]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolved-manager.c
projects / thirdparty / systemd.git / blob
? search:


df0b2213bef3929c887d3ad4b262c29745b9c63e
[thirdparty/systemd.git] / src / resolve / resolved-manager.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <fcntl.h>
4 #include <linux/ipv6.h>
5 #include <netinet/in.h>
6 #include <poll.h>
7 #include <unistd.h>
8
9 #include "sd-bus.h"
10 #include "sd-netlink.h"
11 #include "sd-network.h"
12
13 #include "af-list.h"
14 #include "alloc-util.h"
15 #include "daemon-util.h"
16 #include "dirent-util.h"
17 #include "dns-answer.h"
18 #include "dns-domain.h"
19 #include "dns-packet.h"
20 #include "dns-question.h"
21 #include "dns-rr.h"
22 #include "errno-util.h"
23 #include "event-util.h"
24 #include "fd-util.h"
25 #include "hostname-setup.h"
26 #include "hostname-util.h"
27 #include "io-util.h"
28 #include "iovec-util.h"
29 #include "json-util.h"
30 #include "memstream-util.h"
31 #include "missing-network.h"
32 #include "ordered-set.h"
33 #include "parse-util.h"
34 #include "random-util.h"
35 #include "resolved-bus.h"
36 #include "resolved-conf.h"
37 #include "resolved-dns-delegate.h"
38 #include "resolved-dns-query.h"
39 #include "resolved-dns-scope.h"
40 #include "resolved-dns-search-domain.h"
41 #include "resolved-dns-server.h"
42 #include "resolved-dns-stub.h"
43 #include "resolved-dns-transaction.h"
44 #include "resolved-dnssd.h"
45 #include "resolved-etc-hosts.h"
46 #include "resolved-link.h"
47 #include "resolved-llmnr.h"
48 #include "resolved-manager.h"
49 #include "resolved-mdns.h"
50 #include "resolved-resolv-conf.h"
51 #include "resolved-socket-graveyard.h"
52 #include "resolved-util.h"
53 #include "resolved-varlink.h"
54 #include "set.h"
55 #include "socket-util.h"
56 #include "string-util.h"
57 #include "time-util.h"
58 #include "varlink-util.h"
59
60 #define SEND_TIMEOUT_USEC (200 * USEC_PER_MSEC)
61
62 static int manager_process_link(sd_netlink *rtnl, sd_netlink_message *mm, void *userdata) {
63 Manager *m = ASSERT_PTR(userdata);
64 uint16_t type;
65 Link *l;
66 int ifindex, r;
67
68 assert(rtnl);
69 assert(mm);
70
71 r = sd_netlink_message_get_type(mm, &type);
72 if (r < 0)
73 goto fail;
74
75 r = sd_rtnl_message_link_get_ifindex(mm, &ifindex);
76 if (r < 0)
77 goto fail;
78
79 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
80
81 switch (type) {
82
83 case RTM_NEWLINK:{
84 bool is_new = !l;
85
86 if (!l) {
87 r = link_new(m, &l, ifindex);
88 if (r < 0)
89 goto fail;
90 }
91
92 r = link_process_rtnl(l, mm);
93 if (r < 0)
94 goto fail;
95
96 r = link_update(l);
97 if (r < 0)
98 goto fail;
99
100 if (is_new)
101 log_debug("Found new link %i/%s", ifindex, l->ifname);
102
103 break;
104 }
105
106 case RTM_DELLINK:
107 if (l) {
108 log_debug("Removing link %i/%s", l->ifindex, l->ifname);
109 link_remove_user(l);
110 link_free(l);
111
112 /* Make sure DNS servers are dropped from written resolv.conf if their link goes away */
113 manager_write_resolv_conf(m);
114 }
115
116 break;
117 }
118
119 /* Now check all the links, and if mDNS/llmr are disabled everywhere, stop them globally too. */
120 manager_llmnr_maybe_stop(m);
121 manager_mdns_maybe_stop(m);
122
123 /* The accessible flag on link DNS servers will have been reset by
124 * link_update(). Just reset the global DNS servers. */
125 (void) manager_send_dns_configuration_changed(m, NULL, /* reset= */ true);
126
127 return 0;
128
129 fail:
130 log_warning_errno(r, "Failed to process RTNL link message: %m");
131 return 0;
132 }
133
134 static int manager_process_address(sd_netlink *rtnl, sd_netlink_message *mm, void *userdata) {
135 Manager *m = ASSERT_PTR(userdata);
136 union in_addr_union address, broadcast = {};
137 uint16_t type;
138 int r, ifindex, family;
139 LinkAddress *a;
140 Link *l;
141
142 assert(rtnl);
143 assert(mm);
144
145 r = sd_netlink_message_get_type(mm, &type);
146 if (r < 0)
147 goto fail;
148
149 r = sd_rtnl_message_addr_get_ifindex(mm, &ifindex);
150 if (r < 0)
151 goto fail;
152
153 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
154 if (!l)
155 return 0;
156
157 r = sd_rtnl_message_addr_get_family(mm, &family);
158 if (r < 0)
159 goto fail;
160
161 switch (family) {
162
163 case AF_INET:
164 sd_netlink_message_read_in_addr(mm, IFA_BROADCAST, &broadcast.in);
165 r = sd_netlink_message_read_in_addr(mm, IFA_LOCAL, &address.in);
166 if (r < 0) {
167 r = sd_netlink_message_read_in_addr(mm, IFA_ADDRESS, &address.in);
168 if (r < 0)
169 goto fail;
170 }
171
172 break;
173
174 case AF_INET6:
175 r = sd_netlink_message_read_in6_addr(mm, IFA_LOCAL, &address.in6);
176 if (r < 0) {
177 r = sd_netlink_message_read_in6_addr(mm, IFA_ADDRESS, &address.in6);
178 if (r < 0)
179 goto fail;
180 }
181
182 break;
183
184 default:
185 return 0;
186 }
187
188 a = link_find_address(l, family, &address);
189
190 switch (type) {
191
192 case RTM_NEWADDR:
193
194 if (!a) {
195 r = link_address_new(l, &a, family, &address, &broadcast);
196 if (r < 0)
197 return r;
198 }
199
200 r = link_address_update_rtnl(a, mm);
201 if (r < 0)
202 return r;
203
204 break;
205
206 case RTM_DELADDR:
207 link_address_free(a);
208 break;
209 }
210
211 (void) manager_send_dns_configuration_changed(m, l, /* reset= */ true);
212
213 return 0;
214
215 fail:
216 log_warning_errno(r, "Failed to process RTNL address message: %m");
217 return 0;
218 }
219
220 static int manager_process_route(sd_netlink *rtnl, sd_netlink_message *mm, void *userdata) {
221 Manager *m = ASSERT_PTR(userdata);
222 Link *l = NULL;
223 uint16_t type;
224 uint32_t ifindex = 0;
225 int r;
226
227 assert(rtnl);
228 assert(mm);
229
230 r = sd_netlink_message_get_type(mm, &type);
231 if (r < 0) {
232 log_warning_errno(r, "Failed to get rtnl message type, ignoring: %m");
233 return 0;
234 }
235
236 if (!IN_SET(type, RTM_NEWROUTE, RTM_DELROUTE)) {
237 log_warning("Unexpected message type %u when processing route, ignoring.", type);
238 return 0;
239 }
240
241 r = sd_netlink_message_read_u32(mm, RTA_OIF, &ifindex);
242 if (r < 0)
243 log_full_errno(r == -ENODATA ? LOG_DEBUG : LOG_WARNING, r, "Failed to get route ifindex, ignoring: %m");
244 else
245 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
246
247 (void) manager_send_dns_configuration_changed(m, l, /* reset= */ true);
248
249 return 0;
250 }
251
252 static int manager_rtnl_listen(Manager *m) {
253 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
254 int r;
255
256 assert(m);
257
258 /* First, subscribe to interfaces coming and going */
259 r = sd_netlink_open(&m->rtnl);
260 if (r < 0)
261 return r;
262
263 r = sd_netlink_attach_event(m->rtnl, m->event, SD_EVENT_PRIORITY_IMPORTANT);
264 if (r < 0)
265 return r;
266
267 r = sd_netlink_add_match(m->rtnl, NULL, RTM_NEWLINK, manager_process_link, NULL, m, "resolve-NEWLINK");
268 if (r < 0)
269 return r;
270
271 r = sd_netlink_add_match(m->rtnl, NULL, RTM_DELLINK, manager_process_link, NULL, m, "resolve-DELLINK");
272 if (r < 0)
273 return r;
274
275 r = sd_netlink_add_match(m->rtnl, NULL, RTM_NEWADDR, manager_process_address, NULL, m, "resolve-NEWADDR");
276 if (r < 0)
277 return r;
278
279 r = sd_netlink_add_match(m->rtnl, NULL, RTM_DELADDR, manager_process_address, NULL, m, "resolve-DELADDR");
280 if (r < 0)
281 return r;
282
283 /* Then, enumerate all links */
284 r = sd_rtnl_message_new_link(m->rtnl, &req, RTM_GETLINK, 0);
285 if (r < 0)
286 return r;
287
288 r = sd_netlink_message_set_request_dump(req, true);
289 if (r < 0)
290 return r;
291
292 r = sd_netlink_call(m->rtnl, req, 0, &reply);
293 if (r < 0)
294 return r;
295
296 for (sd_netlink_message *i = reply; i; i = sd_netlink_message_next(i)) {
297 r = manager_process_link(m->rtnl, i, m);
298 if (r < 0)
299 return r;
300 }
301
302 req = sd_netlink_message_unref(req);
303 reply = sd_netlink_message_unref(reply);
304
305 /* Finally, enumerate all addresses, too */
306 r = sd_rtnl_message_new_addr(m->rtnl, &req, RTM_GETADDR, 0, AF_UNSPEC);
307 if (r < 0)
308 return r;
309
310 r = sd_netlink_message_set_request_dump(req, true);
311 if (r < 0)
312 return r;
313
314 r = sd_netlink_call(m->rtnl, req, 0, &reply);
315 if (r < 0)
316 return r;
317
318 for (sd_netlink_message *i = reply; i; i = sd_netlink_message_next(i)) {
319 r = manager_process_address(m->rtnl, i, m);
320 if (r < 0)
321 return r;
322 }
323
324 return r;
325 }
326
327 static int on_network_event(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
328 Manager *m = ASSERT_PTR(userdata);
329 Link *l;
330 int r;
331
332 sd_network_monitor_flush(m->network_monitor);
333
334 HASHMAP_FOREACH(l, m->links) {
335 r = link_update(l);
336 if (r < 0)
337 log_warning_errno(r, "Failed to update monitor information for %i: %m", l->ifindex);
338 }
339
340 (void) manager_write_resolv_conf(m);
341 (void) manager_send_changed(m, "DNS");
342 (void) manager_send_dns_configuration_changed(m, NULL, /* reset= */ true);
343
344 /* Now check all the links, and if mDNS/llmr are disabled everywhere, stop them globally too. */
345 manager_llmnr_maybe_stop(m);
346 manager_mdns_maybe_stop(m);
347 return 0;
348 }
349
350 static int manager_network_monitor_listen(Manager *m) {
351 int r, fd, events;
352
353 assert(m);
354
355 r = sd_network_monitor_new(&m->network_monitor, NULL);
356 if (r < 0)
357 return r;
358
359 fd = sd_network_monitor_get_fd(m->network_monitor);
360 if (fd < 0)
361 return fd;
362
363 events = sd_network_monitor_get_events(m->network_monitor);
364 if (events < 0)
365 return events;
366
367 r = sd_event_add_io(m->event, &m->network_event_source, fd, events, &on_network_event, m);
368 if (r < 0)
369 return r;
370
371 r = sd_event_source_set_priority(m->network_event_source, SD_EVENT_PRIORITY_IMPORTANT+5);
372 if (r < 0)
373 return r;
374
375 (void) sd_event_source_set_description(m->network_event_source, "network-monitor");
376
377 return 0;
378 }
379
380 static int manager_clock_change_listen(Manager *m);
381
382 static int on_clock_change(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
383 Manager *m = ASSERT_PTR(userdata);
384
385 /* The clock has changed, let's flush all caches. Why that? That's because DNSSEC validation takes
386 * the system clock into consideration, and if the clock changes the old validations might have been
387 * wrong. Let's redo all validation with the new, correct time.
