]>
Commit | Line | Data |
---|---|---|
74b2466e LP |
1 | /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ |
2 | ||
3 | /*** | |
4 | This file is part of systemd. | |
5 | ||
6 | Copyright 2014 Lennart Poettering | |
7 | ||
8 | systemd is free software; you can redistribute it and/or modify it | |
9 | under the terms of the GNU Lesser General Public License as published by | |
10 | the Free Software Foundation; either version 2.1 of the License, or | |
11 | (at your option) any later version. | |
12 | ||
13 | systemd is distributed in the hope that it will be useful, but | |
14 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
16 | Lesser General Public License for more details. | |
17 | ||
18 | You should have received a copy of the GNU Lesser General Public License | |
19 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
20 | ***/ | |
21 | ||
ad867662 LP |
22 | #include <netinet/tcp.h> |
23 | ||
46f08bea | 24 | #include "af-list.h" |
b5efdb8a | 25 | #include "alloc-util.h" |
4ad7f276 | 26 | #include "dns-domain.h" |
3ffd4af2 LP |
27 | #include "fd-util.h" |
28 | #include "hostname-util.h" | |
29 | #include "missing.h" | |
30 | #include "random-util.h" | |
74b2466e | 31 | #include "resolved-dns-scope.h" |
3ffd4af2 | 32 | #include "resolved-llmnr.h" |
b4f1862d | 33 | #include "resolved-mdns.h" |
3ffd4af2 LP |
34 | #include "socket-util.h" |
35 | #include "strv.h" | |
74b2466e | 36 | |
aea2429d LP |
37 | #define MULTICAST_RATELIMIT_INTERVAL_USEC (1*USEC_PER_SEC) |
38 | #define MULTICAST_RATELIMIT_BURST 1000 | |
39 | ||
9df3ba6c TG |
40 | /* After how much time to repeat LLMNR requests, see RFC 4795 Section 7 */ |
41 | #define MULTICAST_RESEND_TIMEOUT_MIN_USEC (100 * USEC_PER_MSEC) | |
42 | #define MULTICAST_RESEND_TIMEOUT_MAX_USEC (1 * USEC_PER_SEC) | |
43 | ||
0dd25fb9 | 44 | int dns_scope_new(Manager *m, DnsScope **ret, Link *l, DnsProtocol protocol, int family) { |
74b2466e LP |
45 | DnsScope *s; |
46 | ||
47 | assert(m); | |
48 | assert(ret); | |
49 | ||
50 | s = new0(DnsScope, 1); | |
51 | if (!s) | |
52 | return -ENOMEM; | |
53 | ||
54 | s->manager = m; | |
1716f6dc LP |
55 | s->link = l; |
56 | s->protocol = protocol; | |
57 | s->family = family; | |
9df3ba6c | 58 | s->resend_timeout = MULTICAST_RESEND_TIMEOUT_MIN_USEC; |
74b2466e LP |
59 | |
60 | LIST_PREPEND(scopes, m->dns_scopes, s); | |
61 | ||
1716f6dc | 62 | dns_scope_llmnr_membership(s, true); |
0db4c90a | 63 | dns_scope_mdns_membership(s, true); |
1716f6dc | 64 | |
46f08bea | 65 | log_debug("New scope on link %s, protocol %s, family %s", l ? l->name : "*", dns_protocol_to_string(protocol), family == AF_UNSPEC ? "*" : af_to_name(family)); |
1716f6dc | 66 | |
aea2429d LP |
67 | /* Enforce ratelimiting for the multicast protocols */ |
68 | RATELIMIT_INIT(s->ratelimit, MULTICAST_RATELIMIT_INTERVAL_USEC, MULTICAST_RATELIMIT_BURST); | |
69 | ||
74b2466e LP |
70 | *ret = s; |
71 | return 0; | |
72 | } | |
73 | ||
801ad6a6 | 74 | static void dns_scope_abort_transactions(DnsScope *s) { |
801ad6a6 | 75 | assert(s); |
1716f6dc | 76 | |
f9ebb22a LP |
77 | while (s->transactions) { |
78 | DnsTransaction *t = s->transactions; | |
79 | ||
faa133f3 LP |
80 | /* Abort the transaction, but make sure it is not |
81 | * freed while we still look at it */ | |
74b2466e | 82 | |
faa133f3 | 83 | t->block_gc++; |
ec2c5e43 | 84 | dns_transaction_complete(t, DNS_TRANSACTION_ABORTED); |
faa133f3 | 85 | t->block_gc--; |
74b2466e | 86 | |
ec2c5e43 | 87 | dns_transaction_free(t); |
74b2466e | 88 | } |
801ad6a6 LP |
89 | } |
90 | ||
91 | DnsScope* dns_scope_free(DnsScope *s) { | |
92 | DnsResourceRecord *rr; | |
93 | ||
94 | if (!s) | |
95 | return NULL; | |
96 | ||
97 | log_debug("Removing scope on link %s, protocol %s, family %s", s->link ? s->link->name : "*", dns_protocol_to_string(s->protocol), s->family == AF_UNSPEC ? "*" : af_to_name(s->family)); | |
98 | ||
99 | dns_scope_llmnr_membership(s, false); | |
0db4c90a | 100 | dns_scope_mdns_membership(s, false); |
801ad6a6 LP |
101 | dns_scope_abort_transactions(s); |
102 | ||
103 | while (s->query_candidates) | |
104 | dns_query_candidate_free(s->query_candidates); | |
74b2466e | 105 | |
f9ebb22a | 106 | hashmap_free(s->transactions_by_key); |
da0c630e | 107 | |
1e43061b | 108 | while ((rr = ordered_hashmap_steal_first(s->conflict_queue))) |
a4076574 LP |
109 | dns_resource_record_unref(rr); |
110 | ||
1e43061b | 111 | ordered_hashmap_free(s->conflict_queue); |
a4076574 LP |
112 | sd_event_source_unref(s->conflict_event_source); |
113 | ||
322345fd | 114 | dns_cache_flush(&s->cache); |
623a4c97 | 115 | dns_zone_flush(&s->zone); |
322345fd | 116 | |
74b2466e | 117 | LIST_REMOVE(scopes, s->manager->dns_scopes, s); |
74b2466e LP |
