#include "fileio.h"
#include "log-link.h"
#include "mkdir.h"
+#include "netif-util.h"
#include "parse-util.h"
#include "resolved-link.h"
#include "resolved-llmnr.h"
#include "resolved-mdns.h"
#include "socket-netlink.h"
+#include "stat-util.h"
#include "string-util.h"
#include "strv.h"
#include "tmpfile-util.h"
.ifindex = ifindex,
.default_route = -1,
.llmnr_support = RESOLVE_SUPPORT_YES,
- .mdns_support = RESOLVE_SUPPORT_NO,
+ .mdns_support = RESOLVE_SUPPORT_YES,
.dnssec_mode = _DNSSEC_MODE_INVALID,
.dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID,
.operstate = IF_OPER_UNKNOWN,
l->default_route = -1;
l->llmnr_support = RESOLVE_SUPPORT_YES;
- l->mdns_support = RESOLVE_SUPPORT_NO;
+ l->mdns_support = RESOLVE_SUPPORT_YES;
l->dnssec_mode = _DNSSEC_MODE_INVALID;
l->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID;
r = dns_scope_new(l->manager, &l->unicast_scope, l, DNS_PROTOCOL_DNS, AF_UNSPEC);
if (r < 0)
- log_warning_errno(r, "Failed to allocate DNS scope: %m");
+ log_link_warning_errno(l, r, "Failed to allocate DNS scope, ignoring: %m");
}
} else
l->unicast_scope = dns_scope_free(l->unicast_scope);
if (link_relevant(l, AF_INET, true) &&
- l->llmnr_support != RESOLVE_SUPPORT_NO &&
- l->manager->llmnr_support != RESOLVE_SUPPORT_NO) {
+ link_get_llmnr_support(l) != RESOLVE_SUPPORT_NO) {
if (!l->llmnr_ipv4_scope) {
r = dns_scope_new(l->manager, &l->llmnr_ipv4_scope, l, DNS_PROTOCOL_LLMNR, AF_INET);
if (r < 0)
- log_warning_errno(r, "Failed to allocate LLMNR IPv4 scope: %m");
+ log_link_warning_errno(l, r, "Failed to allocate LLMNR IPv4 scope, ignoring: %m");
}
} else
l->llmnr_ipv4_scope = dns_scope_free(l->llmnr_ipv4_scope);
if (link_relevant(l, AF_INET6, true) &&
- l->llmnr_support != RESOLVE_SUPPORT_NO &&
- l->manager->llmnr_support != RESOLVE_SUPPORT_NO &&
- socket_ipv6_is_supported()) {
+ link_get_llmnr_support(l) != RESOLVE_SUPPORT_NO) {
if (!l->llmnr_ipv6_scope) {
r = dns_scope_new(l->manager, &l->llmnr_ipv6_scope, l, DNS_PROTOCOL_LLMNR, AF_INET6);
if (r < 0)
- log_warning_errno(r, "Failed to allocate LLMNR IPv6 scope: %m");
+ log_link_warning_errno(l, r, "Failed to allocate LLMNR IPv6 scope, ignoring: %m");
}
} else
l->llmnr_ipv6_scope = dns_scope_free(l->llmnr_ipv6_scope);
if (link_relevant(l, AF_INET, true) &&
- l->mdns_support != RESOLVE_SUPPORT_NO &&
- l->manager->mdns_support != RESOLVE_SUPPORT_NO) {
+ link_get_mdns_support(l) != RESOLVE_SUPPORT_NO) {
if (!l->mdns_ipv4_scope) {
r = dns_scope_new(l->manager, &l->mdns_ipv4_scope, l, DNS_PROTOCOL_MDNS, AF_INET);
if (r < 0)
- log_warning_errno(r, "Failed to allocate mDNS IPv4 scope: %m");
+ log_link_warning_errno(l, r, "Failed to allocate mDNS IPv4 scope, ignoring: %m");
}
} else
l->mdns_ipv4_scope = dns_scope_free(l->mdns_ipv4_scope);
if (link_relevant(l, AF_INET6, true) &&
- l->mdns_support != RESOLVE_SUPPORT_NO &&
- l->manager->mdns_support != RESOLVE_SUPPORT_NO) {
+ link_get_mdns_support(l) != RESOLVE_SUPPORT_NO) {
if (!l->mdns_ipv6_scope) {
r = dns_scope_new(l->manager, &l->mdns_ipv6_scope, l, DNS_PROTOCOL_MDNS, AF_INET6);
if (r < 0)
- log_warning_errno(r, "Failed to allocate mDNS IPv6 scope: %m");
