]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/resolve/resolved-manager.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
test: several random cleanups and fixlets (#38877)
[thirdparty/systemd.git] / src / resolve / resolved-manager.c
CommitLineData
db9ecf05 1/* SPDX-License-Identifier: LGPL-2.1-or-later */
091a364c 2
ca78ad1d 3#include <fcntl.h>
47a71f98 4#include <linux/ipv6.h>
07630cea
LP		 5#include <netinet/in.h>
6#include <poll.h>
ca78ad1d 7#include <unistd.h>
091a364c 8
284d7641
DDM		 9#include "sd-bus.h"
10#include "sd-netlink.h"
11#include "sd-network.h"
12
a2a416f7 13#include "af-list.h"
b5efdb8a 14#include "alloc-util.h"
14a52176 15#include "daemon-util.h"
943ef07c 16#include "dirent-util.h"
07630cea 17#include "dns-domain.h"
284d7641 18#include "errno-util.h"
ec75e8e0 19#include "event-util.h"
3ffd4af2 20#include "fd-util.h"
98b7c5e2 21#include "hostname-setup.h"
07630cea 22#include "hostname-util.h"
c004493c 23#include "io-util.h"
bd1ae178 24#include "iovec-util.h"
54401c6f 25#include "json-util.h"
2485b7e2 26#include "memstream-util.h"
47f761fd 27#include "missing-network.h"
822db23c 28#include "ordered-set.h"
6bedfcbb 29#include "parse-util.h"
3df3e884 30#include "random-util.h"
39d8db04 31#include "resolved-bus.h"
07630cea 32#include "resolved-conf.h"
68527d30 33#include "resolved-dns-answer.h"
7928c0e0 34#include "resolved-dns-delegate.h"
68527d30
DDM		 35#include "resolved-dns-packet.h"
36#include "resolved-dns-query.h"
37#include "resolved-dns-question.h"
38#include "resolved-dns-rr.h"
39#include "resolved-dns-scope.h"
40#include "resolved-dns-search-domain.h"
41#include "resolved-dns-server.h"
b30bf55d 42#include "resolved-dns-stub.h"
68527d30 43#include "resolved-dns-transaction.h"
cb310866 44#include "resolved-dnssd.h"
dd0bc0f1 45#include "resolved-etc-hosts.h"
68527d30 46#include "resolved-link.h"
5f402ae8 47#include "resolved-llmnr.h"
07630cea 48#include "resolved-manager.h"
bc7702b0 49#include "resolved-mdns.h"
dd0bc0f1 50#include "resolved-resolv-conf.h"
68527d30 51#include "resolved-socket-graveyard.h"
75c9d6b5 52#include "resolved-util.h"
9581bb84 53#include "resolved-varlink.h"
284d7641 54#include "set.h"
1cf40697 55#include "socket-util.h"
07630cea 56#include "string-util.h"
284d7641 57#include "time-util.h"
25ff515b 58#include "varlink-util.h"
74b2466e
LP		 59
60#define SEND_TIMEOUT_USEC (200 * USEC_PER_MSEC)
61
1c4baffc 62static int manager_process_link(sd_netlink *rtnl, sd_netlink_message *mm, void *userdata) {
99534007 63 Manager *m = ASSERT_PTR(userdata);
74b2466e
LP		 64 uint16_t type;
65 Link *l;
66 int ifindex, r;
67
68 assert(rtnl);
74b2466e
LP		 69 assert(mm);
70
1c4baffc 71 r = sd_netlink_message_get_type(mm, &type);
74b2466e
LP		 72 if (r < 0)
73 goto fail;
74
75 r = sd_rtnl_message_link_get_ifindex(mm, &ifindex);
76 if (r < 0)
77 goto fail;
78
79 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
80
81 switch (type) {
82
a2a416f7
LP		 83 case RTM_NEWLINK:{
84 bool is_new = !l;
74b2466e 85
a2a416f7 86 if (!l) {
74b2466e
LP		 87 r = link_new(m, &l, ifindex);
88 if (r < 0)
89 goto fail;
90 }
91
943ef07c 92 r = link_process_rtnl(l, mm);
74b2466e
LP		 93 if (r < 0)
94 goto fail;
95
943ef07c 96 r = link_update(l);
21d73c87
LP		 97 if (r < 0)
98 goto fail;
99
a2a416f7 100 if (is_new)
6ff79f76 101 log_debug("Found new link %i/%s", ifindex, l->ifname);
a2a416f7 102
74b2466e 103 break;
a2a416f7 104 }
74b2466e
LP		 105
106 case RTM_DELLINK:
107 if (l) {
6ff79f76 108 log_debug("Removing link %i/%s", l->ifindex, l->ifname);
943ef07c 109 link_remove_user(l);
74b2466e 110 link_free(l);
562f7bde
LP		 111
112 /* Make sure DNS servers are dropped from written resolv.conf if their link goes away */
113 manager_write_resolv_conf(m);
74b2466e
LP		 114 }
115
116 break;
117 }
118
962b757d
YW		 119 /* Now check all the links, and if mDNS/llmr are disabled everywhere, stop them globally too. */
120 manager_llmnr_maybe_stop(m);
121 manager_mdns_maybe_stop(m);
54401c6f
NR		 122
123 /* The accessible flag on link DNS servers will have been reset by
124 * link_update(). Just reset the global DNS servers. */
125 (void) manager_send_dns_configuration_changed(m, NULL, /* reset= */ true);
126
74b2466e
LP		 127 return 0;
128
129fail:
da927ba9 130 log_warning_errno(r, "Failed to process RTNL link message: %m");
74b2466e
LP		 131 return 0;
132}
133
1c4baffc 134static int manager_process_address(sd_netlink *rtnl, sd_netlink_message *mm, void *userdata) {
99534007 135 Manager *m = ASSERT_PTR(userdata);
cad0fc7a 136 union in_addr_union address, broadcast = {};
74b2466e 137 uint16_t type;
0dd25fb9 138 int r, ifindex, family;
74b2466e
LP		 139 LinkAddress *a;
140 Link *l;
141
142 assert(rtnl);
143 assert(mm);
74b2466e 144
1c4baffc 145 r = sd_netlink_message_get_type(mm, &type);
74b2466e
LP		 146 if (r < 0)
147 goto fail;
148
149 r = sd_rtnl_message_addr_get_ifindex(mm, &ifindex);
150 if (r < 0)
151 goto fail;
152
153 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
154 if (!l)
155 return 0;
156
157 r = sd_rtnl_message_addr_get_family(mm, &family);
158 if (r < 0)
159 goto fail;
160
161 switch (family) {
162
163 case AF_INET:
cad0fc7a 164 sd_netlink_message_read_in_addr(mm, IFA_BROADCAST, &broadcast.in);
1c4baffc 165 r = sd_netlink_message_read_in_addr(mm, IFA_LOCAL, &address.in);
74b2466e 166 if (r < 0) {
1c4baffc 167 r = sd_netlink_message_read_in_addr(mm, IFA_ADDRESS, &address.in);
74b2466e
LP		 168 if (r < 0)
169 goto fail;
170 }
171
172 break;
173
174 case AF_INET6:
1c4baffc 175 r = sd_netlink_message_read_in6_addr(mm, IFA_LOCAL, &address.in6);
74b2466e 176 if (r < 0) {
1c4baffc 177 r = sd_netlink_message_read_in6_addr(mm, IFA_ADDRESS, &address.in6);
74b2466e
LP		 178 if (r < 0)
179 goto fail;
180 }
181
182 break;
183
184 default:
185 return 0;
186 }
187
188 a = link_find_address(l, family, &address);
189
190 switch (type) {
191
192 case RTM_NEWADDR:
193
194 if (!a) {
cad0fc7a 195 r = link_address_new(l, &a, family, &address, &broadcast);
74b2466e
LP		 196 if (r < 0)
197 return r;
198 }
199
200 r = link_address_update_rtnl(a, mm);
201 if (r < 0)
202 return r;
203
204 break;
205
206 case RTM_DELADDR:
3e044c49 207 link_address_free(a);
74b2466e
LP		 208 break;
209 }
210
54401c6f
NR		 211 (void) manager_send_dns_configuration_changed(m, l, /* reset= */ true);
212
74b2466e
LP		 213 return 0;
214
215fail:
da927ba9 216 log_warning_errno(r, "Failed to process RTNL address message: %m");
74b2466e
LP		 217 return 0;
218}
219
54401c6f
NR		 220static int manager_process_route(sd_netlink *rtnl, sd_netlink_message *mm, void *userdata) {
221 Manager *m = ASSERT_PTR(userdata);
222 Link *l = NULL;
223 uint16_t type;
224 uint32_t ifindex = 0;
225 int r;
226
227 assert(rtnl);
228 assert(mm);
229
230 r = sd_netlink_message_get_type(mm, &type);
231 if (r < 0) {
5918ba9c 232 log_warning_errno(r, "Failed to get rtnl message type, ignoring: %m");
54401c6f
NR		 233 return 0;
234 }
235
236 if (!IN_SET(type, RTM_NEWROUTE, RTM_DELROUTE)) {
237 log_warning("Unexpected message type %u when processing route, ignoring.", type);
238 return 0;
239 }
240
241 r = sd_netlink_message_read_u32(mm, RTA_OIF, &ifindex);
242 if (r < 0)
243 log_full_errno(r == -ENODATA ? LOG_DEBUG : LOG_WARNING, r, "Failed to get route ifindex, ignoring: %m");
244 else
245 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
246
247 (void) manager_send_dns_configuration_changed(m, l, /* reset= */ true);
248
249 return 0;
250}
251
74b2466e 252static int manager_rtnl_listen(Manager *m) {
4afd3348 253 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
74b2466e
LP		 254 int r;
255
256 assert(m);
257
cc98b302 258 /* First, subscribe to interfaces coming and going */
1c4baffc 259 r = sd_netlink_open(&m->rtnl);
74b2466e
LP		 260 if (r < 0)
261 return r;
262
2d895038 263 r = sd_netlink_attach_event(m->rtnl, m->event, SD_EVENT_PRIORITY_IMPORTANT);
74b2466e
LP		 264 if (r < 0)
265 return r;
266
8190a388 267 r = sd_netlink_add_match(m->rtnl, NULL, RTM_NEWLINK, manager_process_link, NULL, m, "resolve-NEWLINK");
74b2466e
LP		 268 if (r < 0)
269 return r;
270
8190a388 271 r = sd_netlink_add_match(m->rtnl, NULL, RTM_DELLINK, manager_process_link, NULL, m, "resolve-DELLINK");
74b2466e
LP		 272 if (r < 0)
273 return r;
274
8190a388 275 r = sd_netlink_add_match(m->rtnl, NULL, RTM_NEWADDR, manager_process_address, NULL, m, "resolve-NEWADDR");
74b2466e
LP		 276 if (r < 0)
277 return r;
091a364c 278
8190a388 279 r = sd_netlink_add_match(m->rtnl, NULL, RTM_DELADDR, manager_process_address, NULL, m, "resolve-DELADDR");
74b2466e
LP		 280 if (r < 0)
281 return r;
282
283 /* Then, enumerate all links */
284 r = sd_rtnl_message_new_link(m->rtnl, &req, RTM_GETLINK, 0);
285 if (r < 0)
286 return r;
287
24c0f385 288 r = sd_netlink_message_set_request_dump(req, true);
74b2466e
LP		 289 if (r < 0)
290 return r;
291
1c4baffc 292 r = sd_netlink_call(m->rtnl, req, 0, &reply);
74b2466e
LP		 293 if (r < 0)
294 return r;
295
d856e1a7 296 for (sd_netlink_message *i = reply; i; i = sd_netlink_message_next(i)) {
74b2466e
LP		 297 r = manager_process_link(m->rtnl, i, m);
298 if (r < 0)
299 return r;
300 }
301
1c4baffc
TG		 302 req = sd_netlink_message_unref(req);
303 reply = sd_netlink_message_unref(reply);
74b2466e
LP		 304
305 /* Finally, enumerate all addresses, too */
306 r = sd_rtnl_message_new_addr(m->rtnl, &req, RTM_GETADDR, 0, AF_UNSPEC);
307 if (r < 0)
308 return r;
309
24c0f385 310 r = sd_netlink_message_set_request_dump(req, true);
74b2466e
LP		 311 if (r < 0)
312 return r;
313
1c4baffc 314 r = sd_netlink_call(m->rtnl, req, 0, &reply);
74b2466e
LP		 315 if (r < 0)
316 return r;
317
d856e1a7 318 for (sd_netlink_message *i = reply; i; i = sd_netlink_message_next(i)) {
74b2466e
LP		 319 r = manager_process_address(m->rtnl, i, m);
320 if (r < 0)
321 return r;
322 }
323
324 return r;
325}
326
63b21f50 327static int on_network_event(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
99534007 328 Manager *m = ASSERT_PTR(userdata);
74b2466e
LP		 329 Link *l;
330 int r;
331
74b2466e
LP		 332 sd_network_monitor_flush(m->network_monitor);
333
90e74a66 334 HASHMAP_FOREACH(l, m->links) {
943ef07c 335 r = link_update(l);
74b2466e 336 if (r < 0)
da927ba9 337 log_warning_errno(r, "Failed to update monitor information for %i: %m", l->ifindex);
74b2466e
LP		 338 }
339
7207052d 340 (void) manager_write_resolv_conf(m);
5f3340ca 341 (void) manager_send_changed(m, "DNS");
54401c6f 342 (void) manager_send_dns_configuration_changed(m, NULL, /* reset= */ true);
74b2466e 343
962b757d
YW		 344 /* Now check all the links, and if mDNS/llmr are disabled everywhere, stop them globally too. */
345 manager_llmnr_maybe_stop(m);
346 manager_mdns_maybe_stop(m);
74b2466e
LP		 347 return 0;
348}
349
350static int manager_network_monitor_listen(Manager *m) {
351 int r, fd, events;
352
353 assert(m);
354
0014a4ad 355 r = sd_network_monitor_new(&m->network_monitor, NULL);
74b2466e
LP		 356 if (r < 0)
357 return r;
358
359 fd = sd_network_monitor_get_fd(m->network_monitor);
360 if (fd < 0)
361 return fd;
362
363 events = sd_network_monitor_get_events(m->network_monitor);
364 if (events < 0)
365 return events;
366
367 r = sd_event_add_io(m->event, &m->network_event_source, fd, events, &on_network_event, m);
368 if (r < 0)
2d895038
LP		 369 return r;
370
371 r = sd_event_source_set_priority(m->network_event_source, SD_EVENT_PRIORITY_IMPORTANT+5);
372 if (r < 0)
74b2466e
LP		 373 return r;
374
aa4a9deb
LP		 375 (void) sd_event_source_set_description(m->network_event_source, "network-monitor");
376
74b2466e
LP		 377 return 0;
378}
379
90df0fbe
LP		 380static int manager_clock_change_listen(Manager *m);
381
382static int on_clock_change(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
99534007 383 Manager *m = ASSERT_PTR(userdata);
90df0fbe
LP		 384
385 /* The clock has changed, let's flush all caches. Why that? That's because DNSSEC validation takes
386 * the system clock into consideration, and if the clock changes the old validations might have been
387 * wrong. Let's redo all validation with the new, correct time.