388 *
389 * (Also, this is triggered after system suspend, which is also a good reason to drop caches, since
390 * we might be connected to a different network now without this being visible in a dropped link
391 * carrier or so.) */
392
393 log_info("Clock change detected. Flushing caches.");
394 manager_flush_caches(m, LOG_DEBUG /* downgrade the functions own log message, since we already logged here at LOG_INFO level */);
395
396 /* The clock change timerfd is unusable after it triggered once, create a new one. */
397 return manager_clock_change_listen(m);
398 }
399
400 static int manager_clock_change_listen(Manager *m) {
401 int r;
402
403 assert(m);
404
405 m->clock_change_event_source = sd_event_source_disable_unref(m->clock_change_event_source);
406
407 r = event_add_time_change(m->event, &m->clock_change_event_source, on_clock_change, m);
408 if (r < 0)
409 return log_error_errno(r, "Failed to create clock change event source: %m");
410
411 return 0;
412 }
413
414 static int determine_hostnames(char **full_hostname, char **llmnr_hostname, char **mdns_hostname) {
415 _cleanup_free_ char *h = NULL, *n = NULL;
416 int r;
417
418 assert(full_hostname);
419 assert(llmnr_hostname);
420 assert(mdns_hostname);
421
422 r = resolve_system_hostname(&h, &n);
423 if (r < 0)
424 return r;
425
426 r = dns_name_concat(n, "local", 0, mdns_hostname);
427 if (r < 0)
428 return log_error_errno(r, "Failed to determine mDNS hostname: %m");
429
430 *llmnr_hostname = TAKE_PTR(n);
431 *full_hostname = TAKE_PTR(h);
432
433 return 0;
434 }
435
436 static char* fallback_hostname(void) {
437
438 /* Determine the fall back hostname. For exposing this system to the outside world, we cannot have it
439 * to be "localhost" even if that's the default hostname. In this case, let's revert to "linux"
440 * instead. */
441
442 _cleanup_free_ char *n = get_default_hostname();
443 if (!n)
444 return NULL;
445
446 if (is_localhost(n))
447 return strdup("linux");
448
449 return TAKE_PTR(n);
450 }
451
452 static int make_fallback_hostnames(char **full_hostname, char **llmnr_hostname, char **mdns_hostname) {
453 _cleanup_free_ char *h = NULL, *n = NULL, *m = NULL;
454 char label[DNS_LABEL_MAX+1];
455 const char *p;
456 int r;
457
458 assert(full_hostname);
459 assert(llmnr_hostname);
460 assert(mdns_hostname);
461
462 p = h = fallback_hostname();
463 if (!h)
464 return log_oom();
465
466 r = dns_label_unescape(&p, label, sizeof label, 0);
467 if (r < 0)
468 return log_error_errno(r, "Failed to unescape fallback hostname: %m");
469
470 assert(r > 0); /* The fallback hostname must have at least one label */
471
472 r = dns_label_escape_new(label, r, &n);
473 if (r < 0)
474 return log_error_errno(r, "Failed to escape fallback hostname: %m");
475
476 r = dns_name_concat(n, "local", 0, &m);
477 if (r < 0)
478 return log_error_errno(r, "Failed to concatenate mDNS hostname: %m");
479
480 *llmnr_hostname = TAKE_PTR(n);
481 *mdns_hostname = TAKE_PTR(m);
482 *full_hostname = TAKE_PTR(h);
483
484 return 0;
485 }
486
487 static int on_hostname_change(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
488 _cleanup_free_ char *full_hostname = NULL, *llmnr_hostname = NULL, *mdns_hostname = NULL;
489 Manager *m = ASSERT_PTR(userdata);
490 bool llmnr_hostname_changed;
491 int r;
492
493 r = determine_hostnames(&full_hostname, &llmnr_hostname, &mdns_hostname);
494 if (r < 0) {
495 log_warning_errno(r, "Failed to determine the local hostname and LLMNR/mDNS names, ignoring: %m");
496 return 0; /* ignore invalid hostnames */
497 }
498
499 llmnr_hostname_changed = !streq(llmnr_hostname, m->llmnr_hostname);
500 if (streq(full_hostname, m->full_hostname) &&
501 !llmnr_hostname_changed &&
502 streq(mdns_hostname, m->mdns_hostname))
503 return 0;
504
505 log_info("System hostname changed to '%s'.", full_hostname);
506
507 free_and_replace(m->full_hostname, full_hostname);
508 free_and_replace(m->llmnr_hostname, llmnr_hostname);
509 free_and_replace(m->mdns_hostname, mdns_hostname);
510
511 manager_refresh_rrs(m);
512 (void) manager_send_changed(m, "LLMNRHostname");
513
514 return 0;
515 }
516
517 static int manager_watch_hostname(Manager *m) {
518 int r;
519
520 assert(m);
521
522 m->hostname_fd = open("/proc/sys/kernel/hostname",
523 O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
524 if (m->hostname_fd < 0) {
525 log_warning_errno(errno, "Failed to watch hostname: %m");
526 return 0;
527 }
528
529 r = sd_event_add_io(m->event, &m->hostname_event_source, m->hostname_fd, 0, on_hostname_change, m);
530 if (r < 0)
531 return log_error_errno(r, "Failed to add hostname event source: %m");
532
533 (void) sd_event_source_set_description(m->hostname_event_source, "hostname");
534
535 r = determine_hostnames(&m->full_hostname, &m->llmnr_hostname, &m->mdns_hostname);
536 if (r < 0) {
537 _cleanup_free_ char *d = NULL;
538
539 d = fallback_hostname();
540 if (!d)
541 return log_oom();
542
543 log_info("Defaulting to hostname '%s'.", d);
544
545 r = make_fallback_hostnames(&m->full_hostname, &m->llmnr_hostname, &m->mdns_hostname);
546 if (r < 0)
547 return r;
548 } else
549 log_info("Using system hostname '%s'.", m->full_hostname);
550
551 return 0;
552 }
553
554 static int manager_sigusr1(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
555 _cleanup_(memstream_done) MemStream ms = {};
556 Manager *m = ASSERT_PTR(userdata);
557 Link *l;
558 FILE *f;
559
560 assert(s);
561 assert(si);
562
563 f = memstream_init(&ms);
564 if (!f)
565 return log_oom();
566
567 LIST_FOREACH(scopes, scope, m->dns_scopes)
568 dns_scope_dump(scope, f);
569
570 LIST_FOREACH(servers, server, m->dns_servers)
571 dns_server_dump(server, f);
572 LIST_FOREACH(servers, server, m->fallback_dns_servers)
573 dns_server_dump(server, f);
574 HASHMAP_FOREACH(l, m->links)
575 LIST_FOREACH(servers, server, l->dns_servers)
576 dns_server_dump(server, f);
577 DnsDelegate *delegate;
578 HASHMAP_FOREACH(delegate, m->delegates)
579 LIST_FOREACH(servers, server, delegate->dns_servers)
580 dns_server_dump(server, f);
581
582 return memstream_dump(LOG_INFO, &ms);
583 }
584
585 static int manager_sigusr2(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
586 Manager *m = ASSERT_PTR(userdata);
587
588 assert(s);
589 assert(si);
590
591 manager_flush_caches(m, LOG_INFO);
592
593 return 0;
594 }
595
596 static int manager_sigrtmin1(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
597 Manager *m = ASSERT_PTR(userdata);
598
599 assert(s);
600 assert(si);
601
602 manager_reset_server_features(m);
603 return 0;
604 }
605
606 static int manager_memory_pressure(sd_event_source *s, void *userdata) {
607 Manager *m = ASSERT_PTR(userdata);
608
609 log_info("Under memory pressure, flushing caches.");
610
611 manager_flush_caches(m, LOG_INFO);
612 sd_event_trim_memory();
613
614 return 0;
615 }
616
617 static int manager_memory_pressure_listen(Manager *m) {
618 int r;
619
620 assert(m);
621
622 r = sd_event_add_memory_pressure(m->event, NULL, manager_memory_pressure, m);
623 if (r < 0)
624 log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) || ERRNO_IS_PRIVILEGE(r) || (r == -EHOSTDOWN )? LOG_DEBUG : LOG_NOTICE, r,
625 "Failed to install memory pressure event source, ignoring: %m");
626
627 return 0;
628 }
629
630 static void manager_set_defaults(Manager *m) {
631 assert(m);
632
633 m->llmnr_support = DEFAULT_LLMNR_MODE;
634 m->mdns_support = DEFAULT_MDNS_MODE;
635 m->dnssec_mode = DEFAULT_DNSSEC_MODE;
636 m->dns_over_tls_mode = DEFAULT_DNS_OVER_TLS_MODE;
637 m->enable_cache = DNS_CACHE_MODE_YES;
638 m->dns_stub_listener_mode = DNS_STUB_LISTENER_YES;
639 m->read_etc_hosts = true;
640 m->resolve_unicast_single_label = false;
641 m->cache_from_localhost = false;
642 m->stale_retention_usec = 0;
643 m->refuse_record_types = set_free(m->refuse_record_types);
644 m->resolv_conf_stat = (struct stat) {};
645 }
646
647 static int manager_dispatch_reload_signal(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
648 Manager *m = ASSERT_PTR(userdata);
649 Link *l;
650 int r;
651
652 (void) notify_reloading();
653
654 dns_server_unlink_on_reload(m->dns_servers);
655 dns_server_unlink_on_reload(m->fallback_dns_servers);
656 m->dns_extra_stub_listeners = ordered_set_free(m->dns_extra_stub_listeners);
657 manager_dns_stub_stop(m);
