]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
74b2466e LP |
2 | |
3 | #include <net/if.h> | |
0d536673 | 4 | #include <stdio_ext.h> |
74b2466e LP |
5 | |
6 | #include "sd-network.h" | |
07630cea | 7 | |
b5efdb8a | 8 | #include "alloc-util.h" |
686d13b9 | 9 | #include "env-file.h" |
943ef07c LP |
10 | #include "fd-util.h" |
11 | #include "fileio.h" | |
ec2c5e43 | 12 | #include "missing.h" |
943ef07c | 13 | #include "mkdir.h" |
6bedfcbb | 14 | #include "parse-util.h" |
74b2466e | 15 | #include "resolved-link.h" |
c6a8f6f6 YW |
16 | #include "resolved-llmnr.h" |
17 | #include "resolved-mdns.h" | |
07630cea LP |
18 | #include "string-util.h" |
19 | #include "strv.h" | |
e4de7287 | 20 | #include "tmpfile-util.h" |
74b2466e LP |
21 | |
22 | int link_new(Manager *m, Link **ret, int ifindex) { | |
23 | _cleanup_(link_freep) Link *l = NULL; | |
24 | int r; | |
25 | ||
26 | assert(m); | |
27 | assert(ifindex > 0); | |
28 | ||
d5099efc | 29 | r = hashmap_ensure_allocated(&m->links, NULL); |
74b2466e LP |
30 | if (r < 0) |
31 | return r; | |
32 | ||
33 | l = new0(Link, 1); | |
34 | if (!l) | |
35 | return -ENOMEM; | |
36 | ||
37 | l->ifindex = ifindex; | |
af49ca27 | 38 | l->llmnr_support = RESOLVE_SUPPORT_YES; |
ad6c0475 LP |
39 | l->mdns_support = RESOLVE_SUPPORT_NO; |
40 | l->dnssec_mode = _DNSSEC_MODE_INVALID; | |
c9299be2 | 41 | l->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID; |
6955a3ba | 42 | l->operstate = IF_OPER_UNKNOWN; |
74b2466e | 43 | |
943ef07c LP |
44 | if (asprintf(&l->state_file, "/run/systemd/resolve/netif/%i", ifindex) < 0) |
45 | return -ENOMEM; | |
46 | ||
74b2466e LP |
47 | r = hashmap_put(m->links, INT_TO_PTR(ifindex), l); |
48 | if (r < 0) | |
49 | return r; | |
50 | ||
51 | l->manager = m; | |
52 | ||
53 | if (ret) | |
54 | *ret = l; | |
55 | l = NULL; | |
56 | ||
57 | return 0; | |
58 | } | |
59 | ||
97e5d693 LP |
60 | void link_flush_settings(Link *l) { |
61 | assert(l); | |
62 | ||
63 | l->llmnr_support = RESOLVE_SUPPORT_YES; | |
64 | l->mdns_support = RESOLVE_SUPPORT_NO; | |
65 | l->dnssec_mode = _DNSSEC_MODE_INVALID; | |
c9299be2 | 66 | l->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID; |
97e5d693 LP |
67 | |
68 | dns_server_unlink_all(l->dns_servers); | |
69 | dns_search_domain_unlink_all(l->search_domains); | |
70 | ||
71 | l->dnssec_negative_trust_anchors = set_free_free(l->dnssec_negative_trust_anchors); | |
72 | } | |
73 | ||
74b2466e | 74 | Link *link_free(Link *l) { |
74b2466e LP |
75 | if (!l) |
76 | return NULL; | |
77 | ||
c3ae4188 DR |
78 | /* Send goodbye messages. */ |
79 | dns_scope_announce(l->mdns_ipv4_scope, true); | |
80 | dns_scope_announce(l->mdns_ipv6_scope, true); | |
81 | ||
97e5d693 | 82 | link_flush_settings(l); |
0eac4623 | 83 | |
74b2466e | 84 | while (l->addresses) |
97e5d693 | 85 | (void) link_address_free(l->addresses); |
74b2466e LP |
86 | |
87 | if (l->manager) | |
88 | hashmap_remove(l->manager->links, INT_TO_PTR(l->ifindex)); | |
89 | ||
90 | dns_scope_free(l->unicast_scope); | |
1716f6dc LP |
91 | dns_scope_free(l->llmnr_ipv4_scope); |
92 | dns_scope_free(l->llmnr_ipv6_scope); | |
b4f1862d DM |
93 | dns_scope_free(l->mdns_ipv4_scope); |
94 | dns_scope_free(l->mdns_ipv6_scope); | |
74b2466e | 95 | |
943ef07c LP |
96 | free(l->state_file); |
97 | ||
6b430fdb | 98 | return mfree(l); |
1716f6dc LP |
99 | } |
100 | ||
97e5d693 | 101 | void link_allocate_scopes(Link *l) { |
59c0fd0e | 102 | bool unicast_relevant; |
1716f6dc LP |
103 | int r; |
104 | ||
105 | assert(l); | |
106 | ||
59c0fd0e LP |
107 | /* If a link that used to be relevant is no longer, or a link that did not use to be relevant now becomes |
108 | * relevant, let's reinit the learnt global DNS server information, since we might talk to different servers | |
109 | * now, even if they have the same addresses as before. */ | |
110 | ||
111 | unicast_relevant = link_relevant(l, AF_UNSPEC, false); | |
112 | if (unicast_relevant != l->unicast_relevant) { | |
113 | l->unicast_relevant = unicast_relevant; | |
114 | ||
115 | dns_server_reset_features_all(l->manager->fallback_dns_servers); | |
116 | dns_server_reset_features_all(l->manager->dns_servers); | |
63b12191 LP |
117 | |
118 | /* Also, flush the global unicast scope, to deal with split horizon setups, where talking through one | |
119 | * interface reveals different DNS zones than through others. */ | |
120 | if (l->manager->unicast_scope) | |
121 | dns_cache_flush(&l->manager->unicast_scope->cache); | |
59c0fd0e LP |
122 | } |
123 | ||
124 | /* And now, allocate all scopes that makes sense now if we didn't have them yet, and drop those which we don't | |
125 | * need anymore */ | |
126 | ||
127 | if (unicast_relevant && l->dns_servers) { | |
1716f6dc | 128 | if (!l->unicast_scope) { |
59c0fd0e LP |
129 | dns_server_reset_features_all(l->dns_servers); |
130 | ||
1716f6dc LP |
131 | r = dns_scope_new(l->manager, &l->unicast_scope, l, DNS_PROTOCOL_DNS, AF_UNSPEC); |
132 | if (r < 0) | |
da927ba9 | 133 | log_warning_errno(r, "Failed to allocate DNS scope: %m"); |
1716f6dc LP |
134 | } |
135 | } else | |
136 | l->unicast_scope = dns_scope_free(l->unicast_scope); | |
137 | ||
dfc1091b | 138 | if (link_relevant(l, AF_INET, true) && |
af49ca27 LP |
139 | l->llmnr_support != RESOLVE_SUPPORT_NO && |
140 | l->manager->llmnr_support != RESOLVE_SUPPORT_NO) { | |
1716f6dc LP |
141 | if (!l->llmnr_ipv4_scope) { |
142 | r = dns_scope_new(l->manager, &l->llmnr_ipv4_scope, l, DNS_PROTOCOL_LLMNR, AF_INET); | |
143 | if (r < 0) | |
da927ba9 | 144 | log_warning_errno(r, "Failed to allocate LLMNR IPv4 scope: %m"); |
1716f6dc LP |
145 | } |
146 | } else | |
147 | l->llmnr_ipv4_scope = dns_scope_free(l->llmnr_ipv4_scope); | |
148 | ||
dfc1091b | 149 | if (link_relevant(l, AF_INET6, true) && |
af49ca27 LP |
150 | l->llmnr_support != RESOLVE_SUPPORT_NO && |
151 | l->manager->llmnr_support != RESOLVE_SUPPORT_NO && | |
db97a66a | 152 | socket_ipv6_is_supported()) { |
1716f6dc LP |
153 | if (!l->llmnr_ipv6_scope) { |
