]> git.ipfire.org Git - thirdparty/systemd.git/blame_incremental - src/resolve/resolved-manager.c
projects / thirdparty / systemd.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
Merge pull request #32437 from keszybz/notify-fixups-split-out
[thirdparty/systemd.git] / src / resolve / resolved-manager.c
... / ...
CommitLineData
1/* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3#include <fcntl.h>
4#include <netinet/in.h>
5#include <poll.h>
6#include <sys/ioctl.h>
7#include <sys/stat.h>
8#include <sys/types.h>
9#include <unistd.h>
10
11#include "af-list.h"
12#include "alloc-util.h"
13#include "bus-polkit.h"
14#include "daemon-util.h"
15#include "dirent-util.h"
16#include "dns-domain.h"
17#include "event-util.h"
18#include "fd-util.h"
19#include "fileio.h"
20#include "hostname-util.h"
21#include "idn-util.h"
22#include "io-util.h"
23#include "iovec-util.h"
24#include "memstream-util.h"
25#include "missing_network.h"
26#include "missing_socket.h"
27#include "netlink-util.h"
28#include "ordered-set.h"
29#include "parse-util.h"
30#include "random-util.h"
31#include "resolved-bus.h"
32#include "resolved-conf.h"
33#include "resolved-dns-stub.h"
34#include "resolved-dnssd.h"
35#include "resolved-etc-hosts.h"
36#include "resolved-llmnr.h"
37#include "resolved-manager.h"
38#include "resolved-mdns.h"
39#include "resolved-resolv-conf.h"
40#include "resolved-util.h"
41#include "resolved-varlink.h"
42#include "socket-util.h"
43#include "string-table.h"
44#include "string-util.h"
45#include "utf8.h"
46
47#define SEND_TIMEOUT_USEC (200 * USEC_PER_MSEC)
48
49static int manager_process_link(sd_netlink *rtnl, sd_netlink_message *mm, void *userdata) {
50 Manager *m = ASSERT_PTR(userdata);
51 uint16_t type;
52 Link *l;
53 int ifindex, r;
54
55 assert(rtnl);
56 assert(mm);
57
58 r = sd_netlink_message_get_type(mm, &type);
59 if (r < 0)
60 goto fail;
61
62 r = sd_rtnl_message_link_get_ifindex(mm, &ifindex);
63 if (r < 0)
64 goto fail;
65
66 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
67
68 switch (type) {
69
70 case RTM_NEWLINK:{
71 bool is_new = !l;
72
73 if (!l) {
74 r = link_new(m, &l, ifindex);
75 if (r < 0)
76 goto fail;
77 }
78
79 r = link_process_rtnl(l, mm);
80 if (r < 0)
81 goto fail;
82
83 r = link_update(l);
84 if (r < 0)
85 goto fail;
86
87 if (is_new)
88 log_debug("Found new link %i/%s", ifindex, l->ifname);
89
90 break;
91 }
92
93 case RTM_DELLINK:
94 if (l) {
95 log_debug("Removing link %i/%s", l->ifindex, l->ifname);
96 link_remove_user(l);
97 link_free(l);
98 }
99
100 break;
101 }
102
103 return 0;
104
105fail:
106 log_warning_errno(r, "Failed to process RTNL link message: %m");
107 return 0;
108}
109
110static int manager_process_address(sd_netlink *rtnl, sd_netlink_message *mm, void *userdata) {
111 Manager *m = ASSERT_PTR(userdata);
112 union in_addr_union address, broadcast = {};
113 uint16_t type;
114 int r, ifindex, family;
115 LinkAddress *a;
116 Link *l;
117
118 assert(rtnl);
119 assert(mm);
120
121 r = sd_netlink_message_get_type(mm, &type);
122 if (r < 0)
123 goto fail;
124
125 r = sd_rtnl_message_addr_get_ifindex(mm, &ifindex);
126 if (r < 0)
127 goto fail;
128
129 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
130 if (!l)
131 return 0;
132
133 r = sd_rtnl_message_addr_get_family(mm, &family);
134 if (r < 0)
135 goto fail;
136
137 switch (family) {
138
139 case AF_INET:
140 sd_netlink_message_read_in_addr(mm, IFA_BROADCAST, &broadcast.in);
141 r = sd_netlink_message_read_in_addr(mm, IFA_LOCAL, &address.in);
142 if (r < 0) {
143 r = sd_netlink_message_read_in_addr(mm, IFA_ADDRESS, &address.in);
144 if (r < 0)
145 goto fail;
146 }
147
148 break;
149
150 case AF_INET6:
151 r = sd_netlink_message_read_in6_addr(mm, IFA_LOCAL, &address.in6);
152 if (r < 0) {
153 r = sd_netlink_message_read_in6_addr(mm, IFA_ADDRESS, &address.in6);
154 if (r < 0)
155 goto fail;
156 }
157
158 break;
159
160 default:
161 return 0;
162 }
163
164 a = link_find_address(l, family, &address);
165
166 switch (type) {
167
168 case RTM_NEWADDR:
169
170 if (!a) {
171 r = link_address_new(l, &a, family, &address, &broadcast);
172 if (r < 0)
173 return r;
174 }
175
176 r = link_address_update_rtnl(a, mm);
177 if (r < 0)
178 return r;
179
180 break;
181
182 case RTM_DELADDR:
183 link_address_free(a);
184 break;
185 }
186
187 return 0;
188
189fail:
190 log_warning_errno(r, "Failed to process RTNL address message: %m");
191 return 0;
192}
193
194static int manager_rtnl_listen(Manager *m) {
195 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
196 int r;
197
198 assert(m);
199
200 /* First, subscribe to interfaces coming and going */
201 r = sd_netlink_open(&m->rtnl);
202 if (r < 0)
203 return r;
204
205 r = sd_netlink_attach_event(m->rtnl, m->event, SD_EVENT_PRIORITY_IMPORTANT);
206 if (r < 0)
207 return r;
208
209 r = sd_netlink_add_match(m->rtnl, NULL, RTM_NEWLINK, manager_process_link, NULL, m, "resolve-NEWLINK");
210 if (r < 0)
211 return r;
212
213 r = sd_netlink_add_match(m->rtnl, NULL, RTM_DELLINK, manager_process_link, NULL, m, "resolve-DELLINK");
214 if (r < 0)
215 return r;
216
217 r = sd_netlink_add_match(m->rtnl, NULL, RTM_NEWADDR, manager_process_address, NULL, m, "resolve-NEWADDR");
218 if (r < 0)
219 return r;
220
221 r = sd_netlink_add_match(m->rtnl, NULL, RTM_DELADDR, manager_process_address, NULL, m, "resolve-DELADDR");
222 if (r < 0)
223 return r;
224
225 /* Then, enumerate all links */
226 r = sd_rtnl_message_new_link(m->rtnl, &req, RTM_GETLINK, 0);
227 if (r < 0)
228 return r;
229
230 r = sd_netlink_message_set_request_dump(req, true);
231 if (r < 0)
232 return r;
233
234 r = sd_netlink_call(m->rtnl, req, 0, &reply);
235 if (r < 0)
236 return r;
237
238 for (sd_netlink_message *i = reply; i; i = sd_netlink_message_next(i)) {
239 r = manager_process_link(m->rtnl, i, m);
240 if (r < 0)
241 return r;
242 }
243
244 req = sd_netlink_message_unref(req);
245 reply = sd_netlink_message_unref(reply);
246
247 /* Finally, enumerate all addresses, too */
248 r = sd_rtnl_message_new_addr(m->rtnl, &req, RTM_GETADDR, 0, AF_UNSPEC);
249 if (r < 0)
250 return r;
251
252 r = sd_netlink_message_set_request_dump(req, true);
253 if (r < 0)
254 return r;
255
256 r = sd_netlink_call(m->rtnl, req, 0, &reply);
257 if (r < 0)
258 return r;
259
260 for (sd_netlink_message *i = reply; i; i = sd_netlink_message_next(i)) {
261 r = manager_process_address(m->rtnl, i, m);
262 if (r < 0)
263 return r;
264 }
265
266 return r;
267}
268
269static int on_network_event(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
270 Manager *m = ASSERT_PTR(userdata);
271 Link *l;
272 int r;
273
274 sd_network_monitor_flush(m->network_monitor);
275
276 HASHMAP_FOREACH(l, m->links) {
277 r = link_update(l);
278 if (r < 0)
279 log_warning_errno(r, "Failed to update monitor information for %i: %m", l->ifindex);
280 }
281
282 (void) manager_write_resolv_conf(m);
283 (void) manager_send_changed(m, "DNS");
284
285 return 0;
286}
287
288static int manager_network_monitor_listen(Manager *m) {
289 int r, fd, events;
290
291 assert(m);
292
293 r = sd_network_monitor_new(&m->network_monitor, NULL);
294 if (r < 0)
295 return r;
296
297 fd = sd_network_monitor_get_fd(m->network_monitor);
298 if (fd < 0)
299 return fd;
300
301 events = sd_network_monitor_get_events(m->network_monitor);
302 if (events < 0)
303 return events;
304
305 r = sd_event_add_io(m->event, &m->network_event_source, fd, events, &on_network_event, m);
306 if (r < 0)
307 return r;
308
309 r = sd_event_source_set_priority(m->network_event_source, SD_EVENT_PRIORITY_IMPORTANT+5);
310 if (r < 0)
311 return r;
312
313 (void) sd_event_source_set_description(m->network_event_source, "network-monitor");
314
315 return 0;
316}
317
318static int manager_clock_change_listen(Manager *m);
319
320static int on_clock_change(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
321 Manager *m = ASSERT_PTR(userdata);
322
323 /* The clock has changed, let's flush all caches. Why that? That's because DNSSEC validation takes
324 * the system clock into consideration, and if the clock changes the old validations might have been
325 * wrong. Let's redo all validation with the new, correct time.
