1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2014 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 #include <netinet/tcp.h>
25 #include "alloc-util.h"
26 #include "dns-domain.h"
28 #include "hostname-util.h"
30 #include "random-util.h"
31 #include "resolved-dns-scope.h"
32 #include "resolved-llmnr.h"
33 #include "socket-util.h"
36 #define MULTICAST_RATELIMIT_INTERVAL_USEC (1*USEC_PER_SEC)
37 #define MULTICAST_RATELIMIT_BURST 1000
39 /* After how much time to repeat LLMNR requests, see RFC 4795 Section 7 */
40 #define MULTICAST_RESEND_TIMEOUT_MIN_USEC (100 * USEC_PER_MSEC)
41 #define MULTICAST_RESEND_TIMEOUT_MAX_USEC (1 * USEC_PER_SEC)
43 int dns_scope_new(Manager
*m
, DnsScope
**ret
, Link
*l
, DnsProtocol protocol
, int family
) {
49 s
= new0(DnsScope
, 1);
55 s
->protocol
= protocol
;
57 s
->resend_timeout
= MULTICAST_RESEND_TIMEOUT_MIN_USEC
;
59 LIST_PREPEND(scopes
, m
->dns_scopes
, s
);
61 dns_scope_llmnr_membership(s
, true);
63 log_debug("New scope on link %s, protocol %s, family %s", l
? l
->name
: "*", dns_protocol_to_string(protocol
), family
== AF_UNSPEC
? "*" : af_to_name(family
));
65 /* Enforce ratelimiting for the multicast protocols */
66 RATELIMIT_INIT(s
->ratelimit
, MULTICAST_RATELIMIT_INTERVAL_USEC
, MULTICAST_RATELIMIT_BURST
);
72 static void dns_scope_abort_transactions(DnsScope
*s
) {
75 while (s
->transactions
) {
76 DnsTransaction
*t
= s
->transactions
;
78 /* Abort the transaction, but make sure it is not
79 * freed while we still look at it */
82 dns_transaction_complete(t
, DNS_TRANSACTION_ABORTED
);
85 dns_transaction_free(t
);
89 DnsScope
* dns_scope_free(DnsScope
*s
) {
90 DnsResourceRecord
*rr
;
95 log_debug("Removing scope on link %s, protocol %s, family %s", s
->link
? s
->link
->name
: "*", dns_protocol_to_string(s
->protocol
), s
->family
== AF_UNSPEC
? "*" : af_to_name(s
->family
));
97 dns_scope_llmnr_membership(s
, false);
98 dns_scope_abort_transactions(s
);
100 while (s
->query_candidates
)
101 dns_query_candidate_free(s
->query_candidates
);
103 hashmap_free(s
->transactions_by_key
);
105 while ((rr
= ordered_hashmap_steal_first(s
->conflict_queue
)))
106 dns_resource_record_unref(rr
);
108 ordered_hashmap_free(s
->conflict_queue
);
109 sd_event_source_unref(s
->conflict_event_source
);
111 dns_cache_flush(&s
->cache
);
112 dns_zone_flush(&s
->zone
);
114 LIST_REMOVE(scopes
, s
->manager
->dns_scopes
, s
);
120 DnsServer
*dns_scope_get_dns_server(DnsScope
*s
) {
123 if (s
->protocol
!= DNS_PROTOCOL_DNS
)
127 return link_get_dns_server(s
->link
);
129 return manager_get_dns_server(s
->manager
);
132 void dns_scope_next_dns_server(DnsScope
*s
) {
135 if (s
->protocol
!= DNS_PROTOCOL_DNS
)
139 link_next_dns_server(s
->link
);
141 manager_next_dns_server(s
->manager
);
144 void dns_scope_packet_received(DnsScope
*s
, usec_t rtt
) {
147 if (rtt
<= s
->max_rtt
)
151 s
