]>
Commit | Line | Data |
---|---|---|
74b2466e LP |
1 | /*** |
2 | This file is part of systemd. | |
3 | ||
4 | Copyright 2014 Lennart Poettering | |
5 | ||
6 | systemd is free software; you can redistribute it and/or modify it | |
7 | under the terms of the GNU Lesser General Public License as published by | |
8 | the Free Software Foundation; either version 2.1 of the License, or | |
9 | (at your option) any later version. | |
10 | ||
11 | systemd is distributed in the hope that it will be useful, but | |
12 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
14 | Lesser General Public License for more details. | |
15 | ||
16 | You should have received a copy of the GNU Lesser General Public License | |
17 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
18 | ***/ | |
19 | ||
20 | #include <net/if.h> | |
21 | ||
22 | #include "sd-network.h" | |
07630cea | 23 | |
b5efdb8a | 24 | #include "alloc-util.h" |
943ef07c LP |
25 | #include "fd-util.h" |
26 | #include "fileio.h" | |
ec2c5e43 | 27 | #include "missing.h" |
943ef07c | 28 | #include "mkdir.h" |
6bedfcbb | 29 | #include "parse-util.h" |
74b2466e | 30 | #include "resolved-link.h" |
c6a8f6f6 YW |
31 | #include "resolved-llmnr.h" |
32 | #include "resolved-mdns.h" | |
07630cea LP |
33 | #include "string-util.h" |
34 | #include "strv.h" | |
74b2466e LP |
35 | |
36 | int link_new(Manager *m, Link **ret, int ifindex) { | |
37 | _cleanup_(link_freep) Link *l = NULL; | |
38 | int r; | |
39 | ||
40 | assert(m); | |
41 | assert(ifindex > 0); | |
42 | ||
d5099efc | 43 | r = hashmap_ensure_allocated(&m->links, NULL); |
74b2466e LP |
44 | if (r < 0) |
45 | return r; | |
46 | ||
47 | l = new0(Link, 1); | |
48 | if (!l) | |
49 | return -ENOMEM; | |
50 | ||
51 | l->ifindex = ifindex; | |
af49ca27 | 52 | l->llmnr_support = RESOLVE_SUPPORT_YES; |
ad6c0475 LP |
53 | l->mdns_support = RESOLVE_SUPPORT_NO; |
54 | l->dnssec_mode = _DNSSEC_MODE_INVALID; | |
6955a3ba | 55 | l->operstate = IF_OPER_UNKNOWN; |
74b2466e | 56 | |
943ef07c LP |
57 | if (asprintf(&l->state_file, "/run/systemd/resolve/netif/%i", ifindex) < 0) |
58 | return -ENOMEM; | |
59 | ||
74b2466e LP |
60 | r = hashmap_put(m->links, INT_TO_PTR(ifindex), l); |
61 | if (r < 0) | |
62 | return r; | |
63 | ||
64 | l->manager = m; | |
65 | ||
66 | if (ret) | |
67 | *ret = l; | |
68 | l = NULL; | |
69 | ||
70 | return 0; | |
71 | } | |
72 | ||
97e5d693 LP |
73 | void link_flush_settings(Link *l) { |
74 | assert(l); | |
75 | ||
76 | l->llmnr_support = RESOLVE_SUPPORT_YES; | |
77 | l->mdns_support = RESOLVE_SUPPORT_NO; | |
78 | l->dnssec_mode = _DNSSEC_MODE_INVALID; | |
79 | ||
80 | dns_server_unlink_all(l->dns_servers); | |
81 | dns_search_domain_unlink_all(l->search_domains); | |
82 | ||
83 | l->dnssec_negative_trust_anchors = set_free_free(l->dnssec_negative_trust_anchors); | |
84 | } | |
85 | ||
74b2466e | 86 | Link *link_free(Link *l) { |
74b2466e LP |
87 | if (!l) |
88 | return NULL; | |
89 | ||
c3ae4188 DR |
90 | /* Send goodbye messages. */ |
91 | dns_scope_announce(l->mdns_ipv4_scope, true); | |
92 | dns_scope_announce(l->mdns_ipv6_scope, true); | |
93 | ||
97e5d693 | 94 | link_flush_settings(l); |
0eac4623 | 95 | |
74b2466e | 96 | while (l->addresses) |
97e5d693 | 97 | (void) link_address_free(l->addresses); |
74b2466e LP |
98 | |
99 | if (l->manager) | |
100 | hashmap_remove(l->manager->links, INT_TO_PTR(l->ifindex)); | |
101 | ||
102 | dns_scope_free(l->unicast_scope); | |
1716f6dc LP |
103 | dns_scope_free(l->llmnr_ipv4_scope); |
104 | dns_scope_free(l->llmnr_ipv6_scope); | |
b4f1862d DM |
105 | dns_scope_free(l->mdns_ipv4_scope); |
106 | dns_scope_free(l->mdns_ipv6_scope); | |
74b2466e | 107 | |
943ef07c LP |
108 | free(l->state_file); |
109 | ||
6b430fdb | 110 | return mfree(l); |
1716f6dc LP |
111 | } |
112 | ||
97e5d693 | 113 | void link_allocate_scopes(Link *l) { |
1716f6dc LP |
114 | int r; |
115 | ||
116 | assert(l); | |
117 | ||
dfc1091b LP |
118 | if (link_relevant(l, AF_UNSPEC, false) && |
119 | l->dns_servers) { | |
1716f6dc LP |
120 | if (!l->unicast_scope) { |
121 | r = dns_scope_new(l->manager, &l->unicast_scope, l, DNS_PROTOCOL_DNS, AF_UNSPEC); | |
122 | if (r < 0) | |
da927ba9 | 123 | log_warning_errno(r, "Failed to allocate DNS scope: %m"); |
1716f6dc LP |
124 | } |
125 | } else | |
126 | l->unicast_scope = dns_scope_free(l->unicast_scope); | |
127 | ||
dfc1091b | 128 | if (link_relevant(l, AF_INET, true) && |
af49ca27 LP |
129 | l->llmnr_support != RESOLVE_SUPPORT_NO && |
130 | l->manager->llmnr_support != RESOLVE_SUPPORT_NO) { | |
1716f6dc LP |
131 | if (!l->llmnr_ipv4_scope) { |
132 | r = dns_scope_new(l->manager, &l->llmnr_ipv4_scope, l, DNS_PROTOCOL_LLMNR, AF_INET); | |
133 | if (r < 0) | |
da927ba9 | 134 | log_warning_errno(r, "Failed to allocate LLMNR IPv4 scope: %m"); |
1716f6dc LP |
135 | } |
136 | } else | |
137 | l->llmnr_ipv4_scope = dns_scope_free(l->llmnr_ipv4_scope); | |
138 | ||
dfc1091b | 139 | if (link_relevant(l, AF_INET6, true) && |
af49ca27 LP |
140 | l->llmnr_support != RESOLVE_SUPPORT_NO && |
141 | l->manager->llmnr_support != RESOLVE_SUPPORT_NO && | |
db97a66a | 142 | socket_ipv6_is_supported()) { |
1716f6dc LP |
143 | if (!l->llmnr_ipv6_scope) { |
144 | r = dns_scope_new(l->manager, &l->llmnr_ipv6_scope, l, DNS_PROTOCOL_LLMNR, AF_INET6); | |
145 | if (r < 0) | |
da927ba9 | 146 | log_warning_errno(r, "Failed to allocate LLMNR IPv6 scope: %m"); |
1716f6dc LP |
147 | } |
148 | } else | |
149 | l->llmnr_ipv6_scope = dns_scope_free(l->llmnr_ipv6_scope); | |
b4f1862d | 150 | |