658 dnssd_registered_service_clear_on_reload(m->dnssd_registered_services);
659 m->unicast_scope = dns_scope_free(m->unicast_scope);
660 m->delegates = hashmap_free(m->delegates);
661 dns_trust_anchor_flush(&m->trust_anchor);
662
663 manager_set_defaults(m);
664
665 r = dns_trust_anchor_load(&m->trust_anchor);
666 if (r < 0)
667 return sd_event_exit(sd_event_source_get_event(s), r);
668
669 r = manager_parse_config_file(m);
670 if (r < 0)
671 log_warning_errno(r, "Failed to parse configuration file on reload, ignoring: %m");
672 else
673 log_info("Config file reloaded.");
674
675 (void) dnssd_load(m);
676 (void) manager_load_delegates(m);
677
678 /* The default scope configuration is influenced by the manager's configuration (modes, etc.), so
679 * recreate it on reload. */
680 r = dns_scope_new(m, &m->unicast_scope, DNS_SCOPE_GLOBAL, /* link= */ NULL, /* delegate= */ NULL, DNS_PROTOCOL_DNS, AF_UNSPEC);
681 if (r < 0)
682 return sd_event_exit(sd_event_source_get_event(s), r);
683
684 /* A link's unicast scope may also be influenced by the manager's configuration. I.e., DNSSEC= and DNSOverTLS=
685 * from the manager will be used if not explicitly configured on the link. Free the scopes here so that
686 * link_allocate_scopes() in on_network_event() re-creates them. */
687 HASHMAP_FOREACH(l, m->links)
688 l->unicast_scope = dns_scope_free(l->unicast_scope);
689
690 /* The configuration has changed, so reload the per-interface configuration too in order to take
691 * into account any changes (e.g.: enable/disable DNSSEC). */
692 r = on_network_event(/* source= */ NULL, -EBADF, /* revents= */ 0, m);
693 if (r < 0)
694 log_warning_errno(r, "Failed to update network information on reload, ignoring: %m");
695
696 /* We have new configuration, which means potentially new servers, so close all connections and drop
697 * all caches, so that we can start fresh. */
698 (void) dns_stream_disconnect_all(m);
699 manager_flush_caches(m, LOG_INFO);
700 manager_verify_all(m);
701
702 r = manager_dns_stub_start(m);
703 if (r < 0)
704 return sd_event_exit(sd_event_source_get_event(s), r);
705
706 (void) sd_notify(/* unset_environment= */ false, NOTIFY_READY_MESSAGE);
707 return 0;
708 }
709
710 int manager_new(Manager **ret) {
711 _cleanup_(manager_freep) Manager *m = NULL;
712 int r;
713
714 assert(ret);
715
716 m = new(Manager, 1);
717 if (!m)
718 return -ENOMEM;
719
720 *m = (Manager) {
721 .llmnr_ipv4_udp_fd = -EBADF,
722 .llmnr_ipv6_udp_fd = -EBADF,
723 .llmnr_ipv4_tcp_fd = -EBADF,
724 .llmnr_ipv6_tcp_fd = -EBADF,
725 .mdns_ipv4_fd = -EBADF,
726 .mdns_ipv6_fd = -EBADF,
727 .hostname_fd = -EBADF,
728
729 .read_resolv_conf = true,
730 .need_builtin_fallbacks = true,
731 .etc_hosts_last = USEC_INFINITY,
732
733 .sigrtmin18_info.memory_pressure_handler = manager_memory_pressure,
734 .sigrtmin18_info.memory_pressure_userdata = m,
735 };
736
737 manager_set_defaults(m);
738
739 r = dns_trust_anchor_load(&m->trust_anchor);
740 if (r < 0)
741 return r;
742
743 r = manager_parse_config_file(m);
744 if (r < 0)
745 log_warning_errno(r, "Failed to parse configuration file, ignoring: %m");
746
747 #if ENABLE_DNS_OVER_TLS
748 r = dnstls_manager_init(m);
749 if (r < 0)
750 return r;
751 #endif
752
753 r = sd_event_default(&m->event);
754 if (r < 0)
755 return r;
756
757 r = sd_event_set_signal_exit(m->event, true);
758 if (r < 0)
759 return r;
760
761 (void) sd_event_set_watchdog(m->event, true);
762
763 r = manager_watch_hostname(m);
764 if (r < 0)
765 return r;
766
767 (void) dnssd_load(m);
768 (void) manager_load_delegates(m);
769
770 r = dns_scope_new(m, &m->unicast_scope, DNS_SCOPE_GLOBAL, /* link= */ NULL, /* delegate= */ NULL, DNS_PROTOCOL_DNS, AF_UNSPEC);
771 if (r < 0)
772 return r;
773
774 r = manager_network_monitor_listen(m);
775 if (r < 0)
776 return r;
777
778 r = manager_rtnl_listen(m);
779 if (r < 0)
780 return r;
781
782 r = manager_clock_change_listen(m);
783 if (r < 0)
784 return r;
785
786 r = manager_memory_pressure_listen(m);
787 if (r < 0)
788 return r;
789
790 r = manager_connect_bus(m);
791 if (r < 0)
792 return r;
793
794 r = sd_event_add_signal(m->event, /* ret= */ NULL, SIGHUP | SD_EVENT_SIGNAL_PROCMASK, manager_dispatch_reload_signal, m);
795 if (r < 0)
796 return log_debug_errno(r, "Failed to install SIGHUP handler: %m");
797
798 r = sd_event_add_signal(m->event, /* ret= */ NULL, SIGUSR1 | SD_EVENT_SIGNAL_PROCMASK, manager_sigusr1, m);
799 if (r < 0)
800 return log_debug_errno(r, "Failed to install SIGUSR1 handler: %m");
801
802 r = sd_event_add_signal(m->event, /* ret= */ NULL, SIGUSR2 | SD_EVENT_SIGNAL_PROCMASK, manager_sigusr2, m);
803 if (r < 0)
804 return log_debug_errno(r, "Failed to install SIGUSR2 handler: %m");
805
806 r = sd_event_add_signal(m->event, /* ret= */ NULL, (SIGRTMIN+1) | SD_EVENT_SIGNAL_PROCMASK, manager_sigrtmin1, m);
807 if (r < 0)
808 return log_debug_errno(r, "Failed to install SIGRTMIN+1 handler: %m");
809
810 r = sd_event_add_signal(m->event, /* ret= */ NULL, (SIGRTMIN+18) | SD_EVENT_SIGNAL_PROCMASK, sigrtmin18_handler, &m->sigrtmin18_info);
811 if (r < 0)
812 return log_debug_errno(r, "Failed to install SIGRTMIN+18 handler: %m");
813
814 manager_cleanup_saved_user(m);
815
816 *ret = TAKE_PTR(m);
817
818 return 0;
819 }
820
821 int manager_start(Manager *m) {
822 int r;
823
824 assert(m);
825
826 r = manager_dns_stub_start(m);
827 if (r < 0)
828 return r;
829
830 r = manager_varlink_init(m);
831 if (r < 0)
832 return r;
833
834 return 0;
835 }
836
837 Manager* manager_free(Manager *m) {
838 Link *l;
839 DnssdRegisteredService *s;
840 DnsServiceBrowser *sb;
841
842 if (!m)
843 return NULL;
844
845 dns_server_unlink_all(m->dns_servers);
846 dns_server_unlink_all(m->fallback_dns_servers);
847 dns_search_domain_unlink_all(m->search_domains);
848
849 while ((l = hashmap_first(m->links)))
850 link_free(l);
851
852 m->delegates = hashmap_free(m->delegates);
853
854 while (m->dns_queries)
855 dns_query_free(m->dns_queries);
856
857 m->stub_queries_by_packet = hashmap_free(m->stub_queries_by_packet);
858 m->unicast_scope = dns_scope_free(m->unicast_scope);
859
860 /* At this point only orphaned streams should remain. All others should have been freed already by their
861 * owners */
862 while (m->dns_streams)
863 dns_stream_unref(m->dns_streams);
864
865 #if ENABLE_DNS_OVER_TLS
866 dnstls_manager_free(m);
867 #endif
868
869 set_free(m->refuse_record_types);
870 hashmap_free(m->links);
871 hashmap_free(m->dns_transactions);
872
873 sd_event_source_unref(m->network_event_source);
874 sd_network_monitor_unref(m->network_monitor);
875
876 sd_netlink_slot_unref(m->netlink_new_route_slot);
877 sd_netlink_slot_unref(m->netlink_del_route_slot);
878 sd_netlink_unref(m->rtnl);
879 sd_event_source_unref(m->rtnl_event_source);
880 sd_event_source_unref(m->clock_change_event_source);
881
882 sd_json_variant_unref(m->dns_configuration_json);
883
884 manager_llmnr_stop(m);
885 manager_mdns_stop(m);
886 manager_dns_stub_stop(m);
887 manager_varlink_done(m);
888
889 manager_socket_graveyard_clear(m);
890
891 ordered_set_free(m->dns_extra_stub_listeners);
892
893 hashmap_free(m->polkit_registry);
894
895 sd_bus_flush_close_unref(m->bus);
896
897 dns_resource_key_unref(m->llmnr_host_ipv4_key);
898 dns_resource_key_unref(m->llmnr_host_ipv6_key);
899 dns_resource_key_unref(m->mdns_host_ipv4_key);
900 dns_resource_key_unref(m->mdns_host_ipv6_key);
901
902 sd_event_source_unref(m->hostname_event_source);
903 safe_close(m->hostname_fd);
904
905 sd_event_unref(m->event);
906
907 free(m->full_hostname);
908 free(m->llmnr_hostname);
909 free(m->mdns_hostname);
910
911 while ((s = hashmap_first(m->dnssd_registered_services)))
912 dnssd_registered_service_free(s);
913 hashmap_free(m->dnssd_registered_services);
914
915 dns_trust_anchor_flush(&m->trust_anchor);
916 manager_etc_hosts_flush(m);
917
918 while ((sb = hashmap_first(m->dns_service_browsers)))
919 dns_service_browser_free(sb);
920 hashmap_free(m->dns_service_browsers);
921
922 hashmap_free(m->hooks);
923
924 return mfree(m);
925 }
926
927 int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) {
928 _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
929 CMSG_BUFFER_TYPE(CMSG_SPACE(MAXSIZE(struct in_pktinfo, struct in6_pktinfo))
930 + CMSG_SPACE(int) /* ttl/hoplimit */
