor_load(&m->trust_anchor);
732 if (r < 0)
733 return r;
734
ad6c0475
LP		 735 r = manager_parse_config_file(m);
736 if (r < 0)
872603b5 737 log_warning_errno(r, "Failed to parse configuration file, ignoring: %m");
ad6c0475 738
e22c5b20 739#if ENABLE_DNS_OVER_TLS
71a681ae
IT		 740 r = dnstls_manager_init(m);
741 if (r < 0)
742 return r;
e22c5b20
IT		 743#endif
744
091a364c
TG		 745 r = sd_event_default(&m->event);
746 if (r < 0)
747 return r;
748
d7a6bb98
LP		 749 r = sd_event_set_signal_exit(m->event, true);
750 if (r < 0)
751 return r;
091a364c 752
1ae17292 753 (void) sd_event_set_watchdog(m->event, true);
091a364c 754
eb60f9cd
LP		 755 r = manager_watch_hostname(m);
756 if (r < 0)
757 return r;
758
872603b5
YW		 759 (void) dnssd_load(m);
760 (void) manager_load_delegates(m);
7928c0e0
LP		 761
762 r = dns_scope_new(m, &m->unicast_scope, DNS_SCOPE_GLOBAL, /* link= */ NULL, /* delegate= */ NULL, DNS_PROTOCOL_DNS, AF_UNSPEC);
74b2466e
LP		 763 if (r < 0)
764 return r;
765
766 r = manager_network_monitor_listen(m);
767 if (r < 0)
768 return r;
769
770 r = manager_rtnl_listen(m);
771 if (r < 0)
772 return r;
773
90df0fbe
LP		 774 r = manager_clock_change_listen(m);
775 if (r < 0)
776 return r;
777
bb351718
LP		 778 r = manager_memory_pressure_listen(m);
779 if (r < 0)
780 return r;
781
74b2466e
LP		 782 r = manager_connect_bus(m);
783 if (r < 0)
784 return r;
785
00299a80 786 r = sd_event_add_signal(m->event, /* ret= */ NULL, SIGHUP | SD_EVENT_SIGNAL_PROCMASK, manager_dispatch_reload_signal, m);
d7a6bb98
LP		 787 if (r < 0)
788 return log_debug_errno(r, "Failed install SIGHUP handler: %m");
789
00299a80 790 r = sd_event_add_signal(m->event, /* ret= */ NULL, SIGUSR1 | SD_EVENT_SIGNAL_PROCMASK, manager_sigusr1, m);
d7a6bb98
LP		 791 if (r < 0)
792 return log_debug_errno(r, "Failed install SIGUSR1 handler: %m");
793
00299a80 794 r = sd_event_add_signal(m->event, /* ret= */ NULL, SIGUSR2 | SD_EVENT_SIGNAL_PROCMASK, manager_sigusr2, m);
d7a6bb98
LP		 795 if (r < 0)
796 return log_debug_errno(r, "Failed install SIGUSR2 handler: %m");
797
00299a80 798 r = sd_event_add_signal(m->event, /* ret= */ NULL, (SIGRTMIN+1) | SD_EVENT_SIGNAL_PROCMASK, manager_sigrtmin1, m);
d7a6bb98
LP		 799 if (r < 0)
800 return log_debug_errno(r, "Failed install SIGRTMIN+1 handler: %m");
801
00299a80 802 r = sd_event_add_signal(m->event, /* ret= */ NULL, (SIGRTMIN+18) | SD_EVENT_SIGNAL_PROCMASK, sigrtmin18_handler, &m->sigrtmin18_info);
d7a6bb98
LP		 803 if (r < 0)
804 return log_debug_errno(r, "Failed install SIGRTMIN+18 handler: %m");
4d506d6b 805
943ef07c
LP		 806 manager_cleanup_saved_user(m);
807
1cc6c93a 808 *ret = TAKE_PTR(m);
091a364c
TG		 809
810 return 0;
811}
812
edc501d4
LP		 813int manager_start(Manager *m) {
814 int r;
815
816 assert(m);
817
b30bf55d
LP		 818 r = manager_dns_stub_start(m);
819 if (r < 0)
820 return r;
821
9581bb84
LP		 822 r = manager_varlink_init(m);
823 if (r < 0)
824 return r;
825
edc501d4
LP		 826 return 0;
827}
828
450a4edf 829Manager* manager_free(Manager *m) {
74b2466e 830 Link *l;
091a364c
TG		 831
832 if (!m)
74b2466e
LP		 833 return NULL;
834
4b95f179
LP		 835 dns_server_unlink_all(m->dns_servers);
836 dns_server_unlink_all(m->fallback_dns_servers);
a51c1048
LP		 837 dns_search_domain_unlink_all(m->search_domains);
838
74b2466e
LP		 839 while ((l = hashmap_first(m->links)))
840 link_free(l);
f0e15467 841
7928c0e0
LP		 842 m->delegates = hashmap_free(m->delegates);
843
f0e15467
LP		 844 while (m->dns_queries)
845 dns_query_free(m->dns_queries);
74b2466e 846
bde69bbd 847 m->stub_queries_by_packet = hashmap_free(m->stub_queries_by_packet);
7928c0e0 848 m->unicast_scope = dns_scope_free(m->unicast_scope);
cab5b059 849
b30bf55d
LP		 850 /* At this point only orphaned streams should remain. All others should have been freed already by their
851 * owners */
852 while (m->dns_streams)
853 dns_stream_unref(m->dns_streams);
854
e22c5b20
IT		 855#if ENABLE_DNS_OVER_TLS
856 dnstls_manager_free(m);
857#endif
858
81ae2237 859 set_free(m->refuse_record_types);
f0e15467
LP		 860 hashmap_free(m->links);
861 hashmap_free(m->dns_transactions);
862
096b6773
LP		 863 sd_event_source_unref(m->network_event_source);
864 sd_network_monitor_unref(m->network_monitor);
091a364c 865
54401c6f
NR		 866 sd_netlink_slot_unref(m->netlink_new_route_slot);
867 sd_netlink_slot_unref(m->netlink_del_route_slot);
a564ca2f
LP		 868 sd_netlink_unref(m->rtnl);
869 sd_event_source_unref(m->rtnl_event_source);
90df0fbe 870 sd_event_source_unref(m->clock_change_event_source);
a564ca2f 871
54401c6f
NR		 872 sd_json_variant_unref(m->dns_configuration_json);
873
edc501d4 874 manager_llmnr_stop(m);
bc7702b0 875 manager_mdns_stop(m);
b30bf55d 876 manager_dns_stub_stop(m);
9581bb84 877 manager_varlink_done(m);
623a4c97 878
80710ade
LP		 879 manager_socket_graveyard_clear(m);
880
46505826 881 ordered_set_free(m->dns_extra_stub_listeners);
1f05101f 882
2a1ffd3e 883 hashmap_free(m->polkit_registry);
2400ae29 884
92e31da1 885 sd_bus_flush_close_unref(m->bus);
091a364c 886
78c6a153
LP		 887 dns_resource_key_unref(m->llmnr_host_ipv4_key);
888 dns_resource_key_unref(m->llmnr_host_ipv6_key);
400cb36e
DR		 889 dns_resource_key_unref(m->mdns_host_ipv4_key);
890 dns_resource_key_unref(m->mdns_host_ipv6_key);
eb60f9cd 891
eb60f9cd 892 sd_event_source_unref(m->hostname_event_source);
d9fcf2ba 893 safe_close(m->hostname_fd);
e96de0ce 894
f2ec080e
ZJS		 895 sd_event_unref(m->event);
896
e96de0ce 897 free(m->full_hostname);
78c6a153
LP		 898 free(m->llmnr_hostname);
899 free(m->mdns_hostname);
eb60f9cd 900
7928c0e0 901 DnssdService *s;
6501dd31
DR		 902 while ((s = hashmap_first(m->dnssd_services)))
903 dnssd_service_free(s);
904 hashmap_free(m->dnssd_services);
905
0d2cd476 906 dns_trust_anchor_flush(&m->trust_anchor);
dd0bc0f1 907 manager_etc_hosts_flush(m);
0d2cd476 908
6b430fdb 909 return mfree(m);
091a364c
TG		 910}
911