118 | free(s); |
119 | ||
120 | return NULL; | |
121 | } | |
122 | ||
2c27fbca | 123 | DnsServer *dns_scope_get_dns_server(DnsScope *s) { |
74b2466e LP |
124 | assert(s); |
125 | ||
1716f6dc LP |
126 | if (s->protocol != DNS_PROTOCOL_DNS) |
127 | return NULL; | |
128 | ||
74b2466e LP |
129 | if (s->link) |
130 | return link_get_dns_server(s->link); | |
131 | else | |
132 | return manager_get_dns_server(s->manager); | |
133 | } | |
134 | ||
135 | void dns_scope_next_dns_server(DnsScope *s) { | |
136 | assert(s); | |
137 | ||
1716f6dc LP |
138 | if (s->protocol != DNS_PROTOCOL_DNS) |
139 | return; | |
140 | ||
74b2466e LP |
141 | if (s->link) |
142 | link_next_dns_server(s->link); | |
143 | else | |
144 | manager_next_dns_server(s->manager); | |
145 | } | |
146 | ||
9df3ba6c TG |
147 | void dns_scope_packet_received(DnsScope *s, usec_t rtt) { |
148 | assert(s); | |
149 | ||
84129d46 LP |
150 | if (rtt <= s->max_rtt) |
151 | return; | |
152 | ||
153 | s->max_rtt = rtt; | |
154 | s->resend_timeout = MIN(MAX(MULTICAST_RESEND_TIMEOUT_MIN_USEC, s->max_rtt * 2), MULTICAST_RESEND_TIMEOUT_MAX_USEC); | |
9df3ba6c TG |
155 | } |
156 | ||
157 | void dns_scope_packet_lost(DnsScope *s, usec_t usec) { | |
158 | assert(s); | |
159 | ||
160 | if (s->resend_timeout <= usec) | |
161 | s->resend_timeout = MIN(s->resend_timeout * 2, MULTICAST_RESEND_TIMEOUT_MAX_USEC); | |
162 | } | |
163 | ||
80a62095 | 164 | static int dns_scope_emit_one(DnsScope *s, int fd, DnsServer *server, DnsPacket *p) { |
1716f6dc LP |
165 | union in_addr_union addr; |
166 | int ifindex = 0, r; | |
0dd25fb9 | 167 | int family; |
1716f6dc | 168 | uint32_t mtu; |
9c5e12a4 | 169 | size_t saved_size = 0; |
74b2466e LP |
170 | |
171 | assert(s); | |
172 | assert(p); | |
1716f6dc | 173 | assert(p->protocol == s->protocol); |
471d40d9 | 174 | assert((s->protocol == DNS_PROTOCOL_DNS) != (fd < 0)); |
ad867662 LP |
175 | |
176 | if (s->link) { | |
1716f6dc | 177 | mtu = s->link->mtu; |
74b2466e | 178 | ifindex = s->link->ifindex; |
1716f6dc | 179 | } else |
e1c95994 | 180 | mtu = manager_find_mtu(s->manager); |
74b2466e | 181 | |
106784eb DM |
182 | switch (s->protocol) { |
183 | case DNS_PROTOCOL_DNS: | |
9c5e12a4 TG |
184 | assert(server); |
185 | ||
623a4c97 | 186 | if (DNS_PACKET_QDCOUNT(p) > 1) |
15411c0c | 187 | return -EOPNOTSUPP; |
623a4c97 | 188 | |
9c5e12a4 | 189 | if (server->possible_features >= DNS_SERVER_FEATURE_LEVEL_EDNS0) { |
7586f4d1 | 190 | bool edns_do; |
d74fb368 | 191 | size_t packet_size; |
7586f4d1 TG |
192 | |
193 | edns_do = server->possible_features >= DNS_SERVER_FEATURE_LEVEL_DO; | |
194 | ||
d74fb368 TG |
195 | if (server->possible_features >= DNS_SERVER_FEATURE_LEVEL_LARGE) |
196 | packet_size = DNS_PACKET_UNICAST_SIZE_LARGE_MAX; | |
197 | else | |
198 | packet_size = server->received_udp_packet_max; | |
199 | ||
200 | r = dns_packet_append_opt_rr(p, packet_size, edns_do, &saved_size); | |
9c5e12a4 TG |
201 | if (r < 0) |
202 | return r; | |
203 | ||
204 | DNS_PACKET_HEADER(p)->arcount = htobe16(be16toh(DNS_PACKET_HEADER(p)->arcount) + 1); | |
205 | } | |
206 | ||
1716f6dc LP |
207 | if (p->size > DNS_PACKET_UNICAST_SIZE_MAX) |
208 | return -EMSGSIZE; | |
209 | ||
a0166609 | 210 | if (p->size + UDP_PACKET_HEADER_SIZE > mtu) |
1716f6dc LP |
211 | return -EMSGSIZE; |
212 | ||
72290734 TG |
213 | r = manager_write(s->manager, fd, p); |
214 | if (r < 0) | |
215 | return r; | |
216 | ||
9c5e12a4 TG |
217 | if (saved_size > 0) { |
218 | dns_packet_truncate(p, saved_size); | |
219 | ||
220 | DNS_PACKET_HEADER(p)->arcount = htobe16(be16toh(DNS_PACKET_HEADER(p)->arcount) - 1); | |
221 | } | |
222 | ||
106784eb | 223 | break; |
1716f6dc | 224 | |
106784eb | 225 | case DNS_PROTOCOL_LLMNR: |
1716f6dc | 226 | if (DNS_PACKET_QDCOUNT(p) > 1) |
15411c0c | 227 | return -EOPNOTSUPP; |
1716f6dc | 228 | |
aea2429d LP |
229 | if (!ratelimit_test(&s->ratelimit)) |
230 | return -EBUSY; | |
231 | ||
1716f6dc | 232 | family = s->family; |
1716f6dc LP |
233 | |
234 | if (family == AF_INET) { | |
235 | addr.in = LLMNR_MULTICAST_IPV4_ADDRESS; | |
1716f6dc LP |
236 | fd = manager_llmnr_ipv4_udp_fd(s->manager); |
237 | } else if (family == AF_INET6) { | |
238 | addr.in6 = LLMNR_MULTICAST_IPV6_ADDRESS; | |
239 | fd = manager_llmnr_ipv6_udp_fd(s->manager); | |
1716f6dc LP |
240 | } else |
241 | return -EAFNOSUPPORT; | |
242 | if (fd < 0) | |
243 | return fd; | |
72290734 | 244 | |
b4f1862d DM |
245 | r = manager_send(s->manager, fd, ifindex, family, &addr, LLMNR_PORT, p); |
246 | if (r < 0) | |
247 | return r; | |
248 | ||
249 | break; | |
250 | ||
251 | case DNS_PROTOCOL_MDNS: | |
252 | if (!ratelimit_test(&s->ratelimit)) | |
253 | return -EBUSY; | |
254 | ||
255 | family = s->family; | |
