]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolved-link.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
resolve: rename Link.name -> Link.ifname
[thirdparty/systemd.git] / src / resolve / resolved-link.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2
3 #include <linux/if.h>
4 #include <unistd.h>
5
6 #include "sd-network.h"
7
8 #include "alloc-util.h"
9 #include "env-file.h"
10 #include "fd-util.h"
11 #include "fileio.h"
12 #include "mkdir.h"
13 #include "parse-util.h"
14 #include "resolved-link.h"
15 #include "resolved-llmnr.h"
16 #include "resolved-mdns.h"
17 #include "string-util.h"
18 #include "strv.h"
19 #include "tmpfile-util.h"
20
21 int link_new(Manager *m, Link **ret, int ifindex) {
22 _cleanup_(link_freep) Link *l = NULL;
23 int r;
24
25 assert(m);
26 assert(ifindex > 0);
27
28 r = hashmap_ensure_allocated(&m->links, NULL);
29 if (r < 0)
30 return r;
31
32 l = new(Link, 1);
33 if (!l)
34 return -ENOMEM;
35
36 *l = (Link) {
37 .ifindex = ifindex,
38 .default_route = -1,
39 .llmnr_support = RESOLVE_SUPPORT_YES,
40 .mdns_support = RESOLVE_SUPPORT_NO,
41 .dnssec_mode = _DNSSEC_MODE_INVALID,
42 .dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID,
43 .operstate = IF_OPER_UNKNOWN,
44 };
45
46 if (asprintf(&l->state_file, "/run/systemd/resolve/netif/%i", ifindex) < 0)
47 return -ENOMEM;
48
49 r = hashmap_put(m->links, INT_TO_PTR(ifindex), l);
50 if (r < 0)
51 return r;
52
53 l->manager = m;
54
55 if (ret)
56 *ret = l;
57 l = NULL;
58
59 return 0;
60 }
61
62 void link_flush_settings(Link *l) {
63 assert(l);
64
65 l->default_route = -1;
66 l->llmnr_support = RESOLVE_SUPPORT_YES;
67 l->mdns_support = RESOLVE_SUPPORT_NO;
68 l->dnssec_mode = _DNSSEC_MODE_INVALID;
69 l->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID;
70
71 dns_server_unlink_all(l->dns_servers);
72 dns_search_domain_unlink_all(l->search_domains);
73
74 l->dnssec_negative_trust_anchors = set_free_free(l->dnssec_negative_trust_anchors);
75 }
76
77 Link *link_free(Link *l) {
78 if (!l)
79 return NULL;
80
81 /* Send goodbye messages. */
82 dns_scope_announce(l->mdns_ipv4_scope, true);
83 dns_scope_announce(l->mdns_ipv6_scope, true);
84
85 link_flush_settings(l);
86
87 while (l->addresses)
88 (void) link_address_free(l->addresses);
89
90 if (l->manager)
91 hashmap_remove(l->manager->links, INT_TO_PTR(l->ifindex));
92
93 dns_scope_free(l->unicast_scope);
94 dns_scope_free(l->llmnr_ipv4_scope);
95 dns_scope_free(l->llmnr_ipv6_scope);
96 dns_scope_free(l->mdns_ipv4_scope);
97 dns_scope_free(l->mdns_ipv6_scope);
98
99 free(l->state_file);
100 free(l->ifname);
101
102 return mfree(l);
103 }
104
105 void link_allocate_scopes(Link *l) {
106 bool unicast_relevant;
107 int r;
108
109 assert(l);
110
111 /* If a link that used to be relevant is no longer, or a link that did not use to be relevant now becomes
112 * relevant, let's reinit the learnt global DNS server information, since we might talk to different servers
113 * now, even if they have the same addresses as before. */
114
115 unicast_relevant = link_relevant(l, AF_UNSPEC, false);
116 if (unicast_relevant != l->unicast_relevant) {
117 l->unicast_relevant = unicast_relevant;
118
119 dns_server_reset_features_all(l->manager->fallback_dns_servers);
120 dns_server_reset_features_all(l->manager->dns_servers);
121
122 /* Also, flush the global unicast scope, to deal with split horizon setups, where talking through one
123 * interface reveals different DNS zones than through others. */
124 if (l->manager->unicast_scope)
125 dns_cache_flush(&l->manager->unicast_scope->cache);
126 }
127
128 /* And now, allocate all scopes that makes sense now if we didn't have them yet, and drop those which we don't
129 * need anymore */
130
131 if (unicast_relevant && l->dns_servers) {
132 if (!l->unicast_scope) {
133 dns_server_reset_features_all(l->dns_servers);
134
135 r = dns_scope_new(l->manager, &l->unicast_scope, l, DNS_PROTOCOL_DNS, AF_UNSPEC);
136 if (r < 0)
137 log_warning_errno(r, "Failed to allocate DNS scope: %m");
138 }
139 } else
140 l->unicast_scope = dns_scope_free(l->unicast_scope);
141
142 if (link_relevant(l, AF_INET, true) &&
143 l->llmnr_support != RESOLVE_SUPPORT_NO &&
144 l->manager->llmnr_support != RESOLVE_SUPPORT_NO) {
145 if (!l->llmnr_ipv4_scope) {
146 r = dns_scope_new(l->manager, &l->llmnr_ipv4_scope, l, DNS_PROTOCOL_LLMNR, AF_INET);
147 if (r < 0)