388 *
389 * (Also, this is triggered after system suspend, which is also a good reason to drop caches, since
390 * we might be connected to a different network now without this being visible in a dropped link
391 * carrier or so.) */
392
393 log_info("Clock change detected. Flushing caches.");
394 manager_flush_caches(m, LOG_DEBUG /* downgrade the functions own log message, since we already logged here at LOG_INFO level */);
395
396 /* The clock change timerfd is unusable after it triggered once, create a new one. */
397 return manager_clock_change_listen(m);
398}
399
400static int manager_clock_change_listen(Manager *m) {
90df0fbe
LP		 401 int r;
402
403 assert(m);
404
97935302 405 m->clock_change_event_source = sd_event_source_disable_unref(m->clock_change_event_source);
90df0fbe 406
ec75e8e0 407 r = event_add_time_change(m->event, &m->clock_change_event_source, on_clock_change, m);
90df0fbe
LP		 408 if (r < 0)
409 return log_error_errno(r, "Failed to create clock change event source: %m");
410
90df0fbe
LP		 411 return 0;
412}
413
75c9d6b5 414static int determine_hostnames(char **full_hostname, char **llmnr_hostname, char **mdns_hostname) {
eb60f9cd 415 _cleanup_free_ char *h = NULL, *n = NULL;
87057e24 416 int r;
eb60f9cd 417
e96de0ce 418 assert(full_hostname);
78c6a153
LP		 419 assert(llmnr_hostname);
420 assert(mdns_hostname);
421
75c9d6b5 422 r = resolve_system_hostname(&h, &n);
78c6a153 423 if (r < 0)
75c9d6b5 424 return r;
eb60f9cd 425
7470cc4c 426 r = dns_name_concat(n, "local", 0, mdns_hostname);
78c6a153
LP		 427 if (r < 0)
428 return log_error_errno(r, "Failed to determine mDNS hostname: %m");
429
ae2a15bc
LP		 430 *llmnr_hostname = TAKE_PTR(n);
431 *full_hostname = TAKE_PTR(h);
e96de0ce 432
eb60f9cd
LP		 433 return 0;
434}
435
05c6f341 436static char* fallback_hostname(void) {
a25b0dc8 437
05c6f341
ZJS		 438 /* Determine the fall back hostname. For exposing this system to the outside world, we cannot have it
439 * to be "localhost" even if that's the default hostname. In this case, let's revert to "linux"
440 * instead. */
a25b0dc8 441
05c6f341
ZJS		 442 _cleanup_free_ char *n = get_default_hostname();
443 if (!n)
444 return NULL;
a25b0dc8 445
05c6f341
ZJS		 446 if (is_localhost(n))
447 return strdup("linux");
448
449 return TAKE_PTR(n);
a25b0dc8
LP		 450}
451
452static int make_fallback_hostnames(char **full_hostname, char **llmnr_hostname, char **mdns_hostname) {
05c6f341 453 _cleanup_free_ char *h = NULL, *n = NULL, *m = NULL;
fd7e9887 454 char label[DNS_LABEL_MAX+1];
a25b0dc8
LP		 455 const char *p;
456 int r;
457
458 assert(full_hostname);
459 assert(llmnr_hostname);
460 assert(mdns_hostname);
461
05c6f341
ZJS		 462 p = h = fallback_hostname();
463 if (!h)
464 return log_oom();
465
7470cc4c 466 r = dns_label_unescape(&p, label, sizeof label, 0);
a25b0dc8 467 if (r < 0)
38b38500 468 return log_error_errno(r, "Failed to unescape fallback hostname: %m");
a25b0dc8
LP		 469
470 assert(r > 0); /* The fallback hostname must have at least one label */
471
472 r = dns_label_escape_new(label, r, &n);
473 if (r < 0)
474 return log_error_errno(r, "Failed to escape fallback hostname: %m");
475
7470cc4c 476 r = dns_name_concat(n, "local", 0, &m);
a25b0dc8
LP		 477 if (r < 0)
478 return log_error_errno(r, "Failed to concatenate mDNS hostname: %m");
479
ae2a15bc
LP		 480 *llmnr_hostname = TAKE_PTR(n);
481 *mdns_hostname = TAKE_PTR(m);
05c6f341 482 *full_hostname = TAKE_PTR(h);
a25b0dc8
LP		 483
484 return 0;
485}
486
eb60f9cd 487static int on_hostname_change(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
e96de0ce 488 _cleanup_free_ char *full_hostname = NULL, *llmnr_hostname = NULL, *mdns_hostname = NULL;
99534007 489 Manager *m = ASSERT_PTR(userdata);
86c0411e 490 bool llmnr_hostname_changed;
eb60f9cd
LP		 491 int r;
492
75c9d6b5
ZJS		 493 r = determine_hostnames(&full_hostname, &llmnr_hostname, &mdns_hostname);
494 if (r < 0) {
495 log_warning_errno(r, "Failed to determine the local hostname and LLMNR/mDNS names, ignoring: %m");
eb60f9cd 496 return 0; /* ignore invalid hostnames */
75c9d6b5 497 }
eb60f9cd 498
86c0411e 499 llmnr_hostname_changed = !streq(llmnr_hostname, m->llmnr_hostname);
e96de0ce 500 if (streq(full_hostname, m->full_hostname) &&
86c0411e 501 !llmnr_hostname_changed &&
e96de0ce 502 streq(mdns_hostname, m->mdns_hostname))
eb60f9cd
LP		 503 return 0;
504
e96de0ce 505 log_info("System hostname changed to '%s'.", full_hostname);
78c6a153 506
e96de0ce
LP		 507 free_and_replace(m->full_hostname, full_hostname);
508 free_and_replace(m->llmnr_hostname, llmnr_hostname);
509 free_and_replace(m->mdns_hostname, mdns_hostname);
eb60f9cd
LP		 510
511 manager_refresh_rrs(m);
86c0411e 512 (void) manager_send_changed(m, "LLMNRHostname");
eb60f9cd
LP		 513
514 return 0;
515}
516
517static int manager_watch_hostname(Manager *m) {
eb60f9cd
LP		 518 int r;
519
520 assert(m);
521
db4a47e9
LP		 522 m->hostname_fd = open("/proc/sys/kernel/hostname",
523 O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
eb60f9cd 524 if (m->hostname_fd < 0) {
56f64d95 525 log_warning_errno(errno, "Failed to watch hostname: %m");
eb60f9cd
LP		 526 return 0;
527 }
528
529 r = sd_event_add_io(m->event, &m->hostname_event_source, m->hostname_fd, 0, on_hostname_change, m);
cc983fc9
YW		 530 if (r < 0)
531 return log_error_errno(r, "Failed to add hostname event source: %m");
eb60f9cd 532
aa4a9deb
LP		 533 (void) sd_event_source_set_description(m->hostname_event_source, "hostname");
534
75c9d6b5 535 r = determine_hostnames(&m->full_hostname, &m->llmnr_hostname, &m->mdns_hostname);
eb60f9cd 536 if (r < 0) {
999c2486
LP		 537 _cleanup_free_ char *d = NULL;
538
539 d = fallback_hostname();
540 if (!d)
541 return log_oom();
542
543 log_info("Defaulting to hostname '%s'.", d);
78c6a153 544
a25b0dc8
LP		 545 r = make_fallback_hostnames(&m->full_hostname, &m->llmnr_hostname, &m->mdns_hostname);
546 if (r < 0)
547 return r;
eb60f9cd 548 } else
e96de0ce 549 log_info("Using system hostname '%s'.", m->full_hostname);
eb60f9cd
LP		 550
551 return 0;
552}
553
4d506d6b 554static int manager_sigusr1(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
2485b7e2 555 _cleanup_(memstream_done) MemStream ms = {};
99534007 556 Manager *m = ASSERT_PTR(userdata);
cf84484a 557 Link *l;
2485b7e2 558 FILE *f;
4d506d6b
LP		 559
560 assert(s);
561 assert(si);
4d506d6b 562
2485b7e2 563 f = memstream_init(&ms);
4d506d6b
LP		 564 if (!f)
565 return log_oom();
566
567 LIST_FOREACH(scopes, scope, m->dns_scopes)
568 dns_scope_dump(scope, f);
569
cf84484a
LP		 570 LIST_FOREACH(servers, server, m->dns_servers)
571 dns_server_dump(server, f);
572 LIST_FOREACH(servers, server, m->fallback_dns_servers)
573 dns_server_dump(server, f);
90e74a66 574 HASHMAP_FOREACH(l, m->links)
cf84484a
LP		 575 LIST_FOREACH(servers, server, l->dns_servers)
576 dns_server_dump(server, f);
7928c0e0
LP		 577 DnsDelegate *delegate;
578 HASHMAP_FOREACH(delegate, m->delegates)
579 LIST_FOREACH(servers, server, delegate->dns_servers)
580 dns_server_dump(server, f);
cf84484a 581
2485b7e2 582 return memstream_dump(LOG_INFO, &ms);
4d506d6b
LP		 583}
584
bc81447e 585static int manager_sigusr2(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
99534007 586 Manager *m = ASSERT_PTR(userdata);
bc81447e
LP		 587
588 assert(s);
589 assert(si);
bc81447e 590
90df0fbe 591 manager_flush_caches(m, LOG_INFO);
ba35662f 592
bc81447e
LP		 593 return 0;
594}
595
d55b0463 596static int manager_sigrtmin1(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
99534007 597 Manager *m = ASSERT_PTR(userdata);
d55b0463
LP		 598
599 assert(s);
600 assert(si);
d55b0463
LP		 601
602 manager_reset_server_features(m);
603 return 0;
604}
605
bb351718
LP		 606static int manager_memory_pressure(sd_event_source *s, void *userdata) {
607 Manager *m = ASSERT_PTR(userdata);
608
609 log_info("Under memory pressure, flushing caches.");
610
611 manager_flush_caches(m, LOG_INFO);
612 sd_event_trim_memory();
613
614 return 0;
615}
616
617static int manager_memory_pressure_listen(Manager *m) {
618 int r;
619
620 assert(m);
621
622 r = sd_event_add_memory_pressure(m->event, NULL, manager_memory_pressure, m);
623 if (r < 0)
624 log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) || ERRNO_IS_PRIVILEGE(r) || (r == -EHOSTDOWN )? LOG_DEBUG : LOG_NOTICE, r,
625 "Failed to install memory pressure event source, ignoring: %m");
626
627 return 0;
628}
629
14a52176
LB		 630static void manager_set_defaults(Manager *m) {
631 assert(m);
632
633 m->llmnr_support = DEFAULT_LLMNR_MODE;
634 m->mdns_support = DEFAULT_MDNS_MODE;
635 m->dnssec_mode = DEFAULT_DNSSEC_MODE;