256 | ||
257 | if (family == AF_INET) { | |
258 | addr.in = MDNS_MULTICAST_IPV4_ADDRESS; | |
259 | fd = manager_mdns_ipv4_fd(s->manager); | |
260 | } else if (family == AF_INET6) { | |
261 | addr.in6 = MDNS_MULTICAST_IPV6_ADDRESS; | |
262 | fd = manager_mdns_ipv6_fd(s->manager); | |
263 | } else | |
264 | return -EAFNOSUPPORT; | |
265 | if (fd < 0) | |
266 | return fd; | |
267 | ||
268 | r = manager_send(s->manager, fd, ifindex, family, &addr, MDNS_PORT, p); | |
72290734 TG |
269 | if (r < 0) |
270 | return r; | |
106784eb DM |
271 | |
272 | break; | |
273 | ||
274 | default: | |
74b2466e | 275 | return -EAFNOSUPPORT; |
106784eb | 276 | } |
74b2466e | 277 | |
74b2466e LP |
278 | return 1; |
279 | } | |
280 | ||
80a62095 DM |
281 | int dns_scope_emit(DnsScope *s, int fd, DnsServer *server, DnsPacket *p) { |
282 | int r; | |
283 | ||
284 | assert(s); | |
285 | assert(p); | |
286 | assert(p->protocol == s->protocol); | |
287 | assert((s->protocol == DNS_PROTOCOL_DNS) != (fd < 0)); | |
288 | ||
289 | do { | |
290 | /* If there are multiple linked packets, set the TC bit in all but the last of them */ | |
291 | if (p->more) { | |
292 | assert(p->protocol == DNS_PROTOCOL_MDNS); | |
261f3673 | 293 | dns_packet_set_flags(p, true, true); |
80a62095 DM |
294 | } |
295 | ||
296 | r = dns_scope_emit_one(s, fd, server, p); | |
297 | if (r < 0) | |
298 | return r; | |
299 | ||
300 | p = p->more; | |
301 | } while(p); | |
302 | ||
303 | return 0; | |
304 | } | |
305 | ||
0db64366 | 306 | static int dns_scope_socket(DnsScope *s, int type, int family, const union in_addr_union *address, uint16_t port, DnsServer **server) { |
8300ba21 | 307 | DnsServer *srv = NULL; |
ad867662 LP |
308 | _cleanup_close_ int fd = -1; |
309 | union sockaddr_union sa = {}; | |
310 | socklen_t salen; | |
623a4c97 LP |
311 | static const int one = 1; |
312 | int ret, r; | |
ad867662 LP |
313 | |
314 | assert(s); | |
623a4c97 | 315 | assert((family == AF_UNSPEC) == !address); |
ad867662 | 316 | |
623a4c97 | 317 | if (family == AF_UNSPEC) { |
2c27fbca | 318 | srv = dns_scope_get_dns_server(s); |
623a4c97 LP |
319 | if (!srv) |
320 | return -ESRCH; | |
321 | ||
be808ea0 TG |
322 | srv->possible_features = dns_server_possible_features(srv); |
323 | ||
324 | if (type == SOCK_DGRAM && srv->possible_features < DNS_SERVER_FEATURE_LEVEL_UDP) | |
325 | return -EAGAIN; | |
326 | ||
623a4c97 LP |
327 | sa.sa.sa_family = srv->family; |
328 | if (srv->family == AF_INET) { | |
329 | sa.in.sin_port = htobe16(port); | |
330 | sa.in.sin_addr = srv->address.in; | |
331 | salen = sizeof(sa.in); | |
332 | } else if (srv->family == AF_INET6) { | |
333 | sa.in6.sin6_port = htobe16(port); | |
334 | sa.in6.sin6_addr = srv->address.in6; | |
335 | sa.in6.sin6_scope_id = s->link ? s->link->ifindex : 0; | |
336 | salen = sizeof(sa.in6); | |
337 | } else | |
338 | return -EAFNOSUPPORT; | |
339 | } else { | |
340 | sa.sa.sa_family = family; | |
341 | ||
342 | if (family == AF_INET) { | |
343 | sa.in.sin_port = htobe16(port); | |
344 | sa.in.sin_addr = address->in; | |
345 | salen = sizeof(sa.in); | |
346 | } else if (family == AF_INET6) { | |
347 | sa.in6.sin6_port = htobe16(port); | |
348 | sa.in6.sin6_addr = address->in6; | |
349 | sa.in6.sin6_scope_id = s->link ? s->link->ifindex : 0; | |
350 | salen = sizeof(sa.in6); | |
351 | } else | |
352 | return -EAFNOSUPPORT; | |
353 | } | |
ad867662 | 354 | |
0db64366 | 355 | fd = socket(sa.sa.sa_family, type|SOCK_CLOEXEC|SOCK_NONBLOCK, 0); |
ad867662 LP |
356 | if (fd < 0) |
357 | return -errno; | |
358 | ||
0db64366 TG |
359 | if (type == SOCK_STREAM) { |
360 | r = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &one, sizeof(one)); | |
361 | if (r < 0) | |
362 | return -errno; | |
363 | } | |
623a4c97 LP |
364 | |
365 | if (s->link) { | |
366 | uint32_t ifindex = htobe32(s->link->ifindex); | |
367 | ||
368 | if (sa.sa.sa_family == AF_INET) { | |
369 | r = setsockopt(fd, IPPROTO_IP, IP_UNICAST_IF, &ifindex, sizeof(ifindex)); | |
370 | if (r < 0) | |
371 | return -errno; | |
372 | } else if (sa.sa.sa_family == AF_INET6) { | |
373 | r = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_IF, &ifindex, sizeof(ifindex)); | |
374 | if (r < 0) | |
375 | return -errno; | |
376 | } | |
377 | } | |
378 | ||
379 | if (s->protocol == DNS_PROTOCOL_LLMNR) { | |
bf3f1271 | 380 | /* RFC 4795, section 2.5 requires the TTL to be set to 1 */ |
623a4c97 LP |
381 | |
382 | if (sa.sa.sa_family == AF_INET) { | |
383 | r = setsockopt(fd, IPPROTO_IP, IP_TTL, &one, sizeof(one)); | |
384 | if (r < 0) | |
385 | return -errno; | |
386 | } else if (sa.sa.sa_family == AF_INET6) { | |
387 | r = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &one, sizeof(one)); | |