931 + EXTRA_CMSG_SPACE /* kernel appears to require extra buffer space */) control;
932 union sockaddr_union sa;
933 struct iovec iov;
934 struct msghdr mh = {
935 .msg_name = &sa.sa,
936 .msg_namelen = sizeof(sa),
937 .msg_iov = &iov,
938 .msg_iovlen = 1,
939 .msg_control = &control,
940 .msg_controllen = sizeof(control),
941 };
942 struct cmsghdr *cmsg;
943 ssize_t ms, l;
944 int r;
945
946 assert(m);
947 assert(fd >= 0);
948 assert(ret);
949
950 ms = next_datagram_size_fd(fd);
951 if (ms < 0)
952 return ms;
953
954 r = dns_packet_new(&p, protocol, ms, DNS_PACKET_SIZE_MAX);
955 if (r < 0)
956 return r;
957
958 iov = IOVEC_MAKE(DNS_PACKET_DATA(p), p->allocated);
959
960 l = recvmsg_safe(fd, &mh, 0);
961 if (ERRNO_IS_NEG_TRANSIENT(l))
962 return 0;
963 if (l <= 0)
964 return l;
965
966 p->size = (size_t) l;
967
968 p->family = sa.sa.sa_family;
969 p->ipproto = IPPROTO_UDP;
970 if (p->family == AF_INET) {
971 p->sender.in = sa.in.sin_addr;
972 p->sender_port = be16toh(sa.in.sin_port);
973 } else if (p->family == AF_INET6) {
974 p->sender.in6 = sa.in6.sin6_addr;
975 p->sender_port = be16toh(sa.in6.sin6_port);
976 p->ifindex = sa.in6.sin6_scope_id;
977 } else
978 return -EAFNOSUPPORT;
979
980 p->timestamp = now(CLOCK_BOOTTIME);
981
982 CMSG_FOREACH(cmsg, &mh) {
983
984 if (cmsg->cmsg_level == IPPROTO_IPV6) {
985 assert(p->family == AF_INET6);
986
987 switch (cmsg->cmsg_type) {
988
989 case IPV6_PKTINFO: {
990 struct in6_pktinfo *i = CMSG_TYPED_DATA(cmsg, struct in6_pktinfo);
991
992 if (p->ifindex <= 0)
993 p->ifindex = i->ipi6_ifindex;
994
995 p->destination.in6 = i->ipi6_addr;
996 break;
997 }
998
999 case IPV6_HOPLIMIT:
1000 p->ttl = *CMSG_TYPED_DATA(cmsg, int);
1001 break;
1002
1003 case IPV6_RECVFRAGSIZE:
1004 p->fragsize = *CMSG_TYPED_DATA(cmsg, int);
1005 break;
1006 }
1007 } else if (cmsg->cmsg_level == IPPROTO_IP) {
1008 assert(p->family == AF_INET);
1009
1010 switch (cmsg->cmsg_type) {
1011
1012 case IP_PKTINFO: {
1013 struct in_pktinfo *i = CMSG_TYPED_DATA(cmsg, struct in_pktinfo);
1014
1015 if (p->ifindex <= 0)
1016 p->ifindex = i->ipi_ifindex;
1017
1018 p->destination.in = i->ipi_addr;
1019 break;
1020 }
1021
1022 case IP_TTL:
1023 p->ttl = *CMSG_TYPED_DATA(cmsg, int);
1024 break;
1025
1026 case IP_RECVFRAGSIZE:
1027 p->fragsize = *CMSG_TYPED_DATA(cmsg, int);
1028 break;
1029 }
1030 }
1031 }
1032
1033 /* The Linux kernel sets the interface index to the loopback
1034 * device if the packet came from the local host since it
1035 * avoids the routing table in such a case. Let's unset the
1036 * interface index in such a case. */
1037 if (p->ifindex == LOOPBACK_IFINDEX)
1038 p->ifindex = 0;
1039
1040 if (protocol != DNS_PROTOCOL_DNS) {
1041 /* If we don't know the interface index still, we look for the
1042 * first local interface with a matching address. Yuck! */
1043 if (p->ifindex <= 0)
1044 p->ifindex = manager_find_ifindex(m, p->family, &p->destination);
1045 }
1046
1047 log_debug("Received %s UDP packet of size %zu, ifindex=%i, ttl=%u, fragsize=%zu, sender=%s, destination=%s",
1048 dns_protocol_to_string(protocol), p->size, p->ifindex, p->ttl, p->fragsize,
1049 IN_ADDR_TO_STRING(p->family, &p->sender),
1050 IN_ADDR_TO_STRING(p->family, &p->destination));
1051
1052 *ret = TAKE_PTR(p);
1053 return 1;
1054 }
1055
1056 int sendmsg_loop(int fd, struct msghdr *mh, int flags) {
1057 usec_t end;
1058 int r;
1059
1060 assert(fd >= 0);
1061 assert(mh);
1062
1063 end = usec_add(now(CLOCK_MONOTONIC), SEND_TIMEOUT_USEC);
1064
1065 for (;;) {
1066 if (sendmsg(fd, mh, flags) >= 0)
1067 return 0;
1068 if (errno == EINTR)
1069 continue;
1070 if (errno != EAGAIN)
1071 return -errno;
1072
1073 r = fd_wait_for_event(fd, POLLOUT, LESS_BY(end, now(CLOCK_MONOTONIC)));
1074 if (ERRNO_IS_NEG_TRANSIENT(r))
1075 continue;
1076 if (r < 0)
1077 return r;
1078 if (r == 0)
1079 return -ETIMEDOUT;
1080 }
1081 }
1082
1083 static int write_loop(int fd, void *message, size_t length) {
1084 usec_t end;
1085 int r;
1086
1087 assert(fd >= 0);
1088 assert(message);
1089
1090 end = usec_add(now(CLOCK_MONOTONIC), SEND_TIMEOUT_USEC);
1091
1092 for (;;) {
1093 if (write(fd, message, length) >= 0)
1094 return 0;
1095 if (errno == EINTR)
1096 continue;
1097 if (errno != EAGAIN)
1098 return -errno;
1099
1100 r = fd_wait_for_event(fd, POLLOUT, LESS_BY(end, now(CLOCK_MONOTONIC)));
1101 if (ERRNO_IS_NEG_TRANSIENT(r))
1102 continue;
1103 if (r < 0)
1104 return r;
1105 if (r == 0)
1106 return -ETIMEDOUT;
1107 }
1108 }
1109
1110 int manager_write(Manager *m, int fd, DnsPacket *p) {
1111 int r;
1112
1113 log_debug("Sending %s%s packet with id %" PRIu16 " of size %zu.",
1114 DNS_PACKET_TC(p) ? "truncated (!) " : "",
1115 DNS_PACKET_QR(p) ? "response" : "query",
1116 DNS_PACKET_ID(p),
1117 p->size);
1118
1119 r = write_loop(fd, DNS_PACKET_DATA(p), p->size);
1120 if (r < 0)
1121 return r;
1122
1123 return 0;
1124 }
1125
1126 static int manager_ipv4_send(
1127 Manager *m,
1128 int fd,
1129 int ifindex,
1130 const struct in_addr *destination,
1131 uint16_t port,
1132 const struct in_addr *source,
1133 DnsPacket *p) {
1134
1135 CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct in_pktinfo))) control = {};
1136 union sockaddr_union sa;
1137 struct iovec iov;
1138 struct msghdr mh = {
1139 .msg_iov = &iov,
1140 .msg_iovlen = 1,
1141 .msg_name = &sa.sa,
1142 .msg_namelen = sizeof(sa.in),
1143 };
1144
1145 assert(m);
1146 assert(fd >= 0);
1147 assert(destination);
1148 assert(port > 0);
1149 assert(p);
1150
1151 iov = IOVEC_MAKE(DNS_PACKET_DATA(p), p->size);
1152
1153 sa = (union sockaddr_union) {
1154 .in.sin_family = AF_INET,
1155 .in.sin_addr = *destination,
1156 .in.sin_port = htobe16(port),
1157 };
1158
1159 if (ifindex > 0) {
1160 struct cmsghdr *cmsg;
1161 struct in_pktinfo *pi;
1162
1163 mh.msg_control = &control;
1164 mh.msg_controllen = sizeof(control);
1165
1166 cmsg = CMSG_FIRSTHDR(&mh);
1167 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
1168 cmsg->cmsg_level = IPPROTO_IP;
1169 cmsg->cmsg_type = IP_PKTINFO;
1170
1171 pi = CMSG_TYPED_DATA(cmsg, struct in_pktinfo);
1172 pi->ipi_ifindex = ifindex;
1173
1174 if (source)
1175 pi->ipi_spec_dst = *source;
1176 }
1177
1178 return sendmsg_loop(fd, &mh, 0);
1179 }
1180
1181 static int manager_ipv6_send(
1182 Manager *m,
1183 int fd,
1184 int ifindex,
1185 const struct in6_addr *destination,
1186 uint16_t port,
1187 const struct in6_addr *source,
1188 DnsPacket *p) {
1189
1190 CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct in6_pktinfo))) control = {};
1191 union sockaddr_union sa;
1192 struct iovec iov;
1193 struct msghdr mh = {
1194 .msg_iov = &iov,
1195 .msg_iovlen = 1,
1196 .msg_name = &sa.sa,
1197 .msg_namelen = sizeof(sa.in6),
1198 };
1199
1200 assert(m);
1201 assert(fd >= 0);
1202 assert(destination);
1203 assert(port > 0);
1204 assert(p);
1205
1206 iov = IOVEC_MAKE(DNS_PACKET_DATA(p), p->size);
1207
1208 sa = (union sockaddr_union) {
1209 .in6.sin6_family = AF_INET6,
1210 .in6.sin6_addr = *destination,
1211 .in6.sin6_port = htobe16(port),
1212 .in6.sin6_scope_id = ifindex,
1213 };
1214
1215 if (ifindex > 0) {
1216 struct cmsghdr *cmsg;
1217 struct in6_pktinfo *pi;
1218
1219 mh.msg_control = &control;
1220 mh.msg_controllen = sizeof(control);
1221
1222 cmsg = CMSG_FIRSTHDR(&mh);
1223 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
1224 cmsg->cmsg_level = IPPROTO_IPV6;
1225 cmsg->cmsg_type = IPV6_PKTINFO;
1226
1227 pi = CMSG_TYPED_DATA(cmsg, struct in6_pktinfo);
1228 pi->ipi6_ifindex = ifindex;
1229
1230 if (source)
1231 pi->ipi6_addr = *source;
1232 }
1233
1234 return sendmsg_loop(fd, &mh, 0);
1235 }
1236
1237 static int dns_question_to_json(DnsQuestion *q, sd_json_variant **ret) {
1238 _cleanup_(sd_json_variant_unrefp) sd_json_variant *l = NULL;
1239 DnsResourceKey *key;
1240 int r;
1241
1242 assert(ret);
1243
1244 DNS_QUESTION_FOREACH(key, q) {
1245 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
1246
1247 r = dns_resource_key_to_json(key, &v);
1248 if (r < 0)
1249 return r;
1250
1251 r = sd_json_variant_append_array(&l, v);
1252 if (r < 0)
1253 return r;
1254 }
1255
1256 *ret = TAKE_PTR(l);
1257 return 0;
1258 }
1259
1260 int manager_monitor_send(Manager *m, DnsQuery *q) {
1261 _cleanup_(sd_json_variant_unrefp) sd_json_variant *jquestion = NULL, *jcollected_questions = NULL, *janswer = NULL;