326 *
327 * (Also, this is triggered after system suspend, which is also a good reason to drop caches, since
328 * we might be connected to a different network now without this being visible in a dropped link
329 * carrier or so.) */
330
331 log_info("Clock change detected. Flushing caches.");
332 manager_flush_caches(m, LOG_DEBUG /* downgrade the functions own log message, since we already logged here at LOG_INFO level */);
333
334 /* The clock change timerfd is unusable after it triggered once, create a new one. */
335 return manager_clock_change_listen(m);
336}
337
338static int manager_clock_change_listen(Manager *m) {
339 int r;
340
341 assert(m);
342
343 m->clock_change_event_source = sd_event_source_disable_unref(m->clock_change_event_source);
344
345 r = event_add_time_change(m->event, &m->clock_change_event_source, on_clock_change, m);
346 if (r < 0)
347 return log_error_errno(r, "Failed to create clock change event source: %m");
348
349 return 0;
350}
351
352static int determine_hostnames(char **full_hostname, char **llmnr_hostname, char **mdns_hostname) {
353 _cleanup_free_ char *h = NULL, *n = NULL;
354 int r;
355
356 assert(full_hostname);
357 assert(llmnr_hostname);
358 assert(mdns_hostname);
359
360 r = resolve_system_hostname(&h, &n);
361 if (r < 0)
362 return r;
363
364 r = dns_name_concat(n, "local", 0, mdns_hostname);
365 if (r < 0)
366 return log_error_errno(r, "Failed to determine mDNS hostname: %m");
367
368 *llmnr_hostname = TAKE_PTR(n);
369 *full_hostname = TAKE_PTR(h);
370
371 return 0;
372}
373
374static char* fallback_hostname(void) {
375
376 /* Determine the fall back hostname. For exposing this system to the outside world, we cannot have it
377 * to be "localhost" even if that's the default hostname. In this case, let's revert to "linux"
378 * instead. */
379
380 _cleanup_free_ char *n = get_default_hostname();
381 if (!n)
382 return NULL;
383
384 if (is_localhost(n))
385 return strdup("linux");
386
387 return TAKE_PTR(n);
388}
389
390static int make_fallback_hostnames(char **full_hostname, char **llmnr_hostname, char **mdns_hostname) {
391 _cleanup_free_ char *h = NULL, *n = NULL, *m = NULL;
392 char label[DNS_LABEL_MAX+1];
393 const char *p;
394 int r;
395
396 assert(full_hostname);
397 assert(llmnr_hostname);
398 assert(mdns_hostname);
399
400 p = h = fallback_hostname();
401 if (!h)
402 return log_oom();
403
404 r = dns_label_unescape(&p, label, sizeof label, 0);
405 if (r < 0)
406 return log_error_errno(r, "Failed to unescape fallback hostname: %m");
407
408 assert(r > 0); /* The fallback hostname must have at least one label */
409
410 r = dns_label_escape_new(label, r, &n);
411 if (r < 0)
412 return log_error_errno(r, "Failed to escape fallback hostname: %m");
413
414 r = dns_name_concat(n, "local", 0, &m);
415 if (r < 0)
416 return log_error_errno(r, "Failed to concatenate mDNS hostname: %m");
417
418 *llmnr_hostname = TAKE_PTR(n);
419 *mdns_hostname = TAKE_PTR(m);
420 *full_hostname = TAKE_PTR(h);
421
422 return 0;
423}
424
425static int on_hostname_change(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
426 _cleanup_free_ char *full_hostname = NULL, *llmnr_hostname = NULL, *mdns_hostname = NULL;
427 Manager *m = ASSERT_PTR(userdata);
428 bool llmnr_hostname_changed;
429 int r;
430
431 r = determine_hostnames(&full_hostname, &llmnr_hostname, &mdns_hostname);
432 if (r < 0) {
433 log_warning_errno(r, "Failed to determine the local hostname and LLMNR/mDNS names, ignoring: %m");
434 return 0; /* ignore invalid hostnames */
435 }
436
437 llmnr_hostname_changed = !streq(llmnr_hostname, m->llmnr_hostname);
438 if (streq(full_hostname, m->full_hostname) &&
439 !llmnr_hostname_changed &&
440 streq(mdns_hostname, m->mdns_hostname))
441 return 0;
442
443 log_info("System hostname changed to '%s'.", full_hostname);
444
445 free_and_replace(m->full_hostname, full_hostname);
446 free_and_replace(m->llmnr_hostname, llmnr_hostname);
447 free_and_replace(m->mdns_hostname, mdns_hostname);
448
449 manager_refresh_rrs(m);
450 (void) manager_send_changed(m, "LLMNRHostname");
451
452 return 0;
453}
454
455static int manager_watch_hostname(Manager *m) {
456 int r;
457
458 assert(m);
459
460 m->hostname_fd = open("/proc/sys/kernel/hostname",
461 O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
462 if (m->hostname_fd < 0) {
463 log_warning_errno(errno, "Failed to watch hostname: %m");
464 return 0;
465 }
466
467 r = sd_event_add_io(m->event, &m->hostname_event_source, m->hostname_fd, 0, on_hostname_change, m);
468 if (r < 0) {
469 if (r == -EPERM)
470 /* kernels prior to 3.2 don't support polling this file. Ignore the failure. */
471 m->hostname_fd = safe_close(m->hostname_fd);
472 else
473 return log_error_errno(r, "Failed to add hostname event source: %m");
474 }
475
476 (void) sd_event_source_set_description(m->hostname_event_source, "hostname");
477
478 r = determine_hostnames(&m->full_hostname, &m->llmnr_hostname, &m->mdns_hostname);
479 if (r < 0) {
480 _cleanup_free_ char *d = NULL;
481
482 d = fallback_hostname();
483 if (!d)
484 return log_oom();
485
486 log_info("Defaulting to hostname '%s'.", d);
487
488 r = make_fallback_hostnames(&m->full_hostname, &m->llmnr_hostname, &m->mdns_hostname);
489 if (r < 0)
490 return r;
491 } else
492 log_info("Using system hostname '%s'.", m->full_hostname);
493
494 return 0;
495}
496
497static int manager_sigusr1(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
498 _cleanup_(memstream_done) MemStream ms = {};
499 Manager *m = ASSERT_PTR(userdata);
500 Link *l;
501 FILE *f;
502
503 assert(s);
504 assert(si);
505
506 f = memstream_init(&ms);
507 if (!f)
508 return log_oom();
509
510 LIST_FOREACH(scopes, scope, m->dns_scopes)
511 dns_scope_dump(scope, f);
512
513 LIST_FOREACH(servers, server, m->dns_servers)
514 dns_server_dump(server, f);
515 LIST_FOREACH(servers, server, m->fallback_dns_servers)
516 dns_server_dump(server, f);
517 HASHMAP_FOREACH(l, m->links)
518 LIST_FOREACH(servers, server, l->dns_servers)
519 dns_server_dump(server, f);
520
521 return memstream_dump(LOG_INFO, &ms);
522}
523
524static int manager_sigusr2(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
525 Manager *m = ASSERT_PTR(userdata);
526
527 assert(s);
528 assert(si);
529
530 manager_flush_caches(m, LOG_INFO);
531
532 return 0;
533}
534
535static int manager_sigrtmin1(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
536 Manager *m = ASSERT_PTR(userdata);
537
538 assert(s);
539 assert(si);
540