154 | r = dns_scope_new(l->manager, &l->llmnr_ipv6_scope, l, DNS_PROTOCOL_LLMNR, AF_INET6); | |
155 | if (r < 0) | |
da927ba9 | 156 | log_warning_errno(r, "Failed to allocate LLMNR IPv6 scope: %m"); |
1716f6dc LP |
157 | } |
158 | } else | |
159 | l->llmnr_ipv6_scope = dns_scope_free(l->llmnr_ipv6_scope); | |
b4f1862d | 160 | |
dfc1091b | 161 | if (link_relevant(l, AF_INET, true) && |
af49ca27 LP |
162 | l->mdns_support != RESOLVE_SUPPORT_NO && |
163 | l->manager->mdns_support != RESOLVE_SUPPORT_NO) { | |
b4f1862d DM |
164 | if (!l->mdns_ipv4_scope) { |
165 | r = dns_scope_new(l->manager, &l->mdns_ipv4_scope, l, DNS_PROTOCOL_MDNS, AF_INET); | |
166 | if (r < 0) | |
167 | log_warning_errno(r, "Failed to allocate mDNS IPv4 scope: %m"); | |
168 | } | |
169 | } else | |
170 | l->mdns_ipv4_scope = dns_scope_free(l->mdns_ipv4_scope); | |
171 | ||
dfc1091b | 172 | if (link_relevant(l, AF_INET6, true) && |
af49ca27 LP |
173 | l->mdns_support != RESOLVE_SUPPORT_NO && |
174 | l->manager->mdns_support != RESOLVE_SUPPORT_NO) { | |
b4f1862d DM |
175 | if (!l->mdns_ipv6_scope) { |
176 | r = dns_scope_new(l->manager, &l->mdns_ipv6_scope, l, DNS_PROTOCOL_MDNS, AF_INET6); | |
177 | if (r < 0) | |
178 | log_warning_errno(r, "Failed to allocate mDNS IPv6 scope: %m"); | |
179 | } | |
180 | } else | |
181 | l->mdns_ipv6_scope = dns_scope_free(l->mdns_ipv6_scope); | |
1716f6dc | 182 | } |
74b2466e | 183 | |
ec2c5e43 | 184 | void link_add_rrs(Link *l, bool force_remove) { |
623a4c97 | 185 | LinkAddress *a; |
6db6a464 | 186 | int r; |
623a4c97 LP |
187 | |
188 | LIST_FOREACH(addresses, a, l->addresses) | |
ec2c5e43 | 189 | link_address_add_rrs(a, force_remove); |
6db6a464 DR |
190 | |
191 | if (!force_remove && | |
192 | l->mdns_support == RESOLVE_SUPPORT_YES && | |
193 | l->manager->mdns_support == RESOLVE_SUPPORT_YES) { | |
194 | ||
195 | if (l->mdns_ipv4_scope) { | |
196 | r = dns_scope_add_dnssd_services(l->mdns_ipv4_scope); | |
197 | if (r < 0) | |
198 | log_warning_errno(r, "Failed to add IPv4 DNS-SD services: %m"); | |
199 | } | |
200 | ||
201 | if (l->mdns_ipv6_scope) { | |
202 | r = dns_scope_add_dnssd_services(l->mdns_ipv6_scope); | |
203 | if (r < 0) | |
204 | log_warning_errno(r, "Failed to add IPv6 DNS-SD services: %m"); | |
205 | } | |
206 | ||
207 | } else { | |
208 | ||
209 | if (l->mdns_ipv4_scope) { | |
210 | r = dns_scope_remove_dnssd_services(l->mdns_ipv4_scope); | |
211 | if (r < 0) | |
212 | log_warning_errno(r, "Failed to remove IPv4 DNS-SD services: %m"); | |
213 | } | |
214 | ||
215 | if (l->mdns_ipv6_scope) { | |
216 | r = dns_scope_remove_dnssd_services(l->mdns_ipv6_scope); | |
217 | if (r < 0) | |
218 | log_warning_errno(r, "Failed to remove IPv6 DNS-SD services: %m"); | |
219 | } | |
220 | } | |
623a4c97 LP |
221 | } |
222 | ||
943ef07c | 223 | int link_process_rtnl(Link *l, sd_netlink_message *m) { |
1716f6dc | 224 | const char *n = NULL; |
74b2466e LP |
225 | int r; |
226 | ||
227 | assert(l); | |
228 | assert(m); | |
229 | ||
230 | r = sd_rtnl_message_link_get_flags(m, &l->flags); | |
231 | if (r < 0) | |
232 | return r; | |
233 | ||
6955a3ba LP |
234 | (void) sd_netlink_message_read_u32(m, IFLA_MTU, &l->mtu); |
235 | (void) sd_netlink_message_read_u8(m, IFLA_OPERSTATE, &l->operstate); | |
1716f6dc | 236 | |
1c4baffc | 237 | if (sd_netlink_message_read_string(m, IFLA_IFNAME, &n) >= 0) { |
cc7844e7 | 238 | strncpy(l->name, n, sizeof(l->name)-1); |
1716f6dc LP |
239 | char_array_0(l->name); |
240 | } | |
241 | ||
242 | link_allocate_scopes(l); | |
ec2c5e43 | 243 | link_add_rrs(l, false); |
623a4c97 | 244 | |
74b2466e LP |
245 | return 0; |
246 | } | |
247 | ||
55e99f20 LP |
248 | static int link_update_dns_server_one(Link *l, const char *name) { |
249 | union in_addr_union a; | |
250 | DnsServer *s; | |
251 | int family, r; | |
252 | ||
253 | assert(l); | |
254 | assert(name); | |
255 | ||
256 | r = in_addr_from_string_auto(name, &family, &a); | |
257 | if (r < 0) | |
258 | return r; | |
259 | ||
260 | s = dns_server_find(l->dns_servers, family, &a, 0); | |
261 | if (s) { | |
262 | dns_server_move_back_and_unmark(s); | |
263 | return 0; | |
264 | } | |
265 | ||
266 | return dns_server_new(l->manager, NULL, DNS_SERVER_LINK, l, family, &a, 0); | |
267 | } | |
268 | ||
6073b6f2 | 269 | static int link_update_dns_servers(Link *l) { |
6f4dedb2 TG |
270 | _cleanup_strv_free_ char **nameservers = NULL; |
271 | char **nameserver; | |
6f4dedb2 | 272 | int r; |
74b2466e LP |
273 | |
274 | assert(l); | |
275 | ||
d6731e4c | 276 | r = sd_network_link_get_dns(l->ifindex, &nameservers); |
1ade96e9 LP |
277 | if (r == -ENODATA) { |
278 | r = 0; | |
279 | goto clear; | |
280 | } | |
6f4dedb2 | 281 | if (r < 0) |
74b2466e | 282 | goto clear; |
74b2466e | 283 | |
4b95f179 | 284 | dns_server_mark_all(l->dns_servers); |
5cb36f41 | 285 | |
6f4dedb2 | 286 | STRV_FOREACH(nameserver, nameservers) { |
55e99f20 | 287 | r = link_update_dns_server_one(l, *nameserver); |
6f4dedb2 TG |
288 | if (r < 0) |
289 | goto clear; | |
74b2466e LP |
290 | } |
291 | ||
4b95f179 | 292 | dns_server_unlink_marked(l->dns_servers); |
74b2466e LP |
293 | return 0; |
294 | ||
295 | clear: | |
4b95f179 | 296 | dns_server_unlink_all(l->dns_servers); |
74b2466e LP |
297 | return r; |
298 | } | |
299 | ||
19b50b5b LP |
300 | static int link_update_llmnr_support(Link *l) { |
301 | _cleanup_free_ char *b = NULL; | |
302 | int r; | |
303 | ||
304 | assert(l); | |
305 | ||
d6731e4c | 306 | r = sd_network_link_get_llmnr(l->ifindex, &b); |
1ade96e9 LP |
307 | if (r == -ENODATA) { |
308 | r = 0; | |
309 | goto clear; | |
310 | } | |
19b50b5b LP |
311 | if (r < 0) |
312 | goto clear; | |
313 | ||
af49ca27 LP |
314 | l->llmnr_support = resolve_support_from_string(b); |
315 | if (l->llmnr_support < 0) { | |
316 | r = -EINVAL; | |
317 | goto clear; | |
318 | } | |
19b50b5b LP |
319 | |
320 | return 0; | |
321 | ||
322 | clear: | |
af49ca27 | 323 | l->llmnr_support = RESOLVE_SUPPORT_YES; |
19b50b5b LP |
324 | return r; |
325 | } | |
326 | ||
aaa297d4 LP |
327 | static int link_update_mdns_support(Link *l) { |