+ log_link_warning_errno(l, r, "Failed to allocate mDNS IPv6 scope, ignoring: %m");
}
} else
l->mdns_ipv6_scope = dns_scope_free(l->mdns_ipv6_scope);
}
void link_add_rrs(Link *l, bool force_remove) {
- LinkAddress *a;
int r;
LIST_FOREACH(addresses, a, l->addresses)
link_address_add_rrs(a, force_remove);
if (!force_remove &&
- l->mdns_support == RESOLVE_SUPPORT_YES &&
- l->manager->mdns_support == RESOLVE_SUPPORT_YES) {
+ link_get_mdns_support(l) == RESOLVE_SUPPORT_YES) {
if (l->mdns_ipv4_scope) {
r = dns_scope_add_dnssd_services(l->mdns_ipv4_scope);
if (r < 0)
- log_warning_errno(r, "Failed to add IPv4 DNS-SD services: %m");
+ log_link_warning_errno(l, r, "Failed to add IPv4 DNS-SD services, ignoring: %m");
}
if (l->mdns_ipv6_scope) {
r = dns_scope_add_dnssd_services(l->mdns_ipv6_scope);
if (r < 0)
- log_warning_errno(r, "Failed to add IPv6 DNS-SD services: %m");
+ log_link_warning_errno(l, r, "Failed to add IPv6 DNS-SD services, ignoring: %m");
}
} else {
if (l->mdns_ipv4_scope) {
r = dns_scope_remove_dnssd_services(l->mdns_ipv4_scope);
if (r < 0)
- log_warning_errno(r, "Failed to remove IPv4 DNS-SD services: %m");
+ log_link_warning_errno(l, r, "Failed to remove IPv4 DNS-SD services, ignoring: %m");
}
if (l->mdns_ipv6_scope) {
r = dns_scope_remove_dnssd_services(l->mdns_ipv6_scope);
if (r < 0)
- log_warning_errno(r, "Failed to remove IPv6 DNS-SD services: %m");
+ log_link_warning_errno(l, r, "Failed to remove IPv6 DNS-SD services, ignoring: %m");
}
}
}
(void) sd_netlink_message_read_u32(m, IFLA_MTU, &l->mtu);
(void) sd_netlink_message_read_u8(m, IFLA_OPERSTATE, &l->operstate);
- if (sd_netlink_message_read_string(m, IFLA_IFNAME, &n) >= 0) {
+ if (sd_netlink_message_read_string(m, IFLA_IFNAME, &n) >= 0 &&
+ !streq_ptr(l->ifname, n)) {
+ if (l->ifname)
+ log_link_debug(l, "Interface name change detected: %s -> %s", l->ifname, n);
+
r = free_and_strdup(&l->ifname, n);
if (r < 0)
return r;
}
- link_allocate_scopes(l);
- link_add_rrs(l, false);
-
return 0;
}
static int link_update_dns_servers(Link *l) {
_cleanup_strv_free_ char **nameservers = NULL;
- char **nameserver;
int r;
assert(l);
assert(l);
- l->mdns_support = RESOLVE_SUPPORT_NO;
+ l->mdns_support = RESOLVE_SUPPORT_YES;
r = sd_network_link_get_mdns(l->ifindex, &b);
if (r == -ENODATA)
#if ! ENABLE_DNS_OVER_TLS
if (mode != DNS_OVER_TLS_NO)
- log_warning("DNS-over-TLS option for the link cannot be enabled or set to opportunistic when systemd-resolved is built without DNS-over-TLS support. Turning off DNS-over-TLS support.");
+ log_link_warning(l,
+ "DNS-over-TLS option for the link cannot be enabled or set to opportunistic "
+ "when systemd-resolved is built without DNS-over-TLS support. "
+ "Turning off DNS-over-TLS support.");
return;
#endif
l->dns_over_tls_mode = mode;
+ l->unicast_scope = dns_scope_free(l->unicast_scope);
}
static int link_update_dns_over_tls_mode(Link *l) {
#if !HAVE_OPENSSL_OR_GCRYPT
if (IN_SET(mode, DNSSEC_YES, DNSSEC_ALLOW_DOWNGRADE))
- log_warning("DNSSEC option for the link cannot be enabled or set to allow-downgrade when systemd-resolved is built without a cryptographic library. Turning off DNSSEC support.");
