]> git.ipfire.org Git - thirdparty/systemd.git/blame_incremental - src/resolve/resolved-manager.c
projects / thirdparty / systemd.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
man/systemd-sysext: list ephemeral/ephemeral-import in the list of options
[thirdparty/systemd.git] / src / resolve / resolved-manager.c
... / ...
CommitLineData
1/* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3#include <fcntl.h>
4#include <linux/ipv6.h>
5#include <netinet/in.h>
6#include <poll.h>
7#include <unistd.h>
8
9#include "sd-bus.h"
10#include "sd-netlink.h"
11#include "sd-network.h"
12
13#include "af-list.h"
14#include "alloc-util.h"
15#include "daemon-util.h"
16#include "dirent-util.h"
17#include "dns-domain.h"
18#include "errno-util.h"
19#include "event-util.h"
20#include "fd-util.h"
21#include "hostname-setup.h"
22#include "hostname-util.h"
23#include "io-util.h"
24#include "iovec-util.h"
25#include "json-util.h"
26#include "memstream-util.h"
27#include "missing_network.h"
28#include "missing_socket.h"
29#include "ordered-set.h"
30#include "parse-util.h"
31#include "random-util.h"
32#include "resolved-bus.h"
33#include "resolved-conf.h"
34#include "resolved-dns-answer.h"
35#include "resolved-dns-delegate.h"
36#include "resolved-dns-packet.h"
37#include "resolved-dns-query.h"
38#include "resolved-dns-question.h"
39#include "resolved-dns-rr.h"
40#include "resolved-dns-scope.h"
41#include "resolved-dns-search-domain.h"
42#include "resolved-dns-server.h"
43#include "resolved-dns-stub.h"
44#include "resolved-dns-transaction.h"
45#include "resolved-dnssd.h"
46#include "resolved-etc-hosts.h"
47#include "resolved-link.h"
48#include "resolved-llmnr.h"
49#include "resolved-manager.h"
50#include "resolved-mdns.h"
51#include "resolved-resolv-conf.h"
52#include "resolved-socket-graveyard.h"
53#include "resolved-util.h"
54#include "resolved-varlink.h"
55#include "set.h"
56#include "socket-util.h"
57#include "string-util.h"
58#include "time-util.h"
59#include "varlink-util.h"
60
61#define SEND_TIMEOUT_USEC (200 * USEC_PER_MSEC)
62
63static int manager_process_link(sd_netlink *rtnl, sd_netlink_message *mm, void *userdata) {
64 Manager *m = ASSERT_PTR(userdata);
65 uint16_t type;
66 Link *l;
67 int ifindex, r;
68
69 assert(rtnl);
70 assert(mm);
71
72 r = sd_netlink_message_get_type(mm, &type);
73 if (r < 0)
74 goto fail;
75
76 r = sd_rtnl_message_link_get_ifindex(mm, &ifindex);
77 if (r < 0)
78 goto fail;
79
80 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
81
82 switch (type) {
83
84 case RTM_NEWLINK:{
85 bool is_new = !l;
86
87 if (!l) {
88 r = link_new(m, &l, ifindex);
89 if (r < 0)
90 goto fail;
91 }
92
93 r = link_process_rtnl(l, mm);
94 if (r < 0)
95 goto fail;
96
97 r = link_update(l);
98 if (r < 0)
99 goto fail;
100
101 if (is_new)
102 log_debug("Found new link %i/%s", ifindex, l->ifname);
103
104 break;
105 }
106
107 case RTM_DELLINK:
108 if (l) {
109 log_debug("Removing link %i/%s", l->ifindex, l->ifname);
110 link_remove_user(l);
111 link_free(l);
112
113 /* Make sure DNS servers are dropped from written resolv.conf if their link goes away */
114 manager_write_resolv_conf(m);
115 }
116
117 break;
118 }
119
120 /* Now check all the links, and if mDNS/llmr are disabled everywhere, stop them globally too. */
121 manager_llmnr_maybe_stop(m);
122 manager_mdns_maybe_stop(m);
123
124 /* The accessible flag on link DNS servers will have been reset by
125 * link_update(). Just reset the global DNS servers. */
126 (void) manager_send_dns_configuration_changed(m, NULL, /* reset= */ true);
127
128 return 0;
129
130fail:
131 log_warning_errno(r, "Failed to process RTNL link message: %m");
132 return 0;
133}
134
135static int manager_process_address(sd_netlink *rtnl, sd_netlink_message *mm, void *userdata) {
136 Manager *m = ASSERT_PTR(userdata);
137 union in_addr_union address, broadcast = {};
138 uint16_t type;
139 int r, ifindex, family;
140 LinkAddress *a;
141 Link *l;
142
143 assert(rtnl);
144 assert(mm);
145
146 r = sd_netlink_message_get_type(mm, &type);
147 if (r < 0)
148 goto fail;
149
150 r = sd_rtnl_message_addr_get_ifindex(mm, &ifindex);
151 if (r < 0)
152 goto fail;
153
154 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
155 if (!l)
156 return 0;
157
158 r = sd_rtnl_message_addr_get_family(mm, &family);
159 if (r < 0)
160 goto fail;
161
162 switch (family) {
163
164 case AF_INET:
165 sd_netlink_message_read_in_addr(mm, IFA_BROADCAST, &broadcast.in);
166 r = sd_netlink_message_read_in_addr(mm, IFA_LOCAL, &address.in);
167 if (r < 0) {
168 r = sd_netlink_message_read_in_addr(mm, IFA_ADDRESS, &address.in);
169 if (r < 0)
170 goto fail;
171 }
172
173 break;
174
175 case AF_INET6:
176 r = sd_netlink_message_read_in6_addr(mm, IFA_LOCAL, &address.in6);
177 if (r < 0) {
178 r = sd_netlink_message_read_in6_addr(mm, IFA_ADDRESS, &address.in6);
179 if (r < 0)
180 goto fail;
181 }
182
183 break;
184
185 default:
186 return 0;
187 }
188
189 a = link_find_address(l, family, &address);
190
191 switch (type) {
192
193 case RTM_NEWADDR:
194
195 if (!a) {
196 r = link_address_new(l, &a, family, &address, &broadcast);
197 if (r < 0)
198 return r;
199 }
200
201 r = link_address_update_rtnl(a, mm);
202 if (r < 0)
203 return r;
204
205 break;
206
207 case RTM_DELADDR:
208 link_address_free(a);
209 break;
210 }
211
212 (void) manager_send_dns_configuration_changed(m, l, /* reset= */ true);
213
214 return 0;
215
216fail:
217 log_warning_errno(r, "Failed to process RTNL address message: %m");
218 return 0;
219}
220
221static int manager_process_route(sd_netlink *rtnl, sd_netlink_message *mm, void *userdata) {
222 Manager *m = ASSERT_PTR(userdata);
223 Link *l = NULL;
224 uint16_t type;
225 uint32_t ifindex = 0;
226 int r;
227
228 assert(rtnl);
229 assert(mm);
230
231 r = sd_netlink_message_get_type(mm, &type);
232 if (r < 0) {
233 log_warning_errno(r, "Failed not get message type, ignoring: %m");
234 return 0;
235 }
236
237 if (!IN_SET(type, RTM_NEWROUTE, RTM_DELROUTE)) {
238 log_warning("Unexpected message type %u when processing route, ignoring.", type);
239 return 0;
240 }
241
242 r = sd_netlink_message_read_u32(mm, RTA_OIF, &ifindex);
243 if (r < 0)
244 log_full_errno(r == -ENODATA ? LOG_DEBUG : LOG_WARNING, r, "Failed to get route ifindex, ignoring: %m");
245 else
246 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
247
248 (void) manager_send_dns_configuration_changed(m, l, /* reset= */ true);
249
250 return 0;
251}
252
253static int manager_rtnl_listen(Manager *m) {
254 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
255 int r;
256
257 assert(m);
258
259 /* First, subscribe to interfaces coming and going */
260 r = sd_netlink_open(&m->rtnl);
261 if (r < 0)
262 return r;
263
264 r = sd_netlink_attach_event(m->rtnl, m->event, SD_EVENT_PRIORITY_IMPORTANT);
265 if (r < 0)
266 return r;
267
268 r = sd_netlink_add_match(m->rtnl, NULL, RTM_NEWLINK, manager_process_link, NULL, m, "resolve-NEWLINK");
269 if (r < 0)
270 return r;
271
272 r = sd_netlink_add_match(m->rtnl, NULL, RTM_DELLINK, manager_process_link, NULL, m, "resolve-DELLINK");
273 if (r < 0)
274 return r;
275
276 r = sd_netlink_add_match(m->rtnl, NULL, RTM_NEWADDR, manager_process_address, NULL, m, "resolve-NEWADDR");
277 if (r < 0)
278 return r;
279
280 r = sd_netlink_add_match(m->rtnl, NULL, RTM_DELADDR, manager_process_address, NULL, m, "resolve-DELADDR");
281 if (r < 0)
282 return r;
283
284 /* Then, enumerate all links */
285 r = sd_rtnl_message_new_link(m->rtnl, &req, RTM_GETLINK, 0);
286 if (r < 0)
287 return r;
288
289 r = sd_netlink_message_set_request_dump(req, true);
290 if (r < 0)
291 return r;
292
293 r = sd_netlink_call(m->rtnl, req, 0, &reply);
294 if (r < 0)
295 return r;
296
297 for (sd_netlink_message *i = reply; i; i = sd_netlink_message_next(i)) {
298 r = manager_process_link(m->rtnl, i, m);
299 if (r < 0)
300 return r;
301 }
302
303 req = sd_netlink_message_unref(req);
304 reply = sd_netlink_message_unref(reply);
305
306 /* Finally, enumerate all addresses, too */
307 r = sd_rtnl_message_new_addr(m->rtnl, &req, RTM_GETADDR, 0, AF_UNSPEC);
308 if (r < 0)
309 return r;
310
311 r = sd_netlink_message_set_request_dump(req, true);
312 if (r < 0)
313 return r;
314
315 r = sd_netlink_call(m->rtnl, req, 0, &reply);
316 if (r < 0)
317 return r;
318
319 for (sd_netlink_message *i = reply; i; i = sd_netlink_message_next(i)) {
320 r = manager_process_address(m->rtnl, i, m);
321 if (r < 0)
322 return r;
323 }
324
325 return r;
326}
327
328static int on_network_event(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
329 Manager *m = ASSERT_PTR(userdata);
330 Link *l;
331 int r;
332
333 sd_network_monitor_flush(m->network_monitor);
334
335 HASHMAP_FOREACH(l, m->links) {
336 r = link_update(l);
337 if (r < 0)
338 log_warning_errno(r, "Failed to update monitor information for %i: %m", l->ifindex);
339 }
340
341 (void) manager_write_resolv_conf(m);
342 (void) manager_send_changed(m, "DNS");
343 (void) manager_send_dns_configuration_changed(m, NULL, /* reset= */ true);
344
345 /* Now check all the links, and if mDNS/llmr are disabled everywhere, stop them globally too. */
346 manager_llmnr_maybe_stop(m);
347 manager_mdns_maybe_stop(m);
348 return 0;
349}
350
351static int manager_network_monitor_listen(Manager *m) {
352 int r, fd, events;
353
354 assert(m);
355
356 r = sd_network_monitor_new(&m->network_monitor, NULL);
357 if (r < 0)
358 return r;
359
360 fd = sd_network_monitor_get_fd(m->network_monitor);
361 if (fd < 0)
362 return fd;
363
364 events = sd_network_monitor_get_events(m->network_monitor);
365 if (events < 0)
366 return events;
367
368 r = sd_event_add_io(m->event, &m->network_event_source, fd, events, &on_network_event, m);
369 if (r < 0)
370 return r;
371
372 r = sd_event_source_set_priority(m->network_event_source, SD_EVENT_PRIORITY_IMPORTANT+5);
373 if (r < 0)
374 return r;
375
376 (void) sd_event_source_set_description(m->network_event_source, "network-monitor");
377
378 return 0;
379}
380
381static int manager_clock_change_listen(Manager *m);
382
383static int on_clock_change(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
384 Manager *m = ASSERT_PTR(userdata);
385
386 /* The clock has changed, let's flush all caches. Why that? That's because DNSSEC validation takes
387 * the system clock into consideration, and if the clock changes the old validations might have been
388 * wrong. Let's redo all validation with the new, correct time.