388 | if (r < 0) | |
389 | return -errno; | |
390 | } | |
391 | } | |
ad867662 LP |
392 | |
393 | r = connect(fd, &sa.sa, salen); | |
394 | if (r < 0 && errno != EINPROGRESS) | |
395 | return -errno; | |
396 | ||
8300ba21 TG |
397 | if (server) |
398 | *server = srv; | |
399 | ||
ad867662 LP |
400 | ret = fd; |
401 | fd = -1; | |
623a4c97 | 402 | |
ad867662 LP |
403 | return ret; |
404 | } | |
405 | ||
0db64366 TG |
406 | int dns_scope_udp_dns_socket(DnsScope *s, DnsServer **server) { |
407 | return dns_scope_socket(s, SOCK_DGRAM, AF_UNSPEC, NULL, 53, server); | |
408 | } | |
409 | ||
410 | int dns_scope_tcp_socket(DnsScope *s, int family, const union in_addr_union *address, uint16_t port, DnsServer **server) { | |
411 | return dns_scope_socket(s, SOCK_STREAM, family, address, port, server); | |
412 | } | |
413 | ||
51323288 | 414 | DnsScopeMatch dns_scope_good_domain(DnsScope *s, int ifindex, uint64_t flags, const char *domain) { |
a51c1048 | 415 | DnsSearchDomain *d; |
74b2466e LP |
416 | |
417 | assert(s); | |
418 | assert(domain); | |
419 | ||
28b9b764 LP |
420 | /* Checks if the specified domain is something to look up on |
421 | * this scope. Note that this accepts non-qualified hostnames, | |
422 | * i.e. those without any search path prefixed yet. */ | |
423 | ||
51323288 LP |
424 | if (ifindex != 0 && (!s->link || s->link->ifindex != ifindex)) |
425 | return DNS_SCOPE_NO; | |
426 | ||
931851e8 | 427 | if ((SD_RESOLVED_FLAGS_MAKE(s->protocol, s->family, 0) & flags) == 0) |
51323288 LP |
428 | return DNS_SCOPE_NO; |
429 | ||
78c6a153 LP |
430 | /* Never resolve any loopback hostname or IP address via DNS, |
431 | * LLMNR or mDNS. Instead, always rely on synthesized RRs for | |
432 | * these. */ | |
433 | if (is_localhost(domain) || | |
434 | dns_name_endswith(domain, "127.in-addr.arpa") > 0 || | |
9436e8ca LP |
435 | dns_name_equal(domain, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa") > 0) |
436 | return DNS_SCOPE_NO; | |
437 | ||
c9ad0edb LP |
438 | /* Never respond to some of the domains listed in RFC6303 */ |
439 | if (dns_name_endswith(domain, "0.in-addr.arpa") > 0 || | |
440 | dns_name_equal(domain, "255.255.255.255.in-addr.arpa") > 0 || | |
441 | dns_name_equal(domain, "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa") > 0) | |
442 | return DNS_SCOPE_NO; | |
443 | ||
7bcffc2e LP |
444 | /* Never respond to some of the domains listed in RFC6761 */ |
445 | if (dns_name_endswith(domain, "invalid") > 0) | |
446 | return DNS_SCOPE_NO; | |
447 | ||
801ad6a6 LP |
448 | /* Always honour search domains for routing queries. Note that |
449 | * we return DNS_SCOPE_YES here, rather than just | |
450 | * DNS_SCOPE_MAYBE, which means wildcard scopes won't be | |
451 | * considered anymore. */ | |
a51c1048 LP |
452 | LIST_FOREACH(domains, d, dns_scope_get_search_domains(s)) |
453 | if (dns_name_endswith(domain, d->name) > 0) | |
9b644bf9 LP |
454 | return DNS_SCOPE_YES; |
455 | ||
106784eb | 456 | switch (s->protocol) { |
801ad6a6 | 457 | |
dc477e73 | 458 | case DNS_PROTOCOL_DNS: |
801ad6a6 | 459 | |
28b9b764 LP |
460 | /* Exclude link-local IP ranges */ |
461 | if (dns_name_endswith(domain, "254.169.in-addr.arpa") == 0 && | |
c9ad0edb LP |
462 | dns_name_endswith(domain, "8.e.f.ip6.arpa") == 0 && |
463 | dns_name_endswith(domain, "9.e.f.ip6.arpa") == 0 && | |
464 | dns_name_endswith(domain, "a.e.f.ip6.arpa") == 0 && | |
b43d96b0 DM |
465 | dns_name_endswith(domain, "b.e.f.ip6.arpa") == 0 && |
466 | /* If networks use .local in their private setups, they are supposed to also add .local to their search | |
467 | * domains, which we already checked above. Otherwise, we consider .local specific to mDNS and won't | |
468 | * send such queries ordinary DNS servers. */ | |
469 | dns_name_endswith(domain, "local") == 0) | |
faa133f3 | 470 | return DNS_SCOPE_MAYBE; |
1716f6dc | 471 | |
faa133f3 | 472 | return DNS_SCOPE_NO; |
1716f6dc | 473 | |
106784eb | 474 | case DNS_PROTOCOL_MDNS: |
78c6a153 LP |
475 | if ((s->family == AF_INET && dns_name_endswith(domain, "in-addr.arpa") > 0) || |
476 | (s->family == AF_INET6 && dns_name_endswith(domain, "ip6.arpa") > 0) || | |
477 | (dns_name_endswith(domain, "local") > 0 && /* only resolve names ending in .local via mDNS */ | |
478 | dns_name_equal(domain, "local") == 0 && /* but not the single-label "local" name itself */ | |
479 | manager_is_own_hostname(s->manager, domain) <= 0)) /* never resolve the local hostname via mDNS */ | |
d8b7e75f | 480 | return DNS_SCOPE_MAYBE; |
74b2466e LP |
481 | |
482 | return DNS_SCOPE_NO; | |
74b2466e | 483 | |
106784eb | 484 | case DNS_PROTOCOL_LLMNR: |
78c6a153 LP |
485 | if ((s->family == AF_INET && dns_name_endswith(domain, "in-addr.arpa") > 0) || |