636 m->dns_over_tls_mode = DEFAULT_DNS_OVER_TLS_MODE;
637 m->enable_cache = DNS_CACHE_MODE_YES;
638 m->dns_stub_listener_mode = DNS_STUB_LISTENER_YES;
639 m->read_etc_hosts = true;
640 m->resolve_unicast_single_label = false;
641 m->cache_from_localhost = false;
642 m->stale_retention_usec = 0;
e644b332 643 m->refuse_record_types = set_free(m->refuse_record_types);
14a52176
LB		 644}
645
646static int manager_dispatch_reload_signal(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
647 Manager *m = ASSERT_PTR(userdata);
6d224720 648 Link *l;
14a52176
LB		 649 int r;
650
651 (void) notify_reloading();
652
14a52176
LB		 653 dns_server_unlink_on_reload(m->dns_servers);
654 dns_server_unlink_on_reload(m->fallback_dns_servers);
655 m->dns_extra_stub_listeners = ordered_set_free(m->dns_extra_stub_listeners);
752cdf50 656 manager_dns_stub_stop(m);
108bd5c2 657 dnssd_registered_service_clear_on_reload(m->dnssd_registered_services);
14a52176 658 m->unicast_scope = dns_scope_free(m->unicast_scope);
7928c0e0 659 m->delegates = hashmap_free(m->delegates);
14a52176
LB		 660 dns_trust_anchor_flush(&m->trust_anchor);
661
9ed99b07
YW		 662 manager_set_defaults(m);
663
14a52176
LB		 664 r = dns_trust_anchor_load(&m->trust_anchor);
665 if (r < 0)
9ed99b07 666 return sd_event_exit(sd_event_source_get_event(s), r);
14a52176
LB		 667
668 r = manager_parse_config_file(m);
669 if (r < 0)
9ed99b07 670 log_warning_errno(r, "Failed to parse configuration file on reload, ignoring: %m");
14a52176
LB		 671 else
672 log_info("Config file reloaded.");
673
9ed99b07
YW		 674 (void) dnssd_load(m);
675 (void) manager_load_delegates(m);
7928c0e0 676
14a52176
LB		 677 /* The default scope configuration is influenced by the manager's configuration (modes, etc.), so
678 * recreate it on reload. */
7928c0e0 679 r = dns_scope_new(m, &m->unicast_scope, DNS_SCOPE_GLOBAL, /* link= */ NULL, /* delegate= */ NULL, DNS_PROTOCOL_DNS, AF_UNSPEC);
14a52176 680 if (r < 0)
9ed99b07 681 return sd_event_exit(sd_event_source_get_event(s), r);
14a52176 682
6d224720
NR		 683 /* A link's unicast scope may also be influenced by the manager's configuration. I.e., DNSSEC= and DNSOverTLS=
684 * from the manager will be used if not explicitly configured on the link. Free the scopes here so that
685 * link_allocate_scopes() in on_network_event() re-creates them. */
686 HASHMAP_FOREACH(l, m->links)
687 l->unicast_scope = dns_scope_free(l->unicast_scope);
688
14a52176
LB		 689 /* The configuration has changed, so reload the per-interface configuration too in order to take
690 * into account any changes (e.g.: enable/disable DNSSEC). */
63b21f50 691 r = on_network_event(/* source= */ NULL, -EBADF, /* revents= */ 0, m);
14a52176 692 if (r < 0)
9ed99b07 693 log_warning_errno(r, "Failed to update network information on reload, ignoring: %m");
14a52176
LB		 694
695 /* We have new configuration, which means potentially new servers, so close all connections and drop
696 * all caches, so that we can start fresh. */
697 (void) dns_stream_disconnect_all(m);
698 manager_flush_caches(m, LOG_INFO);
699 manager_verify_all(m);
700
752cdf50
YW		 701 r = manager_dns_stub_start(m);
702 if (r < 0)
703 return sd_event_exit(sd_event_source_get_event(s), r);
704
c147cd9a 705 (void) sd_notify(/* unset_environment= */ false, NOTIFY_READY_MESSAGE);
14a52176
LB		 706 return 0;
707}
708
091a364c 709int manager_new(Manager **ret) {
74b2466e 710 _cleanup_(manager_freep) Manager *m = NULL;
091a364c
TG		 711 int r;
712
c92e531c
LP		 713 assert(ret);
714
f55f2dce 715 m = new(Manager, 1);
091a364c
TG		 716 if (!m)
717 return -ENOMEM;
718
f55f2dce 719 *m = (Manager) {
254d1313
ZJS		 720 .llmnr_ipv4_udp_fd = -EBADF,
721 .llmnr_ipv6_udp_fd = -EBADF,
722 .llmnr_ipv4_tcp_fd = -EBADF,
723 .llmnr_ipv6_tcp_fd = -EBADF,
724 .mdns_ipv4_fd = -EBADF,
725 .mdns_ipv6_fd = -EBADF,
726 .hostname_fd = -EBADF,
f55f2dce 727
f55f2dce
YW		 728 .read_resolv_conf = true,
729 .need_builtin_fallbacks = true,
730 .etc_hosts_last = USEC_INFINITY,
bb351718
LP		 731
732 .sigrtmin18_info.memory_pressure_handler = manager_memory_pressure,
733 .sigrtmin18_info.memory_pressure_userdata = m,
f55f2dce 734 };
091a364c 735
14a52176
LB		 736 manager_set_defaults(m);
737
0d2cd476
LP		 738 r = dns_trust_anchor_load(&m->trust_anchor);
739 if (r < 0)
740 return r;
741
ad6c0475
LP		 742 r = manager_parse_config_file(m);
743 if (r < 0)
872603b5 744 log_warning_errno(r, "Failed to parse configuration file, ignoring: %m");
ad6c0475 745
e22c5b20 746#if ENABLE_DNS_OVER_TLS
71a681ae
IT		 747 r = dnstls_manager_init(m);
748 if (r < 0)
749 return r;
e22c5b20
IT		 750#endif
751
091a364c
TG		 752 r = sd_event_default(&m->event);
753 if (r < 0)
754 return r;
755
d7a6bb98
LP		 756 r = sd_event_set_signal_exit(m->event, true);
757 if (r < 0)
758 return r;
091a364c 759
1ae17292 760 (void) sd_event_set_watchdog(m->event, true);
091a364c 761
eb60f9cd
LP		 762 r = manager_watch_hostname(m);
763 if (r < 0)
764 return r;
765
872603b5
YW		 766 (void) dnssd_load(m);
767 (void) manager_load_delegates(m);
7928c0e0
LP		 768
769 r = dns_scope_new(m, &m->unicast_scope, DNS_SCOPE_GLOBAL, /* link= */ NULL, /* delegate= */ NULL, DNS_PROTOCOL_DNS, AF_UNSPEC);
74b2466e
LP		 770 if (r < 0)
771 return r;
772
773 r = manager_network_monitor_listen(m);
774 if (r < 0)
775 return r;
776
777 r = manager_rtnl_listen(m);
778 if (r < 0)
779 return r;
780
90df0fbe
LP		 781 r = manager_clock_change_listen(m);
782 if (r < 0)
783 return r;
784
bb351718
LP		 785 r = manager_memory_pressure_listen(m);
786 if (r < 0)
787 return r;
788
74b2466e
LP		 789 r = manager_connect_bus(m);
790 if (r < 0)
791 return r;
792
00299a80 793 r = sd_event_add_signal(m->event, /* ret= */ NULL, SIGHUP | SD_EVENT_SIGNAL_PROCMASK, manager_dispatch_reload_signal, m);
d7a6bb98 794 if (r < 0)
5918ba9c 795 return log_debug_errno(r, "Failed to install SIGHUP handler: %m");
d7a6bb98 796
00299a80 797 r = sd_event_add_signal(m->event, /* ret= */ NULL, SIGUSR1 | SD_EVENT_SIGNAL_PROCMASK, manager_sigusr1, m);
d7a6bb98 798 if (r < 0)
5918ba9c 799 return log_debug_errno(r, "Failed to install SIGUSR1 handler: %m");
d7a6bb98 800
00299a80 801 r = sd_event_add_signal(m->event, /* ret= */ NULL, SIGUSR2 | SD_EVENT_SIGNAL_PROCMASK, manager_sigusr2, m);
d7a6bb98 802 if (r < 0)
5918ba9c 803 return log_debug_errno(r, "Failed to install SIGUSR2 handler: %m");
d7a6bb98 804
00299a80 805 r = sd_event_add_signal(m->event, /* ret= */ NULL, (SIGRTMIN+1) | SD_EVENT_SIGNAL_PROCMASK, manager_sigrtmin1, m);
d7a6bb98 806 if (r < 0)
5918ba9c 807 return log_debug_errno(r, "Failed to install SIGRTMIN+1 handler: %m");
d7a6bb98 808
00299a80 809 r = sd_event_add_signal(m->event, /* ret= */ NULL, (SIGRTMIN+18) | SD_EVENT_SIGNAL_PROCMASK, sigrtmin18_handler, &m->sigrtmin18_info);
d7a6bb98 810 if (r < 0)
5918ba9c 811 return log_debug_errno(r, "Failed to install SIGRTMIN+18 handler: %m");
4d506d6b 812
943ef07c
LP		 813 manager_cleanup_saved_user(m);
814
1cc6c93a 815 *ret = TAKE_PTR(m);
091a364c
TG		 816
817 return 0;
818}
819
edc501d4
LP		 820int manager_start(Manager *m) {
821 int r;
822
823 assert(m);
824
b30bf55d
LP		 825 r = manager_dns_stub_start(m);
826 if (r < 0)
827 return r;
828
9581bb84
LP		 829 r = manager_varlink_init(m);
830 if (r < 0)
831 return r;
832
edc501d4
LP		 833 return 0;
834}
835
450a4edf 836Manager* manager_free(Manager *m) {
74b2466e 837 Link *l;
108bd5c2 838 DnssdRegisteredService *s;
8458b7fb 839 DnsServiceBrowser *sb;
091a364c
TG		 840
841 if (!m)
74b2466e
LP		 842 return NULL;
843
4b95f179
LP		 844 dns_server_unlink_all(m->dns_servers);
845 dns_server_unlink_all(m->fallback_dns_servers);
a51c1048
LP		 846 dns_search_domain_unlink_all(m->search_domains);
847
74b2466e
LP		 848 while ((l = hashmap_first(m->links)))
849 link_free(l);
f0e15467 850
7928c0e0
LP		 851 m->delegates = hashmap_free(m->delegates);
852
f0e15467
LP		 853 while (m->dns_queries)
854 dns_query_free(m->dns_queries);
74b2466e 855
bde69bbd 856 m->stub_queries_by_packet = hashmap_free(m->stub_queries_by_packet);
7928c0e0 857 m->unicast_scope = dns_scope_free(m->unicast_scope);
cab5b059 858
b30bf55d
LP		 859 /* At this point only orphaned streams should remain. All others should have been freed already by their
860 * owners */
861 while (m->dns_streams)
862 dns_stream_unref(m->dns_streams);
863
e22c5b20
IT		 864#if ENABLE_DNS_OVER_TLS
865 dnstls_manager_free(m);
866#endif
867
81ae2237 868 set_free(m->refuse_record_types);
f0e15467
LP		 869 hashmap_free(m->links);
870 hashmap_free(m->dns_transactions);
871
096b6773
LP		 872 sd_event_source_unref(m->network_event_source);
