]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/resolve/resolved-link.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #17444 from BtbN/fix_ib_dhcp4
[thirdparty/systemd.git] / src / resolve / resolved-link.c
CommitLineData
53e1b683 1/* SPDX-License-Identifier: LGPL-2.1+ */
74b2466e 2
01234e1f 3#include <linux/if.h>
01234e1f 4#include <unistd.h>
74b2466e
LP		 5
6#include "sd-network.h"
07630cea 7
b5efdb8a 8#include "alloc-util.h"
686d13b9 9#include "env-file.h"
943ef07c
LP		 10#include "fd-util.h"
11#include "fileio.h"
603192b2 12#include "log-link.h"
943ef07c 13#include "mkdir.h"
6bedfcbb 14#include "parse-util.h"
74b2466e 15#include "resolved-link.h"
c6a8f6f6
YW		 16#include "resolved-llmnr.h"
17#include "resolved-mdns.h"
8aa5afd2 18#include "socket-netlink.h"
07630cea
LP		 19#include "string-util.h"
20#include "strv.h"
e4de7287 21#include "tmpfile-util.h"
74b2466e
LP		 22
23int link_new(Manager *m, Link **ret, int ifindex) {
24 _cleanup_(link_freep) Link *l = NULL;
25 int r;
26
27 assert(m);
28 assert(ifindex > 0);
29
d5099efc 30 r = hashmap_ensure_allocated(&m->links, NULL);
74b2466e
LP		 31 if (r < 0)
32 return r;
33
ca5394d2 34 l = new(Link, 1);
74b2466e
LP		 35 if (!l)
36 return -ENOMEM;
37
ca5394d2
LP		 38 *l = (Link) {
39 .ifindex = ifindex,
40 .default_route = -1,
41 .llmnr_support = RESOLVE_SUPPORT_YES,
42 .mdns_support = RESOLVE_SUPPORT_NO,
43 .dnssec_mode = _DNSSEC_MODE_INVALID,
44 .dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID,
45 .operstate = IF_OPER_UNKNOWN,
46 };
74b2466e 47
943ef07c
LP		 48 if (asprintf(&l->state_file, "/run/systemd/resolve/netif/%i", ifindex) < 0)
49 return -ENOMEM;
50
74b2466e
LP		 51 r = hashmap_put(m->links, INT_TO_PTR(ifindex), l);
52 if (r < 0)
53 return r;
54
55 l->manager = m;
56
57 if (ret)
58 *ret = l;
59 l = NULL;
60
61 return 0;
62}
63
97e5d693
LP		 64void link_flush_settings(Link *l) {
65 assert(l);
66
ca5394d2 67 l->default_route = -1;
97e5d693
LP		 68 l->llmnr_support = RESOLVE_SUPPORT_YES;
69 l->mdns_support = RESOLVE_SUPPORT_NO;
70 l->dnssec_mode = _DNSSEC_MODE_INVALID;
c9299be2 71 l->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID;
97e5d693
LP		 72
73 dns_server_unlink_all(l->dns_servers);
74 dns_search_domain_unlink_all(l->search_domains);
75
76 l->dnssec_negative_trust_anchors = set_free_free(l->dnssec_negative_trust_anchors);
77}
78
74b2466e 79Link *link_free(Link *l) {
74b2466e
LP		 80 if (!l)
81 return NULL;
82
c3ae4188
DR		 83 /* Send goodbye messages. */
84 dns_scope_announce(l->mdns_ipv4_scope, true);
85 dns_scope_announce(l->mdns_ipv6_scope, true);
86
97e5d693 87 link_flush_settings(l);
0eac4623 88
74b2466e 89 while (l->addresses)
97e5d693 90 (void) link_address_free(l->addresses);
74b2466e
LP		 91
92 if (l->manager)
93 hashmap_remove(l->manager->links, INT_TO_PTR(l->ifindex));
94
95 dns_scope_free(l->unicast_scope);
1716f6dc
LP		 96 dns_scope_free(l->llmnr_ipv4_scope);
97 dns_scope_free(l->llmnr_ipv6_scope);
b4f1862d
DM		 98 dns_scope_free(l->mdns_ipv4_scope);
99 dns_scope_free(l->mdns_ipv6_scope);
74b2466e 100
943ef07c 101 free(l->state_file);
6ff79f76 102 free(l->ifname);
943ef07c 103
6b430fdb 104 return mfree(l);
1716f6dc
LP		 105}
106
97e5d693 107void link_allocate_scopes(Link *l) {
59c0fd0e 108 bool unicast_relevant;
1716f6dc
LP		 109 int r;
110
111 assert(l);
112
59c0fd0e
LP		 113 /* If a link that used to be relevant is no longer, or a link that did not use to be relevant now becomes
114 * relevant, let's reinit the learnt global DNS server information, since we might talk to different servers
115 * now, even if they have the same addresses as before. */
116
117 unicast_relevant = link_relevant(l, AF_UNSPEC, false);
118 if (unicast_relevant != l->unicast_relevant) {
119 l->unicast_relevant = unicast_relevant;
120
121 dns_server_reset_features_all(l->manager->fallback_dns_servers);
122 dns_server_reset_features_all(l->manager->dns_servers);
63b12191
LP		 123
124 /* Also, flush the global unicast scope, to deal with split horizon setups, where talking through one
125 * interface reveals different DNS zones than through others. */
126 if (l->manager->unicast_scope)
127 dns_cache_flush(&l->manager->unicast_scope->cache);
59c0fd0e
LP		 128 }
129
130 /* And now, allocate all scopes that makes sense now if we didn't have them yet, and drop those which we don't
131 * need anymore */
132
133 if (unicast_relevant && l->dns_servers) {
1716f6dc 134 if (!l->unicast_scope) {
59c0fd0e
LP		 135 dns_server_reset_features_all(l->dns_servers);
136
1716f6dc
LP		 137 r = dns_scope_new(l->manager, &l->unicast_scope, l, DNS_PROTOCOL_DNS, AF_UNSPEC);
138 if (r < 0)
