]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolved-link.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
strv: make iterator in STRV_FOREACH() declaread in the loop
[thirdparty/systemd.git] / src / resolve / resolved-link.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <linux/if.h>
4 #include <unistd.h>
5
6 #include "sd-network.h"
7
8 #include "alloc-util.h"
9 #include "env-file.h"
10 #include "fd-util.h"
11 #include "fileio.h"
12 #include "log-link.h"
13 #include "mkdir.h"
14 #include "netif-util.h"
15 #include "parse-util.h"
16 #include "resolved-link.h"
17 #include "resolved-llmnr.h"
18 #include "resolved-mdns.h"
19 #include "socket-netlink.h"
20 #include "stat-util.h"
21 #include "string-util.h"
22 #include "strv.h"
23 #include "tmpfile-util.h"
24
25 int link_new(Manager *m, Link **ret, int ifindex) {
26 _cleanup_(link_freep) Link *l = NULL;
27 int r;
28
29 assert(m);
30 assert(ifindex > 0);
31
32 l = new(Link, 1);
33 if (!l)
34 return -ENOMEM;
35
36 *l = (Link) {
37 .ifindex = ifindex,
38 .default_route = -1,
39 .llmnr_support = RESOLVE_SUPPORT_YES,
40 .mdns_support = RESOLVE_SUPPORT_NO,
41 .dnssec_mode = _DNSSEC_MODE_INVALID,
42 .dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID,
43 .operstate = IF_OPER_UNKNOWN,
44 };
45
46 if (asprintf(&l->state_file, "/run/systemd/resolve/netif/%i", ifindex) < 0)
47 return -ENOMEM;
48
49 r = hashmap_ensure_put(&m->links, NULL, INT_TO_PTR(ifindex), l);
50 if (r < 0)
51 return r;
52
53 l->manager = m;
54
55 if (ret)
56 *ret = l;
57 TAKE_PTR(l);
58
59 return 0;
60 }
61
62 void link_flush_settings(Link *l) {
63 assert(l);
64
65 l->default_route = -1;
66 l->llmnr_support = RESOLVE_SUPPORT_YES;
67 l->mdns_support = RESOLVE_SUPPORT_NO;
68 l->dnssec_mode = _DNSSEC_MODE_INVALID;
69 l->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID;
70
71 dns_server_unlink_all(l->dns_servers);
72 dns_search_domain_unlink_all(l->search_domains);
73
74 l->dnssec_negative_trust_anchors = set_free_free(l->dnssec_negative_trust_anchors);
75 }
76
77 Link *link_free(Link *l) {
78 if (!l)
79 return NULL;
80
81 /* Send goodbye messages. */
82 dns_scope_announce(l->mdns_ipv4_scope, true);
83 dns_scope_announce(l->mdns_ipv6_scope, true);
84
85 link_flush_settings(l);
86
87 while (l->addresses)
88 (void) link_address_free(l->addresses);
89
90 if (l->manager)
91 hashmap_remove(l->manager->links, INT_TO_PTR(l->ifindex));
92
93 dns_scope_free(l->unicast_scope);
94 dns_scope_free(l->llmnr_ipv4_scope);
95 dns_scope_free(l->llmnr_ipv6_scope);
96 dns_scope_free(l->mdns_ipv4_scope);
97 dns_scope_free(l->mdns_ipv6_scope);
98
99 free(l->state_file);
100 free(l->ifname);
101
102 return mfree(l);
103 }
104
105 void link_allocate_scopes(Link *l) {
106 bool unicast_relevant;
107 int r;
108
109 assert(l);
110
111 /* If a link that used to be relevant is no longer, or a link that did not use to be relevant now becomes
112 * relevant, let's reinit the learnt global DNS server information, since we might talk to different servers
113 * now, even if they have the same addresses as before. */
114
115 unicast_relevant = link_relevant(l, AF_UNSPEC, false);
116 if (unicast_relevant != l->unicast_relevant) {
117 l->unicast_relevant = unicast_relevant;
118
119 dns_server_reset_features_all(l->manager->fallback_dns_servers);
120 dns_server_reset_features_all(l->manager->dns_servers);
121
122 /* Also, flush the global unicast scope, to deal with split horizon setups, where talking through one
123 * interface reveals different DNS zones than through others. */
124 if (l->manager->unicast_scope)
125 dns_cache_flush(&l->manager->unicast_scope->cache);
126 }
127
128 /* And now, allocate all scopes that makes sense now if we didn't have them yet, and drop those which we don't
129 * need anymore */
130
131 if (unicast_relevant && l->dns_servers) {
132 if (!l->unicast_scope) {
133 dns_server_reset_features_all(l->dns_servers);
134
135 r = dns_scope_new(l->manager, &l->unicast_scope, l, DNS_PROTOCOL_DNS, AF_UNSPEC);
136 if (r < 0)
137 log_link_warning_errno(l, r, "Failed to allocate DNS scope, ignoring: %m");
138 }
139 } else
140 l->unicast_scope = dns_scope_free(l->unicast_scope);