389 *
390 * (Also, this is triggered after system suspend, which is also a good reason to drop caches, since
391 * we might be connected to a different network now without this being visible in a dropped link
392 * carrier or so.) */
393
394 log_info("Clock change detected. Flushing caches.");
395 manager_flush_caches(m, LOG_DEBUG /* downgrade the functions own log message, since we already logged here at LOG_INFO level */);
396
397 /* The clock change timerfd is unusable after it triggered once, create a new one. */
398 return manager_clock_change_listen(m);
399}
400
401static int manager_clock_change_listen(Manager *m) {
402 int r;
403
404 assert(m);
405
406 m->clock_change_event_source = sd_event_source_disable_unref(m->clock_change_event_source);
407
408 r = event_add_time_change(m->event, &m->clock_change_event_source, on_clock_change, m);
409 if (r < 0)
410 return log_error_errno(r, "Failed to create clock change event source: %m");
411
412 return 0;
413}
414
415static int determine_hostnames(char **full_hostname, char **llmnr_hostname, char **mdns_hostname) {
416 _cleanup_free_ char *h = NULL, *n = NULL;
417 int r;
418
419 assert(full_hostname);
420 assert(llmnr_hostname);
421 assert(mdns_hostname);
422
423 r = resolve_system_hostname(&h, &n);
424 if (r < 0)
425 return r;
426
427 r = dns_name_concat(n, "local", 0, mdns_hostname);
428 if (r < 0)
429 return log_error_errno(r, "Failed to determine mDNS hostname: %m");
430
431 *llmnr_hostname = TAKE_PTR(n);
432 *full_hostname = TAKE_PTR(h);
433
434 return 0;
435}
436
437static char* fallback_hostname(void) {
438
439 /* Determine the fall back hostname. For exposing this system to the outside world, we cannot have it
440 * to be "localhost" even if that's the default hostname. In this case, let's revert to "linux"
441 * instead. */
442
443 _cleanup_free_ char *n = get_default_hostname();
444 if (!n)
445 return NULL;
446
447 if (is_localhost(n))
448 return strdup("linux");
449
450 return TAKE_PTR(n);
451}
452
453static int make_fallback_hostnames(char **full_hostname, char **llmnr_hostname, char **mdns_hostname) {
454 _cleanup_free_ char *h = NULL, *n = NULL, *m = NULL;
455 char label[DNS_LABEL_MAX+1];
456 const char *p;
457 int r;
458
459 assert(full_hostname);
460 assert(llmnr_hostname);
461 assert(mdns_hostname);
462
463 p = h = fallback_hostname();
464 if (!h)
465 return log_oom();
466
467 r = dns_label_unescape(&p, label, sizeof label, 0);
468 if (r < 0)
469 return log_error_errno(r, "Failed to unescape fallback hostname: %m");
470
471 assert(r > 0); /* The fallback hostname must have at least one label */
472
473 r = dns_label_escape_new(label, r, &n);
474 if (r < 0)
475 return log_error_errno(r, "Failed to escape fallback hostname: %m");
476
477 r = dns_name_concat(n, "local", 0, &m);
478 if (r < 0)
479 return log_error_errno(r, "Failed to concatenate mDNS hostname: %m");
480
481 *llmnr_hostname = TAKE_PTR(n);
482 *mdns_hostname = TAKE_PTR(m);
483 *full_hostname = TAKE_PTR(h);
484
485 return 0;
486}
487
488static int on_hostname_change(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
489 _cleanup_free_ char *full_hostname = NULL, *llmnr_hostname = NULL, *mdns_hostname = NULL;
490 Manager *m = ASSERT_PTR(userdata);
491 bool llmnr_hostname_changed;
492 int r;
493
494 r = determine_hostnames(&full_hostname, &llmnr_hostname, &mdns_hostname);
495 if (r < 0) {
496 log_warning_errno(r, "Failed to determine the local hostname and LLMNR/mDNS names, ignoring: %m");
497 return 0; /* ignore invalid hostnames */
498 }
499
500 llmnr_hostname_changed = !streq(llmnr_hostname, m->llmnr_hostname);
501 if (streq(full_hostname, m->full_hostname) &&
502 !llmnr_hostname_changed &&
503 streq(mdns_hostname, m->mdns_hostname))
504 return 0;
505
506 log_info("System hostname changed to '%s'.", full_hostname);
507
508 free_and_replace(m->full_hostname, full_hostname);
509 free_and_replace(m->llmnr_hostname, llmnr_hostname);
510 free_and_replace(m->mdns_hostname, mdns_hostname);
511
512 manager_refresh_rrs(m);
513 (void) manager_send_changed(m, "LLMNRHostname");
514
515 return 0;
516}
517
518static int manager_watch_hostname(Manager *m) {
519 int r;
520
521 assert(m);
522
523 m->hostname_fd = open("/proc/sys/kernel/hostname",
524 O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
525 if (m->hostname_fd < 0) {
526 log_warning_errno(errno, "Failed to watch hostname: %m");
527 return 0;
528 }
529
530 r = sd_event_add_io(m->event, &m->hostname_event_source, m->hostname_fd, 0, on_hostname_change, m);
531 if (r < 0)
532 return log_error_errno(r, "Failed to add hostname event source: %m");
533
534 (void) sd_event_source_set_description(m->hostname_event_source, "hostname");
535
536 r = determine_hostnames(&m->full_hostname, &m->llmnr_hostname, &m->mdns_hostname);
537 if (r < 0) {
538 _cleanup_free_ char *d = NULL;
539
540 d = fallback_hostname();
541 if (!d)
542 return log_oom();
543
544 log_info("Defaulting to hostname '%s'.", d);
545
546 r = make_fallback_hostnames(&m->full_hostname, &m->llmnr_hostname, &m->mdns_hostname);
547 if (r < 0)
548 return r;
549 } else
550 log_info("Using system hostname '%s'.", m->full_hostname);
551
552 return 0;
553}
554
555static int manager_sigusr1(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
556 _cleanup_(memstream_done) MemStream ms = {};
557 Manager *m = ASSERT_PTR(userdata);
558 Link *l;
559 FILE *f;
560
561 assert(s);
562 assert(si);
563
564 f = memstream_init(&ms);
565 if (!f)
566 return log_oom();
567
568 LIST_FOREACH(scopes, scope, m->dns_scopes)
569 dns_scope_dump(scope, f);
570
571 LIST_FOREACH(servers, server, m->dns_servers)
572 dns_server_dump(server, f);
573 LIST_FOREACH(servers, server, m->fallback_dns_servers)
574 dns_server_dump(server, f);
575 HASHMAP_FOREACH(l, m->links)
576 LIST_FOREACH(servers, server, l->dns_servers)
577 dns_server_dump(server, f);
578 DnsDelegate *delegate;
579 HASHMAP_FOREACH(delegate, m->delegates)
580 LIST_FOREACH(servers, server, delegate->dns_servers)
581 dns_server_dump(server, f);
582
583 return memstream_dump(LOG_INFO, &ms);
584}
585
586static int manager_sigusr2(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
587 Manager *m = ASSERT_PTR(userdata);
588
589 assert(s);
590 assert(si);
591
592 manager_flush_caches(m, LOG_INFO);
593
594 return 0;
595}
596
597static int manager_sigrtmin1(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
598 Manager *m = ASSERT_PTR(userdata);
599
600 assert(s);
601 assert(si);
602
603 manager_reset_server_features(m);
604 return 0;
605}
606
607static int manager_memory_pressure(sd_event_source *s, void *userdata) {
608 Manager *m = ASSERT_PTR(userdata);
609
610 log_info("Under memory pressure, flushing caches.");
611
612 manager_flush_caches(m, LOG_INFO);
613 sd_event_trim_memory();
614
615 return 0;
616}
617
618static int manager_memory_pressure_listen(Manager *m) {
619 int r;
620
621 assert(m);
622
623 r = sd_event_add_memory_pressure(m->event, NULL, manager_memory_pressure, m);
624 if (r < 0)
625 log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) || ERRNO_IS_PRIVILEGE(r) || (r == -EHOSTDOWN )? LOG_DEBUG : LOG_NOTICE, r,
626 "Failed to install memory pressure event source, ignoring: %m");
627
628 return 0;
629}
630
631static void manager_set_defaults(Manager *m) {
632 assert(m);
633
634 m->llmnr_support = DEFAULT_LLMNR_MODE;
635 m->mdns_support = DEFAULT_MDNS_MODE;
636 m->dnssec_mode = DEFAULT_DNSSEC_MODE;