->resend_timeout
= MIN(MAX(MULTICAST_RESEND_TIMEOUT_MIN_USEC
, s
->max_rtt
* 2), MULTICAST_RESEND_TIMEOUT_MAX_USEC
);
154 void dns_scope_packet_lost(DnsScope
*s
, usec_t usec
) {
157 if (s
->resend_timeout
<= usec
)
158 s
->resend_timeout
= MIN(s
->resend_timeout
* 2, MULTICAST_RESEND_TIMEOUT_MAX_USEC
);
161 int dns_scope_emit(DnsScope
*s
, int fd
, DnsServer
*server
, DnsPacket
*p
) {
162 union in_addr_union addr
;
167 size_t saved_size
= 0;
171 assert(p
->protocol
== s
->protocol
);
172 assert((s
->protocol
== DNS_PROTOCOL_DNS
) != (fd
< 0));
176 ifindex
= s
->link
->ifindex
;
178 mtu
= manager_find_mtu(s
->manager
);
180 switch (s
->protocol
) {
181 case DNS_PROTOCOL_DNS
:
184 if (DNS_PACKET_QDCOUNT(p
) > 1)
187 if (server
->possible_features
>= DNS_SERVER_FEATURE_LEVEL_EDNS0
) {
191 edns_do
= server
->possible_features
>= DNS_SERVER_FEATURE_LEVEL_DO
;
193 if (server
->possible_features
>= DNS_SERVER_FEATURE_LEVEL_LARGE
)
194 packet_size
= DNS_PACKET_UNICAST_SIZE_LARGE_MAX
;
196 packet_size
= server
->received_udp_packet_max
;
198 r
= dns_packet_append_opt_rr(p
, packet_size
, edns_do
, &saved_size
);
202 DNS_PACKET_HEADER(p
)->arcount
= htobe16(be16toh(DNS_PACKET_HEADER(p
)->arcount
) + 1);
205 if (p
->size
> DNS_PACKET_UNICAST_SIZE_MAX
)
208 if (p
->size
+ UDP_PACKET_HEADER_SIZE
> mtu
)
211 r
= manager_write(s
->manager
, fd
, p
);
215 if (saved_size
> 0) {
216 dns_packet_truncate(p
, saved_size
);
218 DNS_PACKET_HEADER(p
)->arcount
= htobe16(be16toh(DNS_PACKET_HEADER(p
)->arcount
) - 1);
223 case DNS_PROTOCOL_LLMNR
:
224 if (DNS_PACKET_QDCOUNT(p
) > 1)
227 if (!ratelimit_test(&s
->ratelimit
))
233 if (family
== AF_INET
) {
234 addr
.in
= LLMNR_MULTICAST_IPV4_ADDRESS
;
235 fd
= manager_llmnr_ipv4_udp_fd(s
->manager
);
236 } else if (family
== AF_INET6
) {
237 addr
.in6
= LLMNR_MULTICAST_IPV6_ADDRESS
;
238 fd
= manager_llmnr_ipv6_udp_fd(s
->manager
);
240 return -EAFNOSUPPORT
;
244 r
= manager_send(s
->manager
, fd
, ifindex
, family
, &addr
, port
, p
);
251 return -EAFNOSUPPORT
;
257 static int dns_scope_socket(DnsScope
*s
, int type
, int family
, const union in_addr_union
*address
, uint16_t port
, DnsServer
**server
) {
258 DnsServer
*srv
= NULL
;
259 _cleanup_close_
int fd
= -1;
260 union sockaddr_union sa
= {};
262 static const int one
= 1;
266 assert((family
== AF_UNSPEC
) == !address
);
268 if (family
== AF_UNSPEC
) {
269 srv
= dns_scope_get_dns_server(s
);
273 srv
->possible_features
= dns_server_possible_features(srv
);
275 if (type
== SOCK_DGRAM
&& srv
->possible_features
< DNS_SERVER_FEATURE_LEVEL_UDP
)
278 sa
.sa
.sa_family
= srv
->family
;
279 if (srv
->family
== AF_INET
) {
280 sa
.in
.sin_port
= htobe16(port
);
281 sa
.in
.sin_addr
= srv
->address
.in
;
282 salen
= sizeof(sa
.in
);
283 } else if (srv
->family
== AF_INET6
) {
284 sa
.in6
.sin6_port
= htobe16(port
);
285 sa
.in6
.sin6_addr
= srv
->address