+ log_link_warning(l,
+ "DNSSEC option for the link cannot be enabled or set to allow-downgrade "
+ "when systemd-resolved is built without a cryptographic library. "
+ "Turning off DNSSEC support.");
return;
#endif
if (l->dnssec_mode == mode)
return;
- if ((l->dnssec_mode == _DNSSEC_MODE_INVALID) ||
- (l->dnssec_mode == DNSSEC_NO && mode != DNSSEC_NO) ||
- (l->dnssec_mode == DNSSEC_ALLOW_DOWNGRADE && mode == DNSSEC_YES)) {
-
- /* When switching from non-DNSSEC mode to DNSSEC mode, flush the cache. Also when switching from the
- * allow-downgrade mode to full DNSSEC mode, flush it too. */
- if (l->unicast_scope)
- dns_cache_flush(&l->unicast_scope->cache);
- }
-
l->dnssec_mode = mode;
+ l->unicast_scope = dns_scope_free(l->unicast_scope);
}
static int link_update_dnssec_mode(Link *l) {
r = sd_network_link_get_dnssec_negative_trust_anchors(l->ifindex, &ntas);
if (r == -ENODATA)
- return r;
+ return 0;
if (r < 0)
return r;
static int link_update_search_domains(Link *l) {
_cleanup_strv_free_ char **sdomains = NULL, **rdomains = NULL;
- char **i;
int r, q;
assert(l);
return !STR_IN_SET(state, "pending", "initialized", "unmanaged");
}
+static void link_enter_unmanaged(Link *l) {
+ assert(l);
+
+ /* If this link used to be managed, but is now unmanaged, flush all our settings — but only once. */
+ if (l->is_managed)
+ link_flush_settings(l);
+
+ l->is_managed = false;
+}
+
static void link_read_settings(Link *l) {
+ struct stat st;
int r;
assert(l);
/* Read settings from networkd, except when networkd is not managing this interface. */
- r = link_is_managed(l);
- if (r < 0) {
- log_link_warning_errno(l, r, "Failed to determine whether the interface is managed: %m");
+ r = sd_network_link_get_stat(l->ifindex, &st);
+ if (r == -ENOENT)
+ return link_enter_unmanaged(l);
+ if (r < 0)
+ return (void) log_link_warning_errno(l, r, "Failed to stat() networkd's link state file, ignoring: %m");
+
+ if (stat_inode_unmodified(&l->networkd_state_file_stat, &st))
+ /* The state file is unmodified. Not necessary to re-read settings. */
return;
- }
- if (r == 0) {
- /* If this link used to be managed, but is now unmanaged, flush all our settings — but only once. */
- if (l->is_managed)
- link_flush_settings(l);
+ /* Save the new stat for the next event. */
+ l->networkd_state_file_stat = st;
- l->is_managed = false;
- return;
- }
+ r = link_is_managed(l);
+ if (r < 0)
+ return (void) log_link_warning_errno(l, r, "Failed to determine whether the interface is managed, ignoring: %m");
+ if (r == 0)
+ return link_enter_unmanaged(l);
l->is_managed = true;
+ r = network_link_get_operational_state(l->ifindex, &l->networkd_operstate);
+ if (r < 0)
+ log_link_warning_errno(l, r, "Failed to read networkd's link operational state, ignoring: %m");
+
r = link_update_dns_servers(l);
if (r < 0)
log_link_warning_errno(l, r, "Failed to read DNS servers for the interface, ignoring: %m");
if (r < 0)
return r;
- if (l->llmnr_support != RESOLVE_SUPPORT_NO) {
+ if (link_get_llmnr_support(l) != RESOLVE_SUPPORT_NO) {
r = manager_llmnr_start(l->manager);
if (r < 0)
return r;
}