541 manager_reset_server_features(m);
542 return 0;
543}
544
545static int manager_memory_pressure(sd_event_source *s, void *userdata) {
546 Manager *m = ASSERT_PTR(userdata);
547
548 log_info("Under memory pressure, flushing caches.");
549
550 manager_flush_caches(m, LOG_INFO);
551 sd_event_trim_memory();
552
553 return 0;
554}
555
556static int manager_memory_pressure_listen(Manager *m) {
557 int r;
558
559 assert(m);
560
561 r = sd_event_add_memory_pressure(m->event, NULL, manager_memory_pressure, m);
562 if (r < 0)
563 log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) || ERRNO_IS_PRIVILEGE(r) || (r == -EHOSTDOWN )? LOG_DEBUG : LOG_NOTICE, r,
564 "Failed to install memory pressure event source, ignoring: %m");
565
566 return 0;
567}
568
569static void manager_set_defaults(Manager *m) {
570 assert(m);
571
572 m->llmnr_support = DEFAULT_LLMNR_MODE;
573 m->mdns_support = DEFAULT_MDNS_MODE;
574 m->dnssec_mode = DEFAULT_DNSSEC_MODE;
575 m->dns_over_tls_mode = DEFAULT_DNS_OVER_TLS_MODE;
576 m->enable_cache = DNS_CACHE_MODE_YES;
577 m->dns_stub_listener_mode = DNS_STUB_LISTENER_YES;
578 m->read_etc_hosts = true;
579 m->resolve_unicast_single_label = false;
580 m->cache_from_localhost = false;
581 m->stale_retention_usec = 0;
582}
583
584static int manager_dispatch_reload_signal(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
585 Manager *m = ASSERT_PTR(userdata);
586 int r;
587
588 (void) notify_reloading();
589
590 manager_set_defaults(m);
591
592 dns_server_unlink_on_reload(m->dns_servers);
593 dns_server_unlink_on_reload(m->fallback_dns_servers);
594 m->dns_extra_stub_listeners = ordered_set_free(m->dns_extra_stub_listeners);
595 dnssd_service_clear_on_reload(m->dnssd_services);
596 m->unicast_scope = dns_scope_free(m->unicast_scope);
597
598 dns_trust_anchor_flush(&m->trust_anchor);
599
600 r = dns_trust_anchor_load(&m->trust_anchor);
601 if (r < 0)
602 return r;
603
604 r = manager_parse_config_file(m);
605 if (r < 0)
606 log_warning_errno(r, "Failed to parse config file on reload: %m");
607 else
608 log_info("Config file reloaded.");
609
610 r = dnssd_load(m);
611 if (r < 0)
612 log_warning_errno(r, "Failed to load DNS-SD configuration files: %m");
613
614 /* The default scope configuration is influenced by the manager's configuration (modes, etc.), so
615 * recreate it on reload. */
616 r = dns_scope_new(m, &m->unicast_scope, NULL, DNS_PROTOCOL_DNS, AF_UNSPEC);
617 if (r < 0)
618 return r;
619
620 /* The configuration has changed, so reload the per-interface configuration too in order to take
621 * into account any changes (e.g.: enable/disable DNSSEC). */
622 r = on_network_event(/* sd_event_source= */ NULL, -EBADF, /* revents= */ 0, m);
623 if (r < 0)
624 log_warning_errno(r, "Failed to update network information: %m");
625
626 /* We have new configuration, which means potentially new servers, so close all connections and drop
627 * all caches, so that we can start fresh. */
628 (void) dns_stream_disconnect_all(m);
629 manager_flush_caches(m, LOG_INFO);
630 manager_verify_all(m);
631
632 (void) sd_notify(/* unset= */ false, NOTIFY_READY);
633 return 0;
634}
635
636int manager_new(Manager **ret) {
637 _cleanup_(manager_freep) Manager *m = NULL;
638 int r;
639
640 assert(ret);
641
642 m = new(Manager, 1);
643 if (!m)
644 return -ENOMEM;
645
646 *m = (Manager) {
647 .llmnr_ipv4_udp_fd = -EBADF,
648 .llmnr_ipv6_udp_fd = -EBADF,
649 .llmnr_ipv4_tcp_fd = -EBADF,
650 .llmnr_ipv6_tcp_fd = -EBADF,
651 .mdns_ipv4_fd = -EBADF,
652 .mdns_ipv6_fd = -EBADF,
653 .hostname_fd = -EBADF,
654
655 .read_resolv_conf = true,
656 .need_builtin_fallbacks = true,
657 .etc_hosts_last = USEC_INFINITY,
658
659 .sigrtmin18_info.memory_pressure_handler = manager_memory_pressure,
660 .sigrtmin18_info.memory_pressure_userdata = m,
661 };
662
663 manager_set_defaults(m);
664
665 r = dns_trust_anchor_load(&m->trust_anchor);
666 if (r < 0)
667 return r;
668
669 r = manager_parse_config_file(m);
670 if (r < 0)
671 log_warning_errno(r, "Failed to parse configuration file: %m");
672
673#if ENABLE_DNS_OVER_TLS
674 r = dnstls_manager_init(m);
675 if (r < 0)
676 return r;
677#endif
678
679 r = sd_event_default(&m->event);
680 if (r < 0)
681 return r;
682
683 (void) sd_event_add_signal(m->event, NULL, SIGTERM, NULL, NULL);
684 (void) sd_event_add_signal(m->event, NULL, SIGINT, NULL, NULL);
685 (void) sd_event_add_signal(m->event, NULL, SIGHUP | SD_EVENT_SIGNAL_PROCMASK, manager_dispatch_reload_signal, m);
686
687 (void) sd_event_set_watchdog(m->event, true);
688
689 r = manager_watch_hostname(m);
690 if (r < 0)
691 return r;
692
693 r = dnssd_load(m);
694 if (r < 0)
695 log_warning_errno(r, "Failed to load DNS-SD configuration files: %m");
696
697 r = dns_scope_new(m, &m->unicast_scope, NULL, DNS_PROTOCOL_DNS, AF_UNSPEC);
698 if (r < 0)
699 return r;
700
701 r = manager_network_monitor_listen(m);
702 if (r < 0)
703 return r;
704
705 r = manager_rtnl_listen(m);
706 if (r < 0)
707 return r;
708
709 r = manager_clock_change_listen(m);
710 if (r < 0)
711 return r;
712
713 r = manager_memory_pressure_listen(m);
714 if (r < 0)
715 return r;
716
717 r = manager_connect_bus(m);
718 if (r < 0)
719 return r;
720
721 (void) sd_event_add_signal(m->event, &m->sigusr1_event_source, SIGUSR1, manager_sigusr1, m);
722 (void) sd_event_add_signal(m->event, &m->sigusr2_event_source, SIGUSR2, manager_sigusr2, m);
723 (void) sd_event_add_signal(m->event, &m->sigrtmin1_event_source, SIGRTMIN+1, manager_sigrtmin1, m);
724 (void) sd_event_add_signal(m->event, NULL, SIGRTMIN+18, sigrtmin18_handler, &m->sigrtmin18_info);
725
726 manager_cleanup_saved_user(m);
727
728 *ret = TAKE_PTR(m);
729
730 return 0;
731}
732
733int manager_start(Manager *m) {
734 int r;
735
736 assert(m);
737
738 r = manager_dns_stub_start(m);
739 if (r < 0)
740 return r;
741
742 r = manager_varlink_init(m);
743 if (r < 0)
744 return r;
745
746 return 0;
747}
748
749Manager *manager_free(Manager *m) {
750 Link *l;
751 DnssdService *s;
752
753 if (!m)
754 return NULL;
755
756 dns_server_unlink_all(m->dns_servers);
757 dns_server_unlink_all(m->fallback_dns_servers);
758 dns_search_domain_unlink_all(m->search_domains);
759
760 while ((l = hashmap_first(m->links)))
761 link_free(l);
762
763 while (m->dns_queries)
764 dns_query_free(m->dns_queries);
765
766 m->stub_queries_by_packet = hashmap_free(m->stub_queries_by_packet);
767
768 dns_scope_free(m->unicast_scope);
769
770 /* At this point only orphaned streams should remain. All others should have been freed already by their