328 | _cleanup_free_ char *b = NULL; | |
329 | int r; | |
330 | ||
331 | assert(l); | |
332 | ||
333 | r = sd_network_link_get_mdns(l->ifindex, &b); | |
334 | if (r == -ENODATA) { | |
335 | r = 0; | |
336 | goto clear; | |
337 | } | |
338 | if (r < 0) | |
339 | goto clear; | |
340 | ||
341 | l->mdns_support = resolve_support_from_string(b); | |
342 | if (l->mdns_support < 0) { | |
343 | r = -EINVAL; | |
344 | goto clear; | |
345 | } | |
346 | ||
347 | return 0; | |
348 | ||
349 | clear: | |
350 | l->mdns_support = RESOLVE_SUPPORT_NO; | |
351 | return r; | |
352 | } | |
353 | ||
c9299be2 | 354 | void link_set_dns_over_tls_mode(Link *l, DnsOverTlsMode mode) { |
d050561a IT |
355 | |
356 | assert(l); | |
357 | ||
56ddbf10 | 358 | #if ! ENABLE_DNS_OVER_TLS |
c9299be2 | 359 | if (mode != DNS_OVER_TLS_NO) |
56ddbf10 | 360 | log_warning("DNS-over-TLS option for the link cannot be set to opportunistic when systemd-resolved is built without DNS-over-TLS support. Turning off DNS-over-TLS support."); |
d050561a IT |
361 | return; |
362 | #endif | |
363 | ||
c9299be2 | 364 | l->dns_over_tls_mode = mode; |
d050561a IT |
365 | } |
366 | ||
c9299be2 | 367 | static int link_update_dns_over_tls_mode(Link *l) { |
d050561a IT |
368 | _cleanup_free_ char *b = NULL; |
369 | int r; | |
370 | ||
371 | assert(l); | |
372 | ||
c9299be2 | 373 | r = sd_network_link_get_dns_over_tls(l->ifindex, &b); |
d050561a IT |
374 | if (r == -ENODATA) { |
375 | r = 0; | |
376 | goto clear; | |
377 | } | |
378 | if (r < 0) | |
379 | goto clear; | |
380 | ||
c9299be2 IT |
381 | l->dns_over_tls_mode = dns_over_tls_mode_from_string(b); |
382 | if (l->dns_over_tls_mode < 0) { | |
d050561a IT |
383 | r = -EINVAL; |
384 | goto clear; | |
385 | } | |
386 | ||
387 | return 0; | |
388 | ||
389 | clear: | |
c9299be2 | 390 | l->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID; |
d050561a IT |
391 | return r; |
392 | } | |
393 | ||
97e5d693 LP |
394 | void link_set_dnssec_mode(Link *l, DnssecMode mode) { |
395 | ||
396 | assert(l); | |
397 | ||
349cc4a5 | 398 | #if ! HAVE_GCRYPT |
3742095b | 399 | if (IN_SET(mode, DNSSEC_YES, DNSSEC_ALLOW_DOWNGRADE)) |
42303dcb YW |
400 | log_warning("DNSSEC option for the link cannot be enabled or set to allow-downgrade when systemd-resolved is built without gcrypt support. Turning off DNSSEC support."); |
401 | return; | |
402 | #endif | |
403 | ||
97e5d693 LP |
404 | if (l->dnssec_mode == mode) |
405 | return; | |
406 | ||
407 | if ((l->dnssec_mode == _DNSSEC_MODE_INVALID) || | |
408 | (l->dnssec_mode == DNSSEC_NO && mode != DNSSEC_NO) || | |
409 | (l->dnssec_mode == DNSSEC_ALLOW_DOWNGRADE && mode == DNSSEC_YES)) { | |
410 | ||
411 | /* When switching from non-DNSSEC mode to DNSSEC mode, flush the cache. Also when switching from the | |
412 | * allow-downgrade mode to full DNSSEC mode, flush it too. */ | |
413 | if (l->unicast_scope) | |
414 | dns_cache_flush(&l->unicast_scope->cache); | |
415 | } | |
416 | ||
417 | l->dnssec_mode = mode; | |
418 | } | |
419 | ||
ad6c0475 LP |
420 | static int link_update_dnssec_mode(Link *l) { |
421 | _cleanup_free_ char *m = NULL; | |
2e1bab34 | 422 | DnssecMode mode; |
ad6c0475 LP |
423 | int r; |
424 | ||
425 | assert(l); | |
426 | ||
427 | r = sd_network_link_get_dnssec(l->ifindex, &m); | |
428 | if (r == -ENODATA) { | |
429 | r = 0; | |
430 | goto clear; | |
431 | } | |
432 | if (r < 0) | |
433 | goto clear; | |
434 | ||
2e1bab34 LP |
435 | mode = dnssec_mode_from_string(m); |
436 | if (mode < 0) { | |
ad6c0475 LP |
437 | r = -EINVAL; |
438 | goto clear; | |
439 | } | |
440 | ||
97e5d693 | 441 | link_set_dnssec_mode(l, mode); |
2e1bab34 | 442 | |
ad6c0475 LP |
443 | return 0; |
444 | ||
445 | clear: | |
446 | l->dnssec_mode = _DNSSEC_MODE_INVALID; | |
447 | return r; | |
448 | } | |
449 | ||
8a516214 LP |
450 | static int link_update_dnssec_negative_trust_anchors(Link *l) { |
451 | _cleanup_strv_free_ char **ntas = NULL; | |
452 | _cleanup_set_free_free_ Set *ns = NULL; | |
8a516214 LP |
453 | int r; |
454 | ||
455 | assert(l); | |
456 | ||
457 | r = sd_network_link_get_dnssec_negative_trust_anchors(l->ifindex, &ntas); | |
458 | if (r == -ENODATA) { | |
459 | r = 0; | |
460 | goto clear; | |
461 | } | |
462 | if (r < 0) | |
463 | goto clear; | |
464 | ||
465 | ns = set_new(&dns_name_hash_ops); | |
466 | if (!ns) | |
467 | return -ENOMEM; | |
468 | ||
39f259e0 LP |
469 | r = set_put_strdupv(ns, ntas); |
470 | if (r < 0) | |
471 | return r; | |
8a516214 LP |
472 | |
473 | set_free_free(l->dnssec_negative_trust_anchors); | |
ae2a15bc | 474 | l->dnssec_negative_trust_anchors = TAKE_PTR(ns); |
8a516214 LP |
475 | |
476 | return 0; | |
477 | ||
478 | clear: | |
479 | l->dnssec_negative_trust_anchors = set_free_free(l->dnssec_negative_trust_anchors); | |
480 | return r; | |
481 | } | |
482 | ||
ad44b56b LP |
483 | static int link_update_search_domain_one(Link *l, const char *name, bool route_only) { |
484 | DnsSearchDomain *d; | |
485 | int r; | |
486 | ||
39f259e0 LP |
487 | assert(l); |
488 | assert(name); | |
489 | ||
ad44b56b LP |
490 | r = dns_search_domain_find(l->search_domains, name, &d); |
491 | if (r < 0) | |
492 | return r; | |
493 | if (r > 0) | |
494 | dns_search_domain_move_back_and_unmark(d); | |
495 | else { | |
496 | r = dns_search_domain_new(l->manager, &d, DNS_SEARCH_DOMAIN_LINK, l, name); | |
497 | if (r < 0) | |
498 | return r; | |
499 | } | |
500 | ||
501 | d->route_only = route_only; | |
502 | return 0; | |
503 | } | |
504 | ||
a51c1048 | 505 | static int link_update_search_domains(Link *l) { |
ad44b56b | 506 | _cleanup_strv_free_ char **sdomains = NULL, **rdomains = NULL; |
a51c1048 | 507 | char **i; |
ad44b56b | 508 | int r, q; |
bda2c408 | 509 | |
a51c1048 | 510 | assert(l); |
bda2c408 | 511 | |
ad44b56b LP |
512 | r = sd_network_link_get_search_domains(l->ifindex, &sdomains); |
513 | if (r < 0 && r != -ENODATA) | |
514 | goto clear; | |
515 | ||
516 | q = sd_network_link_get_route_domains(l->ifindex, &rdomains); | |
517 | if (q < 0 && q != -ENODATA) { | |
518 | r = q; | |
519 | goto clear; | |