.in6
;
286 sa
.in6
.sin6_scope_id
= s
->link
? s
->link
->ifindex
: 0;
287 salen
= sizeof(sa
.in6
);
289 return -EAFNOSUPPORT
;
291 sa
.sa
.sa_family
= family
;
293 if (family
== AF_INET
) {
294 sa
.in
.sin_port
= htobe16(port
);
295 sa
.in
.sin_addr
= address
->in
;
296 salen
= sizeof(sa
.in
);
297 } else if (family
== AF_INET6
) {
298 sa
.in6
.sin6_port
= htobe16(port
);
299 sa
.in6
.sin6_addr
= address
->in6
;
300 sa
.in6
.sin6_scope_id
= s
->link
? s
->link
->ifindex
: 0;
301 salen
= sizeof(sa
.in6
);
303 return -EAFNOSUPPORT
;
306 fd
= socket(sa
.sa
.sa_family
, type
|SOCK_CLOEXEC
|SOCK_NONBLOCK
, 0);
310 if (type
== SOCK_STREAM
) {
311 r
= setsockopt(fd
, IPPROTO_TCP
, TCP_NODELAY
, &one
, sizeof(one
));
317 uint32_t ifindex
= htobe32(s
->link
->ifindex
);
319 if (sa
.sa
.sa_family
== AF_INET
) {
320 r
= setsockopt(fd
, IPPROTO_IP
, IP_UNICAST_IF
, &ifindex
, sizeof(ifindex
));
323 } else if (sa
.sa
.sa_family
== AF_INET6
) {
324 r
= setsockopt(fd
, IPPROTO_IPV6
, IPV6_UNICAST_IF
, &ifindex
, sizeof(ifindex
));
330 if (s
->protocol
== DNS_PROTOCOL_LLMNR
) {
331 /* RFC 4795, section 2.5 requires the TTL to be set to 1 */
333 if (sa
.sa
.sa_family
== AF_INET
) {
334 r
= setsockopt(fd
, IPPROTO_IP
, IP_TTL
, &one
, sizeof(one
));
337 } else if (sa
.sa
.sa_family
== AF_INET6
) {
338 r
= setsockopt(fd
, IPPROTO_IPV6
, IPV6_UNICAST_HOPS
, &one
, sizeof(one
));
344 r
= connect(fd
, &sa
.sa
, salen
);
345 if (r
< 0 && errno
!= EINPROGRESS
)
357 int dns_scope_udp_dns_socket(DnsScope
*s
, DnsServer
**server
) {
358 return dns_scope_socket(s
, SOCK_DGRAM
, AF_UNSPEC
, NULL
, 53, server
);
361 int dns_scope_tcp_socket(DnsScope
*s
, int family
, const union in_addr_union
*address
, uint16_t port
, DnsServer
**server
) {
362 return dns_scope_socket(s
, SOCK_STREAM
, family
, address
, port
, server
);
365 DnsScopeMatch
dns_scope_good_domain(DnsScope
*s
, int ifindex
, uint64_t flags
, const char *domain
) {
371 if (ifindex
!= 0 && (!s
->link
|| s
->link
->ifindex
!= ifindex
))
374 if ((SD_RESOLVED_FLAGS_MAKE(s
->protocol
, s
->family
) & flags
) == 0)
377 if (dns_name_is_root(domain
))
380 /* Never resolve any loopback hostname or IP address via DNS,
381 * LLMNR or mDNS. Instead, always rely on synthesized RRs for
383 if (is_localhost(domain
) ||
384 dns_name_endswith(domain
, "127.in-addr.arpa") > 0 ||
385 dns_name_equal(domain
, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa") > 0)
388 /* Never respond to some of the domains listed in RFC6303 */
389 if (dns_name_endswith(domain
, "0.in-addr.arpa") > 0 ||
390 dns_name_equal(domain
, "255.255.255.255.in-addr.arpa") > 0 ||
391 dns_name_equal(domain
, "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa") > 0)
394 /* Always honour search domains for routing queries. Note that
395 * we return DNS_SCOPE_YES here, rather than just
396 * DNS_SCOPE_MAYBE, which means wildcard scopes won't be