dfc1091b | 151 | if (link_relevant(l, AF_INET, true) && |
af49ca27 LP |
152 | l->mdns_support != RESOLVE_SUPPORT_NO && |
153 | l->manager->mdns_support != RESOLVE_SUPPORT_NO) { | |
b4f1862d DM |
154 | if (!l->mdns_ipv4_scope) { |
155 | r = dns_scope_new(l->manager, &l->mdns_ipv4_scope, l, DNS_PROTOCOL_MDNS, AF_INET); | |
156 | if (r < 0) | |
157 | log_warning_errno(r, "Failed to allocate mDNS IPv4 scope: %m"); | |
158 | } | |
159 | } else | |
160 | l->mdns_ipv4_scope = dns_scope_free(l->mdns_ipv4_scope); | |
161 | ||
dfc1091b | 162 | if (link_relevant(l, AF_INET6, true) && |
af49ca27 LP |
163 | l->mdns_support != RESOLVE_SUPPORT_NO && |
164 | l->manager->mdns_support != RESOLVE_SUPPORT_NO) { | |
b4f1862d DM |
165 | if (!l->mdns_ipv6_scope) { |
166 | r = dns_scope_new(l->manager, &l->mdns_ipv6_scope, l, DNS_PROTOCOL_MDNS, AF_INET6); | |
167 | if (r < 0) | |
168 | log_warning_errno(r, "Failed to allocate mDNS IPv6 scope: %m"); | |
169 | } | |
170 | } else | |
171 | l->mdns_ipv6_scope = dns_scope_free(l->mdns_ipv6_scope); | |
1716f6dc | 172 | } |
74b2466e | 173 | |
ec2c5e43 | 174 | void link_add_rrs(Link *l, bool force_remove) { |
623a4c97 LP |
175 | LinkAddress *a; |
176 | ||
177 | LIST_FOREACH(addresses, a, l->addresses) | |
ec2c5e43 | 178 | link_address_add_rrs(a, force_remove); |
623a4c97 LP |
179 | } |
180 | ||
943ef07c | 181 | int link_process_rtnl(Link *l, sd_netlink_message *m) { |
1716f6dc | 182 | const char *n = NULL; |
74b2466e LP |
183 | int r; |
184 | ||
185 | assert(l); | |
186 | assert(m); | |
187 | ||
188 | r = sd_rtnl_message_link_get_flags(m, &l->flags); | |
189 | if (r < 0) | |
190 | return r; | |
191 | ||
6955a3ba LP |
192 | (void) sd_netlink_message_read_u32(m, IFLA_MTU, &l->mtu); |
193 | (void) sd_netlink_message_read_u8(m, IFLA_OPERSTATE, &l->operstate); | |
1716f6dc | 194 | |
1c4baffc | 195 | if (sd_netlink_message_read_string(m, IFLA_IFNAME, &n) >= 0) { |
cc7844e7 | 196 | strncpy(l->name, n, sizeof(l->name)-1); |
1716f6dc LP |
197 | char_array_0(l->name); |
198 | } | |
199 | ||
200 | link_allocate_scopes(l); | |
ec2c5e43 | 201 | link_add_rrs(l, false); |
623a4c97 | 202 | |
74b2466e LP |
203 | return 0; |
204 | } | |
205 | ||
55e99f20 LP |
206 | static int link_update_dns_server_one(Link *l, const char *name) { |
207 | union in_addr_union a; | |
208 | DnsServer *s; | |
209 | int family, r; | |
210 | ||
211 | assert(l); | |
212 | assert(name); | |
213 | ||
214 | r = in_addr_from_string_auto(name, &family, &a); | |
215 | if (r < 0) | |
216 | return r; | |
217 | ||
218 | s = dns_server_find(l->dns_servers, family, &a, 0); | |
219 | if (s) { | |
220 | dns_server_move_back_and_unmark(s); | |
221 | return 0; | |
222 | } | |
223 | ||
224 | return dns_server_new(l->manager, NULL, DNS_SERVER_LINK, l, family, &a, 0); | |
225 | } | |
226 | ||
6073b6f2 | 227 | static int link_update_dns_servers(Link *l) { |
6f4dedb2 TG |
228 | _cleanup_strv_free_ char **nameservers = NULL; |
229 | char **nameserver; | |
6f4dedb2 | 230 | int r; |
74b2466e LP |
231 | |
232 | assert(l); | |
233 | ||
d6731e4c | 234 | r = sd_network_link_get_dns(l->ifindex, &nameservers); |
1ade96e9 LP |
235 | if (r == -ENODATA) { |
236 | r = 0; | |
237 | goto clear; | |
238 | } | |
6f4dedb2 | 239 | if (r < 0) |
74b2466e | 240 | goto clear; |
74b2466e | 241 | |
4b95f179 | 242 | dns_server_mark_all(l->dns_servers); |
5cb36f41 | 243 | |
6f4dedb2 | 244 | STRV_FOREACH(nameserver, nameservers) { |
55e99f20 | 245 | r = link_update_dns_server_one(l, *nameserver); |
6f4dedb2 TG |
246 | if (r < 0) |
247 | goto clear; | |
74b2466e LP |
248 | } |
249 | ||
4b95f179 | 250 | dns_server_unlink_marked(l->dns_servers); |
74b2466e LP |
251 | return 0; |
252 | ||
253 | clear: | |
4b95f179 | 254 | dns_server_unlink_all(l->dns_servers); |
74b2466e LP |
255 | return r; |
256 | } | |
257 | ||
19b50b5b LP |
258 | static int link_update_llmnr_support(Link *l) { |
259 | _cleanup_free_ char *b = NULL; | |
260 | int r; | |
261 | ||
262 | assert(l); | |
263 | ||
d6731e4c | 264 | r = sd_network_link_get_llmnr(l->ifindex, &b); |
1ade96e9 LP |
265 | if (r == -ENODATA) { |
266 | r = 0; | |
267 | goto clear; | |
268 | } | |
19b50b5b LP |
269 | if (r < 0) |
270 | goto clear; | |
271 | ||
af49ca27 LP |
272 | l->llmnr_support = resolve_support_from_string(b); |
273 | if (l->llmnr_support < 0) { | |
274 | r = -EINVAL; | |
275 | goto clear; | |
276 | } | |
19b50b5b LP |
277 | |
278 | return 0; | |
279 | ||
280 | clear: | |
af49ca27 | 281 | l->llmnr_support = RESOLVE_SUPPORT_YES; |
19b50b5b LP |
282 | return r; |
283 | } | |
284 | ||
aaa297d4 LP |
285 | static int link_update_mdns_support(Link *l) { |
286 | _cleanup_free_ char *b = NULL; | |
287 | int r; | |
288 | ||
289 | assert(l); | |
290 | ||
291 | r = sd_network_link_get_mdns(l->ifindex, &b); | |
292 | if (r == -ENODATA) { | |
293 | r = 0; | |
294 | goto clear; | |
295 | } | |
296 | if (r < 0) | |
297 | goto clear; | |
298 | ||
299 | l->mdns_support = resolve_support_from_string(b); | |
300 | if (l->mdns_support < 0) { | |
301 | r = -EINVAL; | |
302 | goto clear; | |
303 | } | |
304 | ||
305 | return 0; | |
306 | ||
307 | clear: | |
308 | l->mdns_support = RESOLVE_SUPPORT_NO; | |
309 | return r; | |
310 | } | |
311 | ||
97e5d693 LP |
312 | void link_set_dnssec_mode(Link *l, DnssecMode mode) { |
313 | ||
314 | assert(l); | |
315 | ||
349cc4a5 | 316 | #if ! HAVE_GCRYPT |
3742095b | 317 | if (IN_SET(mode, DNSSEC_YES, DNSSEC_ALLOW_DOWNGRADE)) |
42303dcb YW |
318 | log_warning("DNSSEC option for the link cannot be enabled or set to allow-downgrade when systemd-resolved is built without gcrypt support. Turning off DNSSEC support."); |