148 log_warning_errno(r, "Failed to allocate LLMNR IPv4 scope: %m");
149 }
150 } else
151 l->llmnr_ipv4_scope = dns_scope_free(l->llmnr_ipv4_scope);
152
153 if (link_relevant(l, AF_INET6, true) &&
154 l->llmnr_support != RESOLVE_SUPPORT_NO &&
155 l->manager->llmnr_support != RESOLVE_SUPPORT_NO &&
156 socket_ipv6_is_supported()) {
157 if (!l->llmnr_ipv6_scope) {
158 r = dns_scope_new(l->manager, &l->llmnr_ipv6_scope, l, DNS_PROTOCOL_LLMNR, AF_INET6);
159 if (r < 0)
160 log_warning_errno(r, "Failed to allocate LLMNR IPv6 scope: %m");
161 }
162 } else
163 l->llmnr_ipv6_scope = dns_scope_free(l->llmnr_ipv6_scope);
164
165 if (link_relevant(l, AF_INET, true) &&
166 l->mdns_support != RESOLVE_SUPPORT_NO &&
167 l->manager->mdns_support != RESOLVE_SUPPORT_NO) {
168 if (!l->mdns_ipv4_scope) {
169 r = dns_scope_new(l->manager, &l->mdns_ipv4_scope, l, DNS_PROTOCOL_MDNS, AF_INET);
170 if (r < 0)
171 log_warning_errno(r, "Failed to allocate mDNS IPv4 scope: %m");
172 }
173 } else
174 l->mdns_ipv4_scope = dns_scope_free(l->mdns_ipv4_scope);
175
176 if (link_relevant(l, AF_INET6, true) &&
177 l->mdns_support != RESOLVE_SUPPORT_NO &&
178 l->manager->mdns_support != RESOLVE_SUPPORT_NO) {
179 if (!l->mdns_ipv6_scope) {
180 r = dns_scope_new(l->manager, &l->mdns_ipv6_scope, l, DNS_PROTOCOL_MDNS, AF_INET6);
181 if (r < 0)
182 log_warning_errno(r, "Failed to allocate mDNS IPv6 scope: %m");
183 }
184 } else
185 l->mdns_ipv6_scope = dns_scope_free(l->mdns_ipv6_scope);
186 }
187
188 void link_add_rrs(Link *l, bool force_remove) {
189 LinkAddress *a;
190 int r;
191
192 LIST_FOREACH(addresses, a, l->addresses)
193 link_address_add_rrs(a, force_remove);
194
195 if (!force_remove &&
196 l->mdns_support == RESOLVE_SUPPORT_YES &&
197 l->manager->mdns_support == RESOLVE_SUPPORT_YES) {
198
199 if (l->mdns_ipv4_scope) {
200 r = dns_scope_add_dnssd_services(l->mdns_ipv4_scope);
201 if (r < 0)
202 log_warning_errno(r, "Failed to add IPv4 DNS-SD services: %m");
203 }
204
205 if (l->mdns_ipv6_scope) {
206 r = dns_scope_add_dnssd_services(l->mdns_ipv6_scope);
207 if (r < 0)
208 log_warning_errno(r, "Failed to add IPv6 DNS-SD services: %m");
209 }
210
211 } else {
212
213 if (l->mdns_ipv4_scope) {
214 r = dns_scope_remove_dnssd_services(l->mdns_ipv4_scope);
215 if (r < 0)
216 log_warning_errno(r, "Failed to remove IPv4 DNS-SD services: %m");
217 }
218
219 if (l->mdns_ipv6_scope) {
220 r = dns_scope_remove_dnssd_services(l->mdns_ipv6_scope);
221 if (r < 0)
222 log_warning_errno(r, "Failed to remove IPv6 DNS-SD services: %m");
223 }
224 }
225 }
226
227 int link_process_rtnl(Link *l, sd_netlink_message *m) {
228 const char *n = NULL;
229 int r;
230
231 assert(l);
232 assert(m);
233
234 r = sd_rtnl_message_link_get_flags(m, &l->flags);
235 if (r < 0)
236 return r;
237
238 (void) sd_netlink_message_read_u32(m, IFLA_MTU, &l->mtu);
239 (void) sd_netlink_message_read_u8(m, IFLA_OPERSTATE, &l->operstate);
240
241 if (sd_netlink_message_read_string(m, IFLA_IFNAME, &n) >= 0) {
242 r = free_and_strdup(&l->ifname, n);
243 if (r < 0)
244 return r;
245 }
246
247 link_allocate_scopes(l);
248 link_add_rrs(l, false);
249
250 return 0;
251 }
252
253 static int link_update_dns_server_one(Link *l, const char *name) {
254 union in_addr_union a;
255 DnsServer *s;
256 int family, r;
257
258 assert(l);
259 assert(name);
260
261 r = in_addr_from_string_auto(name, &family, &a);
262 if (r < 0)
263 return r;
264
265 s = dns_server_find(l->dns_servers, family, &a, 0);
266 if (s) {
267 dns_server_move_back_and_unmark(s);
268 return 0;
269 }
270
271 return dns_server_new(l->manager, NULL, DNS_SERVER_LINK, l, family, &a, 0);
272 }
273
274 static int link_update_dns_servers(Link *l) {
275 _cleanup_strv_free_ char **nameservers = NULL;
276 char **nameserver;
277 int r;
278
279 assert(l);
280
281 r = sd_network_link_get_dns(l->ifindex, &nameservers);
282 if (r == -ENODATA) {
283 r = 0;
284 goto clear;
285 }
286 if (r < 0)
287 goto clear;
288
289 dns_server_mark_all(l->dns_servers);
290
291 STRV_FOREACH(nameserver, nameservers) {
292 r = link_update_dns_server_one(l, *nameserver);
293 if (r < 0)
294 goto clear;
295 }
296
297 dns_server_unlink_marked(l->dns_servers);
298 return 0;
299
300 clear:
301 dns_server_unlink_all(l->dns_servers);
302 return r;
303 }
304
305 static int link_update_default_route(Link *l) {
306 int r;
307
308 assert(l);
309
310 r = sd_network_link_get_dns_default_route(l->ifindex);
311 if (r == -ENODATA) {