1716f6dc 912int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) {
74b2466e 913 _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
fb29cdbe
LP		 914 CMSG_BUFFER_TYPE(CMSG_SPACE(MAXSIZE(struct in_pktinfo, struct in6_pktinfo))
915 + CMSG_SPACE(int) /* ttl/hoplimit */
916 + EXTRA_CMSG_SPACE /* kernel appears to require extra buffer space */) control;
1716f6dc 917 union sockaddr_union sa;
74b2466e 918 struct iovec iov;
f55f2dce
YW		 919 struct msghdr mh = {
920 .msg_name = &sa.sa,
921 .msg_namelen = sizeof(sa),
922 .msg_iov = &iov,
923 .msg_iovlen = 1,
924 .msg_control = &control,
925 .msg_controllen = sizeof(control),
926 };
927 struct cmsghdr *cmsg;
4edc2c9b
LP		 928 ssize_t ms, l;
929 int r;
74b2466e
LP		 930
931 assert(m);
1716f6dc 932 assert(fd >= 0);
74b2466e
LP		 933 assert(ret);
934
4edc2c9b 935 ms = next_datagram_size_fd(fd);
74b2466e 936 if (ms < 0)
4edc2c9b 937 return ms;
74b2466e 938
51027656 939 r = dns_packet_new(&p, protocol, ms, DNS_PACKET_SIZE_MAX);
74b2466e
LP		 940 if (r < 0)
941 return r;
942
cb310866 943 iov = IOVEC_MAKE(DNS_PACKET_DATA(p), p->allocated);
74b2466e 944
3691bcf3 945 l = recvmsg_safe(fd, &mh, 0);
bb44fd07 946 if (ERRNO_IS_NEG_TRANSIENT(l))
8add30a0 947 return 0;
bb44fd07
ZJS		 948 if (l <= 0)
949 return l;
091a364c 950
74b2466e 951 p->size = (size_t) l;
091a364c 952
1716f6dc 953 p->family = sa.sa.sa_family;
623a4c97
LP		 954 p->ipproto = IPPROTO_UDP;
955 if (p->family == AF_INET) {
1716f6dc 956 p->sender.in = sa.in.sin_addr;
623a4c97
LP		 957 p->sender_port = be16toh(sa.in.sin_port);
958 } else if (p->family == AF_INET6) {
1716f6dc 959 p->sender.in6 = sa.in6.sin6_addr;
623a4c97
LP		 960 p->sender_port = be16toh(sa.in6.sin6_port);
961 p->ifindex = sa.in6.sin6_scope_id;
962 } else
1716f6dc 963 return -EAFNOSUPPORT;
74b2466e 964
ba4e0427 965 p->timestamp = now(CLOCK_BOOTTIME);
5777c613 966
2a1288ff 967 CMSG_FOREACH(cmsg, &mh) {
74b2466e 968
1716f6dc
LP		 969 if (cmsg->cmsg_level == IPPROTO_IPV6) {
970 assert(p->family == AF_INET6);
74b2466e 971
1716f6dc 972 switch (cmsg->cmsg_type) {
74b2466e 973
1716f6dc 974 case IPV6_PKTINFO: {
b1d02191 975 struct in6_pktinfo *i = CMSG_TYPED_DATA(cmsg, struct in6_pktinfo);
74b2466e 976
623a4c97
LP		 977 if (p->ifindex <= 0)
978 p->ifindex = i->ipi6_ifindex;
979
1716f6dc
LP		 980 p->destination.in6 = i->ipi6_addr;
981 break;
982 }
74b2466e 983
1716f6dc 984 case IPV6_HOPLIMIT:
b1d02191 985 p->ttl = *CMSG_TYPED_DATA(cmsg, int);
1716f6dc 986 break;
74b2466e 987
20a001bd 988 case IPV6_RECVFRAGSIZE:
b1d02191 989 p->fragsize = *CMSG_TYPED_DATA(cmsg, int);
20a001bd 990 break;
1716f6dc
LP		 991 }
992 } else if (cmsg->cmsg_level == IPPROTO_IP) {
993 assert(p->family == AF_INET);
74b2466e 994
1716f6dc 995 switch (cmsg->cmsg_type) {
74b2466e 996
1716f6dc 997 case IP_PKTINFO: {
b1d02191 998 struct in_pktinfo *i = CMSG_TYPED_DATA(cmsg, struct in_pktinfo);
091a364c 999
623a4c97
LP		 1000 if (p->ifindex <= 0)
1001 p->ifindex = i->ipi_ifindex;
1002
1716f6dc
LP		 1003 p->destination.in = i->ipi_addr;
1004 break;
1005 }
74b2466e 1006
623a4c97 1007 case IP_TTL:
b1d02191 1008 p->ttl = *CMSG_TYPED_DATA(cmsg, int);
1716f6dc 1009 break;
20a001bd
LP		 1010
1011 case IP_RECVFRAGSIZE:
b1d02191 1012 p->fragsize = *CMSG_TYPED_DATA(cmsg, int);
20a001bd 1013 break;
1716f6dc
LP		 1014 }
1015 }
1016 }
74b2466e 1017
623a4c97
LP		 1018 /* The Linux kernel sets the interface index to the loopback
1019 * device if the packet came from the local host since it
1020 * avoids the routing table in such a case. Let's unset the
1021 * interface index in such a case. */
a5f03596 1022 if (p->ifindex == LOOPBACK_IFINDEX)
623a4c97
LP		 1023 p->ifindex = 0;
1024
86ad4cd7
TG		 1025 if (protocol != DNS_PROTOCOL_DNS) {
1026 /* If we don't know the interface index still, we look for the
1027 * first local interface with a matching address. Yuck! */
1028 if (p->ifindex <= 0)
1029 p->ifindex = manager_find_ifindex(m, p->family, &p->destination);
1030 }
623a4c97 1031
c0f86d66 1032 log_debug("Received %s UDP packet of size %zu, ifindex=%i, ttl=%u, fragsize=%zu, sender=%s, destination=%s",
84dbb3fd
ZJS		 1033 dns_protocol_to_string(protocol), p->size, p->ifindex, p->ttl, p->fragsize,
1034 IN_ADDR_TO_STRING(p->family, &p->sender),
1035 IN_ADDR_TO_STRING(p->family, &p->destination));
74b2466e 1036
f7155840 1037 *ret = TAKE_PTR(p);
74b2466e
LP		 1038 return 1;
1039}
1040
ed6c5178 1041int sendmsg_loop(int fd, struct msghdr *mh, int flags) {
6d66a221 1042 usec_t end;
74b2466e
LP		 1043 int r;
1044
1045 assert(fd >= 0);
1046 assert(mh);
1047
6d66a221
LP		 1048 end = usec_add(now(CLOCK_MONOTONIC), SEND_TIMEOUT_USEC);
1049
74b2466e
LP		 1050 for (;;) {
1051 if (sendmsg(fd, mh, flags) >= 0)
1052 return 0;
74b2466e
LP		 1053 if (errno == EINTR)
1054 continue;
74b2466e
LP		 1055 if (errno != EAGAIN)
1056 return -errno;
1057
6d66a221 1058 r = fd_wait_for_event(fd, POLLOUT, LESS_BY(end, now(CLOCK_MONOTONIC)));
bb44fd07
ZJS		 1059 if (ERRNO_IS_NEG_TRANSIENT(r))
1060 continue;
1061 if (r < 0)
74b2466e
LP		 1062 return r;
1063 if (r == 0)
1064 return -ETIMEDOUT;
1065 }
1066}
1067
72290734 1068static int write_loop(int fd, void *message, size_t length) {
6d66a221 1069 usec_t end;
72290734
TG		 1070 int r;
1071
1072 assert(fd >= 0);
1073 assert(message);
1074
6d66a221
LP		 1075 end = usec_add(now(CLOCK_MONOTONIC), SEND_TIMEOUT_USEC);
1076
72290734
TG		 1077 for (;;) {
1078 if (write(fd, message, length) >= 0)
1079 return 0;
72290734
TG		 1080 if (errno == EINTR)
1081 continue;
72290734
TG		 1082 if (errno != EAGAIN)
1083 return -errno;
1084
6d66a221 1085 r = fd_wait_for_event(fd, POLLOUT, LESS_BY(end, now(CLOCK_MONOTONIC)));
bb44fd07
ZJS		 1086 if (ERRNO_IS_NEG_TRANSIENT(r))
1087 continue;
1088 if (r < 0)
72290734
TG		 1089 return r;
1090 if (r == 0)
1091 return -ETIMEDOUT;
1092 }
1093}
1094
1095int manager_write(Manager *m, int fd, DnsPacket *p) {
1096 int r;
1097
76f77229