1262 _cleanup_(dns_question_unrefp) DnsQuestion *merged = NULL;
1263 DnsAnswerItem *rri;
1264 int r;
1265
1266 assert(m);
1267
1268 if (set_isempty(m->varlink_query_results_subscription))
1269 return 0;
1270
1271 /* Merge all questions into one */
1272 r = dns_question_merge(q->question_idna, q->question_utf8, &merged);
1273 if (r < 0)
1274 return log_error_errno(r, "Failed to merge UTF8/IDNA questions: %m");
1275
1276 if (q->question_bypass) {
1277 _cleanup_(dns_question_unrefp) DnsQuestion *merged2 = NULL;
1278
1279 r = dns_question_merge(merged, q->question_bypass->question, &merged2);
1280 if (r < 0)
1281 return log_error_errno(r, "Failed to merge UTF8/IDNA questions and DNS packet question: %m");
1282
1283 dns_question_unref(merged);
1284 merged = TAKE_PTR(merged2);
1285 }
1286
1287 /* Convert the current primary question to JSON */
1288 r = dns_question_to_json(merged, &jquestion);
1289 if (r < 0)
1290 return log_error_errno(r, "Failed to convert question to JSON: %m");
1291
1292 /* Generate a JSON array of the questions preceding the current one in the CNAME chain */
1293 r = dns_question_to_json(q->collected_questions, &jcollected_questions);
1294 if (r < 0)
1295 return log_error_errno(r, "Failed to convert question to JSON: %m");
1296
1297 DNS_ANSWER_FOREACH_ITEM(rri, q->answer) {
1298 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
1299
1300 r = dns_resource_record_to_json(rri->rr, &v);
1301 if (r < 0)
1302 return log_error_errno(r, "Failed to convert answer resource record to JSON: %m");
1303
1304 r = dns_resource_record_to_wire_format(rri->rr, /* canonical= */ false); /* don't use DNSSEC canonical format, since it removes casing, but we want that for DNS_SD compat */
1305 if (r < 0)
1306 return log_error_errno(r, "Failed to generate RR wire format: %m");
1307
1308 r = sd_json_variant_append_arraybo(
1309 &janswer,
1310 SD_JSON_BUILD_PAIR_CONDITION(!!v, "rr", SD_JSON_BUILD_VARIANT(v)),
1311 SD_JSON_BUILD_PAIR_BASE64("raw", rri->rr->wire_format, rri->rr->wire_format_size),
1312 SD_JSON_BUILD_PAIR_CONDITION(rri->ifindex > 0, "ifindex", SD_JSON_BUILD_INTEGER(rri->ifindex)));
1313 if (r < 0)
1314 return log_debug_errno(r, "Failed to append notification entry to array: %m");
1315 }
1316
1317 r = varlink_many_notifybo(
1318 m->varlink_query_results_subscription,
1319 SD_JSON_BUILD_PAIR_STRING("state", dns_transaction_state_to_string(q->state)),
1320 SD_JSON_BUILD_PAIR_CONDITION(q->state == DNS_TRANSACTION_DNSSEC_FAILED,
1321 "result", SD_JSON_BUILD_STRING(dnssec_result_to_string(q->answer_dnssec_result))),
1322 SD_JSON_BUILD_PAIR_CONDITION(q->state == DNS_TRANSACTION_RCODE_FAILURE,
1323 "rcode", SD_JSON_BUILD_INTEGER(q->answer_rcode)),
1324 SD_JSON_BUILD_PAIR_CONDITION(q->state == DNS_TRANSACTION_ERRNO,
1325 "errno", SD_JSON_BUILD_INTEGER(q->answer_errno)),
1326 SD_JSON_BUILD_PAIR_CONDITION(IN_SET(q->state,
1327 DNS_TRANSACTION_DNSSEC_FAILED,
1328 DNS_TRANSACTION_RCODE_FAILURE) &&
1329 q->answer_ede_rcode >= 0,
1330 "extendedDNSErrorCode", SD_JSON_BUILD_INTEGER(q->answer_ede_rcode)),
1331 SD_JSON_BUILD_PAIR_CONDITION(IN_SET(q->state,
1332 DNS_TRANSACTION_DNSSEC_FAILED,
1333 DNS_TRANSACTION_RCODE_FAILURE) &&
1334 q->answer_ede_rcode >= 0 && !isempty(q->answer_ede_msg),
1335 "extendedDNSErrorMessage", SD_JSON_BUILD_STRING(q->answer_ede_msg)),
1336 SD_JSON_BUILD_PAIR_VARIANT("question", jquestion),
1337 SD_JSON_BUILD_PAIR_CONDITION(!!jcollected_questions,
1338 "collectedQuestions", SD_JSON_BUILD_VARIANT(jcollected_questions)),
1339 SD_JSON_BUILD_PAIR_CONDITION(!!janswer,
1340 "answer", SD_JSON_BUILD_VARIANT(janswer)));
1341 if (r < 0)
1342 log_debug_errno(r, "Failed to send monitor event, ignoring: %m");
1343
1344 return 0;
1345 }
1346
1347 int manager_send(
1348 Manager *m,
1349 int fd,
1350 int ifindex,
1351 int family,
1352 const union in_addr_union *destination,
1353 uint16_t port,
1354 const union in_addr_union *source,
1355 DnsPacket *p) {
1356
1357 assert(m);
1358 assert(fd >= 0);
1359 assert(destination);
1360 assert(port > 0);
1361 assert(p);
1362
1363 /* For mDNS, it is natural that the packet have truncated flag when we have many known answers. */
1364 bool truncated = DNS_PACKET_TC(p) && (p->protocol != DNS_PROTOCOL_MDNS || !p->more);
1365
1366 log_debug("Sending %s%s packet with id %" PRIu16 " on interface %i/%s of size %zu.",
1367 truncated ? "truncated (!) " : "",
1368 DNS_PACKET_QR(p) ? "response" : "query",
1369 DNS_PACKET_ID(p),
1370 ifindex, af_to_name(family),
1371 p->size);
1372
1373 if (family == AF_INET)
1374 return manager_ipv4_send(m, fd, ifindex, &destination->in, port, source ? &source->in : NULL, p);
1375 if (family == AF_INET6)
1376 return manager_ipv6_send(m, fd, ifindex, &destination->in6, port, source ? &source->in6 : NULL, p);
1377
1378 return -EAFNOSUPPORT;
1379 }
1380
1381 uint32_t manager_find_mtu(Manager *m) {
1382 uint32_t mtu = 0;
1383 Link *l;
1384
1385 /* If we don't know on which link a DNS packet would be delivered, let's find the largest MTU that
1386 * works on all interfaces we know of that have an IP address associated */
1387
1388 HASHMAP_FOREACH(l, m->links) {
1389 /* Let's filter out links without IP addresses (e.g. AF_CAN links and suchlike) */
1390 if (!l->addresses)
1391 continue;
1392
1393 /* Safety check: MTU shorter than what we need for the absolutely shortest DNS request? Then
1394 * let's ignore this link. */
1395 if (l->mtu < MIN(UDP4_PACKET_HEADER_SIZE + DNS_PACKET_HEADER_SIZE,
1396 UDP6_PACKET_HEADER_SIZE + DNS_PACKET_HEADER_SIZE))
1397 continue;
1398
1399 if (mtu <= 0 || l->mtu < mtu)
1400 mtu = l->mtu;
1401 }
1402
1403 if (mtu == 0) /* found nothing? then let's assume the typical Ethernet MTU for lack of anything more precise */
1404 return 1500;
1405
1406 return mtu;
1407 }
1408
1409 int manager_find_ifindex(Manager *m, int family, const union in_addr_union *in_addr) {
1410 LinkAddress *a;
1411
1412 assert(m);
1413
1414 if (!IN_SET(family, AF_INET, AF_INET6))
1415 return 0;
1416
1417 if (!in_addr)
1418 return 0;
1419
1420 a = manager_find_link_address(m, family, in_addr);
1421 if (a)
1422 return a->link->ifindex;
1423
1424 return 0;
1425 }
1426
1427 void manager_refresh_rrs(Manager *m) {
1428 Link *l;
1429 DnssdRegisteredService *s;
1430
1431 assert(m);
1432
1433 m->llmnr_host_ipv4_key = dns_resource_key_unref(m->llmnr_host_ipv4_key);
1434 m->llmnr_host_ipv6_key = dns_resource_key_unref(m->llmnr_host_ipv6_key);
1435 m->mdns_host_ipv4_key = dns_resource_key_unref(m->mdns_host_ipv4_key);
1436 m->mdns_host_ipv6_key = dns_resource_key_unref(m->mdns_host_ipv6_key);
1437
1438 HASHMAP_FOREACH(l, m->links)
1439 link_add_rrs(l, true);
1440
1441 if (m->mdns_support == RESOLVE_SUPPORT_YES)
1442 HASHMAP_FOREACH(s, m->dnssd_registered_services)
1443 if (dnssd_update_rrs(s) < 0)
1444 log_warning("Failed to refresh DNS-SD service '%s'", s->id);
1445
1446 HASHMAP_FOREACH(l, m->links)
1447 link_add_rrs(l, false);
1448 }
1449
1450 static int manager_next_random_name(const char *old, char **ret_new) {
1451 const char *p;
1452 uint64_t u, a;
1453 char *n;
1454
1455 p = strchr(old, 0);
1456 assert(p);
1457
1458 while (p > old) {
1459 if (!ascii_isdigit(p[-1]))
1460 break;
1461
1462 p--;
1463 }
1464
1465 if (*p == 0 || safe_atou64(p, &u) < 0 || u <= 0)
1466 u = 1;
1467
1468 /* Add a random number to the old value. This way we can avoid
1469 * that two hosts pick the same hostname, win on IPv4 and lose
1470 * on IPv6 (or vice versa), and pick the same hostname
1471 * replacement hostname, ad infinitum. We still want the
1472 * numbers to go up monotonically, hence we just add a random
1473 * value 1..10 */
1474
1475 random_bytes(&a, sizeof(a));
1476 u += 1 + a % 10;
1477
1478 if (asprintf(&n, "%.*s%" PRIu64, (int) (p - old), old, u) < 0)
1479 return -ENOMEM;
1480
1481 *ret_new = n;
1482
1483 return 0;
1484 }
1485
1486 int manager_next_hostname(Manager *m) {
1487 _cleanup_free_ char *h = NULL, *k = NULL;
1488 int r;
1489
1490 assert(m);
1491
1492 r = manager_next_random_name(m->llmnr_hostname, &h);
1493 if (r < 0)
1494 return r;
1495
1496 r = dns_name_concat(h, "local", 0, &k);
1497 if (r < 0)
1498 return r;
1499
1500 log_info("Hostname conflict, changing published hostname from '%s' to '%s'.", m->llmnr_hostname, h);
1501
1502 free_and_replace(m->llmnr_hostname, h);