312 r = 0;
313 goto clear;
314 }
315 if (r < 0)
316 goto clear;
317
318 l->default_route = r > 0;
319 return 0;
320
321 clear:
322 l->default_route = -1;
323 return r;
324 }
325
326 static int link_update_llmnr_support(Link *l) {
327 _cleanup_free_ char *b = NULL;
328 int r;
329
330 assert(l);
331
332 r = sd_network_link_get_llmnr(l->ifindex, &b);
333 if (r == -ENODATA) {
334 r = 0;
335 goto clear;
336 }
337 if (r < 0)
338 goto clear;
339
340 l->llmnr_support = resolve_support_from_string(b);
341 if (l->llmnr_support < 0) {
342 r = -EINVAL;
343 goto clear;
344 }
345
346 return 0;
347
348 clear:
349 l->llmnr_support = RESOLVE_SUPPORT_YES;
350 return r;
351 }
352
353 static int link_update_mdns_support(Link *l) {
354 _cleanup_free_ char *b = NULL;
355 int r;
356
357 assert(l);
358
359 r = sd_network_link_get_mdns(l->ifindex, &b);
360 if (r == -ENODATA) {
361 r = 0;
362 goto clear;
363 }
364 if (r < 0)
365 goto clear;
366
367 l->mdns_support = resolve_support_from_string(b);
368 if (l->mdns_support < 0) {
369 r = -EINVAL;
370 goto clear;
371 }
372
373 return 0;
374
375 clear:
376 l->mdns_support = RESOLVE_SUPPORT_NO;
377 return r;
378 }
379
380 void link_set_dns_over_tls_mode(Link *l, DnsOverTlsMode mode) {
381
382 assert(l);
383
384 #if ! ENABLE_DNS_OVER_TLS
385 if (mode != DNS_OVER_TLS_NO)
386 log_warning("DNS-over-TLS option for the link cannot be set to opportunistic when systemd-resolved is built without DNS-over-TLS support. Turning off DNS-over-TLS support.");
387 return;
388 #endif
389
390 l->dns_over_tls_mode = mode;
391 }
392
393 static int link_update_dns_over_tls_mode(Link *l) {
394 _cleanup_free_ char *b = NULL;
395 int r;
396
397 assert(l);
398
399 r = sd_network_link_get_dns_over_tls(l->ifindex, &b);
400 if (r == -ENODATA) {
401 r = 0;
402 goto clear;
403 }
404 if (r < 0)
405 goto clear;
406
407 l->dns_over_tls_mode = dns_over_tls_mode_from_string(b);
408 if (l->dns_over_tls_mode < 0) {
409 r = -EINVAL;
410 goto clear;
411 }
412
413 return 0;
414
415 clear:
416 l->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID;
417 return r;
418 }
419
420 void link_set_dnssec_mode(Link *l, DnssecMode mode) {
421
422 assert(l);
423
424 #if ! HAVE_GCRYPT
425 if (IN_SET(mode, DNSSEC_YES, DNSSEC_ALLOW_DOWNGRADE))
426 log_warning("DNSSEC option for the link cannot be enabled or set to allow-downgrade when systemd-resolved is built without gcrypt support. Turning off DNSSEC support.");
427 return;
428 #endif
429
430 if (l->dnssec_mode == mode)
431 return;
432
433 if ((l->dnssec_mode == _DNSSEC_MODE_INVALID) ||
434 (l->dnssec_mode == DNSSEC_NO && mode != DNSSEC_NO) ||
435 (l->dnssec_mode == DNSSEC_ALLOW_DOWNGRADE && mode == DNSSEC_YES)) {
436
437 /* When switching from non-DNSSEC mode to DNSSEC mode, flush the cache. Also when switching from the
438 * allow-downgrade mode to full DNSSEC mode, flush it too. */
439 if (l->unicast_scope)
440 dns_cache_flush(&l->unicast_scope->cache);
441 }
442
443 l->dnssec_mode = mode;
444 }
445
446 static int link_update_dnssec_mode(Link *l) {
447 _cleanup_free_ char *m = NULL;
448 DnssecMode mode;
449 int r;
450
451 assert(l);
452
453 r = sd_network_link_get_dnssec(l->ifindex, &m);
454 if (r == -ENODATA) {
455 r = 0;
456 goto clear;
457 }
458 if (r < 0)
459 goto clear;
460
461 mode = dnssec_mode_from_string(m);
462 if (mode < 0) {
463 r = -EINVAL;
464 goto clear;
465 }
466
467 link_set_dnssec_mode(l, mode);
468
469 return 0;
470
471 clear:
472 l->dnssec_mode = _DNSSEC_MODE_INVALID;
473 return r;
474 }
475
476 static int link_update_dnssec_negative_trust_anchors(Link *l) {
477 _cleanup_strv_free_ char **ntas = NULL;
478 _cleanup_set_free_free_ Set *ns = NULL;
479 int r;
480
481 assert(l);
482
483 r = sd_network_link_get_dnssec_negative_trust_anchors(l->ifindex, &ntas);
484 if (r == -ENODATA) {
485 r = 0;
486 goto clear;
487 }
488 if (r < 0)
489 goto clear;
490
491 ns = set_new(&dns_name_hash_ops);
492 if (!ns)
493 return -ENOMEM;
494
495 r = set_put_strdupv(ns, ntas);
496 if (r < 0)
497 return r;
498
499 set_free_free(l->dnssec_negative_trust_anchors);
500 l->dnssec_negative_trust_anchors = TAKE_PTR(ns);
501
502 return 0;
503
504 clear:
505 l->dnssec_negative_trust_anchors = set_free_free(l->dnssec_negative_trust_anchors);
506 return r;
507 }
508
509 static int link_update_search_domain_one(Link *l, const char *name, bool route_only) {
510 DnsSearchDomain *d;
511 int r;
512
513 assert(l);
514 assert(name);