397 * considered anymore. */
398 LIST_FOREACH(domains
, d
, dns_scope_get_search_domains(s
))
399 if (dns_name_endswith(domain
, d
->name
) > 0)
400 return DNS_SCOPE_YES
;
402 switch (s
->protocol
) {
404 case DNS_PROTOCOL_DNS
:
406 if ((!dns_name_is_single_label(domain
) ||
407 (!(flags
& SD_RESOLVED_NO_SEARCH
) && dns_scope_has_search_domains(s
))) &&
408 dns_name_endswith(domain
, "254.169.in-addr.arpa") == 0 &&
409 dns_name_endswith(domain
, "8.e.f.ip6.arpa") == 0 &&
410 dns_name_endswith(domain
, "9.e.f.ip6.arpa") == 0 &&
411 dns_name_endswith(domain
, "a.e.f.ip6.arpa") == 0 &&
412 dns_name_endswith(domain
, "b.e.f.ip6.arpa") == 0)
413 return DNS_SCOPE_MAYBE
;
417 case DNS_PROTOCOL_MDNS
:
418 if ((s
->family
== AF_INET
&& dns_name_endswith(domain
, "in-addr.arpa") > 0) ||
419 (s
->family
== AF_INET6
&& dns_name_endswith(domain
, "ip6.arpa") > 0) ||
420 (dns_name_endswith(domain
, "local") > 0 && /* only resolve names ending in .local via mDNS */
421 dns_name_equal(domain
, "local") == 0 && /* but not the single-label "local" name itself */
422 manager_is_own_hostname(s
->manager
, domain
) <= 0)) /* never resolve the local hostname via mDNS */
423 return DNS_SCOPE_MAYBE
;
427 case DNS_PROTOCOL_LLMNR
:
428 if ((s
->family
== AF_INET
&& dns_name_endswith(domain
, "in-addr.arpa") > 0) ||
429 (s
->family
== AF_INET6
&& dns_name_endswith(domain
, "ip6.arpa") > 0) ||
430 (dns_name_is_single_label(domain
) && /* only resolve single label names via LLMNR */
431 !is_gateway_hostname(domain
) && /* don't resolve "gateway" with LLMNR, let nss-myhostname handle this */
432 manager_is_own_hostname(s
->manager
, domain
) <= 0)) /* never resolve the local hostname via LLMNR */
433 return DNS_SCOPE_MAYBE
;
438 assert_not_reached("Unknown scope protocol");
442 int dns_scope_good_key(DnsScope
*s
, DnsResourceKey
*key
) {
446 if (s
->protocol
== DNS_PROTOCOL_DNS
)
449 /* On mDNS and LLMNR, send A and AAAA queries only on the
450 * respective scopes */
452 if (s
->family
== AF_INET
&& key
->class == DNS_CLASS_IN
&& key
->type
== DNS_TYPE_AAAA
)
455 if (s
->family
== AF_INET6
&& key
->class == DNS_CLASS_IN
&& key
->type
== DNS_TYPE_A
)
461 int dns_scope_llmnr_membership(DnsScope
*s
, bool b
) {
466 if (s
->protocol
!= DNS_PROTOCOL_LLMNR
)
471 if (s
->family
== AF_INET
) {
472 struct ip_mreqn mreqn
= {
473 .imr_multiaddr
= LLMNR_MULTICAST_IPV4_ADDRESS
,
474 .imr_ifindex
= s
->link
->ifindex
,
477 fd
= manager_llmnr_ipv4_udp_fd(s
->manager
);
481 /* Always first try to drop membership before we add
482 * one. This is necessary on some devices, such as
485 (void) setsockopt(fd
, IPPROTO_IP
, IP_DROP_MEMBERSHIP
, &mreqn
, sizeof(mreqn
));
487 if (setsockopt(fd
, IPPROTO_IP
, b
? IP_ADD_MEMBERSHIP
: IP_DROP_MEMBERSHIP
, &mreqn
, sizeof(mreqn
)) < 0)
490 } else if (s
->family
== AF_INET6
) {
491 struct ipv6_mreq mreq
= {