771 * owners */
772 while (m->dns_streams)
773 dns_stream_unref(m->dns_streams);
774
775#if ENABLE_DNS_OVER_TLS
776 dnstls_manager_free(m);
777#endif
778
779 hashmap_free(m->links);
780 hashmap_free(m->dns_transactions);
781
782 sd_event_source_unref(m->network_event_source);
783 sd_network_monitor_unref(m->network_monitor);
784
785 sd_netlink_unref(m->rtnl);
786 sd_event_source_unref(m->rtnl_event_source);
787 sd_event_source_unref(m->clock_change_event_source);
788
789 manager_llmnr_stop(m);
790 manager_mdns_stop(m);
791 manager_dns_stub_stop(m);
792 manager_varlink_done(m);
793
794 manager_socket_graveyard_clear(m);
795
796 ordered_set_free(m->dns_extra_stub_listeners);
797
798 hashmap_free(m->polkit_registry);
799
800 sd_bus_flush_close_unref(m->bus);
801
802 sd_event_source_unref(m->sigusr1_event_source);
803 sd_event_source_unref(m->sigusr2_event_source);
804 sd_event_source_unref(m->sigrtmin1_event_source);
805
806 dns_resource_key_unref(m->llmnr_host_ipv4_key);
807 dns_resource_key_unref(m->llmnr_host_ipv6_key);
808 dns_resource_key_unref(m->mdns_host_ipv4_key);
809 dns_resource_key_unref(m->mdns_host_ipv6_key);
810
811 sd_event_source_unref(m->hostname_event_source);
812 safe_close(m->hostname_fd);
813
814 sd_event_unref(m->event);
815
816 free(m->full_hostname);
817 free(m->llmnr_hostname);
818 free(m->mdns_hostname);
819
820 while ((s = hashmap_first(m->dnssd_services)))
821 dnssd_service_free(s);
822 hashmap_free(m->dnssd_services);
823
824 dns_trust_anchor_flush(&m->trust_anchor);
825 manager_etc_hosts_flush(m);
826
827 return mfree(m);
828}
829
830int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) {
831 _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
832 CMSG_BUFFER_TYPE(CMSG_SPACE(MAXSIZE(struct in_pktinfo, struct in6_pktinfo))
833 + CMSG_SPACE(int) /* ttl/hoplimit */
834 + EXTRA_CMSG_SPACE /* kernel appears to require extra buffer space */) control;
835 union sockaddr_union sa;
836 struct iovec iov;
837 struct msghdr mh = {
838 .msg_name = &sa.sa,
839 .msg_namelen = sizeof(sa),
840 .msg_iov = &iov,
841 .msg_iovlen = 1,
842 .msg_control = &control,
843 .msg_controllen = sizeof(control),
844 };
845 struct cmsghdr *cmsg;
846 ssize_t ms, l;
847 int r;
848
849 assert(m);
850 assert(fd >= 0);
851 assert(ret);
852
853 ms = next_datagram_size_fd(fd);
854 if (ms < 0)
855 return ms;
856
857 r = dns_packet_new(&p, protocol, ms, DNS_PACKET_SIZE_MAX);
858 if (r < 0)
859 return r;
860
861 iov = IOVEC_MAKE(DNS_PACKET_DATA(p), p->allocated);
862
863 l = recvmsg_safe(fd, &mh, 0);
864 if (ERRNO_IS_NEG_TRANSIENT(l))
865 return 0;
866 if (l <= 0)
867 return l;
868
869 assert(!(mh.msg_flags & MSG_TRUNC));
870
871 p->size = (size_t) l;
872
873 p->family = sa.sa.sa_family;
874 p->ipproto = IPPROTO_UDP;
875 if (p->family == AF_INET) {
876 p->sender.in = sa.in.sin_addr;
877 p->sender_port = be16toh(sa.in.sin_port);
878 } else if (p->family == AF_INET6) {
879 p->sender.in6 = sa.in6.sin6_addr;
880 p->sender_port = be16toh(sa.in6.sin6_port);
881 p->ifindex = sa.in6.sin6_scope_id;
882 } else
883 return -EAFNOSUPPORT;
884
885 p->timestamp = now(CLOCK_BOOTTIME);
886
887 CMSG_FOREACH(cmsg, &mh) {
888
889 if (cmsg->cmsg_level == IPPROTO_IPV6) {
890 assert(p->family == AF_INET6);
891
892 switch (cmsg->cmsg_type) {
893
894 case IPV6_PKTINFO: {
895 struct in6_pktinfo *i = CMSG_TYPED_DATA(cmsg, struct in6_pktinfo);
896
897 if (p->ifindex <= 0)
898 p->ifindex = i->ipi6_ifindex;
899
900 p->destination.in6 = i->ipi6_addr;
901 break;
902 }
903
904 case IPV6_HOPLIMIT:
905 p->ttl = *CMSG_TYPED_DATA(cmsg, int);
906 break;
907
908 case IPV6_RECVFRAGSIZE:
909 p->fragsize = *CMSG_TYPED_DATA(cmsg, int);
910 break;
911 }
912 } else if (cmsg->cmsg_level == IPPROTO_IP) {
913 assert(p->family == AF_INET);
914
915 switch (cmsg->cmsg_type) {
916
917 case IP_PKTINFO: {
918 struct in_pktinfo *i = CMSG_TYPED_DATA(cmsg, struct in_pktinfo);
919
920 if (p->ifindex <= 0)
921 p->ifindex = i->ipi_ifindex;
922
923 p->destination.in = i->ipi_addr;
924 break;
925 }
926
927 case IP_TTL:
928 p->ttl = *CMSG_TYPED_DATA(cmsg, int);
929 break;
930
931 case IP_RECVFRAGSIZE:
932 p->fragsize = *CMSG_TYPED_DATA(cmsg, int);
933 break;
934 }
935 }
936 }
937
938 /* The Linux kernel sets the interface index to the loopback
939 * device if the packet came from the local host since it
940 * avoids the routing table in such a case. Let's unset the
941 * interface index in such a case. */
942 if (p->ifindex == LOOPBACK_IFINDEX)
943 p->ifindex = 0;
944
945 if (protocol != DNS_PROTOCOL_DNS) {
946 /* If we don't know the interface index still, we look for the
947 * first local interface with a matching address. Yuck! */
948 if (p->ifindex <= 0)
949 p->ifindex = manager_find_ifindex(m, p->family, &p->destination);
950 }
951
952 log_debug("Received %s UDP packet of size %zu, ifindex=%i, ttl=%u, fragsize=%zu, sender=%s, destination=%s",
953 dns_protocol_to_string(protocol), p->size, p->ifindex, p->ttl, p->fragsize,
954 IN_ADDR_TO_STRING(p->family, &p->sender),
955 IN_ADDR_TO_STRING(p->family, &p->destination));
956
957 *ret = TAKE_PTR(p);
958 return 1;
959}
960
961int sendmsg_loop(int fd, struct msghdr *mh, int flags) {
962 usec_t end;
963 int r;
964
965 assert(fd >= 0);
966 assert(mh);
967
968 end = usec_add(now(CLOCK_MONOTONIC), SEND_TIMEOUT_USEC);
969
970 for (;;) {
971 if (sendmsg(fd, mh, flags) >= 0)
972 return 0;
973 if (errno == EINTR)
974 continue;
975 if (errno != EAGAIN)
976 return -errno;
977
978 r = fd_wait_for_event(fd, POLLOUT, LESS_BY(end, now(CLOCK_MONOTONIC)));
979 if (ERRNO_IS_NEG_TRANSIENT(r))
980 continue;
981 if (r < 0)
982 return r;
983 if (r == 0)
984 return -ETIMEDOUT;
985 }
986}
987
988static int write_loop(int fd, void *message, size_t length) {
989 usec_t end;
990 int r;
991
992 assert(fd >= 0);
993 assert(message);
994
995 end = usec_add(now(CLOCK_MONOTONIC), SEND_TIMEOUT_USEC);
996
997 for (;;) {
998 if (write(fd, message, length) >= 0)
999 return 0;
1000 if (errno == EINTR)
1001 continue;
1002 if (errno != EAGAIN)
1003 return -errno;
1004
1005 r = fd_wait_for_event(fd, POLLOUT, LESS_BY(end, now(CLOCK_MONOTONIC)));
1006 if (ERRNO_IS_NEG_TRANSIENT(r))
1007 continue;
1008 if (r < 0)
1009 return r;
1010 if (r == 0)
1011 return -ETIMEDOUT;
1012 }
1013}
1014
1015int manager_write(Manager *m, int fd, DnsPacket *p) {
1016 int r;
1017
1018 log_debug("Sending %s%s packet with id %" PRIu16 " of size %zu.",
1019 DNS_PACKET_TC(p) ? "truncated (!) " : "",
1020 DNS_PACKET_QR(p) ? "response" : "query",