515
516 r = dns_search_domain_find(l->search_domains, name, &d);
517 if (r < 0)
518 return r;
519 if (r > 0)
520 dns_search_domain_move_back_and_unmark(d);
521 else {
522 r = dns_search_domain_new(l->manager, &d, DNS_SEARCH_DOMAIN_LINK, l, name);
523 if (r < 0)
524 return r;
525 }
526
527 d->route_only = route_only;
528 return 0;
529 }
530
531 static int link_update_search_domains(Link *l) {
532 _cleanup_strv_free_ char **sdomains = NULL, **rdomains = NULL;
533 char **i;
534 int r, q;
535
536 assert(l);
537
538 r = sd_network_link_get_search_domains(l->ifindex, &sdomains);
539 if (r < 0 && r != -ENODATA)
540 goto clear;
541
542 q = sd_network_link_get_route_domains(l->ifindex, &rdomains);
543 if (q < 0 && q != -ENODATA) {
544 r = q;
545 goto clear;
546 }
547
548 if (r == -ENODATA && q == -ENODATA) {
549 /* networkd knows nothing about this interface, and that's fine. */
550 r = 0;
551 goto clear;
552 }
553
554 dns_search_domain_mark_all(l->search_domains);
555
556 STRV_FOREACH(i, sdomains) {
557 r = link_update_search_domain_one(l, *i, false);
558 if (r < 0)
559 goto clear;
560 }
561
562 STRV_FOREACH(i, rdomains) {
563 r = link_update_search_domain_one(l, *i, true);
564 if (r < 0)
565 goto clear;
566 }
567
568 dns_search_domain_unlink_marked(l->search_domains);
569 return 0;
570
571 clear:
572 dns_search_domain_unlink_all(l->search_domains);
573 return r;
574 }
575
576 static int link_is_managed(Link *l) {
577 _cleanup_free_ char *state = NULL;
578 int r;
579
580 assert(l);
581
582 r = sd_network_link_get_setup_state(l->ifindex, &state);
583 if (r == -ENODATA)
584 return 0;
585 if (r < 0)
586 return r;
587
588 return !STR_IN_SET(state, "pending", "unmanaged");
589 }
590
591 static void link_read_settings(Link *l) {
592 int r;
593
594 assert(l);
595
596 /* Read settings from networkd, except when networkd is not managing this interface. */
597
598 r = link_is_managed(l);
599 if (r < 0) {
600 log_warning_errno(r, "Failed to determine whether interface %s is managed: %m", l->ifname);
601 return;
602 }
603 if (r == 0) {
604
605 /* If this link used to be managed, but is now unmanaged, flush all our settings — but only once. */
606 if (l->is_managed)
607 link_flush_settings(l);
608
609 l->is_managed = false;
610 return;
611 }
612
613 l->is_managed = true;
614
615 r = link_update_dns_servers(l);
616 if (r < 0)
617 log_warning_errno(r, "Failed to read DNS servers for interface %s, ignoring: %m", l->ifname);
618
619 r = link_update_llmnr_support(l);
620 if (r < 0)
621 log_warning_errno(r, "Failed to read LLMNR support for interface %s, ignoring: %m", l->ifname);
622
623 r = link_update_mdns_support(l);
624 if (r < 0)
625 log_warning_errno(r, "Failed to read mDNS support for interface %s, ignoring: %m", l->ifname);
626
627 r = link_update_dns_over_tls_mode(l);
628 if (r < 0)
629 log_warning_errno(r, "Failed to read DNS-over-TLS mode for interface %s, ignoring: %m", l->ifname);
630
631 r = link_update_dnssec_mode(l);
632 if (r < 0)
633 log_warning_errno(r, "Failed to read DNSSEC mode for interface %s, ignoring: %m", l->ifname);
634
635 r = link_update_dnssec_negative_trust_anchors(l);
636 if (r < 0)
637 log_warning_errno(r, "Failed to read DNSSEC negative trust anchors for interface %s, ignoring: %m", l->ifname);
638
639 r = link_update_search_domains(l);
640 if (r < 0)
641 log_warning_errno(r, "Failed to read search domains for interface %s, ignoring: %m", l->ifname);
642
643 r = link_update_default_route(l);
644 if (r < 0)
645 log_warning_errno(r, "Failed to read default route setting for interface %s, proceeding anyway: %m", l->ifname);
646 }
647
648 int link_update(Link *l) {
649 int r;
650
651 assert(l);
652
653 link_read_settings(l);
654 link_load_user(l);
655
656 if (l->llmnr_support != RESOLVE_SUPPORT_NO) {
657 r = manager_llmnr_start(l->manager);
658 if (r < 0)
659 return r;
660 }
661
662 if (l->mdns_support != RESOLVE_SUPPORT_NO) {
663 r = manager_mdns_start(l->manager);
664 if (r < 0)
665 return r;
666 }
667
668 link_allocate_scopes(l);
669 link_add_rrs(l, false);
670
671 return 0;
672 }
673
674 bool link_relevant(Link *l, int family, bool local_multicast) {
675 _cleanup_free_ char *state = NULL;
676 LinkAddress *a;
677
678 assert(l);
679
680 /* A link is relevant for local multicast traffic if it isn't a loopback device, has a link
681 * beat, can do multicast and has at least one link-local (or better) IP address.