319 | return; | |
320 | #endif | |
321 | ||
97e5d693 LP |
322 | if (l->dnssec_mode == mode) |
323 | return; | |
324 | ||
325 | if ((l->dnssec_mode == _DNSSEC_MODE_INVALID) || | |
326 | (l->dnssec_mode == DNSSEC_NO && mode != DNSSEC_NO) || | |
327 | (l->dnssec_mode == DNSSEC_ALLOW_DOWNGRADE && mode == DNSSEC_YES)) { | |
328 | ||
329 | /* When switching from non-DNSSEC mode to DNSSEC mode, flush the cache. Also when switching from the | |
330 | * allow-downgrade mode to full DNSSEC mode, flush it too. */ | |
331 | if (l->unicast_scope) | |
332 | dns_cache_flush(&l->unicast_scope->cache); | |
333 | } | |
334 | ||
335 | l->dnssec_mode = mode; | |
336 | } | |
337 | ||
ad6c0475 LP |
338 | static int link_update_dnssec_mode(Link *l) { |
339 | _cleanup_free_ char *m = NULL; | |
2e1bab34 | 340 | DnssecMode mode; |
ad6c0475 LP |
341 | int r; |
342 | ||
343 | assert(l); | |
344 | ||
345 | r = sd_network_link_get_dnssec(l->ifindex, &m); | |
346 | if (r == -ENODATA) { | |
347 | r = 0; | |
348 | goto clear; | |
349 | } | |
350 | if (r < 0) | |
351 | goto clear; | |
352 | ||
2e1bab34 LP |
353 | mode = dnssec_mode_from_string(m); |
354 | if (mode < 0) { | |
ad6c0475 LP |
355 | r = -EINVAL; |
356 | goto clear; | |
357 | } | |
358 | ||
97e5d693 | 359 | link_set_dnssec_mode(l, mode); |
2e1bab34 | 360 | |
ad6c0475 LP |
361 | return 0; |
362 | ||
363 | clear: | |
364 | l->dnssec_mode = _DNSSEC_MODE_INVALID; | |
365 | return r; | |
366 | } | |
367 | ||
8a516214 LP |
368 | static int link_update_dnssec_negative_trust_anchors(Link *l) { |
369 | _cleanup_strv_free_ char **ntas = NULL; | |
370 | _cleanup_set_free_free_ Set *ns = NULL; | |
8a516214 LP |
371 | int r; |
372 | ||
373 | assert(l); | |
374 | ||
375 | r = sd_network_link_get_dnssec_negative_trust_anchors(l->ifindex, &ntas); | |
376 | if (r == -ENODATA) { | |
377 | r = 0; | |
378 | goto clear; | |
379 | } | |
380 | if (r < 0) | |
381 | goto clear; | |
382 | ||
383 | ns = set_new(&dns_name_hash_ops); | |
384 | if (!ns) | |
385 | return -ENOMEM; | |
386 | ||
39f259e0 LP |
387 | r = set_put_strdupv(ns, ntas); |
388 | if (r < 0) | |
389 | return r; | |
8a516214 LP |
390 | |
391 | set_free_free(l->dnssec_negative_trust_anchors); | |
392 | l->dnssec_negative_trust_anchors = ns; | |
393 | ns = NULL; | |
394 | ||
395 | return 0; | |
396 | ||
397 | clear: | |
398 | l->dnssec_negative_trust_anchors = set_free_free(l->dnssec_negative_trust_anchors); | |
399 | return r; | |
400 | } | |
401 | ||
ad44b56b LP |
402 | static int link_update_search_domain_one(Link *l, const char *name, bool route_only) { |
403 | DnsSearchDomain *d; | |
404 | int r; | |
405 | ||
39f259e0 LP |
406 | assert(l); |
407 | assert(name); | |
408 | ||
ad44b56b LP |
409 | r = dns_search_domain_find(l->search_domains, name, &d); |
410 | if (r < 0) | |
411 | return r; | |
412 | if (r > 0) | |
413 | dns_search_domain_move_back_and_unmark(d); | |
414 | else { | |
415 | r = dns_search_domain_new(l->manager, &d, DNS_SEARCH_DOMAIN_LINK, l, name); | |
416 | if (r < 0) | |
417 | return r; | |
418 | } | |
419 | ||
420 | d->route_only = route_only; | |
421 | return 0; | |
422 | } | |
423 | ||
a51c1048 | 424 | static int link_update_search_domains(Link *l) { |
ad44b56b | 425 | _cleanup_strv_free_ char **sdomains = NULL, **rdomains = NULL; |
a51c1048 | 426 | char **i; |
ad44b56b | 427 | int r, q; |
bda2c408 | 428 | |
a51c1048 | 429 | assert(l); |
bda2c408 | 430 | |
ad44b56b LP |
431 | r = sd_network_link_get_search_domains(l->ifindex, &sdomains); |
432 | if (r < 0 && r != -ENODATA) | |
433 | goto clear; | |
434 | ||
435 | q = sd_network_link_get_route_domains(l->ifindex, &rdomains); | |
436 | if (q < 0 && q != -ENODATA) { | |
437 | r = q; | |
438 | goto clear; | |
439 | } | |
440 | ||
441 | if (r == -ENODATA && q == -ENODATA) { | |
1ade96e9 LP |
442 | /* networkd knows nothing about this interface, and that's fine. */ |
443 | r = 0; | |
444 | goto clear; | |
445 | } | |
a51c1048 LP |
446 | |
447 | dns_search_domain_mark_all(l->search_domains); | |
448 | ||
ad44b56b LP |
449 | STRV_FOREACH(i, sdomains) { |
450 | r = link_update_search_domain_one(l, *i, false); | |
a51c1048 LP |
451 | if (r < 0) |
452 | goto clear; | |
ad44b56b | 453 | } |
a51c1048 | 454 | |
ad44b56b LP |
455 | STRV_FOREACH(i, rdomains) { |
456 | r = link_update_search_domain_one(l, *i, true); | |
457 | if (r < 0) | |
458 | goto clear; | |
a51c1048 LP |
459 | } |
460 | ||
461 | dns_search_domain_unlink_marked(l->search_domains); | |
bda2c408 | 462 | return 0; |
a51c1048 LP |
463 | |
464 | clear: | |
465 | dns_search_domain_unlink_all(l->search_domains); | |
466 | return r; | |
bda2c408 TG |
467 | } |
468 | ||
b6274a0e | 469 | static int link_is_managed(Link *l) { |
97e5d693 | 470 | _cleanup_free_ char *state = NULL; |
a51c1048 LP |
471 | int r; |
472 | ||
74b2466e LP |
473 | assert(l); |
474 | ||
97e5d693 LP |
475 | r = sd_network_link_get_setup_state(l->ifindex, &state); |
476 | if (r == -ENODATA) | |
b6274a0e | 477 | return 0; |
97e5d693 LP |
478 | if (r < 0) |
479 | return r; | |
480 | ||
b6274a0e | 481 | return !STR_IN_SET(state, "pending", "unmanaged"); |
97e5d693 LP |
482 | } |
483 | ||
484 | static void link_read_settings(Link *l) { | |
485 | int r; | |
486 | ||
487 | assert(l); | |
488 | ||
489 | /* Read settings from networkd, except when networkd is not managing this interface. */ | |
490 | ||
b6274a0e | 491 | r = link_is_managed(l); |
97e5d693 LP |
492 | if (r < 0) { |
493 | log_warning_errno(r, "Failed to determine whether interface %s is managed: %m", l->name); | |
