]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolved-manager.c
projects / thirdparty / systemd.git / blob
? search:


d58026f48d77aa6b7a6b206f7a2bb4bb293664c3
[thirdparty/systemd.git] / src / resolve / resolved-manager.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <fcntl.h>
4 #include <linux/ipv6.h>
5 #include <netinet/in.h>
6 #include <poll.h>
7 #include <unistd.h>
8
9 #include "sd-bus.h"
10 #include "sd-netlink.h"
11 #include "sd-network.h"
12
13 #include "af-list.h"
14 #include "alloc-util.h"
15 #include "daemon-util.h"
16 #include "dirent-util.h"
17 #include "dns-domain.h"
18 #include "errno-util.h"
19 #include "event-util.h"
20 #include "fd-util.h"
21 #include "hostname-setup.h"
22 #include "hostname-util.h"
23 #include "io-util.h"
24 #include "iovec-util.h"
25 #include "json-util.h"
26 #include "memstream-util.h"
27 #include "missing-network.h"
28 #include "ordered-set.h"
29 #include "parse-util.h"
30 #include "random-util.h"
31 #include "resolved-bus.h"
32 #include "resolved-conf.h"
33 #include "resolved-dns-answer.h"
34 #include "resolved-dns-delegate.h"
35 #include "resolved-dns-packet.h"
36 #include "resolved-dns-query.h"
37 #include "resolved-dns-question.h"
38 #include "resolved-dns-rr.h"
39 #include "resolved-dns-scope.h"
40 #include "resolved-dns-search-domain.h"
41 #include "resolved-dns-server.h"
42 #include "resolved-dns-stub.h"
43 #include "resolved-dns-transaction.h"
44 #include "resolved-dnssd.h"
45 #include "resolved-etc-hosts.h"
46 #include "resolved-link.h"
47 #include "resolved-llmnr.h"
48 #include "resolved-manager.h"
49 #include "resolved-mdns.h"
50 #include "resolved-resolv-conf.h"
51 #include "resolved-socket-graveyard.h"
52 #include "resolved-util.h"
53 #include "resolved-varlink.h"
54 #include "set.h"
55 #include "socket-util.h"
56 #include "string-util.h"
57 #include "time-util.h"
58 #include "varlink-util.h"
59
60 #define SEND_TIMEOUT_USEC (200 * USEC_PER_MSEC)
61
62 static int manager_process_link(sd_netlink *rtnl, sd_netlink_message *mm, void *userdata) {
63 Manager *m = ASSERT_PTR(userdata);
64 uint16_t type;
65 Link *l;
66 int ifindex, r;
67
68 assert(rtnl);
69 assert(mm);
70
71 r = sd_netlink_message_get_type(mm, &type);
72 if (r < 0)
73 goto fail;
74
75 r = sd_rtnl_message_link_get_ifindex(mm, &ifindex);
76 if (r < 0)
77 goto fail;
78
79 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
80
81 switch (type) {
82
83 case RTM_NEWLINK:{
84 bool is_new = !l;
85
86 if (!l) {
87 r = link_new(m, &l, ifindex);
88 if (r < 0)
89 goto fail;
90 }
91
92 r = link_process_rtnl(l, mm);
93 if (r < 0)
94 goto fail;
95
96 r = link_update(l);
97 if (r < 0)
98 goto fail;
99
100 if (is_new)
101 log_debug("Found new link %i/%s", ifindex, l->ifname);
102
103 break;
104 }
105
106 case RTM_DELLINK:
107 if (l) {
108 log_debug("Removing link %i/%s", l->ifindex, l->ifname);
109 link_remove_user(l);
110 link_free(l);
111
112 /* Make sure DNS servers are dropped from written resolv.conf if their link goes away */
113 manager_write_resolv_conf(m);
114 }
115
116 break;
117 }
118
119 /* Now check all the links, and if mDNS/llmr are disabled everywhere, stop them globally too. */
120 manager_llmnr_maybe_stop(m);
121 manager_mdns_maybe_stop(m);
122
123 /* The accessible flag on link DNS servers will have been reset by
124 * link_update(). Just reset the global DNS servers. */
125 (void) manager_send_dns_configuration_changed(m, NULL, /* reset= */ true);
126
127 return 0;
128
129 fail:
130 log_warning_errno(r, "Failed to process RTNL link message: %m");
131 return 0;
132 }
133
134 static int manager_process_address(sd_netlink *rtnl, sd_netlink_message *mm, void *userdata) {
135 Manager *m = ASSERT_PTR(userdata);
136 union in_addr_union address, broadcast = {};
137 uint16_t type;
138 int r, ifindex, family;
139 LinkAddress *a;
140 Link *l;
141
142 assert(rtnl);
143 assert(mm);
144
145 r = sd_netlink_message_get_type(mm, &type);
146 if (r < 0)
147 goto fail;
148
149 r = sd_rtnl_message_addr_get_ifindex(mm, &ifindex);
150 if (r < 0)
151 goto fail;
152
153 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
154 if (!l)
155 return 0;
156
157 r = sd_rtnl_message_addr_get_family(mm, &family);
158 if (r < 0)
159 goto fail;
160
161 switch (family) {
162
163 case AF_INET:
164 sd_netlink_message_read_in_addr(mm, IFA_BROADCAST, &broadcast.in);
165 r = sd_netlink_message_read_in_addr(mm, IFA_LOCAL, &address.in);
166 if (r < 0) {
167 r = sd_netlink_message_read_in_addr(mm, IFA_ADDRESS, &address.in);
168 if (r < 0)
169 goto fail;
170 }
171
172 break;
173
174 case AF_INET6:
175 r = sd_netlink_message_read_in6_addr(mm, IFA_LOCAL, &address.in6);
176 if (r < 0) {
177 r = sd_netlink_message_read_in6_addr(mm, IFA_ADDRESS, &address.in6);
178 if (r < 0)
179 goto fail;
180 }
181
182 break;
183
184 default:
185 return 0;
186 }
187
188 a = link_find_address(l, family, &address);
189
190 switch (type) {
191
192 case RTM_NEWADDR:
193
194 if (!a) {
195 r = link_address_new(l, &a, family, &address, &broadcast);
196 if (r < 0)
197 return r;
198 }
199
200 r = link_address_update_rtnl(a, mm);
201 if (r < 0)
202 return r;
203
204 break;
205
206 case RTM_DELADDR:
207 link_address_free(a);
208 break;
209 }
210
211 (void) manager_send_dns_configuration_changed(m, l, /* reset= */ true);
212
213 return 0;
214
215 fail:
216 log_warning_errno(r, "Failed to process RTNL address message: %m");
217 return 0;
218 }
219
220 static int manager_process_route(sd_netlink *rtnl, sd_netlink_message *mm, void *userdata) {
221 Manager *m = ASSERT_PTR(userdata);
222 Link *l = NULL;
223 uint16_t type;
224 uint32_t ifindex = 0;
225 int r;
226
227 assert(rtnl);
228 assert(mm);
229
230 r = sd_netlink_message_get_type(mm, &type);
231 if (r < 0) {
232 log_warning_errno(r, "Failed to get rtnl message type, ignoring: %m");
233 return 0;
234 }
235
236 if (!IN_SET(type, RTM_NEWROUTE, RTM_DELROUTE)) {
237 log_warning("Unexpected message type %u when processing route, ignoring.", type);
238 return 0;
239 }
240
241 r = sd_netlink_message_read_u32(mm, RTA_OIF, &ifindex);
242 if (r < 0)
243 log_full_errno(r == -ENODATA ? LOG_DEBUG : LOG_WARNING, r, "Failed to get route ifindex, ignoring: %m");
244 else
245 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
246
247 (void) manager_send_dns_configuration_changed(m, l, /* reset= */ true);
248
249 return 0;
250 }
251
252 static int manager_rtnl_listen(Manager *m) {
253 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
254 int r;
255
256 assert(m);
257
258 /* First, subscribe to interfaces coming and going */
259 r = sd_netlink_open(&m->rtnl);
260 if (r < 0)
261 return r;
262
263 r = sd_netlink_attach_event(m->rtnl, m->event, SD_EVENT_PRIORITY_IMPORTANT);
264 if (r < 0)
265 return r;
266
267 r = sd_netlink_add_match(m->rtnl, NULL, RTM_NEWLINK, manager_process_link, NULL, m, "resolve-NEWLINK");
268 if (r < 0)
269 return r;
270
271 r = sd_netlink_add_match(m->rtnl, NULL, RTM_DELLINK, manager_process_link, NULL, m, "resolve-DELLINK");
272 if (r < 0)
273 return r;
274
275 r = sd_netlink_add_match(m->rtnl, NULL, RTM_NEWADDR, manager_process_address, NULL, m, "resolve-NEWADDR");
276 if (r < 0)
277 return r;
278
279 r = sd_netlink_add_match(m->rtnl, NULL, RTM_DELADDR, manager_process_address, NULL, m, "resolve-DELADDR");
280 if (r < 0)
281 return r;
282
283 /* Then, enumerate all links */
284 r = sd_rtnl_message_new_link(m->rtnl, &req, RTM_GETLINK, 0);
285 if (r < 0)
286 return r;
287
288 r = sd_netlink_message_set_request_dump(req, true);
289 if (r < 0)
290 return r;
291
292 r = sd_netlink_call(m->rtnl, req, 0, &reply);
293 if (r < 0)
294 return r;
295
296 for (sd_netlink_message *i = reply; i; i = sd_netlink_message_next(i)) {
297 r = manager_process_link(m->rtnl, i, m);
298 if (r < 0)
299 return r;
300 }
301
302 req = sd_netlink_message_unref(req);
303 reply = sd_netlink_message_unref(reply);
304
305 /* Finally, enumerate all addresses, too */
306 r = sd_rtnl_message_new_addr(m->rtnl, &req, RTM_GETADDR, 0, AF_UNSPEC);
307 if (r < 0)
308 return r;
309
310 r = sd_netlink_message_set_request_dump(req, true);
311 if (r < 0)
312 return r;
313
314 r = sd_netlink_call(m->rtnl, req, 0, &reply);
315 if (r < 0)
316 return r;
317
318 for (sd_netlink_message *i = reply; i; i = sd_netlink_message_next(i)) {
319 r = manager_process_address(m->rtnl, i, m);
320 if (r < 0)
321 return r;
322 }
323
324 return r;
325 }
326
327 static int on_network_event(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
328 Manager *m = ASSERT_PTR(userdata);
329 Link *l;
330 int r;
331
332 sd_network_monitor_flush(m->network_monitor);
333
334 HASHMAP_FOREACH(l, m->links) {
335 r = link_update(l);
336 if (r < 0)
337 log_warning_errno(r, "Failed to update monitor information for %i: %m", l->ifindex);
338 }
339
340 (void) manager_write_resolv_conf(m);
341 (void) manager_send_changed(m, "DNS");
342 (void) manager_send_dns_configuration_changed(m, NULL, /* reset= */ true);
343
344 /* Now check all the links, and if mDNS/llmr are disabled everywhere, stop them globally too. */
345 manager_llmnr_maybe_stop(m);
346 manager_mdns_maybe_stop(m);
347 return 0;
348 }
349
350 static int manager_network_monitor_listen(Manager *m) {
351 int r, fd, events;
352
353 assert(m);
354
355 r = sd_network_monitor_new(&m->network_monitor, NULL);
356 if (r < 0)
357 return r;
358
359 fd = sd_network_monitor_get_fd(m->network_monitor);
360 if (fd < 0)
361 return fd;
362
363 events = sd_network_monitor_get_events(m->network_monitor);
364 if (events < 0)
365 return events;
366
367 r = sd_event_add_io(m->event, &m->network_event_source, fd, events, &on_network_event, m);
368 if (r < 0)
369 return r;
370
371 r = sd_event_source_set_priority(m->network_event_source, SD_EVENT_PRIORITY_IMPORTANT+5);
372 if (r < 0)
373 return r;
374
375 (void) sd_event_source_set_description(m->network_event_source, "network-monitor");
376
377 return 0;
378 }
379
380 static int manager_clock_change_listen(Manager *m);
381
382 static int on_clock_change(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
383 Manager *m = ASSERT_PTR(userdata);
384
385 /* The clock has changed, let's flush all caches. Why that? That's because DNSSEC validation takes
386 * the system clock into consideration, and if the clock changes the old validations might have been
387 * wrong. Let's redo all validation with the new, correct time.