LP		 1098 log_debug("Sending %s%s packet with id %" PRIu16 " of size %zu.",
1099 DNS_PACKET_TC(p) ? "truncated (!) " : "",
1100 DNS_PACKET_QR(p) ? "response" : "query",
1101 DNS_PACKET_ID(p),
1102 p->size);
72290734
TG		 1103
1104 r = write_loop(fd, DNS_PACKET_DATA(p), p->size);
1105 if (r < 0)
1106 return r;
1107
1108 return 0;
1109}
1110
b30bf55d
LP		 1111static int manager_ipv4_send(
1112 Manager *m,
1113 int fd,
1114 int ifindex,
1115 const struct in_addr *destination,
1116 uint16_t port,
1117 const struct in_addr *source,
1118 DnsPacket *p) {
fb29cdbe
LP		 1119
1120 CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct in_pktinfo))) control = {};
f55f2dce 1121 union sockaddr_union sa;
74b2466e 1122 struct iovec iov;
f55f2dce
YW		 1123 struct msghdr mh = {
1124 .msg_iov = &iov,
1125 .msg_iovlen = 1,
1126 .msg_name = &sa.sa,
1127 .msg_namelen = sizeof(sa.in),
1128 };
74b2466e
LP		 1129
1130 assert(m);
1716f6dc 1131 assert(fd >= 0);
b30bf55d 1132 assert(destination);
1716f6dc 1133 assert(port > 0);
74b2466e
LP		 1134 assert(p);
1135
cb310866 1136 iov = IOVEC_MAKE(DNS_PACKET_DATA(p), p->size);
091a364c 1137
f55f2dce
YW		 1138 sa = (union sockaddr_union) {
1139 .in.sin_family = AF_INET,
1140 .in.sin_addr = *destination,
1141 .in.sin_port = htobe16(port),
1142 };
091a364c 1143
74b2466e
LP		 1144 if (ifindex > 0) {
1145 struct cmsghdr *cmsg;
1146 struct in_pktinfo *pi;
1147
1716f6dc 1148 mh.msg_control = &control;
a258f491 1149 mh.msg_controllen = sizeof(control);
74b2466e
LP		 1150
1151 cmsg = CMSG_FIRSTHDR(&mh);
a258f491 1152 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
74b2466e
LP		 1153 cmsg->cmsg_level = IPPROTO_IP;
1154 cmsg->cmsg_type = IP_PKTINFO;
1155
b5d39bb3 1156 pi = CMSG_TYPED_DATA(cmsg, struct in_pktinfo);
74b2466e 1157 pi->ipi_ifindex = ifindex;
b30bf55d
LP		 1158
1159 if (source)
1160 pi->ipi_spec_dst = *source;
74b2466e
LP		 1161 }
1162
1163 return sendmsg_loop(fd, &mh, 0);
1164}
1165
b30bf55d
LP		 1166static int manager_ipv6_send(
1167 Manager *m,
1168 int fd,
1169 int ifindex,
1170 const struct in6_addr *destination,
1171 uint16_t port,
1172 const struct in6_addr *source,
1173 DnsPacket *p) {
1174
fb29cdbe 1175 CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct in6_pktinfo))) control = {};
f55f2dce 1176 union sockaddr_union sa;
74b2466e 1177 struct iovec iov;
f55f2dce
YW		 1178 struct msghdr mh = {
1179 .msg_iov = &iov,
1180 .msg_iovlen = 1,
1181 .msg_name = &sa.sa,
1182 .msg_namelen = sizeof(sa.in6),
1183 };
74b2466e
LP		 1184
1185 assert(m);
1716f6dc 1186 assert(fd >= 0);
b30bf55d 1187 assert(destination);
1716f6dc 1188 assert(port > 0);
74b2466e
LP		 1189 assert(p);
1190
cb310866 1191 iov = IOVEC_MAKE(DNS_PACKET_DATA(p), p->size);
74b2466e 1192
f55f2dce
YW		 1193 sa = (union sockaddr_union) {
1194 .in6.sin6_family = AF_INET6,
1195 .in6.sin6_addr = *destination,
1196 .in6.sin6_port = htobe16(port),
1197 .in6.sin6_scope_id = ifindex,
1198 };
74b2466e
LP		 1199
1200 if (ifindex > 0) {
1201 struct cmsghdr *cmsg;
1202 struct in6_pktinfo *pi;
1203
1716f6dc 1204 mh.msg_control = &control;
a258f491 1205 mh.msg_controllen = sizeof(control);
74b2466e
LP		 1206
1207 cmsg = CMSG_FIRSTHDR(&mh);
a258f491 1208 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
74b2466e
LP		 1209 cmsg->cmsg_level = IPPROTO_IPV6;
1210 cmsg->cmsg_type = IPV6_PKTINFO;
1211
b5d39bb3 1212 pi = CMSG_TYPED_DATA(cmsg, struct in6_pktinfo);
74b2466e 1213 pi->ipi6_ifindex = ifindex;
b30bf55d
LP		 1214
1215 if (source)
1216 pi->ipi6_addr = *source;
74b2466e
LP		 1217 }
1218
1219 return sendmsg_loop(fd, &mh, 0);
1220}
1221
309a747f
LP		 1222static int dns_question_to_json(DnsQuestion *q, sd_json_variant **ret) {
1223 _cleanup_(sd_json_variant_unrefp) sd_json_variant *l = NULL;
72c2d39e
LP		 1224 DnsResourceKey *key;
1225 int r;
1226
1227 assert(ret);
1228
1229 DNS_QUESTION_FOREACH(key, q) {
309a747f 1230 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
72c2d39e
LP		 1231
1232 r = dns_resource_key_to_json(key, &v);
1233 if (r < 0)
1234 return r;
1235
309a747f 1236 r = sd_json_variant_append_array(&l, v);
72c2d39e
LP		 1237 if (r < 0)
1238 return r;
1239 }
1240
1241 *ret = TAKE_PTR(l);
1242 return 0;
1243}
1244
d9f9b8ce 1245int manager_monitor_send(Manager *m, DnsQuery *q) {
309a747f 1246 _cleanup_(sd_json_variant_unrefp) sd_json_variant *jquestion = NULL, *jcollected_questions = NULL, *janswer = NULL;
72c2d39e 1247 _cleanup_(dns_question_unrefp) DnsQuestion *merged = NULL;
72c2d39e
LP		 1248 DnsAnswerItem *rri;
1249 int r;
cb456374
SK		 1250
1251 assert(m);
1252
cf22b5c5 1253 if (set_isempty(m->varlink_query_results_subscription))
cb456374
SK		 1254 return 0;
1255
ae55c9c0 1256 /* Merge all questions into one */
d9f9b8ce 1257 r = dns_question_merge(q->question_idna, q->question_utf8, &merged);
72c2d39e
LP		 1258 if (r < 0)
1259 return log_error_errno(r, "Failed to merge UTF8/IDNA questions: %m");
1260
d9f9b8ce 1261 if (q->question_bypass) {
ae55c9c0
LP		 1262 _cleanup_(dns_question_unrefp) DnsQuestion *merged2 = NULL;
1263
d9f9b8ce 1264 r = dns_question_merge(merged, q->question_bypass->question, &merged2);
ae55c9c0
LP		 1265 if (r < 0)
1266 return log_error_errno(r, "Failed to merge UTF8/IDNA questions and DNS packet question: %m");
1267
1268 dns_question_unref(merged);
1269 merged = TAKE_PTR(merged2);
1270 }
1271
72c2d39e
LP		 1272 /* Convert the current primary question to JSON */
1273 r = dns_question_to_json(merged, &jquestion);
1274 if (r < 0)
1275 return log_error_errno(r, "Failed to convert question to JSON: %m");
cb456374 1276
64ebc0da 1277 /* Generate a JSON array of the questions preceding the current one in the CNAME chain */
d9f9b8ce 1278 r = dns_question_to_json(q->collected_questions, &jcollected_questions);
72c2d39e
LP		 1279 if (r < 0)
1280 return log_error_errno(r, "Failed to convert question to JSON: %m");
1281
d9f9b8ce 1282 DNS_ANSWER_FOREACH_ITEM(rri, q->answer) {