873 sd_network_monitor_unref(m->network_monitor);
091a364c 874
54401c6f
NR		 875 sd_netlink_slot_unref(m->netlink_new_route_slot);
876 sd_netlink_slot_unref(m->netlink_del_route_slot);
a564ca2f
LP		 877 sd_netlink_unref(m->rtnl);
878 sd_event_source_unref(m->rtnl_event_source);
90df0fbe 879 sd_event_source_unref(m->clock_change_event_source);
a564ca2f 880
54401c6f
NR		 881 sd_json_variant_unref(m->dns_configuration_json);
882
edc501d4 883 manager_llmnr_stop(m);
bc7702b0 884 manager_mdns_stop(m);
b30bf55d 885 manager_dns_stub_stop(m);
9581bb84 886 manager_varlink_done(m);
623a4c97 887
80710ade
LP		 888 manager_socket_graveyard_clear(m);
889
46505826 890 ordered_set_free(m->dns_extra_stub_listeners);
1f05101f 891
2a1ffd3e 892 hashmap_free(m->polkit_registry);
2400ae29 893
92e31da1 894 sd_bus_flush_close_unref(m->bus);
091a364c 895
78c6a153
LP		 896 dns_resource_key_unref(m->llmnr_host_ipv4_key);
897 dns_resource_key_unref(m->llmnr_host_ipv6_key);
400cb36e
DR		 898 dns_resource_key_unref(m->mdns_host_ipv4_key);
899 dns_resource_key_unref(m->mdns_host_ipv6_key);
eb60f9cd 900
eb60f9cd 901 sd_event_source_unref(m->hostname_event_source);
d9fcf2ba 902 safe_close(m->hostname_fd);
e96de0ce 903
f2ec080e
ZJS		 904 sd_event_unref(m->event);
905
e96de0ce 906 free(m->full_hostname);
78c6a153
LP		 907 free(m->llmnr_hostname);
908 free(m->mdns_hostname);
eb60f9cd 909
108bd5c2
VCS		 910 while ((s = hashmap_first(m->dnssd_registered_services)))
911 dnssd_registered_service_free(s);
912 hashmap_free(m->dnssd_registered_services);
6501dd31 913
0d2cd476 914 dns_trust_anchor_flush(&m->trust_anchor);
dd0bc0f1 915 manager_etc_hosts_flush(m);
0d2cd476 916
8458b7fb
VCS		 917 while ((sb = hashmap_first(m->dns_service_browsers)))
918 dns_service_browser_free(sb);
919 hashmap_free(m->dns_service_browsers);
920
6b430fdb 921 return mfree(m);
091a364c
TG		 922}
923
1716f6dc 924int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) {
74b2466e 925 _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
fb29cdbe
LP		 926 CMSG_BUFFER_TYPE(CMSG_SPACE(MAXSIZE(struct in_pktinfo, struct in6_pktinfo))
927 + CMSG_SPACE(int) /* ttl/hoplimit */
928 + EXTRA_CMSG_SPACE /* kernel appears to require extra buffer space */) control;
1716f6dc 929 union sockaddr_union sa;
74b2466e 930 struct iovec iov;
f55f2dce
YW		 931 struct msghdr mh = {
932 .msg_name = &sa.sa,
933 .msg_namelen = sizeof(sa),
934 .msg_iov = &iov,
935 .msg_iovlen = 1,
936 .msg_control = &control,
937 .msg_controllen = sizeof(control),
938 };
939 struct cmsghdr *cmsg;
4edc2c9b
LP		 940 ssize_t ms, l;
941 int r;
74b2466e
LP		 942
943 assert(m);
1716f6dc 944 assert(fd >= 0);
74b2466e
LP		 945 assert(ret);
946
4edc2c9b 947 ms = next_datagram_size_fd(fd);
74b2466e 948 if (ms < 0)
4edc2c9b 949 return ms;
74b2466e 950
51027656 951 r = dns_packet_new(&p, protocol, ms, DNS_PACKET_SIZE_MAX);
74b2466e
LP		 952 if (r < 0)
953 return r;
954
cb310866 955 iov = IOVEC_MAKE(DNS_PACKET_DATA(p), p->allocated);
74b2466e 956
3691bcf3 957 l = recvmsg_safe(fd, &mh, 0);
bb44fd07 958 if (ERRNO_IS_NEG_TRANSIENT(l))
8add30a0 959 return 0;
bb44fd07
ZJS		 960 if (l <= 0)
961 return l;
091a364c 962
74b2466e 963 p->size = (size_t) l;
091a364c 964
1716f6dc 965 p->family = sa.sa.sa_family;
623a4c97
LP		 966 p->ipproto = IPPROTO_UDP;
967 if (p->family == AF_INET) {
1716f6dc 968 p->sender.in = sa.in.sin_addr;
623a4c97
LP		 969 p->sender_port = be16toh(sa.in.sin_port);
970 } else if (p->family == AF_INET6) {
1716f6dc 971 p->sender.in6 = sa.in6.sin6_addr;
623a4c97
LP		 972 p->sender_port = be16toh(sa.in6.sin6_port);
973 p->ifindex = sa.in6.sin6_scope_id;
974 } else
1716f6dc 975 return -EAFNOSUPPORT;
74b2466e 976
ba4e0427 977 p->timestamp = now(CLOCK_BOOTTIME);
5777c613 978
2a1288ff 979 CMSG_FOREACH(cmsg, &mh) {
74b2466e 980
1716f6dc
LP		 981 if (cmsg->cmsg_level == IPPROTO_IPV6) {
982 assert(p->family == AF_INET6);
74b2466e 983
1716f6dc 984 switch (cmsg->cmsg_type) {
74b2466e 985
1716f6dc 986 case IPV6_PKTINFO: {
b1d02191 987 struct in6_pktinfo *i = CMSG_TYPED_DATA(cmsg, struct in6_pktinfo);
74b2466e 988
623a4c97
LP		 989 if (p->ifindex <= 0)
990 p->ifindex = i->ipi6_ifindex;
991
1716f6dc
LP		 992 p->destination.in6 = i->ipi6_addr;
993 break;
994 }
74b2466e 995
1716f6dc 996 case IPV6_HOPLIMIT:
b1d02191 997 p->ttl = *CMSG_TYPED_DATA(cmsg, int);
1716f6dc 998 break;
74b2466e 999
20a001bd 1000 case IPV6_RECVFRAGSIZE:
b1d02191 1001 p->fragsize = *CMSG_TYPED_DATA(cmsg, int);
20a001bd 1002 break;
1716f6dc
LP		 1003 }
1004 } else if (cmsg->cmsg_level == IPPROTO_IP) {
1005 assert(p->family == AF_INET);
74b2466e 1006
1716f6dc 1007 switch (cmsg->cmsg_type) {
74b2466e 1008
1716f6dc 1009 case IP_PKTINFO: {
b1d02191 1010 struct in_pktinfo *i = CMSG_TYPED_DATA(cmsg, struct in_pktinfo);
091a364c 1011
623a4c97
LP		 1012 if (p->ifindex <= 0)
1013 p->ifindex = i->ipi_ifindex;
1014
1716f6dc
LP		 1015 p->destination.in = i->ipi_addr;
1016 break;
1017 }
74b2466e 1018
623a4c97 1019 case IP_TTL:
b1d02191 1020 p->ttl = *CMSG_TYPED_DATA(cmsg, int);
1716f6dc 1021 break;
20a001bd
LP		 1022
1023 case IP_RECVFRAGSIZE:
b1d02191 1024 p->fragsize = *CMSG_TYPED_DATA(cmsg, int);
20a001bd 1025 break;
1716f6dc
LP		 1026 }
1027 }
1028 }
74b2466e 1029
623a4c97
LP		 1030 /* The Linux kernel sets the interface index to the loopback
1031 * device if the packet came from the local host since it
1032 * avoids the routing table in such a case. Let's unset the
1033 * interface index in such a case. */
a5f03596 1034 if (p->ifindex == LOOPBACK_IFINDEX)
623a4c97
LP		 1035 p->ifindex = 0;
1036
86ad4cd7
TG		 1037 if (protocol != DNS_PROTOCOL_DNS) {
1038 /* If we don't know the interface index still, we look for the
1039 * first local interface with a matching address. Yuck! */
1040 if (p->ifindex <= 0)
1041 p->ifindex = manager_find_ifindex(m, p->family, &p->destination);
1042 }
623a4c97 1043
c0f86d66 1044 log_debug("Received %s UDP packet of size %zu, ifindex=%i, ttl=%u, fragsize=%zu, sender=%s, destination=%s",
84dbb3fd
ZJS		 1045 dns_protocol_to_string(protocol), p->size, p->ifindex, p->ttl, p->fragsize,
1046 IN_ADDR_TO_STRING(p->family, &p->sender),
1047 IN_ADDR_TO_STRING(p->family, &p->destination));
74b2466e 1048
f7155840 1049 *ret = TAKE_PTR(p);
74b2466e
LP		 1050 return 1;
1051}
1052
ed6c5178 1053int sendmsg_loop(int fd, struct msghdr *mh, int flags) {
6d66a221 1054 usec_t end;
74b2466e
LP		 1055 int r;
1056
1057 assert(fd >= 0);
1058 assert(mh);
1059
6d66a221
LP		 1060 end = usec_add(now(CLOCK_MONOTONIC), SEND_TIMEOUT_USEC);
1061
74b2466e
LP		 1062 for (;;) {
1063 if (sendmsg(fd, mh, flags) >= 0)
1064 return 0;
74b2466e
LP		 1065 if (errno == EINTR)
1066 continue;
74b2466e
LP		 1067 if (errno != EAGAIN)
1068 return -errno;
1069
6d66a221 1070 r = fd_wait_for_event(fd, POLLOUT, LESS_BY(end, now(CLOCK_MONOTONIC)));
bb44fd07
ZJS		 1071 if (ERRNO_IS_NEG_TRANSIENT(r))
1072 continue;
1073 if (r < 0)
74b2466e
LP		 1074 return r;
1075 if (r == 0)
1076 return -ETIMEDOUT;
1077 }
1078}
1079
72290734 1080static int write_loop(int fd, void *message, size_t length) {
6d66a221 1081 usec_t end;
72290734
TG		 1082 int r;
1083
1084 assert(fd >= 0);
1085 assert(message);
1086
6d66a221
LP		 1087 end = usec_add(now(CLOCK_MONOTONIC), SEND_TIMEOUT_USEC);
1088
72290734
TG		 1089 for (;;) {
1090 if (write(fd, message, length) >= 0)
1091 return 0;
72290734
TG		 1092 if (errno == EINTR)
1093 continue;
72290734
TG		 1094 if (errno != EAGAIN)
1095 return -errno;
1096
6d66a221 1097 r = fd_wait_for_event(fd, POLLOUT, LESS_BY(end, now(CLOCK_MONOTONIC)));
bb44fd07
ZJS		 1098 if (ERRNO_IS_NEG_TRANSIENT(r))
1099 continue;
1100 if (r < 0)
72290734
TG		 1101 return r;
1102 if (r == 0)
1103 return -ETIMEDOUT;
1104 }
1105}
1106
1107int manager_write(Manager *m, int fd, DnsPacket *p) {
1108 int r;
1109
76f77229
LP		 1110 log_debug("Sending %s%s packet with id %" PRIu16 " of size %zu.",
1111 DNS_PACKET_TC(p) ? "truncated (!) " : "",
1112 DNS_PACKET_QR(p) ? "response" : "query",
1113 DNS_PACKET_ID(p),
1114 p->size);
72290734
TG		 1115
1116 r = write_loop(fd, DNS_PACKET_DATA(p), p->size);
1117 if (r < 0)
1118 return r;
1119
1120 return 0;
1121}
1122
b30bf55d
LP		 1123static int manager_ipv4_send(
1124 Manager *m,
1125 int fd,
1126 int ifindex,
1127 const struct in_addr *destination,
1128 uint16_t port,
1129 const struct in_addr *source,
1130 DnsPacket *p) {
fb29cdbe
LP		 1131
1132 CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct in_pktinfo))) control = {};
f55f2dce 1133 union sockaddr_union sa;
74b2466e 1134 struct iovec iov;
f55f2dce
YW		 1135 struct msghdr mh = {
1136 .msg_iov = &iov,