486 | (s->family == AF_INET6 && dns_name_endswith(domain, "ip6.arpa") > 0) || | |
dc477e73 | 487 | (dns_name_is_single_label(domain) && /* only resolve single label names via LLMNR */ |
78c6a153 LP |
488 | !is_gateway_hostname(domain) && /* don't resolve "gateway" with LLMNR, let nss-myhostname handle this */ |
489 | manager_is_own_hostname(s->manager, domain) <= 0)) /* never resolve the local hostname via LLMNR */ | |
1716f6dc | 490 | return DNS_SCOPE_MAYBE; |
74b2466e | 491 | |
1716f6dc | 492 | return DNS_SCOPE_NO; |
74b2466e | 493 | |
106784eb DM |
494 | default: |
495 | assert_not_reached("Unknown scope protocol"); | |
496 | } | |
1716f6dc LP |
497 | } |
498 | ||
499 | int dns_scope_good_key(DnsScope *s, DnsResourceKey *key) { | |
500 | assert(s); | |
501 | assert(key); | |
502 | ||
28b9b764 LP |
503 | /* Check if it makes sense to resolve the specified key on |
504 | * this scope. Note that this call assumes as fully qualified | |
505 | * name, i.e. the search suffixes already appended. */ | |
506 | ||
507 | if (s->protocol == DNS_PROTOCOL_DNS) { | |
508 | ||
e5abebab | 509 | /* On classic DNS, looking up non-address RRs is always |
28b9b764 LP |
510 | * fine. (Specifically, we want to permit looking up |
511 | * DNSKEY and DS records on the root and top-level | |
512 | * domains.) */ | |
513 | if (!dns_resource_key_is_address(key)) | |
514 | return true; | |
515 | ||
516 | /* However, we refuse to look up A and AAAA RRs on the | |
517 | * root and single-label domains, under the assumption | |
518 | * that those should be resolved via LLMNR or search | |
519 | * path only, and should not be leaked onto the | |
520 | * internet. */ | |
521 | return !(dns_name_is_single_label(DNS_RESOURCE_KEY_NAME(key)) || | |
522 | dns_name_is_root(DNS_RESOURCE_KEY_NAME(key))); | |
523 | } | |
1716f6dc LP |
524 | |
525 | /* On mDNS and LLMNR, send A and AAAA queries only on the | |
526 | * respective scopes */ | |
527 | ||
528 | if (s->family == AF_INET && key->class == DNS_CLASS_IN && key->type == DNS_TYPE_AAAA) | |
529 | return false; | |
530 | ||
531 | if (s->family == AF_INET6 && key->class == DNS_CLASS_IN && key->type == DNS_TYPE_A) | |
532 | return false; | |
533 | ||
534 | return true; | |
535 | } | |
536 | ||
0db4c90a | 537 | static int dns_scope_multicast_membership(DnsScope *s, bool b, struct in_addr in, struct in6_addr in6) { |
1716f6dc LP |
538 | int fd; |
539 | ||
5ba73e9b | 540 | assert(s); |
5ba73e9b LP |
541 | assert(s->link); |
542 | ||
1716f6dc LP |
543 | if (s->family == AF_INET) { |
544 | struct ip_mreqn mreqn = { | |
0db4c90a | 545 | .imr_multiaddr = in, |
1716f6dc LP |
546 | .imr_ifindex = s->link->ifindex, |
547 | }; | |
548 | ||
549 | fd = manager_llmnr_ipv4_udp_fd(s->manager); | |
550 | if (fd < 0) | |
551 | return fd; | |
552 | ||
7b4c2ee7 LP |
553 | /* Always first try to drop membership before we add |
554 | * one. This is necessary on some devices, such as | |
555 | * veth. */ | |
556 | if (b) | |
dc751688 | 557 | (void) setsockopt(fd, IPPROTO_IP, IP_DROP_MEMBERSHIP, &mreqn, sizeof(mreqn)); |
7b4c2ee7 | 558 | |
1716f6dc LP |
559 | if (setsockopt(fd, IPPROTO_IP, b ? IP_ADD_MEMBERSHIP : IP_DROP_MEMBERSHIP, &mreqn, sizeof(mreqn)) < 0) |
560 | return -errno; | |
561 | ||
562 | } else if (s->family == AF_INET6) { | |
563 | struct ipv6_mreq mreq = { | |
0db4c90a | 564 | .ipv6mr_multiaddr = in6, |
1716f6dc LP |
565 | .ipv6mr_interface = s->link->ifindex, |
566 | }; | |
567 | ||
568 | fd = manager_llmnr_ipv6_udp_fd(s->manager); | |
569 | if (fd < 0) | |
570 | return fd; | |
571 | ||
7b4c2ee7 | 572 | if (b) |
dc751688 | 573 | (void) setsockopt(fd, IPPROTO_IPV6, IPV6_DROP_MEMBERSHIP, &mreq, sizeof(mreq)); |
7b4c2ee7 | 574 | |
1716f6dc LP |
575 | if (setsockopt(fd, IPPROTO_IPV6, b ? IPV6_ADD_MEMBERSHIP : IPV6_DROP_MEMBERSHIP, &mreq, sizeof(mreq)) < 0) |
576 | return -errno; | |
577 | } else | |
578 | return -EAFNOSUPPORT; | |
579 | ||
580 | return 0; | |
74b2466e | 581 | } |
623a4c97 | 582 | |
0db4c90a DM |
583 | int dns_scope_llmnr_membership(DnsScope *s, bool b) { |
584 | ||
585 | if (s->protocol != DNS_PROTOCOL_LLMNR) | |
586 | return 0; | |
587 | ||
588 | return dns_scope_multicast_membership(s, b, LLMNR_MULTICAST_IPV4_ADDRESS, LLMNR_MULTICAST_IPV6_ADDRESS); | |
589 | } | |
590 | ||
591 | int dns_scope_mdns_membership(DnsScope *s, bool b) { | |
592 | ||
593 | if (s->protocol != DNS_PROTOCOL_MDNS) | |
594 | return 0; | |
595 | ||
596 | return dns_scope_multicast_membership(s, b, MDNS_MULTICAST_IPV4_ADDRESS, MDNS_MULTICAST_IPV6_ADDRESS); | |
597 | } | |
598 | ||
ec2c5e43 LP |
599 | static int dns_scope_make_reply_packet( |
600 | DnsScope *s, | |
601 | uint16_t id, | |
602 | int rcode, | |