637 m->dns_over_tls_mode = DEFAULT_DNS_OVER_TLS_MODE;
638 m->enable_cache = DNS_CACHE_MODE_YES;
639 m->dns_stub_listener_mode = DNS_STUB_LISTENER_YES;
640 m->read_etc_hosts = true;
641 m->resolve_unicast_single_label = false;
642 m->cache_from_localhost = false;
643 m->stale_retention_usec = 0;
644 m->refuse_record_types = set_free(m->refuse_record_types);
645}
646
647static int manager_dispatch_reload_signal(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
648 Manager *m = ASSERT_PTR(userdata);
649 int r;
650
651 (void) notify_reloading();
652
653 dns_server_unlink_on_reload(m->dns_servers);
654 dns_server_unlink_on_reload(m->fallback_dns_servers);
655 m->dns_extra_stub_listeners = ordered_set_free(m->dns_extra_stub_listeners);
656 manager_dns_stub_stop(m);
657 dnssd_service_clear_on_reload(m->dnssd_services);
658 m->unicast_scope = dns_scope_free(m->unicast_scope);
659 m->delegates = hashmap_free(m->delegates);
660 dns_trust_anchor_flush(&m->trust_anchor);
661
662 manager_set_defaults(m);
663
664 r = dns_trust_anchor_load(&m->trust_anchor);
665 if (r < 0)
666 return sd_event_exit(sd_event_source_get_event(s), r);
667
668 r = manager_parse_config_file(m);
669 if (r < 0)
670 log_warning_errno(r, "Failed to parse configuration file on reload, ignoring: %m");
671 else
672 log_info("Config file reloaded.");
673
674 (void) dnssd_load(m);
675 (void) manager_load_delegates(m);
676
677 /* The default scope configuration is influenced by the manager's configuration (modes, etc.), so
678 * recreate it on reload. */
679 r = dns_scope_new(m, &m->unicast_scope, DNS_SCOPE_GLOBAL, /* link= */ NULL, /* delegate= */ NULL, DNS_PROTOCOL_DNS, AF_UNSPEC);
680 if (r < 0)
681 return sd_event_exit(sd_event_source_get_event(s), r);
682
683 /* The configuration has changed, so reload the per-interface configuration too in order to take
684 * into account any changes (e.g.: enable/disable DNSSEC). */
685 r = on_network_event(/* source= */ NULL, -EBADF, /* revents= */ 0, m);
686 if (r < 0)
687 log_warning_errno(r, "Failed to update network information on reload, ignoring: %m");
688
689 /* We have new configuration, which means potentially new servers, so close all connections and drop
690 * all caches, so that we can start fresh. */
691 (void) dns_stream_disconnect_all(m);
692 manager_flush_caches(m, LOG_INFO);
693 manager_verify_all(m);
694
695 r = manager_dns_stub_start(m);
696 if (r < 0)
697 return sd_event_exit(sd_event_source_get_event(s), r);
698
699 (void) sd_notify(/* unset_environment= */ false, NOTIFY_READY_MESSAGE);
700 return 0;
701}
702
703int manager_new(Manager **ret) {
704 _cleanup_(manager_freep) Manager *m = NULL;
705 int r;
706
707 assert(ret);
708
709 m = new(Manager, 1);
710 if (!m)
711 return -ENOMEM;
712
713 *m = (Manager) {
714 .llmnr_ipv4_udp_fd = -EBADF,
715 .llmnr_ipv6_udp_fd = -EBADF,
716 .llmnr_ipv4_tcp_fd = -EBADF,
717 .llmnr_ipv6_tcp_fd = -EBADF,
718 .mdns_ipv4_fd = -EBADF,
719 .mdns_ipv6_fd = -EBADF,
720 .hostname_fd = -EBADF,
721
722 .read_resolv_conf = true,
723 .need_builtin_fallbacks = true,
724 .etc_hosts_last = USEC_INFINITY,
725
726 .sigrtmin18_info.memory_pressure_handler = manager_memory_pressure,
727 .sigrtmin18_info.memory_pressure_userdata = m,
728 };
729
730 manager_set_defaults(m);
731
732 r = dns_trust_anchor_load(&m->trust_anchor);
733 if (r < 0)
734 return r;
735
736 r = manager_parse_config_file(m);
737 if (r < 0)
738 log_warning_errno(r, "Failed to parse configuration file, ignoring: %m");
739
740#if ENABLE_DNS_OVER_TLS
741 r = dnstls_manager_init(m);
742 if (r < 0)
743 return r;
744#endif
745
746 r = sd_event_default(&m->event);
747 if (r < 0)
748 return r;
749
750 r = sd_event_set_signal_exit(m->event, true);
751 if (r < 0)
752 return r;
753
754 (void) sd_event_set_watchdog(m->event, true);
755
756 r = manager_watch_hostname(m);
757 if (r < 0)
758 return r;
759
760 (void) dnssd_load(m);
761 (void) manager_load_delegates(m);
762
763 r = dns_scope_new(m, &m->unicast_scope, DNS_SCOPE_GLOBAL, /* link= */ NULL, /* delegate= */ NULL, DNS_PROTOCOL_DNS, AF_UNSPEC);
764 if (r < 0)
765 return r;
766
767 r = manager_network_monitor_listen(m);
768 if (r < 0)
769 return r;
770
771 r = manager_rtnl_listen(m);
772 if (r < 0)
773 return r;
774
775 r = manager_clock_change_listen(m);
776 if (r < 0)
777 return r;
778
779 r = manager_memory_pressure_listen(m);
780 if (r < 0)
781 return r;
782
783 r = manager_connect_bus(m);
784 if (r < 0)
785 return r;
786
787 r = sd_event_add_signal(m->event, /* ret= */ NULL, SIGHUP | SD_EVENT_SIGNAL_PROCMASK, manager_dispatch_reload_signal, m);
788 if (r < 0)
789 return log_debug_errno(r, "Failed install SIGHUP handler: %m");
790
791 r = sd_event_add_signal(m->event, /* ret= */ NULL, SIGUSR1 | SD_EVENT_SIGNAL_PROCMASK, manager_sigusr1, m);
792 if (r < 0)
793 return log_debug_errno(r, "Failed install SIGUSR1 handler: %m");
794
795 r = sd_event_add_signal(m->event, /* ret= */ NULL, SIGUSR2 | SD_EVENT_SIGNAL_PROCMASK, manager_sigusr2, m);
796 if (r < 0)
797 return log_debug_errno(r, "Failed install SIGUSR2 handler: %m");
798
799 r = sd_event_add_signal(m->event, /* ret= */ NULL, (SIGRTMIN+1) | SD_EVENT_SIGNAL_PROCMASK, manager_sigrtmin1, m);
800 if (r < 0)
801 return log_debug_errno(r, "Failed install SIGRTMIN+1 handler: %m");
802
803 r = sd_event_add_signal(m->event, /* ret= */ NULL, (SIGRTMIN+18) | SD_EVENT_SIGNAL_PROCMASK, sigrtmin18_handler, &m->sigrtmin18_info);
804 if (r < 0)
805 return log_debug_errno(r, "Failed install SIGRTMIN+18 handler: %m");
806
807 manager_cleanup_saved_user(m);
808
809 *ret = TAKE_PTR(m);
810
811 return 0;
812}
813
814int manager_start(Manager *m) {
815 int r;
816
817 assert(m);
818
819 r = manager_dns_stub_start(m);
820 if (r < 0)
821 return r;
822
823 r = manager_varlink_init(m);
824 if (r < 0)
825 return r;
826
827 return 0;
828}
829
830Manager* manager_free(Manager *m) {
831 Link *l;
832
833 if (!m)
834 return NULL;
835
836 dns_server_unlink_all(m->dns_servers);
837 dns_server_unlink_all(m->fallback_dns_servers);
838 dns_search_domain_unlink_all(m->search_domains);
839
840 while ((l = hashmap_first(m->links)))
841 link_free(l);
842
843 m->delegates = hashmap_free(m->delegates);
844
845 while (m->dns_queries)
846 dns_query_free(m->dns_queries);
847
848 m->stub_queries_by_packet = hashmap_free(m->stub_queries_by_packet);
849 m->unicast_scope = dns_scope_free(m->unicast_scope);
850
851 /* At this point only orphaned streams should remain. All others should have been freed already by their
852 * owners */
853 while (m->dns_streams)
854 dns_stream_unref(m->dns_streams);
855
856#if ENABLE_DNS_OVER_TLS
857 dnstls_manager_free(m);
858#endif
859
860 set_free(m->refuse_record_types);
861 hashmap_free(m->links);
862 hashmap_free(m->dns_transactions);
863
864 sd_event_source_unref(m->network_event_source);
865 sd_network_monitor_unref(m->network_monitor);
866
867 sd_netlink_slot_unref(m->netlink_new_route_slot);
868 sd_netlink_slot_unref(m->netlink_del_route_slot);
869 sd_netlink_unref(m->rtnl);
870 sd_event_source_unref(m->rtnl_event_source);
871 sd_event_source_unref(m->clock_change_event_source);
872
873 sd_json_variant_unref(m->dns_configuration_json);
874
875 manager_llmnr_stop(m);
876 manager_mdns_stop(m);
877 manager_dns_stub_stop(m);
878 manager_varlink_done(m);
879
880 manager_socket_graveyard_clear(m);
881
882 ordered_set_free(m->dns_extra_stub_listeners);
883