309a747f 1283 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
72c2d39e
LP		 1284
1285 r = dns_resource_record_to_json(rri->rr, &v);
cb456374 1286 if (r < 0)
72c2d39e 1287 return log_error_errno(r, "Failed to convert answer resource record to JSON: %m");
cb456374 1288
72c2d39e
LP		 1289 r = dns_resource_record_to_wire_format(rri->rr, /* canonical= */ false); /* don't use DNSSEC canonical format, since it removes casing, but we want that for DNS_SD compat */
1290 if (r < 0)
1291 return log_error_errno(r, "Failed to generate RR wire format: %m");
cb456374 1292
be5bee2a 1293 r = sd_json_variant_append_arraybo(
c91f581c 1294 &janswer,
be5bee2a
LP		 1295 SD_JSON_BUILD_PAIR_CONDITION(!!v, "rr", SD_JSON_BUILD_VARIANT(v)),
1296 SD_JSON_BUILD_PAIR("raw", SD_JSON_BUILD_BASE64(rri->rr->wire_format, rri->rr->wire_format_size)),
1297 SD_JSON_BUILD_PAIR_CONDITION(rri->ifindex > 0, "ifindex", SD_JSON_BUILD_INTEGER(rri->ifindex)));
72c2d39e
LP		 1298 if (r < 0)
1299 return log_debug_errno(r, "Failed to append notification entry to array: %m");
1300 }
cb456374 1301
05f47839 1302 r = varlink_many_notifybo(
cf22b5c5 1303 m->varlink_query_results_subscription,
05f47839
LP		 1304 SD_JSON_BUILD_PAIR("state", SD_JSON_BUILD_STRING(dns_transaction_state_to_string(q->state))),
1305 SD_JSON_BUILD_PAIR_CONDITION(q->state == DNS_TRANSACTION_DNSSEC_FAILED,
1306 "result", SD_JSON_BUILD_STRING(dnssec_result_to_string(q->answer_dnssec_result))),
1307 SD_JSON_BUILD_PAIR_CONDITION(q->state == DNS_TRANSACTION_RCODE_FAILURE,
1308 "rcode", SD_JSON_BUILD_INTEGER(q->answer_rcode)),
1309 SD_JSON_BUILD_PAIR_CONDITION(q->state == DNS_TRANSACTION_ERRNO,
1310 "errno", SD_JSON_BUILD_INTEGER(q->answer_errno)),
1311 SD_JSON_BUILD_PAIR_CONDITION(IN_SET(q->state,
1312 DNS_TRANSACTION_DNSSEC_FAILED,
1313 DNS_TRANSACTION_RCODE_FAILURE) &&
1314 q->answer_ede_rcode >= 0,
1315 "extendedDNSErrorCode", SD_JSON_BUILD_INTEGER(q->answer_ede_rcode)),
1316 SD_JSON_BUILD_PAIR_CONDITION(IN_SET(q->state,
1317 DNS_TRANSACTION_DNSSEC_FAILED,
1318 DNS_TRANSACTION_RCODE_FAILURE) &&
1319 q->answer_ede_rcode >= 0 && !isempty(q->answer_ede_msg),
1320 "extendedDNSErrorMessage", SD_JSON_BUILD_STRING(q->answer_ede_msg)),
1321 SD_JSON_BUILD_PAIR("question", SD_JSON_BUILD_VARIANT(jquestion)),
1322 SD_JSON_BUILD_PAIR_CONDITION(!!jcollected_questions,
1323 "collectedQuestions", SD_JSON_BUILD_VARIANT(jcollected_questions)),
1324 SD_JSON_BUILD_PAIR_CONDITION(!!janswer,
be5bee2a 1325 "answer", SD_JSON_BUILD_VARIANT(janswer)));
05f47839
LP		 1326 if (r < 0)
1327 log_debug_errno(r, "Failed to send monitor event, ignoring: %m");
72c2d39e 1328
cb456374
SK		 1329 return 0;
1330}
1331
b30bf55d
LP		 1332int manager_send(
1333 Manager *m,
1334 int fd,
1335 int ifindex,
1336 int family,
1337 const union in_addr_union *destination,
1338 uint16_t port,
1339 const union in_addr_union *source,
1340 DnsPacket *p) {
1341
1716f6dc
LP		 1342 assert(m);
1343 assert(fd >= 0);
b30bf55d 1344 assert(destination);
1716f6dc
LP		 1345 assert(port > 0);
1346 assert(p);
1347
614af79c
YW		 1348 /* For mDNS, it is natural that the packet have truncated flag when we have many known answers. */
1349 bool truncated = DNS_PACKET_TC(p) && (p->protocol != DNS_PROTOCOL_MDNS || !p->more);
1350
76f77229 1351 log_debug("Sending %s%s packet with id %" PRIu16 " on interface %i/%s of size %zu.",
614af79c 1352 truncated ? "truncated (!) " : "",
76f77229
LP		 1353 DNS_PACKET_QR(p) ? "response" : "query",
1354 DNS_PACKET_ID(p),
1355 ifindex, af_to_name(family),
1356 p->size);
a2a416f7 1357
1716f6dc 1358 if (family == AF_INET)
25270cf3 1359 return manager_ipv4_send(m, fd, ifindex, &destination->in, port, source ? &source->in : NULL, p);
2817157b 1360 if (family == AF_INET6)
25270cf3 1361 return manager_ipv6_send(m, fd, ifindex, &destination->in6, port, source ? &source->in6 : NULL, p);
1716f6dc
LP		 1362
1363 return -EAFNOSUPPORT;
1364}
1365
e1c95994
LP		 1366uint32_t manager_find_mtu(Manager *m) {
1367 uint32_t mtu = 0;
1368 Link *l;
e1c95994 1369
5a0d0b8f 1370 /* If we don't know on which link a DNS packet would be delivered, let's find the largest MTU that
4301cb32 1371 * works on all interfaces we know of that have an IP address associated */
e1c95994 1372
90e74a66 1373 HASHMAP_FOREACH(l, m->links) {
5a0d0b8f
LP		 1374 /* Let's filter out links without IP addresses (e.g. AF_CAN links and suchlike) */
1375 if (!l->addresses)
1376 continue;
1377
1378 /* Safety check: MTU shorter than what we need for the absolutely shortest DNS request? Then
1379 * let's ignore this link. */
1380 if (l->mtu < MIN(UDP4_PACKET_HEADER_SIZE + DNS_PACKET_HEADER_SIZE,
1381 UDP6_PACKET_HEADER_SIZE + DNS_PACKET_HEADER_SIZE))
e1c95994
LP		 1382 continue;
1383
1384 if (mtu <= 0 || l->mtu < mtu)
1385 mtu = l->mtu;
1386 }
1387
5a0d0b8f
LP		 1388 if (mtu == 0) /* found nothing? then let's assume the typical Ethernet MTU for lack of anything more precise */
1389 return 1500;
1390
e1c95994
LP		 1391 return mtu;
1392}
1716f6dc 1393
623a4c97 1394int manager_find_ifindex(Manager *m, int family, const union in_addr_union *in_addr) {
ec2c5e43
LP		 1395 LinkAddress *a;
1396
1397 assert(m);
1398
bb3b08ad
YW		 1399 if (!IN_SET(family, AF_INET, AF_INET6))
1400 return 0;
1401
1402 if (!in_addr)
1403 return 0;
1404
4e945a6f 1405 a = manager_find_link_address(m, family, in_addr);
ec2c5e43
LP		 1406 if (a)
1407 return a->link->ifindex;
1408
1409 return 0;
1410}
1411
eb60f9cd 1412void manager_refresh_rrs(Manager *m) {
eb60f9cd 1413 Link *l;
6db6a464 1414 DnssdService *s;
eb60f9cd
LP		 1415
1416 assert(m);
1417
78c6a153
LP		 1418 m->llmnr_host_ipv4_key = dns_resource_key_unref(m->llmnr_host_ipv4_key);
1419 m->llmnr_host_ipv6_key = dns_resource_key_unref(m->llmnr_host_ipv6_key);
400cb36e
DR		 1420 m->mdns_host_ipv4_key = dns_resource_key_unref(m->mdns_host_ipv4_key);
1421 m->mdns_host_ipv6_key = dns_resource_key_unref(m->mdns_host_ipv6_key);
eb60f9cd 1422
ee3713b7