603 | DnsQuestion *q, | |
604 | DnsAnswer *answer, | |
605 | DnsAnswer *soa, | |
606 | bool tentative, | |
607 | DnsPacket **ret) { | |
608 | ||
623a4c97 LP |
609 | _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL; |
610 | unsigned i; | |
611 | int r; | |
612 | ||
613 | assert(s); | |
a4076574 | 614 | assert(ret); |
623a4c97 | 615 | |
75cd513e TA |
616 | if ((!q || q->n_keys <= 0) |
617 | && (!answer || answer->n_rrs <= 0) | |
618 | && (!soa || soa->n_rrs <= 0)) | |
623a4c97 LP |
619 | return -EINVAL; |
620 | ||
621 | r = dns_packet_new(&p, s->protocol, 0); | |
622 | if (r < 0) | |
623 | return r; | |
624 | ||
625 | DNS_PACKET_HEADER(p)->id = id; | |
ea917db9 LP |
626 | DNS_PACKET_HEADER(p)->flags = htobe16(DNS_PACKET_MAKE_FLAGS( |
627 | 1 /* qr */, | |
628 | 0 /* opcode */, | |
629 | 0 /* c */, | |
630 | 0 /* tc */, | |
ec2c5e43 | 631 | tentative, |
ea917db9 LP |
632 | 0 /* (ra) */, |
633 | 0 /* (ad) */, | |
634 | 0 /* (cd) */, | |
635 | rcode)); | |
623a4c97 LP |
636 | |
637 | if (q) { | |
638 | for (i = 0; i < q->n_keys; i++) { | |
639 | r = dns_packet_append_key(p, q->keys[i], NULL); | |
640 | if (r < 0) | |
641 | return r; | |
642 | } | |
643 | ||
644 | DNS_PACKET_HEADER(p)->qdcount = htobe16(q->n_keys); | |
645 | } | |
646 | ||
8bf52d3d LP |
647 | if (answer) { |
648 | for (i = 0; i < answer->n_rrs; i++) { | |
a8812dd7 | 649 | r = dns_packet_append_rr(p, answer->items[i].rr, NULL, NULL); |
623a4c97 LP |
650 | if (r < 0) |
651 | return r; | |
652 | } | |
653 | ||
8bf52d3d LP |
654 | DNS_PACKET_HEADER(p)->ancount = htobe16(answer->n_rrs); |
655 | } | |
656 | ||
657 | if (soa) { | |
658 | for (i = 0; i < soa->n_rrs; i++) { | |
a8812dd7 | 659 | r = dns_packet_append_rr(p, soa->items[i].rr, NULL, NULL); |
8bf52d3d LP |
660 | if (r < 0) |
661 | return r; | |
662 | } | |
663 | ||
664 | DNS_PACKET_HEADER(p)->arcount = htobe16(soa->n_rrs); | |
623a4c97 LP |
665 | } |
666 | ||
667 | *ret = p; | |
668 | p = NULL; | |
669 | ||
670 | return 0; | |
671 | } | |
672 | ||
a4076574 LP |
673 | static void dns_scope_verify_conflicts(DnsScope *s, DnsPacket *p) { |
674 | unsigned n; | |
675 | ||
676 | assert(s); | |
677 | assert(p); | |
678 | ||
679 | if (p->question) | |
680 | for (n = 0; n < p->question->n_keys; n++) | |
681 | dns_zone_verify_conflicts(&s->zone, p->question->keys[n]); | |
682 | if (p->answer) | |
683 | for (n = 0; n < p->answer->n_rrs; n++) | |
78c6a153 | 684 | dns_zone_verify_conflicts(&s->zone, p->answer->items[n].rr->key); |
a4076574 LP |
685 | } |
686 | ||
623a4c97 LP |
687 | void dns_scope_process_query(DnsScope *s, DnsStream *stream, DnsPacket *p) { |
688 | _cleanup_(dns_packet_unrefp) DnsPacket *reply = NULL; | |
8bf52d3d | 689 | _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL, *soa = NULL; |
5032b16d | 690 | DnsResourceKey *key = NULL; |
ec2c5e43 | 691 | bool tentative = false; |
623a4c97 LP |
692 | int r, fd; |
693 | ||
694 | assert(s); | |
695 | assert(p); | |
696 | ||
697 | if (p->protocol != DNS_PROTOCOL_LLMNR) | |
698 | return; | |
699 | ||
2442b93d LP |
700 | if (p->ipproto == IPPROTO_UDP) { |
701 | /* Don't accept UDP queries directed to anything but | |
702 | * the LLMNR multicast addresses. See RFC 4795, | |
d076c6f9 | 703 | * section 2.5. */ |
2442b93d LP |
704 | |
705 | if (p->family == AF_INET && !in_addr_equal(AF_INET, &p->destination, (union in_addr_union*) &LLMNR_MULTICAST_IPV4_ADDRESS)) | |
706 | return; | |
707 | ||
708 | if (p->family == AF_INET6 && !in_addr_equal(AF_INET6, &p->destination, (union in_addr_union*) &LLMNR_MULTICAST_IPV6_ADDRESS)) | |
709 | return; | |
710 | } | |
711 | ||
623a4c97 LP |
712 | r = dns_packet_extract(p); |
713 | if (r < 0) { | |
da927ba9 | 714 | log_debug_errno(r, "Failed to extract resources from incoming packet: %m"); |
623a4c97 LP |
715 | return; |
716 | } | |
717 | ||
8b757a38 | 718 | if (DNS_PACKET_LLMNR_C(p)) { |
a4076574 LP |
719 | /* Somebody notified us about a possible conflict */ |
720 | dns_scope_verify_conflicts(s, p); | |
ea917db9 LP |
721 | return; |
722 | } | |
723 | ||
5032b16d LP |
724 | assert(p->question->n_keys == 1); |
725 | key = p->question->keys[0]; | |
726 | ||
727 | r = dns_zone_lookup(&s->zone, key, &answer, &soa, &tentative); | |
623a4c97 | 728 | if (r < 0) { |
da927ba9 | 729 | log_debug_errno(r, "Failed to lookup key: %m"); |
623a4c97 LP |
730 | return; |
731 | } | |
732 | if (r == 0) | |
733 | return; | |
734 | ||
fcf57f9c LP |
735 | if (answer) |
736 | dns_answer_order_by_scope(answer, in_addr_is_link_local(p->family, &p->sender) > 0); | |
af93291c | 737 | |
ec2c5e43 | 738 | r = dns_scope_make_reply_packet(s, DNS_PACKET_ID(p), DNS_RCODE_SUCCESS, p->question, answer, soa, tentative, &reply); |
623a4c97 | 739 | if (r < 0) { |