da927ba9 139 log_warning_errno(r, "Failed to allocate DNS scope: %m");
1716f6dc
LP		 140 }
141 } else
142 l->unicast_scope = dns_scope_free(l->unicast_scope);
143
dfc1091b 144 if (link_relevant(l, AF_INET, true) &&
af49ca27
LP		 145 l->llmnr_support != RESOLVE_SUPPORT_NO &&
146 l->manager->llmnr_support != RESOLVE_SUPPORT_NO) {
1716f6dc
LP		 147 if (!l->llmnr_ipv4_scope) {
148 r = dns_scope_new(l->manager, &l->llmnr_ipv4_scope, l, DNS_PROTOCOL_LLMNR, AF_INET);
149 if (r < 0)
da927ba9 150 log_warning_errno(r, "Failed to allocate LLMNR IPv4 scope: %m");
1716f6dc
LP		 151 }
152 } else
153 l->llmnr_ipv4_scope = dns_scope_free(l->llmnr_ipv4_scope);
154
dfc1091b 155 if (link_relevant(l, AF_INET6, true) &&
af49ca27
LP		 156 l->llmnr_support != RESOLVE_SUPPORT_NO &&
157 l->manager->llmnr_support != RESOLVE_SUPPORT_NO &&
db97a66a 158 socket_ipv6_is_supported()) {
1716f6dc
LP		 159 if (!l->llmnr_ipv6_scope) {
160 r = dns_scope_new(l->manager, &l->llmnr_ipv6_scope, l, DNS_PROTOCOL_LLMNR, AF_INET6);
161 if (r < 0)
da927ba9 162 log_warning_errno(r, "Failed to allocate LLMNR IPv6 scope: %m");
1716f6dc
LP		 163 }
164 } else
165 l->llmnr_ipv6_scope = dns_scope_free(l->llmnr_ipv6_scope);
b4f1862d 166
dfc1091b 167 if (link_relevant(l, AF_INET, true) &&
af49ca27
LP		 168 l->mdns_support != RESOLVE_SUPPORT_NO &&
169 l->manager->mdns_support != RESOLVE_SUPPORT_NO) {
b4f1862d
DM		 170 if (!l->mdns_ipv4_scope) {
171 r = dns_scope_new(l->manager, &l->mdns_ipv4_scope, l, DNS_PROTOCOL_MDNS, AF_INET);
172 if (r < 0)
173 log_warning_errno(r, "Failed to allocate mDNS IPv4 scope: %m");
174 }
175 } else
176 l->mdns_ipv4_scope = dns_scope_free(l->mdns_ipv4_scope);
177
dfc1091b 178 if (link_relevant(l, AF_INET6, true) &&
af49ca27
LP		 179 l->mdns_support != RESOLVE_SUPPORT_NO &&
180 l->manager->mdns_support != RESOLVE_SUPPORT_NO) {
b4f1862d
DM		 181 if (!l->mdns_ipv6_scope) {
182 r = dns_scope_new(l->manager, &l->mdns_ipv6_scope, l, DNS_PROTOCOL_MDNS, AF_INET6);
183 if (r < 0)
184 log_warning_errno(r, "Failed to allocate mDNS IPv6 scope: %m");
185 }
186 } else
187 l->mdns_ipv6_scope = dns_scope_free(l->mdns_ipv6_scope);
1716f6dc 188}
74b2466e 189
ec2c5e43 190void link_add_rrs(Link *l, bool force_remove) {
623a4c97 191 LinkAddress *a;
6db6a464 192 int r;
623a4c97
LP		 193
194 LIST_FOREACH(addresses, a, l->addresses)
ec2c5e43 195 link_address_add_rrs(a, force_remove);
6db6a464
DR		 196
197 if (!force_remove &&
198 l->mdns_support == RESOLVE_SUPPORT_YES &&
199 l->manager->mdns_support == RESOLVE_SUPPORT_YES) {
200
201 if (l->mdns_ipv4_scope) {
202 r = dns_scope_add_dnssd_services(l->mdns_ipv4_scope);
203 if (r < 0)
204 log_warning_errno(r, "Failed to add IPv4 DNS-SD services: %m");
205 }
206
207 if (l->mdns_ipv6_scope) {
208 r = dns_scope_add_dnssd_services(l->mdns_ipv6_scope);
209 if (r < 0)
210 log_warning_errno(r, "Failed to add IPv6 DNS-SD services: %m");
211 }
212
213 } else {
214
215 if (l->mdns_ipv4_scope) {
216 r = dns_scope_remove_dnssd_services(l->mdns_ipv4_scope);
217 if (r < 0)
218 log_warning_errno(r, "Failed to remove IPv4 DNS-SD services: %m");
219 }
220
221 if (l->mdns_ipv6_scope) {
222 r = dns_scope_remove_dnssd_services(l->mdns_ipv6_scope);
223 if (r < 0)
224 log_warning_errno(r, "Failed to remove IPv6 DNS-SD services: %m");
225 }
226 }
623a4c97
LP		 227}
228
943ef07c 229int link_process_rtnl(Link *l, sd_netlink_message *m) {
1716f6dc 230 const char *n = NULL;
74b2466e
LP		 231 int r;
232
233 assert(l);
234 assert(m);
235
236 r = sd_rtnl_message_link_get_flags(m, &l->flags);
237 if (r < 0)
238 return r;
239
6955a3ba
LP		 240 (void) sd_netlink_message_read_u32(m, IFLA_MTU, &l->mtu);
241 (void) sd_netlink_message_read_u8(m, IFLA_OPERSTATE, &l->operstate);
1716f6dc 242
1c4baffc 243 if (sd_netlink_message_read_string(m, IFLA_IFNAME, &n) >= 0) {
6ff79f76
YW		 244 r = free_and_strdup(&l->ifname, n);
245 if (r < 0)
246 return r;
1716f6dc
LP		 247 }
248
249 link_allocate_scopes(l);
ec2c5e43 250 link_add_rrs(l, false);
623a4c97 251
74b2466e
LP		 252 return 0;
253}
254
8aa5afd2
YW		 255static int link_update_dns_server_one(Link *l, const char *str) {
256 _cleanup_free_ char *name = NULL;
257 int family, ifindex, r;
55e99f20
LP		 258 union in_addr_union a;
259 DnsServer *s;
8aa5afd2 260 uint16_t port;
55e99f20
LP		 261
262 assert(l);
8aa5afd2 263 assert(str);
55e99f20 264
8aa5afd2 265 r = in_addr_port_ifindex_name_from_string_auto(str, &family, &a, &port, &ifindex, &name);
55e99f20
LP		 266 if (r < 0)
267 return r;
268
8aa5afd2
YW		 269 if (ifindex != 0 && ifindex != l->ifindex)
270 return -EINVAL;
271
272 /* By default, the port number is determined with the transaction feature level.