1021 DNS_PACKET_ID(p),
1022 p->size);
1023
1024 r = write_loop(fd, DNS_PACKET_DATA(p), p->size);
1025 if (r < 0)
1026 return r;
1027
1028 return 0;
1029}
1030
1031static int manager_ipv4_send(
1032 Manager *m,
1033 int fd,
1034 int ifindex,
1035 const struct in_addr *destination,
1036 uint16_t port,
1037 const struct in_addr *source,
1038 DnsPacket *p) {
1039
1040 CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct in_pktinfo))) control = {};
1041 union sockaddr_union sa;
1042 struct iovec iov;
1043 struct msghdr mh = {
1044 .msg_iov = &iov,
1045 .msg_iovlen = 1,
1046 .msg_name = &sa.sa,
1047 .msg_namelen = sizeof(sa.in),
1048 };
1049
1050 assert(m);
1051 assert(fd >= 0);
1052 assert(destination);
1053 assert(port > 0);
1054 assert(p);
1055
1056 iov = IOVEC_MAKE(DNS_PACKET_DATA(p), p->size);
1057
1058 sa = (union sockaddr_union) {
1059 .in.sin_family = AF_INET,
1060 .in.sin_addr = *destination,
1061 .in.sin_port = htobe16(port),
1062 };
1063
1064 if (ifindex > 0) {
1065 struct cmsghdr *cmsg;
1066 struct in_pktinfo *pi;
1067
1068 mh.msg_control = &control;
1069 mh.msg_controllen = sizeof(control);
1070
1071 cmsg = CMSG_FIRSTHDR(&mh);
1072 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
1073 cmsg->cmsg_level = IPPROTO_IP;
1074 cmsg->cmsg_type = IP_PKTINFO;
1075
1076 pi = CMSG_TYPED_DATA(cmsg, struct in_pktinfo);
1077 pi->ipi_ifindex = ifindex;
1078
1079 if (source)
1080 pi->ipi_spec_dst = *source;
1081 }
1082
1083 return sendmsg_loop(fd, &mh, 0);
1084}
1085
1086static int manager_ipv6_send(
1087 Manager *m,
1088 int fd,
1089 int ifindex,
1090 const struct in6_addr *destination,
1091 uint16_t port,
1092 const struct in6_addr *source,
1093 DnsPacket *p) {
1094
1095 CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct in6_pktinfo))) control = {};
1096 union sockaddr_union sa;
1097 struct iovec iov;
1098 struct msghdr mh = {
1099 .msg_iov = &iov,
1100 .msg_iovlen = 1,
1101 .msg_name = &sa.sa,
1102 .msg_namelen = sizeof(sa.in6),
1103 };
1104
1105 assert(m);
1106 assert(fd >= 0);
1107 assert(destination);
1108 assert(port > 0);
1109 assert(p);
1110
1111 iov = IOVEC_MAKE(DNS_PACKET_DATA(p), p->size);
1112
1113 sa = (union sockaddr_union) {
1114 .in6.sin6_family = AF_INET6,
1115 .in6.sin6_addr = *destination,
1116 .in6.sin6_port = htobe16(port),
1117 .in6.sin6_scope_id = ifindex,
1118 };
1119
1120 if (ifindex > 0) {
1121 struct cmsghdr *cmsg;
1122 struct in6_pktinfo *pi;
1123
1124 mh.msg_control = &control;
1125 mh.msg_controllen = sizeof(control);
1126
1127 cmsg = CMSG_FIRSTHDR(&mh);
1128 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
1129 cmsg->cmsg_level = IPPROTO_IPV6;
1130 cmsg->cmsg_type = IPV6_PKTINFO;
1131
1132 pi = CMSG_TYPED_DATA(cmsg, struct in6_pktinfo);
1133 pi->ipi6_ifindex = ifindex;
1134
1135 if (source)
1136 pi->ipi6_addr = *source;
1137 }
1138
1139 return sendmsg_loop(fd, &mh, 0);
1140}
1141
1142static int dns_question_to_json(DnsQuestion *q, JsonVariant **ret) {
1143 _cleanup_(json_variant_unrefp) JsonVariant *l = NULL;
1144 DnsResourceKey *key;
1145 int r;
1146
1147 assert(ret);
1148
1149 DNS_QUESTION_FOREACH(key, q) {
1150 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
1151
1152 r = dns_resource_key_to_json(key, &v);
1153 if (r < 0)
1154 return r;
1155
1156 r = json_variant_append_array(&l, v);
1157 if (r < 0)
1158 return r;
1159 }
1160
1161 *ret = TAKE_PTR(l);
1162 return 0;
1163}
1164
1165int manager_monitor_send(Manager *m, DnsQuery *q) {
1166 _cleanup_(json_variant_unrefp) JsonVariant *jquestion = NULL, *jcollected_questions = NULL, *janswer = NULL;
1167 _cleanup_(dns_question_unrefp) DnsQuestion *merged = NULL;
1168 Varlink *connection;
1169 DnsAnswerItem *rri;
1170 int r;
1171
1172 assert(m);
1173
1174 if (set_isempty(m->varlink_subscription))
1175 return 0;
1176
1177 /* Merge all questions into one */
1178 r = dns_question_merge(q->question_idna, q->question_utf8, &merged);
1179 if (r < 0)
1180 return log_error_errno(r, "Failed to merge UTF8/IDNA questions: %m");
1181
1182 if (q->question_bypass) {
1183 _cleanup_(dns_question_unrefp) DnsQuestion *merged2 = NULL;
1184
1185 r = dns_question_merge(merged, q->question_bypass->question, &merged2);
1186 if (r < 0)
1187 return log_error_errno(r, "Failed to merge UTF8/IDNA questions and DNS packet question: %m");
1188
1189 dns_question_unref(merged);
1190 merged = TAKE_PTR(merged2);
1191 }
1192
1193 /* Convert the current primary question to JSON */
1194 r = dns_question_to_json(merged, &jquestion);
1195 if (r < 0)
1196 return log_error_errno(r, "Failed to convert question to JSON: %m");
1197
1198 /* Generate a JSON array of the questions preceding the current one in the CNAME chain */
1199 r = dns_question_to_json(q->collected_questions, &jcollected_questions);
1200 if (r < 0)
1201 return log_error_errno(r, "Failed to convert question to JSON: %m");
1202
1203 DNS_ANSWER_FOREACH_ITEM(rri, q->answer) {
1204 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
1205
1206 r = dns_resource_record_to_json(rri->rr, &v);
1207 if (r < 0)
1208 return log_error_errno(r, "Failed to convert answer resource record to JSON: %m");
1209
1210 r = dns_resource_record_to_wire_format(rri->rr, /* canonical= */ false); /* don't use DNSSEC canonical format, since it removes casing, but we want that for DNS_SD compat */
1211 if (r < 0)
1212 return log_error_errno(r, "Failed to generate RR wire format: %m");
1213
1214 r = json_variant_append_arrayb(
1215 &janswer,
1216 JSON_BUILD_OBJECT(
1217 JSON_BUILD_PAIR_CONDITION(v, "rr", JSON_BUILD_VARIANT(v)),
1218 JSON_BUILD_PAIR("raw", JSON_BUILD_BASE64(rri->rr->wire_format, rri->rr->wire_format_size)),
1219 JSON_BUILD_PAIR_CONDITION(rri->ifindex > 0, "ifindex", JSON_BUILD_INTEGER(rri->ifindex))));
1220 if (r < 0)
1221 return log_debug_errno(r, "Failed to append notification entry to array: %m");
1222 }
1223
1224 SET_FOREACH(connection, m->varlink_subscription) {
1225 r = varlink_notifyb(connection,
1226 JSON_BUILD_OBJECT(JSON_BUILD_PAIR("state", JSON_BUILD_STRING(dns_transaction_state_to_string(q->state))),
1227 JSON_BUILD_PAIR_CONDITION(q->state == DNS_TRANSACTION_DNSSEC_FAILED,
1228 "result", JSON_BUILD_STRING(dnssec_result_to_string(q->answer_dnssec_result))),
1229 JSON_BUILD_PAIR_CONDITION(q->state == DNS_TRANSACTION_RCODE_FAILURE,
1230 "rcode", JSON_BUILD_INTEGER(q->answer_rcode)),
1231 JSON_BUILD_PAIR_CONDITION(q->state == DNS_TRANSACTION_ERRNO,
1232 "errno", JSON_BUILD_INTEGER(q->answer_errno)),
1233 JSON_BUILD_PAIR_CONDITION(IN_SET(q->state,