- if (l->mdns_support != RESOLVE_SUPPORT_NO) {
+ if (link_get_mdns_support(l) != RESOLVE_SUPPORT_NO) {
r = manager_mdns_start(l->manager);
if (r < 0)
return r;
}
bool link_relevant(Link *l, int family, bool local_multicast) {
- _cleanup_free_ char *state = NULL;
- LinkAddress *a;
-
assert(l);
/* A link is relevant for local multicast traffic if it isn't a loopback device, has a link
* A link is relevant for non-multicast traffic if it isn't a loopback device, has a link beat, and has at
* least one routable address. */
- if (l->flags & (IFF_LOOPBACK|IFF_DORMANT))
+ if ((l->flags & (IFF_LOOPBACK | IFF_DORMANT)) != 0)
return false;
- if ((l->flags & (IFF_UP|IFF_LOWER_UP)) != (IFF_UP|IFF_LOWER_UP))
+ if (!FLAGS_SET(l->flags, IFF_UP | IFF_LOWER_UP))
return false;
- if (local_multicast) {
- if ((l->flags & IFF_MULTICAST) != IFF_MULTICAST)
- return false;
- }
+ if (local_multicast &&
+ !FLAGS_SET(l->flags, IFF_MULTICAST))
+ return false;
- /* Check kernel operstate
- * https://www.kernel.org/doc/Documentation/networking/operstates.txt */
- if (!IN_SET(l->operstate, IF_OPER_UNKNOWN, IF_OPER_UP))
+ if (!netif_has_carrier(l->operstate, l->flags))
return false;
- (void) sd_network_link_get_operational_state(l->ifindex, &state);
- if (state && !STR_IN_SET(state, "unknown", "degraded", "degraded-carrier", "routable"))
+ if (l->is_managed &&
+ !IN_SET(l->networkd_operstate, LINK_OPERSTATE_DEGRADED_CARRIER, LINK_OPERSTATE_DEGRADED, LINK_OPERSTATE_ROUTABLE))
return false;
LIST_FOREACH(addresses, a, l->addresses)
}
LinkAddress *link_find_address(Link *l, int family, const union in_addr_union *in_addr) {
- LinkAddress *a;
-
assert(l);
if (!IN_SET(family, AF_INET, AF_INET6))
return s;
if (s)
- log_debug("Switching to DNS server %s for interface %s.", strna(dns_server_string_full(s)), l->ifname);
+ log_link_debug(l, "Switching to DNS server %s.", strna(dns_server_string_full(s)));
dns_server_unref(l->current_dns_server);
l->current_dns_server = dns_server_ref(s);
return true;
}
+ResolveSupport link_get_llmnr_support(Link *link) {
+ assert(link);
+ assert(link->manager);
+
+ /* This provides the effective LLMNR support level for the link, instead of the 'internal' per-link setting. */
+
+ return MIN(link->llmnr_support, link->manager->llmnr_support);
+}
+
+ResolveSupport link_get_mdns_support(Link *link) {
+ assert(link);
+ assert(link->manager);
+
+ /* This provides the effective mDNS support level for the link, instead of the 'internal' per-link setting. */
+
+ return MIN(link->mdns_support, link->manager->mdns_support);
+}
+
int link_address_new(Link *l, LinkAddress **ret, int family, const union in_addr_union *in_addr) {
LinkAddress *a;
if (!force_remove &&
link_address_relevant(a, true) &&
a->link->llmnr_ipv4_scope &&
- a->link->llmnr_support == RESOLVE_SUPPORT_YES &&
- a->link->manager->llmnr_support == RESOLVE_SUPPORT_YES) {
+ link_get_llmnr_support(a->link) == RESOLVE_SUPPORT_YES) {
if (!a->link->manager->llmnr_host_ipv4_key) {
a->link->manager->llmnr_host_ipv4_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_A, a->link->manager->llmnr_hostname);