388 *
389 * (Also, this is triggered after system suspend, which is also a good reason to drop caches, since
390 * we might be connected to a different network now without this being visible in a dropped link
391 * carrier or so.) */
392
393 log_info("Clock change detected. Flushing caches.");
394 manager_flush_caches(m, LOG_DEBUG /* downgrade the functions own log message, since we already logged here at LOG_INFO level */);
395
396 /* The clock change timerfd is unusable after it triggered once, create a new one. */
397 return manager_clock_change_listen(m);
398 }
399
400 static int manager_clock_change_listen(Manager *m) {
401 int r;
402
403 assert(m);
404
405 m->clock_change_event_source = sd_event_source_disable_unref(m->clock_change_event_source);
406
407 r = event_add_time_change(m->event, &m->clock_change_event_source, on_clock_change, m);
408 if (r < 0)
409 return log_error_errno(r, "Failed to create clock change event source: %m");
410
411 return 0;
412 }
413
414 static int determine_hostnames(char **full_hostname, char **llmnr_hostname, char **mdns_hostname) {
415 _cleanup_free_ char *h = NULL, *n = NULL;
416 int r;
417
418 assert(full_hostname);
419 assert(llmnr_hostname);
420 assert(mdns_hostname);
421
422 r = resolve_system_hostname(&h, &n);
423 if (r < 0)
424 return r;
425
426 r = dns_name_concat(n, "local", 0, mdns_hostname);
427 if (r < 0)
428 return log_error_errno(r, "Failed to determine mDNS hostname: %m");
429
430 *llmnr_hostname = TAKE_PTR(n);
431 *full_hostname = TAKE_PTR(h);
432
433 return 0;
434 }
435
436 static char* fallback_hostname(void) {
437
438 /* Determine the fall back hostname. For exposing this system to the outside world, we cannot have it
439 * to be "localhost" even if that's the default hostname. In this case, let's revert to "linux"
440 * instead. */
441
442 _cleanup_free_ char *n = get_default_hostname();
443 if (!n)
444 return NULL;
445
446 if (is_localhost(n))
447 return strdup("linux");
448
449 return TAKE_PTR(n);
450 }
451
452 static int make_fallback_hostnames(char **full_hostname, char **llmnr_hostname, char **mdns_hostname) {
453 _cleanup_free_ char *h = NULL, *n = NULL, *m = NULL;
454 char label[DNS_LABEL_MAX+1];
455 const char *p;
456 int r;
457
458 assert(full_hostname);
459 assert(llmnr_hostname);
460 assert(mdns_hostname);
461
462 p = h = fallback_hostname();
463 if (!h)
464 return log_oom();
465
466 r = dns_label_unescape(&p, label, sizeof label, 0);
467 if (r < 0)
468 return log_error_errno(r, "Failed to unescape fallback hostname: %m");
469
470 assert(r > 0); /* The fallback hostname must have at least one label */
471
472 r = dns_label_escape_new(label, r, &n);
473 if (r < 0)
474 return log_error_errno(r, "Failed to escape fallback hostname: %m");
475
476 r = dns_name_concat(n, "local", 0, &m);
477 if (r < 0)
478 return log_error_errno(r, "Failed to concatenate mDNS hostname: %m");
479
480 *llmnr_hostname = TAKE_PTR(n);
481 *mdns_hostname = TAKE_PTR(m);
482 *full_hostname = TAKE_PTR(h);
483
484 return 0;
485 }
486
487 static int on_hostname_change(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
488 _cleanup_free_ char *full_hostname = NULL, *llmnr_hostname = NULL, *mdns_hostname = NULL;
489 Manager *m = ASSERT_PTR(userdata);
490 bool llmnr_hostname_changed;
491 int r;
492
493 r = determine_hostnames(&full_hostname, &llmnr_hostname, &mdns_hostname);
494 if (r < 0) {
495 log_warning_errno(r, "Failed to determine the local hostname and LLMNR/mDNS names, ignoring: %m");
496 return 0; /* ignore invalid hostnames */
497 }
498
499 llmnr_hostname_changed = !streq(llmnr_hostname, m->llmnr_hostname);
500 if (streq(full_hostname, m->full_hostname) &&
501 !llmnr_hostname_changed &&
502 streq(mdns_hostname, m->mdns_hostname))
503 return 0;
504
505 log_info("System hostname changed to '%s'.", full_hostname);
506
507 free_and_replace(m->full_hostname, full_hostname);
508 free_and_replace(m->llmnr_hostname, llmnr_hostname);
509 free_and_replace(m->mdns_hostname, mdns_hostname);
510
511 manager_refresh_rrs(m);
512 (void) manager_send_changed(m, "LLMNRHostname");
513
514 return 0;
515 }
516
517 static int manager_watch_hostname(Manager *m) {
518 int r;
519
520 assert(m);
521
522 m->hostname_fd = open("/proc/sys/kernel/hostname",
523 O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
524 if (m->hostname_fd < 0) {
525 log_warning_errno(errno, "Failed to watch hostname: %m");
526 return 0;
527 }
528
529 r = sd_event_add_io(m->event, &m->hostname_event_source, m->hostname_fd, 0, on_hostname_change, m);
530 if (r < 0)
531 return log_error_errno(r, "Failed to add hostname event source: %m");
532
533 (void) sd_event_source_set_description(m->hostname_event_source, "hostname");
534
535 r = determine_hostnames(&m->full_hostname, &m->llmnr_hostname, &m->mdns_hostname);
536 if (r < 0) {
537 _cleanup_free_ char *d = NULL;
538
539 d = fallback_hostname();
540 if (!d)
541 return log_oom();
542
543 log_info("Defaulting to hostname '%s'.", d);
544
545 r = make_fallback_hostnames(&m->full_hostname, &m->llmnr_hostname, &m->mdns_hostname);
546 if (r < 0)
547 return r;
548 } else
549 log_info("Using system hostname '%s'.", m->full_hostname);
550
551 return 0;
552 }
553
554 static int manager_sigusr1(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
555 _cleanup_(memstream_done) MemStream ms = {};
556 Manager *m = ASSERT_PTR(userdata);
557 Link *l;
558 FILE *f;
559
560 assert(s);
561 assert(si);
562
563 f = memstream_init(&ms);
564 if (!f)
565 return log_oom();
566
567 LIST_FOREACH(scopes, scope, m->dns_scopes)
568 dns_scope_dump(scope, f);
569
570 LIST_FOREACH(servers, server, m->dns_servers)
571 dns_server_dump(server, f);
572 LIST_FOREACH(servers, server, m->fallback_dns_servers)
573 dns_server_dump(server, f);
574 HASHMAP_FOREACH(l, m->links)
575 LIST_FOREACH(servers, server, l->dns_servers)
576 dns_server_dump(server, f);
577 DnsDelegate *delegate;
578 HASHMAP_FOREACH(delegate, m->delegates)
579 LIST_FOREACH(servers, server, delegate->dns_servers)
580 dns_server_dump(server, f);
581
582 return memstream_dump(LOG_INFO, &ms);
583 }
584
585 static int manager_sigusr2(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
586 Manager *m = ASSERT_PTR(userdata);
587
588 assert(s);
589 assert(si);
590
591 manager_flush_caches(m, LOG_INFO);
592
593 return 0;
594 }
595
596 static int manager_sigrtmin1(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
597 Manager *m = ASSERT_PTR(userdata);
598
599 assert(s);
600 assert(si);
601
602 manager_reset_server_features(m);
603 return 0;
604 }
605
606 static int manager_memory_pressure(sd_event_source *s, void *userdata) {
607 Manager *m = ASSERT_PTR(userdata);
608
609 log_info("Under memory pressure, flushing caches.");
610
611 manager_flush_caches(m, LOG_INFO);
612 sd_event_trim_memory();
613
614 return 0;
615 }
616
617 static int manager_memory_pressure_listen(Manager *m) {
618 int r;
619
620 assert(m);
621
622 r = sd_event_add_memory_pressure(m->event, NULL, manager_memory_pressure, m);
623 if (r < 0)
624 log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) || ERRNO_IS_PRIVILEGE(r) || (r == -EHOSTDOWN )? LOG_DEBUG : LOG_NOTICE, r,
625 "Failed to install memory pressure event source, ignoring: %m");
626
627 return 0;
628 }
629
630 static void manager_set_defaults(Manager *m) {
631 assert(m);
632
633 m->llmnr_support = DEFAULT_LLMNR_MODE;
634 m->mdns_support = DEFAULT_MDNS_MODE;
635 m->dnssec_mode = DEFAULT_DNSSEC_MODE;
636 m->dns_over_tls_mode = DEFAULT_DNS_OVER_TLS_MODE;
637 m->enable_cache = DNS_CACHE_MODE_YES;
638 m->dns_stub_listener_mode = DNS_STUB_LISTENER_YES;