273 * See dns_transaction_port() and dns_server_port(). */
274 if (IN_SET(port, 53, 853))
275 port = 0;
276
277 s = dns_server_find(l->dns_servers, family, &a, port, 0, name);
55e99f20
LP		 278 if (s) {
279 dns_server_move_back_and_unmark(s);
280 return 0;
281 }
282
8aa5afd2 283 return dns_server_new(l->manager, NULL, DNS_SERVER_LINK, l, family, &a, port, 0, name);
55e99f20
LP		 284}
285
6073b6f2 286static int link_update_dns_servers(Link *l) {
6f4dedb2
TG		 287 _cleanup_strv_free_ char **nameservers = NULL;
288 char **nameserver;
6f4dedb2 289 int r;
74b2466e
LP		 290
291 assert(l);
292
d6731e4c 293 r = sd_network_link_get_dns(l->ifindex, &nameservers);
1ade96e9
LP		 294 if (r == -ENODATA) {
295 r = 0;
296 goto clear;
297 }
6f4dedb2 298 if (r < 0)
74b2466e 299 goto clear;
74b2466e 300
4b95f179 301 dns_server_mark_all(l->dns_servers);
5cb36f41 302
6f4dedb2 303 STRV_FOREACH(nameserver, nameservers) {
55e99f20 304 r = link_update_dns_server_one(l, *nameserver);
6f4dedb2
TG		 305 if (r < 0)
306 goto clear;
74b2466e
LP		 307 }
308
4b95f179 309 dns_server_unlink_marked(l->dns_servers);
74b2466e
LP		 310 return 0;
311
312clear:
4b95f179 313 dns_server_unlink_all(l->dns_servers);
74b2466e
LP		 314 return r;
315}
316
fdb4d313
LP		 317static int link_update_default_route(Link *l) {
318 int r;
319
320 assert(l);
321
322 r = sd_network_link_get_dns_default_route(l->ifindex);
323 if (r == -ENODATA) {
324 r = 0;
325 goto clear;
326 }
327 if (r < 0)
328 goto clear;
329
330 l->default_route = r > 0;
331 return 0;
332
333clear:
334 l->default_route = -1;
335 return r;
336}
337
19b50b5b
LP		 338static int link_update_llmnr_support(Link *l) {
339 _cleanup_free_ char *b = NULL;
340 int r;
341
342 assert(l);
343
d6731e4c 344 r = sd_network_link_get_llmnr(l->ifindex, &b);
1ade96e9
LP		 345 if (r == -ENODATA) {
346 r = 0;
347 goto clear;
348 }
19b50b5b
LP		 349 if (r < 0)
350 goto clear;
351
af49ca27
LP		 352 l->llmnr_support = resolve_support_from_string(b);
353 if (l->llmnr_support < 0) {
354 r = -EINVAL;
355 goto clear;
356 }
19b50b5b
LP		 357
358 return 0;
359
360clear:
af49ca27 361 l->llmnr_support = RESOLVE_SUPPORT_YES;
19b50b5b
LP		 362 return r;
363}
364
aaa297d4
LP		 365static int link_update_mdns_support(Link *l) {
366 _cleanup_free_ char *b = NULL;
367 int r;
368
369 assert(l);
370
371 r = sd_network_link_get_mdns(l->ifindex, &b);
372 if (r == -ENODATA) {
373 r = 0;
374 goto clear;
375 }
376 if (r < 0)
377 goto clear;
378
379 l->mdns_support = resolve_support_from_string(b);
380 if (l->mdns_support < 0) {
381 r = -EINVAL;
382 goto clear;
383 }
384
385 return 0;
386
387clear:
388 l->mdns_support = RESOLVE_SUPPORT_NO;
389 return r;
390}
391
c9299be2 392void link_set_dns_over_tls_mode(Link *l, DnsOverTlsMode mode) {
d050561a
IT		 393
394 assert(l);
395
56ddbf10 396#if ! ENABLE_DNS_OVER_TLS
c9299be2 397 if (mode != DNS_OVER_TLS_NO)
4310bfc2 398 log_warning("DNS-over-TLS option for the link cannot be enabled or set to opportunistic when systemd-resolved is built without DNS-over-TLS support. Turning off DNS-over-TLS support.");
d050561a
IT		 399 return;
400#endif
401
c9299be2 402 l->dns_over_tls_mode = mode;
d050561a
IT		 403}
404
c9299be2 405static int link_update_dns_over_tls_mode(Link *l) {
d050561a
IT		 406 _cleanup_free_ char *b = NULL;
407 int r;
408
409 assert(l);
410
c9299be2 411 r = sd_network_link_get_dns_over_tls(l->ifindex, &b);
d050561a
IT		 412 if (r == -ENODATA) {
413 r = 0;
414 goto clear;
415 }
416 if (r < 0)
417 goto clear;
418
c9299be2
IT		 419 l->dns_over_tls_mode = dns_over_tls_mode_from_string(b);
420 if (l->dns_over_tls_mode < 0) {
d050561a
IT		 421 r = -EINVAL;
422 goto clear;
423 }
424
425 return 0;
426
427clear:
c9299be2 428 l->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID;
d050561a
IT		 429 return r;
430}
431
97e5d693
LP		 432void link_set_dnssec_mode(Link *l, DnssecMode mode) {
433
434 assert(l);
435
349cc4a5 436#if ! HAVE_GCRYPT
3742095b 437 if (IN_SET(mode, DNSSEC_YES, DNSSEC_ALLOW_DOWNGRADE))
42303dcb
YW		 438 log_warning("DNSSEC option for the link cannot be enabled or set to allow-downgrade when systemd-resolved is built without gcrypt support. Turning off DNSSEC support.");
439 return;
440#endif
441
97e5d693
LP		 442 if (l->dnssec_mode == mode)
443 return;
444
445 if ((l->dnssec_mode == _DNSSEC_MODE_INVALID) ||
446 (l->dnssec_mode == DNSSEC_NO && mode != DNSSEC_NO) ||
447 (l->dnssec_mode == DNSSEC_ALLOW_DOWNGRADE && mode == DNSSEC_YES)) {
448
449 /* When switching from non-DNSSEC mode to DNSSEC mode, flush the cache. Also when switching from the
450 * allow-downgrade mode to full DNSSEC mode, flush it too. */
451 if (l->unicast_scope)
452 dns_cache_flush(&l->unicast_scope->cache);
453 }
454
455 l->dnssec_mode = mode;
456}
457
ad6c0475
LP		 458static int link_update_dnssec_mode(Link *l) {
459 _cleanup_free_ char *m = NULL;
2e1bab34 460 DnssecMode mode;
ad6c0475
LP		 461 int r;
462
463 assert(l);
464
465 r = sd_network_link_get_dnssec(l->ifindex, &m);
466 if (r == -ENODATA) {
467 r = 0;
468 goto clear;
469 }
470 if (r < 0)
471 goto clear;
472
2e1bab34
LP		 473 mode = dnssec_mode_from_string(m);
474 if (mode < 0) {
ad6c0475
LP		 475 r = -EINVAL;
476 goto clear;
477 }
478
97e5d693 479 link_set_dnssec_mode(l, mode);
2e1bab34 480
ad6c0475
LP		 481 return 0;
482
483clear:
484 l->dnssec_mode = _DNSSEC_MODE_INVALID;
485 return r;
486}
487
8a516214
LP		 488static int link_update_dnssec_negative_trust_anchors(Link *l) {
489 _cleanup_strv_free_ char **ntas = NULL;
490 _cleanup_set_free_free_ Set *ns = NULL;
8a516214
LP		 491 int r;
492
493 assert(l);
494
495 r = sd_network_link_get_dnssec_negative_trust_anchors(l->ifindex, &ntas);
496 if (r == -ENODATA) {
497 r = 0;
498 goto clear;
499 }
500 if (r < 0)
501 goto clear;
502
503 ns = set_new(&dns_name_hash_ops);
504 if (!ns)