141
142 if (link_relevant(l, AF_INET, true) &&
143 l->llmnr_support != RESOLVE_SUPPORT_NO &&
144 l->manager->llmnr_support != RESOLVE_SUPPORT_NO) {
145 if (!l->llmnr_ipv4_scope) {
146 r = dns_scope_new(l->manager, &l->llmnr_ipv4_scope, l, DNS_PROTOCOL_LLMNR, AF_INET);
147 if (r < 0)
148 log_link_warning_errno(l, r, "Failed to allocate LLMNR IPv4 scope, ignoring: %m");
149 }
150 } else
151 l->llmnr_ipv4_scope = dns_scope_free(l->llmnr_ipv4_scope);
152
153 if (link_relevant(l, AF_INET6, true) &&
154 l->llmnr_support != RESOLVE_SUPPORT_NO &&
155 l->manager->llmnr_support != RESOLVE_SUPPORT_NO &&
156 socket_ipv6_is_supported()) {
157 if (!l->llmnr_ipv6_scope) {
158 r = dns_scope_new(l->manager, &l->llmnr_ipv6_scope, l, DNS_PROTOCOL_LLMNR, AF_INET6);
159 if (r < 0)
160 log_link_warning_errno(l, r, "Failed to allocate LLMNR IPv6 scope, ignoring: %m");
161 }
162 } else
163 l->llmnr_ipv6_scope = dns_scope_free(l->llmnr_ipv6_scope);
164
165 if (link_relevant(l, AF_INET, true) &&
166 l->mdns_support != RESOLVE_SUPPORT_NO &&
167 l->manager->mdns_support != RESOLVE_SUPPORT_NO) {
168 if (!l->mdns_ipv4_scope) {
169 r = dns_scope_new(l->manager, &l->mdns_ipv4_scope, l, DNS_PROTOCOL_MDNS, AF_INET);
170 if (r < 0)
171 log_link_warning_errno(l, r, "Failed to allocate mDNS IPv4 scope, ignoring: %m");
172 }
173 } else
174 l->mdns_ipv4_scope = dns_scope_free(l->mdns_ipv4_scope);
175
176 if (link_relevant(l, AF_INET6, true) &&
177 l->mdns_support != RESOLVE_SUPPORT_NO &&
178 l->manager->mdns_support != RESOLVE_SUPPORT_NO) {
179 if (!l->mdns_ipv6_scope) {
180 r = dns_scope_new(l->manager, &l->mdns_ipv6_scope, l, DNS_PROTOCOL_MDNS, AF_INET6);
181 if (r < 0)
182 log_link_warning_errno(l, r, "Failed to allocate mDNS IPv6 scope, ignoring: %m");
183 }
184 } else
185 l->mdns_ipv6_scope = dns_scope_free(l->mdns_ipv6_scope);
186 }
187
188 void link_add_rrs(Link *l, bool force_remove) {
189 int r;
190
191 LIST_FOREACH(addresses, a, l->addresses)
192 link_address_add_rrs(a, force_remove);
193
194 if (!force_remove &&
195 l->mdns_support == RESOLVE_SUPPORT_YES &&
196 l->manager->mdns_support == RESOLVE_SUPPORT_YES) {
197
198 if (l->mdns_ipv4_scope) {
199 r = dns_scope_add_dnssd_services(l->mdns_ipv4_scope);
200 if (r < 0)
201 log_link_warning_errno(l, r, "Failed to add IPv4 DNS-SD services, ignoring: %m");
202 }
203
204 if (l->mdns_ipv6_scope) {
205 r = dns_scope_add_dnssd_services(l->mdns_ipv6_scope);
206 if (r < 0)
207 log_link_warning_errno(l, r, "Failed to add IPv6 DNS-SD services, ignoring: %m");
208 }
209
210 } else {
211
212 if (l->mdns_ipv4_scope) {
213 r = dns_scope_remove_dnssd_services(l->mdns_ipv4_scope);
214 if (r < 0)
215 log_link_warning_errno(l, r, "Failed to remove IPv4 DNS-SD services, ignoring: %m");
216 }
217
218 if (l->mdns_ipv6_scope) {
219 r = dns_scope_remove_dnssd_services(l->mdns_ipv6_scope);
220 if (r < 0)
221 log_link_warning_errno(l, r, "Failed to remove IPv6 DNS-SD services, ignoring: %m");
222 }
223 }
224 }
225
226 int link_process_rtnl(Link *l, sd_netlink_message *m) {
227 const char *n = NULL;
228 int r;
229
230 assert(l);
231 assert(m);
232
233 r = sd_rtnl_message_link_get_flags(m, &l->flags);
234 if (r < 0)
235 return r;
236
237 (void) sd_netlink_message_read_u32(m, IFLA_MTU, &l->mtu);
238 (void) sd_netlink_message_read_u8(m, IFLA_OPERSTATE, &l->operstate);
239
240 if (sd_netlink_message_read_string(m, IFLA_IFNAME, &n) >= 0 &&
241 !streq_ptr(l->ifname, n)) {
242 if (l->ifname)
243 log_link_debug(l, "Interface name change detected: %s -> %s", l->ifname, n);
244
245 r = free_and_strdup(&l->ifname, n);
246 if (r < 0)
247 return r;
248 }
249
250 return 0;
251 }
252
253 static int link_update_dns_server_one(Link *l, const char *str) {
254 _cleanup_free_ char *name = NULL;
255 int family, ifindex, r;
256 union in_addr_union a;
257 DnsServer *s;
258 uint16_t port;
259
260 assert(l);
261 assert(str);
262
263 r = in_addr_port_ifindex_name_from_string_auto(str, &family, &a, &port, &ifindex, &name);
264 if (r < 0)
265 return r;
266
267 if (ifindex != 0 && ifindex != l->ifindex)
268 return -EINVAL;
269
270 /* By default, the port number is determined with the transaction feature level.