RB		 1423 HASHMAP_FOREACH(l, m->links)
1424 link_add_rrs(l, true);
1425
6db6a464 1426 if (m->mdns_support == RESOLVE_SUPPORT_YES)
90e74a66 1427 HASHMAP_FOREACH(s, m->dnssd_services)
6db6a464 1428 if (dnssd_update_rrs(s) < 0)
0ef0e269 1429 log_warning("Failed to refresh DNS-SD service '%s'", s->id);
6db6a464 1430
ee3713b7 1431 HASHMAP_FOREACH(l, m->links)
eb60f9cd 1432 link_add_rrs(l, false);
eb60f9cd
LP		 1433}
1434
e7c1b0e4 1435static int manager_next_random_name(const char *old, char **ret_new) {
ec2c5e43 1436 const char *p;
556a2294 1437 uint64_t u, a;
e7c1b0e4 1438 char *n;
623a4c97 1439
e7c1b0e4 1440 p = strchr(old, 0);
ec2c5e43
LP		 1441 assert(p);
1442
e7c1b0e4 1443 while (p > old) {
ff25d338 1444 if (!ascii_isdigit(p[-1]))
ec2c5e43
LP		 1445 break;
1446
1447 p--;
1448 }
1449
1450 if (*p == 0 || safe_atou64(p, &u) < 0 || u <= 0)
1451 u = 1;
1452
556a2294
LP		 1453 /* Add a random number to the old value. This way we can avoid
1454 * that two hosts pick the same hostname, win on IPv4 and lose
1455 * on IPv6 (or vice versa), and pick the same hostname
1456 * replacement hostname, ad infinitum. We still want the
1457 * numbers to go up monotonically, hence we just add a random
1458 * value 1..10 */
1459
1460 random_bytes(&a, sizeof(a));
1461 u += 1 + a % 10;
ec2c5e43 1462
e7c1b0e4 1463 if (asprintf(&n, "%.*s%" PRIu64, (int) (p - old), old, u) < 0)
ec2c5e43
LP		 1464 return -ENOMEM;
1465
e7c1b0e4
DR		 1466 *ret_new = n;
1467
1468 return 0;
1469}
1470
1471int manager_next_hostname(Manager *m) {
1472 _cleanup_free_ char *h = NULL, *k = NULL;
1473 int r;
1474
1475 assert(m);
1476
1477 r = manager_next_random_name(m->llmnr_hostname, &h);
1478 if (r < 0)
1479 return r;
1480
7470cc4c 1481 r = dns_name_concat(h, "local", 0, &k);
e7c1b0e4 1482 if (r < 0)
78c6a153 1483 return r;
78c6a153
LP		 1484
1485 log_info("Hostname conflict, changing published hostname from '%s' to '%s'.", m->llmnr_hostname, h);
1486
e7c1b0e4
DR		 1487 free_and_replace(m->llmnr_hostname, h);
1488 free_and_replace(m->mdns_hostname, k);
ec2c5e43 1489
eb60f9cd 1490 manager_refresh_rrs(m);
86c0411e 1491 (void) manager_send_changed(m, "LLMNRHostname");
623a4c97
LP		 1492
1493 return 0;
1494}
ec2c5e43 1495
4e945a6f 1496LinkAddress* manager_find_link_address(Manager *m, int family, const union in_addr_union *in_addr) {
ec2c5e43
LP		 1497 Link *l;
1498
1499 assert(m);
1500
bb3b08ad
YW		 1501 if (!IN_SET(family, AF_INET, AF_INET6))
1502 return NULL;
1503
1504 if (!in_addr)
1505 return NULL;
1506
90e74a66 1507 HASHMAP_FOREACH(l, m->links) {
ec2c5e43
LP		 1508 LinkAddress *a;
1509
1510 a = link_find_address(l, family, in_addr);
1511 if (a)
1512 return a;
1513 }
1514
1515 return NULL;
1516}
1517
94378145 1518bool manager_packet_from_local_address(Manager *m, DnsPacket *p) {
ec2c5e43
LP		 1519 assert(m);
1520 assert(p);
1521
94378145
LP		 1522 /* Let's see if this packet comes from an IP address we have on any local interface */
1523
4e945a6f 1524 return !!manager_find_link_address(m, p->family, &p->sender);
ec2c5e43 1525}
4e945a6f 1526
a9fd8837
LP		 1527bool manager_packet_from_our_transaction(Manager *m, DnsPacket *p) {
1528 DnsTransaction *t;
1529
1530 assert(m);
1531 assert(p);
1532
1533 /* Let's see if we have a transaction with a query message with the exact same binary contents as the
1534 * one we just got. If so, it's almost definitely a packet loop of some kind. */
1535
1536 t = hashmap_get(m->dns_transactions, UINT_TO_PTR(DNS_PACKET_ID(p)));
1537 if (!t)
1538 return false;
1539
1540 return t->sent && dns_packet_equal(t->sent, p);
1541}
1542
a4076574
LP		 1543DnsScope* manager_find_scope(Manager *m, DnsPacket *p) {
1544 Link *l;
1545
1546 assert(m);
1547 assert(p);
1548
1549 l = hashmap_get(m->links, INT_TO_PTR(p->ifindex));
1550 if (!l)
1551 return NULL;
1552
b4f1862d
DM		 1553 switch (p->protocol) {
1554 case DNS_PROTOCOL_LLMNR:
a4076574
LP		 1555 if (p->family == AF_INET)
1556 return l->llmnr_ipv4_scope;
1557 else if (p->family == AF_INET6)
1558 return l->llmnr_ipv6_scope;
b4f1862d
DM		 1559
1560 break;
1561
1562 case DNS_PROTOCOL_MDNS:
1563 if (p->family == AF_INET)
1564 return l->mdns_ipv4_scope;
1565 else if (p->family == AF_INET6)
1566 return l->mdns_ipv6_scope;
1567
1568 break;
1569
1570 default:
5c9feb2d 1571 ;
a4076574
LP		 1572 }
1573
1574 return NULL;
1575}
1576
902bb5d8 1577void manager_verify_all(Manager *m) {
902bb5d8
LP		 1578 assert(m);
1579
1580 LIST_FOREACH(scopes, s, m->dns_scopes)
1581 dns_zone_verify_all(&s->zone);
1582}
1583
78c6a153 1584int manager_is_own_hostname(Manager *m, const char *name) {
78c6a153
LP		 1585 int r;
1586
1587 assert(m);
1588 assert(name);
1589
1590 if (m->llmnr_hostname) {
1591 r = dns_name_equal(name, m->llmnr_hostname);
1592 if (r != 0)
1593 return r;
1594 }
1595
e96de0ce
LP		 1596 if (m->mdns_hostname) {
1597 r = dns_name_equal(name, m->mdns_hostname);
1598 if (r != 0)
1599 return r;
1600 }
1601
1602 if (m->full_hostname)
1603 return dns_name_equal(name, m->full_hostname);
78c6a153
LP		 1604
1605 return 0;
1606}
1607
9176a57c 1608int manager_compile_dns_servers(Manager *m, OrderedSet **dns) {
9176a57c
LP		 1609 Link *l;
1610 int r;
1611
1612 assert(m);
1613 assert(dns);
1614
1615 r = ordered_set_ensure_allocated(dns, &dns_server_hash_ops);
1616 if (r < 0)
1617 return r;
1618
1619 /* First add the system-wide servers and domains */
1620 LIST_FOREACH(servers, s, m->dns_servers) {
1621 r = ordered_set_put(*dns, s);
1622 if (r == -EEXIST)
1623 continue;
1624 if (r < 0)
1625 return r;
1626 }
1627
1628 /* Then, add the per-link servers */
7928c0e0 1629 HASHMAP_FOREACH(l, m->links)
9176a57c
LP		 1630 LIST_FOREACH(servers, s, l->dns_servers) {
1631 r = ordered_set_put(*dns, s);
1632 if (r == -EEXIST)
1633 continue;
1634 if (r < 0)
1635 return r;
1636 }
7928c0e0
LP		 1637
1638 /* Third, add the delegate servers and domains */
1639 DnsDelegate *d;
1640 HASHMAP_FOREACH(d, m->delegates)