639 m->read_etc_hosts = true;
640 m->resolve_unicast_single_label = false;
641 m->cache_from_localhost = false;
642 m->stale_retention_usec = 0;
643 m->refuse_record_types = set_free(m->refuse_record_types);
644 }
645
646 static int manager_dispatch_reload_signal(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
647 Manager *m = ASSERT_PTR(userdata);
648 Link *l;
649 int r;
650
651 (void) notify_reloading();
652
653 dns_server_unlink_on_reload(m->dns_servers);
654 dns_server_unlink_on_reload(m->fallback_dns_servers);
655 m->dns_extra_stub_listeners = ordered_set_free(m->dns_extra_stub_listeners);
656 manager_dns_stub_stop(m);
657 dnssd_registered_service_clear_on_reload(m->dnssd_registered_services);
658 m->unicast_scope = dns_scope_free(m->unicast_scope);
659 m->delegates = hashmap_free(m->delegates);
660 dns_trust_anchor_flush(&m->trust_anchor);
661
662 manager_set_defaults(m);
663
664 r = dns_trust_anchor_load(&m->trust_anchor);
665 if (r < 0)
666 return sd_event_exit(sd_event_source_get_event(s), r);
667
668 r = manager_parse_config_file(m);
669 if (r < 0)
670 log_warning_errno(r, "Failed to parse configuration file on reload, ignoring: %m");
671 else
672 log_info("Config file reloaded.");
673
674 (void) dnssd_load(m);
675 (void) manager_load_delegates(m);
676
677 /* The default scope configuration is influenced by the manager's configuration (modes, etc.), so
678 * recreate it on reload. */
679 r = dns_scope_new(m, &m->unicast_scope, DNS_SCOPE_GLOBAL, /* link= */ NULL, /* delegate= */ NULL, DNS_PROTOCOL_DNS, AF_UNSPEC);
680 if (r < 0)
681 return sd_event_exit(sd_event_source_get_event(s), r);
682
683 /* A link's unicast scope may also be influenced by the manager's configuration. I.e., DNSSEC= and DNSOverTLS=
684 * from the manager will be used if not explicitly configured on the link. Free the scopes here so that
685 * link_allocate_scopes() in on_network_event() re-creates them. */
686 HASHMAP_FOREACH(l, m->links)
687 l->unicast_scope = dns_scope_free(l->unicast_scope);
688
689 /* The configuration has changed, so reload the per-interface configuration too in order to take
690 * into account any changes (e.g.: enable/disable DNSSEC). */
691 r = on_network_event(/* source= */ NULL, -EBADF, /* revents= */ 0, m);
692 if (r < 0)
693 log_warning_errno(r, "Failed to update network information on reload, ignoring: %m");
694
695 /* We have new configuration, which means potentially new servers, so close all connections and drop
696 * all caches, so that we can start fresh. */
697 (void) dns_stream_disconnect_all(m);
698 manager_flush_caches(m, LOG_INFO);
699 manager_verify_all(m);
700
701 r = manager_dns_stub_start(m);
702 if (r < 0)
703 return sd_event_exit(sd_event_source_get_event(s), r);
704
705 (void) sd_notify(/* unset_environment= */ false, NOTIFY_READY_MESSAGE);
706 return 0;
707 }
708
709 int manager_new(Manager **ret) {
710 _cleanup_(manager_freep) Manager *m = NULL;
711 int r;
712
713 assert(ret);
714
715 m = new(Manager, 1);
716 if (!m)
717 return -ENOMEM;
718
719 *m = (Manager) {
720 .llmnr_ipv4_udp_fd = -EBADF,
721 .llmnr_ipv6_udp_fd = -EBADF,
722 .llmnr_ipv4_tcp_fd = -EBADF,
723 .llmnr_ipv6_tcp_fd = -EBADF,
724 .mdns_ipv4_fd = -EBADF,
725 .mdns_ipv6_fd = -EBADF,
726 .hostname_fd = -EBADF,
727
728 .read_resolv_conf = true,
729 .need_builtin_fallbacks = true,
730 .etc_hosts_last = USEC_INFINITY,
731
732 .sigrtmin18_info.memory_pressure_handler = manager_memory_pressure,
733 .sigrtmin18_info.memory_pressure_userdata = m,
734 };
735
736 manager_set_defaults(m);
737
738 r = dns_trust_anchor_load(&m->trust_anchor);
739 if (r < 0)
740 return r;
741
742 r = manager_parse_config_file(m);
743 if (r < 0)
744 log_warning_errno(r, "Failed to parse configuration file, ignoring: %m");
745
746 #if ENABLE_DNS_OVER_TLS
747 r = dnstls_manager_init(m);
748 if (r < 0)
749 return r;
750 #endif
751
752 r = sd_event_default(&m->event);
753 if (r < 0)
754 return r;
755
756 r = sd_event_set_signal_exit(m->event, true);
757 if (r < 0)
758 return r;
759
760 (void) sd_event_set_watchdog(m->event, true);
761
762 r = manager_watch_hostname(m);
763 if (r < 0)
764 return r;
765
766 (void) dnssd_load(m);
767 (void) manager_load_delegates(m);
768
769 r = dns_scope_new(m, &m->unicast_scope, DNS_SCOPE_GLOBAL, /* link= */ NULL, /* delegate= */ NULL, DNS_PROTOCOL_DNS, AF_UNSPEC);
770 if (r < 0)
771 return r;
772
773 r = manager_network_monitor_listen(m);
774 if (r < 0)
775 return r;
776
777 r = manager_rtnl_listen(m);
778 if (r < 0)
779 return r;
780
781 r = manager_clock_change_listen(m);
782 if (r < 0)
783 return r;
784
785 r = manager_memory_pressure_listen(m);
786 if (r < 0)
787 return r;
788
789 r = manager_connect_bus(m);
790 if (r < 0)
791 return r;
792
793 r = sd_event_add_signal(m->event, /* ret= */ NULL, SIGHUP | SD_EVENT_SIGNAL_PROCMASK, manager_dispatch_reload_signal, m);
794 if (r < 0)
795 return log_debug_errno(r, "Failed to install SIGHUP handler: %m");
796
797 r = sd_event_add_signal(m->event, /* ret= */ NULL, SIGUSR1 | SD_EVENT_SIGNAL_PROCMASK, manager_sigusr1, m);
798 if (r < 0)
799 return log_debug_errno(r, "Failed to install SIGUSR1 handler: %m");
800
801 r = sd_event_add_signal(m->event, /* ret= */ NULL, SIGUSR2 | SD_EVENT_SIGNAL_PROCMASK, manager_sigusr2, m);
802 if (r < 0)
803 return log_debug_errno(r, "Failed to install SIGUSR2 handler: %m");
804
805 r = sd_event_add_signal(m->event, /* ret= */ NULL, (SIGRTMIN+1) | SD_EVENT_SIGNAL_PROCMASK, manager_sigrtmin1, m);
806 if (r < 0)
807 return log_debug_errno(r, "Failed to install SIGRTMIN+1 handler: %m");
808
809 r = sd_event_add_signal(m->event, /* ret= */ NULL, (SIGRTMIN+18) | SD_EVENT_SIGNAL_PROCMASK, sigrtmin18_handler, &m->sigrtmin18_info);
810 if (r < 0)
811 return log_debug_errno(r, "Failed to install SIGRTMIN+18 handler: %m");
812
813 manager_cleanup_saved_user(m);
814
815 *ret = TAKE_PTR(m);
816
817 return 0;
818 }
819
820 int manager_start(Manager *m) {
821 int r;
822
823 assert(m);
824
825 r = manager_dns_stub_start(m);
826 if (r < 0)
827 return r;
828
829 r = manager_varlink_init(m);
830 if (r < 0)
831 return r;
832
833 return 0;
834 }
835
836 Manager* manager_free(Manager *m) {
837 Link *l;
838 DnssdRegisteredService *s;
839 DnsServiceBrowser *sb;
840
841 if (!m)
842 return NULL;
843
844 dns_server_unlink_all(m->dns_servers);
845 dns_server_unlink_all(m->fallback_dns_servers);
846 dns_search_domain_unlink_all(m->search_domains);
847
848 while ((l = hashmap_first(m->links)))
849 link_free(l);
850
851 m->delegates = hashmap_free(m->delegates);
852
853 while (m->dns_queries)
854 dns_query_free(m->dns_queries);
855
856 m->stub_queries_by_packet = hashmap_free(m->stub_queries_by_packet);
857 m->unicast_scope = dns_scope_free(m->unicast_scope);
858
859 /* At this point only orphaned streams should remain. All others should have been freed already by their
860 * owners */
861 while (m->dns_streams)
862 dns_stream_unref(m->dns_streams);
863
864 #if ENABLE_DNS_OVER_TLS
865 dnstls_manager_free(m);
866 #endif
867
868 set_free(m->refuse_record_types);
869 hashmap_free(m->links);
870 hashmap_free(m->dns_transactions);
871
872 sd_event_source_unref(m->network_event_source);
873 sd_network_monitor_unref(m->network_monitor);
874
875 sd_netlink_slot_unref(m->netlink_new_route_slot);
876 sd_netlink_slot_unref(m->netlink_del_route_slot);
877 sd_netlink_unref(m->rtnl);
878 sd_event_source_unref(m->rtnl_event_source);
879 sd_event_source_unref(m->clock_change_event_source);
880
881 sd_json_variant_unref(m->dns_configuration_json);
882
883 manager_llmnr_stop(m);