1137 .msg_iovlen = 1,
1138 .msg_name = &sa.sa,
1139 .msg_namelen = sizeof(sa.in),
1140 };
74b2466e
LP		 1141
1142 assert(m);
1716f6dc 1143 assert(fd >= 0);
b30bf55d 1144 assert(destination);
1716f6dc 1145 assert(port > 0);
74b2466e
LP		 1146 assert(p);
1147
cb310866 1148 iov = IOVEC_MAKE(DNS_PACKET_DATA(p), p->size);
091a364c 1149
f55f2dce
YW		 1150 sa = (union sockaddr_union) {
1151 .in.sin_family = AF_INET,
1152 .in.sin_addr = *destination,
1153 .in.sin_port = htobe16(port),
1154 };
091a364c 1155
74b2466e
LP		 1156 if (ifindex > 0) {
1157 struct cmsghdr *cmsg;
1158 struct in_pktinfo *pi;
1159
1716f6dc 1160 mh.msg_control = &control;
a258f491 1161 mh.msg_controllen = sizeof(control);
74b2466e
LP		 1162
1163 cmsg = CMSG_FIRSTHDR(&mh);
a258f491 1164 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
74b2466e
LP		 1165 cmsg->cmsg_level = IPPROTO_IP;
1166 cmsg->cmsg_type = IP_PKTINFO;
1167
b5d39bb3 1168 pi = CMSG_TYPED_DATA(cmsg, struct in_pktinfo);
74b2466e 1169 pi->ipi_ifindex = ifindex;
b30bf55d
LP		 1170
1171 if (source)
1172 pi->ipi_spec_dst = *source;
74b2466e
LP		 1173 }
1174
1175 return sendmsg_loop(fd, &mh, 0);
1176}
1177
b30bf55d
LP		 1178static int manager_ipv6_send(
1179 Manager *m,
1180 int fd,
1181 int ifindex,
1182 const struct in6_addr *destination,
1183 uint16_t port,
1184 const struct in6_addr *source,
1185 DnsPacket *p) {
1186
fb29cdbe 1187 CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct in6_pktinfo))) control = {};
f55f2dce 1188 union sockaddr_union sa;
74b2466e 1189 struct iovec iov;
f55f2dce
YW		 1190 struct msghdr mh = {
1191 .msg_iov = &iov,
1192 .msg_iovlen = 1,
1193 .msg_name = &sa.sa,
1194 .msg_namelen = sizeof(sa.in6),
1195 };
74b2466e
LP		 1196
1197 assert(m);
1716f6dc 1198 assert(fd >= 0);
b30bf55d 1199 assert(destination);
1716f6dc 1200 assert(port > 0);
74b2466e
LP		 1201 assert(p);
1202
cb310866 1203 iov = IOVEC_MAKE(DNS_PACKET_DATA(p), p->size);
74b2466e 1204
f55f2dce
YW		 1205 sa = (union sockaddr_union) {
1206 .in6.sin6_family = AF_INET6,
1207 .in6.sin6_addr = *destination,
1208 .in6.sin6_port = htobe16(port),
1209 .in6.sin6_scope_id = ifindex,
1210 };
74b2466e
LP		 1211
1212 if (ifindex > 0) {
1213 struct cmsghdr *cmsg;
1214 struct in6_pktinfo *pi;
1215
1716f6dc 1216 mh.msg_control = &control;
a258f491 1217 mh.msg_controllen = sizeof(control);
74b2466e
LP		 1218
1219 cmsg = CMSG_FIRSTHDR(&mh);
a258f491 1220 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
74b2466e
LP		 1221 cmsg->cmsg_level = IPPROTO_IPV6;
1222 cmsg->cmsg_type = IPV6_PKTINFO;
1223
b5d39bb3 1224 pi = CMSG_TYPED_DATA(cmsg, struct in6_pktinfo);
74b2466e 1225 pi->ipi6_ifindex = ifindex;
b30bf55d
LP		 1226
1227 if (source)
1228 pi->ipi6_addr = *source;
74b2466e
LP		 1229 }
1230
1231 return sendmsg_loop(fd, &mh, 0);
1232}
1233
309a747f
LP		 1234static int dns_question_to_json(DnsQuestion *q, sd_json_variant **ret) {
1235 _cleanup_(sd_json_variant_unrefp) sd_json_variant *l = NULL;
72c2d39e
LP		 1236 DnsResourceKey *key;
1237 int r;
1238
1239 assert(ret);
1240
1241 DNS_QUESTION_FOREACH(key, q) {
309a747f 1242 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
72c2d39e
LP		 1243
1244 r = dns_resource_key_to_json(key, &v);
1245 if (r < 0)
1246 return r;
1247
309a747f 1248 r = sd_json_variant_append_array(&l, v);
72c2d39e
LP		 1249 if (r < 0)
1250 return r;
1251 }
1252
1253 *ret = TAKE_PTR(l);
1254 return 0;
1255}
1256
d9f9b8ce 1257int manager_monitor_send(Manager *m, DnsQuery *q) {
309a747f 1258 _cleanup_(sd_json_variant_unrefp) sd_json_variant *jquestion = NULL, *jcollected_questions = NULL, *janswer = NULL;
72c2d39e 1259 _cleanup_(dns_question_unrefp) DnsQuestion *merged = NULL;
72c2d39e
LP		 1260 DnsAnswerItem *rri;
1261 int r;
cb456374
SK		 1262
1263 assert(m);
1264
cf22b5c5 1265 if (set_isempty(m->varlink_query_results_subscription))
cb456374
SK		 1266 return 0;
1267
ae55c9c0 1268 /* Merge all questions into one */
d9f9b8ce 1269 r = dns_question_merge(q->question_idna, q->question_utf8, &merged);
72c2d39e
LP		 1270 if (r < 0)
1271 return log_error_errno(r, "Failed to merge UTF8/IDNA questions: %m");
1272
d9f9b8ce 1273 if (q->question_bypass) {
ae55c9c0
LP		 1274 _cleanup_(dns_question_unrefp) DnsQuestion *merged2 = NULL;
1275
d9f9b8ce 1276 r = dns_question_merge(merged, q->question_bypass->question, &merged2);
ae55c9c0
LP		 1277 if (r < 0)
1278 return log_error_errno(r, "Failed to merge UTF8/IDNA questions and DNS packet question: %m");
1279
1280 dns_question_unref(merged);
1281 merged = TAKE_PTR(merged2);
1282 }
1283
72c2d39e
LP		 1284 /* Convert the current primary question to JSON */
1285 r = dns_question_to_json(merged, &jquestion);
1286 if (r < 0)
1287 return log_error_errno(r, "Failed to convert question to JSON: %m");
cb456374 1288
64ebc0da 1289 /* Generate a JSON array of the questions preceding the current one in the CNAME chain */
d9f9b8ce 1290 r = dns_question_to_json(q->collected_questions, &jcollected_questions);
72c2d39e
LP		 1291 if (r < 0)
1292 return log_error_errno(r, "Failed to convert question to JSON: %m");
1293
d9f9b8ce 1294 DNS_ANSWER_FOREACH_ITEM(rri, q->answer) {
309a747f 1295 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
72c2d39e
LP		 1296
1297 r = dns_resource_record_to_json(rri->rr, &v);
cb456374 1298 if (r < 0)
72c2d39e 1299 return log_error_errno(r, "Failed to convert answer resource record to JSON: %m");
cb456374 1300
72c2d39e
LP		 1301 r = dns_resource_record_to_wire_format(rri->rr, /* canonical= */ false); /* don't use DNSSEC canonical format, since it removes casing, but we want that for DNS_SD compat */
1302 if (r < 0)
1303 return log_error_errno(r, "Failed to generate RR wire format: %m");
cb456374 1304
be5bee2a 1305 r = sd_json_variant_append_arraybo(
c91f581c 1306 &janswer,
be5bee2a
LP		 1307 SD_JSON_BUILD_PAIR_CONDITION(!!v, "rr", SD_JSON_BUILD_VARIANT(v)),
1308 SD_JSON_BUILD_PAIR("raw", SD_JSON_BUILD_BASE64(rri->rr->wire_format, rri->rr->wire_format_size)),
1309 SD_JSON_BUILD_PAIR_CONDITION(rri->ifindex > 0, "ifindex", SD_JSON_BUILD_INTEGER(rri->ifindex)));
72c2d39e
LP		 1310 if (r < 0)
1311 return log_debug_errno(r, "Failed to append notification entry to array: %m");
1312 }
cb456374 1313
05f47839 1314 r = varlink_many_notifybo(
cf22b5c5 1315 m->varlink_query_results_subscription,
05f47839
LP		 1316 SD_JSON_BUILD_PAIR("state", SD_JSON_BUILD_STRING(dns_transaction_state_to_string(q->state))),
1317 SD_JSON_BUILD_PAIR_CONDITION(q->state == DNS_TRANSACTION_DNSSEC_FAILED,
1318 "result", SD_JSON_BUILD_STRING(dnssec_result_to_string(q->answer_dnssec_result))),
1319 SD_JSON_BUILD_PAIR_CONDITION(q->state == DNS_TRANSACTION_RCODE_FAILURE,
1320 "rcode", SD_JSON_BUILD_INTEGER(q->answer_rcode)),
1321 SD_JSON_BUILD_PAIR_CONDITION(q->state == DNS_TRANSACTION_ERRNO,
1322 "errno", SD_JSON_BUILD_INTEGER(q->answer_errno)),
1323 SD_JSON_BUILD_PAIR_CONDITION(IN_SET(q->state,
1324 DNS_TRANSACTION_DNSSEC_FAILED,
1325 DNS_TRANSACTION_RCODE_FAILURE) &&
1326 q->answer_ede_rcode >= 0,
1327 "extendedDNSErrorCode", SD_JSON_BUILD_INTEGER(q->answer_ede_rcode)),
1328 SD_JSON_BUILD_PAIR_CONDITION(IN_SET(q->state,
1329 DNS_TRANSACTION_DNSSEC_FAILED,
1330 DNS_TRANSACTION_RCODE_FAILURE) &&
1331 q->answer_ede_rcode >= 0 && !isempty(q->answer_ede_msg),
1332 "extendedDNSErrorMessage", SD_JSON_BUILD_STRING(q->answer_ede_msg)),
1333 SD_JSON_BUILD_PAIR("question", SD_JSON_BUILD_VARIANT(jquestion)),
1334 SD_JSON_BUILD_PAIR_CONDITION(!!jcollected_questions,
1335 "collectedQuestions", SD_JSON_BUILD_VARIANT(jcollected_questions)),
1336 SD_JSON_BUILD_PAIR_CONDITION(!!janswer,
be5bee2a 1337 "answer", SD_JSON_BUILD_VARIANT(janswer)));
05f47839
LP		 1338 if (r < 0)
1339 log_debug_errno(r, "Failed to send monitor event, ignoring: %m");
72c2d39e 1340
cb456374
SK		 1341 return 0;
1342}
1343
b30bf55d
LP		 1344int manager_send(
1345 Manager *m,
1346 int fd,
1347 int ifindex,
1348 int family,
1349 const union in_addr_union *destination,
1350 uint16_t port,
1351 const union in_addr_union *source,
1352 DnsPacket *p) {
1353
1716f6dc
LP		 1354 assert(m);
1355 assert(fd >= 0);
b30bf55d 1356 assert(destination);
1716f6dc
LP		 1357 assert(port > 0);
1358 assert(p);
1359
614af79c
YW		 1360 /* For mDNS, it is natural that the packet have truncated flag when we have many known answers. */
1361 bool truncated = DNS_PACKET_TC(p) && (p->protocol != DNS_PROTOCOL_MDNS || !p->more);
1362
76f77229 1363 log_debug("Sending %s%s packet with id %" PRIu16 " on interface %i/%s of size %zu.",
614af79c 1364 truncated ? "truncated (!) " : "",
76f77229
LP		 1365 DNS_PACKET_QR(p) ? "response" : "query",
1366 DNS_PACKET_ID(p),