884 hashmap_free(m->polkit_registry);
885
886 sd_bus_flush_close_unref(m->bus);
887
888 dns_resource_key_unref(m->llmnr_host_ipv4_key);
889 dns_resource_key_unref(m->llmnr_host_ipv6_key);
890 dns_resource_key_unref(m->mdns_host_ipv4_key);
891 dns_resource_key_unref(m->mdns_host_ipv6_key);
892
893 sd_event_source_unref(m->hostname_event_source);
894 safe_close(m->hostname_fd);
895
896 sd_event_unref(m->event);
897
898 free(m->full_hostname);
899 free(m->llmnr_hostname);
900 free(m->mdns_hostname);
901
902 DnssdService *s;
903 while ((s = hashmap_first(m->dnssd_services)))
904 dnssd_service_free(s);
905 hashmap_free(m->dnssd_services);
906
907 dns_trust_anchor_flush(&m->trust_anchor);
908 manager_etc_hosts_flush(m);
909
910 return mfree(m);
911}
912
913int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) {
914 _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
915 CMSG_BUFFER_TYPE(CMSG_SPACE(MAXSIZE(struct in_pktinfo, struct in6_pktinfo))
916 + CMSG_SPACE(int) /* ttl/hoplimit */
917 + EXTRA_CMSG_SPACE /* kernel appears to require extra buffer space */) control;
918 union sockaddr_union sa;
919 struct iovec iov;
920 struct msghdr mh = {
921 .msg_name = &sa.sa,
922 .msg_namelen = sizeof(sa),
923 .msg_iov = &iov,
924 .msg_iovlen = 1,
925 .msg_control = &control,
926 .msg_controllen = sizeof(control),
927 };
928 struct cmsghdr *cmsg;
929 ssize_t ms, l;
930 int r;
931
932 assert(m);
933 assert(fd >= 0);
934 assert(ret);
935
936 ms = next_datagram_size_fd(fd);
937 if (ms < 0)
938 return ms;
939
940 r = dns_packet_new(&p, protocol, ms, DNS_PACKET_SIZE_MAX);
941 if (r < 0)
942 return r;
943
944 iov = IOVEC_MAKE(DNS_PACKET_DATA(p), p->allocated);
945
946 l = recvmsg_safe(fd, &mh, 0);
947 if (ERRNO_IS_NEG_TRANSIENT(l))
948 return 0;
949 if (l <= 0)
950 return l;
951
952 p->size = (size_t) l;
953
954 p->family = sa.sa.sa_family;
955 p->ipproto = IPPROTO_UDP;
956 if (p->family == AF_INET) {
957 p->sender.in = sa.in.sin_addr;
958 p->sender_port = be16toh(sa.in.sin_port);
959 } else if (p->family == AF_INET6) {
960 p->sender.in6 = sa.in6.sin6_addr;
961 p->sender_port = be16toh(sa.in6.sin6_port);
962 p->ifindex = sa.in6.sin6_scope_id;
963 } else
964 return -EAFNOSUPPORT;
965
966 p->timestamp = now(CLOCK_BOOTTIME);
967
968 CMSG_FOREACH(cmsg, &mh) {
969
970 if (cmsg->cmsg_level == IPPROTO_IPV6) {
971 assert(p->family == AF_INET6);
972
973 switch (cmsg->cmsg_type) {
974
975 case IPV6_PKTINFO: {
976 struct in6_pktinfo *i = CMSG_TYPED_DATA(cmsg, struct in6_pktinfo);
977
978 if (p->ifindex <= 0)
979 p->ifindex = i->ipi6_ifindex;
980
981 p->destination.in6 = i->ipi6_addr;
982 break;
983 }
984
985 case IPV6_HOPLIMIT:
986 p->ttl = *CMSG_TYPED_DATA(cmsg, int);
987 break;
988
989 case IPV6_RECVFRAGSIZE:
990 p->fragsize = *CMSG_TYPED_DATA(cmsg, int);
991 break;
992 }
993 } else if (cmsg->cmsg_level == IPPROTO_IP) {
994 assert(p->family == AF_INET);
995
996 switch (cmsg->cmsg_type) {
997
998 case IP_PKTINFO: {
999 struct in_pktinfo *i = CMSG_TYPED_DATA(cmsg, struct in_pktinfo);
1000
1001 if (p->ifindex <= 0)
1002 p->ifindex = i->ipi_ifindex;
1003
1004 p->destination.in = i->ipi_addr;
1005 break;
1006 }
1007
1008 case IP_TTL:
1009 p->ttl = *CMSG_TYPED_DATA(cmsg, int);
1010 break;
1011
1012 case IP_RECVFRAGSIZE:
1013 p->fragsize = *CMSG_TYPED_DATA(cmsg, int);
1014 break;
1015 }
1016 }
1017 }
1018
1019 /* The Linux kernel sets the interface index to the loopback
1020 * device if the packet came from the local host since it
1021 * avoids the routing table in such a case. Let's unset the
1022 * interface index in such a case. */
1023 if (p->ifindex == LOOPBACK_IFINDEX)
1024 p->ifindex = 0;
1025
1026 if (protocol != DNS_PROTOCOL_DNS) {
1027 /* If we don't know the interface index still, we look for the
1028 * first local interface with a matching address. Yuck! */
1029 if (p->ifindex <= 0)
1030 p->ifindex = manager_find_ifindex(m, p->family, &p->destination);
1031 }
1032
1033 log_debug("Received %s UDP packet of size %zu, ifindex=%i, ttl=%u, fragsize=%zu, sender=%s, destination=%s",
1034 dns_protocol_to_string(protocol), p->size, p->ifindex, p->ttl, p->fragsize,
1035 IN_ADDR_TO_STRING(p->family, &p->sender),
1036 IN_ADDR_TO_STRING(p->family, &p->destination));
1037
1038 *ret = TAKE_PTR(p);
1039 return 1;
1040}
1041
1042int sendmsg_loop(int fd, struct msghdr *mh, int flags) {
1043 usec_t end;
1044 int r;
1045
1046 assert(fd >= 0);
1047 assert(mh);
1048
1049 end = usec_add(now(CLOCK_MONOTONIC), SEND_TIMEOUT_USEC);
1050
1051 for (;;) {
1052 if (sendmsg(fd, mh, flags) >= 0)
1053 return 0;
1054 if (errno == EINTR)
1055 continue;
1056 if (errno != EAGAIN)
1057 return -errno;
1058
1059 r = fd_wait_for_event(fd, POLLOUT, LESS_BY(end, now(CLOCK_MONOTONIC)));
1060 if (ERRNO_IS_NEG_TRANSIENT(r))
1061 continue;
1062 if (r < 0)
1063 return r;
1064 if (r == 0)
1065 return -ETIMEDOUT;
1066 }
1067}
1068
1069static int write_loop(int fd, void *message, size_t length) {
1070 usec_t end;
1071 int r;
1072
1073 assert(fd >= 0);
1074 assert(message);
1075
1076 end = usec_add(now(CLOCK_MONOTONIC), SEND_TIMEOUT_USEC);
1077
1078 for (;;) {
1079 if (write(fd, message, length) >= 0)
1080 return 0;
1081 if (errno == EINTR)
1082 continue;
1083 if (errno != EAGAIN)
1084 return -errno;
1085
1086 r = fd_wait_for_event(fd, POLLOUT, LESS_BY(end, now(CLOCK_MONOTONIC)));
1087 if (ERRNO_IS_NEG_TRANSIENT(r))
1088 continue;
1089 if (r < 0)
1090 return r;
1091 if (r == 0)
1092 return -ETIMEDOUT;
1093 }
1094}
1095
1096int manager_write(Manager *m, int fd, DnsPacket *p) {
1097 int r;
1098
1099 log_debug("Sending %s%s packet with id %" PRIu16 " of size %zu.",
1100 DNS_PACKET_TC(p) ? "truncated (!) " : "",
1101 DNS_PACKET_QR(p) ? "response" : "query",
1102 DNS_PACKET_ID(p),
1103 p->size);
1104
1105 r = write_loop(fd, DNS_PACKET_DATA(p), p->size);
1106 if (r < 0)
1107 return r;
1108
1109 return 0;
1110}
1111
1112static int manager_ipv4_send(
1113 Manager *m,
1114 int fd,
1115 int ifindex,
1116 const struct in_addr *destination,
1117 uint16_t port,
1118 const struct in_addr *source,
1119 DnsPacket *p) {
1120
1121 CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct in_pktinfo))) control = {};
1122 union sockaddr_union sa;
1123 struct iovec iov;
1124 struct msghdr mh = {
1125 .msg_iov = &iov,
1126 .msg_iovlen = 1,
1127 .msg_name = &sa.sa,
1128 .msg_namelen = sizeof(sa.in),
1129 };
1130
1131 assert(m);
1132 assert(fd >= 0);
1133 assert(destination);
1134 assert(port > 0);
1135 assert(p);
1136
1137 iov = IOVEC_MAKE(DNS_PACKET_DATA(p), p->size);
1138
1139 sa = (union sockaddr_union) {
1140 .in.sin_family = AF_INET,
1141 .in.sin_addr = *destination,
1142 .in.sin_port = htobe16(port),
1143 };
1144
1145 if (ifindex > 0) {
1146 struct cmsghdr *cmsg;
1147 struct in_pktinfo *pi;
1148
1149 mh.msg_control = &control;
1150 mh.msg_controllen = sizeof(control);
1151
1152 cmsg = CMSG_FIRSTHDR(&mh);
1153 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
1154 cmsg->cmsg_level = IPPROTO_IP;
1155 cmsg->cmsg_type = IP_PKTINFO;
1156
1157 pi = CMSG_TYPED_DATA(cmsg, struct in_pktinfo);
1158 pi->ipi_ifindex = ifindex;
1159
1160 if (source)
1161 pi->ipi_spec_dst = *source;
1162 }
1163
1164 return sendmsg_loop(fd, &mh, 0);
1165}
1166
1167static int manager_ipv6_send(
1168 Manager *m,
1169 int fd,
1170 int ifindex,
1171 const struct in6_addr *destination,
1172 uint16_t port,
1173 const struct in6_addr *source,
1174 DnsPacket *p) {
1175