492 .ipv6mr_multiaddr
= LLMNR_MULTICAST_IPV6_ADDRESS
,
493 .ipv6mr_interface
= s
->link
->ifindex
,
496 fd
= manager_llmnr_ipv6_udp_fd(s
->manager
);
501 (void) setsockopt(fd
, IPPROTO_IPV6
, IPV6_DROP_MEMBERSHIP
, &mreq
, sizeof(mreq
));
503 if (setsockopt(fd
, IPPROTO_IPV6
, b
? IPV6_ADD_MEMBERSHIP
: IPV6_DROP_MEMBERSHIP
, &mreq
, sizeof(mreq
)) < 0)
506 return -EAFNOSUPPORT
;
511 static int dns_scope_make_reply_packet(
521 _cleanup_(dns_packet_unrefp
) DnsPacket
*p
= NULL
;
528 if ((!q
|| q
->n_keys
<= 0)
529 && (!answer
|| answer
->n_rrs
<= 0)
530 && (!soa
|| soa
->n_rrs
<= 0))
533 r
= dns_packet_new(&p
, s
->protocol
, 0);
537 DNS_PACKET_HEADER(p
)->id
= id
;
538 DNS_PACKET_HEADER(p
)->flags
= htobe16(DNS_PACKET_MAKE_FLAGS(
550 for (i
= 0; i
< q
->n_keys
; i
++) {
551 r
= dns_packet_append_key(p
, q
->keys
[i
], NULL
);
556 DNS_PACKET_HEADER(p
)->qdcount
= htobe16(q
->n_keys
);
560 for (i
= 0; i
< answer
->n_rrs
; i
++) {
561 r
= dns_packet_append_rr(p
, answer
->items
[i
].rr
, NULL
, NULL
);
566 DNS_PACKET_HEADER(p
)->ancount
= htobe16(answer
->n_rrs
);
570 for (i
= 0; i
< soa
->n_rrs
; i
++) {
571 r
= dns_packet_append_rr(p
, soa
->items
[i
].rr
, NULL
, NULL
);
576 DNS_PACKET_HEADER(p
)->arcount
= htobe16(soa
->n_rrs
);
585 static void dns_scope_verify_conflicts(DnsScope
*s
, DnsPacket
*p
) {
592 for (n
= 0; n
< p
->question
->n_keys
; n
++)
593 dns_zone_verify_conflicts(&s
->zone
, p
->question
->keys
[n
]);
595 for (n
= 0; n
< p
->answer
->n_rrs
; n
++)
596 dns_zone_verify_conflicts(&s
->zone
, p
->answer
->items
[n
].rr
->key
);
599 void dns_scope_process_query(DnsScope
*s
, DnsStream
*stream
, DnsPacket
*p
) {
600 _cleanup_(dns_packet_unrefp
) DnsPacket
*reply
= NULL
;
601 _cleanup_(dns_answer_unrefp
) DnsAnswer
*answer
= NULL
, *soa
= NULL
;
602 DnsResourceKey
*key
= NULL
;
603 bool tentative
= false;
609 if (p
->protocol
!= DNS_PROTOCOL_LLMNR
)
612 if (p
->ipproto
== IPPROTO_UDP
) {
613 /* Don't accept UDP queries directed to anything but
614 * the LLMNR multicast addresses. See RFC 4795,
617 if (p
->family
== AF_INET
&& !in_addr_equal(AF_INET
, &p
->destination
, (union in_addr_union
*) &LLMNR_MULTICAST_IPV4_ADDRESS
))
620 if (p
->family
== AF_INET6
&& !in_addr_equal(AF_INET6
, &p
->destination
, (union in_addr_union
*) &LLMNR_MULTICAST_IPV6_ADDRESS
))
624 r
= dns_packet_extract(p
);
626 log_debug_errno(r
, "Failed to extract resources from incoming packet: %m");
630 if (DNS_PACKET_LLMNR_C(p
)) {
631 /* Somebody notified us about a possible conflict */
632 dns_scope_verify_conflicts(s
, p
);
636 assert(p
->question
->n_keys
== 1);
637 key
= p
->question
->keys
[0];
639 r
= dns_zone_lookup(&s
->zone
, key
, &answer
, &soa
, &tentative
);
641 log_debug_errno(r
, "Failed to lookup key: %m");
648 dns_answer_order_by_scope(answer
, in_addr_is_link_local(p
->family
, &p
->sender
) > 0);
650 r
= dns_scope_make_reply_packet(s