1641 LIST_FOREACH(servers, s, d->dns_servers) {
1642 r = ordered_set_put(*dns, s);
1643 if (r == -EEXIST)
1644 continue;
1645 if (r < 0)
1646 return r;
1647 }
9176a57c
LP		 1648
1649 /* If we found nothing, add the fallback servers */
1650 if (ordered_set_isempty(*dns)) {
1651 LIST_FOREACH(servers, s, m->fallback_dns_servers) {
1652 r = ordered_set_put(*dns, s);
1653 if (r == -EEXIST)
1654 continue;
1655 if (r < 0)
1656 return r;
1657 }
1658 }
1659
1660 return 0;
1661}
1662
94363cbb
MP		 1663/* filter_route is a tri-state:
1664 * < 0: no filtering
1665 * = 0 or false: return only domains which should be used for searching
1666 * > 0 or true: return only domains which are for routing only
1667 */
6f7da49d 1668int manager_compile_search_domains(Manager *m, OrderedSet **domains, int filter_route) {
9176a57c
LP		 1669 int r;
1670
1671 assert(m);
1672 assert(domains);
1673
1674 r = ordered_set_ensure_allocated(domains, &dns_name_hash_ops);
1675 if (r < 0)
1676 return r;
1677
1678 LIST_FOREACH(domains, d, m->search_domains) {
6f7da49d
LP		 1679
1680 if (filter_route >= 0 &&
1681 d->route_only != !!filter_route)
1682 continue;
1683
9176a57c
LP		 1684 r = ordered_set_put(*domains, d->name);
1685 if (r == -EEXIST)
1686 continue;
1687 if (r < 0)
1688 return r;
1689 }
1690
7928c0e0
LP		 1691 DnsDelegate *delegate;
1692 HASHMAP_FOREACH(delegate, m->delegates)
1693 LIST_FOREACH(domains, d, delegate->search_domains) {
1694
1695 if (filter_route >= 0 &&
1696 d->route_only != !!filter_route)
1697 continue;
1698
1699 r = ordered_set_put(*domains, d->name);
1700 if (r == -EEXIST)
1701 continue;
1702 if (r < 0)
1703 return r;
1704 }
9176a57c 1705
7928c0e0
LP		 1706 Link *l;
1707 HASHMAP_FOREACH(l, m->links)
9176a57c 1708 LIST_FOREACH(domains, d, l->search_domains) {
6f7da49d
LP		 1709
1710 if (filter_route >= 0 &&
1711 d->route_only != !!filter_route)
1712 continue;
1713
9176a57c
LP		 1714 r = ordered_set_put(*domains, d->name);
1715 if (r == -EEXIST)
1716 continue;
1717 if (r < 0)
1718 return r;
1719 }
9176a57c
LP		 1720
1721 return 0;
1722}
c69fa7e3
LP		 1723
1724DnssecMode manager_get_dnssec_mode(Manager *m) {
1725 assert(m);
1726
1727 if (m->dnssec_mode != _DNSSEC_MODE_INVALID)
1728 return m->dnssec_mode;
1729
1730 return DNSSEC_NO;
1731}
1732
1733bool manager_dnssec_supported(Manager *m) {
1734 DnsServer *server;
c69fa7e3
LP		 1735 Link *l;
1736
1737 assert(m);
1738
1739 if (manager_get_dnssec_mode(m) == DNSSEC_NO)
1740 return false;
1741
1742 server = manager_get_dns_server(m);
1743 if (server && !dns_server_dnssec_supported(server))
1744 return false;
1745
90e74a66 1746 HASHMAP_FOREACH(l, m->links)
c69fa7e3
LP		 1747 if (!link_dnssec_supported(l))
1748 return false;
1749
1750 return true;
1751}
59c5b597 1752
c9299be2 1753DnsOverTlsMode manager_get_dns_over_tls_mode(Manager *m) {
5d67a7ae
IT		 1754 assert(m);
1755
c9299be2
IT		 1756 if (m->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
1757 return m->dns_over_tls_mode;
5d67a7ae 1758
c9299be2 1759 return DNS_OVER_TLS_NO;
5d67a7ae
IT		 1760}
1761
59c5b597
LP		 1762void manager_dnssec_verdict(Manager *m, DnssecVerdict verdict, const DnsResourceKey *key) {
1763
1764 assert(verdict >= 0);
1765 assert(verdict < _DNSSEC_VERDICT_MAX);
1766
f1d34068 1767 if (DEBUG_LOGGING) {
202b76ae 1768 char s[DNS_RESOURCE_KEY_STRING_MAX];
59c5b597 1769
202b76ae
ZJS		 1770 log_debug("Found verdict for lookup %s: %s",
1771 dns_resource_key_to_string(key, s, sizeof s),
1772 dnssec_verdict_to_string(verdict));
59c5b597
LP		 1773 }
1774
1775 m->n_dnssec_verdict[verdict]++;
1776}
011696f7 1777
de4a0138 1778bool manager_routable(Manager *m) {
011696f7
LP		 1779 Link *l;
1780
1781 assert(m);
1782
de4a0138 1783 /* Returns true if the host has at least one interface with a routable address (regardless if IPv4 or IPv6) */
011696f7 1784
90e74a66 1785 HASHMAP_FOREACH(l, m->links)
de4a0138 1786 if (link_relevant(l, AF_UNSPEC, false))
011696f7
LP		 1787 return true;
1788
1789 return false;
1790}
ba35662f 1791
90df0fbe 1792void manager_flush_caches(Manager *m, int log_level) {
ba35662f
LP		 1793 assert(m);
1794
1795 LIST_FOREACH(scopes, scope, m->dns_scopes)
1796 dns_cache_flush(&scope->cache);
aac57b35 1797
90df0fbe 1798 log_full(log_level, "Flushed all caches.");
ba35662f 1799}
943ef07c 1800
59c0fd0e 1801void manager_reset_server_features(Manager *m) {
59c0fd0e
LP		 1802
1803 dns_server_reset_features_all(m->dns_servers);
1804 dns_server_reset_features_all(m->fallback_dns_servers);
1805
7928c0e0 1806 Link *l;
90e74a66 1807 HASHMAP_FOREACH(l, m->links)
59c0fd0e
LP		 1808 dns_server_reset_features_all(l->dns_servers);
1809
7928c0e0
LP		 1810 DnsDelegate *d;
1811 HASHMAP_FOREACH(d, m->delegates)
1812 dns_server_reset_features_all(d->dns_servers);
1813
59c0fd0e
LP		 1814 log_info("Resetting learnt feature levels on all servers.");
1815}
1816
943ef07c
LP		 1817void manager_cleanup_saved_user(Manager *m) {
1818 _cleanup_closedir_ DIR *d = NULL;
943ef07c
LP		 1819
1820 assert(m);
1821
1822 /* Clean up all saved per-link files in /run/systemd/resolve/netif/ that don't have a matching interface
1823 * anymore. These files are created to persist settings pushed in by the user via the bus, so that resolved can
1824 * be restarted without losing this data. */
1825
1826 d = opendir("/run/systemd/resolve/netif/");
1827 if (!d) {
1828 if (errno == ENOENT)
1829 return;
1830
1831 log_warning_errno(errno, "Failed to open interface directory: %m");
1832 return;
1833 }
1834
1835 FOREACH_DIRENT_ALL(de, d, log_error_errno(errno, "Failed to read interface directory: %m")) {
943ef07c
LP		 1836 int ifindex;
1837 Link *l;
1838
1839 if (!IN_SET(de->d_type, DT_UNKNOWN, DT_REG))
1840 continue;
1841
49bfc877 1842 if (dot_or_dot_dot(de->d_name))
943ef07c
LP		 1843 continue;
1844
597da51b
ZJS		 1845 ifindex = parse_ifindex(de->d_name);
1846 if (ifindex < 0) /* Probably some temporary file from a previous run. Delete it */