271 * See dns_transaction_port() and dns_server_port(). */
272 if (IN_SET(port, 53, 853))
273 port = 0;
274
275 s = dns_server_find(l->dns_servers, family, &a, port, 0, name);
276 if (s) {
277 dns_server_move_back_and_unmark(s);
278 return 0;
279 }
280
281 return dns_server_new(l->manager, NULL, DNS_SERVER_LINK, l, family, &a, port, 0, name);
282 }
283
284 static int link_update_dns_servers(Link *l) {
285 _cleanup_strv_free_ char **nameservers = NULL;
286 int r;
287
288 assert(l);
289
290 r = sd_network_link_get_dns(l->ifindex, &nameservers);
291 if (r == -ENODATA) {
292 r = 0;
293 goto clear;
294 }
295 if (r < 0)
296 goto clear;
297
298 dns_server_mark_all(l->dns_servers);
299
300 STRV_FOREACH(nameserver, nameservers) {
301 r = link_update_dns_server_one(l, *nameserver);
302 if (r < 0)
303 goto clear;
304 }
305
306 dns_server_unlink_marked(l->dns_servers);
307 return 0;
308
309 clear:
310 dns_server_unlink_all(l->dns_servers);
311 return r;
312 }
313
314 static int link_update_default_route(Link *l) {
315 int r;
316
317 assert(l);
318
319 r = sd_network_link_get_dns_default_route(l->ifindex);
320 if (r == -ENODATA) {
321 r = 0;
322 goto clear;
323 }
324 if (r < 0)
325 goto clear;
326
327 l->default_route = r > 0;
328 return 0;
329
330 clear:
331 l->default_route = -1;
332 return r;
333 }
334
335 static int link_update_llmnr_support(Link *l) {
336 _cleanup_free_ char *b = NULL;
337 int r;
338
339 assert(l);
340
341 l->llmnr_support = RESOLVE_SUPPORT_YES; /* yes, yes, we set it twice which is ugly */
342
343 r = sd_network_link_get_llmnr(l->ifindex, &b);
344 if (r == -ENODATA)
345 return 0;
346 if (r < 0)
347 return r;
348
349 r = resolve_support_from_string(b);
350 if (r < 0)
351 return r;
352
353 l->llmnr_support = r;
354 return 0;
355 }
356
357 static int link_update_mdns_support(Link *l) {
358 _cleanup_free_ char *b = NULL;
359 int r;
360
361 assert(l);
362
363 l->mdns_support = RESOLVE_SUPPORT_NO;
364
365 r = sd_network_link_get_mdns(l->ifindex, &b);
366 if (r == -ENODATA)
367 return 0;
368 if (r < 0)
369 return r;
370
371 r = resolve_support_from_string(b);
372 if (r < 0)
373 return r;
374
375 l->mdns_support = r;
376 return 0;
377 }
378
379 void link_set_dns_over_tls_mode(Link *l, DnsOverTlsMode mode) {
380
381 assert(l);
382
383 #if ! ENABLE_DNS_OVER_TLS
384 if (mode != DNS_OVER_TLS_NO)
385 log_link_warning(l,
386 "DNS-over-TLS option for the link cannot be enabled or set to opportunistic "
387 "when systemd-resolved is built without DNS-over-TLS support. "
388 "Turning off DNS-over-TLS support.");
389 return;
390 #endif
391
392 l->dns_over_tls_mode = mode;
393 }
394
395 static int link_update_dns_over_tls_mode(Link *l) {
396 _cleanup_free_ char *b = NULL;
397 int r;
398
399 assert(l);
400
401 l->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID;
402
403 r = sd_network_link_get_dns_over_tls(l->ifindex, &b);
404 if (r == -ENODATA)
405 return 0;
406 if (r < 0)
407 return r;
408
409 r = dns_over_tls_mode_from_string(b);
410 if (r < 0)
411 return r;
412
413 l->dns_over_tls_mode = r;
414 return 0;
415 }
416
417 void link_set_dnssec_mode(Link *l, DnssecMode mode) {
418
419 assert(l);
420
421 #if !HAVE_OPENSSL_OR_GCRYPT
422 if (IN_SET(mode, DNSSEC_YES, DNSSEC_ALLOW_DOWNGRADE))
423 log_link_warning(l,
424 "DNSSEC option for the link cannot be enabled or set to allow-downgrade "
425 "when systemd-resolved is built without a cryptographic library. "
426 "Turning off DNSSEC support.");
427 return;
428 #endif
429
430 if (l->dnssec_mode == mode)
431 return;
432
433 if ((l->dnssec_mode == _DNSSEC_MODE_INVALID) ||
434 (l->dnssec_mode == DNSSEC_NO && mode != DNSSEC_NO) ||
435 (l->dnssec_mode == DNSSEC_ALLOW_DOWNGRADE && mode == DNSSEC_YES)) {
436
437 /* When switching from non-DNSSEC mode to DNSSEC mode, flush the cache. Also when switching from the
438 * allow-downgrade mode to full DNSSEC mode, flush it too. */
439 if (l->unicast_scope)
440 dns_cache_flush(&l->unicast_scope->cache);
441 }
442
443 l->dnssec_mode = mode;
444 }
445
446 static int link_update_dnssec_mode(Link *l) {
447 _cleanup_free_ char *m = NULL;
448 DnssecMode mode;
449 int r;
450
451 assert(l);
452
453 l->dnssec_mode = _DNSSEC_MODE_INVALID;
454
455 r = sd_network_link_get_dnssec(l->ifindex, &m);
456 if (r == -ENODATA)
457 return 0;
458 if (r < 0)
459 return r;
460
461 mode = dnssec_mode_from_string(m);
462 if (mode < 0)
463 return mode;
464
465 link_set_dnssec_mode(l, mode);
466 return 0;
467 }
468
469 static int link_update_dnssec_negative_trust_anchors(Link *l) {
470 _cleanup_strv_free_ char **ntas = NULL;
471 _cleanup_set_free_free_ Set *ns = NULL;
472 int r;
473
474 assert(l);
475
476 l->dnssec_negative_trust_anchors = set_free_free(l->dnssec_negative_trust_anchors);
477
478 r = sd_network_link_get_dnssec_negative_trust_anchors(l->ifindex, &ntas);
479 if (r == -ENODATA)
480 return r;
481 if (r < 0)
482 return r;
483
484 ns = set_new(&dns_name_hash_ops);
485 if (!ns)
486 return -ENOMEM;
487
488 r = set_put_strdupv(&ns, ntas);
489 if (r < 0)
490 return r;
491
492 l->dnssec_negative_trust_anchors = TAKE_PTR(ns);
493 return 0;
494 }
495
496 static int link_update_search_domain_one(Link *l, const char *name, bool route_only) {
497 DnsSearchDomain *d;