682 *
683 * A link is relevant for non-multicast traffic if it isn't a loopback device, has a link beat, and has at
684 * least one routable address. */
685
686 if (l->flags & (IFF_LOOPBACK|IFF_DORMANT))
687 return false;
688
689 if ((l->flags & (IFF_UP|IFF_LOWER_UP)) != (IFF_UP|IFF_LOWER_UP))
690 return false;
691
692 if (local_multicast) {
693 if ((l->flags & IFF_MULTICAST) != IFF_MULTICAST)
694 return false;
695 }
696
697 /* Check kernel operstate
698 * https://www.kernel.org/doc/Documentation/networking/operstates.txt */
699 if (!IN_SET(l->operstate, IF_OPER_UNKNOWN, IF_OPER_UP))
700 return false;
701
702 (void) sd_network_link_get_operational_state(l->ifindex, &state);
703 if (state && !STR_IN_SET(state, "unknown", "degraded", "routable"))
704 return false;
705
706 LIST_FOREACH(addresses, a, l->addresses)
707 if ((family == AF_UNSPEC || a->family == family) && link_address_relevant(a, local_multicast))
708 return true;
709
710 return false;
711 }
712
713 LinkAddress *link_find_address(Link *l, int family, const union in_addr_union *in_addr) {
714 LinkAddress *a;
715
716 assert(l);
717
718 LIST_FOREACH(addresses, a, l->addresses)
719 if (a->family == family && in_addr_equal(family, &a->in_addr, in_addr))
720 return a;
721
722 return NULL;
723 }
724
725 DnsServer* link_set_dns_server(Link *l, DnsServer *s) {
726 assert(l);
727
728 if (l->current_dns_server == s)
729 return s;
730
731 if (s)
732 log_debug("Switching to DNS server %s for interface %s.", dns_server_string(s), l->ifname);
733
734 dns_server_unref(l->current_dns_server);
735 l->current_dns_server = dns_server_ref(s);
736
737 if (l->unicast_scope)
738 dns_cache_flush(&l->unicast_scope->cache);
739
740 return s;
741 }
742
743 DnsServer *link_get_dns_server(Link *l) {
744 assert(l);
745
746 if (!l->current_dns_server)
747 link_set_dns_server(l, l->dns_servers);
748
749 return l->current_dns_server;
750 }
751
752 void link_next_dns_server(Link *l) {
753 assert(l);
754
755 if (!l->current_dns_server)
756 return;
757
758 /* Change to the next one, but make sure to follow the linked
759 * list only if this server is actually still linked. */
760 if (l->current_dns_server->linked && l->current_dns_server->servers_next) {
761 link_set_dns_server(l, l->current_dns_server->servers_next);
762 return;
763 }
764
765 link_set_dns_server(l, l->dns_servers);
766 }
767
768 DnsOverTlsMode link_get_dns_over_tls_mode(Link *l) {
769 assert(l);
770
771 if (l->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
772 return l->dns_over_tls_mode;
773
774 return manager_get_dns_over_tls_mode(l->manager);
775 }
776
777 DnssecMode link_get_dnssec_mode(Link *l) {
778 assert(l);
779
780 if (l->dnssec_mode != _DNSSEC_MODE_INVALID)
781 return l->dnssec_mode;
782
783 return manager_get_dnssec_mode(l->manager);
784 }
785
786 bool link_dnssec_supported(Link *l) {
787 DnsServer *server;
788
789 assert(l);
790
791 if (link_get_dnssec_mode(l) == DNSSEC_NO)
792 return false;
793
794 server = link_get_dns_server(l);
795 if (server)
796 return dns_server_dnssec_supported(server);
797
798 return true;
799 }
800
801 int link_address_new(Link *l, LinkAddress **ret, int family, const union in_addr_union *in_addr) {
802 LinkAddress *a;
803
804 assert(l);
805 assert(in_addr);
806
807 a = new0(LinkAddress, 1);
808 if (!a)
809 return -ENOMEM;
810
811 a->family = family;
812 a->in_addr = *in_addr;
813
814 a->link = l;
815 LIST_PREPEND(addresses, l->addresses, a);
816 l->n_addresses++;
817
818 if (ret)
819 *ret = a;
820
821 return 0;
822 }
823
824 LinkAddress *link_address_free(LinkAddress *a) {
825 if (!a)
826 return NULL;
827
828 if (a->link) {
829 LIST_REMOVE(addresses, a->link->addresses, a);
830
831 assert(a->link->n_addresses > 0);
832 a->link->n_addresses--;
833
834 if (a->llmnr_address_rr) {
835 if (a->family == AF_INET && a->link->llmnr_ipv4_scope)
836 dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_address_rr);
837 else if (a->family == AF_INET6 && a->link->llmnr_ipv6_scope)
838 dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_address_rr);
839 }
840
841 if (a->llmnr_ptr_rr) {
842 if (a->family == AF_INET && a->link->llmnr_ipv4_scope)
843 dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_ptr_rr);
844 else if (a->family == AF_INET6 && a->link->llmnr_ipv6_scope)
845 dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_ptr_rr);
846 }
847
848 if (a->mdns_address_rr) {
849 if (a->family == AF_INET && a->link->mdns_ipv4_scope)
850 dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_address_rr);
851 else if (a->family == AF_INET6 && a->link->mdns_ipv6_scope)
852 dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_address_rr);
853 }
854
855 if (a->mdns_ptr_rr) {
856 if (a->family == AF_INET && a->link->mdns_ipv4_scope)
857 dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_ptr_rr);
858 else if (a->family == AF_INET6 && a->link->mdns_ipv6_scope)
859 dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_ptr_rr);