520 | } | |
521 | ||
522 | if (r == -ENODATA && q == -ENODATA) { | |
1ade96e9 LP |
523 | /* networkd knows nothing about this interface, and that's fine. */ |
524 | r = 0; | |
525 | goto clear; | |
526 | } | |
a51c1048 LP |
527 | |
528 | dns_search_domain_mark_all(l->search_domains); | |
529 | ||
ad44b56b LP |
530 | STRV_FOREACH(i, sdomains) { |
531 | r = link_update_search_domain_one(l, *i, false); | |
a51c1048 LP |
532 | if (r < 0) |
533 | goto clear; | |
ad44b56b | 534 | } |
a51c1048 | 535 | |
ad44b56b LP |
536 | STRV_FOREACH(i, rdomains) { |
537 | r = link_update_search_domain_one(l, *i, true); | |
538 | if (r < 0) | |
539 | goto clear; | |
a51c1048 LP |
540 | } |
541 | ||
542 | dns_search_domain_unlink_marked(l->search_domains); | |
bda2c408 | 543 | return 0; |
a51c1048 LP |
544 | |
545 | clear: | |
546 | dns_search_domain_unlink_all(l->search_domains); | |
547 | return r; | |
bda2c408 TG |
548 | } |
549 | ||
b6274a0e | 550 | static int link_is_managed(Link *l) { |
97e5d693 | 551 | _cleanup_free_ char *state = NULL; |
a51c1048 LP |
552 | int r; |
553 | ||
74b2466e LP |
554 | assert(l); |
555 | ||
97e5d693 LP |
556 | r = sd_network_link_get_setup_state(l->ifindex, &state); |
557 | if (r == -ENODATA) | |
b6274a0e | 558 | return 0; |
97e5d693 LP |
559 | if (r < 0) |
560 | return r; | |
561 | ||
b6274a0e | 562 | return !STR_IN_SET(state, "pending", "unmanaged"); |
97e5d693 LP |
563 | } |
564 | ||
565 | static void link_read_settings(Link *l) { | |
566 | int r; | |
567 | ||
568 | assert(l); | |
569 | ||
570 | /* Read settings from networkd, except when networkd is not managing this interface. */ | |
571 | ||
b6274a0e | 572 | r = link_is_managed(l); |
97e5d693 LP |
573 | if (r < 0) { |
574 | log_warning_errno(r, "Failed to determine whether interface %s is managed: %m", l->name); | |
575 | return; | |
576 | } | |
b6274a0e | 577 | if (r == 0) { |
97e5d693 | 578 | |
ccddd104 | 579 | /* If this link used to be managed, but is now unmanaged, flush all our settings — but only once. */ |
97e5d693 LP |
580 | if (l->is_managed) |
581 | link_flush_settings(l); | |
582 | ||
583 | l->is_managed = false; | |
584 | return; | |
585 | } | |
586 | ||
587 | l->is_managed = true; | |
588 | ||
125ae29d LP |
589 | r = link_update_dns_servers(l); |
590 | if (r < 0) | |
591 | log_warning_errno(r, "Failed to read DNS servers for interface %s, ignoring: %m", l->name); | |
592 | ||
593 | r = link_update_llmnr_support(l); | |
594 | if (r < 0) | |
595 | log_warning_errno(r, "Failed to read LLMNR support for interface %s, ignoring: %m", l->name); | |
596 | ||
597 | r = link_update_mdns_support(l); | |
598 | if (r < 0) | |
599 | log_warning_errno(r, "Failed to read mDNS support for interface %s, ignoring: %m", l->name); | |
600 | ||
c9299be2 | 601 | r = link_update_dns_over_tls_mode(l); |
d050561a | 602 | if (r < 0) |
c9299be2 | 603 | log_warning_errno(r, "Failed to read DNS-over-TLS mode for interface %s, ignoring: %m", l->name); |
d050561a | 604 | |
ad6c0475 LP |
605 | r = link_update_dnssec_mode(l); |
606 | if (r < 0) | |
607 | log_warning_errno(r, "Failed to read DNSSEC mode for interface %s, ignoring: %m", l->name); | |
a51c1048 | 608 | |
8a516214 LP |
609 | r = link_update_dnssec_negative_trust_anchors(l); |
610 | if (r < 0) | |
611 | log_warning_errno(r, "Failed to read DNSSEC negative trust anchors for interface %s, ignoring: %m", l->name); | |
612 | ||
a51c1048 LP |
613 | r = link_update_search_domains(l); |
614 | if (r < 0) | |
615 | log_warning_errno(r, "Failed to read search domains for interface %s, ignoring: %m", l->name); | |
97e5d693 LP |
616 | } |
617 | ||
943ef07c | 618 | int link_update(Link *l) { |
c6a8f6f6 YW |
619 | int r; |
620 | ||
97e5d693 | 621 | assert(l); |
a51c1048 | 622 | |
97e5d693 | 623 | link_read_settings(l); |
943ef07c | 624 | link_load_user(l); |
c6a8f6f6 YW |
625 | |
626 | if (l->llmnr_support != RESOLVE_SUPPORT_NO) { | |
627 | r = manager_llmnr_start(l->manager); | |
628 | if (r < 0) | |
629 | return r; | |
630 | } | |
631 | ||
632 | if (l->mdns_support != RESOLVE_SUPPORT_NO) { | |
633 | r = manager_mdns_start(l->manager); | |
634 | if (r < 0) | |
635 | return r; | |
636 | } | |
637 | ||
ad6c0475 | 638 | link_allocate_scopes(l); |
ec2c5e43 | 639 | link_add_rrs(l, false); |
74b2466e LP |
640 | |
641 | return 0; | |
642 | } | |
643 | ||
011696f7 | 644 | bool link_relevant(Link *l, int family, bool local_multicast) { |
1716f6dc | 645 | _cleanup_free_ char *state = NULL; |
74b2466e LP |
646 | LinkAddress *a; |
647 | ||
648 | assert(l); | |
649 | ||
c1edab7a | 650 | /* A link is relevant for local multicast traffic if it isn't a loopback device, has a link |
011696f7 LP |
651 | * beat, can do multicast and has at least one link-local (or better) IP address. |
652 | * | |
653 | * A link is relevant for non-multicast traffic if it isn't a loopback device, has a link beat, and has at | |
13e785f7 | 654 | * least one routable address. */ |
ec2c5e43 | 655 | |
dfc1091b | 656 | if (l->flags & (IFF_LOOPBACK|IFF_DORMANT)) |
ec2c5e43 | 657 | return false; |
74b2466e | 658 | |
dfc1091b | 659 | if ((l->flags & (IFF_UP|IFF_LOWER_UP)) != (IFF_UP|IFF_LOWER_UP)) |
74b2466e LP |
660 | return false; |
661 | ||
011696f7 | 662 | if (local_multicast) { |
dfc1091b LP |
663 | if ((l->flags & IFF_MULTICAST) != IFF_MULTICAST) |
664 | return false; | |
665 | } | |
666 | ||
6955a3ba LP |
667 | /* Check kernel operstate |
668 | * https://www.kernel.org/doc/Documentation/networking/operstates.txt */ | |
669 | if (!IN_SET(l->operstate, IF_OPER_UNKNOWN, IF_OPER_UP)) | |
670 | return false; | |
671 | ||
672 | (void) sd_network_link_get_operational_state(l->ifindex, &state); | |
1716f6dc | 673 | if (state && !STR_IN_SET(state, "unknown", "degraded", "routable")) |
74b2466e LP |
674 | return false; |
675 | ||
676 | LIST_FOREACH(addresses, a, l->addresses) | |
011696f7 | 677 | if ((family == AF_UNSPEC || a->family == family) && link_address_relevant(a, local_multicast)) |
74b2466e LP |
678 | return true; |
679 | ||
680 | return false; | |
681 | } | |