1176 CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct in6_pktinfo))) control = {};
1177 union sockaddr_union sa;
1178 struct iovec iov;
1179 struct msghdr mh = {
1180 .msg_iov = &iov,
1181 .msg_iovlen = 1,
1182 .msg_name = &sa.sa,
1183 .msg_namelen = sizeof(sa.in6),
1184 };
1185
1186 assert(m);
1187 assert(fd >= 0);
1188 assert(destination);
1189 assert(port > 0);
1190 assert(p);
1191
1192 iov = IOVEC_MAKE(DNS_PACKET_DATA(p), p->size);
1193
1194 sa = (union sockaddr_union) {
1195 .in6.sin6_family = AF_INET6,
1196 .in6.sin6_addr = *destination,
1197 .in6.sin6_port = htobe16(port),
1198 .in6.sin6_scope_id = ifindex,
1199 };
1200
1201 if (ifindex > 0) {
1202 struct cmsghdr *cmsg;
1203 struct in6_pktinfo *pi;
1204
1205 mh.msg_control = &control;
1206 mh.msg_controllen = sizeof(control);
1207
1208 cmsg = CMSG_FIRSTHDR(&mh);
1209 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
1210 cmsg->cmsg_level = IPPROTO_IPV6;
1211 cmsg->cmsg_type = IPV6_PKTINFO;
1212
1213 pi = CMSG_TYPED_DATA(cmsg, struct in6_pktinfo);
1214 pi->ipi6_ifindex = ifindex;
1215
1216 if (source)
1217 pi->ipi6_addr = *source;
1218 }
1219
1220 return sendmsg_loop(fd, &mh, 0);
1221}
1222
1223static int dns_question_to_json(DnsQuestion *q, sd_json_variant **ret) {
1224 _cleanup_(sd_json_variant_unrefp) sd_json_variant *l = NULL;
1225 DnsResourceKey *key;
1226 int r;
1227
1228 assert(ret);
1229
1230 DNS_QUESTION_FOREACH(key, q) {
1231 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
1232
1233 r = dns_resource_key_to_json(key, &v);
1234 if (r < 0)
1235 return r;
1236
1237 r = sd_json_variant_append_array(&l, v);
1238 if (r < 0)
1239 return r;
1240 }
1241
1242 *ret = TAKE_PTR(l);
1243 return 0;
1244}
1245
1246int manager_monitor_send(Manager *m, DnsQuery *q) {
1247 _cleanup_(sd_json_variant_unrefp) sd_json_variant *jquestion = NULL, *jcollected_questions = NULL, *janswer = NULL;
1248 _cleanup_(dns_question_unrefp) DnsQuestion *merged = NULL;
1249 DnsAnswerItem *rri;
1250 int r;
1251
1252 assert(m);
1253
1254 if (set_isempty(m->varlink_query_results_subscription))
1255 return 0;
1256
1257 /* Merge all questions into one */
1258 r = dns_question_merge(q->question_idna, q->question_utf8, &merged);
1259 if (r < 0)
1260 return log_error_errno(r, "Failed to merge UTF8/IDNA questions: %m");
1261
1262 if (q->question_bypass) {
1263 _cleanup_(dns_question_unrefp) DnsQuestion *merged2 = NULL;
1264
1265 r = dns_question_merge(merged, q->question_bypass->question, &merged2);
1266 if (r < 0)
1267 return log_error_errno(r, "Failed to merge UTF8/IDNA questions and DNS packet question: %m");
1268
1269 dns_question_unref(merged);
1270 merged = TAKE_PTR(merged2);
1271 }
1272
1273 /* Convert the current primary question to JSON */
1274 r = dns_question_to_json(merged, &jquestion);
1275 if (r < 0)
1276 return log_error_errno(r, "Failed to convert question to JSON: %m");
1277
1278 /* Generate a JSON array of the questions preceding the current one in the CNAME chain */
1279 r = dns_question_to_json(q->collected_questions, &jcollected_questions);
1280 if (r < 0)
1281 return log_error_errno(r, "Failed to convert question to JSON: %m");
1282
1283 DNS_ANSWER_FOREACH_ITEM(rri, q->answer) {
1284 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
1285
1286 r = dns_resource_record_to_json(rri->rr, &v);
1287 if (r < 0)
1288 return log_error_errno(r, "Failed to convert answer resource record to JSON: %m");
1289
1290 r = dns_resource_record_to_wire_format(rri->rr, /* canonical= */ false); /* don't use DNSSEC canonical format, since it removes casing, but we want that for DNS_SD compat */
1291 if (r < 0)
1292 return log_error_errno(r, "Failed to generate RR wire format: %m");
1293
1294 r = sd_json_variant_append_arraybo(
1295 &janswer,
1296 SD_JSON_BUILD_PAIR_CONDITION(!!v, "rr", SD_JSON_BUILD_VARIANT(v)),
1297 SD_JSON_BUILD_PAIR("raw", SD_JSON_BUILD_BASE64(rri->rr->wire_format, rri->rr->wire_format_size)),
1298 SD_JSON_BUILD_PAIR_CONDITION(rri->ifindex > 0, "ifindex", SD_JSON_BUILD_INTEGER(rri->ifindex)));
1299 if (r < 0)
1300 return log_debug_errno(r, "Failed to append notification entry to array: %m");
1301 }
1302
1303 r = varlink_many_notifybo(
1304 m->varlink_query_results_subscription,
1305 SD_JSON_BUILD_PAIR("state", SD_JSON_BUILD_STRING(dns_transaction_state_to_string(q->state))),
1306 SD_JSON_BUILD_PAIR_CONDITION(q->state == DNS_TRANSACTION_DNSSEC_FAILED,
1307 "result", SD_JSON_BUILD_STRING(dnssec_result_to_string(q->answer_dnssec_result))),
1308 SD_JSON_BUILD_PAIR_CONDITION(q->state == DNS_TRANSACTION_RCODE_FAILURE,
1309 "rcode", SD_JSON_BUILD_INTEGER(q->answer_rcode)),
1310 SD_JSON_BUILD_PAIR_CONDITION(q->state == DNS_TRANSACTION_ERRNO,
1311 "errno", SD_JSON_BUILD_INTEGER(q->answer_errno)),
1312 SD_JSON_BUILD_PAIR_CONDITION(IN_SET(q->state,
1313 DNS_TRANSACTION_DNSSEC_FAILED,
1314 DNS_TRANSACTION_RCODE_FAILURE) &&
1315 q->answer_ede_rcode >= 0,
1316 "extendedDNSErrorCode", SD_JSON_BUILD_INTEGER(q->answer_ede_rcode)),
1317 SD_JSON_BUILD_PAIR_CONDITION(IN_SET(q->state,
1318 DNS_TRANSACTION_DNSSEC_FAILED,
1319 DNS_TRANSACTION_RCODE_FAILURE) &&
1320 q->answer_ede_rcode >= 0 && !isempty(q->answer_ede_msg),
1321 "extendedDNSErrorMessage", SD_JSON_BUILD_STRING(q->answer_ede_msg)),
1322 SD_JSON_BUILD_PAIR("question", SD_JSON_BUILD_VARIANT(jquestion)),
1323 SD_JSON_BUILD_PAIR_CONDITION(!!jcollected_questions,
1324 "collectedQuestions", SD_JSON_BUILD_VARIANT(jcollected_questions)),
1325 SD_JSON_BUILD_PAIR_CONDITION(!!janswer,
1326 "answer", SD_JSON_BUILD_VARIANT(janswer)));
1327 if (r < 0)
1328 log_debug_errno(r, "Failed to send monitor event, ignoring: %m");
1329
1330 return 0;
1331}
1332
1333int manager_send(
1334 Manager *m,
1335 int fd,
1336 int ifindex,
1337 int family,
1338 const union in_addr_union *destination,
1339 uint16_t port,
1340 const union in_addr_union *source,
1341 DnsPacket *p) {
1342
1343 assert(m);
1344 assert(fd >= 0);
1345 assert(destination);
1346 assert(port > 0);
1347 assert(p);
1348
1349 /* For mDNS, it is natural that the packet have truncated flag when we have many known answers. */
1350 bool truncated = DNS_PACKET_TC(p) && (p->protocol != DNS_PROTOCOL_MDNS || !p->more);
1351
1352 log_debug("Sending %s%s packet with id %" PRIu16 " on interface %i/%s of size %zu.",
1353 truncated ? "truncated (!) " : "",
1354 DNS_PACKET_QR(p) ? "response" : "query",
1355 DNS_PACKET_ID(p),
1356 ifindex, af_to_name(family),
1357 p->size);
1358
1359 if (family == AF_INET)
1360 return manager_ipv4_send(m, fd, ifindex, &destination->in, port, source ? &source->in : NULL, p);
1361 if (family == AF_INET6)
1362 return manager_ipv6_send(m, fd, ifindex, &destination->in6, port, source ? &source->in6 : NULL, p);
1363
1364 return -EAFNOSUPPORT;
1365}
1366
1367uint32_t manager_find_mtu(Manager *m) {
1368 uint32_t mtu = 0;
1369 Link *l;
1370
1371 /* If we don't know on which link a DNS packet would be delivered, let's find the largest MTU that
1372 * works on all interfaces we know of that have an IP address associated */
1373
1374 HASHMAP_FOREACH(l, m->links) {
1375 /* Let's filter out links without IP addresses (e.g. AF_CAN links and suchlike) */
1376 if (!l->addresses)
1377 continue;
1378
1379 /* Safety check: MTU shorter than what we need for the absolutely shortest DNS request? Then
1380 * let's ignore this link. */
1381 if (l->mtu < MIN(UDP4_PACKET_HEADER_SIZE + DNS_PACKET_HEADER_SIZE,
1382 UDP6_PACKET_HEADER_SIZE + DNS_PACKET_HEADER_SIZE))