1367 ifindex, af_to_name(family),
1368 p->size);
a2a416f7 1369
1716f6dc 1370 if (family == AF_INET)
25270cf3 1371 return manager_ipv4_send(m, fd, ifindex, &destination->in, port, source ? &source->in : NULL, p);
2817157b 1372 if (family == AF_INET6)
25270cf3 1373 return manager_ipv6_send(m, fd, ifindex, &destination->in6, port, source ? &source->in6 : NULL, p);
1716f6dc
LP		 1374
1375 return -EAFNOSUPPORT;
1376}
1377
e1c95994
LP		 1378uint32_t manager_find_mtu(Manager *m) {
1379 uint32_t mtu = 0;
1380 Link *l;
e1c95994 1381
5a0d0b8f 1382 /* If we don't know on which link a DNS packet would be delivered, let's find the largest MTU that
4301cb32 1383 * works on all interfaces we know of that have an IP address associated */
e1c95994 1384
90e74a66 1385 HASHMAP_FOREACH(l, m->links) {
5a0d0b8f
LP		 1386 /* Let's filter out links without IP addresses (e.g. AF_CAN links and suchlike) */
1387 if (!l->addresses)
1388 continue;
1389
1390 /* Safety check: MTU shorter than what we need for the absolutely shortest DNS request? Then
1391 * let's ignore this link. */
1392 if (l->mtu < MIN(UDP4_PACKET_HEADER_SIZE + DNS_PACKET_HEADER_SIZE,
1393 UDP6_PACKET_HEADER_SIZE + DNS_PACKET_HEADER_SIZE))
e1c95994
LP		 1394 continue;
1395
1396 if (mtu <= 0 || l->mtu < mtu)
1397 mtu = l->mtu;
1398 }
1399
5a0d0b8f
LP		 1400 if (mtu == 0) /* found nothing? then let's assume the typical Ethernet MTU for lack of anything more precise */
1401 return 1500;
1402
e1c95994
LP		 1403 return mtu;
1404}
1716f6dc 1405
623a4c97 1406int manager_find_ifindex(Manager *m, int family, const union in_addr_union *in_addr) {
ec2c5e43
LP		 1407 LinkAddress *a;
1408
1409 assert(m);
1410
bb3b08ad
YW		 1411 if (!IN_SET(family, AF_INET, AF_INET6))
1412 return 0;
1413
1414 if (!in_addr)
1415 return 0;
1416
4e945a6f 1417 a = manager_find_link_address(m, family, in_addr);
ec2c5e43
LP		 1418 if (a)
1419 return a->link->ifindex;
1420
1421 return 0;
1422}
1423
eb60f9cd 1424void manager_refresh_rrs(Manager *m) {
eb60f9cd 1425 Link *l;
108bd5c2 1426 DnssdRegisteredService *s;
eb60f9cd
LP		 1427
1428 assert(m);
1429
78c6a153
LP		 1430 m->llmnr_host_ipv4_key = dns_resource_key_unref(m->llmnr_host_ipv4_key);
1431 m->llmnr_host_ipv6_key = dns_resource_key_unref(m->llmnr_host_ipv6_key);
400cb36e
DR		 1432 m->mdns_host_ipv4_key = dns_resource_key_unref(m->mdns_host_ipv4_key);
1433 m->mdns_host_ipv6_key = dns_resource_key_unref(m->mdns_host_ipv6_key);
eb60f9cd 1434
ee3713b7
RB		 1435 HASHMAP_FOREACH(l, m->links)
1436 link_add_rrs(l, true);
1437
6db6a464 1438 if (m->mdns_support == RESOLVE_SUPPORT_YES)
108bd5c2 1439 HASHMAP_FOREACH(s, m->dnssd_registered_services)
6db6a464 1440 if (dnssd_update_rrs(s) < 0)
0ef0e269 1441 log_warning("Failed to refresh DNS-SD service '%s'", s->id);
6db6a464 1442
ee3713b7 1443 HASHMAP_FOREACH(l, m->links)
eb60f9cd 1444 link_add_rrs(l, false);
eb60f9cd
LP		 1445}
1446
e7c1b0e4 1447static int manager_next_random_name(const char *old, char **ret_new) {
ec2c5e43 1448 const char *p;
556a2294 1449 uint64_t u, a;
e7c1b0e4 1450 char *n;
623a4c97 1451
e7c1b0e4 1452 p = strchr(old, 0);
ec2c5e43
LP		 1453 assert(p);
1454
e7c1b0e4 1455 while (p > old) {
ff25d338 1456 if (!ascii_isdigit(p[-1]))
ec2c5e43
LP		 1457 break;
1458
1459 p--;
1460 }
1461
1462 if (*p == 0 || safe_atou64(p, &u) < 0 || u <= 0)
1463 u = 1;
1464
556a2294
LP		 1465 /* Add a random number to the old value. This way we can avoid
1466 * that two hosts pick the same hostname, win on IPv4 and lose
1467 * on IPv6 (or vice versa), and pick the same hostname
1468 * replacement hostname, ad infinitum. We still want the
1469 * numbers to go up monotonically, hence we just add a random
1470 * value 1..10 */
1471
1472 random_bytes(&a, sizeof(a));
1473 u += 1 + a % 10;
ec2c5e43 1474
e7c1b0e4 1475 if (asprintf(&n, "%.*s%" PRIu64, (int) (p - old), old, u) < 0)
ec2c5e43
LP		 1476 return -ENOMEM;
1477
e7c1b0e4
DR		 1478 *ret_new = n;
1479
1480 return 0;
1481}
1482
1483int manager_next_hostname(Manager *m) {
1484 _cleanup_free_ char *h = NULL, *k = NULL;
1485 int r;
1486
1487 assert(m);
1488
1489 r = manager_next_random_name(m->llmnr_hostname, &h);
1490 if (r < 0)
1491 return r;
1492
7470cc4c 1493 r = dns_name_concat(h, "local", 0, &k);
e7c1b0e4 1494 if (r < 0)
78c6a153 1495 return r;
78c6a153
LP		 1496
1497 log_info("Hostname conflict, changing published hostname from '%s' to '%s'.", m->llmnr_hostname, h);
1498
e7c1b0e4
DR		 1499 free_and_replace(m->llmnr_hostname, h);
1500 free_and_replace(m->mdns_hostname, k);
ec2c5e43 1501
eb60f9cd 1502 manager_refresh_rrs(m);
86c0411e 1503 (void) manager_send_changed(m, "LLMNRHostname");
623a4c97
LP		 1504
1505 return 0;
1506}
ec2c5e43 1507
4e945a6f 1508LinkAddress* manager_find_link_address(Manager *m, int family, const union in_addr_union *in_addr) {
ec2c5e43
LP		 1509 Link *l;
1510
1511 assert(m);
1512
bb3b08ad
YW		 1513 if (!IN_SET(family, AF_INET, AF_INET6))
1514 return NULL;
1515
1516 if (!in_addr)
1517 return NULL;
1518
90e74a66 1519 HASHMAP_FOREACH(l, m->links) {
ec2c5e43
LP		 1520 LinkAddress *a;
1521
1522 a = link_find_address(l, family, in_addr);
1523 if (a)
1524 return a;
1525 }
1526
1527 return NULL;
1528}
1529
94378145 1530bool manager_packet_from_local_address(Manager *m, DnsPacket *p) {
ec2c5e43
LP		 1531 assert(m);
1532 assert(p);
1533
94378145
LP		 1534 /* Let's see if this packet comes from an IP address we have on any local interface */
1535
4e945a6f 1536 return !!manager_find_link_address(m, p->family, &p->sender);
ec2c5e43 1537}
4e945a6f 1538
a9fd8837
LP		 1539bool manager_packet_from_our_transaction(Manager *m, DnsPacket *p) {
1540 DnsTransaction *t;
1541
1542 assert(m);
1543 assert(p);
1544
1545 /* Let's see if we have a transaction with a query message with the exact same binary contents as the
1546 * one we just got. If so, it's almost definitely a packet loop of some kind. */
1547
1548 t = hashmap_get(m->dns_transactions, UINT_TO_PTR(DNS_PACKET_ID(p)));
1549 if (!t)
1550 return false;
1551
1552 return t->sent && dns_packet_equal(t->sent, p);
1553}
1554
8458b7fb 1555DnsScope* manager_find_scope_from_protocol(Manager *m, int ifindex, DnsProtocol protocol, int family) {
a4076574
LP		 1556 Link *l;
1557
1558 assert(m);
a4076574 1559
8458b7fb 1560 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
a4076574
LP		 1561 if (!l)
1562 return NULL;
1563
8458b7fb 1564 switch (protocol) {
b4f1862d 1565 case DNS_PROTOCOL_LLMNR:
8458b7fb 1566 if (family == AF_INET)
a4076574 1567 return l->llmnr_ipv4_scope;
8458b7fb 1568 else if (family == AF_INET6)
a4076574 1569 return l->llmnr_ipv6_scope;
b4f1862d
DM		 1570
1571 break;
1572
1573 case DNS_PROTOCOL_MDNS:
8458b7fb 1574 if (family == AF_INET)
b4f1862d 1575 return l->mdns_ipv4_scope;
8458b7fb 1576 else if (family == AF_INET6)
b4f1862d
DM		 1577 return l->mdns_ipv6_scope;
1578
1579 break;
1580
1581 default:
5c9feb2d 1582 ;
a4076574
LP		 1583 }
1584
1585 return NULL;
1586}
1587
902bb5d8 1588void manager_verify_all(Manager *m) {
902bb5d8
LP		 1589 assert(m);
1590
1591 LIST_FOREACH(scopes, s, m->dns_scopes)
1592 dns_zone_verify_all(&s->zone);
1593}
1594
78c6a153 1595int manager_is_own_hostname(Manager *m, const char *name) {
78c6a153
LP		 1596 int r;
1597
1598 assert(m);
1599 assert(name);
1600
1601 if (m->llmnr_hostname) {
1602 r = dns_name_equal(name, m->llmnr_hostname);
1603 if (r != 0)
1604 return r;
1605 }
1606
e96de0ce
LP		 1607 if (m->mdns_hostname) {
1608 r = dns_name_equal(name, m->mdns_hostname);
1609 if (r != 0)
1610 return r;
1611 }
1612
1613 if (m->full_hostname)
1614 return dns_name_equal(name, m->full_hostname);
78c6a153
LP		 1615
1616 return 0;
1617}
1618
9176a57c 1619int manager_compile_dns_servers(Manager *m, OrderedSet **dns) {
9176a57c
LP		 1620 Link *l;
1621 int r;
1622
1623 assert(m);
1624 assert(dns);
1625
1626 r = ordered_set_ensure_allocated(dns, &dns_server_hash_ops);
1627 if (r < 0)
1628 return r;
1629
1630 /* First add the system-wide servers and domains */
1631 LIST_FOREACH(servers, s, m->dns_servers) {
1632 r = ordered_set_put(*dns, s);
1633 if (r == -EEXIST)
1634 continue;
1635 if (r < 0)
1636 return r;
1637 }
1638
1639 /* Then, add the per-link servers */
7928c0e0 1640 HASHMAP_FOREACH(l, m->links)
9176a57c
LP		 1641 LIST_FOREACH(servers, s, l->dns_servers) {
1642 r = ordered_set_put(*dns, s);
1643 if (r == -EEXIST)
1644 continue;
1645 if (r < 0)
1646 return r;
1647 }
7928c0e0
LP		 1648
1649 /* Third, add the delegate servers and domains */
1650 DnsDelegate *d;
1651 HASHMAP_FOREACH(d, m->delegates)
1652 LIST_FOREACH(servers, s, d->dns_servers) {
1653 r = ordered_set_put(*dns, s);
1654 if (r == -EEXIST)