682 | ||
623a4c97 | 683 | LinkAddress *link_find_address(Link *l, int family, const union in_addr_union *in_addr) { |
74b2466e LP |
684 | LinkAddress *a; |
685 | ||
686 | assert(l); | |
687 | ||
1716f6dc LP |
688 | LIST_FOREACH(addresses, a, l->addresses) |
689 | if (a->family == family && in_addr_equal(family, &a->in_addr, in_addr)) | |
74b2466e | 690 | return a; |
74b2466e LP |
691 | |
692 | return NULL; | |
693 | } | |
694 | ||
2c27fbca | 695 | DnsServer* link_set_dns_server(Link *l, DnsServer *s) { |
4e945a6f LP |
696 | assert(l); |
697 | ||
698 | if (l->current_dns_server == s) | |
699 | return s; | |
700 | ||
6cb08a89 | 701 | if (s) |
db8e1324 | 702 | log_debug("Switching to DNS server %s for interface %s.", dns_server_string(s), l->name); |
4e945a6f | 703 | |
0eac4623 LP |
704 | dns_server_unref(l->current_dns_server); |
705 | l->current_dns_server = dns_server_ref(s); | |
2c27fbca LP |
706 | |
707 | if (l->unicast_scope) | |
708 | dns_cache_flush(&l->unicast_scope->cache); | |
709 | ||
4e945a6f LP |
710 | return s; |
711 | } | |
712 | ||
74b2466e LP |
713 | DnsServer *link_get_dns_server(Link *l) { |
714 | assert(l); | |
715 | ||
716 | if (!l->current_dns_server) | |
4e945a6f | 717 | link_set_dns_server(l, l->dns_servers); |
74b2466e LP |
718 | |
719 | return l->current_dns_server; | |
720 | } | |
721 | ||
722 | void link_next_dns_server(Link *l) { | |
723 | assert(l); | |
724 | ||
74b2466e LP |
725 | if (!l->current_dns_server) |
726 | return; | |
727 | ||
0eac4623 LP |
728 | /* Change to the next one, but make sure to follow the linked |
729 | * list only if this server is actually still linked. */ | |
730 | if (l->current_dns_server->linked && l->current_dns_server->servers_next) { | |
4e945a6f | 731 | link_set_dns_server(l, l->current_dns_server->servers_next); |
74b2466e LP |
732 | return; |
733 | } | |
734 | ||
4e945a6f | 735 | link_set_dns_server(l, l->dns_servers); |
74b2466e LP |
736 | } |
737 | ||
c9299be2 | 738 | DnsOverTlsMode link_get_dns_over_tls_mode(Link *l) { |
d050561a IT |
739 | assert(l); |
740 | ||
c9299be2 IT |
741 | if (l->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID) |
742 | return l->dns_over_tls_mode; | |
d050561a | 743 | |
c9299be2 | 744 | return manager_get_dns_over_tls_mode(l->manager); |
d050561a IT |
745 | } |
746 | ||
c69fa7e3 LP |
747 | DnssecMode link_get_dnssec_mode(Link *l) { |
748 | assert(l); | |
749 | ||
750 | if (l->dnssec_mode != _DNSSEC_MODE_INVALID) | |
751 | return l->dnssec_mode; | |
752 | ||
753 | return manager_get_dnssec_mode(l->manager); | |
754 | } | |
755 | ||
756 | bool link_dnssec_supported(Link *l) { | |
757 | DnsServer *server; | |
758 | ||
759 | assert(l); | |
760 | ||
761 | if (link_get_dnssec_mode(l) == DNSSEC_NO) | |
762 | return false; | |
763 | ||
764 | server = link_get_dns_server(l); | |
765 | if (server) | |
766 | return dns_server_dnssec_supported(server); | |
767 | ||
768 | return true; | |
769 | } | |
770 | ||
623a4c97 | 771 | int link_address_new(Link *l, LinkAddress **ret, int family, const union in_addr_union *in_addr) { |
74b2466e LP |
772 | LinkAddress *a; |
773 | ||
774 | assert(l); | |
775 | assert(in_addr); | |
776 | ||
777 | a = new0(LinkAddress, 1); | |
778 | if (!a) | |
779 | return -ENOMEM; | |
780 | ||
781 | a->family = family; | |
782 | a->in_addr = *in_addr; | |
783 | ||
784 | a->link = l; | |
785 | LIST_PREPEND(addresses, l->addresses, a); | |
bceaa99d | 786 | l->n_addresses++; |
74b2466e LP |
787 | |
788 | if (ret) | |
789 | *ret = a; | |
790 | ||
791 | return 0; | |
792 | } | |
793 | ||
794 | LinkAddress *link_address_free(LinkAddress *a) { | |
795 | if (!a) | |
796 | return NULL; | |
797 | ||
623a4c97 | 798 | if (a->link) { |
74b2466e LP |
799 | LIST_REMOVE(addresses, a->link->addresses, a); |
800 | ||
bceaa99d LP |
801 | assert(a->link->n_addresses > 0); |
802 | a->link->n_addresses--; | |
803 | ||
623a4c97 | 804 | if (a->llmnr_address_rr) { |
623a4c97 LP |
805 | if (a->family == AF_INET && a->link->llmnr_ipv4_scope) |
806 | dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_address_rr); | |
807 | else if (a->family == AF_INET6 && a->link->llmnr_ipv6_scope) | |
808 | dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_address_rr); | |
623a4c97 LP |
809 | } |
810 | ||
811 | if (a->llmnr_ptr_rr) { | |
812 | if (a->family == AF_INET && a->link->llmnr_ipv4_scope) | |
813 | dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_ptr_rr); | |
814 | else if (a->family == AF_INET6 && a->link->llmnr_ipv6_scope) | |
815 | dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_ptr_rr); | |
623a4c97 | 816 | } |
400cb36e DR |
817 | |
818 | if (a->mdns_address_rr) { | |
819 | if (a->family == AF_INET && a->link->mdns_ipv4_scope) | |
820 | dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_address_rr); | |
821 | else if (a->family == AF_INET6 && a->link->mdns_ipv6_scope) | |
822 | dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_address_rr); | |
823 | } | |
824 | ||
825 | if (a->mdns_ptr_rr) { | |
826 | if (a->family == AF_INET && a->link->mdns_ipv4_scope) | |
827 | dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_ptr_rr); | |
828 | else if (a->family == AF_INET6 && a->link->mdns_ipv6_scope) | |
829 | dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_ptr_rr); | |
830 | } | |
623a4c97 LP |
831 | } |
832 | ||
ec2c5e43 LP |
833 | dns_resource_record_unref(a->llmnr_address_rr); |
834 | dns_resource_record_unref(a->llmnr_ptr_rr); | |
400cb36e DR |
835 | dns_resource_record_unref(a->mdns_address_rr); |
836 | dns_resource_record_unref(a->mdns_ptr_rr); | |
ec2c5e43 | 837 | |
6b430fdb | 838 | return mfree(a); |
74b2466e LP |
839 | } |
840 | ||
ec2c5e43 | 841 | void link_address_add_rrs(LinkAddress *a, bool force_remove) { |
623a4c97 LP |
842 | int r; |
843 | ||
844 | assert(a); | |
845 | ||
ec2c5e43 | 846 | if (a->family == AF_INET) { |
623a4c97 | 847 | |
4e945a6f | 848 | if (!force_remove && |
011696f7 | 849 | link_address_relevant(a, true) && |
4e945a6f | 850 | a->link->llmnr_ipv4_scope && |
af49ca27 LP |