da927ba9 | 740 | log_debug_errno(r, "Failed to build reply packet: %m"); |
623a4c97 LP |
741 | return; |
742 | } | |
743 | ||
744 | if (stream) | |
745 | r = dns_stream_write_packet(stream, reply); | |
746 | else { | |
aea2429d LP |
747 | if (!ratelimit_test(&s->ratelimit)) |
748 | return; | |
749 | ||
623a4c97 LP |
750 | if (p->family == AF_INET) |
751 | fd = manager_llmnr_ipv4_udp_fd(s->manager); | |
752 | else if (p->family == AF_INET6) | |
753 | fd = manager_llmnr_ipv6_udp_fd(s->manager); | |
754 | else { | |
755 | log_debug("Unknown protocol"); | |
756 | return; | |
757 | } | |
758 | if (fd < 0) { | |
da927ba9 | 759 | log_debug_errno(fd, "Failed to get reply socket: %m"); |
623a4c97 LP |
760 | return; |
761 | } | |
762 | ||
6e068472 LP |
763 | /* Note that we always immediately reply to all LLMNR |
764 | * requests, and do not wait any time, since we | |
765 | * verified uniqueness for all records. Also see RFC | |
766 | * 4795, Section 2.7 */ | |
767 | ||
623a4c97 LP |
768 | r = manager_send(s->manager, fd, p->ifindex, p->family, &p->sender, p->sender_port, reply); |
769 | } | |
770 | ||
771 | if (r < 0) { | |
da927ba9 | 772 | log_debug_errno(r, "Failed to send reply packet: %m"); |
623a4c97 LP |
773 | return; |
774 | } | |
775 | } | |
ec2c5e43 | 776 | |
f52e61da | 777 | DnsTransaction *dns_scope_find_transaction(DnsScope *scope, DnsResourceKey *key, bool cache_ok) { |
ec2c5e43 LP |
778 | DnsTransaction *t; |
779 | ||
780 | assert(scope); | |
f52e61da | 781 | assert(key); |
ec2c5e43 | 782 | |
da0c630e LP |
783 | /* Try to find an ongoing transaction that is a equal to the |
784 | * specified question */ | |
f9ebb22a | 785 | t = hashmap_get(scope->transactions_by_key, key); |
da0c630e LP |
786 | if (!t) |
787 | return NULL; | |
dc4d47e2 | 788 | |
da0c630e LP |
789 | /* Refuse reusing transactions that completed based on cached |
790 | * data instead of a real packet, if that's requested. */ | |
791 | if (!cache_ok && | |
792 | IN_SET(t->state, DNS_TRANSACTION_SUCCESS, DNS_TRANSACTION_FAILURE) && | |
c3bc53e6 | 793 | t->answer_source != DNS_TRANSACTION_NETWORK) |
da0c630e | 794 | return NULL; |
ec2c5e43 | 795 | |
da0c630e | 796 | return t; |
ec2c5e43 | 797 | } |
a4076574 LP |
798 | |
799 | static int dns_scope_make_conflict_packet( | |
800 | DnsScope *s, | |
801 | DnsResourceRecord *rr, | |
802 | DnsPacket **ret) { | |
803 | ||
804 | _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL; | |
805 | int r; | |
806 | ||
807 | assert(s); | |
808 | assert(rr); | |
809 | assert(ret); | |
810 | ||
811 | r = dns_packet_new(&p, s->protocol, 0); | |
812 | if (r < 0) | |
813 | return r; | |
814 | ||
815 | DNS_PACKET_HEADER(p)->flags = htobe16(DNS_PACKET_MAKE_FLAGS( | |
816 | 0 /* qr */, | |
817 | 0 /* opcode */, | |
818 | 1 /* conflict */, | |
819 | 0 /* tc */, | |
820 | 0 /* t */, | |
821 | 0 /* (ra) */, | |
822 | 0 /* (ad) */, | |
823 | 0 /* (cd) */, | |
824 | 0)); | |
fe2dfc8b DM |
825 | |
826 | /* For mDNS, the transaction ID should always be 0 */ | |
827 | if (s->protocol != DNS_PROTOCOL_MDNS) | |
828 | random_bytes(&DNS_PACKET_HEADER(p)->id, sizeof(uint16_t)); | |
829 | ||
a4076574 LP |
830 | DNS_PACKET_HEADER(p)->qdcount = htobe16(1); |
831 | DNS_PACKET_HEADER(p)->arcount = htobe16(1); | |
832 | ||
833 | r = dns_packet_append_key(p, rr->key, NULL); | |
834 | if (r < 0) | |
835 | return r; | |
836 | ||
a8812dd7 | 837 | r = dns_packet_append_rr(p, rr, NULL, NULL); |
a4076574 LP |
838 | if (r < 0) |
839 | return r; | |
840 | ||
841 | *ret = p; | |
842 | p = NULL; | |
843 | ||
844 | return 0; | |
845 | } | |
846 | ||
847 | static int on_conflict_dispatch(sd_event_source *es, usec_t usec, void *userdata) { | |
848 | DnsScope *scope = userdata; | |
849 | int r; | |
850 | ||
851 | assert(es); | |
852 | assert(scope); | |
853 | ||
854 | scope->conflict_event_source = sd_event_source_unref(scope->conflict_event_source); | |
855 | ||
856 | for (;;) { | |
857 | _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL; | |
858 | _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL; | |
859 | ||
1e43061b | 860 | rr = ordered_hashmap_steal_first(scope->conflict_queue); |
a4076574 LP |
861 | if (!rr) |
862 | break; | |
863 | ||
864 | r = dns_scope_make_conflict_packet(scope, rr, &p); | |
865 | if (r < 0) { | |
da927ba9 | 866 | log_error_errno(r, "Failed to make conflict packet: %m"); |
a4076574 LP |
867 | return 0; |
868 | } | |
869 | ||
9c5e12a4 | 870 | r = dns_scope_emit(scope, -1, NULL, p); |
a4076574 | 871 | if (r < 0) |
da927ba9 | 872 | log_debug_errno(r, "Failed to send conflict packet: %m"); |
a4076574 LP |
873 | } |
874 | ||
875 | return 0; | |
876 | } | |
877 | ||
878 | int dns_scope_notify_conflict(DnsScope *scope, DnsResourceRecord *rr) { | |