498 int r;
499
500 assert(l);
501 assert(name);
502
503 r = dns_search_domain_find(l->search_domains, name, &d);
504 if (r < 0)
505 return r;
506 if (r > 0)
507 dns_search_domain_move_back_and_unmark(d);
508 else {
509 r = dns_search_domain_new(l->manager, &d, DNS_SEARCH_DOMAIN_LINK, l, name);
510 if (r < 0)
511 return r;
512 }
513
514 d->route_only = route_only;
515 return 0;
516 }
517
518 static int link_update_search_domains(Link *l) {
519 _cleanup_strv_free_ char **sdomains = NULL, **rdomains = NULL;
520 int r, q;
521
522 assert(l);
523
524 r = sd_network_link_get_search_domains(l->ifindex, &sdomains);
525 if (r < 0 && r != -ENODATA)
526 goto clear;
527
528 q = sd_network_link_get_route_domains(l->ifindex, &rdomains);
529 if (q < 0 && q != -ENODATA) {
530 r = q;
531 goto clear;
532 }
533
534 if (r == -ENODATA && q == -ENODATA) {
535 /* networkd knows nothing about this interface, and that's fine. */
536 r = 0;
537 goto clear;
538 }
539
540 dns_search_domain_mark_all(l->search_domains);
541
542 STRV_FOREACH(i, sdomains) {
543 r = link_update_search_domain_one(l, *i, false);
544 if (r < 0)
545 goto clear;
546 }
547
548 STRV_FOREACH(i, rdomains) {
549 r = link_update_search_domain_one(l, *i, true);
550 if (r < 0)
551 goto clear;
552 }
553
554 dns_search_domain_unlink_marked(l->search_domains);
555 return 0;
556
557 clear:
558 dns_search_domain_unlink_all(l->search_domains);
559 return r;
560 }
561
562 static int link_is_managed(Link *l) {
563 _cleanup_free_ char *state = NULL;
564 int r;
565
566 assert(l);
567
568 r = sd_network_link_get_setup_state(l->ifindex, &state);
569 if (r == -ENODATA)
570 return 0;
571 if (r < 0)
572 return r;
573
574 return !STR_IN_SET(state, "pending", "initialized", "unmanaged");
575 }
576
577 static void link_enter_unmanaged(Link *l) {
578 assert(l);
579
580 /* If this link used to be managed, but is now unmanaged, flush all our settings — but only once. */
581 if (l->is_managed)
582 link_flush_settings(l);
583
584 l->is_managed = false;
585 }
586
587 static void link_read_settings(Link *l) {
588 struct stat st;
589 int r;
590
591 assert(l);
592
593 /* Read settings from networkd, except when networkd is not managing this interface. */
594
595 r = sd_network_link_get_stat(l->ifindex, &st);
596 if (r == -ENOENT)
597 return link_enter_unmanaged(l);
598 if (r < 0)
599 return (void) log_link_warning_errno(l, r, "Failed to stat() networkd's link state file, ignoring: %m");
600
601 if (stat_inode_unmodified(&l->networkd_state_file_stat, &st))
602 /* The state file is unmodified. Not necessary to re-read settings. */
603 return;
604
605 /* Save the new stat for the next event. */
606 l->networkd_state_file_stat = st;
607
608 r = link_is_managed(l);
609 if (r < 0)
610 return (void) log_link_warning_errno(l, r, "Failed to determine whether the interface is managed, ignoring: %m");
611 if (r == 0)
612 return link_enter_unmanaged(l);
613
614 l->is_managed = true;
615
616 r = network_link_get_operational_state(l->ifindex, &l->networkd_operstate);
617 if (r < 0)
618 log_link_warning_errno(l, r, "Failed to read networkd's link operational state, ignoring: %m");
619
620 r = link_update_dns_servers(l);
621 if (r < 0)
622 log_link_warning_errno(l, r, "Failed to read DNS servers for the interface, ignoring: %m");
623
624 r = link_update_llmnr_support(l);
625 if (r < 0)
626 log_link_warning_errno(l, r, "Failed to read LLMNR support for the interface, ignoring: %m");
627
628 r = link_update_mdns_support(l);
629 if (r < 0)
630 log_link_warning_errno(l, r, "Failed to read mDNS support for the interface, ignoring: %m");
631
632 r = link_update_dns_over_tls_mode(l);
633 if (r < 0)
634 log_link_warning_errno(l, r, "Failed to read DNS-over-TLS mode for the interface, ignoring: %m");
635
636 r = link_update_dnssec_mode(l);
637 if (r < 0)
638 log_link_warning_errno(l, r, "Failed to read DNSSEC mode for the interface, ignoring: %m");
639
640 r = link_update_dnssec_negative_trust_anchors(l);
641 if (r < 0)
642 log_link_warning_errno(l, r, "Failed to read DNSSEC negative trust anchors for the interface, ignoring: %m");
643
644 r = link_update_search_domains(l);
645 if (r < 0)
646 log_link_warning_errno(l, r, "Failed to read search domains for the interface, ignoring: %m");
647
648 r = link_update_default_route(l);
649 if (r < 0)
650 log_link_warning_errno(l, r, "Failed to read default route setting for the interface, proceeding anyway: %m");
651 }
652
653 int link_update(Link *l) {
654 int r;
655
656 assert(l);
657
658 link_read_settings(l);
659 r = link_load_user(l);
660 if (r < 0)
661 return r;
662
663 if (l->llmnr_support != RESOLVE_SUPPORT_NO) {
664 r = manager_llmnr_start(l->manager);
665 if (r < 0)
666 return r;
667 }
668
669 if (l->mdns_support != RESOLVE_SUPPORT_NO) {
670 r = manager_mdns_start(l->manager);
671 if (r < 0)
672 return r;
673 }
674
675 link_allocate_scopes(l);
676 link_add_rrs(l, false);
677
678 return 0;
679 }
680
681 bool link_relevant(Link *l, int family, bool local_multicast) {
682 assert(l);
683
684 /* A link is relevant for local multicast traffic if it isn't a loopback device, has a link
685 * beat, can do multicast and has at least one link-local (or better) IP address.