851 | a->link->llmnr_support == RESOLVE_SUPPORT_YES && |
852 | a->link->manager->llmnr_support == RESOLVE_SUPPORT_YES) { | |
4e945a6f | 853 | |
78c6a153 LP |
854 | if (!a->link->manager->llmnr_host_ipv4_key) { |
855 | a->link->manager->llmnr_host_ipv4_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_A, a->link->manager->llmnr_hostname); | |
856 | if (!a->link->manager->llmnr_host_ipv4_key) { | |
ec2c5e43 LP |
857 | r = -ENOMEM; |
858 | goto fail; | |
859 | } | |
623a4c97 | 860 | } |
623a4c97 | 861 | |
623a4c97 | 862 | if (!a->llmnr_address_rr) { |
78c6a153 | 863 | a->llmnr_address_rr = dns_resource_record_new(a->link->manager->llmnr_host_ipv4_key); |
ec2c5e43 LP |
864 | if (!a->llmnr_address_rr) { |
865 | r = -ENOMEM; | |
866 | goto fail; | |
867 | } | |
868 | ||
869 | a->llmnr_address_rr->a.in_addr = a->in_addr.in; | |
870 | a->llmnr_address_rr->ttl = LLMNR_DEFAULT_TTL; | |
623a4c97 LP |
871 | } |
872 | ||
ec2c5e43 | 873 | if (!a->llmnr_ptr_rr) { |
78c6a153 | 874 | r = dns_resource_record_new_reverse(&a->llmnr_ptr_rr, a->family, &a->in_addr, a->link->manager->llmnr_hostname); |
ec2c5e43 LP |
875 | if (r < 0) |
876 | goto fail; | |
623a4c97 | 877 | |
ec2c5e43 LP |
878 | a->llmnr_ptr_rr->ttl = LLMNR_DEFAULT_TTL; |
879 | } | |
623a4c97 | 880 | |
ec2c5e43 | 881 | r = dns_zone_put(&a->link->llmnr_ipv4_scope->zone, a->link->llmnr_ipv4_scope, a->llmnr_address_rr, true); |
623a4c97 | 882 | if (r < 0) |
da927ba9 | 883 | log_warning_errno(r, "Failed to add A record to LLMNR zone: %m"); |
623a4c97 | 884 | |
ec2c5e43 | 885 | r = dns_zone_put(&a->link->llmnr_ipv4_scope->zone, a->link->llmnr_ipv4_scope, a->llmnr_ptr_rr, false); |
623a4c97 | 886 | if (r < 0) |
e372a138 | 887 | log_warning_errno(r, "Failed to add IPv4 PTR record to LLMNR zone: %m"); |
623a4c97 | 888 | } else { |
ec2c5e43 LP |
889 | if (a->llmnr_address_rr) { |
890 | if (a->link->llmnr_ipv4_scope) | |
891 | dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_address_rr); | |
892 | a->llmnr_address_rr = dns_resource_record_unref(a->llmnr_address_rr); | |
893 | } | |
894 | ||
895 | if (a->llmnr_ptr_rr) { | |
896 | if (a->link->llmnr_ipv4_scope) | |
897 | dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_ptr_rr); | |
898 | a->llmnr_ptr_rr = dns_resource_record_unref(a->llmnr_ptr_rr); | |
899 | } | |
623a4c97 | 900 | } |
400cb36e DR |
901 | |
902 | if (!force_remove && | |
903 | link_address_relevant(a, true) && | |
904 | a->link->mdns_ipv4_scope && | |
905 | a->link->mdns_support == RESOLVE_SUPPORT_YES && | |
906 | a->link->manager->mdns_support == RESOLVE_SUPPORT_YES) { | |
907 | if (!a->link->manager->mdns_host_ipv4_key) { | |
908 | a->link->manager->mdns_host_ipv4_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_A, a->link->manager->mdns_hostname); | |
909 | if (!a->link->manager->mdns_host_ipv4_key) { | |
910 | r = -ENOMEM; | |
911 | goto fail; | |
912 | } | |
913 | } | |
914 | ||
915 | if (!a->mdns_address_rr) { | |
916 | a->mdns_address_rr = dns_resource_record_new(a->link->manager->mdns_host_ipv4_key); | |
917 | if (!a->mdns_address_rr) { | |
918 | r = -ENOMEM; | |
919 | goto fail; | |
920 | } | |
921 | ||
922 | a->mdns_address_rr->a.in_addr = a->in_addr.in; | |
923 | a->mdns_address_rr->ttl = MDNS_DEFAULT_TTL; | |
924 | } | |
925 | ||
926 | if (!a->mdns_ptr_rr) { | |
927 | r = dns_resource_record_new_reverse(&a->mdns_ptr_rr, a->family, &a->in_addr, a->link->manager->mdns_hostname); | |
928 | if (r < 0) | |
929 | goto fail; | |
930 | ||
931 | a->mdns_ptr_rr->ttl = MDNS_DEFAULT_TTL; | |
932 | } | |
933 | ||
934 | r = dns_zone_put(&a->link->mdns_ipv4_scope->zone, a->link->mdns_ipv4_scope, a->mdns_address_rr, true); | |
935 | if (r < 0) | |
936 | log_warning_errno(r, "Failed to add A record to MDNS zone: %m"); | |
937 | ||
938 | r = dns_zone_put(&a->link->mdns_ipv4_scope->zone, a->link->mdns_ipv4_scope, a->mdns_ptr_rr, false); | |
939 | if (r < 0) | |
940 | log_warning_errno(r, "Failed to add IPv4 PTR record to MDNS zone: %m"); | |
941 | } else { | |
942 | if (a->mdns_address_rr) { | |
943 | if (a->link->mdns_ipv4_scope) | |
944 | dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_address_rr); | |
945 | a->mdns_address_rr = dns_resource_record_unref(a->mdns_address_rr); | |
946 | } | |
947 | ||
948 | if (a->mdns_ptr_rr) { | |
949 | if (a->link->mdns_ipv4_scope) | |
950 | dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_ptr_rr); | |
951 | a->mdns_ptr_rr = dns_resource_record_unref(a->mdns_ptr_rr); | |
952 | } | |
953 | } | |
623a4c97 LP |
954 | } |
955 | ||
ec2c5e43 | 956 | if (a->family == AF_INET6) { |
623a4c97 | 957 | |
4e945a6f | 958 | if (!force_remove && |
011696f7 | 959 | link_address_relevant(a, true) && |
4e945a6f | 960 | a->link->llmnr_ipv6_scope && |
af49ca27 LP |
961 | a->link->llmnr_support == RESOLVE_SUPPORT_YES && |
962 | a->link->manager->llmnr_support == RESOLVE_SUPPORT_YES) { | |
4e945a6f | 963 | |
78c6a153 LP |
964 | if (!a->link->manager->llmnr_host_ipv6_key) { |
965 | a->link->manager->llmnr_host_ipv6_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_AAAA, a->link->manager->llmnr_hostname); | |
966 | if (!a->link->manager->llmnr_host_ipv6_key) { | |
ec2c5e43 LP |
967 | r = -ENOMEM; |
968 | goto fail; | |
969 | } | |
623a4c97 | 970 | } |
623a4c97 | 971 | |
623a4c97 | 972 | if (!a->llmnr_address_rr) { |
78c6a153 | 973 | a->llmnr_address_rr = dns_resource_record_new(a->link->manager->llmnr_host_ipv6_key); |
ec2c5e43 LP |
974 | if (!a->llmnr_address_rr) { |
975 | r = -ENOMEM; | |
976 | goto fail; | |
977 | } | |
978 | ||
979 | a->llmnr_address_rr->aaaa.in6_addr = a->in_addr.in6; | |
980 | a->llmnr_address_rr->ttl = LLMNR_DEFAULT_TTL; | |
623a4c97 LP |
981 | } |
982 | ||
ec2c5e43 | 983 | if (!a->llmnr_ptr_rr) { |
78c6a153 | 984 | r = dns_resource_record_new_reverse(&a->llmnr_ptr_rr, a->family, &a->in_addr, a->link->manager->llmnr_hostname); |
ec2c5e43 LP |
985 | if (r < 0) |
986 | goto fail; | |
623a4c97 | 987 | |
ec2c5e43 LP |
988 | a->llmnr_ptr_rr->ttl = LLMNR_DEFAULT_TTL; |
989 | } | |
623a4c97 | 990 | |