1383 continue;
1384
1385 if (mtu <= 0 || l->mtu < mtu)
1386 mtu = l->mtu;
1387 }
1388
1389 if (mtu == 0) /* found nothing? then let's assume the typical Ethernet MTU for lack of anything more precise */
1390 return 1500;
1391
1392 return mtu;
1393}
1394
1395int manager_find_ifindex(Manager *m, int family, const union in_addr_union *in_addr) {
1396 LinkAddress *a;
1397
1398 assert(m);
1399
1400 if (!IN_SET(family, AF_INET, AF_INET6))
1401 return 0;
1402
1403 if (!in_addr)
1404 return 0;
1405
1406 a = manager_find_link_address(m, family, in_addr);
1407 if (a)
1408 return a->link->ifindex;
1409
1410 return 0;
1411}
1412
1413void manager_refresh_rrs(Manager *m) {
1414 Link *l;
1415 DnssdService *s;
1416
1417 assert(m);
1418
1419 m->llmnr_host_ipv4_key = dns_resource_key_unref(m->llmnr_host_ipv4_key);
1420 m->llmnr_host_ipv6_key = dns_resource_key_unref(m->llmnr_host_ipv6_key);
1421 m->mdns_host_ipv4_key = dns_resource_key_unref(m->mdns_host_ipv4_key);
1422 m->mdns_host_ipv6_key = dns_resource_key_unref(m->mdns_host_ipv6_key);
1423
1424 HASHMAP_FOREACH(l, m->links)
1425 link_add_rrs(l, true);
1426
1427 if (m->mdns_support == RESOLVE_SUPPORT_YES)
1428 HASHMAP_FOREACH(s, m->dnssd_services)
1429 if (dnssd_update_rrs(s) < 0)
1430 log_warning("Failed to refresh DNS-SD service '%s'", s->id);
1431
1432 HASHMAP_FOREACH(l, m->links)
1433 link_add_rrs(l, false);
1434}
1435
1436static int manager_next_random_name(const char *old, char **ret_new) {
1437 const char *p;
1438 uint64_t u, a;
1439 char *n;
1440
1441 p = strchr(old, 0);
1442 assert(p);
1443
1444 while (p > old) {
1445 if (!ascii_isdigit(p[-1]))
1446 break;
1447
1448 p--;
1449 }
1450
1451 if (*p == 0 || safe_atou64(p, &u) < 0 || u <= 0)
1452 u = 1;
1453
1454 /* Add a random number to the old value. This way we can avoid
1455 * that two hosts pick the same hostname, win on IPv4 and lose
1456 * on IPv6 (or vice versa), and pick the same hostname
1457 * replacement hostname, ad infinitum. We still want the
1458 * numbers to go up monotonically, hence we just add a random
1459 * value 1..10 */
1460
1461 random_bytes(&a, sizeof(a));
1462 u += 1 + a % 10;
1463
1464 if (asprintf(&n, "%.*s%" PRIu64, (int) (p - old), old, u) < 0)
1465 return -ENOMEM;
1466
1467 *ret_new = n;
1468
1469 return 0;
1470}
1471
1472int manager_next_hostname(Manager *m) {
1473 _cleanup_free_ char *h = NULL, *k = NULL;
1474 int r;
1475
1476 assert(m);
1477
1478 r = manager_next_random_name(m->llmnr_hostname, &h);
1479 if (r < 0)
1480 return r;
1481
1482 r = dns_name_concat(h, "local", 0, &k);
1483 if (r < 0)
1484 return r;
1485
1486 log_info("Hostname conflict, changing published hostname from '%s' to '%s'.", m->llmnr_hostname, h);
1487
1488 free_and_replace(m->llmnr_hostname, h);
1489 free_and_replace(m->mdns_hostname, k);
1490
1491 manager_refresh_rrs(m);
1492 (void) manager_send_changed(m, "LLMNRHostname");
1493
1494 return 0;
1495}
1496
1497LinkAddress* manager_find_link_address(Manager *m, int family, const union in_addr_union *in_addr) {
1498 Link *l;
1499
1500 assert(m);
1501
1502 if (!IN_SET(family, AF_INET, AF_INET6))
1503 return NULL;
1504
1505 if (!in_addr)
1506 return NULL;
1507
1508 HASHMAP_FOREACH(l, m->links) {
1509 LinkAddress *a;
1510
1511 a = link_find_address(l, family, in_addr);
1512 if (a)
1513 return a;
1514 }
1515
1516 return NULL;
1517}
1518
1519bool manager_packet_from_local_address(Manager *m, DnsPacket *p) {
1520 assert(m);
1521 assert(p);
1522
1523 /* Let's see if this packet comes from an IP address we have on any local interface */
1524
1525 return !!manager_find_link_address(m, p->family, &p->sender);
1526}
1527
1528bool manager_packet_from_our_transaction(Manager *m, DnsPacket *p) {
1529 DnsTransaction *t;
1530
1531 assert(m);
1532 assert(p);
1533
1534 /* Let's see if we have a transaction with a query message with the exact same binary contents as the
1535 * one we just got. If so, it's almost definitely a packet loop of some kind. */
1536
1537 t = hashmap_get(m->dns_transactions, UINT_TO_PTR(DNS_PACKET_ID(p)));
1538 if (!t)
1539 return false;
1540
1541 return t->sent && dns_packet_equal(t->sent, p);
1542}
1543
1544DnsScope* manager_find_scope(Manager *m, DnsPacket *p) {
1545 Link *l;
1546
1547 assert(m);
1548 assert(p);
1549
1550 l = hashmap_get(m->links, INT_TO_PTR(p->ifindex));
1551 if (!l)
1552 return NULL;
1553
1554 switch (p->protocol) {
1555 case DNS_PROTOCOL_LLMNR:
1556 if (p->family == AF_INET)
1557 return l->llmnr_ipv4_scope;
1558 else if (p->family == AF_INET6)
1559 return l->llmnr_ipv6_scope;
1560
1561 break;
1562
1563 case DNS_PROTOCOL_MDNS:
1564 if (p->family == AF_INET)
1565 return l->mdns_ipv4_scope;
1566 else if (p->family == AF_INET6)
1567 return l->mdns_ipv6_scope;
1568
1569 break;
1570
1571 default:
1572 ;
1573 }
1574
1575 return NULL;
1576}
1577
1578void manager_verify_all(Manager *m) {
1579 assert(m);
1580
1581 LIST_FOREACH(scopes, s, m->dns_scopes)
1582 dns_zone_verify_all(&s->zone);
1583}
1584
1585int manager_is_own_hostname(Manager *m, const char *name) {
1586 int r;
1587
1588 assert(m);
1589 assert(name);
1590
1591 if (m->llmnr_hostname) {
1592 r = dns_name_equal(name, m->llmnr_hostname);
1593 if (r != 0)
1594 return r;
1595 }
1596
1597 if (m->mdns_hostname) {
1598 r = dns_name_equal(name, m->mdns_hostname);
1599 if (r != 0)
1600 return r;
1601 }
1602
1603 if (m->full_hostname)
1604 return dns_name_equal(name, m->full_hostname);
1605
1606 return 0;
1607}
1608
1609int manager_compile_dns_servers(Manager *m, OrderedSet **dns) {
1610 Link *l;
1611 int r;
1612
1613 assert(m);
1614 assert(dns);
1615
1616 r = ordered_set_ensure_allocated(dns, &dns_server_hash_ops);
1617 if (r < 0)
1618 return r;
1619
1620 /* First add the system-wide servers and domains */
1621 LIST_FOREACH(servers, s, m->dns_servers) {
1622 r = ordered_set_put(*dns, s);
1623 if (r == -EEXIST)
1624 continue;
1625 if (r < 0)
1626 return r;
1627 }
1628
1629 /* Then, add the per-link servers */
1630 HASHMAP_FOREACH(l, m->links)
1631 LIST_FOREACH(servers, s, l->dns_servers) {
1632 r = ordered_set_put(*dns, s);
1633 if (r == -EEXIST)
1634 continue;
1635 if (r < 0)
1636 return r;
1637 }
1638
1639 /* Third, add the delegate servers and domains */
1640 DnsDelegate *d;
1641 HASHMAP_FOREACH(d, m->delegates)
1642 LIST_FOREACH(servers, s, d->dns_servers) {
1643 r = ordered_set_put(*dns, s);
1644 if (r == -EEXIST)
1645 continue;
1646 if (r < 0)
1647 return r;
1648 }
1649
1650 /* If we found nothing, add the fallback servers */
1651 if (ordered_set_isempty(*dns)) {
1652 LIST_FOREACH(servers, s, m->fallback_dns_servers) {
1653 r = ordered_set_put(*dns, s);
1654 if (r == -EEXIST)
1655 continue;
1656 if (r < 0)
1657 return r;
1658 }
1659 }
1660
1661 return 0;
1662}
1663
1664/* filter_route is a tri-state:
1665 * < 0: no filtering
1666 * = 0 or false: return only domains which should be used for searching
1667 * > 0 or true: return only domains which are for routing only
1668 */
1669int manager_compile_search_domains(Manager *m, OrderedSet **domains, int filter_route) {
1670 int r;
1671
1672 assert(m);
1673 assert(domains);
1674
1675 r = ordered_set_ensure_allocated(domains, &dns_name_hash_ops);
1676 if (r < 0)
1677 return r;
1678
1679 LIST_FOREACH(domains, d, m->search_domains) {
1680
1681 if (filter_route >= 0 &&
1682 d->route_only != !!filter_route)
1683 continue;
1684
1685 r = ordered_set_put(*domains, d->name);
1686 if (r == -EEXIST)