1655 continue;
1656 if (r < 0)
1657 return r;
1658 }
9176a57c
LP		 1659
1660 /* If we found nothing, add the fallback servers */
1661 if (ordered_set_isempty(*dns)) {
1662 LIST_FOREACH(servers, s, m->fallback_dns_servers) {
1663 r = ordered_set_put(*dns, s);
1664 if (r == -EEXIST)
1665 continue;
1666 if (r < 0)
1667 return r;
1668 }
1669 }
1670
1671 return 0;
1672}
1673
94363cbb
MP		 1674/* filter_route is a tri-state:
1675 * < 0: no filtering
1676 * = 0 or false: return only domains which should be used for searching
1677 * > 0 or true: return only domains which are for routing only
1678 */
6f7da49d 1679int manager_compile_search_domains(Manager *m, OrderedSet **domains, int filter_route) {
9176a57c
LP		 1680 int r;
1681
1682 assert(m);
1683 assert(domains);
1684
1685 r = ordered_set_ensure_allocated(domains, &dns_name_hash_ops);
1686 if (r < 0)
1687 return r;
1688
1689 LIST_FOREACH(domains, d, m->search_domains) {
6f7da49d
LP		 1690
1691 if (filter_route >= 0 &&
1692 d->route_only != !!filter_route)
1693 continue;
1694
9176a57c
LP		 1695 r = ordered_set_put(*domains, d->name);
1696 if (r == -EEXIST)
1697 continue;
1698 if (r < 0)
1699 return r;
1700 }
1701
7928c0e0
LP		 1702 DnsDelegate *delegate;
1703 HASHMAP_FOREACH(delegate, m->delegates)
1704 LIST_FOREACH(domains, d, delegate->search_domains) {
1705
1706 if (filter_route >= 0 &&
1707 d->route_only != !!filter_route)
1708 continue;
1709
1710 r = ordered_set_put(*domains, d->name);
1711 if (r == -EEXIST)
1712 continue;
1713 if (r < 0)
1714 return r;
1715 }
9176a57c 1716
7928c0e0
LP		 1717 Link *l;
1718 HASHMAP_FOREACH(l, m->links)
9176a57c 1719 LIST_FOREACH(domains, d, l->search_domains) {
6f7da49d
LP		 1720
1721 if (filter_route >= 0 &&
1722 d->route_only != !!filter_route)
1723 continue;
1724
9176a57c
LP		 1725 r = ordered_set_put(*domains, d->name);
1726 if (r == -EEXIST)
1727 continue;
1728 if (r < 0)
1729 return r;
1730 }
9176a57c
LP		 1731
1732 return 0;
1733}
c69fa7e3
LP		 1734
1735DnssecMode manager_get_dnssec_mode(Manager *m) {
1736 assert(m);
1737
1738 if (m->dnssec_mode != _DNSSEC_MODE_INVALID)
1739 return m->dnssec_mode;
1740
1741 return DNSSEC_NO;
1742}
1743
1744bool manager_dnssec_supported(Manager *m) {
1745 DnsServer *server;
c69fa7e3
LP		 1746 Link *l;
1747
1748 assert(m);
1749
1750 if (manager_get_dnssec_mode(m) == DNSSEC_NO)
1751 return false;
1752
1753 server = manager_get_dns_server(m);
1754 if (server && !dns_server_dnssec_supported(server))
1755 return false;
1756
90e74a66 1757 HASHMAP_FOREACH(l, m->links)
c69fa7e3
LP		 1758 if (!link_dnssec_supported(l))
1759 return false;
1760
1761 return true;
1762}
59c5b597 1763
c9299be2 1764DnsOverTlsMode manager_get_dns_over_tls_mode(Manager *m) {
5d67a7ae
IT		 1765 assert(m);
1766
c9299be2
IT		 1767 if (m->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
1768 return m->dns_over_tls_mode;
5d67a7ae 1769
c9299be2 1770 return DNS_OVER_TLS_NO;
5d67a7ae
IT		 1771}
1772
59c5b597
LP		 1773void manager_dnssec_verdict(Manager *m, DnssecVerdict verdict, const DnsResourceKey *key) {
1774
1775 assert(verdict >= 0);
1776 assert(verdict < _DNSSEC_VERDICT_MAX);
1777
f1d34068 1778 if (DEBUG_LOGGING) {
202b76ae 1779 char s[DNS_RESOURCE_KEY_STRING_MAX];
59c5b597 1780
202b76ae
ZJS		 1781 log_debug("Found verdict for lookup %s: %s",
1782 dns_resource_key_to_string(key, s, sizeof s),
1783 dnssec_verdict_to_string(verdict));
59c5b597
LP		 1784 }
1785
1786 m->n_dnssec_verdict[verdict]++;
1787}
011696f7 1788
de4a0138 1789bool manager_routable(Manager *m) {
011696f7
LP		 1790 Link *l;
1791
1792 assert(m);
1793
de4a0138 1794 /* Returns true if the host has at least one interface with a routable address (regardless if IPv4 or IPv6) */
011696f7 1795
90e74a66 1796 HASHMAP_FOREACH(l, m->links)
de4a0138 1797 if (link_relevant(l, AF_UNSPEC, false))
011696f7
LP		 1798 return true;
1799
1800 return false;
1801}
ba35662f 1802
90df0fbe 1803void manager_flush_caches(Manager *m, int log_level) {
ba35662f
LP		 1804 assert(m);
1805
1806 LIST_FOREACH(scopes, scope, m->dns_scopes)
1807 dns_cache_flush(&scope->cache);
aac57b35 1808
8458b7fb
VCS		 1809 dns_browse_services_purge(m, AF_UNSPEC); /* Clear records of DNS service browse subscriber, since caches are flushed */
1810 dns_browse_services_restart(m);
1811
90df0fbe 1812 log_full(log_level, "Flushed all caches.");
ba35662f 1813}
943ef07c 1814
59c0fd0e 1815void manager_reset_server_features(Manager *m) {
59c0fd0e
LP		 1816
1817 dns_server_reset_features_all(m->dns_servers);
1818 dns_server_reset_features_all(m->fallback_dns_servers);
1819
7928c0e0 1820 Link *l;
90e74a66 1821 HASHMAP_FOREACH(l, m->links)
59c0fd0e
LP		 1822 dns_server_reset_features_all(l->dns_servers);
1823
7928c0e0
LP		 1824 DnsDelegate *d;
1825 HASHMAP_FOREACH(d, m->delegates)
1826 dns_server_reset_features_all(d->dns_servers);
1827
59c0fd0e
LP		 1828 log_info("Resetting learnt feature levels on all servers.");
1829}
1830
943ef07c
LP		 1831void manager_cleanup_saved_user(Manager *m) {
1832 _cleanup_closedir_ DIR *d = NULL;
943ef07c
LP		 1833
1834 assert(m);
1835
1836 /* Clean up all saved per-link files in /run/systemd/resolve/netif/ that don't have a matching interface
1837 * anymore. These files are created to persist settings pushed in by the user via the bus, so that resolved can
1838 * be restarted without losing this data. */
1839
1840 d = opendir("/run/systemd/resolve/netif/");
1841 if (!d) {
1842 if (errno == ENOENT)
1843 return;
1844
1845 log_warning_errno(errno, "Failed to open interface directory: %m");
1846 return;
1847 }
1848
1849 FOREACH_DIRENT_ALL(de, d, log_error_errno(errno, "Failed to read interface directory: %m")) {
943ef07c
LP		 1850 int ifindex;
1851 Link *l;
1852
1853 if (!IN_SET(de->d_type, DT_UNKNOWN, DT_REG))
1854 continue;
1855
49bfc877 1856 if (dot_or_dot_dot(de->d_name))
943ef07c
LP		 1857 continue;
1858
597da51b
ZJS		 1859 ifindex = parse_ifindex(de->d_name);
1860 if (ifindex < 0) /* Probably some temporary file from a previous run. Delete it */
943ef07c
LP		 1861 goto rm;
1862
1863 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
1864 if (!l) /* link vanished */
1865 goto rm;
1866
1867 if (l->is_managed) /* now managed by networkd, hence the bus settings are useless */
1868 goto rm;
1869
1870 continue;
1871
1872 rm:
368051ee
LP		 1873 if (unlinkat(dirfd(d), de->d_name, 0) < 0)
1874 log_warning_errno(errno, "Failed to remove left-over interface configuration file '%s', ignoring: %m", de->d_name);
943ef07c
LP		 1875 }
1876}
e7c1b0e4
DR		 1877
1878bool manager_next_dnssd_names(Manager *m) {
108bd5c2 1879 DnssdRegisteredService *s;
e7c1b0e4
DR		 1880 bool tried = false;
1881 int r;
1882
1883 assert(m);
1884
108bd5c2 1885 HASHMAP_FOREACH(s, m->dnssd_registered_services) {
e7c1b0e4
DR		 1886 _cleanup_free_ char * new_name = NULL;
1887
1888 if (!s->withdrawn)
1889 continue;
1890
1891 r = manager_next_random_name(s->name_template, &new_name);
1892 if (r < 0) {
0ef0e269 1893 log_warning_errno(r, "Failed to get new name for service '%s': %m", s->id);
e7c1b0e4
DR		 1894 continue;
1895 }
1896
1897 free_and_replace(s->name_template, new_name);
1898
1899 s->withdrawn = false;
1900
1901 tried = true;
1902 }
1903
1904 if (tried)
1905 manager_refresh_rrs(m);
1906
1907 return tried;
1908}
49ef064c 1909
281df579 1910bool manager_server_is_stub(Manager *m, DnsServer *s) {
49ef064c
LP		 1911 DnsStubListenerExtra *l;
1912
1913 assert(m);
281df579 1914 assert(s);
49ef064c
LP		 1915
1916 /* Safety check: we generally already skip the main stub when parsing configuration. But let's be
1917 * extra careful, and check here again */
281df579
LP		 1918 if (s->family == AF_INET &&
1919 s->address.in.s_addr == htobe32(INADDR_DNS_STUB) &&
1920 dns_server_port(s) == 53)
49ef064c
LP		 1921 return true;
1922
1923 /* Main reason to call this is to check server data against the extra listeners, and filter things
1924 * out. */
1925 ORDERED_SET_FOREACH(l, m->dns_extra_stub_listeners)
281df579
LP		 1926 if (s->family == l->family &&
1927 in_addr_equal(s->family, &s->address, &l->address) &&
1928 dns_server_port(s) == dns_stub_listener_extra_port(l))
49ef064c
LP		 1929 return true;
1930
1931 return false;
1932}
eb170e75
LP		 1933
1934int socket_disable_pmtud(int fd, int af) {
1935 int r;
1936
1937 assert(fd >= 0);
1938
1939 if (af == AF_UNSPEC) {
5f64d2bf
LP		 1940 af = socket_get_family(fd);
1941 if (af < 0)
1942 return af;
eb170e75
LP		 1943 }
1944
1945 switch (af) {
1946
1947 case AF_INET: {
1948 /* Turn off path MTU discovery, let's rather fragment on the way than to open us up against
1949 * PMTU forgery vulnerabilities.