884 manager_mdns_stop(m);
885 manager_dns_stub_stop(m);
886 manager_varlink_done(m);
887
888 manager_socket_graveyard_clear(m);
889
890 ordered_set_free(m->dns_extra_stub_listeners);
891
892 hashmap_free(m->polkit_registry);
893
894 sd_bus_flush_close_unref(m->bus);
895
896 dns_resource_key_unref(m->llmnr_host_ipv4_key);
897 dns_resource_key_unref(m->llmnr_host_ipv6_key);
898 dns_resource_key_unref(m->mdns_host_ipv4_key);
899 dns_resource_key_unref(m->mdns_host_ipv6_key);
900
901 sd_event_source_unref(m->hostname_event_source);
902 safe_close(m->hostname_fd);
903
904 sd_event_unref(m->event);
905
906 free(m->full_hostname);
907 free(m->llmnr_hostname);
908 free(m->mdns_hostname);
909
910 while ((s = hashmap_first(m->dnssd_registered_services)))
911 dnssd_registered_service_free(s);
912 hashmap_free(m->dnssd_registered_services);
913
914 dns_trust_anchor_flush(&m->trust_anchor);
915 manager_etc_hosts_flush(m);
916
917 while ((sb = hashmap_first(m->dns_service_browsers)))
918 dns_service_browser_free(sb);
919 hashmap_free(m->dns_service_browsers);
920
921 return mfree(m);
922 }
923
924 int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) {
925 _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
926 CMSG_BUFFER_TYPE(CMSG_SPACE(MAXSIZE(struct in_pktinfo, struct in6_pktinfo))
927 + CMSG_SPACE(int) /* ttl/hoplimit */
928 + EXTRA_CMSG_SPACE /* kernel appears to require extra buffer space */) control;
929 union sockaddr_union sa;
930 struct iovec iov;
931 struct msghdr mh = {
932 .msg_name = &sa.sa,
933 .msg_namelen = sizeof(sa),
934 .msg_iov = &iov,
935 .msg_iovlen = 1,
936 .msg_control = &control,
937 .msg_controllen = sizeof(control),
938 };
939 struct cmsghdr *cmsg;
940 ssize_t ms, l;
941 int r;
942
943 assert(m);
944 assert(fd >= 0);
945 assert(ret);
946
947 ms = next_datagram_size_fd(fd);
948 if (ms < 0)
949 return ms;
950
951 r = dns_packet_new(&p, protocol, ms, DNS_PACKET_SIZE_MAX);
952 if (r < 0)
953 return r;
954
955 iov = IOVEC_MAKE(DNS_PACKET_DATA(p), p->allocated);
956
957 l = recvmsg_safe(fd, &mh, 0);
958 if (ERRNO_IS_NEG_TRANSIENT(l))
959 return 0;
960 if (l <= 0)
961 return l;
962
963 p->size = (size_t) l;
964
965 p->family = sa.sa.sa_family;
966 p->ipproto = IPPROTO_UDP;
967 if (p->family == AF_INET) {
968 p->sender.in = sa.in.sin_addr;
969 p->sender_port = be16toh(sa.in.sin_port);
970 } else if (p->family == AF_INET6) {
971 p->sender.in6 = sa.in6.sin6_addr;
972 p->sender_port = be16toh(sa.in6.sin6_port);
973 p->ifindex = sa.in6.sin6_scope_id;
974 } else
975 return -EAFNOSUPPORT;
976
977 p->timestamp = now(CLOCK_BOOTTIME);
978
979 CMSG_FOREACH(cmsg, &mh) {
980
981 if (cmsg->cmsg_level == IPPROTO_IPV6) {
982 assert(p->family == AF_INET6);
983
984 switch (cmsg->cmsg_type) {
985
986 case IPV6_PKTINFO: {
987 struct in6_pktinfo *i = CMSG_TYPED_DATA(cmsg, struct in6_pktinfo);
988
989 if (p->ifindex <= 0)
990 p->ifindex = i->ipi6_ifindex;
991
992 p->destination.in6 = i->ipi6_addr;
993 break;
994 }
995
996 case IPV6_HOPLIMIT:
997 p->ttl = *CMSG_TYPED_DATA(cmsg, int);
998 break;
999
1000 case IPV6_RECVFRAGSIZE:
1001 p->fragsize = *CMSG_TYPED_DATA(cmsg, int);
1002 break;
1003 }
1004 } else if (cmsg->cmsg_level == IPPROTO_IP) {
1005 assert(p->family == AF_INET);
1006
1007 switch (cmsg->cmsg_type) {
1008
1009 case IP_PKTINFO: {
1010 struct in_pktinfo *i = CMSG_TYPED_DATA(cmsg, struct in_pktinfo);
1011
1012 if (p->ifindex <= 0)
1013 p->ifindex = i->ipi_ifindex;
1014
1015 p->destination.in = i->ipi_addr;
1016 break;
1017 }
1018
1019 case IP_TTL:
1020 p->ttl = *CMSG_TYPED_DATA(cmsg, int);
1021 break;
1022
1023 case IP_RECVFRAGSIZE:
1024 p->fragsize = *CMSG_TYPED_DATA(cmsg, int);
1025 break;
1026 }
1027 }
1028 }
1029
1030 /* The Linux kernel sets the interface index to the loopback
1031 * device if the packet came from the local host since it
1032 * avoids the routing table in such a case. Let's unset the
1033 * interface index in such a case. */
1034 if (p->ifindex == LOOPBACK_IFINDEX)
1035 p->ifindex = 0;
1036
1037 if (protocol != DNS_PROTOCOL_DNS) {
1038 /* If we don't know the interface index still, we look for the
1039 * first local interface with a matching address. Yuck! */
1040 if (p->ifindex <= 0)
1041 p->ifindex = manager_find_ifindex(m, p->family, &p->destination);
1042 }
1043
1044 log_debug("Received %s UDP packet of size %zu, ifindex=%i, ttl=%u, fragsize=%zu, sender=%s, destination=%s",
1045 dns_protocol_to_string(protocol), p->size, p->ifindex, p->ttl, p->fragsize,
1046 IN_ADDR_TO_STRING(p->family, &p->sender),
1047 IN_ADDR_TO_STRING(p->family, &p->destination));
1048
1049 *ret = TAKE_PTR(p);
1050 return 1;
1051 }
1052
1053 int sendmsg_loop(int fd, struct msghdr *mh, int flags) {
1054 usec_t end;
1055 int r;
1056
1057 assert(fd >= 0);
1058 assert(mh);
1059
1060 end = usec_add(now(CLOCK_MONOTONIC), SEND_TIMEOUT_USEC);
1061
1062 for (;;) {
1063 if (sendmsg(fd, mh, flags) >= 0)
1064 return 0;
1065 if (errno == EINTR)
1066 continue;
1067 if (errno != EAGAIN)
1068 return -errno;
1069
1070 r = fd_wait_for_event(fd, POLLOUT, LESS_BY(end, now(CLOCK_MONOTONIC)));
1071 if (ERRNO_IS_NEG_TRANSIENT(r))
1072 continue;
1073 if (r < 0)
1074 return r;
1075 if (r == 0)
1076 return -ETIMEDOUT;
1077 }
1078 }
1079
1080 static int write_loop(int fd, void *message, size_t length) {
1081 usec_t end;
1082 int r;
1083
1084 assert(fd >= 0);
1085 assert(message);
1086
1087 end = usec_add(now(CLOCK_MONOTONIC), SEND_TIMEOUT_USEC);
1088
1089 for (;;) {
1090 if (write(fd, message, length) >= 0)
1091 return 0;
1092 if (errno == EINTR)
1093 continue;
1094 if (errno != EAGAIN)
1095 return -errno;
1096
1097 r = fd_wait_for_event(fd, POLLOUT, LESS_BY(end, now(CLOCK_MONOTONIC)));
1098 if (ERRNO_IS_NEG_TRANSIENT(r))
1099 continue;
1100 if (r < 0)
1101 return r;
1102 if (r == 0)
1103 return -ETIMEDOUT;
1104 }
1105 }
1106
1107 int manager_write(Manager *m, int fd, DnsPacket *p) {
1108 int r;
1109
1110 log_debug("Sending %s%s packet with id %" PRIu16 " of size %zu.",
1111 DNS_PACKET_TC(p) ? "truncated (!) " : "",
1112 DNS_PACKET_QR(p) ? "response" : "query",
1113 DNS_PACKET_ID(p),
1114 p->size);
1115
1116 r = write_loop(fd, DNS_PACKET_DATA(p), p->size);
1117 if (r < 0)
1118 return r;
1119
1120 return 0;
1121 }
1122
1123 static int manager_ipv4_send(
1124 Manager *m,
1125 int fd,
1126 int ifindex,
1127 const struct in_addr *destination,
1128 uint16_t port,
1129 const struct in_addr *source,
1130 DnsPacket *p) {
1131
1132 CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct in_pktinfo))) control = {};
1133 union sockaddr_union sa;
1134 struct iovec iov;
1135 struct msghdr mh = {
1136 .msg_iov = &iov,
1137 .msg_iovlen = 1,
1138 .msg_name = &sa.sa,
1139 .msg_namelen = sizeof(sa.in),
1140 };
1141
1142 assert(m);
1143 assert(fd >= 0);
1144 assert(destination);
1145 assert(port > 0);
1146 assert(p);
1147
1148 iov = IOVEC_MAKE(DNS_PACKET_DATA(p), p->size);
1149
1150 sa = (union sockaddr_union) {
1151 .in.sin_family = AF_INET,
1152 .in.sin_addr = *destination,
1153 .in.sin_port = htobe16(port),
1154 };
1155
1156 if (ifindex > 0) {
1157 struct cmsghdr *cmsg;
1158 struct in_pktinfo *pi;
1159
1160 mh.msg_control = &control;
1161 mh.msg_controllen = sizeof(control);
1162
1163 cmsg = CMSG_FIRSTHDR(&mh);
1164 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
1165 cmsg->cmsg_level = IPPROTO_IP;
1166 cmsg->cmsg_type = IP_PKTINFO;
1167
1168 pi = CMSG_TYPED_DATA(cmsg, struct in_pktinfo);
1169 pi->ipi_ifindex = ifindex;
1170
1171 if (source)
1172 pi->ipi_spec_dst = *source;
1173 }
1174
1175 return sendmsg_loop(fd, &mh, 0);
1176 }
1177