1687 continue;
1688 if (r < 0)
1689 return r;
1690 }
1691
1692 DnsDelegate *delegate;
1693 HASHMAP_FOREACH(delegate, m->delegates)
1694 LIST_FOREACH(domains, d, delegate->search_domains) {
1695
1696 if (filter_route >= 0 &&
1697 d->route_only != !!filter_route)
1698 continue;
1699
1700 r = ordered_set_put(*domains, d->name);
1701 if (r == -EEXIST)
1702 continue;
1703 if (r < 0)
1704 return r;
1705 }
1706
1707 Link *l;
1708 HASHMAP_FOREACH(l, m->links)
1709 LIST_FOREACH(domains, d, l->search_domains) {
1710
1711 if (filter_route >= 0 &&
1712 d->route_only != !!filter_route)
1713 continue;
1714
1715 r = ordered_set_put(*domains, d->name);
1716 if (r == -EEXIST)
1717 continue;
1718 if (r < 0)
1719 return r;
1720 }
1721
1722 return 0;
1723}
1724
1725DnssecMode manager_get_dnssec_mode(Manager *m) {
1726 assert(m);
1727
1728 if (m->dnssec_mode != _DNSSEC_MODE_INVALID)
1729 return m->dnssec_mode;
1730
1731 return DNSSEC_NO;
1732}
1733
1734bool manager_dnssec_supported(Manager *m) {
1735 DnsServer *server;
1736 Link *l;
1737
1738 assert(m);
1739
1740 if (manager_get_dnssec_mode(m) == DNSSEC_NO)
1741 return false;
1742
1743 server = manager_get_dns_server(m);
1744 if (server && !dns_server_dnssec_supported(server))
1745 return false;
1746
1747 HASHMAP_FOREACH(l, m->links)
1748 if (!link_dnssec_supported(l))
1749 return false;
1750
1751 return true;
1752}
1753
1754DnsOverTlsMode manager_get_dns_over_tls_mode(Manager *m) {
1755 assert(m);
1756
1757 if (m->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
1758 return m->dns_over_tls_mode;
1759
1760 return DNS_OVER_TLS_NO;
1761}
1762
1763void manager_dnssec_verdict(Manager *m, DnssecVerdict verdict, const DnsResourceKey *key) {
1764
1765 assert(verdict >= 0);
1766 assert(verdict < _DNSSEC_VERDICT_MAX);
1767
1768 if (DEBUG_LOGGING) {
1769 char s[DNS_RESOURCE_KEY_STRING_MAX];
1770
1771 log_debug("Found verdict for lookup %s: %s",
1772 dns_resource_key_to_string(key, s, sizeof s),
1773 dnssec_verdict_to_string(verdict));
1774 }
1775
1776 m->n_dnssec_verdict[verdict]++;
1777}
1778
1779bool manager_routable(Manager *m) {
1780 Link *l;
1781
1782 assert(m);
1783
1784 /* Returns true if the host has at least one interface with a routable address (regardless if IPv4 or IPv6) */
1785
1786 HASHMAP_FOREACH(l, m->links)
1787 if (link_relevant(l, AF_UNSPEC, false))
1788 return true;
1789
1790 return false;
1791}
1792
1793void manager_flush_caches(Manager *m, int log_level) {
1794 assert(m);
1795
1796 LIST_FOREACH(scopes, scope, m->dns_scopes)
1797 dns_cache_flush(&scope->cache);
1798
1799 log_full(log_level, "Flushed all caches.");
1800}
1801
1802void manager_reset_server_features(Manager *m) {
1803
1804 dns_server_reset_features_all(m->dns_servers);
1805 dns_server_reset_features_all(m->fallback_dns_servers);
1806
1807 Link *l;
1808 HASHMAP_FOREACH(l, m->links)
1809 dns_server_reset_features_all(l->dns_servers);
1810
1811 DnsDelegate *d;
1812 HASHMAP_FOREACH(d, m->delegates)
1813 dns_server_reset_features_all(d->dns_servers);
1814
1815 log_info("Resetting learnt feature levels on all servers.");
1816}
1817
1818void manager_cleanup_saved_user(Manager *m) {
1819 _cleanup_closedir_ DIR *d = NULL;
1820
1821 assert(m);
1822
1823 /* Clean up all saved per-link files in /run/systemd/resolve/netif/ that don't have a matching interface
1824 * anymore. These files are created to persist settings pushed in by the user via the bus, so that resolved can
1825 * be restarted without losing this data. */
1826
1827 d = opendir("/run/systemd/resolve/netif/");
1828 if (!d) {
1829 if (errno == ENOENT)
1830 return;
1831
1832 log_warning_errno(errno, "Failed to open interface directory: %m");
1833 return;
1834 }
1835
1836 FOREACH_DIRENT_ALL(de, d, log_error_errno(errno, "Failed to read interface directory: %m")) {
1837 int ifindex;
1838 Link *l;
1839
1840 if (!IN_SET(de->d_type, DT_UNKNOWN, DT_REG))
1841 continue;
1842
1843 if (dot_or_dot_dot(de->d_name))
1844 continue;
1845
1846 ifindex = parse_ifindex(de->d_name);
1847 if (ifindex < 0) /* Probably some temporary file from a previous run. Delete it */
1848 goto rm;
1849
1850 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
1851 if (!l) /* link vanished */
1852 goto rm;
1853
1854 if (l->is_managed) /* now managed by networkd, hence the bus settings are useless */
1855 goto rm;
1856
1857 continue;
1858
1859 rm:
1860 if (unlinkat(dirfd(d), de->d_name, 0) < 0)
1861 log_warning_errno(errno, "Failed to remove left-over interface configuration file '%s', ignoring: %m", de->d_name);
1862 }
1863}
1864
1865bool manager_next_dnssd_names(Manager *m) {
1866 DnssdService *s;
1867 bool tried = false;
1868 int r;
1869
1870 assert(m);
1871
1872 HASHMAP_FOREACH(s, m->dnssd_services) {
1873 _cleanup_free_ char * new_name = NULL;
1874
1875 if (!s->withdrawn)
1876 continue;
1877
1878 r = manager_next_random_name(s->name_template, &new_name);
1879 if (r < 0) {
1880 log_warning_errno(r, "Failed to get new name for service '%s': %m", s->id);
1881 continue;
1882 }
1883
1884 free_and_replace(s->name_template, new_name);
1885
1886 s->withdrawn = false;
1887
1888 tried = true;
1889 }
1890
1891 if (tried)
1892 manager_refresh_rrs(m);
1893
1894 return tried;
1895}
1896
1897bool manager_server_is_stub(Manager *m, DnsServer *s) {
1898 DnsStubListenerExtra *l;
1899
1900 assert(m);
1901 assert(s);
1902
1903 /* Safety check: we generally already skip the main stub when parsing configuration. But let's be
1904 * extra careful, and check here again */
1905 if (s->family == AF_INET &&
1906 s->address.in.s_addr == htobe32(INADDR_DNS_STUB) &&
1907 dns_server_port(s) == 53)
1908 return true;
1909
1910 /* Main reason to call this is to check server data against the extra listeners, and filter things
1911 * out. */
1912 ORDERED_SET_FOREACH(l, m->dns_extra_stub_listeners)
1913 if (s->family == l->family &&
1914 in_addr_equal(s->family, &s->address, &l->address) &&
1915 dns_server_port(s) == dns_stub_listener_extra_port(l))
1916 return true;
1917
1918 return false;
1919}
1920
1921int socket_disable_pmtud(int fd, int af) {
1922 int r;
1923
1924 assert(fd >= 0);
1925
1926 if (af == AF_UNSPEC) {
1927 af = socket_get_family(fd);
1928 if (af < 0)
1929 return af;
1930 }
1931
1932 switch (af) {
1933
1934 case AF_INET: {
1935 /* Turn off path MTU discovery, let's rather fragment on the way than to open us up against
1936 * PMTU forgery vulnerabilities.
1937 *
1938 * There appears to be no documentation about IP_PMTUDISC_OMIT, but it has the effect that
1939 * the "Don't Fragment" bit in the IPv4 header is turned off, thus enforcing fragmentation if
1940 * our datagram size exceeds the MTU of a router in the path, and turning off path MTU
1941 * discovery.
1942 *
1943 * This helps mitigating the PMTUD vulnerability described here:
1944 *
1945 * https://blog.apnic.net/2019/07/12/its-time-to-consider-avoiding-ip-fragmentation-in-the-dns/
1946 *
1947 * Similar logic is in place in most DNS servers.
1948 *
1949 * There are multiple conflicting goals: we want to allow the largest datagrams possible (for
1950 * efficiency reasons), but not have fragmentation (for security reasons), nor use PMTUD (for
1951 * security reasons, too). Our strategy to deal with this is: use large packets, turn off
1952 * PMTUD, but watch fragmentation taking place, and then size our packets to the max of the
1953 * fragments seen — and if we need larger packets always go to TCP.