1950 *
1951 * There appears to be no documentation about IP_PMTUDISC_OMIT, but it has the effect that
1952 * the "Don't Fragment" bit in the IPv4 header is turned off, thus enforcing fragmentation if
1953 * our datagram size exceeds the MTU of a router in the path, and turning off path MTU
1954 * discovery.
1955 *
1956 * This helps mitigating the PMTUD vulnerability described here:
1957 *
1958 * https://blog.apnic.net/2019/07/12/its-time-to-consider-avoiding-ip-fragmentation-in-the-dns/
1959 *
1960 * Similar logic is in place in most DNS servers.
1961 *
1962 * There are multiple conflicting goals: we want to allow the largest datagrams possible (for
1963 * efficiency reasons), but not have fragmentation (for security reasons), nor use PMTUD (for
1964 * security reasons, too). Our strategy to deal with this is: use large packets, turn off
1965 * PMTUD, but watch fragmentation taking place, and then size our packets to the max of the
1966 * fragments seen — and if we need larger packets always go to TCP.
1967 */
1968
1969 r = setsockopt_int(fd, IPPROTO_IP, IP_MTU_DISCOVER, IP_PMTUDISC_OMIT);
1970 if (r < 0)
1971 return r;
1972
1973 return 0;
1974 }
1975
1976 case AF_INET6: {
1977 /* On IPv6 fragmentation only is done by the sender — never by routers on the path. PMTUD is
1978 * mandatory. If we want to turn off PMTUD, the only way is by sending with minimal MTU only,
1979 * so that we apply maximum fragmentation locally already, and thus PMTUD doesn't happen
1980 * because there's nothing that could be fragmented further anymore. */
1981
1982 r = setsockopt_int(fd, IPPROTO_IPV6, IPV6_MTU, IPV6_MIN_MTU);
1983 if (r < 0)
1984 return r;
1985
1986 return 0;
1987 }
1988
1989 default:
1990 return -EAFNOSUPPORT;
1991 }
1992}
bc837621 1993
309a747f 1994int dns_manager_dump_statistics_json(Manager *m, sd_json_variant **ret) {
bc837621
KV		 1995 uint64_t size = 0, hit = 0, miss = 0;
1996
1997 assert(m);
1998 assert(ret);
1999
2000 LIST_FOREACH(scopes, s, m->dns_scopes) {
2001 size += dns_cache_size(&s->cache);
2002 hit += s->cache.n_hit;
2003 miss += s->cache.n_miss;
2004 }
2005
be5bee2a
LP		 2006 return sd_json_buildo(ret,
2007 SD_JSON_BUILD_PAIR("transactions", SD_JSON_BUILD_OBJECT(
2008 SD_JSON_BUILD_PAIR_UNSIGNED("currentTransactions", hashmap_size(m->dns_transactions)),
2009 SD_JSON_BUILD_PAIR_UNSIGNED("totalTransactions", m->n_transactions_total),
2010 SD_JSON_BUILD_PAIR_UNSIGNED("totalTimeouts", m->n_timeouts_total),
2011 SD_JSON_BUILD_PAIR_UNSIGNED("totalTimeoutsServedStale", m->n_timeouts_served_stale_total),
2012 SD_JSON_BUILD_PAIR_UNSIGNED("totalFailedResponses", m->n_failure_responses_total),
2013 SD_JSON_BUILD_PAIR_UNSIGNED("totalFailedResponsesServedStale", m->n_failure_responses_served_stale_total)
2014 )),
2015 SD_JSON_BUILD_PAIR("cache", SD_JSON_BUILD_OBJECT(
2016 SD_JSON_BUILD_PAIR_UNSIGNED("size", size),
2017 SD_JSON_BUILD_PAIR_UNSIGNED("hits", hit),
2018 SD_JSON_BUILD_PAIR_UNSIGNED("misses", miss)
2019 )),
2020 SD_JSON_BUILD_PAIR("dnssec", SD_JSON_BUILD_OBJECT(
2021 SD_JSON_BUILD_PAIR_UNSIGNED("secure", m->n_dnssec_verdict[DNSSEC_SECURE]),
2022 SD_JSON_BUILD_PAIR_UNSIGNED("insecure", m->n_dnssec_verdict[DNSSEC_INSECURE]),
2023 SD_JSON_BUILD_PAIR_UNSIGNED("bogus", m->n_dnssec_verdict[DNSSEC_BOGUS]),
2024 SD_JSON_BUILD_PAIR_UNSIGNED("indeterminate", m->n_dnssec_verdict[DNSSEC_INDETERMINATE])
2025 )));
bc837621
KV		 2026}
2027
a67e5c6e 2028void dns_manager_reset_statistics(Manager *m) {
bc837621
KV		 2029
2030 assert(m);
2031
2032 LIST_FOREACH(scopes, s, m->dns_scopes)
2033 s->cache.n_hit = s->cache.n_miss = 0;
2034
2035 m->n_transactions_total = 0;
2036 m->n_timeouts_total = 0;
2037 m->n_timeouts_served_stale_total = 0;
2038 m->n_failure_responses_total = 0;
2039 m->n_failure_responses_served_stale_total = 0;
2040 zero(m->n_dnssec_verdict);
2041}
54401c6f
NR		 2042
2043static int dns_configuration_json_append(
2044 const char *ifname,
2045 int ifindex,
2046 int default_route,
2047 DnsServer *current_dns_server,
2048 DnsServer *dns_servers,
2049 DnsSearchDomain *search_domains,
2050 sd_json_variant **configuration) {
2051
2052 _cleanup_(sd_json_variant_unrefp) sd_json_variant *dns_servers_json = NULL,
2053 *search_domains_json = NULL,
2054 *current_dns_server_json = NULL;
2055 int r;
2056
2057 assert(configuration);
2058
2059 if (dns_servers) {
2060 r = sd_json_variant_new_array(&dns_servers_json, NULL, 0);
2061 if (r < 0)
2062 return r;
2063 }
2064
2065 if (search_domains) {
2066 r = sd_json_variant_new_array(&search_domains_json, NULL, 0);
2067 if (r < 0)
2068 return r;
2069 }
2070
2071 if (current_dns_server) {
2072 r = dns_server_dump_configuration_to_json(current_dns_server, &current_dns_server_json);
2073 if (r < 0)
2074 return r;
2075 }
2076
2077 LIST_FOREACH(servers, s, dns_servers) {
2078 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
2079
2080 assert(dns_servers_json);
2081
2082 r = dns_server_dump_configuration_to_json(s, &v);
2083 if (r < 0)
2084 return r;
2085
2086 r = sd_json_variant_append_array(&dns_servers_json, v);
2087 if (r < 0)
2088 return r;
2089 }
2090
2091 LIST_FOREACH(domains, d, search_domains) {
2092 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
2093
2094 assert(search_domains_json);
2095
2096 r = dns_search_domain_dump_to_json(d, &v);
2097 if (r < 0)
2098 return r;
2099
2100 r = sd_json_variant_append_array(&search_domains_json, v);
2101 if (r < 0)
2102 return r;
2103 }
2104
2105 return sd_json_variant_append_arraybo(
2106 configuration,
2107 JSON_BUILD_PAIR_STRING_NON_EMPTY("ifname", ifname),
2108 SD_JSON_BUILD_PAIR_CONDITION(ifindex > 0, "ifindex", SD_JSON_BUILD_UNSIGNED(ifindex)),
2109 SD_JSON_BUILD_PAIR_CONDITION(ifindex > 0, "defaultRoute", SD_JSON_BUILD_BOOLEAN(default_route > 0)),
2110 JSON_BUILD_PAIR_VARIANT_NON_NULL("currentServer", current_dns_server_json),
2111 JSON_BUILD_PAIR_VARIANT_NON_NULL("servers", dns_servers_json),
2112 JSON_BUILD_PAIR_VARIANT_NON_NULL("searchDomains", search_domains_json));
2113}
2114
2115int manager_dump_dns_configuration_json(Manager *m, sd_json_variant **ret) {
2116 _cleanup_(sd_json_variant_unrefp) sd_json_variant *configuration = NULL;
2117 Link *l;
2118 int r;
2119
2120 assert(m);
2121 assert(ret);
2122
2123 /* Global DNS configuration */
2124 r = dns_configuration_json_append(
2125 /* ifname = */ NULL,
2126 /* ifindex = */ 0,
2127 /* default_route = */ 0,
2128 manager_get_dns_server(m),
2129 m->dns_servers,
2130 m->search_domains,
2131 &configuration);
2132 if (r < 0)
2133 return r;
2134
2135 /* Append configuration for each link */
2136 HASHMAP_FOREACH(l, m->links) {
2137 r = dns_configuration_json_append(
2138 l->ifname,
2139 l->ifindex,
2140 link_get_default_route(l),
2141 link_get_dns_server(l),
2142 l->dns_servers,
2143 l->search_domains,
2144 &configuration);
2145 if (r < 0)
2146 return r;
2147 }
2148
2149 return sd_json_buildo(ret, SD_JSON_BUILD_PAIR_VARIANT("configuration", configuration));
2150}
2151
2152int manager_send_dns_configuration_changed(Manager *m, Link *l, bool reset) {
2153 _cleanup_(sd_json_variant_unrefp) sd_json_variant *configuration = NULL;
2154 int r;
2155
2156 assert(m);
2157
2158 if (set_isempty(m->varlink_dns_configuration_subscription))
2159 return 0;
2160
2161 if (reset) {
2162 dns_server_reset_accessible_all(m->dns_servers);
2163
2164 if (l)
2165 dns_server_reset_accessible_all(l->dns_servers);
2166 }
2167
2168 r = manager_dump_dns_configuration_json(m, &configuration);
2169 if (r < 0)
2170 return log_warning_errno(r, "Failed to dump DNS configuration json: %m");
2171
2172 if (sd_json_variant_equal(configuration, m->dns_configuration_json))
2173 return 0;
2174
2175 JSON_VARIANT_REPLACE(m->dns_configuration_json, TAKE_PTR(configuration));
2176
2177 r = varlink_many_notify(m->varlink_dns_configuration_subscription, m->dns_configuration_json);
2178 if (r < 0)
2179 return log_warning_errno(r, "Failed to send DNS configuration event: %m");
2180
2181 return 0;
2182}
2183
2184int manager_start_dns_configuration_monitor(Manager *m) {
2185 Link *l;
2186 int r;
2187
2188 assert(m);
2189 assert(!m->dns_configuration_json);
2190 assert(!m->netlink_new_route_slot);
2191 assert(!m->netlink_del_route_slot);
2192
2193 dns_server_reset_accessible_all(m->dns_servers);
2194
2195 HASHMAP_FOREACH(l, m->links)
2196 dns_server_reset_accessible_all(l->dns_servers);
2197
2198 r = manager_dump_dns_configuration_json(m, &m->dns_configuration_json);
2199 if (r < 0)
2200 return r;
2201
2202 r = sd_netlink_add_match(m->rtnl, &m->netlink_new_route_slot, RTM_NEWROUTE, manager_process_route, NULL, m, "resolve-NEWROUTE");
2203 if (r < 0)
2204 return r;
2205
2206 r = sd_netlink_add_match(m->rtnl, &m->netlink_del_route_slot, RTM_DELROUTE, manager_process_route, NULL, m, "resolve-DELROUTE");
2207 if (r < 0)
2208 return r;
2209
2210 return 0;
2211}
2212
2213void manager_stop_dns_configuration_monitor(Manager *m) {
2214 assert(m);
2215
2216 m->dns_configuration_json = sd_json_variant_unref(m->dns_configuration_json);
2217 m->netlink_new_route_slot = sd_netlink_slot_unref(m->netlink_new_route_slot);
2218 m->netlink_del_route_slot = sd_netlink_slot_unref(m->netlink_del_route_slot);
2219}
Unnamed repository; edit this file 'description' to name the repository.