505 return -ENOMEM;
506
be327321 507 r = set_put_strdupv(&ns, ntas);
39f259e0
LP		 508 if (r < 0)
509 return r;
8a516214
LP		 510
511 set_free_free(l->dnssec_negative_trust_anchors);
ae2a15bc 512 l->dnssec_negative_trust_anchors = TAKE_PTR(ns);
8a516214
LP		 513
514 return 0;
515
516clear:
517 l->dnssec_negative_trust_anchors = set_free_free(l->dnssec_negative_trust_anchors);
518 return r;
519}
520
ad44b56b
LP		 521static int link_update_search_domain_one(Link *l, const char *name, bool route_only) {
522 DnsSearchDomain *d;
523 int r;
524
39f259e0
LP		 525 assert(l);
526 assert(name);
527
ad44b56b
LP		 528 r = dns_search_domain_find(l->search_domains, name, &d);
529 if (r < 0)
530 return r;
531 if (r > 0)
532 dns_search_domain_move_back_and_unmark(d);
533 else {
534 r = dns_search_domain_new(l->manager, &d, DNS_SEARCH_DOMAIN_LINK, l, name);
535 if (r < 0)
536 return r;
537 }
538
539 d->route_only = route_only;
540 return 0;
541}
542
a51c1048 543static int link_update_search_domains(Link *l) {
ad44b56b 544 _cleanup_strv_free_ char **sdomains = NULL, **rdomains = NULL;
a51c1048 545 char **i;
ad44b56b 546 int r, q;
bda2c408 547
a51c1048 548 assert(l);
bda2c408 549
ad44b56b
LP		 550 r = sd_network_link_get_search_domains(l->ifindex, &sdomains);
551 if (r < 0 && r != -ENODATA)
552 goto clear;
553
554 q = sd_network_link_get_route_domains(l->ifindex, &rdomains);
555 if (q < 0 && q != -ENODATA) {
556 r = q;
557 goto clear;
558 }
559
560 if (r == -ENODATA && q == -ENODATA) {
1ade96e9
LP		 561 /* networkd knows nothing about this interface, and that's fine. */
562 r = 0;
563 goto clear;
564 }
a51c1048
LP		 565
566 dns_search_domain_mark_all(l->search_domains);
567
ad44b56b
LP		 568 STRV_FOREACH(i, sdomains) {
569 r = link_update_search_domain_one(l, *i, false);
a51c1048
LP		 570 if (r < 0)
571 goto clear;
ad44b56b 572 }
a51c1048 573
ad44b56b
LP		 574 STRV_FOREACH(i, rdomains) {
575 r = link_update_search_domain_one(l, *i, true);
576 if (r < 0)
577 goto clear;
a51c1048
LP		 578 }
579
580 dns_search_domain_unlink_marked(l->search_domains);
bda2c408 581 return 0;
a51c1048
LP		 582
583clear:
584 dns_search_domain_unlink_all(l->search_domains);
585 return r;
bda2c408
TG		 586}
587
b6274a0e 588static int link_is_managed(Link *l) {
97e5d693 589 _cleanup_free_ char *state = NULL;
a51c1048
LP		 590 int r;
591
74b2466e
LP		 592 assert(l);
593
97e5d693
LP		 594 r = sd_network_link_get_setup_state(l->ifindex, &state);
595 if (r == -ENODATA)
b6274a0e 596 return 0;
97e5d693
LP		 597 if (r < 0)
598 return r;
599
b6274a0e 600 return !STR_IN_SET(state, "pending", "unmanaged");
97e5d693
LP		 601}
602
603static void link_read_settings(Link *l) {
604 int r;
605
606 assert(l);
607
608 /* Read settings from networkd, except when networkd is not managing this interface. */
609
b6274a0e 610 r = link_is_managed(l);
97e5d693 611 if (r < 0) {
603192b2 612 log_link_warning_errno(l, r, "Failed to determine whether the interface is managed: %m");
97e5d693
LP		 613 return;
614 }
b6274a0e 615 if (r == 0) {
97e5d693 616
ccddd104 617 /* If this link used to be managed, but is now unmanaged, flush all our settings — but only once. */
97e5d693
LP		 618 if (l->is_managed)
619 link_flush_settings(l);
620
621 l->is_managed = false;
622 return;
623 }
624
625 l->is_managed = true;
626
125ae29d
LP		 627 r = link_update_dns_servers(l);
628 if (r < 0)
603192b2 629 log_link_warning_errno(l, r, "Failed to read DNS servers for the interface, ignoring: %m");
125ae29d
LP		 630
631 r = link_update_llmnr_support(l);
632 if (r < 0)
603192b2 633 log_link_warning_errno(l, r, "Failed to read LLMNR support for the interface, ignoring: %m");
125ae29d
LP		 634
635 r = link_update_mdns_support(l);
636 if (r < 0)
603192b2 637 log_link_warning_errno(l, r, "Failed to read mDNS support for the interface, ignoring: %m");
125ae29d 638
c9299be2 639 r = link_update_dns_over_tls_mode(l);
d050561a 640 if (r < 0)
603192b2 641 log_link_warning_errno(l, r, "Failed to read DNS-over-TLS mode for the interface, ignoring: %m");
d050561a 642
ad6c0475
LP		 643 r = link_update_dnssec_mode(l);
644 if (r < 0)
603192b2 645 log_link_warning_errno(l, r, "Failed to read DNSSEC mode for the interface, ignoring: %m");
a51c1048 646
8a516214
LP		 647 r = link_update_dnssec_negative_trust_anchors(l);
648 if (r < 0)
603192b2 649 log_link_warning_errno(l, r, "Failed to read DNSSEC negative trust anchors for the interface, ignoring: %m");
8a516214 650
a51c1048
LP		 651 r = link_update_search_domains(l);
652 if (r < 0)
603192b2 653 log_link_warning_errno(l, r, "Failed to read search domains for the interface, ignoring: %m");
fdb4d313
LP		 654
655 r = link_update_default_route(l);
656 if (r < 0)
603192b2 657 log_link_warning_errno(l, r, "Failed to read default route setting for the interface, proceeding anyway: %m");
97e5d693
LP		 658}
659
943ef07c 660int link_update(Link *l) {
c6a8f6f6
YW		 661 int r;
662
97e5d693 663 assert(l);
a51c1048 664
97e5d693 665 link_read_settings(l);
cbe194b3
YW		 666 r = link_load_user(l);
667 if (r < 0)
668 return r;
c6a8f6f6
YW		 669
670 if (l->llmnr_support != RESOLVE_SUPPORT_NO) {
671 r = manager_llmnr_start(l->manager);
672 if (r < 0)
673 return r;
674 }
675
676 if (l->mdns_support != RESOLVE_SUPPORT_NO) {
677 r = manager_mdns_start(l->manager);
678 if (r < 0)
679 return r;
680 }
681
ad6c0475 682 link_allocate_scopes(l);
ec2c5e43 683 link_add_rrs(l, false);
74b2466e
LP		 684
685 return 0;
686}
687
011696f7 688bool link_relevant(Link *l, int family, bool local_multicast) {
1716f6dc 689 _cleanup_free_ char *state = NULL;
74b2466e
LP		 690 LinkAddress *a;
691
692 assert(l);
693
c1edab7a 694 /* A link is relevant for local multicast traffic if it isn't a loopback device, has a link
011696f7
LP		 695 * beat, can do multicast and has at least one link-local (or better) IP address.