1503 free_and_replace(m->mdns_hostname, k);
1504
1505 manager_refresh_rrs(m);
1506 (void) manager_send_changed(m, "LLMNRHostname");
1507
1508 return 0;
1509 }
1510
1511 LinkAddress* manager_find_link_address(Manager *m, int family, const union in_addr_union *in_addr) {
1512 Link *l;
1513
1514 assert(m);
1515
1516 if (!IN_SET(family, AF_INET, AF_INET6))
1517 return NULL;
1518
1519 if (!in_addr)
1520 return NULL;
1521
1522 HASHMAP_FOREACH(l, m->links) {
1523 LinkAddress *a;
1524
1525 a = link_find_address(l, family, in_addr);
1526 if (a)
1527 return a;
1528 }
1529
1530 return NULL;
1531 }
1532
1533 bool manager_packet_from_local_address(Manager *m, DnsPacket *p) {
1534 assert(m);
1535 assert(p);
1536
1537 /* Let's see if this packet comes from an IP address we have on any local interface */
1538
1539 return !!manager_find_link_address(m, p->family, &p->sender);
1540 }
1541
1542 bool manager_packet_from_our_transaction(Manager *m, DnsPacket *p) {
1543 DnsTransaction *t;
1544
1545 assert(m);
1546 assert(p);
1547
1548 /* Let's see if we have a transaction with a query message with the exact same binary contents as the
1549 * one we just got. If so, it's almost definitely a packet loop of some kind. */
1550
1551 t = hashmap_get(m->dns_transactions, UINT_TO_PTR(DNS_PACKET_ID(p)));
1552 if (!t)
1553 return false;
1554
1555 return t->sent && dns_packet_equal(t->sent, p);
1556 }
1557
1558 DnsScope* manager_find_scope_from_protocol(Manager *m, int ifindex, DnsProtocol protocol, int family) {
1559 Link *l;
1560
1561 assert(m);
1562
1563 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
1564 if (!l)
1565 return NULL;
1566
1567 switch (protocol) {
1568 case DNS_PROTOCOL_LLMNR:
1569 if (family == AF_INET)
1570 return l->llmnr_ipv4_scope;
1571 else if (family == AF_INET6)
1572 return l->llmnr_ipv6_scope;
1573
1574 break;
1575
1576 case DNS_PROTOCOL_MDNS:
1577 if (family == AF_INET)
1578 return l->mdns_ipv4_scope;
1579 else if (family == AF_INET6)
1580 return l->mdns_ipv6_scope;
1581
1582 break;
1583
1584 default:
1585 ;
1586 }
1587
1588 return NULL;
1589 }
1590
1591 void manager_verify_all(Manager *m) {
1592 assert(m);
1593
1594 LIST_FOREACH(scopes, s, m->dns_scopes)
1595 dns_zone_verify_all(&s->zone);
1596 }
1597
1598 int manager_is_own_hostname(Manager *m, const char *name) {
1599 int r;
1600
1601 assert(m);
1602 assert(name);
1603
1604 if (m->llmnr_hostname) {
1605 r = dns_name_equal(name, m->llmnr_hostname);
1606 if (r != 0)
1607 return r;
1608 }
1609
1610 if (m->mdns_hostname) {
1611 r = dns_name_equal(name, m->mdns_hostname);
1612 if (r != 0)
1613 return r;
1614 }
1615
1616 if (m->full_hostname)
1617 return dns_name_equal(name, m->full_hostname);
1618
1619 return 0;
1620 }
1621
1622 int manager_compile_dns_servers(Manager *m, OrderedSet **servers) {
1623 Link *l;
1624 int r;
1625
1626 assert(m);
1627 assert(servers);
1628
1629 r = ordered_set_ensure_allocated(servers, &dns_server_hash_ops);
1630 if (r < 0)
1631 return r;
1632
1633 /* First add the system-wide servers and domains */
1634 LIST_FOREACH(servers, s, m->dns_servers) {
1635 r = ordered_set_put(*servers, s);
1636 if (r == -EEXIST)
1637 continue;
1638 if (r < 0)
1639 return r;
1640 }
1641
1642 /* Then, add the per-link servers */
1643 HASHMAP_FOREACH(l, m->links)
1644 LIST_FOREACH(servers, s, l->dns_servers) {
1645 r = ordered_set_put(*servers, s);
1646 if (r == -EEXIST)
1647 continue;
1648 if (r < 0)
1649 return r;
1650 }
1651
1652 /* Third, add the delegate servers and domains */
1653 DnsDelegate *d;
1654 HASHMAP_FOREACH(d, m->delegates)
1655 LIST_FOREACH(servers, s, d->dns_servers) {
1656 r = ordered_set_put(*servers, s);
1657 if (r == -EEXIST)
1658 continue;
1659 if (r < 0)
1660 return r;
1661 }
1662
1663 /* If we found nothing, add the fallback servers */
1664 if (ordered_set_isempty(*servers)) {
1665 LIST_FOREACH(servers, s, m->fallback_dns_servers) {
1666 r = ordered_set_put(*servers, s);
1667 if (r == -EEXIST)
1668 continue;
1669 if (r < 0)
1670 return r;
1671 }
1672 }
1673
1674 return 0;
1675 }
1676
1677 /* filter_route is a tri-state:
1678 * < 0: no filtering
1679 * = 0 or false: return only domains which should be used for searching
1680 * > 0 or true: return only domains which are for routing only
1681 */
1682 int manager_compile_search_domains(Manager *m, OrderedSet **domains, int filter_route) {
1683 int r;
1684
1685 assert(m);
1686 assert(domains);
1687
1688 r = ordered_set_ensure_allocated(domains, &dns_name_hash_ops);
1689 if (r < 0)
1690 return r;
1691
1692 LIST_FOREACH(domains, d, m->search_domains) {
1693
1694 if (filter_route >= 0 &&
1695 d->route_only != !!filter_route)
1696 continue;
1697
1698 r = ordered_set_put(*domains, d->name);
1699 if (r == -EEXIST)
1700 continue;
1701 if (r < 0)
1702 return r;
1703 }
1704
1705 DnsDelegate *delegate;
1706 HASHMAP_FOREACH(delegate, m->delegates)
1707 LIST_FOREACH(domains, d, delegate->search_domains) {
1708
1709 if (filter_route >= 0 &&
1710 d->route_only != !!filter_route)
1711 continue;
1712
1713 r = ordered_set_put(*domains, d->name);
1714 if (r == -EEXIST)
1715 continue;
1716 if (r < 0)
1717 return r;
1718 }
1719
1720 Link *l;
1721 HASHMAP_FOREACH(l, m->links)
1722 LIST_FOREACH(domains, d, l->search_domains) {
1723
1724 if (filter_route >= 0 &&
1725 d->route_only != !!filter_route)
1726 continue;
1727
1728 r = ordered_set_put(*domains, d->name);
1729 if (r == -EEXIST)
1730 continue;
1731 if (r < 0)
1732 return r;
1733 }
1734
1735 return 0;
1736 }
1737
1738 DnssecMode manager_get_dnssec_mode(Manager *m) {
1739 assert(m);
1740
1741 if (m->dnssec_mode != _DNSSEC_MODE_INVALID)
1742 return m->dnssec_mode;
1743
1744 return DNSSEC_NO;
1745 }
1746
1747 bool manager_dnssec_supported(Manager *m) {
1748 DnsServer *server;
1749 Link *l;
1750
1751 assert(m);
1752
1753 if (manager_get_dnssec_mode(m) == DNSSEC_NO)
1754 return false;
1755
1756 server = manager_get_dns_server(m);
1757 if (server && !dns_server_dnssec_supported(server))
1758 return false;
1759
1760 HASHMAP_FOREACH(l, m->links)
1761 if (!link_dnssec_supported(l))
1762 return false;
1763
1764 return true;
1765 }
1766
1767 DnsOverTlsMode manager_get_dns_over_tls_mode(Manager *m) {
1768 assert(m);
1769
1770 if (m->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
1771 return m->dns_over_tls_mode;
1772
1773 return DNS_OVER_TLS_NO;
1774 }
1775
1776 void manager_dnssec_verdict(Manager *m, DnssecVerdict verdict, const DnsResourceKey *key) {
1777
1778 assert(verdict >= 0);
1779 assert(verdict < _DNSSEC_VERDICT_MAX);
1780
1781 if (DEBUG_LOGGING) {
1782 char s[DNS_RESOURCE_KEY_STRING_MAX];
1783
1784 log_debug("Found verdict for lookup %s: %s",
1785 dns_resource_key_to_string(key, s, sizeof s),
1786 dnssec_verdict_to_string(verdict));
1787 }
1788
1789 m->n_dnssec_verdict[verdict]++;
1790 }
1791
1792 bool manager_routable(Manager *m) {
1793 Link *l;
1794
1795 assert(m);
1796
1797 /* Returns true if the host has at least one interface with a routable address (regardless if IPv4 or IPv6) */
1798
1799 HASHMAP_FOREACH(l, m->links)
1800 if (link_relevant(l, AF_UNSPEC, false))
1801 return true;
1802
1803 return false;
1804 }
1805
1806 void manager_flush_caches(Manager *m, int log_level) {
1807 assert(m);
1808
1809 LIST_FOREACH(scopes, scope, m->dns_scopes)
1810 dns_cache_flush(&scope->cache);
1811
1812 dns_browse_services_purge(m, AF_UNSPEC); /* Clear records of DNS service browse subscriber, since caches are flushed */
1813 dns_browse_services_restart(m);
1814
1815 log_full(log_level, "Flushed all caches.");
1816 }
1817
1818 void manager_reset_server_features(Manager *m) {
1819
1820 dns_server_reset_features_all(m->dns_servers);
1821 dns_server_reset_features_all(m->fallback_dns_servers);
1822
1823 Link *l;
1824 HASHMAP_FOREACH(l, m->links)
1825 dns_server_reset_features_all(l->dns_servers);
1826
1827 DnsDelegate *d;
1828 HASHMAP_FOREACH(d, m->delegates)
1829 dns_server_reset_features_all(d->dns_servers);
1830
1831 log_info("Resetting learnt feature levels on all servers.");
1832 }
1833
1834 void manager_cleanup_saved_user(Manager *m) {
1835 _cleanup_closedir_ DIR *d = NULL;
1836
1837 assert(m);
1838
1839 /* Clean up all saved per-link files in /run/systemd/resolve/netif/ that don't have a matching interface