686 *
687 * A link is relevant for non-multicast traffic if it isn't a loopback device, has a link beat, and has at
688 * least one routable address. */
689
690 if ((l->flags & (IFF_LOOPBACK | IFF_DORMANT)) != 0)
691 return false;
692
693 if (!FLAGS_SET(l->flags, IFF_UP | IFF_LOWER_UP))
694 return false;
695
696 if (local_multicast &&
697 !FLAGS_SET(l->flags, IFF_MULTICAST))
698 return false;
699
700 if (!netif_has_carrier(l->operstate, l->flags))
701 return false;
702
703 if (l->is_managed &&
704 !IN_SET(l->networkd_operstate, LINK_OPERSTATE_DEGRADED_CARRIER, LINK_OPERSTATE_DEGRADED, LINK_OPERSTATE_ROUTABLE))
705 return false;
706
707 LIST_FOREACH(addresses, a, l->addresses)
708 if ((family == AF_UNSPEC || a->family == family) && link_address_relevant(a, local_multicast))
709 return true;
710
711 return false;
712 }
713
714 LinkAddress *link_find_address(Link *l, int family, const union in_addr_union *in_addr) {
715 assert(l);
716
717 if (!IN_SET(family, AF_INET, AF_INET6))
718 return NULL;
719
720 if (!in_addr)
721 return NULL;
722
723 LIST_FOREACH(addresses, a, l->addresses)
724 if (a->family == family && in_addr_equal(family, &a->in_addr, in_addr))
725 return a;
726
727 return NULL;
728 }
729
730 DnsServer* link_set_dns_server(Link *l, DnsServer *s) {
731 assert(l);
732
733 if (l->current_dns_server == s)
734 return s;
735
736 if (s)
737 log_link_debug(l, "Switching to DNS server %s.", strna(dns_server_string_full(s)));
738
739 dns_server_unref(l->current_dns_server);
740 l->current_dns_server = dns_server_ref(s);
741
742 if (l->unicast_scope)
743 dns_cache_flush(&l->unicast_scope->cache);
744
745 return s;
746 }
747
748 DnsServer *link_get_dns_server(Link *l) {
749 assert(l);
750
751 if (!l->current_dns_server)
752 link_set_dns_server(l, l->dns_servers);
753
754 return l->current_dns_server;
755 }
756
757 void link_next_dns_server(Link *l, DnsServer *if_current) {
758 assert(l);
759
760 /* If the current server of the transaction is specified, and we already are at a different one,
761 * don't do anything */
762 if (if_current && l->current_dns_server != if_current)
763 return;
764
765 /* If currently have no DNS server, then don't do anything, we'll pick it lazily the next time a DNS
766 * server is needed. */
767 if (!l->current_dns_server)
768 return;
769
770 /* Change to the next one, but make sure to follow the linked list only if this server is actually
771 * still linked. */
772 if (l->current_dns_server->linked && l->current_dns_server->servers_next) {
773 link_set_dns_server(l, l->current_dns_server->servers_next);
774 return;
775 }
776
777 /* Pick the first one again, after we reached the end */
778 link_set_dns_server(l, l->dns_servers);
779 }
780
781 DnsOverTlsMode link_get_dns_over_tls_mode(Link *l) {
782 assert(l);
783
784 if (l->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
785 return l->dns_over_tls_mode;
786
787 return manager_get_dns_over_tls_mode(l->manager);
788 }
789
790 DnssecMode link_get_dnssec_mode(Link *l) {
791 assert(l);
792
793 if (l->dnssec_mode != _DNSSEC_MODE_INVALID)
794 return l->dnssec_mode;
795
796 return manager_get_dnssec_mode(l->manager);
797 }
798
799 bool link_dnssec_supported(Link *l) {
800 DnsServer *server;
801
802 assert(l);
803
804 if (link_get_dnssec_mode(l) == DNSSEC_NO)
805 return false;
806
807 server = link_get_dns_server(l);
808 if (server)
809 return dns_server_dnssec_supported(server);
810
811 return true;
812 }
813
814 int link_address_new(Link *l, LinkAddress **ret, int family, const union in_addr_union *in_addr) {
815 LinkAddress *a;
816
817 assert(l);
818 assert(in_addr);
819
820 a = new(LinkAddress, 1);
821 if (!a)
822 return -ENOMEM;
823
824 *a = (LinkAddress) {
825 .family = family,
826 .in_addr = *in_addr,
827 .link = l,
828 .prefixlen = UCHAR_MAX,
829 };
830
831 LIST_PREPEND(addresses, l->addresses, a);
832 l->n_addresses++;
833
834 if (ret)
835 *ret = a;
836
837 return 0;
838 }
839
840 LinkAddress *link_address_free(LinkAddress *a) {
841 if (!a)
842 return NULL;
843
844 if (a->link) {
845 LIST_REMOVE(addresses, a->link->addresses, a);
846
847 assert(a->link->n_addresses > 0);
848 a->link->n_addresses--;
849
850 if (a->llmnr_address_rr) {
851 if (a->family == AF_INET && a->link->llmnr_ipv4_scope)
852 dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_address_rr);
853 else if (a->family == AF_INET6 && a->link->llmnr_ipv6_scope)
854 dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_address_rr);
855 }
856
857 if (a->llmnr_ptr_rr) {
858 if (a->family == AF_INET && a->link->llmnr_ipv4_scope)
859 dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_ptr_rr);
860 else if (a->family == AF_INET6 && a->link->llmnr_ipv6_scope)
861 dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_ptr_rr);
862 }
863
864 if (a->mdns_address_rr) {
865 if (a->family == AF_INET && a->link->mdns_ipv4_scope)
866 dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_address_rr);
867 else if (a->family == AF_INET6 && a->link->mdns_ipv6_scope)
868 dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_address_rr);
869 }
870
871 if (a->mdns_ptr_rr) {
872 if (a->family == AF_INET && a->link->mdns_ipv4_scope)
873 dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_ptr_rr);
