Merge pull request #9346 from keszybz/journald-exact2

[thirdparty/systemd.git] / src / resolve / resolved-link.c
diff --git a/src/resolve/resolved-link.c b/src/resolve/resolved-link.c

index f2552a11de6e7ac16e5063654bb2740ad1689eb8..ff2be12415b55fd12ab1ecbe5d0eb5aa35a4af6f 100644 (file)
--- a/src/resolve/resolved-link.c
+++ b/src/resolve/resolved-link.c
@@ -1,9 +1,4 @@
  /* SPDX-License-Identifier: LGPL-2.1+ */
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Lennart Poettering
-***/
  
  #include <net/if.h>
  #include <stdio_ext.h>
@@ -41,6 +36,7 @@ int link_new(Manager *m, Link **ret, int ifindex) {
          l->llmnr_support = RESOLVE_SUPPORT_YES;
          l->mdns_support = RESOLVE_SUPPORT_NO;
          l->dnssec_mode = _DNSSEC_MODE_INVALID;
+        l->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID;
          l->operstate = IF_OPER_UNKNOWN;
  
          if (asprintf(&l->state_file, "/run/systemd/resolve/netif/%i", ifindex) < 0)
@@ -65,6 +61,7 @@ void link_flush_settings(Link *l) {
          l->llmnr_support = RESOLVE_SUPPORT_YES;
          l->mdns_support = RESOLVE_SUPPORT_NO;
          l->dnssec_mode = _DNSSEC_MODE_INVALID;
+        l->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID;
  
          dns_server_unlink_all(l->dns_servers);
          dns_search_domain_unlink_all(l->search_domains);
@@ -115,6 +112,11 @@ void link_allocate_scopes(Link *l) {
  
                  dns_server_reset_features_all(l->manager->fallback_dns_servers);
                  dns_server_reset_features_all(l->manager->dns_servers);
+
+                /* Also, flush the global unicast scope, to deal with split horizon setups, where talking through one
+                 * interface reveals different DNS zones than through others. */
+                if (l->manager->unicast_scope)
+                        dns_cache_flush(&l->manager->unicast_scope->cache);
          }
  
          /* And now, allocate all scopes that makes sense now if we didn't have them yet, and drop those which we don't
@@ -347,6 +349,46 @@ clear:
          return r;
  }
  
+void link_set_dns_over_tls_mode(Link *l, DnsOverTlsMode mode) {
+
+        assert(l);
+
+#if ! ENABLE_DNS_OVER_TLS
+        if (mode != DNS_OVER_TLS_NO)
+                log_warning("DNS-over-TLS option for the link cannot be set to opportunistic when systemd-resolved is built without DNS-over-TLS support. Turning off DNS-over-TLS support.");
+        return;
+#endif
+
+        l->dns_over_tls_mode = mode;
+}
+
+static int link_update_dns_over_tls_mode(Link *l) {
+        _cleanup_free_ char *b = NULL;
+        int r;
+
+        assert(l);
+
+        r = sd_network_link_get_dns_over_tls(l->ifindex, &b);
+        if (r == -ENODATA) {
+                r = 0;
+                goto clear;
+        }
+        if (r < 0)
+                goto clear;
+
+        l->dns_over_tls_mode = dns_over_tls_mode_from_string(b);
+        if (l->dns_over_tls_mode < 0) {
+                r = -EINVAL;
+                goto clear;
+        }
+
+        return 0;
+
+clear:
+        l->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID;
+        return r;
+}
+
  void link_set_dnssec_mode(Link *l, DnssecMode mode) {
  
          assert(l);
@@ -554,6 +596,10 @@ static void link_read_settings(Link *l) {
          if (r < 0)
                  log_warning_errno(r, "Failed to read mDNS support for interface %s, ignoring: %m", l->name);
  
+        r = link_update_dns_over_tls_mode(l);
+        if (r < 0)
+                log_warning_errno(r, "Failed to read DNS-over-TLS mode for interface %s, ignoring: %m", l->name);
+
          r = link_update_dnssec_mode(l);
          if (r < 0)
                  log_warning_errno(r, "Failed to read DNSSEC mode for interface %s, ignoring: %m", l->name);
@@ -687,6 +733,15 @@ void link_next_dns_server(Link *l) {
          link_set_dns_server(l, l->dns_servers);
  }
  
+DnsOverTlsMode link_get_dns_over_tls_mode(Link *l) {
+        assert(l);
+
+        if (l->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
+                return l->dns_over_tls_mode;
+
+        return manager_get_dns_over_tls_mode(l->manager);
+}
+
  DnssecMode link_get_dnssec_mode(Link *l) {
          assert(l);
  
@@ -1202,7 +1257,7 @@ int link_load_user(Link *l) {
          if (l->is_managed)
                  return 0; /* if the device is managed, then networkd is our configuration source, not the bus API */
  
-        r = parse_env_file(l->state_file, NEWLINE,
+        r = parse_env_file(NULL, l->state_file, NEWLINE,
                             "LLMNR", &llmnr,
                             "MDNS", &mdns,
                             "DNSSEC", &dnssec,