860 }
861 }
862
863 dns_resource_record_unref(a->llmnr_address_rr);
864 dns_resource_record_unref(a->llmnr_ptr_rr);
865 dns_resource_record_unref(a->mdns_address_rr);
866 dns_resource_record_unref(a->mdns_ptr_rr);
867
868 return mfree(a);
869 }
870
871 void link_address_add_rrs(LinkAddress *a, bool force_remove) {
872 int r;
873
874 assert(a);
875
876 if (a->family == AF_INET) {
877
878 if (!force_remove &&
879 link_address_relevant(a, true) &&
880 a->link->llmnr_ipv4_scope &&
881 a->link->llmnr_support == RESOLVE_SUPPORT_YES &&
882 a->link->manager->llmnr_support == RESOLVE_SUPPORT_YES) {
883
884 if (!a->link->manager->llmnr_host_ipv4_key) {
885 a->link->manager->llmnr_host_ipv4_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_A, a->link->manager->llmnr_hostname);
886 if (!a->link->manager->llmnr_host_ipv4_key) {
887 r = -ENOMEM;
888 goto fail;
889 }
890 }
891
892 if (!a->llmnr_address_rr) {
893 a->llmnr_address_rr = dns_resource_record_new(a->link->manager->llmnr_host_ipv4_key);
894 if (!a->llmnr_address_rr) {
895 r = -ENOMEM;
896 goto fail;
897 }
898
899 a->llmnr_address_rr->a.in_addr = a->in_addr.in;
900 a->llmnr_address_rr->ttl = LLMNR_DEFAULT_TTL;
901 }
902
903 if (!a->llmnr_ptr_rr) {
904 r = dns_resource_record_new_reverse(&a->llmnr_ptr_rr, a->family, &a->in_addr, a->link->manager->llmnr_hostname);
905 if (r < 0)
906 goto fail;
907
908 a->llmnr_ptr_rr->ttl = LLMNR_DEFAULT_TTL;
909 }
910
911 r = dns_zone_put(&a->link->llmnr_ipv4_scope->zone, a->link->llmnr_ipv4_scope, a->llmnr_address_rr, true);
912 if (r < 0)
913 log_warning_errno(r, "Failed to add A record to LLMNR zone: %m");
914
915 r = dns_zone_put(&a->link->llmnr_ipv4_scope->zone, a->link->llmnr_ipv4_scope, a->llmnr_ptr_rr, false);
916 if (r < 0)
917 log_warning_errno(r, "Failed to add IPv4 PTR record to LLMNR zone: %m");
918 } else {
919 if (a->llmnr_address_rr) {
920 if (a->link->llmnr_ipv4_scope)
921 dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_address_rr);
922 a->llmnr_address_rr = dns_resource_record_unref(a->llmnr_address_rr);
923 }
924
925 if (a->llmnr_ptr_rr) {
926 if (a->link->llmnr_ipv4_scope)
927 dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_ptr_rr);
928 a->llmnr_ptr_rr = dns_resource_record_unref(a->llmnr_ptr_rr);
929 }
930 }
931
932 if (!force_remove &&
933 link_address_relevant(a, true) &&
934 a->link->mdns_ipv4_scope &&
935 a->link->mdns_support == RESOLVE_SUPPORT_YES &&
936 a->link->manager->mdns_support == RESOLVE_SUPPORT_YES) {
937 if (!a->link->manager->mdns_host_ipv4_key) {
938 a->link->manager->mdns_host_ipv4_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_A, a->link->manager->mdns_hostname);
939 if (!a->link->manager->mdns_host_ipv4_key) {
940 r = -ENOMEM;
941 goto fail;
942 }
943 }
944
945 if (!a->mdns_address_rr) {
946 a->mdns_address_rr = dns_resource_record_new(a->link->manager->mdns_host_ipv4_key);
947 if (!a->mdns_address_rr) {
948 r = -ENOMEM;
949 goto fail;
950 }
951
952 a->mdns_address_rr->a.in_addr = a->in_addr.in;
953 a->mdns_address_rr->ttl = MDNS_DEFAULT_TTL;
954 }
955
956 if (!a->mdns_ptr_rr) {
957 r = dns_resource_record_new_reverse(&a->mdns_ptr_rr, a->family, &a->in_addr, a->link->manager->mdns_hostname);
958 if (r < 0)
959 goto fail;
960
961 a->mdns_ptr_rr->ttl = MDNS_DEFAULT_TTL;
962 }
963
964 r = dns_zone_put(&a->link->mdns_ipv4_scope->zone, a->link->mdns_ipv4_scope, a->mdns_address_rr, true);
965 if (r < 0)
966 log_warning_errno(r, "Failed to add A record to MDNS zone: %m");
967
968 r = dns_zone_put(&a->link->mdns_ipv4_scope->zone, a->link->mdns_ipv4_scope, a->mdns_ptr_rr, false);
969 if (r < 0)
970 log_warning_errno(r, "Failed to add IPv4 PTR record to MDNS zone: %m");
971 } else {
972 if (a->mdns_address_rr) {
973 if (a->link->mdns_ipv4_scope)
974 dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_address_rr);
975 a->mdns_address_rr = dns_resource_record_unref(a->mdns_address_rr);
976 }
977
978 if (a->mdns_ptr_rr) {
979 if (a->link->mdns_ipv4_scope)
980 dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_ptr_rr);
981 a->mdns_ptr_rr = dns_resource_record_unref(a->mdns_ptr_rr);
982 }
983 }
984 }
985
986 if (a->family == AF_INET6) {
987
988 if (!force_remove &&
989 link_address_relevant(a, true) &&
990 a->link->llmnr_ipv6_scope &&
991 a->link->llmnr_support == RESOLVE_SUPPORT_YES &&
992 a->link->manager->llmnr_support == RESOLVE_SUPPORT_YES) {
993
994 if (!a->link->manager->llmnr_host_ipv6_key) {
995 a->link->manager->llmnr_host_ipv6_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_AAAA, a->link->manager->llmnr_hostname);
996 if (!a->link->manager->llmnr_host_ipv6_key) {
997 r = -ENOMEM;
998 goto fail;
999 }
1000 }
1001
1002 if (!a->llmnr_address_rr) {
1003 a->llmnr_address_rr = dns_resource_record_new(a->link->manager->llmnr_host_ipv6_key);
1004 if (!a->llmnr_address_rr) {
1005 r = -ENOMEM;
1006 goto fail;
1007 }
1008
1009 a->llmnr_address_rr->aaaa.in6_addr = a->in_addr.in6;