494 | return; | |
495 | } | |
b6274a0e | 496 | if (r == 0) { |
97e5d693 | 497 | |
ccddd104 | 498 | /* If this link used to be managed, but is now unmanaged, flush all our settings — but only once. */ |
97e5d693 LP |
499 | if (l->is_managed) |
500 | link_flush_settings(l); | |
501 | ||
502 | l->is_managed = false; | |
503 | return; | |
504 | } | |
505 | ||
506 | l->is_managed = true; | |
507 | ||
125ae29d LP |
508 | r = link_update_dns_servers(l); |
509 | if (r < 0) | |
510 | log_warning_errno(r, "Failed to read DNS servers for interface %s, ignoring: %m", l->name); | |
511 | ||
512 | r = link_update_llmnr_support(l); | |
513 | if (r < 0) | |
514 | log_warning_errno(r, "Failed to read LLMNR support for interface %s, ignoring: %m", l->name); | |
515 | ||
516 | r = link_update_mdns_support(l); | |
517 | if (r < 0) | |
518 | log_warning_errno(r, "Failed to read mDNS support for interface %s, ignoring: %m", l->name); | |
519 | ||
ad6c0475 LP |
520 | r = link_update_dnssec_mode(l); |
521 | if (r < 0) | |
522 | log_warning_errno(r, "Failed to read DNSSEC mode for interface %s, ignoring: %m", l->name); | |
a51c1048 | 523 | |
8a516214 LP |
524 | r = link_update_dnssec_negative_trust_anchors(l); |
525 | if (r < 0) | |
526 | log_warning_errno(r, "Failed to read DNSSEC negative trust anchors for interface %s, ignoring: %m", l->name); | |
527 | ||
a51c1048 LP |
528 | r = link_update_search_domains(l); |
529 | if (r < 0) | |
530 | log_warning_errno(r, "Failed to read search domains for interface %s, ignoring: %m", l->name); | |
97e5d693 LP |
531 | } |
532 | ||
943ef07c | 533 | int link_update(Link *l) { |
c6a8f6f6 YW |
534 | int r; |
535 | ||
97e5d693 | 536 | assert(l); |
a51c1048 | 537 | |
97e5d693 | 538 | link_read_settings(l); |
943ef07c | 539 | link_load_user(l); |
c6a8f6f6 YW |
540 | |
541 | if (l->llmnr_support != RESOLVE_SUPPORT_NO) { | |
542 | r = manager_llmnr_start(l->manager); | |
543 | if (r < 0) | |
544 | return r; | |
545 | } | |
546 | ||
547 | if (l->mdns_support != RESOLVE_SUPPORT_NO) { | |
548 | r = manager_mdns_start(l->manager); | |
549 | if (r < 0) | |
550 | return r; | |
551 | } | |
552 | ||
ad6c0475 | 553 | link_allocate_scopes(l); |
ec2c5e43 | 554 | link_add_rrs(l, false); |
74b2466e LP |
555 | |
556 | return 0; | |
557 | } | |
558 | ||
011696f7 | 559 | bool link_relevant(Link *l, int family, bool local_multicast) { |
1716f6dc | 560 | _cleanup_free_ char *state = NULL; |
74b2466e LP |
561 | LinkAddress *a; |
562 | ||
563 | assert(l); | |
564 | ||
c1edab7a | 565 | /* A link is relevant for local multicast traffic if it isn't a loopback device, has a link |
011696f7 LP |
566 | * beat, can do multicast and has at least one link-local (or better) IP address. |
567 | * | |
568 | * A link is relevant for non-multicast traffic if it isn't a loopback device, has a link beat, and has at | |
13e785f7 | 569 | * least one routable address. */ |
ec2c5e43 | 570 | |
dfc1091b | 571 | if (l->flags & (IFF_LOOPBACK|IFF_DORMANT)) |
ec2c5e43 | 572 | return false; |
74b2466e | 573 | |
dfc1091b | 574 | if ((l->flags & (IFF_UP|IFF_LOWER_UP)) != (IFF_UP|IFF_LOWER_UP)) |
74b2466e LP |
575 | return false; |
576 | ||
011696f7 | 577 | if (local_multicast) { |
dfc1091b LP |
578 | if ((l->flags & IFF_MULTICAST) != IFF_MULTICAST) |
579 | return false; | |
580 | } | |
581 | ||
6955a3ba LP |
582 | /* Check kernel operstate |
583 | * https://www.kernel.org/doc/Documentation/networking/operstates.txt */ | |
584 | if (!IN_SET(l->operstate, IF_OPER_UNKNOWN, IF_OPER_UP)) | |
585 | return false; | |
586 | ||
587 | (void) sd_network_link_get_operational_state(l->ifindex, &state); | |
1716f6dc | 588 | if (state && !STR_IN_SET(state, "unknown", "degraded", "routable")) |
74b2466e LP |
589 | return false; |
590 | ||
591 | LIST_FOREACH(addresses, a, l->addresses) | |
011696f7 | 592 | if ((family == AF_UNSPEC || a->family == family) && link_address_relevant(a, local_multicast)) |
74b2466e LP |
593 | return true; |
594 | ||
595 | return false; | |
596 | } | |
597 | ||
623a4c97 | 598 | LinkAddress *link_find_address(Link *l, int family, const union in_addr_union *in_addr) { |
74b2466e LP |
599 | LinkAddress *a; |
600 | ||
601 | assert(l); | |
602 | ||
1716f6dc LP |
603 | LIST_FOREACH(addresses, a, l->addresses) |
604 | if (a->family == family && in_addr_equal(family, &a->in_addr, in_addr)) | |
74b2466e | 605 | return a; |
74b2466e LP |
606 | |
607 | return NULL; | |
608 | } | |
609 | ||
2c27fbca | 610 | DnsServer* link_set_dns_server(Link *l, DnsServer *s) { |
4e945a6f LP |
611 | assert(l); |
612 | ||
613 | if (l->current_dns_server == s) | |
614 | return s; | |
615 | ||
6cb08a89 | 616 | if (s) |
db8e1324 | 617 | log_debug("Switching to DNS server %s for interface %s.", dns_server_string(s), l->name); |
4e945a6f | 618 | |
0eac4623 LP |
619 | dns_server_unref(l->current_dns_server); |
620 | l->current_dns_server = dns_server_ref(s); | |
2c27fbca LP |
621 | |
622 | if (l->unicast_scope) | |
623 | dns_cache_flush(&l->unicast_scope->cache); | |
624 | ||
4e945a6f LP |
625 | return s; |
626 | } | |
627 | ||
74b2466e LP |
628 | DnsServer *link_get_dns_server(Link *l) { |
629 | assert(l); | |
630 | ||
631 | if (!l->current_dns_server) | |
4e945a6f | 632 | link_set_dns_server(l, l->dns_servers); |
74b2466e LP |
633 | |
634 | return l->current_dns_server; | |
635 | } | |
636 | ||
637 | void link_next_dns_server(Link *l) { | |
638 | assert(l); | |
639 | ||
74b2466e LP |
640 | if (!l->current_dns_server) |
641 | return; | |
642 | ||
0eac4623 LP |