r = dns_zone_put(&a->link->llmnr_ipv4_scope->zone, a->link->llmnr_ipv4_scope, a->llmnr_address_rr, true);
if (r < 0)
- log_warning_errno(r, "Failed to add A record to LLMNR zone: %m");
+ log_link_warning_errno(a->link, r, "Failed to add A record to LLMNR zone, ignoring: %m");
r = dns_zone_put(&a->link->llmnr_ipv4_scope->zone, a->link->llmnr_ipv4_scope, a->llmnr_ptr_rr, false);
if (r < 0)
- log_warning_errno(r, "Failed to add IPv4 PTR record to LLMNR zone: %m");
+ log_link_warning_errno(a->link, r, "Failed to add IPv4 PTR record to LLMNR zone, ignoring: %m");
} else {
if (a->llmnr_address_rr) {
if (a->link->llmnr_ipv4_scope)
if (!force_remove &&
link_address_relevant(a, true) &&
a->link->mdns_ipv4_scope &&
- a->link->mdns_support == RESOLVE_SUPPORT_YES &&
- a->link->manager->mdns_support == RESOLVE_SUPPORT_YES) {
+ link_get_mdns_support(a->link) == RESOLVE_SUPPORT_YES) {
if (!a->link->manager->mdns_host_ipv4_key) {
a->link->manager->mdns_host_ipv4_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_A, a->link->manager->mdns_hostname);
if (!a->link->manager->mdns_host_ipv4_key) {
r = dns_zone_put(&a->link->mdns_ipv4_scope->zone, a->link->mdns_ipv4_scope, a->mdns_address_rr, true);
if (r < 0)
- log_warning_errno(r, "Failed to add A record to MDNS zone: %m");
+ log_link_warning_errno(a->link, r, "Failed to add A record to MDNS zone, ignoring: %m");
r = dns_zone_put(&a->link->mdns_ipv4_scope->zone, a->link->mdns_ipv4_scope, a->mdns_ptr_rr, false);
if (r < 0)
- log_warning_errno(r, "Failed to add IPv4 PTR record to MDNS zone: %m");
+ log_link_warning_errno(a->link, r, "Failed to add IPv4 PTR record to MDNS zone, ignoring: %m");
} else {
if (a->mdns_address_rr) {
if (a->link->mdns_ipv4_scope)
if (!force_remove &&
link_address_relevant(a, true) &&
a->link->llmnr_ipv6_scope &&
- a->link->llmnr_support == RESOLVE_SUPPORT_YES &&
- a->link->manager->llmnr_support == RESOLVE_SUPPORT_YES) {
+ link_get_llmnr_support(a->link) == RESOLVE_SUPPORT_YES) {
if (!a->link->manager->llmnr_host_ipv6_key) {
a->link->manager->llmnr_host_ipv6_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_AAAA, a->link->manager->llmnr_hostname);
r = dns_zone_put(&a->link->llmnr_ipv6_scope->zone, a->link->llmnr_ipv6_scope, a->llmnr_address_rr, true);
if (r < 0)
- log_warning_errno(r, "Failed to add AAAA record to LLMNR zone: %m");
+ log_link_warning_errno(a->link, r, "Failed to add AAAA record to LLMNR zone, ignoring: %m");
r = dns_zone_put(&a->link->llmnr_ipv6_scope->zone, a->link->llmnr_ipv6_scope, a->llmnr_ptr_rr, false);
if (r < 0)
- log_warning_errno(r, "Failed to add IPv6 PTR record to LLMNR zone: %m");
+ log_link_warning_errno(a->link, r, "Failed to add IPv6 PTR record to LLMNR zone, ignoring: %m");
} else {
if (a->llmnr_address_rr) {
if (a->link->llmnr_ipv6_scope)
if (!force_remove &&
link_address_relevant(a, true) &&
a->link->mdns_ipv6_scope &&
- a->link->mdns_support == RESOLVE_SUPPORT_YES &&
- a->link->manager->mdns_support == RESOLVE_SUPPORT_YES) {
+ link_get_mdns_support(a->link) == RESOLVE_SUPPORT_YES) {
if (!a->link->manager->mdns_host_ipv6_key) {
a->link->manager->mdns_host_ipv6_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_AAAA, a->link->manager->mdns_hostname);