1010 a->llmnr_address_rr->ttl = LLMNR_DEFAULT_TTL;
1011 }
1012
1013 if (!a->llmnr_ptr_rr) {
1014 r = dns_resource_record_new_reverse(&a->llmnr_ptr_rr, a->family, &a->in_addr, a->link->manager->llmnr_hostname);
1015 if (r < 0)
1016 goto fail;
1017
1018 a->llmnr_ptr_rr->ttl = LLMNR_DEFAULT_TTL;
1019 }
1020
1021 r = dns_zone_put(&a->link->llmnr_ipv6_scope->zone, a->link->llmnr_ipv6_scope, a->llmnr_address_rr, true);
1022 if (r < 0)
1023 log_warning_errno(r, "Failed to add AAAA record to LLMNR zone: %m");
1024
1025 r = dns_zone_put(&a->link->llmnr_ipv6_scope->zone, a->link->llmnr_ipv6_scope, a->llmnr_ptr_rr, false);
1026 if (r < 0)
1027 log_warning_errno(r, "Failed to add IPv6 PTR record to LLMNR zone: %m");
1028 } else {
1029 if (a->llmnr_address_rr) {
1030 if (a->link->llmnr_ipv6_scope)
1031 dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_address_rr);
1032 a->llmnr_address_rr = dns_resource_record_unref(a->llmnr_address_rr);
1033 }
1034
1035 if (a->llmnr_ptr_rr) {
1036 if (a->link->llmnr_ipv6_scope)
1037 dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_ptr_rr);
1038 a->llmnr_ptr_rr = dns_resource_record_unref(a->llmnr_ptr_rr);
1039 }
1040 }
1041
1042 if (!force_remove &&
1043 link_address_relevant(a, true) &&
1044 a->link->mdns_ipv6_scope &&
1045 a->link->mdns_support == RESOLVE_SUPPORT_YES &&
1046 a->link->manager->mdns_support == RESOLVE_SUPPORT_YES) {
1047
1048 if (!a->link->manager->mdns_host_ipv6_key) {
1049 a->link->manager->mdns_host_ipv6_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_AAAA, a->link->manager->mdns_hostname);
1050 if (!a->link->manager->mdns_host_ipv6_key) {
1051 r = -ENOMEM;
1052 goto fail;
1053 }
1054 }
1055
1056 if (!a->mdns_address_rr) {
1057 a->mdns_address_rr = dns_resource_record_new(a->link->manager->mdns_host_ipv6_key);
1058 if (!a->mdns_address_rr) {
1059 r = -ENOMEM;
1060 goto fail;
1061 }
1062
1063 a->mdns_address_rr->aaaa.in6_addr = a->in_addr.in6;
1064 a->mdns_address_rr->ttl = MDNS_DEFAULT_TTL;
1065 }
1066
1067 if (!a->mdns_ptr_rr) {
1068 r = dns_resource_record_new_reverse(&a->mdns_ptr_rr, a->family, &a->in_addr, a->link->manager->mdns_hostname);
1069 if (r < 0)
1070 goto fail;
1071
1072 a->mdns_ptr_rr->ttl = MDNS_DEFAULT_TTL;
1073 }
1074
1075 r = dns_zone_put(&a->link->mdns_ipv6_scope->zone, a->link->mdns_ipv6_scope, a->mdns_address_rr, true);
1076 if (r < 0)
1077 log_warning_errno(r, "Failed to add AAAA record to MDNS zone: %m");
1078
1079 r = dns_zone_put(&a->link->mdns_ipv6_scope->zone, a->link->mdns_ipv6_scope, a->mdns_ptr_rr, false);
1080 if (r < 0)
1081 log_warning_errno(r, "Failed to add IPv6 PTR record to MDNS zone: %m");
1082 } else {
1083 if (a->mdns_address_rr) {
1084 if (a->link->mdns_ipv6_scope)
1085 dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_address_rr);
1086 a->mdns_address_rr = dns_resource_record_unref(a->mdns_address_rr);
1087 }
1088
1089 if (a->mdns_ptr_rr) {
1090 if (a->link->mdns_ipv6_scope)
1091 dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_ptr_rr);
1092 a->mdns_ptr_rr = dns_resource_record_unref(a->mdns_ptr_rr);
1093 }
1094 }
1095 }
1096
1097 return;
1098
1099 fail:
1100 log_debug_errno(r, "Failed to update address RRs: %m");
1101 }
1102
1103 int link_address_update_rtnl(LinkAddress *a, sd_netlink_message *m) {
1104 int r;
1105 assert(a);
1106 assert(m);
1107
1108 r = sd_rtnl_message_addr_get_flags(m, &a->flags);
1109 if (r < 0)
1110 return r;
1111
1112 sd_rtnl_message_addr_get_scope(m, &a->scope);
1113
1114 link_allocate_scopes(a->link);
1115 link_add_rrs(a->link, false);
1116
1117 return 0;
1118 }
1119
1120 bool link_address_relevant(LinkAddress *a, bool local_multicast) {
1121 assert(a);
1122
1123 if (a->flags & (IFA_F_DEPRECATED|IFA_F_TENTATIVE))
1124 return false;
1125
1126 if (a->scope >= (local_multicast ? RT_SCOPE_HOST : RT_SCOPE_LINK))
1127 return false;
1128
1129 return true;
1130 }
1131
1132 static bool link_needs_save(Link *l) {
1133 assert(l);
1134
1135 /* Returns true if any of the settings where set different from the default */
1136
1137 if (l->is_managed)
1138 return false;
1139
1140 if (l->llmnr_support != RESOLVE_SUPPORT_YES ||
1141 l->mdns_support != RESOLVE_SUPPORT_NO ||
1142 l->dnssec_mode != _DNSSEC_MODE_INVALID ||
1143 l->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
1144 return true;
1145
1146 if (l->dns_servers ||
1147 l->search_domains)
1148 return true;
1149
1150 if (!set_isempty(l->dnssec_negative_trust_anchors))
1151 return true;
1152
1153 if (l->default_route >= 0)
1154 return true;
1155
1156 return false;
1157 }
1158
1159 int link_save_user(Link *l) {
1160 _cleanup_free_ char *temp_path = NULL;
1161 _cleanup_fclose_ FILE *f = NULL;
1162 const char *v;
1163 int r;
1164
1165 assert(l);
1166 assert(l->state_file);
1167
1168 if (!link_needs_save(l)) {
1169 (void) unlink(l->state_file);
1170 return 0;
1171 }
1172
1173 r = mkdir_parents(l->state_file, 0700);
1174 if (r < 0)
1175 goto fail;
1176