1234 DNS_TRANSACTION_DNSSEC_FAILED,
1235 DNS_TRANSACTION_RCODE_FAILURE) &&
1236 q->answer_ede_rcode >= 0,
1237 "extendedDNSErrorCode", JSON_BUILD_INTEGER(q->answer_ede_rcode)),
1238 JSON_BUILD_PAIR_CONDITION(IN_SET(q->state,
1239 DNS_TRANSACTION_DNSSEC_FAILED,
1240 DNS_TRANSACTION_RCODE_FAILURE) &&
1241 q->answer_ede_rcode >= 0 && !isempty(q->answer_ede_msg),
1242 "extendedDNSErrorMessage", JSON_BUILD_STRING(q->answer_ede_msg)),
1243 JSON_BUILD_PAIR("question", JSON_BUILD_VARIANT(jquestion)),
1244 JSON_BUILD_PAIR_CONDITION(jcollected_questions,
1245 "collectedQuestions", JSON_BUILD_VARIANT(jcollected_questions)),
1246 JSON_BUILD_PAIR_CONDITION(janswer,
1247 "answer", JSON_BUILD_VARIANT(janswer))));
1248 if (r < 0)
1249 log_debug_errno(r, "Failed to send monitor event, ignoring: %m");
1250 }
1251
1252 return 0;
1253}
1254
1255int manager_send(
1256 Manager *m,
1257 int fd,
1258 int ifindex,
1259 int family,
1260 const union in_addr_union *destination,
1261 uint16_t port,
1262 const union in_addr_union *source,
1263 DnsPacket *p) {
1264
1265 assert(m);
1266 assert(fd >= 0);
1267 assert(destination);
1268 assert(port > 0);
1269 assert(p);
1270
1271 /* For mDNS, it is natural that the packet have truncated flag when we have many known answers. */
1272 bool truncated = DNS_PACKET_TC(p) && (p->protocol != DNS_PROTOCOL_MDNS || !p->more);
1273
1274 log_debug("Sending %s%s packet with id %" PRIu16 " on interface %i/%s of size %zu.",
1275 truncated ? "truncated (!) " : "",
1276 DNS_PACKET_QR(p) ? "response" : "query",
1277 DNS_PACKET_ID(p),
1278 ifindex, af_to_name(family),
1279 p->size);
1280
1281 if (family == AF_INET)
1282 return manager_ipv4_send(m, fd, ifindex, &destination->in, port, source ? &source->in : NULL, p);
1283 if (family == AF_INET6)
1284 return manager_ipv6_send(m, fd, ifindex, &destination->in6, port, source ? &source->in6 : NULL, p);
1285
1286 return -EAFNOSUPPORT;
1287}
1288
1289uint32_t manager_find_mtu(Manager *m) {
1290 uint32_t mtu = 0;
1291 Link *l;
1292
1293 /* If we don't know on which link a DNS packet would be delivered, let's find the largest MTU that
1294 * works on all interfaces we know of that have an IP address associated */
1295
1296 HASHMAP_FOREACH(l, m->links) {
1297 /* Let's filter out links without IP addresses (e.g. AF_CAN links and suchlike) */
1298 if (!l->addresses)
1299 continue;
1300
1301 /* Safety check: MTU shorter than what we need for the absolutely shortest DNS request? Then
1302 * let's ignore this link. */
1303 if (l->mtu < MIN(UDP4_PACKET_HEADER_SIZE + DNS_PACKET_HEADER_SIZE,
1304 UDP6_PACKET_HEADER_SIZE + DNS_PACKET_HEADER_SIZE))
1305 continue;
1306
1307 if (mtu <= 0 || l->mtu < mtu)
1308 mtu = l->mtu;
1309 }
1310
1311 if (mtu == 0) /* found nothing? then let's assume the typical Ethernet MTU for lack of anything more precise */
1312 return 1500;
1313
1314 return mtu;
1315}
1316
1317int manager_find_ifindex(Manager *m, int family, const union in_addr_union *in_addr) {
1318 LinkAddress *a;
1319
1320 assert(m);
1321
1322 if (!IN_SET(family, AF_INET, AF_INET6))
1323 return 0;
1324
1325 if (!in_addr)
1326 return 0;
1327
1328 a = manager_find_link_address(m, family, in_addr);
1329 if (a)
1330 return a->link->ifindex;
1331
1332 return 0;
1333}
1334
1335void manager_refresh_rrs(Manager *m) {
1336 Link *l;
1337 DnssdService *s;
1338
1339 assert(m);
1340
1341 m->llmnr_host_ipv4_key = dns_resource_key_unref(m->llmnr_host_ipv4_key);
1342 m->llmnr_host_ipv6_key = dns_resource_key_unref(m->llmnr_host_ipv6_key);
1343 m->mdns_host_ipv4_key = dns_resource_key_unref(m->mdns_host_ipv4_key);
1344 m->mdns_host_ipv6_key = dns_resource_key_unref(m->mdns_host_ipv6_key);
1345
1346 HASHMAP_FOREACH(l, m->links)
1347 link_add_rrs(l, true);
1348
1349 if (m->mdns_support == RESOLVE_SUPPORT_YES)
1350 HASHMAP_FOREACH(s, m->dnssd_services)
1351 if (dnssd_update_rrs(s) < 0)
1352 log_warning("Failed to refresh DNS-SD service '%s'", s->id);
1353
1354 HASHMAP_FOREACH(l, m->links)
1355 link_add_rrs(l, false);
1356}
1357
1358static int manager_next_random_name(const char *old, char **ret_new) {
1359 const char *p;
1360 uint64_t u, a;
1361 char *n;
1362
1363 p = strchr(old, 0);
1364 assert(p);
1365
1366 while (p > old) {
1367 if (!ascii_isdigit(p[-1]))
1368 break;
1369
1370 p--;
1371 }
1372
1373 if (*p == 0 || safe_atou64(p, &u) < 0 || u <= 0)
1374 u = 1;
1375
1376 /* Add a random number to the old value. This way we can avoid
1377 * that two hosts pick the same hostname, win on IPv4 and lose
1378 * on IPv6 (or vice versa), and pick the same hostname
1379 * replacement hostname, ad infinitum. We still want the
1380 * numbers to go up monotonically, hence we just add a random
1381 * value 1..10 */
1382
1383 random_bytes(&a, sizeof(a));
1384 u += 1 + a % 10;
1385
1386 if (asprintf(&n, "%.*s%" PRIu64, (int) (p - old), old, u) < 0)
1387 return -ENOMEM;
1388
1389 *ret_new = n;
1390
1391 return 0;
1392}
1393
1394int manager_next_hostname(Manager *m) {
1395 _cleanup_free_ char *h = NULL, *k = NULL;
1396 int r;
1397
1398 assert(m);
1399
1400 r = manager_next_random_name(m->llmnr_hostname, &h);
1401 if (r < 0)
1402 return r;
1403
1404 r = dns_name_concat(h, "local", 0, &k);
1405 if (r < 0)
1406 return r;
1407
1408 log_info("Hostname conflict, changing published hostname from '%s' to '%s'.", m->llmnr_hostname, h);
1409
1410 free_and_replace(m->llmnr_hostname, h);
1411 free_and_replace(m->mdns_hostname, k);
1412
1413 manager_refresh_rrs(m);
1414 (void) manager_send_changed(m, "LLMNRHostname");
1415
1416 return 0;
1417}
1418
1419LinkAddress* manager_find_link_address(Manager *m, int family, const union in_addr_union *in_addr) {
1420 Link *l;
1421
1422 assert(m);
1423
1424 if (!IN_SET(family, AF_INET, AF_INET6))
1425 return NULL;
1426
1427 if (!in_addr)
1428 return NULL;
1429
1430 HASHMAP_FOREACH(l, m->links) {
1431 LinkAddress *a;
1432
1433 a = link_find_address(l, family, in_addr);
1434 if (a)
1435 return a;
1436 }
1437
1438 return NULL;
1439}
1440
1441bool manager_packet_from_local_address(Manager *m, DnsPacket *p) {
1442 assert(m);
1443 assert(p);
1444
1445 /* Let's see if this packet comes from an IP address we have on any local interface */
1446
1447 return !!manager_find_link_address(m, p->family, &p->sender);
1448}
1449
1450bool manager_packet_from_our_transaction(Manager *m, DnsPacket *p) {
1451 DnsTransaction *t;
1452
1453 assert(m);
1454 assert(p);
1455
1456 /* Let's see if we have a transaction with a query message with the exact same binary contents as the