696 *
697 * A link is relevant for non-multicast traffic if it isn't a loopback device, has a link beat, and has at
13e785f7 698 * least one routable address. */
ec2c5e43 699
dfc1091b 700 if (l->flags & (IFF_LOOPBACK|IFF_DORMANT))
ec2c5e43 701 return false;
74b2466e 702
dfc1091b 703 if ((l->flags & (IFF_UP|IFF_LOWER_UP)) != (IFF_UP|IFF_LOWER_UP))
74b2466e
LP		 704 return false;
705
011696f7 706 if (local_multicast) {
dfc1091b
LP		 707 if ((l->flags & IFF_MULTICAST) != IFF_MULTICAST)
708 return false;
709 }
710
6955a3ba
LP		 711 /* Check kernel operstate
712 * https://www.kernel.org/doc/Documentation/networking/operstates.txt */
713 if (!IN_SET(l->operstate, IF_OPER_UNKNOWN, IF_OPER_UP))
714 return false;
715
716 (void) sd_network_link_get_operational_state(l->ifindex, &state);
aeafd03a 717 if (state && !STR_IN_SET(state, "unknown", "degraded", "degraded-carrier", "routable"))
74b2466e
LP		 718 return false;
719
720 LIST_FOREACH(addresses, a, l->addresses)
011696f7 721 if ((family == AF_UNSPEC || a->family == family) && link_address_relevant(a, local_multicast))
74b2466e
LP		 722 return true;
723
724 return false;
725}
726
623a4c97 727LinkAddress *link_find_address(Link *l, int family, const union in_addr_union *in_addr) {
74b2466e
LP		 728 LinkAddress *a;
729
730 assert(l);
731
1716f6dc
LP		 732 LIST_FOREACH(addresses, a, l->addresses)
733 if (a->family == family && in_addr_equal(family, &a->in_addr, in_addr))
74b2466e 734 return a;
74b2466e
LP		 735
736 return NULL;
737}
738
2c27fbca 739DnsServer* link_set_dns_server(Link *l, DnsServer *s) {
4e945a6f
LP		 740 assert(l);
741
742 if (l->current_dns_server == s)
743 return s;
744
6cb08a89 745 if (s)
8aa5afd2 746 log_debug("Switching to DNS server %s for interface %s.", strna(dns_server_string_full(s)), l->ifname);
4e945a6f 747
0eac4623
LP		 748 dns_server_unref(l->current_dns_server);
749 l->current_dns_server = dns_server_ref(s);
2c27fbca
LP		 750
751 if (l->unicast_scope)
752 dns_cache_flush(&l->unicast_scope->cache);
753
4e945a6f
LP		 754 return s;
755}
756
74b2466e
LP		 757DnsServer *link_get_dns_server(Link *l) {
758 assert(l);
759
760 if (!l->current_dns_server)
4e945a6f 761 link_set_dns_server(l, l->dns_servers);
74b2466e
LP		 762
763 return l->current_dns_server;
764}
765
766void link_next_dns_server(Link *l) {
767 assert(l);
768
74b2466e
LP		 769 if (!l->current_dns_server)
770 return;
771
0eac4623
LP		 772 /* Change to the next one, but make sure to follow the linked
773 * list only if this server is actually still linked. */
774 if (l->current_dns_server->linked && l->current_dns_server->servers_next) {
4e945a6f 775 link_set_dns_server(l, l->current_dns_server->servers_next);
74b2466e
LP		 776 return;
777 }
778
4e945a6f 779 link_set_dns_server(l, l->dns_servers);
74b2466e
LP		 780}
781
c9299be2 782DnsOverTlsMode link_get_dns_over_tls_mode(Link *l) {
d050561a
IT		 783 assert(l);
784
c9299be2
IT		 785 if (l->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
786 return l->dns_over_tls_mode;
d050561a 787
c9299be2 788 return manager_get_dns_over_tls_mode(l->manager);
d050561a
IT		 789}
790
c69fa7e3
LP		 791DnssecMode link_get_dnssec_mode(Link *l) {
792 assert(l);
793
794 if (l->dnssec_mode != _DNSSEC_MODE_INVALID)
795 return l->dnssec_mode;
796
797 return manager_get_dnssec_mode(l->manager);
798}
799
800bool link_dnssec_supported(Link *l) {
801 DnsServer *server;
802
803 assert(l);
804
805 if (link_get_dnssec_mode(l) == DNSSEC_NO)
806 return false;
807
808 server = link_get_dns_server(l);
809 if (server)
810 return dns_server_dnssec_supported(server);
811
812 return true;
813}
814
623a4c97 815int link_address_new(Link *l, LinkAddress **ret, int family, const union in_addr_union *in_addr) {
74b2466e
LP		 816 LinkAddress *a;
817
818 assert(l);
819 assert(in_addr);
820
1ed31408 821 a = new(LinkAddress, 1);
74b2466e
LP		 822 if (!a)
823 return -ENOMEM;
824
1ed31408
LP		 825 *a = (LinkAddress) {
826 .family = family,
827 .in_addr = *in_addr,
828 .link = l,
829 };
74b2466e 830
74b2466e 831 LIST_PREPEND(addresses, l->addresses, a);
bceaa99d 832 l->n_addresses++;
74b2466e
LP		 833
834 if (ret)
835 *ret = a;
836
837 return 0;
838}
839
840LinkAddress *link_address_free(LinkAddress *a) {
841 if (!a)
842 return NULL;
843
623a4c97 844 if (a->link) {
74b2466e
LP		 845 LIST_REMOVE(addresses, a->link->addresses, a);
846
bceaa99d
LP		 847 assert(a->link->n_addresses > 0);
848 a->link->n_addresses--;
849
623a4c97 850 if (a->llmnr_address_rr) {
623a4c97
LP		 851 if (a->family == AF_INET && a->link->llmnr_ipv4_scope)
852 dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_address_rr);
853 else if (a->family == AF_INET6 && a->link->llmnr_ipv6_scope)
854 dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_address_rr);
623a4c97
LP		 855 }
856
857 if (a->llmnr_ptr_rr) {
858 if (a->family == AF_INET && a->link->llmnr_ipv4_scope)
859 dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_ptr_rr);
860 else if (a->family == AF_INET6 && a->link->llmnr_ipv6_scope)
861 dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_ptr_rr);
623a4c97 862 }
400cb36e
DR		 863
864 if (a->mdns_address_rr) {
865 if (a->family == AF_INET && a->link->mdns_ipv4_scope)
866 dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_address_rr);
867 else if (a->family == AF_INET6 && a->link->mdns_ipv6_scope)
868 dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_address_rr);
869 }
870
871 if (a->mdns_ptr_rr) {
872 if (a->family == AF_INET && a->link->mdns_ipv4_scope)
873 dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_ptr_rr);