643 | /* Change to the next one, but make sure to follow the linked |
644 | * list only if this server is actually still linked. */ | |
645 | if (l->current_dns_server->linked && l->current_dns_server->servers_next) { | |
4e945a6f | 646 | link_set_dns_server(l, l->current_dns_server->servers_next); |
74b2466e LP |
647 | return; |
648 | } | |
649 | ||
4e945a6f | 650 | link_set_dns_server(l, l->dns_servers); |
74b2466e LP |
651 | } |
652 | ||
c69fa7e3 LP |
653 | DnssecMode link_get_dnssec_mode(Link *l) { |
654 | assert(l); | |
655 | ||
656 | if (l->dnssec_mode != _DNSSEC_MODE_INVALID) | |
657 | return l->dnssec_mode; | |
658 | ||
659 | return manager_get_dnssec_mode(l->manager); | |
660 | } | |
661 | ||
662 | bool link_dnssec_supported(Link *l) { | |
663 | DnsServer *server; | |
664 | ||
665 | assert(l); | |
666 | ||
667 | if (link_get_dnssec_mode(l) == DNSSEC_NO) | |
668 | return false; | |
669 | ||
670 | server = link_get_dns_server(l); | |
671 | if (server) | |
672 | return dns_server_dnssec_supported(server); | |
673 | ||
674 | return true; | |
675 | } | |
676 | ||
623a4c97 | 677 | int link_address_new(Link *l, LinkAddress **ret, int family, const union in_addr_union *in_addr) { |
74b2466e LP |
678 | LinkAddress *a; |
679 | ||
680 | assert(l); | |
681 | assert(in_addr); | |
682 | ||
683 | a = new0(LinkAddress, 1); | |
684 | if (!a) | |
685 | return -ENOMEM; | |
686 | ||
687 | a->family = family; | |
688 | a->in_addr = *in_addr; | |
689 | ||
690 | a->link = l; | |
691 | LIST_PREPEND(addresses, l->addresses, a); | |
bceaa99d | 692 | l->n_addresses++; |
74b2466e LP |
693 | |
694 | if (ret) | |
695 | *ret = a; | |
696 | ||
697 | return 0; | |
698 | } | |
699 | ||
700 | LinkAddress *link_address_free(LinkAddress *a) { | |
701 | if (!a) | |
702 | return NULL; | |
703 | ||
623a4c97 | 704 | if (a->link) { |
74b2466e LP |
705 | LIST_REMOVE(addresses, a->link->addresses, a); |
706 | ||
bceaa99d LP |
707 | assert(a->link->n_addresses > 0); |
708 | a->link->n_addresses--; | |
709 | ||
623a4c97 | 710 | if (a->llmnr_address_rr) { |
623a4c97 LP |
711 | if (a->family == AF_INET && a->link->llmnr_ipv4_scope) |
712 | dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_address_rr); | |
713 | else if (a->family == AF_INET6 && a->link->llmnr_ipv6_scope) | |
714 | dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_address_rr); | |
623a4c97 LP |
715 | } |
716 | ||
717 | if (a->llmnr_ptr_rr) { | |
718 | if (a->family == AF_INET && a->link->llmnr_ipv4_scope) | |
719 | dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_ptr_rr); | |
720 | else if (a->family == AF_INET6 && a->link->llmnr_ipv6_scope) | |
721 | dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_ptr_rr); | |
623a4c97 | 722 | } |
400cb36e DR |
723 | |
724 | if (a->mdns_address_rr) { | |
725 | if (a->family == AF_INET && a->link->mdns_ipv4_scope) | |
726 | dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_address_rr); | |
727 | else if (a->family == AF_INET6 && a->link->mdns_ipv6_scope) | |
728 | dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_address_rr); | |
729 | } | |
730 | ||
731 | if (a->mdns_ptr_rr) { | |
732 | if (a->family == AF_INET && a->link->mdns_ipv4_scope) | |
733 | dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_ptr_rr); | |
734 | else if (a->family == AF_INET6 && a->link->mdns_ipv6_scope) | |
735 | dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_ptr_rr); | |
736 | } | |
623a4c97 LP |
737 | } |
738 | ||
ec2c5e43 LP |
739 | dns_resource_record_unref(a->llmnr_address_rr); |
740 | dns_resource_record_unref(a->llmnr_ptr_rr); | |
400cb36e DR |
741 | dns_resource_record_unref(a->mdns_address_rr); |
742 | dns_resource_record_unref(a->mdns_ptr_rr); | |
ec2c5e43 | 743 | |
6b430fdb | 744 | return mfree(a); |
74b2466e LP |
745 | } |
746 | ||
ec2c5e43 | 747 | void link_address_add_rrs(LinkAddress *a, bool force_remove) { |
623a4c97 LP |
748 | int r; |
749 | ||
750 | assert(a); | |
751 | ||
ec2c5e43 | 752 | if (a->family == AF_INET) { |
623a4c97 | 753 | |
4e945a6f | 754 | if (!force_remove && |
011696f7 | 755 | link_address_relevant(a, true) && |
4e945a6f | 756 | a->link->llmnr_ipv4_scope && |
af49ca27 LP |
757 | a->link->llmnr_support == RESOLVE_SUPPORT_YES && |
758 | a->link->manager->llmnr_support == RESOLVE_SUPPORT_YES) { | |
4e945a6f | 759 | |
78c6a153 LP |
760 | if (!a->link->manager->llmnr_host_ipv4_key) { |
761 | a->link->manager->llmnr_host_ipv4_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_A, a->link->manager->llmnr_hostname); | |
762 | if (!a->link->manager->llmnr_host_ipv4_key) { | |
ec2c5e43 LP |
763 | r = -ENOMEM; |
764 | goto fail; | |
765 | } | |
623a4c97 | 766 | } |
623a4c97 | 767 | |
623a4c97 | 768 | if (!a->llmnr_address_rr) { |
78c6a153 | 769 | a->llmnr_address_rr = dns_resource_record_new(a->link->manager->llmnr_host_ipv4_key); |
ec2c5e43 LP |
770 | if (!a->llmnr_address_rr) { |
771 | r = -ENOMEM; | |
772 | goto fail; | |
773 | } | |
774 | ||
775 | a->llmnr_address_rr->a.in_addr = a->in_addr.in; | |
776 | a->llmnr_address_rr->ttl = LLMNR_DEFAULT_TTL; | |
623a4c97 LP |
777 | } |
778 | ||
ec2c5e43 | 779 | if (!a->llmnr_ptr_rr) { |
78c6a153 | 780 | r = dns_resource_record_new_reverse(&a->llmnr_ptr_rr, a->family, &a->in_addr, a->link->manager->llmnr_hostname); |
ec2c5e43 LP |
781 | if (r < 0) |
782 | goto fail; | |
623a4c97 | 783 | |
ec2c5e43 LP |
784 | a->llmnr_ptr_rr->ttl = LLMNR_DEFAULT_TTL; |
785 | } | |
623a4c97 | 786 | |
ec2c5e43 | 787 | r = dns_zone_put(&a->link->llmnr_ipv4_scope->zone, a->link->llmnr_ipv4_scope, a->llmnr_address_rr, true); |