1457 * one we just got. If so, it's almost definitely a packet loop of some kind. */
1458
1459 t = hashmap_get(m->dns_transactions, UINT_TO_PTR(DNS_PACKET_ID(p)));
1460 if (!t)
1461 return false;
1462
1463 return t->sent && dns_packet_equal(t->sent, p);
1464}
1465
1466DnsScope* manager_find_scope(Manager *m, DnsPacket *p) {
1467 Link *l;
1468
1469 assert(m);
1470 assert(p);
1471
1472 l = hashmap_get(m->links, INT_TO_PTR(p->ifindex));
1473 if (!l)
1474 return NULL;
1475
1476 switch (p->protocol) {
1477 case DNS_PROTOCOL_LLMNR:
1478 if (p->family == AF_INET)
1479 return l->llmnr_ipv4_scope;
1480 else if (p->family == AF_INET6)
1481 return l->llmnr_ipv6_scope;
1482
1483 break;
1484
1485 case DNS_PROTOCOL_MDNS:
1486 if (p->family == AF_INET)
1487 return l->mdns_ipv4_scope;
1488 else if (p->family == AF_INET6)
1489 return l->mdns_ipv6_scope;
1490
1491 break;
1492
1493 default:
1494 break;
1495 }
1496
1497 return NULL;
1498}
1499
1500void manager_verify_all(Manager *m) {
1501 assert(m);
1502
1503 LIST_FOREACH(scopes, s, m->dns_scopes)
1504 dns_zone_verify_all(&s->zone);
1505}
1506
1507int manager_is_own_hostname(Manager *m, const char *name) {
1508 int r;
1509
1510 assert(m);
1511 assert(name);
1512
1513 if (m->llmnr_hostname) {
1514 r = dns_name_equal(name, m->llmnr_hostname);
1515 if (r != 0)
1516 return r;
1517 }
1518
1519 if (m->mdns_hostname) {
1520 r = dns_name_equal(name, m->mdns_hostname);
1521 if (r != 0)
1522 return r;
1523 }
1524
1525 if (m->full_hostname)
1526 return dns_name_equal(name, m->full_hostname);
1527
1528 return 0;
1529}
1530
1531int manager_compile_dns_servers(Manager *m, OrderedSet **dns) {
1532 Link *l;
1533 int r;
1534
1535 assert(m);
1536 assert(dns);
1537
1538 r = ordered_set_ensure_allocated(dns, &dns_server_hash_ops);
1539 if (r < 0)
1540 return r;
1541
1542 /* First add the system-wide servers and domains */
1543 LIST_FOREACH(servers, s, m->dns_servers) {
1544 r = ordered_set_put(*dns, s);
1545 if (r == -EEXIST)
1546 continue;
1547 if (r < 0)
1548 return r;
1549 }
1550
1551 /* Then, add the per-link servers */
1552 HASHMAP_FOREACH(l, m->links) {
1553 LIST_FOREACH(servers, s, l->dns_servers) {
1554 r = ordered_set_put(*dns, s);
1555 if (r == -EEXIST)
1556 continue;
1557 if (r < 0)
1558 return r;
1559 }
1560 }
1561
1562 /* If we found nothing, add the fallback servers */
1563 if (ordered_set_isempty(*dns)) {
1564 LIST_FOREACH(servers, s, m->fallback_dns_servers) {
1565 r = ordered_set_put(*dns, s);
1566 if (r == -EEXIST)
1567 continue;
1568 if (r < 0)
1569 return r;
1570 }
1571 }
1572
1573 return 0;
1574}
1575
1576/* filter_route is a tri-state:
1577 * < 0: no filtering
1578 * = 0 or false: return only domains which should be used for searching
1579 * > 0 or true: return only domains which are for routing only
1580 */
1581int manager_compile_search_domains(Manager *m, OrderedSet **domains, int filter_route) {
1582 Link *l;
1583 int r;
1584
1585 assert(m);
1586 assert(domains);
1587
1588 r = ordered_set_ensure_allocated(domains, &dns_name_hash_ops);
1589 if (r < 0)
1590 return r;
1591
1592 LIST_FOREACH(domains, d, m->search_domains) {
1593
1594 if (filter_route >= 0 &&
1595 d->route_only != !!filter_route)
1596 continue;
1597
1598 r = ordered_set_put(*domains, d->name);
1599 if (r == -EEXIST)
1600 continue;
1601 if (r < 0)
1602 return r;
1603 }
1604
1605 HASHMAP_FOREACH(l, m->links) {
1606
1607 LIST_FOREACH(domains, d, l->search_domains) {
1608
1609 if (filter_route >= 0 &&
1610 d->route_only != !!filter_route)
1611 continue;
1612
1613 r = ordered_set_put(*domains, d->name);
1614 if (r == -EEXIST)
1615 continue;
1616 if (r < 0)
1617 return r;
1618 }
1619 }
1620
1621 return 0;
1622}
1623
1624DnssecMode manager_get_dnssec_mode(Manager *m) {
1625 assert(m);
1626
1627 if (m->dnssec_mode != _DNSSEC_MODE_INVALID)
1628 return m->dnssec_mode;
1629
1630 return DNSSEC_NO;
1631}
1632
1633bool manager_dnssec_supported(Manager *m) {
1634 DnsServer *server;
1635 Link *l;
1636
1637 assert(m);
1638
1639 if (manager_get_dnssec_mode(m) == DNSSEC_NO)
1640 return false;
1641
1642 server = manager_get_dns_server(m);
1643 if (server && !dns_server_dnssec_supported(server))
1644 return false;
1645
1646 HASHMAP_FOREACH(l, m->links)
1647 if (!link_dnssec_supported(l))
1648 return false;
1649
1650 return true;
1651}
1652
1653DnsOverTlsMode manager_get_dns_over_tls_mode(Manager *m) {
1654 assert(m);
1655
1656 if (m->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
1657 return m->dns_over_tls_mode;
1658
1659 return DNS_OVER_TLS_NO;
1660}
1661
1662void manager_dnssec_verdict(Manager *m, DnssecVerdict verdict, const DnsResourceKey *key) {
1663
1664 assert(verdict >= 0);
1665 assert(verdict < _DNSSEC_VERDICT_MAX);
1666
1667 if (DEBUG_LOGGING) {
1668 char s[DNS_RESOURCE_KEY_STRING_MAX];
1669
1670 log_debug("Found verdict for lookup %s: %s",
1671 dns_resource_key_to_string(key, s, sizeof s),
1672 dnssec_verdict_to_string(verdict));
1673 }
1674
1675 m->n_dnssec_verdict[verdict]++;
1676}
1677
1678bool manager_routable(Manager *m) {
1679 Link *l;
1680
1681 assert(m);
1682
1683 /* Returns true if the host has at least one interface with a routable address (regardless if IPv4 or IPv6) */
1684
1685 HASHMAP_FOREACH(l, m->links)
1686 if (link_relevant(l, AF_UNSPEC, false))
1687 return true;
1688
1689 return false;
1690}
1691
1692void manager_flush_caches(Manager *m, int log_level) {
1693 assert(m);
1694
1695 LIST_FOREACH(scopes, scope, m->dns_scopes)
1696 dns_cache_flush(&scope->cache);
1697
1698 log_full(log_level, "Flushed all caches.");
1699}
1700
1701void manager_reset_server_features(Manager *m) {
1702 Link *l;
1703
1704 dns_server_reset_features_all(m->dns_servers);
1705 dns_server_reset_features_all(m->fallback_dns_servers);
1706
1707 HASHMAP_FOREACH(l, m->links)
1708 dns_server_reset_features_all(l->dns_servers);
1709
1710 log_info("Resetting learnt feature levels on all servers.");
1711}
1712
1713void manager_cleanup_saved_user(Manager *m) {
1714 _cleanup_closedir_ DIR *d = NULL;
1715
1716 assert(m);
1717
1718 /* Clean up all saved per-link files in /run/systemd/resolve/netif/ that don't have a matching interface
1719 * anymore. These files are created to persist settings pushed in by the user via the bus, so that resolved can
1720 * be restarted without losing this data. */
1721
1722 d = opendir("/run/systemd/resolve/netif/");
1723 if (!d) {
1724 if (errno == ENOENT)
1725 return;
1726
1727 log_warning_errno(errno, "Failed to open interface directory: %m");
1728 return;