874 else if (a->family == AF_INET6 && a->link->mdns_ipv6_scope)
875 dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_ptr_rr);
876 }
623a4c97
LP		 877 }
878
ec2c5e43
LP		 879 dns_resource_record_unref(a->llmnr_address_rr);
880 dns_resource_record_unref(a->llmnr_ptr_rr);
400cb36e
DR		 881 dns_resource_record_unref(a->mdns_address_rr);
882 dns_resource_record_unref(a->mdns_ptr_rr);
ec2c5e43 883
6b430fdb 884 return mfree(a);
74b2466e
LP		 885}
886
ec2c5e43 887void link_address_add_rrs(LinkAddress *a, bool force_remove) {
623a4c97
LP		 888 int r;
889
890 assert(a);
891
ec2c5e43 892 if (a->family == AF_INET) {
623a4c97 893
4e945a6f 894 if (!force_remove &&
011696f7 895 link_address_relevant(a, true) &&
4e945a6f 896 a->link->llmnr_ipv4_scope &&
af49ca27
LP		 897 a->link->llmnr_support == RESOLVE_SUPPORT_YES &&
898 a->link->manager->llmnr_support == RESOLVE_SUPPORT_YES) {
4e945a6f 899
78c6a153
LP		 900 if (!a->link->manager->llmnr_host_ipv4_key) {
901 a->link->manager->llmnr_host_ipv4_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_A, a->link->manager->llmnr_hostname);
902 if (!a->link->manager->llmnr_host_ipv4_key) {
ec2c5e43
LP		 903 r = -ENOMEM;
904 goto fail;
905 }
623a4c97 906 }
623a4c97 907
623a4c97 908 if (!a->llmnr_address_rr) {
78c6a153 909 a->llmnr_address_rr = dns_resource_record_new(a->link->manager->llmnr_host_ipv4_key);
ec2c5e43
LP		 910 if (!a->llmnr_address_rr) {
911 r = -ENOMEM;
912 goto fail;
913 }
914
915 a->llmnr_address_rr->a.in_addr = a->in_addr.in;
916 a->llmnr_address_rr->ttl = LLMNR_DEFAULT_TTL;
623a4c97
LP		 917 }
918
ec2c5e43 919 if (!a->llmnr_ptr_rr) {
78c6a153 920 r = dns_resource_record_new_reverse(&a->llmnr_ptr_rr, a->family, &a->in_addr, a->link->manager->llmnr_hostname);
ec2c5e43
LP		 921 if (r < 0)
922 goto fail;
623a4c97 923
ec2c5e43
LP		 924 a->llmnr_ptr_rr->ttl = LLMNR_DEFAULT_TTL;
925 }
623a4c97 926
ec2c5e43 927 r = dns_zone_put(&a->link->llmnr_ipv4_scope->zone, a->link->llmnr_ipv4_scope, a->llmnr_address_rr, true);
623a4c97 928 if (r < 0)
da927ba9 929 log_warning_errno(r, "Failed to add A record to LLMNR zone: %m");
623a4c97 930
ec2c5e43 931 r = dns_zone_put(&a->link->llmnr_ipv4_scope->zone, a->link->llmnr_ipv4_scope, a->llmnr_ptr_rr, false);
623a4c97 932 if (r < 0)
e372a138 933 log_warning_errno(r, "Failed to add IPv4 PTR record to LLMNR zone: %m");
623a4c97 934 } else {
ec2c5e43
LP		 935 if (a->llmnr_address_rr) {
936 if (a->link->llmnr_ipv4_scope)
937 dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_address_rr);
938 a->llmnr_address_rr = dns_resource_record_unref(a->llmnr_address_rr);
939 }
940
941 if (a->llmnr_ptr_rr) {
942 if (a->link->llmnr_ipv4_scope)
943 dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_ptr_rr);
944 a->llmnr_ptr_rr = dns_resource_record_unref(a->llmnr_ptr_rr);
945 }
623a4c97 946 }
400cb36e
DR		 947
948 if (!force_remove &&
949 link_address_relevant(a, true) &&
950 a->link->mdns_ipv4_scope &&
951 a->link->mdns_support == RESOLVE_SUPPORT_YES &&
952 a->link->manager->mdns_support == RESOLVE_SUPPORT_YES) {
953 if (!a->link->manager->mdns_host_ipv4_key) {
954 a->link->manager->mdns_host_ipv4_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_A, a->link->manager->mdns_hostname);
955 if (!a->link->manager->mdns_host_ipv4_key) {
956 r = -ENOMEM;
957 goto fail;
958 }
959 }
960
961 if (!a->mdns_address_rr) {
962 a->mdns_address_rr = dns_resource_record_new(a->link->manager->mdns_host_ipv4_key);
963 if (!a->mdns_address_rr) {
964 r = -ENOMEM;
965 goto fail;
966 }
967
968 a->mdns_address_rr->a.in_addr = a->in_addr.in;
969 a->mdns_address_rr->ttl = MDNS_DEFAULT_TTL;
970 }
971
972 if (!a->mdns_ptr_rr) {
973 r = dns_resource_record_new_reverse(&a->mdns_ptr_rr, a->family, &a->in_addr, a->link->manager->mdns_hostname);
974 if (r < 0)
975 goto fail;
976
977 a->mdns_ptr_rr->ttl = MDNS_DEFAULT_TTL;
978 }
979
980 r = dns_zone_put(&a->link->mdns_ipv4_scope->zone, a->link->mdns_ipv4_scope, a->mdns_address_rr, true);
981 if (r < 0)
982 log_warning_errno(r, "Failed to add A record to MDNS zone: %m");
983
984 r = dns_zone_put(&a->link->mdns_ipv4_scope->zone, a->link->mdns_ipv4_scope, a->mdns_ptr_rr, false);
985 if (r < 0)
986 log_warning_errno(r, "Failed to add IPv4 PTR record to MDNS zone: %m");
987 } else {
988 if (a->mdns_address_rr) {
989 if (a->link->mdns_ipv4_scope)
990 dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_address_rr);
991 a->mdns_address_rr = dns_resource_record_unref(a->mdns_address_rr);
992 }
993
994 if (a->mdns_ptr_rr) {
995 if (a->link->mdns_ipv4_scope)
996 dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_ptr_rr);
997 a->mdns_ptr_rr = dns_resource_record_unref(a->mdns_ptr_rr);
998 }
999 }
623a4c97
LP		 1000 }
1001
ec2c5e43 1002 if (a->family == AF_INET6) {
623a4c97 1003
4e945a6f 1004 if (!force_remove &&
011696f7 1005 link_address_relevant(a, true) &&
4e945a6f 1006 a->link->llmnr_ipv6_scope &&
af49ca27
LP		 1007 a->link->llmnr_support == RESOLVE_SUPPORT_YES &&
1008 a->link->manager->llmnr_support == RESOLVE_SUPPORT_YES) {
4e945a6f 1009
78c6a153
LP		 1010 if (!a->link->manager->llmnr_host_ipv6_key) {
1011 a->link->manager->llmnr_host_ipv6_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_AAAA, a->link->manager->llmnr_hostname);
1012 if (!a->link->manager->llmnr_host_ipv6_key) {
ec2c5e43
LP		 1013 r = -ENOMEM;
1014 goto fail;
1015 }
623a4c97 1016 }
623a4c97 1017
623a4c97 1018 if (!a->llmnr_address_rr) {
78c6a153 1019 a->llmnr_address_rr = dns_resource_record_new(a->link->manager->llmnr_host_ipv6_key);
ec2c5e43
LP		 1020 if (!a->llmnr_address_rr) {