623a4c97 | 788 | if (r < 0) |
da927ba9 | 789 | log_warning_errno(r, "Failed to add A record to LLMNR zone: %m"); |
623a4c97 | 790 | |
ec2c5e43 | 791 | r = dns_zone_put(&a->link->llmnr_ipv4_scope->zone, a->link->llmnr_ipv4_scope, a->llmnr_ptr_rr, false); |
623a4c97 | 792 | if (r < 0) |
e372a138 | 793 | log_warning_errno(r, "Failed to add IPv4 PTR record to LLMNR zone: %m"); |
623a4c97 | 794 | } else { |
ec2c5e43 LP |
795 | if (a->llmnr_address_rr) { |
796 | if (a->link->llmnr_ipv4_scope) | |
797 | dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_address_rr); | |
798 | a->llmnr_address_rr = dns_resource_record_unref(a->llmnr_address_rr); | |
799 | } | |
800 | ||
801 | if (a->llmnr_ptr_rr) { | |
802 | if (a->link->llmnr_ipv4_scope) | |
803 | dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_ptr_rr); | |
804 | a->llmnr_ptr_rr = dns_resource_record_unref(a->llmnr_ptr_rr); | |
805 | } | |
623a4c97 | 806 | } |
400cb36e DR |
807 | |
808 | if (!force_remove && | |
809 | link_address_relevant(a, true) && | |
810 | a->link->mdns_ipv4_scope && | |
811 | a->link->mdns_support == RESOLVE_SUPPORT_YES && | |
812 | a->link->manager->mdns_support == RESOLVE_SUPPORT_YES) { | |
813 | if (!a->link->manager->mdns_host_ipv4_key) { | |
814 | a->link->manager->mdns_host_ipv4_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_A, a->link->manager->mdns_hostname); | |
815 | if (!a->link->manager->mdns_host_ipv4_key) { | |
816 | r = -ENOMEM; | |
817 | goto fail; | |
818 | } | |
819 | } | |
820 | ||
821 | if (!a->mdns_address_rr) { | |
822 | a->mdns_address_rr = dns_resource_record_new(a->link->manager->mdns_host_ipv4_key); | |
823 | if (!a->mdns_address_rr) { | |
824 | r = -ENOMEM; | |
825 | goto fail; | |
826 | } | |
827 | ||
828 | a->mdns_address_rr->a.in_addr = a->in_addr.in; | |
829 | a->mdns_address_rr->ttl = MDNS_DEFAULT_TTL; | |
830 | } | |
831 | ||
832 | if (!a->mdns_ptr_rr) { | |
833 | r = dns_resource_record_new_reverse(&a->mdns_ptr_rr, a->family, &a->in_addr, a->link->manager->mdns_hostname); | |
834 | if (r < 0) | |
835 | goto fail; | |
836 | ||
837 | a->mdns_ptr_rr->ttl = MDNS_DEFAULT_TTL; | |
838 | } | |
839 | ||
840 | r = dns_zone_put(&a->link->mdns_ipv4_scope->zone, a->link->mdns_ipv4_scope, a->mdns_address_rr, true); | |
841 | if (r < 0) | |
842 | log_warning_errno(r, "Failed to add A record to MDNS zone: %m"); | |
843 | ||
844 | r = dns_zone_put(&a->link->mdns_ipv4_scope->zone, a->link->mdns_ipv4_scope, a->mdns_ptr_rr, false); | |
845 | if (r < 0) | |
846 | log_warning_errno(r, "Failed to add IPv4 PTR record to MDNS zone: %m"); | |
847 | } else { | |
848 | if (a->mdns_address_rr) { | |
849 | if (a->link->mdns_ipv4_scope) | |
850 | dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_address_rr); | |
851 | a->mdns_address_rr = dns_resource_record_unref(a->mdns_address_rr); | |
852 | } | |
853 | ||
854 | if (a->mdns_ptr_rr) { | |
855 | if (a->link->mdns_ipv4_scope) | |
856 | dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_ptr_rr); | |
857 | a->mdns_ptr_rr = dns_resource_record_unref(a->mdns_ptr_rr); | |
858 | } | |
859 | } | |
623a4c97 LP |
860 | } |
861 | ||
ec2c5e43 | 862 | if (a->family == AF_INET6) { |
623a4c97 | 863 | |
4e945a6f | 864 | if (!force_remove && |
011696f7 | 865 | link_address_relevant(a, true) && |
4e945a6f | 866 | a->link->llmnr_ipv6_scope && |
af49ca27 LP |
867 | a->link->llmnr_support == RESOLVE_SUPPORT_YES && |
868 | a->link->manager->llmnr_support == RESOLVE_SUPPORT_YES) { | |
4e945a6f | 869 | |
78c6a153 LP |
870 | if (!a->link->manager->llmnr_host_ipv6_key) { |
871 | a->link->manager->llmnr_host_ipv6_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_AAAA, a->link->manager->llmnr_hostname); | |
872 | if (!a->link->manager->llmnr_host_ipv6_key) { | |
ec2c5e43 LP |
873 | r = -ENOMEM; |
874 | goto fail; | |
875 | } | |
623a4c97 | 876 | } |
623a4c97 | 877 | |
623a4c97 | 878 | if (!a->llmnr_address_rr) { |
78c6a153 | 879 | a->llmnr_address_rr = dns_resource_record_new(a->link->manager->llmnr_host_ipv6_key); |
ec2c5e43 LP |
880 | if (!a->llmnr_address_rr) { |
881 | r = -ENOMEM; | |
882 | goto fail; | |
883 | } | |
884 | ||
885 | a->llmnr_address_rr->aaaa.in6_addr = a->in_addr.in6; | |
886 | a->llmnr_address_rr->ttl = LLMNR_DEFAULT_TTL; | |
623a4c97 LP |
887 | } |
888 | ||
ec2c5e43 | 889 | if (!a->llmnr_ptr_rr) { |
78c6a153 | 890 | r = dns_resource_record_new_reverse(&a->llmnr_ptr_rr, a->family, &a->in_addr, a->link->manager->llmnr_hostname); |
ec2c5e43 LP |
891 | if (r < 0) |
892 | goto fail; | |
623a4c97 | 893 | |
ec2c5e43 LP |
894 | a->llmnr_ptr_rr->ttl = LLMNR_DEFAULT_TTL; |
895 | } | |
623a4c97 | 896 | |
ec2c5e43 | 897 | r = dns_zone_put(&a->link->llmnr_ipv6_scope->zone, a->link->llmnr_ipv6_scope, a->llmnr_address_rr, true); |
623a4c97 | 898 | if (r < 0) |
da927ba9 | 899 | log_warning_errno(r, "Failed to add AAAA record to LLMNR zone: %m"); |
623a4c97 | 900 | |
ec2c5e43 | 901 | r = dns_zone_put(&a->link->llmnr_ipv6_scope->zone, a->link->llmnr_ipv6_scope, a->llmnr_ptr_rr, false); |
623a4c97 | 902 | if (r < 0) |
da927ba9 | 903 | log_warning_errno(r, "Failed to add IPv6 PTR record to LLMNR zone: %m"); |
623a4c97 | 904 | } else { |
ec2c5e43 LP |
905 | if (a->llmnr_address_rr) { |
906 | if (a->link->llmnr_ipv6_scope) | |
907 | dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_address_rr); | |
908 | a->llmnr_address_rr = dns_resource_record_unref(a->llmnr_address_rr); | |
909 | } | |
910 | ||
911 | if (a->llmnr_ptr_rr) { | |
912 | if (a->link->llmnr_ipv6_scope) | |