943ef07c
LP		 1847 goto rm;
1848
1849 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
1850 if (!l) /* link vanished */
1851 goto rm;
1852
1853 if (l->is_managed) /* now managed by networkd, hence the bus settings are useless */
1854 goto rm;
1855
1856 continue;
1857
1858 rm:
368051ee
LP		 1859 if (unlinkat(dirfd(d), de->d_name, 0) < 0)
1860 log_warning_errno(errno, "Failed to remove left-over interface configuration file '%s', ignoring: %m", de->d_name);
943ef07c
LP		 1861 }
1862}
e7c1b0e4
DR		 1863
1864bool manager_next_dnssd_names(Manager *m) {
e7c1b0e4
DR		 1865 DnssdService *s;
1866 bool tried = false;
1867 int r;
1868
1869 assert(m);
1870
90e74a66 1871 HASHMAP_FOREACH(s, m->dnssd_services) {
e7c1b0e4
DR		 1872 _cleanup_free_ char * new_name = NULL;
1873
1874 if (!s->withdrawn)
1875 continue;
1876
1877 r = manager_next_random_name(s->name_template, &new_name);
1878 if (r < 0) {
0ef0e269 1879 log_warning_errno(r, "Failed to get new name for service '%s': %m", s->id);
e7c1b0e4
DR		 1880 continue;
1881 }
1882
1883 free_and_replace(s->name_template, new_name);
1884
1885 s->withdrawn = false;
1886
1887 tried = true;
1888 }
1889
1890 if (tried)
1891 manager_refresh_rrs(m);
1892
1893 return tried;
1894}
49ef064c 1895
281df579 1896bool manager_server_is_stub(Manager *m, DnsServer *s) {
49ef064c
LP		 1897 DnsStubListenerExtra *l;
1898
1899 assert(m);
281df579 1900 assert(s);
49ef064c
LP		 1901
1902 /* Safety check: we generally already skip the main stub when parsing configuration. But let's be
1903 * extra careful, and check here again */
281df579
LP		 1904 if (s->family == AF_INET &&
1905 s->address.in.s_addr == htobe32(INADDR_DNS_STUB) &&
1906 dns_server_port(s) == 53)
49ef064c
LP		 1907 return true;
1908
1909 /* Main reason to call this is to check server data against the extra listeners, and filter things
1910 * out. */
1911 ORDERED_SET_FOREACH(l, m->dns_extra_stub_listeners)
281df579
LP		 1912 if (s->family == l->family &&
1913 in_addr_equal(s->family, &s->address, &l->address) &&
1914 dns_server_port(s) == dns_stub_listener_extra_port(l))
49ef064c
LP		 1915 return true;
1916
1917 return false;
1918}
eb170e75
LP		 1919
1920int socket_disable_pmtud(int fd, int af) {
1921 int r;
1922
1923 assert(fd >= 0);
1924
1925 if (af == AF_UNSPEC) {
5f64d2bf
LP		 1926 af = socket_get_family(fd);
1927 if (af < 0)
1928 return af;
eb170e75
LP		 1929 }
1930
1931 switch (af) {
1932
1933 case AF_INET: {
1934 /* Turn off path MTU discovery, let's rather fragment on the way than to open us up against
1935 * PMTU forgery vulnerabilities.
1936 *
1937 * There appears to be no documentation about IP_PMTUDISC_OMIT, but it has the effect that
1938 * the "Don't Fragment" bit in the IPv4 header is turned off, thus enforcing fragmentation if
1939 * our datagram size exceeds the MTU of a router in the path, and turning off path MTU
1940 * discovery.
1941 *
1942 * This helps mitigating the PMTUD vulnerability described here:
1943 *
1944 * https://blog.apnic.net/2019/07/12/its-time-to-consider-avoiding-ip-fragmentation-in-the-dns/
1945 *
1946 * Similar logic is in place in most DNS servers.
1947 *
1948 * There are multiple conflicting goals: we want to allow the largest datagrams possible (for
1949 * efficiency reasons), but not have fragmentation (for security reasons), nor use PMTUD (for
1950 * security reasons, too). Our strategy to deal with this is: use large packets, turn off
1951 * PMTUD, but watch fragmentation taking place, and then size our packets to the max of the
1952 * fragments seen — and if we need larger packets always go to TCP.
1953 */
1954
1955 r = setsockopt_int(fd, IPPROTO_IP, IP_MTU_DISCOVER, IP_PMTUDISC_OMIT);
1956 if (r < 0)
1957 return r;
1958
1959 return 0;
1960 }
1961
1962 case AF_INET6: {
1963 /* On IPv6 fragmentation only is done by the sender — never by routers on the path. PMTUD is
1964 * mandatory. If we want to turn off PMTUD, the only way is by sending with minimal MTU only,
1965 * so that we apply maximum fragmentation locally already, and thus PMTUD doesn't happen
1966 * because there's nothing that could be fragmented further anymore. */
1967
1968 r = setsockopt_int(fd, IPPROTO_IPV6, IPV6_MTU, IPV6_MIN_MTU);
1969 if (r < 0)
1970 return r;
1971
1972 return 0;
1973 }
1974
1975 default:
1976 return -EAFNOSUPPORT;
1977 }
1978}
bc837621 1979
309a747f 1980int dns_manager_dump_statistics_json(Manager *m, sd_json_variant **ret) {
bc837621
KV		 1981 uint64_t size = 0, hit = 0, miss = 0;
1982
1983 assert(m);
1984 assert(ret);
1985
1986 LIST_FOREACH(scopes, s, m->dns_scopes) {
1987 size += dns_cache_size(&s->cache);
1988 hit += s->cache.n_hit;
1989 miss += s->cache.n_miss;
1990 }
1991
be5bee2a
LP		 1992 return sd_json_buildo(ret,
1993 SD_JSON_BUILD_PAIR("transactions", SD_JSON_BUILD_OBJECT(
1994 SD_JSON_BUILD_PAIR_UNSIGNED("currentTransactions", hashmap_size(m->dns_transactions)),
1995 SD_JSON_BUILD_PAIR_UNSIGNED("totalTransactions", m->n_transactions_total),
1996 SD_JSON_BUILD_PAIR_UNSIGNED("totalTimeouts", m->n_timeouts_total),
1997 SD_JSON_BUILD_PAIR_UNSIGNED("totalTimeoutsServedStale", m->n_timeouts_served_stale_total),
1998 SD_JSON_BUILD_PAIR_UNSIGNED("totalFailedResponses", m->n_failure_responses_total),
1999 SD_JSON_BUILD_PAIR_UNSIGNED("totalFailedResponsesServedStale", m->n_failure_responses_served_stale_total)
2000 )),
2001 SD_JSON_BUILD_PAIR("cache", SD_JSON_BUILD_OBJECT(
2002 SD_JSON_BUILD_PAIR_UNSIGNED("size", size),
2003 SD_JSON_BUILD_PAIR_UNSIGNED("hits", hit),
2004 SD_JSON_BUILD_PAIR_UNSIGNED("misses", miss)
2005 )),
2006 SD_JSON_BUILD_PAIR("dnssec", SD_JSON_BUILD_OBJECT(
2007 SD_JSON_BUILD_PAIR_UNSIGNED("secure", m->n_dnssec_verdict[DNSSEC_SECURE]),
2008 SD_JSON_BUILD_PAIR_UNSIGNED("insecure", m->n_dnssec_verdict[DNSSEC_INSECURE]),
2009 SD_JSON_BUILD_PAIR_UNSIGNED("bogus", m->n_dnssec_verdict[DNSSEC_BOGUS]),
2010 SD_JSON_BUILD_PAIR_UNSIGNED("indeterminate", m->n_dnssec_verdict[DNSSEC_INDETERMINATE])