1177 r = fopen_temporary(l->state_file, &f, &temp_path);
1178 if (r < 0)
1179 goto fail;
1180
1181 (void) fchmod(fileno(f), 0644);
1182
1183 fputs("# This is private data. Do not parse.\n", f);
1184
1185 v = resolve_support_to_string(l->llmnr_support);
1186 if (v)
1187 fprintf(f, "LLMNR=%s\n", v);
1188
1189 v = resolve_support_to_string(l->mdns_support);
1190 if (v)
1191 fprintf(f, "MDNS=%s\n", v);
1192
1193 v = dnssec_mode_to_string(l->dnssec_mode);
1194 if (v)
1195 fprintf(f, "DNSSEC=%s\n", v);
1196
1197 if (l->default_route >= 0)
1198 fprintf(f, "DEFAULT_ROUTE=%s\n", yes_no(l->default_route));
1199
1200 if (l->dns_servers) {
1201 DnsServer *server;
1202
1203 fputs("SERVERS=", f);
1204 LIST_FOREACH(servers, server, l->dns_servers) {
1205
1206 if (server != l->dns_servers)
1207 fputc(' ', f);
1208
1209 v = dns_server_string(server);
1210 if (!v) {
1211 r = -ENOMEM;
1212 goto fail;
1213 }
1214
1215 fputs(v, f);
1216 }
1217 fputc('\n', f);
1218 }
1219
1220 if (l->search_domains) {
1221 DnsSearchDomain *domain;
1222
1223 fputs("DOMAINS=", f);
1224 LIST_FOREACH(domains, domain, l->search_domains) {
1225
1226 if (domain != l->search_domains)
1227 fputc(' ', f);
1228
1229 if (domain->route_only)
1230 fputc('~', f);
1231
1232 fputs(DNS_SEARCH_DOMAIN_NAME(domain), f);
1233 }
1234 fputc('\n', f);
1235 }
1236
1237 if (!set_isempty(l->dnssec_negative_trust_anchors)) {
1238 bool space = false;
1239 Iterator i;
1240 char *nta;
1241
1242 fputs("NTAS=", f);
1243 SET_FOREACH(nta, l->dnssec_negative_trust_anchors, i) {
1244
1245 if (space)
1246 fputc(' ', f);
1247
1248 fputs(nta, f);
1249 space = true;
1250 }
1251 fputc('\n', f);
1252 }
1253
1254 r = fflush_and_check(f);
1255 if (r < 0)
1256 goto fail;
1257
1258 if (rename(temp_path, l->state_file) < 0) {
1259 r = -errno;
1260 goto fail;
1261 }
1262
1263 return 0;
1264
1265 fail:
1266 (void) unlink(l->state_file);
1267
1268 if (temp_path)
1269 (void) unlink(temp_path);
1270
1271 return log_error_errno(r, "Failed to save link data %s: %m", l->state_file);
1272 }
1273
1274 int link_load_user(Link *l) {
1275 _cleanup_free_ char
1276 *llmnr = NULL,
1277 *mdns = NULL,
1278 *dnssec = NULL,
1279 *servers = NULL,
1280 *domains = NULL,
1281 *ntas = NULL,
1282 *default_route = NULL;
1283
1284 ResolveSupport s;
1285 const char *p;
1286 int r;
1287
1288 assert(l);
1289 assert(l->state_file);
1290
1291 /* Try to load only a single time */
1292 if (l->loaded)
1293 return 0;
1294 l->loaded = true;
1295
1296 if (l->is_managed)
1297 return 0; /* if the device is managed, then networkd is our configuration source, not the bus API */
1298
1299 r = parse_env_file(NULL, l->state_file,
1300 "LLMNR", &llmnr,
1301 "MDNS", &mdns,
1302 "DNSSEC", &dnssec,
1303 "SERVERS", &servers,
1304 "DOMAINS", &domains,
1305 "NTAS", &ntas,
1306 "DEFAULT_ROUTE", &default_route);
1307 if (r == -ENOENT)
1308 return 0;
1309 if (r < 0)
1310 goto fail;
1311
1312 link_flush_settings(l);
1313
1314 /* If we can't recognize the LLMNR or MDNS setting we don't override the default */
1315 s = resolve_support_from_string(llmnr);
1316 if (s >= 0)
1317 l->llmnr_support = s;
1318
1319 s = resolve_support_from_string(mdns);
1320 if (s >= 0)
1321 l->mdns_support = s;
1322
1323 r = parse_boolean(default_route);
1324 if (r >= 0)
1325 l->default_route = r;
1326
1327 /* If we can't recognize the DNSSEC setting, then set it to invalid, so that the daemon default is used. */
1328 l->dnssec_mode = dnssec_mode_from_string(dnssec);
1329
1330 for (p = servers;;) {
1331 _cleanup_free_ char *word = NULL;
1332
1333 r = extract_first_word(&p, &word, NULL, 0);
1334 if (r < 0)
1335 goto fail;
1336 if (r == 0)
1337 break;
1338
1339 r = link_update_dns_server_one(l, word);
1340 if (r < 0) {
1341 log_debug_errno(r, "Failed to load DNS server '%s', ignoring: %m", word);
1342 continue;
1343 }
1344 }
1345
1346 for (p = domains;;) {
1347 _cleanup_free_ char *word = NULL;
1348 const char *n;
1349 bool is_route;
1350
1351 r = extract_first_word(&p, &word, NULL, 0);
1352 if (r < 0)
1353 goto fail;
1354 if (r == 0)
1355 break;
1356
1357 is_route = word[0] == '~';
1358 n = is_route ? word + 1 : word;
1359
1360 r = link_update_search_domain_one(l, n, is_route);
1361 if (r < 0) {
1362 log_debug_errno(r, "Failed to load search domain '%s', ignoring: %m", word);
1363 continue;
1364 }
1365 }
1366
1367 if (ntas) {
1368 _cleanup_set_free_free_ Set *ns = NULL;
1369
1370 ns = set_new(&dns_name_hash_ops);
1371 if (!ns) {
1372 r = -ENOMEM;
1373 goto fail;
1374 }
1375
1376 r = set_put_strsplit(ns, ntas, NULL, 0);
1377 if (r < 0)
1378 goto fail;
1379
1380 l->dnssec_negative_trust_anchors = TAKE_PTR(ns);
1381 }
1382
1383 return 0;
1384
1385 fail:
1386 return log_error_errno(r, "Failed to load link data %s: %m", l->state_file);
1387 }
1388
1389 void link_remove_user(Link *l) {
1390 assert(l);
1391 assert(l->state_file);
1392
1393 (void) unlink(l->state_file);
1394 }
Unnamed repository; edit this file 'description' to name the repository.