874 else if (a->family == AF_INET6 && a->link->mdns_ipv6_scope)
875 dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_ptr_rr);
876 }
877 }
878
879 dns_resource_record_unref(a->llmnr_address_rr);
880 dns_resource_record_unref(a->llmnr_ptr_rr);
881 dns_resource_record_unref(a->mdns_address_rr);
882 dns_resource_record_unref(a->mdns_ptr_rr);
883
884 return mfree(a);
885 }
886
887 void link_address_add_rrs(LinkAddress *a, bool force_remove) {
888 int r;
889
890 assert(a);
891
892 if (a->family == AF_INET) {
893
894 if (!force_remove &&
895 link_address_relevant(a, true) &&
896 a->link->llmnr_ipv4_scope &&
897 a->link->llmnr_support == RESOLVE_SUPPORT_YES &&
898 a->link->manager->llmnr_support == RESOLVE_SUPPORT_YES) {
899
900 if (!a->link->manager->llmnr_host_ipv4_key) {
901 a->link->manager->llmnr_host_ipv4_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_A, a->link->manager->llmnr_hostname);
902 if (!a->link->manager->llmnr_host_ipv4_key) {
903 r = -ENOMEM;
904 goto fail;
905 }
906 }
907
908 if (!a->llmnr_address_rr) {
909 a->llmnr_address_rr = dns_resource_record_new(a->link->manager->llmnr_host_ipv4_key);
910 if (!a->llmnr_address_rr) {
911 r = -ENOMEM;
912 goto fail;
913 }
914
915 a->llmnr_address_rr->a.in_addr = a->in_addr.in;
916 a->llmnr_address_rr->ttl = LLMNR_DEFAULT_TTL;
917 }
918
919 if (!a->llmnr_ptr_rr) {
920 r = dns_resource_record_new_reverse(&a->llmnr_ptr_rr, a->family, &a->in_addr, a->link->manager->llmnr_hostname);
921 if (r < 0)
922 goto fail;
923
924 a->llmnr_ptr_rr->ttl = LLMNR_DEFAULT_TTL;
925 }
926
927 r = dns_zone_put(&a->link->llmnr_ipv4_scope->zone, a->link->llmnr_ipv4_scope, a->llmnr_address_rr, true);
928 if (r < 0)
929 log_link_warning_errno(a->link, r, "Failed to add A record to LLMNR zone, ignoring: %m");
930
931 r = dns_zone_put(&a->link->llmnr_ipv4_scope->zone, a->link->llmnr_ipv4_scope, a->llmnr_ptr_rr, false);
932 if (r < 0)
933 log_link_warning_errno(a->link, r, "Failed to add IPv4 PTR record to LLMNR zone, ignoring: %m");
934 } else {
935 if (a->llmnr_address_rr) {
936 if (a->link->llmnr_ipv4_scope)
937 dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_address_rr);
938 a->llmnr_address_rr = dns_resource_record_unref(a->llmnr_address_rr);
939 }
940
941 if (a->llmnr_ptr_rr) {
942 if (a->link->llmnr_ipv4_scope)
943 dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_ptr_rr);
944 a->llmnr_ptr_rr = dns_resource_record_unref(a->llmnr_ptr_rr);
945 }
946 }
947
948 if (!force_remove &&
949 link_address_relevant(a, true) &&
950 a->link->mdns_ipv4_scope &&
951 a->link->mdns_support == RESOLVE_SUPPORT_YES &&
952 a->link->manager->mdns_support == RESOLVE_SUPPORT_YES) {
953 if (!a->link->manager->mdns_host_ipv4_key) {
954 a->link->manager->mdns_host_ipv4_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_A, a->link->manager->mdns_hostname);
955 if (!a->link->manager->mdns_host_ipv4_key) {
956 r = -ENOMEM;
957 goto fail;
958 }
959 }
960
961 if (!a->mdns_address_rr) {
962 a->mdns_address_rr = dns_resource_record_new(a->link->manager->mdns_host_ipv4_key);
963 if (!a->mdns_address_rr) {
964 r = -ENOMEM;
965 goto fail;
966 }
967
968 a->mdns_address_rr->a.in_addr = a->in_addr.in;
969 a->mdns_address_rr->ttl = MDNS_DEFAULT_TTL;
970 }
971
972 if (!a->mdns_ptr_rr) {
973 r = dns_resource_record_new_reverse(&a->mdns_ptr_rr, a->family, &a->in_addr, a->link->manager->mdns_hostname);
974 if (r < 0)
975 goto fail;
976
977 a->mdns_ptr_rr->ttl = MDNS_DEFAULT_TTL;
978 }
979
980 r = dns_zone_put(&a->link->mdns_ipv4_scope->zone, a->link->mdns_ipv4_scope, a->mdns_address_rr, true);
981 if (r < 0)
982 log_link_warning_errno(a->link, r, "Failed to add A record to MDNS zone, ignoring: %m");
983
984 r = dns_zone_put(&a->link->mdns_ipv4_scope->zone, a->link->mdns_ipv4_scope, a->mdns_ptr_rr, false);
985 if (r < 0)
986 log_link_warning_errno(a->link, r, "Failed to add IPv4 PTR record to MDNS zone, ignoring: %m");
987 } else {
988 if (a->mdns_address_rr) {
989 if (a->link->mdns_ipv4_scope)
990 dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_address_rr);
991 a->mdns_address_rr = dns_resource_record_unref(a->mdns_address_rr);
992 }
993
994 if (a->mdns_ptr_rr) {
995 if (a->link->mdns_ipv4_scope)
996 dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_ptr_rr);
997 a->mdns_ptr_rr = dns_resource_record_unref(a->mdns_ptr_rr);
998 }
999 }
1000 }
1001
1002 if (a->family == AF_INET6) {
1003
1004 if (!force_remove &&
1005 link_address_relevant(a, true) &&
1006 a->link->llmnr_ipv6_scope &&
1007 a->link->llmnr_support == RESOLVE_SUPPORT_YES &&
1008 a->link->manager->llmnr_support == RESOLVE_SUPPORT_YES) {
1009
1010 if (!a->link->manager->llmnr_host_ipv6_key) {
1011 a->link->manager->llmnr_host_ipv6_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_AAAA, a->link->manager->llmnr_hostname);
1012 if (!a->link->manager->llmnr_host_ipv6_key) {
1013 r = -ENOMEM;
1014 goto fail;
1015 }
1016 }
1017
1018 if (!a->llmnr_address_rr) {
1019 a->llmnr_address_rr = dns_resource_record_new(a->link->manager->llmnr_host_ipv6_key);
1020 if (!a->llmnr_address_rr) {
1021 r = -ENOMEM;
1022 goto fail;
1023 }
1024
1025 a->llmnr_address_rr->aaaa.in6_addr = a->in_addr.in6;
1026 a->llmnr_address_rr->ttl = LLMNR_DEFAULT_TTL;
1027 }
1028
1029 if (!a->llmnr_ptr_rr) {