1840 * anymore. These files are created to persist settings pushed in by the user via the bus, so that resolved can
1841 * be restarted without losing this data. */
1842
1843 d = opendir("/run/systemd/resolve/netif/");
1844 if (!d) {
1845 if (errno == ENOENT)
1846 return;
1847
1848 log_warning_errno(errno, "Failed to open interface directory: %m");
1849 return;
1850 }
1851
1852 FOREACH_DIRENT_ALL(de, d, log_error_errno(errno, "Failed to read interface directory: %m")) {
1853 int ifindex;
1854 Link *l;
1855
1856 if (!IN_SET(de->d_type, DT_UNKNOWN, DT_REG))
1857 continue;
1858
1859 if (dot_or_dot_dot(de->d_name))
1860 continue;
1861
1862 ifindex = parse_ifindex(de->d_name);
1863 if (ifindex < 0) /* Probably some temporary file from a previous run. Delete it */
1864 goto rm;
1865
1866 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
1867 if (!l) /* link vanished */
1868 goto rm;
1869
1870 if (l->is_managed) /* now managed by networkd, hence the bus settings are useless */
1871 goto rm;
1872
1873 continue;
1874
1875 rm:
1876 if (unlinkat(dirfd(d), de->d_name, 0) < 0)
1877 log_warning_errno(errno, "Failed to remove left-over interface configuration file '%s', ignoring: %m", de->d_name);
1878 }
1879 }
1880
1881 bool manager_next_dnssd_names(Manager *m) {
1882 DnssdRegisteredService *s;
1883 bool tried = false;
1884 int r;
1885
1886 assert(m);
1887
1888 HASHMAP_FOREACH(s, m->dnssd_registered_services) {
1889 _cleanup_free_ char * new_name = NULL;
1890
1891 if (!s->withdrawn)
1892 continue;
1893
1894 r = manager_next_random_name(s->name_template, &new_name);
1895 if (r < 0) {
1896 log_warning_errno(r, "Failed to get new name for service '%s': %m", s->id);
1897 continue;
1898 }
1899
1900 free_and_replace(s->name_template, new_name);
1901
1902 s->withdrawn = false;
1903
1904 tried = true;
1905 }
1906
1907 if (tried)
1908 manager_refresh_rrs(m);
1909
1910 return tried;
1911 }
1912
1913 bool manager_server_is_stub(Manager *m, DnsServer *s) {
1914 DnsStubListenerExtra *l;
1915
1916 assert(m);
1917 assert(s);
1918
1919 /* Safety check: we generally already skip the main stub when parsing configuration. But let's be
1920 * extra careful, and check here again */
1921 if (s->family == AF_INET &&
1922 s->address.in.s_addr == htobe32(INADDR_DNS_STUB) &&
1923 dns_server_port(s) == 53)
1924 return true;
1925
1926 /* Main reason to call this is to check server data against the extra listeners, and filter things
1927 * out. */
1928 ORDERED_SET_FOREACH(l, m->dns_extra_stub_listeners)
1929 if (s->family == l->family &&
1930 in_addr_equal(s->family, &s->address, &l->address) &&
1931 dns_server_port(s) == dns_stub_listener_extra_port(l))
1932 return true;
1933
1934 return false;
1935 }
1936
1937 int socket_disable_pmtud(int fd, int af) {
1938 int r;
1939
1940 assert(fd >= 0);
1941
1942 if (af == AF_UNSPEC) {
1943 af = socket_get_family(fd);
1944 if (af < 0)
1945 return af;
1946 }
1947
1948 switch (af) {
1949
1950 case AF_INET: {
1951 /* Turn off path MTU discovery, let's rather fragment on the way than to open us up against
1952 * PMTU forgery vulnerabilities.
1953 *
1954 * There appears to be no documentation about IP_PMTUDISC_OMIT, but it has the effect that
1955 * the "Don't Fragment" bit in the IPv4 header is turned off, thus enforcing fragmentation if
1956 * our datagram size exceeds the MTU of a router in the path, and turning off path MTU
1957 * discovery.
1958 *
1959 * This helps mitigating the PMTUD vulnerability described here:
1960 *
1961 * https://blog.apnic.net/2019/07/12/its-time-to-consider-avoiding-ip-fragmentation-in-the-dns/
1962 *
1963 * Similar logic is in place in most DNS servers.
1964 *
1965 * There are multiple conflicting goals: we want to allow the largest datagrams possible (for
1966 * efficiency reasons), but not have fragmentation (for security reasons), nor use PMTUD (for
1967 * security reasons, too). Our strategy to deal with this is: use large packets, turn off
1968 * PMTUD, but watch fragmentation taking place, and then size our packets to the max of the
1969 * fragments seen — and if we need larger packets always go to TCP.
1970 */
1971
1972 r = setsockopt_int(fd, IPPROTO_IP, IP_MTU_DISCOVER, IP_PMTUDISC_OMIT);
1973 if (r < 0)
1974 return r;
1975
1976 return 0;
1977 }
1978
1979 case AF_INET6: {
1980 /* On IPv6 fragmentation only is done by the sender — never by routers on the path. PMTUD is
1981 * mandatory. If we want to turn off PMTUD, the only way is by sending with minimal MTU only,
1982 * so that we apply maximum fragmentation locally already, and thus PMTUD doesn't happen
1983 * because there's nothing that could be fragmented further anymore. */
1984
1985 r = setsockopt_int(fd, IPPROTO_IPV6, IPV6_MTU, IPV6_MIN_MTU);
1986 if (r < 0)
1987 return r;
1988
1989 return 0;
1990 }
1991
1992 default:
1993 return -EAFNOSUPPORT;
1994 }
1995 }
1996
1997 int dns_manager_dump_statistics_json(Manager *m, sd_json_variant **ret) {
1998 uint64_t size = 0, hit = 0, miss = 0;
1999
2000 assert(m);
2001 assert(ret);
2002
2003 LIST_FOREACH(scopes, s, m->dns_scopes) {
2004 size += dns_cache_size(&s->cache);
2005 hit += s->cache.n_hit;
2006 miss += s->cache.n_miss;
2007 }
2008
2009 return sd_json_buildo(ret,
2010 SD_JSON_BUILD_PAIR("transactions", SD_JSON_BUILD_OBJECT(
2011 SD_JSON_BUILD_PAIR_UNSIGNED("currentTransactions", hashmap_size(m->dns_transactions)),
2012 SD_JSON_BUILD_PAIR_UNSIGNED("totalTransactions", m->n_transactions_total),
2013 SD_JSON_BUILD_PAIR_UNSIGNED("totalTimeouts", m->n_timeouts_total),
2014 SD_JSON_BUILD_PAIR_UNSIGNED("totalTimeoutsServedStale", m->n_timeouts_served_stale_total),
2015 SD_JSON_BUILD_PAIR_UNSIGNED("totalFailedResponses", m->n_failure_responses_total),
2016 SD_JSON_BUILD_PAIR_UNSIGNED("totalFailedResponsesServedStale", m->n_failure_responses_served_stale_total)
2017 )),
2018 SD_JSON_BUILD_PAIR("cache", SD_JSON_BUILD_OBJECT(
2019 SD_JSON_BUILD_PAIR_UNSIGNED("size", size),
2020 SD_JSON_BUILD_PAIR_UNSIGNED("hits", hit),
2021 SD_JSON_BUILD_PAIR_UNSIGNED("misses", miss)
2022 )),
2023 SD_JSON_BUILD_PAIR("dnssec", SD_JSON_BUILD_OBJECT(
2024 SD_JSON_BUILD_PAIR_UNSIGNED("secure", m->n_dnssec_verdict[DNSSEC_SECURE]),
2025 SD_JSON_BUILD_PAIR_UNSIGNED("insecure", m->n_dnssec_verdict[DNSSEC_INSECURE]),
2026 SD_JSON_BUILD_PAIR_UNSIGNED("bogus", m->n_dnssec_verdict[DNSSEC_BOGUS]),
2027 SD_JSON_BUILD_PAIR_UNSIGNED("indeterminate", m->n_dnssec_verdict[DNSSEC_INDETERMINATE])
2028 )));
2029 }
2030
2031 void dns_manager_reset_statistics(Manager *m) {
2032
2033 assert(m);
2034
2035 LIST_FOREACH(scopes, s, m->dns_scopes)
2036 s->cache.n_hit = s->cache.n_miss = 0;
2037
2038 m->n_transactions_total = 0;
2039 m->n_timeouts_total = 0;
2040 m->n_timeouts_served_stale_total = 0;
2041 m->n_failure_responses_total = 0;
2042 m->n_failure_responses_served_stale_total = 0;
2043 zero(m->n_dnssec_verdict);
2044 }
2045
2046 static int dns_configuration_json_append(
2047 const char *ifname,
2048 int ifindex,
2049 const char *delegate,
2050 int default_route,
2051 DnsServer *current_dns_server,
2052 DnsServer *dns_servers,
2053 DnsServer *fallback_dns_servers,
2054 DnsSearchDomain *search_domains,
2055 Set *negative_trust_anchors,
2056 Set *dns_scopes,
2057 DnssecMode dnssec_mode,
2058 DnsOverTlsMode dns_over_tls_mode,
2059 ResolveSupport llmnr_support,
2060 ResolveSupport mdns_support,
2061 ResolvConfMode resolv_conf_mode,
2062 sd_json_variant **configuration) {
2063
2064 _cleanup_(sd_json_variant_unrefp) sd_json_variant *dns_servers_json = NULL,
2065 *fallback_dns_servers_json = NULL,
2066 *search_domains_json = NULL,
2067 *current_dns_server_json = NULL,
2068 *scopes_json = NULL;
2069 DnsScope *scope;
2070 int r;
2071
2072 assert(configuration);
2073
2074 SET_FOREACH(scope, dns_scopes) {
2075 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
2076
2077 r = dns_scope_to_json(scope, /* with_cache= */ false, &v);
2078 if (r < 0)
2079 return r;
2080
2081 r = sd_json_variant_append_array(&scopes_json, v);
2082 if (r < 0)
2083 return r;
2084 }
2085
2086 LIST_FOREACH(servers, s, dns_servers) {
2087 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
2088
2089 r = dns_server_dump_configuration_to_json(s, &v);
2090 if (r < 0)
2091 return r;
2092
2093 r = sd_json_variant_append_array(&dns_servers_json, v);
2094 if (r < 0)
2095 return r;
2096 }
2097