913 | dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_ptr_rr); | |
914 | a->llmnr_ptr_rr = dns_resource_record_unref(a->llmnr_ptr_rr); | |
915 | } | |
623a4c97 | 916 | } |
400cb36e DR |
917 | |
918 | if (!force_remove && | |
919 | link_address_relevant(a, true) && | |
920 | a->link->mdns_ipv6_scope && | |
921 | a->link->mdns_support == RESOLVE_SUPPORT_YES && | |
922 | a->link->manager->mdns_support == RESOLVE_SUPPORT_YES) { | |
923 | ||
924 | if (!a->link->manager->mdns_host_ipv6_key) { | |
925 | a->link->manager->mdns_host_ipv6_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_AAAA, a->link->manager->mdns_hostname); | |
926 | if (!a->link->manager->mdns_host_ipv6_key) { | |
927 | r = -ENOMEM; | |
928 | goto fail; | |
929 | } | |
930 | } | |
931 | ||
932 | if (!a->mdns_address_rr) { | |
933 | a->mdns_address_rr = dns_resource_record_new(a->link->manager->mdns_host_ipv6_key); | |
934 | if (!a->mdns_address_rr) { | |
935 | r = -ENOMEM; | |
936 | goto fail; | |
937 | } | |
938 | ||
939 | a->mdns_address_rr->aaaa.in6_addr = a->in_addr.in6; | |
940 | a->mdns_address_rr->ttl = MDNS_DEFAULT_TTL; | |
941 | } | |
942 | ||
943 | if (!a->mdns_ptr_rr) { | |
944 | r = dns_resource_record_new_reverse(&a->mdns_ptr_rr, a->family, &a->in_addr, a->link->manager->mdns_hostname); | |
945 | if (r < 0) | |
946 | goto fail; | |
947 | ||
948 | a->mdns_ptr_rr->ttl = MDNS_DEFAULT_TTL; | |
949 | } | |
950 | ||
951 | r = dns_zone_put(&a->link->mdns_ipv6_scope->zone, a->link->mdns_ipv6_scope, a->mdns_address_rr, true); | |
952 | if (r < 0) | |
953 | log_warning_errno(r, "Failed to add AAAA record to MDNS zone: %m"); | |
954 | ||
955 | r = dns_zone_put(&a->link->mdns_ipv6_scope->zone, a->link->mdns_ipv6_scope, a->mdns_ptr_rr, false); | |
956 | if (r < 0) | |
957 | log_warning_errno(r, "Failed to add IPv6 PTR record to MDNS zone: %m"); | |
958 | } else { | |
959 | if (a->mdns_address_rr) { | |
960 | if (a->link->mdns_ipv6_scope) | |
961 | dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_address_rr); | |
962 | a->mdns_address_rr = dns_resource_record_unref(a->mdns_address_rr); | |
963 | } | |
964 | ||
965 | if (a->mdns_ptr_rr) { | |
966 | if (a->link->mdns_ipv6_scope) | |
967 | dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_ptr_rr); | |
968 | a->mdns_ptr_rr = dns_resource_record_unref(a->mdns_ptr_rr); | |
969 | } | |
970 | } | |
623a4c97 LP |
971 | } |
972 | ||
973 | return; | |
974 | ||
975 | fail: | |
da927ba9 | 976 | log_debug_errno(r, "Failed to update address RRs: %m"); |
623a4c97 LP |
977 | } |
978 | ||
1c4baffc | 979 | int link_address_update_rtnl(LinkAddress *a, sd_netlink_message *m) { |
74b2466e LP |
980 | int r; |
981 | assert(a); | |
982 | assert(m); | |
983 | ||
984 | r = sd_rtnl_message_addr_get_flags(m, &a->flags); | |
985 | if (r < 0) | |
986 | return r; | |
987 | ||
1716f6dc | 988 | sd_rtnl_message_addr_get_scope(m, &a->scope); |
74b2466e | 989 | |
1716f6dc | 990 | link_allocate_scopes(a->link); |
ec2c5e43 | 991 | link_add_rrs(a->link, false); |
623a4c97 | 992 | |
74b2466e LP |
993 | return 0; |
994 | } | |
995 | ||
011696f7 | 996 | bool link_address_relevant(LinkAddress *a, bool local_multicast) { |
74b2466e LP |
997 | assert(a); |
998 | ||
7b85d72f | 999 | if (a->flags & (IFA_F_DEPRECATED|IFA_F_TENTATIVE)) |
74b2466e LP |
1000 | return false; |
1001 | ||
011696f7 | 1002 | if (a->scope >= (local_multicast ? RT_SCOPE_HOST : RT_SCOPE_LINK)) |
74b2466e LP |
1003 | return false; |
1004 | ||
1005 | return true; | |
1006 | } | |
943ef07c LP |
1007 | |
1008 | static bool link_needs_save(Link *l) { | |
1009 | assert(l); | |
1010 | ||
1011 | /* Returns true if any of the settings where set different from the default */ | |
1012 | ||
1013 | if (l->is_managed) | |
1014 | return false; | |
1015 | ||
1016 | if (l->llmnr_support != RESOLVE_SUPPORT_YES || | |
1017 | l->mdns_support != RESOLVE_SUPPORT_NO || | |
1018 | l->dnssec_mode != _DNSSEC_MODE_INVALID) | |
1019 | return true; | |
1020 | ||
1021 | if (l->dns_servers || | |
1022 | l->search_domains) | |
1023 | return true; | |
1024 | ||
1025 | if (!set_isempty(l->dnssec_negative_trust_anchors)) | |
1026 | return true; | |
1027 | ||
1028 | return false; | |
1029 | } | |
1030 | ||
1031 | int link_save_user(Link *l) { | |
1032 | _cleanup_free_ char *temp_path = NULL; | |
1033 | _cleanup_fclose_ FILE *f = NULL; | |
1034 | const char *v; | |
1035 | int r; | |
1036 | ||
1037 | assert(l); | |
1038 | assert(l->state_file); | |
1039 | ||
1040 | if (!link_needs_save(l)) { | |
1041 | (void) unlink(l->state_file); | |
1042 | return 0; | |
1043 | } | |
1044 | ||
1045 | r = mkdir_parents(l->state_file, 0700); | |
1046 | if (r < 0) | |
1047 | goto fail; | |
1048 | ||
1049 | r = fopen_temporary(l->state_file, &f, &temp_path); | |
1050 | if (r < 0) | |
1051 | goto fail; | |
1052 | ||
4b61c875 | 1053 | fputs_unlocked("# This is private data. Do not parse.\n", f); |
943ef07c LP |
1054 | |
1055 | v = resolve_support_to_string(l->llmnr_support); | |
1056 | if (v) | |
1057 | fprintf(f, "LLMNR=%s\n", v); | |
1058 | ||
1059 | v = resolve_support_to_string(l->mdns_support); | |
1060 | if (v) | |
1061 | fprintf(f, "MDNS=%s\n", v); | |
1062 | ||
1063 | v = dnssec_mode_to_string(l->dnssec_mode); | |
1064 | if (v) | |
1065 | fprintf(f, "DNSSEC=%s\n", v); | |
1066 | ||
1067 | if (l->dns_servers) { | |
1068 | DnsServer *server; | |
1069 | ||
4b61c875 | 1070 | fputs_unlocked("SERVERS=", f); |
943ef07c LP |
1071 | LIST_FOREACH(servers, server, l->dns_servers) { |
1072 | ||
1073 | if (server != l->dns_servers) | |
4b61c875 | 1074 | fputc_unlocked(' ', f); |