1030 r = dns_resource_record_new_reverse(&a->llmnr_ptr_rr, a->family, &a->in_addr, a->link->manager->llmnr_hostname);
1031 if (r < 0)
1032 goto fail;
1033
1034 a->llmnr_ptr_rr->ttl = LLMNR_DEFAULT_TTL;
1035 }
1036
1037 r = dns_zone_put(&a->link->llmnr_ipv6_scope->zone, a->link->llmnr_ipv6_scope, a->llmnr_address_rr, true);
1038 if (r < 0)
1039 log_link_warning_errno(a->link, r, "Failed to add AAAA record to LLMNR zone, ignoring: %m");
1040
1041 r = dns_zone_put(&a->link->llmnr_ipv6_scope->zone, a->link->llmnr_ipv6_scope, a->llmnr_ptr_rr, false);
1042 if (r < 0)
1043 log_link_warning_errno(a->link, r, "Failed to add IPv6 PTR record to LLMNR zone, ignoring: %m");
1044 } else {
1045 if (a->llmnr_address_rr) {
1046 if (a->link->llmnr_ipv6_scope)
1047 dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_address_rr);
1048 a->llmnr_address_rr = dns_resource_record_unref(a->llmnr_address_rr);
1049 }
1050
1051 if (a->llmnr_ptr_rr) {
1052 if (a->link->llmnr_ipv6_scope)
1053 dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_ptr_rr);
1054 a->llmnr_ptr_rr = dns_resource_record_unref(a->llmnr_ptr_rr);
1055 }
1056 }
1057
1058 if (!force_remove &&
1059 link_address_relevant(a, true) &&
1060 a->link->mdns_ipv6_scope &&
1061 a->link->mdns_support == RESOLVE_SUPPORT_YES &&
1062 a->link->manager->mdns_support == RESOLVE_SUPPORT_YES) {
1063
1064 if (!a->link->manager->mdns_host_ipv6_key) {
1065 a->link->manager->mdns_host_ipv6_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_AAAA, a->link->manager->mdns_hostname);
1066 if (!a->link->manager->mdns_host_ipv6_key) {
1067 r = -ENOMEM;
1068 goto fail;
1069 }
1070 }
1071
1072 if (!a->mdns_address_rr) {
1073 a->mdns_address_rr = dns_resource_record_new(a->link->manager->mdns_host_ipv6_key);
1074 if (!a->mdns_address_rr) {
1075 r = -ENOMEM;
1076 goto fail;
1077 }
1078
1079 a->mdns_address_rr->aaaa.in6_addr = a->in_addr.in6;
1080 a->mdns_address_rr->ttl = MDNS_DEFAULT_TTL;
1081 }
1082
1083 if (!a->mdns_ptr_rr) {
1084 r = dns_resource_record_new_reverse(&a->mdns_ptr_rr, a->family, &a->in_addr, a->link->manager->mdns_hostname);
1085 if (r < 0)
1086 goto fail;
1087
1088 a->mdns_ptr_rr->ttl = MDNS_DEFAULT_TTL;
1089 }
1090
1091 r = dns_zone_put(&a->link->mdns_ipv6_scope->zone, a->link->mdns_ipv6_scope, a->mdns_address_rr, true);
1092 if (r < 0)
1093 log_link_warning_errno(a->link, r, "Failed to add AAAA record to MDNS zone, ignoring: %m");
1094
1095 r = dns_zone_put(&a->link->mdns_ipv6_scope->zone, a->link->mdns_ipv6_scope, a->mdns_ptr_rr, false);
1096 if (r < 0)
1097 log_link_warning_errno(a->link, r, "Failed to add IPv6 PTR record to MDNS zone, ignoring: %m");
1098 } else {
1099 if (a->mdns_address_rr) {
1100 if (a->link->mdns_ipv6_scope)
1101 dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_address_rr);
1102 a->mdns_address_rr = dns_resource_record_unref(a->mdns_address_rr);
1103 }
1104
1105 if (a->mdns_ptr_rr) {
1106 if (a->link->mdns_ipv6_scope)
1107 dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_ptr_rr);
1108 a->mdns_ptr_rr = dns_resource_record_unref(a->mdns_ptr_rr);
1109 }
1110 }
1111 }
1112
1113 return;
1114
1115 fail:
1116 log_link_debug_errno(a->link, r, "Failed to update address RRs, ignoring: %m");
1117 }
1118
1119 int link_address_update_rtnl(LinkAddress *a, sd_netlink_message *m) {
1120 int r;
1121
1122 assert(a);
1123 assert(m);
1124
1125 r = sd_rtnl_message_addr_get_flags(m, &a->flags);
1126 if (r < 0)
1127 return r;
1128
1129 (void) sd_rtnl_message_addr_get_prefixlen(m, &a->prefixlen);
1130 (void) sd_rtnl_message_addr_get_scope(m, &a->scope);
1131
1132 link_allocate_scopes(a->link);
1133 link_add_rrs(a->link, false);
1134
1135 return 0;
1136 }
1137
1138 bool link_address_relevant(LinkAddress *a, bool local_multicast) {
1139 assert(a);
1140
1141 if (a->flags & (IFA_F_DEPRECATED|IFA_F_TENTATIVE))
1142 return false;
1143
1144 if (a->scope >= (local_multicast ? RT_SCOPE_HOST : RT_SCOPE_LINK))
1145 return false;
1146
1147 return true;
1148 }
1149
1150 static bool link_needs_save(Link *l) {
1151 assert(l);
1152
1153 /* Returns true if any of the settings where set different from the default */
1154
1155 if (l->is_managed)
1156 return false;
1157
1158 if (l->llmnr_support != RESOLVE_SUPPORT_YES ||
1159 l->mdns_support != RESOLVE_SUPPORT_NO ||
1160 l->dnssec_mode != _DNSSEC_MODE_INVALID ||
1161 l->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
1162 return true;
1163
1164 if (l->dns_servers ||
1165 l->search_domains)
1166 return true;
1167
1168 if (!set_isempty(l->dnssec_negative_trust_anchors))
1169 return true;
1170
1171 if (l->default_route >= 0)
1172 return true;
1173
1174 return false;
1175 }
1176
1177 int link_save_user(Link *l) {
1178 _cleanup_free_ char *temp_path = NULL;
1179 _cleanup_fclose_ FILE *f = NULL;
1180 const char *v;
1181 int r;
1182
1183 assert(l);
1184 assert(l->state_file);
1185
1186 if (!link_needs_save(l)) {
1187 (void) unlink(l->state_file);
1188 return 0;
1189 }
1190
1191 r = mkdir_parents(l->state_file, 0700);
1192 if (r < 0)
1193 goto fail;
1194
1195 r = fopen_temporary(l->state_file, &f, &temp_path);
1196 if (r < 0)
1197 goto fail;
1198
1199 (void) fchmod(fileno(f), 0644);
1200
1201 fputs("# This is private data. Do not parse.\n", f);
1202