2098 LIST_FOREACH(domains, d, search_domains) {
2099 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
2100
2101 r = dns_search_domain_dump_to_json(d, &v);
2102 if (r < 0)
2103 return r;
2104
2105 r = sd_json_variant_append_array(&search_domains_json, v);
2106 if (r < 0)
2107 return r;
2108 }
2109
2110 LIST_FOREACH(servers, s, fallback_dns_servers) {
2111 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
2112
2113 r = dns_server_dump_configuration_to_json(s, &v);
2114 if (r < 0)
2115 return r;
2116
2117 r = sd_json_variant_append_array(&fallback_dns_servers_json, v);
2118 if (r < 0)
2119 return r;
2120 }
2121
2122 return sd_json_variant_append_arraybo(
2123 configuration,
2124 JSON_BUILD_PAIR_STRING_NON_EMPTY("ifname", ifname),
2125 SD_JSON_BUILD_PAIR_CONDITION(ifindex > 0, "ifindex", SD_JSON_BUILD_UNSIGNED(ifindex)),
2126 JSON_BUILD_PAIR_STRING_NON_EMPTY("delegate", delegate),
2127 JSON_BUILD_PAIR_TRISTATE_NON_NULL("defaultRoute", default_route),
2128 JSON_BUILD_PAIR_VARIANT_NON_NULL("currentServer", current_dns_server_json),
2129 JSON_BUILD_PAIR_VARIANT_NON_NULL("servers", dns_servers_json),
2130 JSON_BUILD_PAIR_VARIANT_NON_NULL("fallbackServers", fallback_dns_servers_json),
2131 JSON_BUILD_PAIR_VARIANT_NON_NULL("searchDomains", search_domains_json),
2132 SD_JSON_BUILD_PAIR_CONDITION(!set_isempty(negative_trust_anchors),
2133 "negativeTrustAnchors",
2134 JSON_BUILD_STRING_SET(negative_trust_anchors)),
2135 JSON_BUILD_PAIR_STRING_NON_EMPTY("dnssec", dnssec_mode_to_string(dnssec_mode)),
2136 JSON_BUILD_PAIR_STRING_NON_EMPTY("dnsOverTLS", dns_over_tls_mode_to_string(dns_over_tls_mode)),
2137 JSON_BUILD_PAIR_STRING_NON_EMPTY("llmnr", resolve_support_to_string(llmnr_support)),
2138 JSON_BUILD_PAIR_STRING_NON_EMPTY("mDNS", resolve_support_to_string(mdns_support)),
2139 JSON_BUILD_PAIR_STRING_NON_EMPTY("resolvConfMode", resolv_conf_mode_to_string(resolv_conf_mode)),
2140 JSON_BUILD_PAIR_VARIANT_NON_NULL("scopes", scopes_json));
2141 }
2142
2143 static int global_dns_configuration_json_append(Manager *m, sd_json_variant **configuration) {
2144 _cleanup_set_free_ Set *scopes = NULL;
2145 int r;
2146
2147 assert(m);
2148 assert(configuration);
2149
2150 r = set_ensure_put(&scopes, NULL, m->unicast_scope);
2151 if (r < 0)
2152 return r;
2153
2154 return dns_configuration_json_append(
2155 /* ifname= */ NULL,
2156 /* ifindex= */ 0,
2157 /* delegate= */ NULL,
2158 /* default_route= */ -1,
2159 manager_get_dns_server(m),
2160 m->dns_servers,
2161 m->fallback_dns_servers,
2162 m->search_domains,
2163 m->trust_anchor.negative_by_name,
2164 scopes,
2165 manager_get_dnssec_mode(m),
2166 manager_get_dns_over_tls_mode(m),
2167 m->llmnr_support,
2168 m->mdns_support,
2169 resolv_conf_mode(),
2170 configuration);
2171 }
2172
2173 static int link_dns_configuration_json_append(Link *l, sd_json_variant **configuration) {
2174 _cleanup_set_free_ Set *scopes = NULL;
2175 int r;
2176
2177 assert(l);
2178 assert(configuration);
2179
2180 if (l->unicast_scope) {
2181 r = set_ensure_put(&scopes, NULL, l->unicast_scope);
2182 if (r < 0)
2183 return r;
2184 }
2185
2186 if (l->llmnr_ipv4_scope) {
2187 r = set_ensure_put(&scopes, NULL, l->llmnr_ipv4_scope);
2188 if (r < 0)
2189 return r;
2190 }
2191
2192 if (l->llmnr_ipv6_scope) {
2193 r = set_ensure_put(&scopes, NULL, l->llmnr_ipv6_scope);
2194 if (r < 0)
2195 return r;
2196 }
2197
2198 if (l->mdns_ipv4_scope) {
2199 r = set_ensure_put(&scopes, NULL, l->mdns_ipv4_scope);
2200 if (r < 0)
2201 return r;
2202 }
2203
2204 if (l->mdns_ipv6_scope) {
2205 r = set_ensure_put(&scopes, NULL, l->mdns_ipv6_scope);
2206 if (r < 0)
2207 return r;
2208 }
2209
2210 return dns_configuration_json_append(
2211 l->ifname,
2212 l->ifindex,
2213 /* delegate= */ NULL,
2214 link_get_default_route(l),
2215 link_get_dns_server(l),
2216 l->dns_servers,
2217 /* fallback_dns_servers= */ NULL,
2218 l->search_domains,
2219 l->dnssec_negative_trust_anchors,
2220 scopes,
2221 link_get_dnssec_mode(l),
2222 link_get_dns_over_tls_mode(l),
2223 link_get_llmnr_support(l),
2224 link_get_mdns_support(l),
2225 /* resolv_conf_mode= */ _RESOLV_CONF_MODE_INVALID,
2226 configuration);
2227 }
2228
2229 static int delegate_dns_configuration_json_append(DnsDelegate *d, sd_json_variant **configuration) {
2230 _cleanup_set_free_ Set *scopes = NULL;
2231 int r;
2232
2233 assert(d);
2234 assert(configuration);
2235
2236 r = set_ensure_put(&scopes, NULL, d->scope);
2237 if (r < 0)
2238 return r;
2239
2240 return dns_configuration_json_append(
2241 /* ifname= */ NULL,
2242 /* ifindex= */ 0,
2243 d->id,
2244 d->default_route > 0, /* Defaults to false. See dns_scope_is_default_route(). */
2245 dns_delegate_get_dns_server(d),
2246 d->dns_servers,
2247 /* fallback_dns_servers= */ NULL,
2248 d->search_domains,
2249 /* negative_trust_anchors= */ NULL,
2250 scopes,
2251 /* dnssec_mode= */ _DNSSEC_MODE_INVALID,
2252 /* dns_over_tls_mode= */ _DNS_OVER_TLS_MODE_INVALID,
2253 /* llmnr_support= */ _RESOLVE_SUPPORT_INVALID,
2254 /* mdns_support= */ _RESOLVE_SUPPORT_INVALID,
2255 /* resolv_conf_mode= */ _RESOLV_CONF_MODE_INVALID,
2256 configuration);
2257 }
2258
2259 int manager_dump_dns_configuration_json(Manager *m, sd_json_variant **ret) {
2260 _cleanup_(sd_json_variant_unrefp) sd_json_variant *configuration = NULL;
2261 Link *l;
2262 DnsDelegate *d;
2263 int r;
2264
2265 assert(m);
2266 assert(ret);
2267
2268 /* Global DNS configuration */
2269 r = global_dns_configuration_json_append(m, &configuration);
2270 if (r < 0)
2271 return r;
2272
2273 /* Append configuration for each link */
2274 HASHMAP_FOREACH(l, m->links) {
2275 r = link_dns_configuration_json_append(l, &configuration);
2276 if (r < 0)
2277 return r;
2278 }
2279
2280 /* Append configuration for each delegate */
2281 HASHMAP_FOREACH(d, m->delegates) {
2282 r = delegate_dns_configuration_json_append(d, &configuration);
2283 if (r < 0)
2284 return r;
2285 }
2286
2287 return sd_json_buildo(ret, SD_JSON_BUILD_PAIR_VARIANT("configuration", configuration));
2288 }
2289
2290 int manager_send_dns_configuration_changed(Manager *m, Link *l, bool reset) {
2291 _cleanup_(sd_json_variant_unrefp) sd_json_variant *configuration = NULL;
2292 int r;
2293
2294 assert(m);
2295
2296 if (set_isempty(m->varlink_dns_configuration_subscription))
2297 return 0;
2298
2299 if (reset) {
2300 dns_server_reset_accessible_all(m->dns_servers);
2301
2302 if (l)
2303 dns_server_reset_accessible_all(l->dns_servers);
2304 }
2305
2306 r = manager_dump_dns_configuration_json(m, &configuration);
2307 if (r < 0)
2308 return log_warning_errno(r, "Failed to dump DNS configuration json: %m");
2309
2310 if (sd_json_variant_equal(configuration, m->dns_configuration_json))
2311 return 0;
2312
2313 JSON_VARIANT_REPLACE(m->dns_configuration_json, TAKE_PTR(configuration));
2314
2315 r = varlink_many_notify(m->varlink_dns_configuration_subscription, m->dns_configuration_json);
2316 if (r < 0)
2317 return log_warning_errno(r, "Failed to send DNS configuration event: %m");
2318
2319 return 0;
2320 }
2321
2322 int manager_start_dns_configuration_monitor(Manager *m) {
2323 Link *l;
2324 int r;
2325
2326 assert(m);
2327 assert(!m->dns_configuration_json);
2328 assert(!m->netlink_new_route_slot);
2329 assert(!m->netlink_del_route_slot);
2330
2331 dns_server_reset_accessible_all(m->dns_servers);
2332
2333 HASHMAP_FOREACH(l, m->links)
2334 dns_server_reset_accessible_all(l->dns_servers);
2335
2336 r = manager_dump_dns_configuration_json(m, &m->dns_configuration_json);
2337 if (r < 0)
2338 return r;
2339
2340 r = sd_netlink_add_match(m->rtnl, &m->netlink_new_route_slot, RTM_NEWROUTE, manager_process_route, NULL, m, "resolve-NEWROUTE");
2341 if (r < 0)
2342 return r;
2343
2344 r = sd_netlink_add_match(m->rtnl, &m->netlink_del_route_slot, RTM_DELROUTE, manager_process_route, NULL, m, "resolve-DELROUTE");
2345 if (r < 0)
2346 return r;
2347
2348 return 0;
2349 }
2350
2351 void manager_stop_dns_configuration_monitor(Manager *m) {
2352 assert(m);
2353
2354 m->dns_configuration_json = sd_json_variant_unref(m->dns_configuration_json);
2355 m->netlink_new_route_slot = sd_netlink_slot_unref(m->netlink_new_route_slot);
2356 m->netlink_del_route_slot = sd_netlink_slot_unref(m->netlink_del_route_slot);
2357 }
Unnamed repository; edit this file 'description' to name the repository.