1021 r = -ENOMEM;
1022 goto fail;
1023 }
1024
1025 a->llmnr_address_rr->aaaa.in6_addr = a->in_addr.in6;
1026 a->llmnr_address_rr->ttl = LLMNR_DEFAULT_TTL;
623a4c97
LP		 1027 }
1028
ec2c5e43 1029 if (!a->llmnr_ptr_rr) {
78c6a153 1030 r = dns_resource_record_new_reverse(&a->llmnr_ptr_rr, a->family, &a->in_addr, a->link->manager->llmnr_hostname);
ec2c5e43
LP		 1031 if (r < 0)
1032 goto fail;
623a4c97 1033
ec2c5e43
LP		 1034 a->llmnr_ptr_rr->ttl = LLMNR_DEFAULT_TTL;
1035 }
623a4c97 1036
ec2c5e43 1037 r = dns_zone_put(&a->link->llmnr_ipv6_scope->zone, a->link->llmnr_ipv6_scope, a->llmnr_address_rr, true);
623a4c97 1038 if (r < 0)
da927ba9 1039 log_warning_errno(r, "Failed to add AAAA record to LLMNR zone: %m");
623a4c97 1040
ec2c5e43 1041 r = dns_zone_put(&a->link->llmnr_ipv6_scope->zone, a->link->llmnr_ipv6_scope, a->llmnr_ptr_rr, false);
623a4c97 1042 if (r < 0)
da927ba9 1043 log_warning_errno(r, "Failed to add IPv6 PTR record to LLMNR zone: %m");
623a4c97 1044 } else {
ec2c5e43
LP		 1045 if (a->llmnr_address_rr) {
1046 if (a->link->llmnr_ipv6_scope)
1047 dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_address_rr);
1048 a->llmnr_address_rr = dns_resource_record_unref(a->llmnr_address_rr);
1049 }
1050
1051 if (a->llmnr_ptr_rr) {
1052 if (a->link->llmnr_ipv6_scope)
1053 dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_ptr_rr);
1054 a->llmnr_ptr_rr = dns_resource_record_unref(a->llmnr_ptr_rr);
1055 }
623a4c97 1056 }
400cb36e
DR		 1057
1058 if (!force_remove &&
1059 link_address_relevant(a, true) &&
1060 a->link->mdns_ipv6_scope &&
1061 a->link->mdns_support == RESOLVE_SUPPORT_YES &&
1062 a->link->manager->mdns_support == RESOLVE_SUPPORT_YES) {
1063
1064 if (!a->link->manager->mdns_host_ipv6_key) {
1065 a->link->manager->mdns_host_ipv6_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_AAAA, a->link->manager->mdns_hostname);
1066 if (!a->link->manager->mdns_host_ipv6_key) {
1067 r = -ENOMEM;
1068 goto fail;
1069 }
1070 }
1071
1072 if (!a->mdns_address_rr) {
1073 a->mdns_address_rr = dns_resource_record_new(a->link->manager->mdns_host_ipv6_key);
1074 if (!a->mdns_address_rr) {
1075 r = -ENOMEM;
1076 goto fail;
1077 }
1078
1079 a->mdns_address_rr->aaaa.in6_addr = a->in_addr.in6;
1080 a->mdns_address_rr->ttl = MDNS_DEFAULT_TTL;
1081 }
1082
1083 if (!a->mdns_ptr_rr) {
1084 r = dns_resource_record_new_reverse(&a->mdns_ptr_rr, a->family, &a->in_addr, a->link->manager->mdns_hostname);
1085 if (r < 0)
1086 goto fail;
1087
1088 a->mdns_ptr_rr->ttl = MDNS_DEFAULT_TTL;
1089 }
1090
1091 r = dns_zone_put(&a->link->mdns_ipv6_scope->zone, a->link->mdns_ipv6_scope, a->mdns_address_rr, true);
1092 if (r < 0)
1093 log_warning_errno(r, "Failed to add AAAA record to MDNS zone: %m");
1094
1095 r = dns_zone_put(&a->link->mdns_ipv6_scope->zone, a->link->mdns_ipv6_scope, a->mdns_ptr_rr, false);
1096 if (r < 0)
1097 log_warning_errno(r, "Failed to add IPv6 PTR record to MDNS zone: %m");
1098 } else {
1099 if (a->mdns_address_rr) {
1100 if (a->link->mdns_ipv6_scope)
1101 dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_address_rr);
1102 a->mdns_address_rr = dns_resource_record_unref(a->mdns_address_rr);
1103 }
1104
1105 if (a->mdns_ptr_rr) {
1106 if (a->link->mdns_ipv6_scope)
1107 dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_ptr_rr);
1108 a->mdns_ptr_rr = dns_resource_record_unref(a->mdns_ptr_rr);
1109 }
1110 }
623a4c97
LP		 1111 }
1112
1113 return;
1114
1115fail:
da927ba9 1116 log_debug_errno(r, "Failed to update address RRs: %m");
623a4c97
LP		 1117}
1118
1c4baffc 1119int link_address_update_rtnl(LinkAddress *a, sd_netlink_message *m) {
74b2466e
LP		 1120 int r;
1121 assert(a);
1122 assert(m);
1123
1124 r = sd_rtnl_message_addr_get_flags(m, &a->flags);
1125 if (r < 0)
1126 return r;
1127
1716f6dc 1128 sd_rtnl_message_addr_get_scope(m, &a->scope);
74b2466e 1129
1716f6dc 1130 link_allocate_scopes(a->link);
ec2c5e43 1131 link_add_rrs(a->link, false);
623a4c97 1132
74b2466e
LP		 1133 return 0;
1134}
1135
011696f7 1136bool link_address_relevant(LinkAddress *a, bool local_multicast) {
74b2466e
LP		 1137 assert(a);
1138
7b85d72f 1139 if (a->flags & (IFA_F_DEPRECATED|IFA_F_TENTATIVE))
74b2466e
LP		 1140 return false;
1141
011696f7 1142 if (a->scope >= (local_multicast ? RT_SCOPE_HOST : RT_SCOPE_LINK))
74b2466e
LP		 1143 return false;
1144
1145 return true;
1146}
943ef07c
LP		 1147
1148static bool link_needs_save(Link *l) {
1149 assert(l);
1150
1151 /* Returns true if any of the settings where set different from the default */
1152
1153 if (l->is_managed)
1154 return false;
1155
1156 if (l->llmnr_support != RESOLVE_SUPPORT_YES ||
1157 l->mdns_support != RESOLVE_SUPPORT_NO ||
dc2bc986
LP		 1158 l->dnssec_mode != _DNSSEC_MODE_INVALID ||
1159 l->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
943ef07c
LP		 1160 return true;
1161
1162 if (l->dns_servers ||
1163 l->search_domains)
1164 return true;
1165
1166 if (!set_isempty(l->dnssec_negative_trust_anchors))
1167 return true;
1168
ca5394d2
LP		 1169 if (l->default_route >= 0)
1170 return true;
1171
943ef07c
LP		 1172 return false;
1173}
1174
1175int link_save_user(Link *l) {
1176 _cleanup_free_ char *temp_path = NULL;
1177 _cleanup_fclose_ FILE *f = NULL;
1178 const char *v;
1179 int r;
1180
1181 assert(l);
1182 assert(l->state_file);
1183
1184 if (!link_needs_save(l)) {
1185 (void) unlink(l->state_file);
1186 return 0;
1187 }
1188
1189 r = mkdir_parents(l->state_file, 0700);
1190 if (r < 0)
1191 goto fail;
1192
1193 r = fopen_temporary(l->state_file, &f, &temp_path);
1194 if (r < 0)
1195 goto fail;
1196