1203 v = resolve_support_to_string(l->llmnr_support);
1204 if (v)
1205 fprintf(f, "LLMNR=%s\n", v);
1206
1207 v = resolve_support_to_string(l->mdns_support);
1208 if (v)
1209 fprintf(f, "MDNS=%s\n", v);
1210
1211 v = dnssec_mode_to_string(l->dnssec_mode);
1212 if (v)
1213 fprintf(f, "DNSSEC=%s\n", v);
1214
1215 if (l->default_route >= 0)
1216 fprintf(f, "DEFAULT_ROUTE=%s\n", yes_no(l->default_route));
1217
1218 if (l->dns_servers) {
1219 fputs("SERVERS=", f);
1220 LIST_FOREACH(servers, server, l->dns_servers) {
1221
1222 if (server != l->dns_servers)
1223 fputc(' ', f);
1224
1225 v = dns_server_string_full(server);
1226 if (!v) {
1227 r = -ENOMEM;
1228 goto fail;
1229 }
1230
1231 fputs(v, f);
1232 }
1233 fputc('\n', f);
1234 }
1235
1236 if (l->search_domains) {
1237 fputs("DOMAINS=", f);
1238 LIST_FOREACH(domains, domain, l->search_domains) {
1239
1240 if (domain != l->search_domains)
1241 fputc(' ', f);
1242
1243 if (domain->route_only)
1244 fputc('~', f);
1245
1246 fputs(DNS_SEARCH_DOMAIN_NAME(domain), f);
1247 }
1248 fputc('\n', f);
1249 }
1250
1251 if (!set_isempty(l->dnssec_negative_trust_anchors)) {
1252 bool space = false;
1253 char *nta;
1254
1255 fputs("NTAS=", f);
1256 SET_FOREACH(nta, l->dnssec_negative_trust_anchors) {
1257
1258 if (space)
1259 fputc(' ', f);
1260
1261 fputs(nta, f);
1262 space = true;
1263 }
1264 fputc('\n', f);
1265 }
1266
1267 r = fflush_and_check(f);
1268 if (r < 0)
1269 goto fail;
1270
1271 if (rename(temp_path, l->state_file) < 0) {
1272 r = -errno;
1273 goto fail;
1274 }
1275
1276 return 0;
1277
1278 fail:
1279 (void) unlink(l->state_file);
1280
1281 if (temp_path)
1282 (void) unlink(temp_path);
1283
1284 return log_link_error_errno(l, r, "Failed to save link data %s: %m", l->state_file);
1285 }
1286
1287 int link_load_user(Link *l) {
1288 _cleanup_free_ char
1289 *llmnr = NULL,
1290 *mdns = NULL,
1291 *dnssec = NULL,
1292 *servers = NULL,
1293 *domains = NULL,
1294 *ntas = NULL,
1295 *default_route = NULL;
1296
1297 ResolveSupport s;
1298 const char *p;
1299 int r;
1300
1301 assert(l);
1302 assert(l->state_file);
1303
1304 /* Try to load only a single time */
1305 if (l->loaded)
1306 return 0;
1307 l->loaded = true;
1308
1309 if (l->is_managed)
1310 return 0; /* if the device is managed, then networkd is our configuration source, not the bus API */
1311
1312 r = parse_env_file(NULL, l->state_file,
1313 "LLMNR", &llmnr,
1314 "MDNS", &mdns,
1315 "DNSSEC", &dnssec,
1316 "SERVERS", &servers,
1317 "DOMAINS", &domains,
1318 "NTAS", &ntas,
1319 "DEFAULT_ROUTE", &default_route);
1320 if (r == -ENOENT)
1321 return 0;
1322 if (r < 0)
1323 goto fail;
1324
1325 link_flush_settings(l);
1326
1327 /* If we can't recognize the LLMNR or MDNS setting we don't override the default */
1328 s = resolve_support_from_string(llmnr);
1329 if (s >= 0)
1330 l->llmnr_support = s;
1331
1332 s = resolve_support_from_string(mdns);
1333 if (s >= 0)
1334 l->mdns_support = s;
1335
1336 r = parse_boolean(default_route);
1337 if (r >= 0)
1338 l->default_route = r;
1339
1340 /* If we can't recognize the DNSSEC setting, then set it to invalid, so that the daemon default is used. */
1341 l->dnssec_mode = dnssec_mode_from_string(dnssec);
1342
1343 for (p = servers;;) {
1344 _cleanup_free_ char *word = NULL;
1345
1346 r = extract_first_word(&p, &word, NULL, 0);
1347 if (r < 0)
1348 goto fail;
1349 if (r == 0)
1350 break;
1351
1352 r = link_update_dns_server_one(l, word);
1353 if (r < 0) {
1354 log_link_debug_errno(l, r, "Failed to load DNS server '%s', ignoring: %m", word);
1355 continue;
1356 }
1357 }
1358
1359 for (p = domains;;) {
1360 _cleanup_free_ char *word = NULL;
1361 const char *n;
1362 bool is_route;
1363
1364 r = extract_first_word(&p, &word, NULL, 0);
1365 if (r < 0)
1366 goto fail;
1367 if (r == 0)
1368 break;
1369
1370 is_route = word[0] == '~';
1371 n = is_route ? word + 1 : word;
1372
1373 r = link_update_search_domain_one(l, n, is_route);
1374 if (r < 0) {
1375 log_link_debug_errno(l, r, "Failed to load search domain '%s', ignoring: %m", word);
1376 continue;
1377 }
1378 }
1379
1380 if (ntas) {
1381 _cleanup_set_free_free_ Set *ns = NULL;
1382
1383 ns = set_new(&dns_name_hash_ops);
1384 if (!ns) {
1385 r = -ENOMEM;
1386 goto fail;
1387 }
1388
1389 r = set_put_strsplit(ns, ntas, NULL, 0);
1390 if (r < 0)
1391 goto fail;
1392
1393 l->dnssec_negative_trust_anchors = TAKE_PTR(ns);
1394 }
1395
1396 return 0;
1397
1398 fail:
1399 return log_link_error_errno(l, r, "Failed to load link data %s: %m", l->state_file);
1400 }
1401
1402 void link_remove_user(Link *l) {
1403 assert(l);
1404 assert(l->state_file);
1405
1406 (void) unlink(l->state_file);
1407 }
1408
1409 bool link_negative_trust_anchor_lookup(Link *l, const char *name) {
1410 int r;
1411
1412 assert(l);
1413 assert(name);
1414
1415 /* Checks whether the specified domain (or any of its parent domains) are listed as per-link NTA. */
1416
1417 for (;;) {
1418 if (set_contains(l->dnssec_negative_trust_anchors, name))
1419 return true;
1420
1421 /* And now, let's look at the parent, and check that too */
1422 r = dns_name_parent(&name);
1423 if (r < 0)
1424 return r;
1425 if (r == 0)
1426 break;
1427 }
1428
1429 return false;
1430 }
Unnamed repository; edit this file 'description' to name the repository.