1178 static int manager_ipv6_send(
1179 Manager *m,
1180 int fd,
1181 int ifindex,
1182 const struct in6_addr *destination,
1183 uint16_t port,
1184 const struct in6_addr *source,
1185 DnsPacket *p) {
1186
1187 CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct in6_pktinfo))) control = {};
1188 union sockaddr_union sa;
1189 struct iovec iov;
1190 struct msghdr mh = {
1191 .msg_iov = &iov,
1192 .msg_iovlen = 1,
1193 .msg_name = &sa.sa,
1194 .msg_namelen = sizeof(sa.in6),
1195 };
1196
1197 assert(m);
1198 assert(fd >= 0);
1199 assert(destination);
1200 assert(port > 0);
1201 assert(p);
1202
1203 iov = IOVEC_MAKE(DNS_PACKET_DATA(p), p->size);
1204
1205 sa = (union sockaddr_union) {
1206 .in6.sin6_family = AF_INET6,
1207 .in6.sin6_addr = *destination,
1208 .in6.sin6_port = htobe16(port),
1209 .in6.sin6_scope_id = ifindex,
1210 };
1211
1212 if (ifindex > 0) {
1213 struct cmsghdr *cmsg;
1214 struct in6_pktinfo *pi;
1215
1216 mh.msg_control = &control;
1217 mh.msg_controllen = sizeof(control);
1218
1219 cmsg = CMSG_FIRSTHDR(&mh);
1220 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
1221 cmsg->cmsg_level = IPPROTO_IPV6;
1222 cmsg->cmsg_type = IPV6_PKTINFO;
1223
1224 pi = CMSG_TYPED_DATA(cmsg, struct in6_pktinfo);
1225 pi->ipi6_ifindex = ifindex;
1226
1227 if (source)
1228 pi->ipi6_addr = *source;
1229 }
1230
1231 return sendmsg_loop(fd, &mh, 0);
1232 }
1233
1234 static int dns_question_to_json(DnsQuestion *q, sd_json_variant **ret) {
1235 _cleanup_(sd_json_variant_unrefp) sd_json_variant *l = NULL;
1236 DnsResourceKey *key;
1237 int r;
1238
1239 assert(ret);
1240
1241 DNS_QUESTION_FOREACH(key, q) {
1242 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
1243
1244 r = dns_resource_key_to_json(key, &v);
1245 if (r < 0)
1246 return r;
1247
1248 r = sd_json_variant_append_array(&l, v);
1249 if (r < 0)
1250 return r;
1251 }
1252
1253 *ret = TAKE_PTR(l);
1254 return 0;
1255 }
1256
1257 int manager_monitor_send(Manager *m, DnsQuery *q) {
1258 _cleanup_(sd_json_variant_unrefp) sd_json_variant *jquestion = NULL, *jcollected_questions = NULL, *janswer = NULL;
1259 _cleanup_(dns_question_unrefp) DnsQuestion *merged = NULL;
1260 DnsAnswerItem *rri;
1261 int r;
1262
1263 assert(m);
1264
1265 if (set_isempty(m->varlink_query_results_subscription))
1266 return 0;
1267
1268 /* Merge all questions into one */
1269 r = dns_question_merge(q->question_idna, q->question_utf8, &merged);
1270 if (r < 0)
1271 return log_error_errno(r, "Failed to merge UTF8/IDNA questions: %m");
1272
1273 if (q->question_bypass) {
1274 _cleanup_(dns_question_unrefp) DnsQuestion *merged2 = NULL;
1275
1276 r = dns_question_merge(merged, q->question_bypass->question, &merged2);
1277 if (r < 0)
1278 return log_error_errno(r, "Failed to merge UTF8/IDNA questions and DNS packet question: %m");
1279
1280 dns_question_unref(merged);
1281 merged = TAKE_PTR(merged2);
1282 }
1283
1284 /* Convert the current primary question to JSON */
1285 r = dns_question_to_json(merged, &jquestion);
1286 if (r < 0)
1287 return log_error_errno(r, "Failed to convert question to JSON: %m");
1288
1289 /* Generate a JSON array of the questions preceding the current one in the CNAME chain */
1290 r = dns_question_to_json(q->collected_questions, &jcollected_questions);
1291 if (r < 0)
1292 return log_error_errno(r, "Failed to convert question to JSON: %m");
1293
1294 DNS_ANSWER_FOREACH_ITEM(rri, q->answer) {
1295 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
1296
1297 r = dns_resource_record_to_json(rri->rr, &v);
1298 if (r < 0)
1299 return log_error_errno(r, "Failed to convert answer resource record to JSON: %m");
1300
1301 r = dns_resource_record_to_wire_format(rri->rr, /* canonical= */ false); /* don't use DNSSEC canonical format, since it removes casing, but we want that for DNS_SD compat */
1302 if (r < 0)
1303 return log_error_errno(r, "Failed to generate RR wire format: %m");
1304
1305 r = sd_json_variant_append_arraybo(
1306 &janswer,
1307 SD_JSON_BUILD_PAIR_CONDITION(!!v, "rr", SD_JSON_BUILD_VARIANT(v)),
1308 SD_JSON_BUILD_PAIR("raw", SD_JSON_BUILD_BASE64(rri->rr->wire_format, rri->rr->wire_format_size)),
1309 SD_JSON_BUILD_PAIR_CONDITION(rri->ifindex > 0, "ifindex", SD_JSON_BUILD_INTEGER(rri->ifindex)));
1310 if (r < 0)
1311 return log_debug_errno(r, "Failed to append notification entry to array: %m");
1312 }
1313
1314 r = varlink_many_notifybo(
1315 m->varlink_query_results_subscription,
1316 SD_JSON_BUILD_PAIR("state", SD_JSON_BUILD_STRING(dns_transaction_state_to_string(q->state))),
1317 SD_JSON_BUILD_PAIR_CONDITION(q->state == DNS_TRANSACTION_DNSSEC_FAILED,
1318 "result", SD_JSON_BUILD_STRING(dnssec_result_to_string(q->answer_dnssec_result))),
1319 SD_JSON_BUILD_PAIR_CONDITION(q->state == DNS_TRANSACTION_RCODE_FAILURE,
1320 "rcode", SD_JSON_BUILD_INTEGER(q->answer_rcode)),
1321 SD_JSON_BUILD_PAIR_CONDITION(q->state == DNS_TRANSACTION_ERRNO,
1322 "errno", SD_JSON_BUILD_INTEGER(q->answer_errno)),
1323 SD_JSON_BUILD_PAIR_CONDITION(IN_SET(q->state,
1324 DNS_TRANSACTION_DNSSEC_FAILED,
1325 DNS_TRANSACTION_RCODE_FAILURE) &&
1326 q->answer_ede_rcode >= 0,
1327 "extendedDNSErrorCode", SD_JSON_BUILD_INTEGER(q->answer_ede_rcode)),
1328 SD_JSON_BUILD_PAIR_CONDITION(IN_SET(q->state,
1329 DNS_TRANSACTION_DNSSEC_FAILED,
1330 DNS_TRANSACTION_RCODE_FAILURE) &&
1331 q->answer_ede_rcode >= 0 && !isempty(q->answer_ede_msg),
1332 "extendedDNSErrorMessage", SD_JSON_BUILD_STRING(q->answer_ede_msg)),
1333 SD_JSON_BUILD_PAIR("question", SD_JSON_BUILD_VARIANT(jquestion)),
1334 SD_JSON_BUILD_PAIR_CONDITION(!!jcollected_questions,
1335 "collectedQuestions", SD_JSON_BUILD_VARIANT(jcollected_questions)),
1336 SD_JSON_BUILD_PAIR_CONDITION(!!janswer,
1337 "answer", SD_JSON_BUILD_VARIANT(janswer)));
1338 if (r < 0)
1339 log_debug_errno(r, "Failed to send monitor event, ignoring: %m");
1340
1341 return 0;
1342 }
1343
1344 int manager_send(
1345 Manager *m,
1346 int fd,
1347 int ifindex,
1348 int family,
1349 const union in_addr_union *destination,
1350 uint16_t port,
1351 const union in_addr_union *source,
1352 DnsPacket *p) {
1353
1354 assert(m);
1355 assert(fd >= 0);
1356 assert(destination);
1357 assert(port > 0);
1358 assert(p);
1359
1360 /* For mDNS, it is natural that the packet have truncated flag when we have many known answers. */
1361 bool truncated = DNS_PACKET_TC(p) && (p->protocol != DNS_PROTOCOL_MDNS || !p->more);
1362
1363 log_debug("Sending %s%s packet with id %" PRIu16 " on interface %i/%s of size %zu.",
1364 truncated ? "truncated (!) " : "",
1365 DNS_PACKET_QR(p) ? "response" : "query",
1366 DNS_PACKET_ID(p),
1367 ifindex, af_to_name(family),
1368 p->size);
1369
1370 if (family == AF_INET)
1371 return manager_ipv4_send(m, fd, ifindex, &destination->in, port, source ? &source->in : NULL, p);
1372 if (family == AF_INET6)
1373 return manager_ipv6_send(m, fd, ifindex, &destination->in6, port, source ? &source->in6 : NULL, p);
1374
1375 return -EAFNOSUPPORT;
1376 }
1377
1378 uint32_t manager_find_mtu(Manager *m) {
1379 uint32_t mtu = 0;
1380 Link *l;
1381
1382 /* If we don't know on which link a DNS packet would be delivered, let's find the largest MTU that
1383 * works on all interfaces we know of that have an IP address associated */
1384
1385 HASHMAP_FOREACH(l, m->links) {
1386 /* Let's filter out links without IP addresses (e.g. AF_CAN links and suchlike) */
1387 if (!l->addresses)
1388 continue;
1389
1390 /* Safety check: MTU shorter than what we need for the absolutely shortest DNS request? Then
1391 * let's ignore this link. */
1392 if (l->mtu < MIN(UDP4_PACKET_HEADER_SIZE + DNS_PACKET_HEADER_SIZE,