, DNS_PACKET_ID(p
), DNS_RCODE_SUCCESS
, p
->question
, answer
, soa
, tentative
, &reply
);
652 log_debug_errno(r
, "Failed to build reply packet: %m");
657 r
= dns_stream_write_packet(stream
, reply
);
659 if (!ratelimit_test(&s
->ratelimit
))
662 if (p
->family
== AF_INET
)
663 fd
= manager_llmnr_ipv4_udp_fd(s
->manager
);
664 else if (p
->family
== AF_INET6
)
665 fd
= manager_llmnr_ipv6_udp_fd(s
->manager
);
667 log_debug("Unknown protocol");
671 log_debug_errno(fd
, "Failed to get reply socket: %m");
675 /* Note that we always immediately reply to all LLMNR
676 * requests, and do not wait any time, since we
677 * verified uniqueness for all records. Also see RFC
678 * 4795, Section 2.7 */
680 r
= manager_send(s
->manager
, fd
, p
->ifindex
, p
->family
, &p
->sender
, p
->sender_port
, reply
);
684 log_debug_errno(r
, "Failed to send reply packet: %m");
689 DnsTransaction
*dns_scope_find_transaction(DnsScope
*scope
, DnsResourceKey
*key
, bool cache_ok
) {
695 /* Try to find an ongoing transaction that is a equal to the
696 * specified question */
697 t
= hashmap_get(scope
->transactions_by_key
, key
);
701 /* Refuse reusing transactions that completed based on cached
702 * data instead of a real packet, if that's requested. */
704 IN_SET(t
->state
, DNS_TRANSACTION_SUCCESS
, DNS_TRANSACTION_FAILURE
) &&
705 t
->answer_source
!= DNS_TRANSACTION_NETWORK
)
711 static int dns_scope_make_conflict_packet(
713 DnsResourceRecord
*rr
,
716 _cleanup_(dns_packet_unrefp
) DnsPacket
*p
= NULL
;
723 r
= dns_packet_new(&p
, s
->protocol
, 0);
727 DNS_PACKET_HEADER(p
)->flags
= htobe16(DNS_PACKET_MAKE_FLAGS(
737 random_bytes(&DNS_PACKET_HEADER(p
)->id
, sizeof(uint16_t));
738 DNS_PACKET_HEADER(p
)->qdcount
= htobe16(1);
739 DNS_PACKET_HEADER(p
)->arcount
= htobe16(1);
741 r
= dns_packet_append_key(p
, rr
->key
, NULL
);
745 r
= dns_packet_append_rr(p
, rr
, NULL
, NULL
);
755 static int on_conflict_dispatch(sd_event_source
*es
, usec_t usec
, void *userdata
) {
756 DnsScope
*scope
= userdata
;
762 scope
->conflict_event_source
= sd_event_source_unref(scope
->conflict_event_source
);
765 _cleanup_(dns_resource_record_unrefp
) DnsResourceRecord
*rr
= NULL
;
766 _cleanup_(dns_packet_unrefp
) DnsPacket
*p
= NULL
;
768 rr
= ordered_hashmap_steal_first(scope
->conflict_queue
);
772 r
= dns_scope_make_conflict_packet(scope
, rr
, &p
);
774 log_error_errno(r
, "Failed to make conflict packet: %m");
778 r
= dns_scope_emit(scope
, -1, NULL
, p
);
780 log_debug_errno(r
, "Failed to send conflict packet: %m");
786 int dns_scope_notify_conflict(DnsScope
*scope
, DnsResourceRecord
*rr
) {
793 /* We don't send these queries immediately. Instead, we queue
794 * them, and send them after some jitter delay. */
795 r
= ordered_hashmap_ensure_allocated(&scope
->conflict_queue
, &dns_resource_key_hash_ops
);
801 /* We only place one RR per key in the conflict