879 | usec_t jitter; | |
880 | int r; | |
881 | ||
882 | assert(scope); | |
883 | assert(rr); | |
884 | ||
885 | /* We don't send these queries immediately. Instead, we queue | |
886 | * them, and send them after some jitter delay. */ | |
1e43061b | 887 | r = ordered_hashmap_ensure_allocated(&scope->conflict_queue, &dns_resource_key_hash_ops); |
a4076574 LP |
888 | if (r < 0) { |
889 | log_oom(); | |
890 | return r; | |
891 | } | |
892 | ||
893 | /* We only place one RR per key in the conflict | |
894 | * messages, not all of them. That should be enough to | |
895 | * indicate where there might be a conflict */ | |
1e43061b | 896 | r = ordered_hashmap_put(scope->conflict_queue, rr->key, rr); |
a4076574 LP |
897 | if (r == -EEXIST || r == 0) |
898 | return 0; | |
f647962d MS |
899 | if (r < 0) |
900 | return log_debug_errno(r, "Failed to queue conflicting RR: %m"); | |
a4076574 LP |
901 | |
902 | dns_resource_record_ref(rr); | |
903 | ||
904 | if (scope->conflict_event_source) | |
905 | return 0; | |
906 | ||
907 | random_bytes(&jitter, sizeof(jitter)); | |
908 | jitter %= LLMNR_JITTER_INTERVAL_USEC; | |
909 | ||
910 | r = sd_event_add_time(scope->manager->event, | |
911 | &scope->conflict_event_source, | |
912 | clock_boottime_or_monotonic(), | |
913 | now(clock_boottime_or_monotonic()) + jitter, | |
914 | LLMNR_JITTER_INTERVAL_USEC, | |
915 | on_conflict_dispatch, scope); | |
f647962d MS |
916 | if (r < 0) |
917 | return log_debug_errno(r, "Failed to add conflict dispatch event: %m"); | |
a4076574 LP |
918 | |
919 | return 0; | |
920 | } | |
921 | ||
922 | void dns_scope_check_conflicts(DnsScope *scope, DnsPacket *p) { | |
923 | unsigned i; | |
924 | int r; | |
925 | ||
926 | assert(scope); | |
927 | assert(p); | |
928 | ||
929 | if (p->protocol != DNS_PROTOCOL_LLMNR) | |
930 | return; | |
931 | ||
932 | if (DNS_PACKET_RRCOUNT(p) <= 0) | |
933 | return; | |
934 | ||
8b757a38 | 935 | if (DNS_PACKET_LLMNR_C(p) != 0) |
a4076574 LP |
936 | return; |
937 | ||
8b757a38 | 938 | if (DNS_PACKET_LLMNR_T(p) != 0) |
a4076574 LP |
939 | return; |
940 | ||
941 | if (manager_our_packet(scope->manager, p)) | |
942 | return; | |
943 | ||
944 | r = dns_packet_extract(p); | |
945 | if (r < 0) { | |
da927ba9 | 946 | log_debug_errno(r, "Failed to extract packet: %m"); |
a4076574 LP |
947 | return; |
948 | } | |
949 | ||
950 | log_debug("Checking for conflicts..."); | |
951 | ||
952 | for (i = 0; i < p->answer->n_rrs; i++) { | |
953 | ||
954 | /* Check for conflicts against the local zone. If we | |
955 | * found one, we won't check any further */ | |
78c6a153 | 956 | r = dns_zone_check_conflicts(&scope->zone, p->answer->items[i].rr); |
a4076574 LP |
957 | if (r != 0) |
958 | continue; | |
959 | ||
960 | /* Check for conflicts against the local cache. If so, | |
961 | * send out an advisory query, to inform everybody */ | |
78c6a153 | 962 | r = dns_cache_check_conflicts(&scope->cache, p->answer->items[i].rr, p->family, &p->sender); |
a4076574 LP |
963 | if (r <= 0) |
964 | continue; | |
965 | ||
78c6a153 | 966 | dns_scope_notify_conflict(scope, p->answer->items[i].rr); |
a4076574 LP |
967 | } |
968 | } | |
4d506d6b LP |
969 | |
970 | void dns_scope_dump(DnsScope *s, FILE *f) { | |
971 | assert(s); | |
972 | ||
973 | if (!f) | |
974 | f = stdout; | |
975 | ||
976 | fputs("[Scope protocol=", f); | |
977 | fputs(dns_protocol_to_string(s->protocol), f); | |
978 | ||
979 | if (s->link) { | |
980 | fputs(" interface=", f); | |
981 | fputs(s->link->name, f); | |
982 | } | |
983 | ||
984 | if (s->family != AF_UNSPEC) { | |
985 | fputs(" family=", f); | |
986 | fputs(af_to_name(s->family), f); | |
987 | } | |
988 | ||
989 | fputs("]\n", f); | |
990 | ||
991 | if (!dns_zone_is_empty(&s->zone)) { | |
992 | fputs("ZONE:\n", f); | |
993 | dns_zone_dump(&s->zone, f); | |
994 | } | |
995 | ||
996 | if (!dns_cache_is_empty(&s->cache)) { | |
997 | fputs("CACHE:\n", f); | |
998 | dns_cache_dump(&s->cache, f); | |
999 | } | |
1000 | } | |
a51c1048 LP |
1001 | |
1002 | DnsSearchDomain *dns_scope_get_search_domains(DnsScope *s) { | |
801ad6a6 LP |
1003 | assert(s); |
1004 | ||
a51c1048 LP |
1005 | if (s->protocol != DNS_PROTOCOL_DNS) |
1006 | return NULL; | |
1007 | ||
1008 | if (s->link) | |
1009 | return s->link->search_domains; | |
1010 | ||
28b9b764 | 1011 | return s->manager->search_domains; |
801ad6a6 LP |
1012 | } |
1013 | ||
dc477e73 | 1014 | bool dns_scope_name_needs_search_domain(DnsScope *s, const char *name) { |
801ad6a6 LP |
1015 | assert(s); |
1016 | ||
1017 | if (s->protocol != DNS_PROTOCOL_DNS) | |
dc477e73 | 1018 | return false; |
801ad6a6 | 1019 | |
dc477e73 | 1020 | return dns_name_is_single_label(name); |
801ad6a6 | 1021 | } |