1393 UDP6_PACKET_HEADER_SIZE + DNS_PACKET_HEADER_SIZE))
1394 continue;
1395
1396 if (mtu <= 0 || l->mtu < mtu)
1397 mtu = l->mtu;
1398 }
1399
1400 if (mtu == 0) /* found nothing? then let's assume the typical Ethernet MTU for lack of anything more precise */
1401 return 1500;
1402
1403 return mtu;
1404 }
1405
1406 int manager_find_ifindex(Manager *m, int family, const union in_addr_union *in_addr) {
1407 LinkAddress *a;
1408
1409 assert(m);
1410
1411 if (!IN_SET(family, AF_INET, AF_INET6))
1412 return 0;
1413
1414 if (!in_addr)
1415 return 0;
1416
1417 a = manager_find_link_address(m, family, in_addr);
1418 if (a)
1419 return a->link->ifindex;
1420
1421 return 0;
1422 }
1423
1424 void manager_refresh_rrs(Manager *m) {
1425 Link *l;
1426 DnssdRegisteredService *s;
1427
1428 assert(m);
1429
1430 m->llmnr_host_ipv4_key = dns_resource_key_unref(m->llmnr_host_ipv4_key);
1431 m->llmnr_host_ipv6_key = dns_resource_key_unref(m->llmnr_host_ipv6_key);
1432 m->mdns_host_ipv4_key = dns_resource_key_unref(m->mdns_host_ipv4_key);
1433 m->mdns_host_ipv6_key = dns_resource_key_unref(m->mdns_host_ipv6_key);
1434
1435 HASHMAP_FOREACH(l, m->links)
1436 link_add_rrs(l, true);
1437
1438 if (m->mdns_support == RESOLVE_SUPPORT_YES)
1439 HASHMAP_FOREACH(s, m->dnssd_registered_services)
1440 if (dnssd_update_rrs(s) < 0)
1441 log_warning("Failed to refresh DNS-SD service '%s'", s->id);
1442
1443 HASHMAP_FOREACH(l, m->links)
1444 link_add_rrs(l, false);
1445 }
1446
1447 static int manager_next_random_name(const char *old, char **ret_new) {
1448 const char *p;
1449 uint64_t u, a;
1450 char *n;
1451
1452 p = strchr(old, 0);
1453 assert(p);
1454
1455 while (p > old) {
1456 if (!ascii_isdigit(p[-1]))
1457 break;
1458
1459 p--;
1460 }
1461
1462 if (*p == 0 || safe_atou64(p, &u) < 0 || u <= 0)
1463 u = 1;
1464
1465 /* Add a random number to the old value. This way we can avoid
1466 * that two hosts pick the same hostname, win on IPv4 and lose
1467 * on IPv6 (or vice versa), and pick the same hostname
1468 * replacement hostname, ad infinitum. We still want the
1469 * numbers to go up monotonically, hence we just add a random
1470 * value 1..10 */
1471
1472 random_bytes(&a, sizeof(a));
1473 u += 1 + a % 10;
1474
1475 if (asprintf(&n, "%.*s%" PRIu64, (int) (p - old), old, u) < 0)
1476 return -ENOMEM;
1477
1478 *ret_new = n;
1479
1480 return 0;
1481 }
1482
1483 int manager_next_hostname(Manager *m) {
1484 _cleanup_free_ char *h = NULL, *k = NULL;
1485 int r;
1486
1487 assert(m);
1488
1489 r = manager_next_random_name(m->llmnr_hostname, &h);
1490 if (r < 0)
1491 return r;
1492
1493 r = dns_name_concat(h, "local", 0, &k);
1494 if (r < 0)
1495 return r;
1496
1497 log_info("Hostname conflict, changing published hostname from '%s' to '%s'.", m->llmnr_hostname, h);
1498
1499 free_and_replace(m->llmnr_hostname, h);
1500 free_and_replace(m->mdns_hostname, k);
1501
1502 manager_refresh_rrs(m);
1503 (void) manager_send_changed(m, "LLMNRHostname");
1504
1505 return 0;
1506 }
1507
1508 LinkAddress* manager_find_link_address(Manager *m, int family, const union in_addr_union *in_addr) {
1509 Link *l;
1510
1511 assert(m);
1512
1513 if (!IN_SET(family, AF_INET, AF_INET6))
1514 return NULL;
1515
1516 if (!in_addr)
1517 return NULL;
1518
1519 HASHMAP_FOREACH(l, m->links) {
1520 LinkAddress *a;
1521
1522 a = link_find_address(l, family, in_addr);
1523 if (a)
1524 return a;
1525 }
1526
1527 return NULL;
1528 }
1529
1530 bool manager_packet_from_local_address(Manager *m, DnsPacket *p) {
1531 assert(m);
1532 assert(p);
1533
1534 /* Let's see if this packet comes from an IP address we have on any local interface */
1535
1536 return !!manager_find_link_address(m, p->family, &p->sender);
1537 }
1538
1539 bool manager_packet_from_our_transaction(Manager *m, DnsPacket *p) {
1540 DnsTransaction *t;
1541
1542 assert(m);
1543 assert(p);
1544
1545 /* Let's see if we have a transaction with a query message with the exact same binary contents as the
1546 * one we just got. If so, it's almost definitely a packet loop of some kind. */
1547
1548 t = hashmap_get(m->dns_transactions, UINT_TO_PTR(DNS_PACKET_ID(p)));
1549 if (!t)
1550 return false;
1551
1552 return t->sent && dns_packet_equal(t->sent, p);
1553 }
1554
1555 DnsScope* manager_find_scope_from_protocol(Manager *m, int ifindex, DnsProtocol protocol, int family) {
1556 Link *l;
1557
1558 assert(m);
1559
1560 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
1561 if (!l)
1562 return NULL;
1563
1564 switch (protocol) {
1565 case DNS_PROTOCOL_LLMNR:
1566 if (family == AF_INET)
1567 return l->llmnr_ipv4_scope;
1568 else if (family == AF_INET6)
1569 return l->llmnr_ipv6_scope;
1570
1571 break;
1572
1573 case DNS_PROTOCOL_MDNS:
1574 if (family == AF_INET)
1575 return l->mdns_ipv4_scope;
1576 else if (family == AF_INET6)
1577 return l->mdns_ipv6_scope;
1578
1579 break;
1580
1581 default:
1582 ;
1583 }
1584
1585 return NULL;
1586 }
1587
1588 void manager_verify_all(Manager *m) {
1589 assert(m);
1590
1591 LIST_FOREACH(scopes, s, m->dns_scopes)
1592 dns_zone_verify_all(&s->zone);
1593 }
1594
1595 int manager_is_own_hostname(Manager *m, const char *name) {
1596 int r;
1597
1598 assert(m);
1599 assert(name);
1600
1601 if (m->llmnr_hostname) {
1602 r = dns_name_equal(name, m->llmnr_hostname);
1603 if (r != 0)
1604 return r;
1605 }
1606
1607 if (m->mdns_hostname) {
1608 r = dns_name_equal(name, m->mdns_hostname);
1609 if (r != 0)
1610 return r;
1611 }
1612
1613 if (m->full_hostname)
1614 return dns_name_equal(name, m->full_hostname);
1615
1616 return 0;
1617 }
1618
1619 int manager_compile_dns_servers(Manager *m, OrderedSet **dns) {
1620 Link *l;
1621 int r;
1622
1623 assert(m);
1624 assert(dns);
1625
1626 r = ordered_set_ensure_allocated(dns, &dns_server_hash_ops);
1627 if (r < 0)
1628 return r;
1629
1630 /* First add the system-wide servers and domains */
1631 LIST_FOREACH(servers, s, m->dns_servers) {
1632 r = ordered_set_put(*dns, s);
1633 if (r == -EEXIST)
1634 continue;
1635 if (r < 0)
1636 return r;
1637 }
1638
1639 /* Then, add the per-link servers */
1640 HASHMAP_FOREACH(l, m->links)
1641 LIST_FOREACH(servers, s, l->dns_servers) {
1642 r = ordered_set_put(*dns, s);
1643 if (r == -EEXIST)
1644 continue;
1645 if (r < 0)
1646 return r;
1647 }
1648
1649 /* Third, add the delegate servers and domains */
1650 DnsDelegate *d;
1651 HASHMAP_FOREACH(d, m->delegates)
1652 LIST_FOREACH(servers, s, d->dns_servers) {
1653 r = ordered_set_put(*dns, s);
1654 if (r == -EEXIST)
1655 continue;
1656 if (r < 0)
1657 return r;
1658 }
1659
1660 /* If we found nothing, add the fallback servers */
1661 if (ordered_set_isempty(*dns)) {
1662 LIST_FOREACH(servers, s, m->fallback_dns_servers) {
1663 r = ordered_set_put(*dns, s);
1664 if (r == -EEXIST)
1665 continue;
1666 if (r < 0)
1667 return r;
1668 }
1669 }
1670
1671 return 0;
1672 }
1673
1674 /* filter_route is a tri-state:
1675 * < 0: no filtering
1676 * = 0 or false: return only domains which should be used for searching
1677 * > 0 or true: return only domains which are for routing only
1678 */
1679 int manager_compile_search_domains(Manager *m, OrderedSet **domains, int filter_route) {
1680 int r;
1681
1682 assert(m);
1683 assert(domains);
1684
1685 r = ordered_set_ensure_allocated(domains, &dns_name_hash_ops);
1686 if (r < 0)
1687 return r;
1688
1689 LIST_FOREACH(domains, d, m->search_domains) {
1690
1691 if (filter_route >= 0 &&
1692 d->route_only != !!filter_route)
1693 continue;
1694
1695 r = ordered_set_put(*domains, d->name);
1696 if (r == -EEXIST)
1697 continue;
1698 if (r < 0)
1699 return r;