0d536673
LP		 1197 (void) fchmod(fileno(f), 0644);
1198
1199 fputs("# This is private data. Do not parse.\n", f);
943ef07c
LP		 1200
1201 v = resolve_support_to_string(l->llmnr_support);
1202 if (v)
1203 fprintf(f, "LLMNR=%s\n", v);
1204
1205 v = resolve_support_to_string(l->mdns_support);
1206 if (v)
1207 fprintf(f, "MDNS=%s\n", v);
1208
1209 v = dnssec_mode_to_string(l->dnssec_mode);
1210 if (v)
1211 fprintf(f, "DNSSEC=%s\n", v);
1212
ca5394d2
LP		 1213 if (l->default_route >= 0)
1214 fprintf(f, "DEFAULT_ROUTE=%s\n", yes_no(l->default_route));
1215
943ef07c
LP		 1216 if (l->dns_servers) {
1217 DnsServer *server;
1218
0d536673 1219 fputs("SERVERS=", f);
943ef07c
LP		 1220 LIST_FOREACH(servers, server, l->dns_servers) {
1221
1222 if (server != l->dns_servers)
0d536673 1223 fputc(' ', f);
943ef07c 1224
8aa5afd2 1225 v = dns_server_string_full(server);
943ef07c
LP		 1226 if (!v) {
1227 r = -ENOMEM;
1228 goto fail;
1229 }
1230
0d536673 1231 fputs(v, f);
943ef07c 1232 }
0d536673 1233 fputc('\n', f);
943ef07c
LP		 1234 }
1235
1236 if (l->search_domains) {
1237 DnsSearchDomain *domain;
1238
0d536673 1239 fputs("DOMAINS=", f);
943ef07c
LP		 1240 LIST_FOREACH(domains, domain, l->search_domains) {
1241
1242 if (domain != l->search_domains)
0d536673 1243 fputc(' ', f);
943ef07c
LP		 1244
1245 if (domain->route_only)
0d536673 1246 fputc('~', f);
943ef07c 1247
0d536673 1248 fputs(DNS_SEARCH_DOMAIN_NAME(domain), f);
943ef07c 1249 }
0d536673 1250 fputc('\n', f);
943ef07c
LP		 1251 }
1252
1253 if (!set_isempty(l->dnssec_negative_trust_anchors)) {
1254 bool space = false;
943ef07c
LP		 1255 char *nta;
1256
0d536673 1257 fputs("NTAS=", f);
90e74a66 1258 SET_FOREACH(nta, l->dnssec_negative_trust_anchors) {
943ef07c
LP		 1259
1260 if (space)
0d536673 1261 fputc(' ', f);
943ef07c 1262
0d536673 1263 fputs(nta, f);
943ef07c
LP		 1264 space = true;
1265 }
0d536673 1266 fputc('\n', f);
943ef07c
LP		 1267 }
1268
1269 r = fflush_and_check(f);
1270 if (r < 0)
1271 goto fail;
1272
1273 if (rename(temp_path, l->state_file) < 0) {
1274 r = -errno;
1275 goto fail;
1276 }
1277
1278 return 0;
1279
1280fail:
1281 (void) unlink(l->state_file);
1282
1283 if (temp_path)
1284 (void) unlink(temp_path);
1285
1286 return log_error_errno(r, "Failed to save link data %s: %m", l->state_file);
1287}
1288
1289int link_load_user(Link *l) {
1290 _cleanup_free_ char
1291 *llmnr = NULL,
1292 *mdns = NULL,
1293 *dnssec = NULL,
1294 *servers = NULL,
1295 *domains = NULL,
ca5394d2
LP		 1296 *ntas = NULL,
1297 *default_route = NULL;
943ef07c
LP		 1298
1299 ResolveSupport s;
c58bd76a 1300 const char *p;
943ef07c
LP		 1301 int r;
1302
1303 assert(l);
1304 assert(l->state_file);
1305
1306 /* Try to load only a single time */
1307 if (l->loaded)
1308 return 0;
1309 l->loaded = true;
1310
1311 if (l->is_managed)
1312 return 0; /* if the device is managed, then networkd is our configuration source, not the bus API */
1313
aa8fbc74 1314 r = parse_env_file(NULL, l->state_file,
943ef07c
LP		 1315 "LLMNR", &llmnr,
1316 "MDNS", &mdns,
1317 "DNSSEC", &dnssec,
1318 "SERVERS", &servers,
1319 "DOMAINS", &domains,
ca5394d2
LP		 1320 "NTAS", &ntas,
1321 "DEFAULT_ROUTE", &default_route);
943ef07c
LP		 1322 if (r == -ENOENT)
1323 return 0;
1324 if (r < 0)
1325 goto fail;
1326
1327 link_flush_settings(l);
1328
1329 /* If we can't recognize the LLMNR or MDNS setting we don't override the default */
1330 s = resolve_support_from_string(llmnr);
1331 if (s >= 0)
1332 l->llmnr_support = s;
1333
1334 s = resolve_support_from_string(mdns);
1335 if (s >= 0)
1336 l->mdns_support = s;
1337
ca5394d2
LP		 1338 r = parse_boolean(default_route);
1339 if (r >= 0)
1340 l->default_route = r;
1341
943ef07c
LP		 1342 /* If we can't recognize the DNSSEC setting, then set it to invalid, so that the daemon default is used. */
1343 l->dnssec_mode = dnssec_mode_from_string(dnssec);
1344
c58bd76a
ZJS		 1345 for (p = servers;;) {
1346 _cleanup_free_ char *word = NULL;
943ef07c 1347
c58bd76a
ZJS		 1348 r = extract_first_word(&p, &word, NULL, 0);
1349 if (r < 0)
1350 goto fail;
1351 if (r == 0)
1352 break;
943ef07c 1353
c58bd76a
ZJS		 1354 r = link_update_dns_server_one(l, word);
1355 if (r < 0) {
1356 log_debug_errno(r, "Failed to load DNS server '%s', ignoring: %m", word);
1357 continue;
943ef07c
LP		 1358 }
1359 }
1360
c58bd76a
ZJS		 1361 for (p = domains;;) {
1362 _cleanup_free_ char *word = NULL;
1363 const char *n;
1364 bool is_route;
943ef07c 1365
c58bd76a
ZJS		 1366 r = extract_first_word(&p, &word, NULL, 0);
1367 if (r < 0)
1368 goto fail;
1369 if (r == 0)
1370 break;
943ef07c 1371
c58bd76a
ZJS		 1372 is_route = word[0] == '~';
1373 n = is_route ? word + 1 : word;
943ef07c 1374
c58bd76a
ZJS		 1375 r = link_update_search_domain_one(l, n, is_route);
1376 if (r < 0) {
1377 log_debug_errno(r, "Failed to load search domain '%s', ignoring: %m", word);
1378 continue;
943ef07c
LP		 1379 }
1380 }
1381
1382 if (ntas) {
1383 _cleanup_set_free_free_ Set *ns = NULL;
1384
1385 ns = set_new(&dns_name_hash_ops);
1386 if (!ns) {
1387 r = -ENOMEM;
1388 goto fail;
1389 }
1390
1391 r = set_put_strsplit(ns, ntas, NULL, 0);
1392 if (r < 0)
1393 goto fail;
1394
ae2a15bc 1395 l->dnssec_negative_trust_anchors = TAKE_PTR(ns);
943ef07c
LP		 1396 }
1397
1398 return 0;
1399
1400fail:
1401 return log_error_errno(r, "Failed to load link data %s: %m", l->state_file);
1402}
1403
1404void link_remove_user(Link *l) {
1405 assert(l);
1406 assert(l->state_file);
1407
1408 (void) unlink(l->state_file);
1409}
Unnamed repository; edit this file 'description' to name the repository.