802 * messages, not all of them. That should be enough to
803 * indicate where there might be a conflict */
804 r
= ordered_hashmap_put(scope
->conflict_queue
, rr
->key
, rr
);
805 if (r
== -EEXIST
|| r
== 0)
808 return log_debug_errno(r
, "Failed to queue conflicting RR: %m");
810 dns_resource_record_ref(rr
);
812 if (scope
->conflict_event_source
)
815 random_bytes(&jitter
, sizeof(jitter
));
816 jitter
%= LLMNR_JITTER_INTERVAL_USEC
;
818 r
= sd_event_add_time(scope
->manager
->event
,
819 &scope
->conflict_event_source
,
820 clock_boottime_or_monotonic(),
821 now(clock_boottime_or_monotonic()) + jitter
,
822 LLMNR_JITTER_INTERVAL_USEC
,
823 on_conflict_dispatch
, scope
);
825 return log_debug_errno(r
, "Failed to add conflict dispatch event: %m");
830 void dns_scope_check_conflicts(DnsScope
*scope
, DnsPacket
*p
) {
837 if (p
->protocol
!= DNS_PROTOCOL_LLMNR
)
840 if (DNS_PACKET_RRCOUNT(p
) <= 0)
843 if (DNS_PACKET_LLMNR_C(p
) != 0)
846 if (DNS_PACKET_LLMNR_T(p
) != 0)
849 if (manager_our_packet(scope
->manager
, p
))
852 r
= dns_packet_extract(p
);
854 log_debug_errno(r
, "Failed to extract packet: %m");
858 log_debug("Checking for conflicts...");
860 for (i
= 0; i
< p
->answer
->n_rrs
; i
++) {
862 /* Check for conflicts against the local zone. If we
863 * found one, we won't check any further */
864 r
= dns_zone_check_conflicts(&scope
->zone
, p
->answer
->items
[i
].rr
);
868 /* Check for conflicts against the local cache. If so,
869 * send out an advisory query, to inform everybody */
870 r
= dns_cache_check_conflicts(&scope
->cache
, p
->answer
->items
[i
].rr
, p
->family
, &p
->sender
);
874 dns_scope_notify_conflict(scope
, p
->answer
->items
[i
].rr
);
878 void dns_scope_dump(DnsScope
*s
, FILE *f
) {
884 fputs("[Scope protocol=", f
);
885 fputs(dns_protocol_to_string(s
->protocol
), f
);
888 fputs(" interface=", f
);
889 fputs(s
->link
->name
, f
);
892 if (s
->family
!= AF_UNSPEC
) {
893 fputs(" family=", f
);
894 fputs(af_to_name(s
->family
), f
);
899 if (!dns_zone_is_empty(&s
->zone
)) {
901 dns_zone_dump(&s
->zone
, f
);
904 if (!dns_cache_is_empty(&s
->cache
)) {
905 fputs("CACHE:\n", f
);
906 dns_cache_dump(&s
->cache
, f
);
910 DnsSearchDomain
*dns_scope_get_search_domains(DnsScope
*s
) {
913 /* Returns the list of *local* search domains -- not the
916 if (s
->protocol
!= DNS_PROTOCOL_DNS
)
920 return s
->link
->search_domains
;
925 bool dns_scope_has_search_domains(DnsScope
*s
) {
928 /* Tests if there are *any* search domains suitable for this
929 * scope. This means either local or global ones */
931 if (s
->protocol
!= DNS_PROTOCOL_DNS
)
934 if (s
->manager
->search_domains
)
937 if (s
->link
&& s
->link
->search_domains
)
943 bool dns_scope_name_needs_search_domain(DnsScope
*s
, const char *name
) {
946 if (s
->protocol
!= DNS_PROTOCOL_DNS
)
949 return dns_name_is_single_label(name
);