2011 )));
bc837621
KV		 2012}
2013
a67e5c6e 2014void dns_manager_reset_statistics(Manager *m) {
bc837621
KV		 2015
2016 assert(m);
2017
2018 LIST_FOREACH(scopes, s, m->dns_scopes)
2019 s->cache.n_hit = s->cache.n_miss = 0;
2020
2021 m->n_transactions_total = 0;
2022 m->n_timeouts_total = 0;
2023 m->n_timeouts_served_stale_total = 0;
2024 m->n_failure_responses_total = 0;
2025 m->n_failure_responses_served_stale_total = 0;
2026 zero(m->n_dnssec_verdict);
2027}
54401c6f
NR		 2028
2029static int dns_configuration_json_append(
2030 const char *ifname,
2031 int ifindex,
2032 int default_route,
2033 DnsServer *current_dns_server,
2034 DnsServer *dns_servers,
2035 DnsSearchDomain *search_domains,
2036 sd_json_variant **configuration) {
2037
2038 _cleanup_(sd_json_variant_unrefp) sd_json_variant *dns_servers_json = NULL,
2039 *search_domains_json = NULL,
2040 *current_dns_server_json = NULL;
2041 int r;
2042
2043 assert(configuration);
2044
2045 if (dns_servers) {
2046 r = sd_json_variant_new_array(&dns_servers_json, NULL, 0);
2047 if (r < 0)
2048 return r;
2049 }
2050
2051 if (search_domains) {
2052 r = sd_json_variant_new_array(&search_domains_json, NULL, 0);
2053 if (r < 0)
2054 return r;
2055 }
2056
2057 if (current_dns_server) {
2058 r = dns_server_dump_configuration_to_json(current_dns_server, &current_dns_server_json);
2059 if (r < 0)
2060 return r;
2061 }
2062
2063 LIST_FOREACH(servers, s, dns_servers) {
2064 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
2065
2066 assert(dns_servers_json);
2067
2068 r = dns_server_dump_configuration_to_json(s, &v);
2069 if (r < 0)
2070 return r;
2071
2072 r = sd_json_variant_append_array(&dns_servers_json, v);
2073 if (r < 0)
2074 return r;
2075 }
2076
2077 LIST_FOREACH(domains, d, search_domains) {
2078 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
2079
2080 assert(search_domains_json);
2081
2082 r = dns_search_domain_dump_to_json(d, &v);
2083 if (r < 0)
2084 return r;
2085
2086 r = sd_json_variant_append_array(&search_domains_json, v);
2087 if (r < 0)
2088 return r;
2089 }
2090
2091 return sd_json_variant_append_arraybo(
2092 configuration,
2093 JSON_BUILD_PAIR_STRING_NON_EMPTY("ifname", ifname),
2094 SD_JSON_BUILD_PAIR_CONDITION(ifindex > 0, "ifindex", SD_JSON_BUILD_UNSIGNED(ifindex)),
2095 SD_JSON_BUILD_PAIR_CONDITION(ifindex > 0, "defaultRoute", SD_JSON_BUILD_BOOLEAN(default_route > 0)),
2096 JSON_BUILD_PAIR_VARIANT_NON_NULL("currentServer", current_dns_server_json),
2097 JSON_BUILD_PAIR_VARIANT_NON_NULL("servers", dns_servers_json),
2098 JSON_BUILD_PAIR_VARIANT_NON_NULL("searchDomains", search_domains_json));
2099}
2100
2101int manager_dump_dns_configuration_json(Manager *m, sd_json_variant **ret) {
2102 _cleanup_(sd_json_variant_unrefp) sd_json_variant *configuration = NULL;
2103 Link *l;
2104 int r;
2105
2106 assert(m);
2107 assert(ret);
2108
2109 /* Global DNS configuration */
2110 r = dns_configuration_json_append(
2111 /* ifname = */ NULL,
2112 /* ifindex = */ 0,
2113 /* default_route = */ 0,
2114 manager_get_dns_server(m),
2115 m->dns_servers,
2116 m->search_domains,
2117 &configuration);
2118 if (r < 0)
2119 return r;
2120
2121 /* Append configuration for each link */
2122 HASHMAP_FOREACH(l, m->links) {
2123 r = dns_configuration_json_append(
2124 l->ifname,
2125 l->ifindex,
2126 link_get_default_route(l),
2127 link_get_dns_server(l),
2128 l->dns_servers,
2129 l->search_domains,
2130 &configuration);
2131 if (r < 0)
2132 return r;
2133 }
2134
2135 return sd_json_buildo(ret, SD_JSON_BUILD_PAIR_VARIANT("configuration", configuration));
2136}
2137
2138int manager_send_dns_configuration_changed(Manager *m, Link *l, bool reset) {
2139 _cleanup_(sd_json_variant_unrefp) sd_json_variant *configuration = NULL;
2140 int r;
2141
2142 assert(m);
2143
2144 if (set_isempty(m->varlink_dns_configuration_subscription))
2145 return 0;
2146
2147 if (reset) {
2148 dns_server_reset_accessible_all(m->dns_servers);
2149
2150 if (l)
2151 dns_server_reset_accessible_all(l->dns_servers);
2152 }
2153
2154 r = manager_dump_dns_configuration_json(m, &configuration);
2155 if (r < 0)
2156 return log_warning_errno(r, "Failed to dump DNS configuration json: %m");
2157
2158 if (sd_json_variant_equal(configuration, m->dns_configuration_json))
2159 return 0;
2160
2161 JSON_VARIANT_REPLACE(m->dns_configuration_json, TAKE_PTR(configuration));
2162
2163 r = varlink_many_notify(m->varlink_dns_configuration_subscription, m->dns_configuration_json);
2164 if (r < 0)
2165 return log_warning_errno(r, "Failed to send DNS configuration event: %m");
2166
2167 return 0;
2168}
2169
2170int manager_start_dns_configuration_monitor(Manager *m) {
2171 Link *l;
2172 int r;
2173
2174 assert(m);
2175 assert(!m->dns_configuration_json);
2176 assert(!m->netlink_new_route_slot);
2177 assert(!m->netlink_del_route_slot);
2178
2179 dns_server_reset_accessible_all(m->dns_servers);
2180
2181 HASHMAP_FOREACH(l, m->links)
2182 dns_server_reset_accessible_all(l->dns_servers);
2183
2184 r = manager_dump_dns_configuration_json(m, &m->dns_configuration_json);
2185 if (r < 0)
2186 return r;
2187
2188 r = sd_netlink_add_match(m->rtnl, &m->netlink_new_route_slot, RTM_NEWROUTE, manager_process_route, NULL, m, "resolve-NEWROUTE");
2189 if (r < 0)
2190 return r;
2191
2192 r = sd_netlink_add_match(m->rtnl, &m->netlink_del_route_slot, RTM_DELROUTE, manager_process_route, NULL, m, "resolve-DELROUTE");
2193 if (r < 0)
2194 return r;
2195
2196 return 0;
2197}
2198
2199void manager_stop_dns_configuration_monitor(Manager *m) {
2200 assert(m);
2201
2202 m->dns_configuration_json = sd_json_variant_unref(m->dns_configuration_json);
2203 m->netlink_new_route_slot = sd_netlink_slot_unref(m->netlink_new_route_slot);
2204 m->netlink_del_route_slot = sd_netlink_slot_unref(m->netlink_del_route_slot);
2205}
Unnamed repository; edit this file 'description' to name the repository.