ec2c5e43 | 991 | r = dns_zone_put(&a->link->llmnr_ipv6_scope->zone, a->link->llmnr_ipv6_scope, a->llmnr_address_rr, true); |
623a4c97 | 992 | if (r < 0) |
da927ba9 | 993 | log_warning_errno(r, "Failed to add AAAA record to LLMNR zone: %m"); |
623a4c97 | 994 | |
ec2c5e43 | 995 | r = dns_zone_put(&a->link->llmnr_ipv6_scope->zone, a->link->llmnr_ipv6_scope, a->llmnr_ptr_rr, false); |
623a4c97 | 996 | if (r < 0) |
da927ba9 | 997 | log_warning_errno(r, "Failed to add IPv6 PTR record to LLMNR zone: %m"); |
623a4c97 | 998 | } else { |
ec2c5e43 LP |
999 | if (a->llmnr_address_rr) { |
1000 | if (a->link->llmnr_ipv6_scope) | |
1001 | dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_address_rr); | |
1002 | a->llmnr_address_rr = dns_resource_record_unref(a->llmnr_address_rr); | |
1003 | } | |
1004 | ||
1005 | if (a->llmnr_ptr_rr) { | |
1006 | if (a->link->llmnr_ipv6_scope) | |
1007 | dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_ptr_rr); | |
1008 | a->llmnr_ptr_rr = dns_resource_record_unref(a->llmnr_ptr_rr); | |
1009 | } | |
623a4c97 | 1010 | } |
400cb36e DR |
1011 | |
1012 | if (!force_remove && | |
1013 | link_address_relevant(a, true) && | |
1014 | a->link->mdns_ipv6_scope && | |
1015 | a->link->mdns_support == RESOLVE_SUPPORT_YES && | |
1016 | a->link->manager->mdns_support == RESOLVE_SUPPORT_YES) { | |
1017 | ||
1018 | if (!a->link->manager->mdns_host_ipv6_key) { | |
1019 | a->link->manager->mdns_host_ipv6_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_AAAA, a->link->manager->mdns_hostname); | |
1020 | if (!a->link->manager->mdns_host_ipv6_key) { | |
1021 | r = -ENOMEM; | |
1022 | goto fail; | |
1023 | } | |
1024 | } | |
1025 | ||
1026 | if (!a->mdns_address_rr) { | |
1027 | a->mdns_address_rr = dns_resource_record_new(a->link->manager->mdns_host_ipv6_key); | |
1028 | if (!a->mdns_address_rr) { | |
1029 | r = -ENOMEM; | |
1030 | goto fail; | |
1031 | } | |
1032 | ||
1033 | a->mdns_address_rr->aaaa.in6_addr = a->in_addr.in6; | |
1034 | a->mdns_address_rr->ttl = MDNS_DEFAULT_TTL; | |
1035 | } | |
1036 | ||
1037 | if (!a->mdns_ptr_rr) { | |
1038 | r = dns_resource_record_new_reverse(&a->mdns_ptr_rr, a->family, &a->in_addr, a->link->manager->mdns_hostname); | |
1039 | if (r < 0) | |
1040 | goto fail; | |
1041 | ||
1042 | a->mdns_ptr_rr->ttl = MDNS_DEFAULT_TTL; | |
1043 | } | |
1044 | ||
1045 | r = dns_zone_put(&a->link->mdns_ipv6_scope->zone, a->link->mdns_ipv6_scope, a->mdns_address_rr, true); | |
1046 | if (r < 0) | |
1047 | log_warning_errno(r, "Failed to add AAAA record to MDNS zone: %m"); | |
1048 | ||
1049 | r = dns_zone_put(&a->link->mdns_ipv6_scope->zone, a->link->mdns_ipv6_scope, a->mdns_ptr_rr, false); | |
1050 | if (r < 0) | |
1051 | log_warning_errno(r, "Failed to add IPv6 PTR record to MDNS zone: %m"); | |
1052 | } else { | |
1053 | if (a->mdns_address_rr) { | |
1054 | if (a->link->mdns_ipv6_scope) | |
1055 | dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_address_rr); | |
1056 | a->mdns_address_rr = dns_resource_record_unref(a->mdns_address_rr); | |
1057 | } | |
1058 | ||
1059 | if (a->mdns_ptr_rr) { | |
1060 | if (a->link->mdns_ipv6_scope) | |
1061 | dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_ptr_rr); | |
1062 | a->mdns_ptr_rr = dns_resource_record_unref(a->mdns_ptr_rr); | |
1063 | } | |
1064 | } | |
623a4c97 LP |
1065 | } |
1066 | ||
1067 | return; | |
1068 | ||
1069 | fail: | |
da927ba9 | 1070 | log_debug_errno(r, "Failed to update address RRs: %m"); |
623a4c97 LP |
1071 | } |
1072 | ||
1c4baffc | 1073 | int link_address_update_rtnl(LinkAddress *a, sd_netlink_message *m) { |
74b2466e LP |
1074 | int r; |
1075 | assert(a); | |
1076 | assert(m); | |
1077 | ||
1078 | r = sd_rtnl_message_addr_get_flags(m, &a->flags); | |
1079 | if (r < 0) | |
1080 | return r; | |
1081 | ||
1716f6dc | 1082 | sd_rtnl_message_addr_get_scope(m, &a->scope); |
74b2466e | 1083 | |
1716f6dc | 1084 | link_allocate_scopes(a->link); |
ec2c5e43 | 1085 | link_add_rrs(a->link, false); |
623a4c97 | 1086 | |
74b2466e LP |
1087 | return 0; |
1088 | } | |
1089 | ||
011696f7 | 1090 | bool link_address_relevant(LinkAddress *a, bool local_multicast) { |
74b2466e LP |
1091 | assert(a); |
1092 | ||
7b85d72f | 1093 | if (a->flags & (IFA_F_DEPRECATED|IFA_F_TENTATIVE)) |
74b2466e LP |
1094 | return false; |
1095 | ||
011696f7 | 1096 | if (a->scope >= (local_multicast ? RT_SCOPE_HOST : RT_SCOPE_LINK)) |
74b2466e LP |
1097 | return false; |
1098 | ||
1099 | return true; | |
1100 | } | |
943ef07c LP |
1101 | |
1102 | static bool link_needs_save(Link *l) { | |
1103 | assert(l); | |
1104 | ||
1105 | /* Returns true if any of the settings where set different from the default */ | |
1106 | ||
1107 | if (l->is_managed) | |
1108 | return false; | |
1109 | ||
1110 | if (l->llmnr_support != RESOLVE_SUPPORT_YES || | |
1111 | l->mdns_support != RESOLVE_SUPPORT_NO || | |
1112 | l->dnssec_mode != _DNSSEC_MODE_INVALID) | |
1113 | return true; | |
1114 | ||
1115 | if (l->dns_servers || | |
1116 | l->search_domains) | |
1117 | return true; | |
1118 | ||
1119 | if (!set_isempty(l->dnssec_negative_trust_anchors)) | |
1120 | return true; | |
1121 | ||
1122 | return false; | |
1123 | } | |
1124 | ||
1125 | int link_save_user(Link *l) { | |
1126 | _cleanup_free_ char *temp_path = NULL; | |
1127 | _cleanup_fclose_ FILE *f = NULL; | |
1128 | const char *v; | |
1129 | int r; | |
1130 | ||
1131 | assert(l); | |
1132 | assert(l->state_file); | |
1133 | ||
1134 | if (!link_needs_save(l)) { | |
1135 | (void) unlink(l->state_file); | |
1136 | return 0; | |
1137 | } | |
1138 | ||
1139 | r = mkdir_parents(l->state_file, 0700); | |
1140 | if (r < 0) | |
1141 | goto fail; | |
1142 | ||
1143 | r = fopen_temporary(l->state_file, &f, &temp_path); | |
1144 | if (r < 0) | |
1145 | goto fail; | |
1146 | ||
0d536673 LP |
1147 | (void) __fsetlocking(f, FSETLOCKING_BYCALLER); |
1148 | (void) fchmod(fileno(f), 0644); | |
1149 | ||
1150 | fputs("# This is private data. Do not parse.\n", f); | |
943ef07c LP |
1151 | |
1152 | v = resolve_support_to_string(l->llmnr_support); | |
1153 | if (v) | |