943ef07c LP |
1075 | |
1076 | v = dns_server_string(server); | |
1077 | if (!v) { | |
1078 | r = -ENOMEM; | |
1079 | goto fail; | |
1080 | } | |
1081 | ||
4b61c875 | 1082 | fputs_unlocked(v, f); |
943ef07c | 1083 | } |
4b61c875 | 1084 | fputc_unlocked('\n', f); |
943ef07c LP |
1085 | } |
1086 | ||
1087 | if (l->search_domains) { | |
1088 | DnsSearchDomain *domain; | |
1089 | ||
4b61c875 | 1090 | fputs_unlocked("DOMAINS=", f); |
943ef07c LP |
1091 | LIST_FOREACH(domains, domain, l->search_domains) { |
1092 | ||
1093 | if (domain != l->search_domains) | |
4b61c875 | 1094 | fputc_unlocked(' ', f); |
943ef07c LP |
1095 | |
1096 | if (domain->route_only) | |
4b61c875 | 1097 | fputc_unlocked('~', f); |
943ef07c | 1098 | |
4b61c875 | 1099 | fputs_unlocked(DNS_SEARCH_DOMAIN_NAME(domain), f); |
943ef07c | 1100 | } |
4b61c875 | 1101 | fputc_unlocked('\n', f); |
943ef07c LP |
1102 | } |
1103 | ||
1104 | if (!set_isempty(l->dnssec_negative_trust_anchors)) { | |
1105 | bool space = false; | |
1106 | Iterator i; | |
1107 | char *nta; | |
1108 | ||
4b61c875 | 1109 | fputs_unlocked("NTAS=", f); |
943ef07c LP |
1110 | SET_FOREACH(nta, l->dnssec_negative_trust_anchors, i) { |
1111 | ||
1112 | if (space) | |
4b61c875 | 1113 | fputc_unlocked(' ', f); |
943ef07c | 1114 | |
4b61c875 | 1115 | fputs_unlocked(nta, f); |
943ef07c LP |
1116 | space = true; |
1117 | } | |
4b61c875 | 1118 | fputc_unlocked('\n', f); |
943ef07c LP |
1119 | } |
1120 | ||
1121 | r = fflush_and_check(f); | |
1122 | if (r < 0) | |
1123 | goto fail; | |
1124 | ||
1125 | if (rename(temp_path, l->state_file) < 0) { | |
1126 | r = -errno; | |
1127 | goto fail; | |
1128 | } | |
1129 | ||
1130 | return 0; | |
1131 | ||
1132 | fail: | |
1133 | (void) unlink(l->state_file); | |
1134 | ||
1135 | if (temp_path) | |
1136 | (void) unlink(temp_path); | |
1137 | ||
1138 | return log_error_errno(r, "Failed to save link data %s: %m", l->state_file); | |
1139 | } | |
1140 | ||
1141 | int link_load_user(Link *l) { | |
1142 | _cleanup_free_ char | |
1143 | *llmnr = NULL, | |
1144 | *mdns = NULL, | |
1145 | *dnssec = NULL, | |
1146 | *servers = NULL, | |
1147 | *domains = NULL, | |
1148 | *ntas = NULL; | |
1149 | ||
1150 | ResolveSupport s; | |
c58bd76a | 1151 | const char *p; |
943ef07c LP |
1152 | int r; |
1153 | ||
1154 | assert(l); | |
1155 | assert(l->state_file); | |
1156 | ||
1157 | /* Try to load only a single time */ | |
1158 | if (l->loaded) | |
1159 | return 0; | |
1160 | l->loaded = true; | |
1161 | ||
1162 | if (l->is_managed) | |
1163 | return 0; /* if the device is managed, then networkd is our configuration source, not the bus API */ | |
1164 | ||
1165 | r = parse_env_file(l->state_file, NEWLINE, | |
1166 | "LLMNR", &llmnr, | |
1167 | "MDNS", &mdns, | |
1168 | "DNSSEC", &dnssec, | |
1169 | "SERVERS", &servers, | |
1170 | "DOMAINS", &domains, | |
1171 | "NTAS", &ntas, | |
1172 | NULL); | |
1173 | if (r == -ENOENT) | |
1174 | return 0; | |
1175 | if (r < 0) | |
1176 | goto fail; | |
1177 | ||
1178 | link_flush_settings(l); | |
1179 | ||
1180 | /* If we can't recognize the LLMNR or MDNS setting we don't override the default */ | |
1181 | s = resolve_support_from_string(llmnr); | |
1182 | if (s >= 0) | |
1183 | l->llmnr_support = s; | |
1184 | ||
1185 | s = resolve_support_from_string(mdns); | |
1186 | if (s >= 0) | |
1187 | l->mdns_support = s; | |
1188 | ||
1189 | /* If we can't recognize the DNSSEC setting, then set it to invalid, so that the daemon default is used. */ | |
1190 | l->dnssec_mode = dnssec_mode_from_string(dnssec); | |
1191 | ||
c58bd76a ZJS |
1192 | for (p = servers;;) { |
1193 | _cleanup_free_ char *word = NULL; | |
943ef07c | 1194 | |
c58bd76a ZJS |
1195 | r = extract_first_word(&p, &word, NULL, 0); |
1196 | if (r < 0) | |
1197 | goto fail; | |
1198 | if (r == 0) | |
1199 | break; | |
943ef07c | 1200 | |
c58bd76a ZJS |
1201 | r = link_update_dns_server_one(l, word); |
1202 | if (r < 0) { | |
1203 | log_debug_errno(r, "Failed to load DNS server '%s', ignoring: %m", word); | |
1204 | continue; | |
943ef07c LP |
1205 | } |
1206 | } | |
1207 | ||
c58bd76a ZJS |
1208 | for (p = domains;;) { |
1209 | _cleanup_free_ char *word = NULL; | |
1210 | const char *n; | |
1211 | bool is_route; | |
943ef07c | 1212 | |
c58bd76a ZJS |
1213 | r = extract_first_word(&p, &word, NULL, 0); |
1214 | if (r < 0) | |
1215 | goto fail; | |
1216 | if (r == 0) | |
1217 | break; | |
943ef07c | 1218 | |
c58bd76a ZJS |
1219 | is_route = word[0] == '~'; |
1220 | n = is_route ? word + 1 : word; | |
943ef07c | 1221 | |
c58bd76a ZJS |
1222 | r = link_update_search_domain_one(l, n, is_route); |
1223 | if (r < 0) { | |
1224 | log_debug_errno(r, "Failed to load search domain '%s', ignoring: %m", word); | |
1225 | continue; | |
943ef07c LP |
1226 | } |
1227 | } | |
1228 | ||
1229 | if (ntas) { | |
1230 | _cleanup_set_free_free_ Set *ns = NULL; | |
1231 | ||
1232 | ns = set_new(&dns_name_hash_ops); | |
1233 | if (!ns) { | |
1234 | r = -ENOMEM; | |
1235 | goto fail; | |
1236 | } | |
1237 | ||
1238 | r = set_put_strsplit(ns, ntas, NULL, 0); | |
1239 | if (r < 0) | |
1240 | goto fail; | |
1241 | ||
1242 | l->dnssec_negative_trust_anchors = ns; | |
1243 | ns = NULL; | |
1244 | } | |
1245 | ||
1246 | return 0; | |
1247 | ||
1248 | fail: | |
1249 | return log_error_errno(r, "Failed to load link data %s: %m", l->state_file); | |
1250 | } | |
1251 | ||
1252 | void link_remove_user(Link *l) { | |
1253 | assert(l); | |
1254 | assert(l->state_file); | |
1255 | ||
1256 | (void) unlink(l->state_file); | |
1257 | } |