1729 }
1730
1731 FOREACH_DIRENT_ALL(de, d, log_error_errno(errno, "Failed to read interface directory: %m")) {
1732 _cleanup_free_ char *p = NULL;
1733 int ifindex;
1734 Link *l;
1735
1736 if (!IN_SET(de->d_type, DT_UNKNOWN, DT_REG))
1737 continue;
1738
1739 if (dot_or_dot_dot(de->d_name))
1740 continue;
1741
1742 ifindex = parse_ifindex(de->d_name);
1743 if (ifindex < 0) /* Probably some temporary file from a previous run. Delete it */
1744 goto rm;
1745
1746 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
1747 if (!l) /* link vanished */
1748 goto rm;
1749
1750 if (l->is_managed) /* now managed by networkd, hence the bus settings are useless */
1751 goto rm;
1752
1753 continue;
1754
1755 rm:
1756 p = path_join("/run/systemd/resolve/netif", de->d_name);
1757 if (!p) {
1758 log_oom();
1759 return;
1760 }
1761
1762 (void) unlink(p);
1763 }
1764}
1765
1766bool manager_next_dnssd_names(Manager *m) {
1767 DnssdService *s;
1768 bool tried = false;
1769 int r;
1770
1771 assert(m);
1772
1773 HASHMAP_FOREACH(s, m->dnssd_services) {
1774 _cleanup_free_ char * new_name = NULL;
1775
1776 if (!s->withdrawn)
1777 continue;
1778
1779 r = manager_next_random_name(s->name_template, &new_name);
1780 if (r < 0) {
1781 log_warning_errno(r, "Failed to get new name for service '%s': %m", s->id);
1782 continue;
1783 }
1784
1785 free_and_replace(s->name_template, new_name);
1786
1787 s->withdrawn = false;
1788
1789 tried = true;
1790 }
1791
1792 if (tried)
1793 manager_refresh_rrs(m);
1794
1795 return tried;
1796}
1797
1798bool manager_server_is_stub(Manager *m, DnsServer *s) {
1799 DnsStubListenerExtra *l;
1800
1801 assert(m);
1802 assert(s);
1803
1804 /* Safety check: we generally already skip the main stub when parsing configuration. But let's be
1805 * extra careful, and check here again */
1806 if (s->family == AF_INET &&
1807 s->address.in.s_addr == htobe32(INADDR_DNS_STUB) &&
1808 dns_server_port(s) == 53)
1809 return true;
1810
1811 /* Main reason to call this is to check server data against the extra listeners, and filter things
1812 * out. */
1813 ORDERED_SET_FOREACH(l, m->dns_extra_stub_listeners)
1814 if (s->family == l->family &&
1815 in_addr_equal(s->family, &s->address, &l->address) &&
1816 dns_server_port(s) == dns_stub_listener_extra_port(l))
1817 return true;
1818
1819 return false;
1820}
1821
1822int socket_disable_pmtud(int fd, int af) {
1823 int r;
1824
1825 assert(fd >= 0);
1826
1827 if (af == AF_UNSPEC) {
1828 af = socket_get_family(fd);
1829 if (af < 0)
1830 return af;
1831 }
1832
1833 switch (af) {
1834
1835 case AF_INET: {
1836 /* Turn off path MTU discovery, let's rather fragment on the way than to open us up against
1837 * PMTU forgery vulnerabilities.
1838 *
1839 * There appears to be no documentation about IP_PMTUDISC_OMIT, but it has the effect that
1840 * the "Don't Fragment" bit in the IPv4 header is turned off, thus enforcing fragmentation if
1841 * our datagram size exceeds the MTU of a router in the path, and turning off path MTU
1842 * discovery.
1843 *
1844 * This helps mitigating the PMTUD vulnerability described here:
1845 *
1846 * https://blog.apnic.net/2019/07/12/its-time-to-consider-avoiding-ip-fragmentation-in-the-dns/
1847 *
1848 * Similar logic is in place in most DNS servers.
1849 *
1850 * There are multiple conflicting goals: we want to allow the largest datagrams possible (for
1851 * efficiency reasons), but not have fragmentation (for security reasons), nor use PMTUD (for
1852 * security reasons, too). Our strategy to deal with this is: use large packets, turn off
1853 * PMTUD, but watch fragmentation taking place, and then size our packets to the max of the
1854 * fragments seen — and if we need larger packets always go to TCP.
1855 */
1856
1857 r = setsockopt_int(fd, IPPROTO_IP, IP_MTU_DISCOVER, IP_PMTUDISC_OMIT);
1858 if (r < 0)
1859 return r;
1860
1861 return 0;
1862 }
1863
1864 case AF_INET6: {
1865 /* On IPv6 fragmentation only is done by the sender — never by routers on the path. PMTUD is
1866 * mandatory. If we want to turn off PMTUD, the only way is by sending with minimal MTU only,
1867 * so that we apply maximum fragmentation locally already, and thus PMTUD doesn't happen
1868 * because there's nothing that could be fragmented further anymore. */
1869
1870 r = setsockopt_int(fd, IPPROTO_IPV6, IPV6_MTU, IPV6_MIN_MTU);
1871 if (r < 0)
1872 return r;
1873
1874 return 0;
1875 }
1876
1877 default:
1878 return -EAFNOSUPPORT;
1879 }
1880}
1881
1882int dns_manager_dump_statistics_json(Manager *m, JsonVariant **ret) {
1883 uint64_t size = 0, hit = 0, miss = 0;
1884
1885 assert(m);
1886 assert(ret);
1887
1888 LIST_FOREACH(scopes, s, m->dns_scopes) {
1889 size += dns_cache_size(&s->cache);
1890 hit += s->cache.n_hit;
1891 miss += s->cache.n_miss;
1892 }
1893
1894 return json_build(ret,
1895 JSON_BUILD_OBJECT(
1896 JSON_BUILD_PAIR("transactions", JSON_BUILD_OBJECT(
1897 JSON_BUILD_PAIR_UNSIGNED("currentTransactions", hashmap_size(m->dns_transactions)),
1898 JSON_BUILD_PAIR_UNSIGNED("totalTransactions", m->n_transactions_total),
1899 JSON_BUILD_PAIR_UNSIGNED("totalTimeouts", m->n_timeouts_total),
1900 JSON_BUILD_PAIR_UNSIGNED("totalTimeoutsServedStale", m->n_timeouts_served_stale_total),
1901 JSON_BUILD_PAIR_UNSIGNED("totalFailedResponses", m->n_failure_responses_total),
1902 JSON_BUILD_PAIR_UNSIGNED("totalFailedResponsesServedStale", m->n_failure_responses_served_stale_total)
1903 )),
1904 JSON_BUILD_PAIR("cache", JSON_BUILD_OBJECT(
1905 JSON_BUILD_PAIR_UNSIGNED("size", size),
1906 JSON_BUILD_PAIR_UNSIGNED("hits", hit),
1907 JSON_BUILD_PAIR_UNSIGNED("misses", miss)
1908 )),
1909 JSON_BUILD_PAIR("dnssec", JSON_BUILD_OBJECT(
1910 JSON_BUILD_PAIR_UNSIGNED("secure", m->n_dnssec_verdict[DNSSEC_SECURE]),
1911 JSON_BUILD_PAIR_UNSIGNED("insecure", m->n_dnssec_verdict[DNSSEC_INSECURE]),
1912 JSON_BUILD_PAIR_UNSIGNED("bogus", m->n_dnssec_verdict[DNSSEC_BOGUS]),
1913 JSON_BUILD_PAIR_UNSIGNED("indeterminate", m->n_dnssec_verdict[DNSSEC_INDETERMINATE])
1914 ))));
1915}
1916
1917void dns_manager_reset_statistics(Manager *m) {
1918
1919 assert(m);
1920
1921 LIST_FOREACH(scopes, s, m->dns_scopes)
1922 s->cache.n_hit = s->cache.n_miss = 0;
1923
1924 m->n_transactions_total = 0;
1925 m->n_timeouts_total = 0;
1926 m->n_timeouts_served_stale_total = 0;
1927 m->n_failure_responses_total = 0;
1928 m->n_failure_responses_served_stale_total = 0;
1929 zero(m->n_dnssec_verdict);
1930}
Unnamed repository; edit this file 'description' to name the repository.