r = dns_zone_put(&a->link->mdns_ipv6_scope->zone, a->link->mdns_ipv6_scope, a->mdns_address_rr, true);
if (r < 0)
- log_warning_errno(r, "Failed to add AAAA record to MDNS zone: %m");
+ log_link_warning_errno(a->link, r, "Failed to add AAAA record to MDNS zone, ignoring: %m");
r = dns_zone_put(&a->link->mdns_ipv6_scope->zone, a->link->mdns_ipv6_scope, a->mdns_ptr_rr, false);
if (r < 0)
- log_warning_errno(r, "Failed to add IPv6 PTR record to MDNS zone: %m");
+ log_link_warning_errno(a->link, r, "Failed to add IPv6 PTR record to MDNS zone, ignoring: %m");
} else {
if (a->mdns_address_rr) {
if (a->link->mdns_ipv6_scope)
return;
fail:
- log_debug_errno(r, "Failed to update address RRs: %m");
+ log_link_debug_errno(a->link, r, "Failed to update address RRs, ignoring: %m");
}
int link_address_update_rtnl(LinkAddress *a, sd_netlink_message *m) {
return false;
if (l->llmnr_support != RESOLVE_SUPPORT_YES ||
- l->mdns_support != RESOLVE_SUPPORT_NO ||
+ l->mdns_support != RESOLVE_SUPPORT_YES ||
l->dnssec_mode != _DNSSEC_MODE_INVALID ||
l->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
return true;
if (v)
fprintf(f, "DNSSEC=%s\n", v);
+ v = dns_over_tls_mode_to_string(l->dns_over_tls_mode);
+ if (v)
+ fprintf(f, "DNSOVERTLS=%s\n", v);
+
if (l->default_route >= 0)
fprintf(f, "DEFAULT_ROUTE=%s\n", yes_no(l->default_route));
if (l->dns_servers) {
- DnsServer *server;
-
fputs("SERVERS=", f);
LIST_FOREACH(servers, server, l->dns_servers) {
}
if (l->search_domains) {
- DnsSearchDomain *domain;
-
fputs("DOMAINS=", f);
LIST_FOREACH(domains, domain, l->search_domains) {
if (temp_path)
(void) unlink(temp_path);
- return log_error_errno(r, "Failed to save link data %s: %m", l->state_file);
+ return log_link_error_errno(l, r, "Failed to save link data %s: %m", l->state_file);
}
int link_load_user(Link *l) {
*llmnr = NULL,
*mdns = NULL,
*dnssec = NULL,
+ *dns_over_tls = NULL,
*servers = NULL,
*domains = NULL,
*ntas = NULL,
"LLMNR", &llmnr,
"MDNS", &mdns,
"DNSSEC", &dnssec,
+ "DNSOVERTLS", &dns_over_tls,
"SERVERS", &servers,
"DOMAINS", &domains,
"NTAS", &ntas,
/* If we can't recognize the DNSSEC setting, then set it to invalid, so that the daemon default is used. */
l->dnssec_mode = dnssec_mode_from_string(dnssec);
+ /* Same for DNSOverTLS */
+ l->dns_over_tls_mode = dns_over_tls_mode_from_string(dns_over_tls);
+
for (p = servers;;) {
_cleanup_free_ char *word = NULL;
r = link_update_dns_server_one(l, word);
if (r < 0) {
- log_debug_errno(r, "Failed to load DNS server '%s', ignoring: %m", word);
+ log_link_debug_errno(l, r, "Failed to load DNS server '%s', ignoring: %m", word);
continue;
}
}
r = link_update_search_domain_one(l, n, is_route);
if (r < 0) {
- log_debug_errno(r, "Failed to load search domain '%s', ignoring: %m", word);
+ log_link_debug_errno(l, r, "Failed to load search domain '%s', ignoring: %m", word);
continue;
}
}
return 0;
fail:
- return log_error_errno(r, "Failed to load link data %s: %m", l->state_file);
+ return log_link_error_errno(l, r, "Failed to load link data %s: %m", l->state_file);
}
void link_remove_user(Link *l) {