1700 }
1701
1702 DnsDelegate *delegate;
1703 HASHMAP_FOREACH(delegate, m->delegates)
1704 LIST_FOREACH(domains, d, delegate->search_domains) {
1705
1706 if (filter_route >= 0 &&
1707 d->route_only != !!filter_route)
1708 continue;
1709
1710 r = ordered_set_put(*domains, d->name);
1711 if (r == -EEXIST)
1712 continue;
1713 if (r < 0)
1714 return r;
1715 }
1716
1717 Link *l;
1718 HASHMAP_FOREACH(l, m->links)
1719 LIST_FOREACH(domains, d, l->search_domains) {
1720
1721 if (filter_route >= 0 &&
1722 d->route_only != !!filter_route)
1723 continue;
1724
1725 r = ordered_set_put(*domains, d->name);
1726 if (r == -EEXIST)
1727 continue;
1728 if (r < 0)
1729 return r;
1730 }
1731
1732 return 0;
1733 }
1734
1735 DnssecMode manager_get_dnssec_mode(Manager *m) {
1736 assert(m);
1737
1738 if (m->dnssec_mode != _DNSSEC_MODE_INVALID)
1739 return m->dnssec_mode;
1740
1741 return DNSSEC_NO;
1742 }
1743
1744 bool manager_dnssec_supported(Manager *m) {
1745 DnsServer *server;
1746 Link *l;
1747
1748 assert(m);
1749
1750 if (manager_get_dnssec_mode(m) == DNSSEC_NO)
1751 return false;
1752
1753 server = manager_get_dns_server(m);
1754 if (server && !dns_server_dnssec_supported(server))
1755 return false;
1756
1757 HASHMAP_FOREACH(l, m->links)
1758 if (!link_dnssec_supported(l))
1759 return false;
1760
1761 return true;
1762 }
1763
1764 DnsOverTlsMode manager_get_dns_over_tls_mode(Manager *m) {
1765 assert(m);
1766
1767 if (m->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
1768 return m->dns_over_tls_mode;
1769
1770 return DNS_OVER_TLS_NO;
1771 }
1772
1773 void manager_dnssec_verdict(Manager *m, DnssecVerdict verdict, const DnsResourceKey *key) {
1774
1775 assert(verdict >= 0);
1776 assert(verdict < _DNSSEC_VERDICT_MAX);
1777
1778 if (DEBUG_LOGGING) {
1779 char s[DNS_RESOURCE_KEY_STRING_MAX];
1780
1781 log_debug("Found verdict for lookup %s: %s",
1782 dns_resource_key_to_string(key, s, sizeof s),
1783 dnssec_verdict_to_string(verdict));
1784 }
1785
1786 m->n_dnssec_verdict[verdict]++;
1787 }
1788
1789 bool manager_routable(Manager *m) {
1790 Link *l;
1791
1792 assert(m);
1793
1794 /* Returns true if the host has at least one interface with a routable address (regardless if IPv4 or IPv6) */
1795
1796 HASHMAP_FOREACH(l, m->links)
1797 if (link_relevant(l, AF_UNSPEC, false))
1798 return true;
1799
1800 return false;
1801 }
1802
1803 void manager_flush_caches(Manager *m, int log_level) {
1804 assert(m);
1805
1806 LIST_FOREACH(scopes, scope, m->dns_scopes)
1807 dns_cache_flush(&scope->cache);
1808
1809 dns_browse_services_purge(m, AF_UNSPEC); /* Clear records of DNS service browse subscriber, since caches are flushed */
1810 dns_browse_services_restart(m);
1811
1812 log_full(log_level, "Flushed all caches.");
1813 }
1814
1815 void manager_reset_server_features(Manager *m) {
1816
1817 dns_server_reset_features_all(m->dns_servers);
1818 dns_server_reset_features_all(m->fallback_dns_servers);
1819
1820 Link *l;
1821 HASHMAP_FOREACH(l, m->links)
1822 dns_server_reset_features_all(l->dns_servers);
1823
1824 DnsDelegate *d;
1825 HASHMAP_FOREACH(d, m->delegates)
1826 dns_server_reset_features_all(d->dns_servers);
1827
1828 log_info("Resetting learnt feature levels on all servers.");
1829 }
1830
1831 void manager_cleanup_saved_user(Manager *m) {
1832 _cleanup_closedir_ DIR *d = NULL;
1833
1834 assert(m);
1835
1836 /* Clean up all saved per-link files in /run/systemd/resolve/netif/ that don't have a matching interface
1837 * anymore. These files are created to persist settings pushed in by the user via the bus, so that resolved can
1838 * be restarted without losing this data. */
1839
1840 d = opendir("/run/systemd/resolve/netif/");
1841 if (!d) {
1842 if (errno == ENOENT)
1843 return;
1844
1845 log_warning_errno(errno, "Failed to open interface directory: %m");
1846 return;
1847 }
1848
1849 FOREACH_DIRENT_ALL(de, d, log_error_errno(errno, "Failed to read interface directory: %m")) {
1850 int ifindex;
1851 Link *l;
1852
1853 if (!IN_SET(de->d_type, DT_UNKNOWN, DT_REG))
1854 continue;
1855
1856 if (dot_or_dot_dot(de->d_name))
1857 continue;
1858
1859 ifindex = parse_ifindex(de->d_name);
1860 if (ifindex < 0) /* Probably some temporary file from a previous run. Delete it */
1861 goto rm;
1862
1863 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
1864 if (!l) /* link vanished */
1865 goto rm;
1866
1867 if (l->is_managed) /* now managed by networkd, hence the bus settings are useless */
1868 goto rm;
1869
1870 continue;
1871
1872 rm:
1873 if (unlinkat(dirfd(d), de->d_name, 0) < 0)
1874 log_warning_errno(errno, "Failed to remove left-over interface configuration file '%s', ignoring: %m", de->d_name);
1875 }
1876 }
1877
1878 bool manager_next_dnssd_names(Manager *m) {
1879 DnssdRegisteredService *s;
1880 bool tried = false;
1881 int r;
1882
1883 assert(m);
1884
1885 HASHMAP_FOREACH(s, m->dnssd_registered_services) {
1886 _cleanup_free_ char * new_name = NULL;
1887
1888 if (!s->withdrawn)
1889 continue;
1890
1891 r = manager_next_random_name(s->name_template, &new_name);
1892 if (r < 0) {
1893 log_warning_errno(r, "Failed to get new name for service '%s': %m", s->id);
1894 continue;
1895 }
1896
1897 free_and_replace(s->name_template, new_name);
1898
1899 s->withdrawn = false;
1900
1901 tried = true;
1902 }
1903
1904 if (tried)
1905 manager_refresh_rrs(m);
1906
1907 return tried;
1908 }
1909
1910 bool manager_server_is_stub(Manager *m, DnsServer *s) {
1911 DnsStubListenerExtra *l;
1912
1913 assert(m);
1914 assert(s);
1915
1916 /* Safety check: we generally already skip the main stub when parsing configuration. But let's be
1917 * extra careful, and check here again */
1918 if (s->family == AF_INET &&
1919 s->address.in.s_addr == htobe32(INADDR_DNS_STUB) &&
1920 dns_server_port(s) == 53)
1921 return true;
1922
1923 /* Main reason to call this is to check server data against the extra listeners, and filter things
1924 * out. */
1925 ORDERED_SET_FOREACH(l, m->dns_extra_stub_listeners)
1926 if (s->family == l->family &&
1927 in_addr_equal(s->family, &s->address, &l->address) &&
1928 dns_server_port(s) == dns_stub_listener_extra_port(l))
1929 return true;
1930
1931 return false;
1932 }
1933
1934 int socket_disable_pmtud(int fd, int af) {
1935 int r;
1936
1937 assert(fd >= 0);
1938
1939 if (af == AF_UNSPEC) {
1940 af = socket_get_family(fd);
1941 if (af < 0)
1942 return af;
1943 }
1944
1945 switch (af) {
1946
1947 case AF_INET: {
1948 /* Turn off path MTU discovery, let's rather fragment on the way than to open us up against
1949 * PMTU forgery vulnerabilities.
1950 *
1951 * There appears to be no documentation about IP_PMTUDISC_OMIT, but it has the effect that
1952 * the "Don't Fragment" bit in the IPv4 header is turned off, thus enforcing fragmentation if
1953 * our datagram size exceeds the MTU of a router in the path, and turning off path MTU
1954 * discovery.
1955 *
1956 * This helps mitigating the PMTUD vulnerability described here:
1957 *
1958 * https://blog.apnic.net/2019/07/12/its-time-to-consider-avoiding-ip-fragmentation-in-the-dns/
1959 *
1960 * Similar logic is in place in most DNS servers.
1961 *
1962 * There are multiple conflicting goals: we want to allow the largest datagrams possible (for
1963 * efficiency reasons), but not have fragmentation (for security reasons), nor use PMTUD (for
1964 * security reasons, too). Our strategy to deal with this is: use large packets, turn off
1965 * PMTUD, but watch fragmentation taking place, and then size our packets to the max of the
1966 * fragments seen — and if we need larger packets always go to TCP.