1954 */
1955
1956 r = setsockopt_int(fd, IPPROTO_IP, IP_MTU_DISCOVER, IP_PMTUDISC_OMIT);
1957 if (r < 0)
1958 return r;
1959
1960 return 0;
1961 }
1962
1963 case AF_INET6: {
1964 /* On IPv6 fragmentation only is done by the sender — never by routers on the path. PMTUD is
1965 * mandatory. If we want to turn off PMTUD, the only way is by sending with minimal MTU only,
1966 * so that we apply maximum fragmentation locally already, and thus PMTUD doesn't happen
1967 * because there's nothing that could be fragmented further anymore. */
1968
1969 r = setsockopt_int(fd, IPPROTO_IPV6, IPV6_MTU, IPV6_MIN_MTU);
1970 if (r < 0)
1971 return r;
1972
1973 return 0;
1974 }
1975
1976 default:
1977 return -EAFNOSUPPORT;
1978 }
1979}
1980
1981int dns_manager_dump_statistics_json(Manager *m, sd_json_variant **ret) {
1982 uint64_t size = 0, hit = 0, miss = 0;
1983
1984 assert(m);
1985 assert(ret);
1986
1987 LIST_FOREACH(scopes, s, m->dns_scopes) {
1988 size += dns_cache_size(&s->cache);
1989 hit += s->cache.n_hit;
1990 miss += s->cache.n_miss;
1991 }
1992
1993 return sd_json_buildo(ret,
1994 SD_JSON_BUILD_PAIR("transactions", SD_JSON_BUILD_OBJECT(
1995 SD_JSON_BUILD_PAIR_UNSIGNED("currentTransactions", hashmap_size(m->dns_transactions)),
1996 SD_JSON_BUILD_PAIR_UNSIGNED("totalTransactions", m->n_transactions_total),
1997 SD_JSON_BUILD_PAIR_UNSIGNED("totalTimeouts", m->n_timeouts_total),
1998 SD_JSON_BUILD_PAIR_UNSIGNED("totalTimeoutsServedStale", m->n_timeouts_served_stale_total),
1999 SD_JSON_BUILD_PAIR_UNSIGNED("totalFailedResponses", m->n_failure_responses_total),
2000 SD_JSON_BUILD_PAIR_UNSIGNED("totalFailedResponsesServedStale", m->n_failure_responses_served_stale_total)
2001 )),
2002 SD_JSON_BUILD_PAIR("cache", SD_JSON_BUILD_OBJECT(
2003 SD_JSON_BUILD_PAIR_UNSIGNED("size", size),
2004 SD_JSON_BUILD_PAIR_UNSIGNED("hits", hit),
2005 SD_JSON_BUILD_PAIR_UNSIGNED("misses", miss)
2006 )),
2007 SD_JSON_BUILD_PAIR("dnssec", SD_JSON_BUILD_OBJECT(
2008 SD_JSON_BUILD_PAIR_UNSIGNED("secure", m->n_dnssec_verdict[DNSSEC_SECURE]),
2009 SD_JSON_BUILD_PAIR_UNSIGNED("insecure", m->n_dnssec_verdict[DNSSEC_INSECURE]),
2010 SD_JSON_BUILD_PAIR_UNSIGNED("bogus", m->n_dnssec_verdict[DNSSEC_BOGUS]),
2011 SD_JSON_BUILD_PAIR_UNSIGNED("indeterminate", m->n_dnssec_verdict[DNSSEC_INDETERMINATE])
2012 )));
2013}
2014
2015void dns_manager_reset_statistics(Manager *m) {
2016
2017 assert(m);
2018
2019 LIST_FOREACH(scopes, s, m->dns_scopes)
2020 s->cache.n_hit = s->cache.n_miss = 0;
2021
2022 m->n_transactions_total = 0;
2023 m->n_timeouts_total = 0;
2024 m->n_timeouts_served_stale_total = 0;
2025 m->n_failure_responses_total = 0;
2026 m->n_failure_responses_served_stale_total = 0;
2027 zero(m->n_dnssec_verdict);
2028}
2029
2030static int dns_configuration_json_append(
2031 const char *ifname,
2032 int ifindex,
2033 int default_route,
2034 DnsServer *current_dns_server,
2035 DnsServer *dns_servers,
2036 DnsSearchDomain *search_domains,
2037 sd_json_variant **configuration) {
2038
2039 _cleanup_(sd_json_variant_unrefp) sd_json_variant *dns_servers_json = NULL,
2040 *search_domains_json = NULL,
2041 *current_dns_server_json = NULL;
2042 int r;
2043
2044 assert(configuration);
2045
2046 if (dns_servers) {
2047 r = sd_json_variant_new_array(&dns_servers_json, NULL, 0);
2048 if (r < 0)
2049 return r;
2050 }
2051
2052 if (search_domains) {
2053 r = sd_json_variant_new_array(&search_domains_json, NULL, 0);
2054 if (r < 0)
2055 return r;
2056 }
2057
2058 if (current_dns_server) {
2059 r = dns_server_dump_configuration_to_json(current_dns_server, &current_dns_server_json);
2060 if (r < 0)
2061 return r;
2062 }
2063
2064 LIST_FOREACH(servers, s, dns_servers) {
2065 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
2066
2067 assert(dns_servers_json);
2068
2069 r = dns_server_dump_configuration_to_json(s, &v);
2070 if (r < 0)
2071 return r;
2072
2073 r = sd_json_variant_append_array(&dns_servers_json, v);
2074 if (r < 0)
2075 return r;
2076 }
2077
2078 LIST_FOREACH(domains, d, search_domains) {
2079 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
2080
2081 assert(search_domains_json);
2082
2083 r = dns_search_domain_dump_to_json(d, &v);
2084 if (r < 0)
2085 return r;
2086
2087 r = sd_json_variant_append_array(&search_domains_json, v);
2088 if (r < 0)
2089 return r;
2090 }
2091
2092 return sd_json_variant_append_arraybo(
2093 configuration,
2094 JSON_BUILD_PAIR_STRING_NON_EMPTY("ifname", ifname),
2095 SD_JSON_BUILD_PAIR_CONDITION(ifindex > 0, "ifindex", SD_JSON_BUILD_UNSIGNED(ifindex)),
2096 SD_JSON_BUILD_PAIR_CONDITION(ifindex > 0, "defaultRoute", SD_JSON_BUILD_BOOLEAN(default_route > 0)),
2097 JSON_BUILD_PAIR_VARIANT_NON_NULL("currentServer", current_dns_server_json),
2098 JSON_BUILD_PAIR_VARIANT_NON_NULL("servers", dns_servers_json),
2099 JSON_BUILD_PAIR_VARIANT_NON_NULL("searchDomains", search_domains_json));
2100}
2101
2102int manager_dump_dns_configuration_json(Manager *m, sd_json_variant **ret) {
2103 _cleanup_(sd_json_variant_unrefp) sd_json_variant *configuration = NULL;
2104 Link *l;
2105 int r;
2106
2107 assert(m);
2108 assert(ret);
2109
2110 /* Global DNS configuration */
2111 r = dns_configuration_json_append(
2112 /* ifname = */ NULL,
2113 /* ifindex = */ 0,
2114 /* default_route = */ 0,
2115 manager_get_dns_server(m),
2116 m->dns_servers,
2117 m->search_domains,
2118 &configuration);
2119 if (r < 0)
2120 return r;
2121
2122 /* Append configuration for each link */
2123 HASHMAP_FOREACH(l, m->links) {
2124 r = dns_configuration_json_append(
2125 l->ifname,
2126 l->ifindex,
2127 link_get_default_route(l),
2128 link_get_dns_server(l),
2129 l->dns_servers,
2130 l->search_domains,
2131 &configuration);
2132 if (r < 0)
2133 return r;
2134 }
2135
2136 return sd_json_buildo(ret, SD_JSON_BUILD_PAIR_VARIANT("configuration", configuration));
2137}
2138
2139int manager_send_dns_configuration_changed(Manager *m, Link *l, bool reset) {
2140 _cleanup_(sd_json_variant_unrefp) sd_json_variant *configuration = NULL;
2141 int r;
2142
2143 assert(m);
2144
2145 if (set_isempty(m->varlink_dns_configuration_subscription))
2146 return 0;
2147
2148 if (reset) {
2149 dns_server_reset_accessible_all(m->dns_servers);
2150
2151 if (l)
2152 dns_server_reset_accessible_all(l->dns_servers);
2153 }
2154
2155 r = manager_dump_dns_configuration_json(m, &configuration);
2156 if (r < 0)
2157 return log_warning_errno(r, "Failed to dump DNS configuration json: %m");
2158
2159 if (sd_json_variant_equal(configuration, m->dns_configuration_json))
2160 return 0;
2161
2162 JSON_VARIANT_REPLACE(m->dns_configuration_json, TAKE_PTR(configuration));
2163
2164 r = varlink_many_notify(m->varlink_dns_configuration_subscription, m->dns_configuration_json);
2165 if (r < 0)
2166 return log_warning_errno(r, "Failed to send DNS configuration event: %m");
2167
2168 return 0;
2169}
2170
2171int manager_start_dns_configuration_monitor(Manager *m) {
2172 Link *l;
2173 int r;
2174
2175 assert(m);
2176 assert(!m->dns_configuration_json);
2177 assert(!m->netlink_new_route_slot);
2178 assert(!m->netlink_del_route_slot);
2179
2180 dns_server_reset_accessible_all(m->dns_servers);
2181
2182 HASHMAP_FOREACH(l, m->links)
2183 dns_server_reset_accessible_all(l->dns_servers);
2184
2185 r = manager_dump_dns_configuration_json(m, &m->dns_configuration_json);
2186 if (r < 0)
2187 return r;
2188
2189 r = sd_netlink_add_match(m->rtnl, &m->netlink_new_route_slot, RTM_NEWROUTE, manager_process_route, NULL, m, "resolve-NEWROUTE");
2190 if (r < 0)
2191 return r;
2192
2193 r = sd_netlink_add_match(m->rtnl, &m->netlink_del_route_slot, RTM_DELROUTE, manager_process_route, NULL, m, "resolve-DELROUTE");
2194 if (r < 0)
2195 return r;
2196
2197 return 0;
2198}
2199
2200void manager_stop_dns_configuration_monitor(Manager *m) {
2201 assert(m);
2202
2203 m->dns_configuration_json = sd_json_variant_unref(m->dns_configuration_json);
2204 m->netlink_new_route_slot = sd_netlink_slot_unref(m->netlink_new_route_slot);
2205 m->netlink_del_route_slot = sd_netlink_slot_unref(m->netlink_del_route_slot);
2206}
Unnamed repository; edit this file 'description' to name the repository.