1154 | fprintf(f, "LLMNR=%s\n", v); | |
1155 | ||
1156 | v = resolve_support_to_string(l->mdns_support); | |
1157 | if (v) | |
1158 | fprintf(f, "MDNS=%s\n", v); | |
1159 | ||
1160 | v = dnssec_mode_to_string(l->dnssec_mode); | |
1161 | if (v) | |
1162 | fprintf(f, "DNSSEC=%s\n", v); | |
1163 | ||
1164 | if (l->dns_servers) { | |
1165 | DnsServer *server; | |
1166 | ||
0d536673 | 1167 | fputs("SERVERS=", f); |
943ef07c LP |
1168 | LIST_FOREACH(servers, server, l->dns_servers) { |
1169 | ||
1170 | if (server != l->dns_servers) | |
0d536673 | 1171 | fputc(' ', f); |
943ef07c LP |
1172 | |
1173 | v = dns_server_string(server); | |
1174 | if (!v) { | |
1175 | r = -ENOMEM; | |
1176 | goto fail; | |
1177 | } | |
1178 | ||
0d536673 | 1179 | fputs(v, f); |
943ef07c | 1180 | } |
0d536673 | 1181 | fputc('\n', f); |
943ef07c LP |
1182 | } |
1183 | ||
1184 | if (l->search_domains) { | |
1185 | DnsSearchDomain *domain; | |
1186 | ||
0d536673 | 1187 | fputs("DOMAINS=", f); |
943ef07c LP |
1188 | LIST_FOREACH(domains, domain, l->search_domains) { |
1189 | ||
1190 | if (domain != l->search_domains) | |
0d536673 | 1191 | fputc(' ', f); |
943ef07c LP |
1192 | |
1193 | if (domain->route_only) | |
0d536673 | 1194 | fputc('~', f); |
943ef07c | 1195 | |
0d536673 | 1196 | fputs(DNS_SEARCH_DOMAIN_NAME(domain), f); |
943ef07c | 1197 | } |
0d536673 | 1198 | fputc('\n', f); |
943ef07c LP |
1199 | } |
1200 | ||
1201 | if (!set_isempty(l->dnssec_negative_trust_anchors)) { | |
1202 | bool space = false; | |
1203 | Iterator i; | |
1204 | char *nta; | |
1205 | ||
0d536673 | 1206 | fputs("NTAS=", f); |
943ef07c LP |
1207 | SET_FOREACH(nta, l->dnssec_negative_trust_anchors, i) { |
1208 | ||
1209 | if (space) | |
0d536673 | 1210 | fputc(' ', f); |
943ef07c | 1211 | |
0d536673 | 1212 | fputs(nta, f); |
943ef07c LP |
1213 | space = true; |
1214 | } | |
0d536673 | 1215 | fputc('\n', f); |
943ef07c LP |
1216 | } |
1217 | ||
1218 | r = fflush_and_check(f); | |
1219 | if (r < 0) | |
1220 | goto fail; | |
1221 | ||
1222 | if (rename(temp_path, l->state_file) < 0) { | |
1223 | r = -errno; | |
1224 | goto fail; | |
1225 | } | |
1226 | ||
1227 | return 0; | |
1228 | ||
1229 | fail: | |
1230 | (void) unlink(l->state_file); | |
1231 | ||
1232 | if (temp_path) | |
1233 | (void) unlink(temp_path); | |
1234 | ||
1235 | return log_error_errno(r, "Failed to save link data %s: %m", l->state_file); | |
1236 | } | |
1237 | ||
1238 | int link_load_user(Link *l) { | |
1239 | _cleanup_free_ char | |
1240 | *llmnr = NULL, | |
1241 | *mdns = NULL, | |
1242 | *dnssec = NULL, | |
1243 | *servers = NULL, | |
1244 | *domains = NULL, | |
1245 | *ntas = NULL; | |
1246 | ||
1247 | ResolveSupport s; | |
c58bd76a | 1248 | const char *p; |
943ef07c LP |
1249 | int r; |
1250 | ||
1251 | assert(l); | |
1252 | assert(l->state_file); | |
1253 | ||
1254 | /* Try to load only a single time */ | |
1255 | if (l->loaded) | |
1256 | return 0; | |
1257 | l->loaded = true; | |
1258 | ||
1259 | if (l->is_managed) | |
1260 | return 0; /* if the device is managed, then networkd is our configuration source, not the bus API */ | |
1261 | ||
aa8fbc74 | 1262 | r = parse_env_file(NULL, l->state_file, |
943ef07c LP |
1263 | "LLMNR", &llmnr, |
1264 | "MDNS", &mdns, | |
1265 | "DNSSEC", &dnssec, | |
1266 | "SERVERS", &servers, | |
1267 | "DOMAINS", &domains, | |
13df9c39 | 1268 | "NTAS", &ntas); |
943ef07c LP |
1269 | if (r == -ENOENT) |
1270 | return 0; | |
1271 | if (r < 0) | |
1272 | goto fail; | |
1273 | ||
1274 | link_flush_settings(l); | |
1275 | ||
1276 | /* If we can't recognize the LLMNR or MDNS setting we don't override the default */ | |
1277 | s = resolve_support_from_string(llmnr); | |
1278 | if (s >= 0) | |
1279 | l->llmnr_support = s; | |
1280 | ||
1281 | s = resolve_support_from_string(mdns); | |
1282 | if (s >= 0) | |
1283 | l->mdns_support = s; | |
1284 | ||
1285 | /* If we can't recognize the DNSSEC setting, then set it to invalid, so that the daemon default is used. */ | |
1286 | l->dnssec_mode = dnssec_mode_from_string(dnssec); | |
1287 | ||
c58bd76a ZJS |
1288 | for (p = servers;;) { |
1289 | _cleanup_free_ char *word = NULL; | |
943ef07c | 1290 | |
c58bd76a ZJS |
1291 | r = extract_first_word(&p, &word, NULL, 0); |
1292 | if (r < 0) | |
1293 | goto fail; | |
1294 | if (r == 0) | |
1295 | break; | |
943ef07c | 1296 | |
c58bd76a ZJS |
1297 | r = link_update_dns_server_one(l, word); |
1298 | if (r < 0) { | |
1299 | log_debug_errno(r, "Failed to load DNS server '%s', ignoring: %m", word); | |
1300 | continue; | |
943ef07c LP |
1301 | } |
1302 | } | |
1303 | ||
c58bd76a ZJS |
1304 | for (p = domains;;) { |
1305 | _cleanup_free_ char *word = NULL; | |
1306 | const char *n; | |
1307 | bool is_route; | |
943ef07c | 1308 | |
c58bd76a ZJS |
1309 | r = extract_first_word(&p, &word, NULL, 0); |
1310 | if (r < 0) | |
1311 | goto fail; | |
1312 | if (r == 0) | |
1313 | break; | |
943ef07c | 1314 | |
c58bd76a ZJS |
1315 | is_route = word[0] == '~'; |
1316 | n = is_route ? word + 1 : word; | |
943ef07c | 1317 | |
c58bd76a ZJS |
1318 | r = link_update_search_domain_one(l, n, is_route); |
1319 | if (r < 0) { | |
1320 | log_debug_errno(r, "Failed to load search domain '%s', ignoring: %m", word); | |
1321 | continue; | |
943ef07c LP |
1322 | } |
1323 | } | |
1324 | ||
1325 | if (ntas) { | |
1326 | _cleanup_set_free_free_ Set *ns = NULL; | |
1327 | ||
1328 | ns = set_new(&dns_name_hash_ops); | |
1329 | if (!ns) { | |
1330 | r = -ENOMEM; | |
1331 | goto fail; | |
1332 | } | |
1333 | ||
1334 | r = set_put_strsplit(ns, ntas, NULL, 0); | |
1335 | if (r < 0) | |
1336 | goto fail; | |
1337 | ||
ae2a15bc | 1338 | l->dnssec_negative_trust_anchors = TAKE_PTR(ns); |
943ef07c LP |
1339 | } |
1340 | ||
1341 | return 0; | |
1342 | ||
1343 | fail: | |
1344 | return log_error_errno(r, "Failed to load link data %s: %m", l->state_file); | |
1345 | } | |
1346 | ||
1347 | void link_remove_user(Link *l) { | |
1348 | assert(l); | |
1349 | assert(l->state_file); | |
1350 | ||
1351 | (void) unlink(l->state_file); | |
1352 | } |