1967 */
1968
1969 r = setsockopt_int(fd, IPPROTO_IP, IP_MTU_DISCOVER, IP_PMTUDISC_OMIT);
1970 if (r < 0)
1971 return r;
1972
1973 return 0;
1974 }
1975
1976 case AF_INET6: {
1977 /* On IPv6 fragmentation only is done by the sender — never by routers on the path. PMTUD is
1978 * mandatory. If we want to turn off PMTUD, the only way is by sending with minimal MTU only,
1979 * so that we apply maximum fragmentation locally already, and thus PMTUD doesn't happen
1980 * because there's nothing that could be fragmented further anymore. */
1981
1982 r = setsockopt_int(fd, IPPROTO_IPV6, IPV6_MTU, IPV6_MIN_MTU);
1983 if (r < 0)
1984 return r;
1985
1986 return 0;
1987 }
1988
1989 default:
1990 return -EAFNOSUPPORT;
1991 }
1992 }
1993
1994 int dns_manager_dump_statistics_json(Manager *m, sd_json_variant **ret) {
1995 uint64_t size = 0, hit = 0, miss = 0;
1996
1997 assert(m);
1998 assert(ret);
1999
2000 LIST_FOREACH(scopes, s, m->dns_scopes) {
2001 size += dns_cache_size(&s->cache);
2002 hit += s->cache.n_hit;
2003 miss += s->cache.n_miss;
2004 }
2005
2006 return sd_json_buildo(ret,
2007 SD_JSON_BUILD_PAIR("transactions", SD_JSON_BUILD_OBJECT(
2008 SD_JSON_BUILD_PAIR_UNSIGNED("currentTransactions", hashmap_size(m->dns_transactions)),
2009 SD_JSON_BUILD_PAIR_UNSIGNED("totalTransactions", m->n_transactions_total),
2010 SD_JSON_BUILD_PAIR_UNSIGNED("totalTimeouts", m->n_timeouts_total),
2011 SD_JSON_BUILD_PAIR_UNSIGNED("totalTimeoutsServedStale", m->n_timeouts_served_stale_total),
2012 SD_JSON_BUILD_PAIR_UNSIGNED("totalFailedResponses", m->n_failure_responses_total),
2013 SD_JSON_BUILD_PAIR_UNSIGNED("totalFailedResponsesServedStale", m->n_failure_responses_served_stale_total)
2014 )),
2015 SD_JSON_BUILD_PAIR("cache", SD_JSON_BUILD_OBJECT(
2016 SD_JSON_BUILD_PAIR_UNSIGNED("size", size),
2017 SD_JSON_BUILD_PAIR_UNSIGNED("hits", hit),
2018 SD_JSON_BUILD_PAIR_UNSIGNED("misses", miss)
2019 )),
2020 SD_JSON_BUILD_PAIR("dnssec", SD_JSON_BUILD_OBJECT(
2021 SD_JSON_BUILD_PAIR_UNSIGNED("secure", m->n_dnssec_verdict[DNSSEC_SECURE]),
2022 SD_JSON_BUILD_PAIR_UNSIGNED("insecure", m->n_dnssec_verdict[DNSSEC_INSECURE]),
2023 SD_JSON_BUILD_PAIR_UNSIGNED("bogus", m->n_dnssec_verdict[DNSSEC_BOGUS]),
2024 SD_JSON_BUILD_PAIR_UNSIGNED("indeterminate", m->n_dnssec_verdict[DNSSEC_INDETERMINATE])
2025 )));
2026 }
2027
2028 void dns_manager_reset_statistics(Manager *m) {
2029
2030 assert(m);
2031
2032 LIST_FOREACH(scopes, s, m->dns_scopes)
2033 s->cache.n_hit = s->cache.n_miss = 0;
2034
2035 m->n_transactions_total = 0;
2036 m->n_timeouts_total = 0;
2037 m->n_timeouts_served_stale_total = 0;
2038 m->n_failure_responses_total = 0;
2039 m->n_failure_responses_served_stale_total = 0;
2040 zero(m->n_dnssec_verdict);
2041 }
2042
2043 static int dns_configuration_json_append(
2044 const char *ifname,
2045 int ifindex,
2046 int default_route,
2047 DnsServer *current_dns_server,
2048 DnsServer *dns_servers,
2049 DnsSearchDomain *search_domains,
2050 sd_json_variant **configuration) {
2051
2052 _cleanup_(sd_json_variant_unrefp) sd_json_variant *dns_servers_json = NULL,
2053 *search_domains_json = NULL,
2054 *current_dns_server_json = NULL;
2055 int r;
2056
2057 assert(configuration);
2058
2059 if (dns_servers) {
2060 r = sd_json_variant_new_array(&dns_servers_json, NULL, 0);
2061 if (r < 0)
2062 return r;
2063 }
2064
2065 if (search_domains) {
2066 r = sd_json_variant_new_array(&search_domains_json, NULL, 0);
2067 if (r < 0)
2068 return r;
2069 }
2070
2071 if (current_dns_server) {
2072 r = dns_server_dump_configuration_to_json(current_dns_server, &current_dns_server_json);
2073 if (r < 0)
2074 return r;
2075 }
2076
2077 LIST_FOREACH(servers, s, dns_servers) {
2078 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
2079
2080 assert(dns_servers_json);
2081
2082 r = dns_server_dump_configuration_to_json(s, &v);
2083 if (r < 0)
2084 return r;
2085
2086 r = sd_json_variant_append_array(&dns_servers_json, v);
2087 if (r < 0)
2088 return r;
2089 }
2090
2091 LIST_FOREACH(domains, d, search_domains) {
2092 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
2093
2094 assert(search_domains_json);
2095
2096 r = dns_search_domain_dump_to_json(d, &v);
2097 if (r < 0)
2098 return r;
2099
2100 r = sd_json_variant_append_array(&search_domains_json, v);
2101 if (r < 0)
2102 return r;
2103 }
2104
2105 return sd_json_variant_append_arraybo(
2106 configuration,
2107 JSON_BUILD_PAIR_STRING_NON_EMPTY("ifname", ifname),
2108 SD_JSON_BUILD_PAIR_CONDITION(ifindex > 0, "ifindex", SD_JSON_BUILD_UNSIGNED(ifindex)),
2109 SD_JSON_BUILD_PAIR_CONDITION(ifindex > 0, "defaultRoute", SD_JSON_BUILD_BOOLEAN(default_route > 0)),
2110 JSON_BUILD_PAIR_VARIANT_NON_NULL("currentServer", current_dns_server_json),
2111 JSON_BUILD_PAIR_VARIANT_NON_NULL("servers", dns_servers_json),
2112 JSON_BUILD_PAIR_VARIANT_NON_NULL("searchDomains", search_domains_json));
2113 }
2114
2115 int manager_dump_dns_configuration_json(Manager *m, sd_json_variant **ret) {
2116 _cleanup_(sd_json_variant_unrefp) sd_json_variant *configuration = NULL;
2117 Link *l;
2118 int r;
2119
2120 assert(m);
2121 assert(ret);
2122
2123 /* Global DNS configuration */
2124 r = dns_configuration_json_append(
2125 /* ifname = */ NULL,
2126 /* ifindex = */ 0,
2127 /* default_route = */ 0,
2128 manager_get_dns_server(m),
2129 m->dns_servers,
2130 m->search_domains,
2131 &configuration);
2132 if (r < 0)
2133 return r;
2134
2135 /* Append configuration for each link */
2136 HASHMAP_FOREACH(l, m->links) {
2137 r = dns_configuration_json_append(
2138 l->ifname,
2139 l->ifindex,
2140 link_get_default_route(l),
2141 link_get_dns_server(l),
2142 l->dns_servers,
2143 l->search_domains,
2144 &configuration);
2145 if (r < 0)
2146 return r;
2147 }
2148
2149 return sd_json_buildo(ret, SD_JSON_BUILD_PAIR_VARIANT("configuration", configuration));
2150 }
2151
2152 int manager_send_dns_configuration_changed(Manager *m, Link *l, bool reset) {
2153 _cleanup_(sd_json_variant_unrefp) sd_json_variant *configuration = NULL;
2154 int r;
2155
2156 assert(m);
2157
2158 if (set_isempty(m->varlink_dns_configuration_subscription))
2159 return 0;
2160
2161 if (reset) {
2162 dns_server_reset_accessible_all(m->dns_servers);
2163
2164 if (l)
2165 dns_server_reset_accessible_all(l->dns_servers);
2166 }
2167
2168 r = manager_dump_dns_configuration_json(m, &configuration);
2169 if (r < 0)
2170 return log_warning_errno(r, "Failed to dump DNS configuration json: %m");
2171
2172 if (sd_json_variant_equal(configuration, m->dns_configuration_json))
2173 return 0;
2174
2175 JSON_VARIANT_REPLACE(m->dns_configuration_json, TAKE_PTR(configuration));
2176
2177 r = varlink_many_notify(m->varlink_dns_configuration_subscription, m->dns_configuration_json);
2178 if (r < 0)
2179 return log_warning_errno(r, "Failed to send DNS configuration event: %m");
2180
2181 return 0;
2182 }
2183
2184 int manager_start_dns_configuration_monitor(Manager *m) {
2185 Link *l;
2186 int r;
2187
2188 assert(m);
2189 assert(!m->dns_configuration_json);
2190 assert(!m->netlink_new_route_slot);
2191 assert(!m->netlink_del_route_slot);
2192
2193 dns_server_reset_accessible_all(m->dns_servers);
2194
2195 HASHMAP_FOREACH(l, m->links)
2196 dns_server_reset_accessible_all(l->dns_servers);
2197
2198 r = manager_dump_dns_configuration_json(m, &m->dns_configuration_json);
2199 if (r < 0)
2200 return r;
2201
2202 r = sd_netlink_add_match(m->rtnl, &m->netlink_new_route_slot, RTM_NEWROUTE, manager_process_route, NULL, m, "resolve-NEWROUTE");
2203 if (r < 0)
2204 return r;
2205
2206 r = sd_netlink_add_match(m->rtnl, &m->netlink_del_route_slot, RTM_DELROUTE, manager_process_route, NULL, m, "resolve-DELROUTE");
2207 if (r < 0)
2208 return r;
2209
2210 return 0;
2211 }
2212
2213 void manager_stop_dns_configuration_monitor(Manager *m) {
2214 assert(m);
2215
2216 m->dns_configuration_json = sd_json_variant_unref(m->dns_configuration_json);
2217 m->netlink_new_route_slot = sd_netlink_slot_unref(m->netlink_new_route_slot);
2218 m->netlink_del_route_slot = sd_netlink_slot_unref(m->netlink_del_route_slot);
2219 }
Unnamed repository; edit this file 'description' to name the repository.