]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolved-link.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #5319 from keszybz/test-execute
[thirdparty/systemd.git] / src / resolve / resolved-link.c
1 /***
2 This file is part of systemd.
3
4 Copyright 2014 Lennart Poettering
5
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
10
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
15
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
18 ***/
19
20 #include <net/if.h>
21
22 #include "sd-network.h"
23
24 #include "alloc-util.h"
25 #include "fd-util.h"
26 #include "fileio.h"
27 #include "missing.h"
28 #include "mkdir.h"
29 #include "parse-util.h"
30 #include "resolved-link.h"
31 #include "string-util.h"
32 #include "strv.h"
33
34 int link_new(Manager *m, Link **ret, int ifindex) {
35 _cleanup_(link_freep) Link *l = NULL;
36 int r;
37
38 assert(m);
39 assert(ifindex > 0);
40
41 r = hashmap_ensure_allocated(&m->links, NULL);
42 if (r < 0)
43 return r;
44
45 l = new0(Link, 1);
46 if (!l)
47 return -ENOMEM;
48
49 l->ifindex = ifindex;
50 l->llmnr_support = RESOLVE_SUPPORT_YES;
51 l->mdns_support = RESOLVE_SUPPORT_NO;
52 l->dnssec_mode = _DNSSEC_MODE_INVALID;
53 l->operstate = IF_OPER_UNKNOWN;
54
55 if (asprintf(&l->state_file, "/run/systemd/resolve/netif/%i", ifindex) < 0)
56 return -ENOMEM;
57
58 r = hashmap_put(m->links, INT_TO_PTR(ifindex), l);
59 if (r < 0)
60 return r;
61
62 l->manager = m;
63
64 if (ret)
65 *ret = l;
66 l = NULL;
67
68 return 0;
69 }
70
71 void link_flush_settings(Link *l) {
72 assert(l);
73
74 l->llmnr_support = RESOLVE_SUPPORT_YES;
75 l->mdns_support = RESOLVE_SUPPORT_NO;
76 l->dnssec_mode = _DNSSEC_MODE_INVALID;
77
78 dns_server_unlink_all(l->dns_servers);
79 dns_search_domain_unlink_all(l->search_domains);
80
81 l->dnssec_negative_trust_anchors = set_free_free(l->dnssec_negative_trust_anchors);
82 }
83
84 Link *link_free(Link *l) {
85 if (!l)
86 return NULL;
87
88 /* Send goodbye messages. */
89 dns_scope_announce(l->mdns_ipv4_scope, true);
90 dns_scope_announce(l->mdns_ipv6_scope, true);
91
92 link_flush_settings(l);
93
94 while (l->addresses)
95 (void) link_address_free(l->addresses);
96
97 if (l->manager)
98 hashmap_remove(l->manager->links, INT_TO_PTR(l->ifindex));
99
100 dns_scope_free(l->unicast_scope);
101 dns_scope_free(l->llmnr_ipv4_scope);
102 dns_scope_free(l->llmnr_ipv6_scope);
103 dns_scope_free(l->mdns_ipv4_scope);
104 dns_scope_free(l->mdns_ipv6_scope);
105
106 free(l->state_file);
107
108 return mfree(l);
109 }
110
111 void link_allocate_scopes(Link *l) {
112 int r;
113
114 assert(l);
115
116 if (link_relevant(l, AF_UNSPEC, false) &&
117 l->dns_servers) {
118 if (!l->unicast_scope) {
119 r = dns_scope_new(l->manager, &l->unicast_scope, l, DNS_PROTOCOL_DNS, AF_UNSPEC);
120 if (r < 0)
121 log_warning_errno(r, "Failed to allocate DNS scope: %m");
122 }
123 } else
124 l->unicast_scope = dns_scope_free(l->unicast_scope);
125
126 if (link_relevant(l, AF_INET, true) &&
127 l->llmnr_support != RESOLVE_SUPPORT_NO &&
128 l->manager->llmnr_support != RESOLVE_SUPPORT_NO) {
129 if (!l->llmnr_ipv4_scope) {
130 r = dns_scope_new(l->manager, &l->llmnr_ipv4_scope, l, DNS_PROTOCOL_LLMNR, AF_INET);
131 if (r < 0)
132 log_warning_errno(r, "Failed to allocate LLMNR IPv4 scope: %m");
133 }
134 } else
135 l->llmnr_ipv4_scope = dns_scope_free(l->llmnr_ipv4_scope);
136
137 if (link_relevant(l, AF_INET6, true) &&
138 l->llmnr_support != RESOLVE_SUPPORT_NO &&
139 l->manager->llmnr_support != RESOLVE_SUPPORT_NO &&
140 socket_ipv6_is_supported()) {
141 if (!l->llmnr_ipv6_scope) {
142 r = dns_scope_new(l->manager, &l->llmnr_ipv6_scope, l, DNS_PROTOCOL_LLMNR, AF_INET6);
143 if (r < 0)
144 log_warning_errno(r, "Failed to allocate LLMNR IPv6 scope: %m");
145 }
146 } else
147 l->llmnr_ipv6_scope = dns_scope_free(l->llmnr_ipv6_scope);
148
149 if (link_relevant(l, AF_INET, true) &&
150 l->mdns_support != RESOLVE_SUPPORT_NO &&
151 l->manager->mdns_support != RESOLVE_SUPPORT_NO) {
152 if (!l->mdns_ipv4_scope) {
153 r = dns_scope_new(l->manager, &l->mdns_ipv4_scope, l, DNS_PROTOCOL_MDNS, AF_INET);
154 if (r < 0)
155 log_warning_errno(r, "Failed to allocate mDNS IPv4 scope: %m");
156 }
157 } else
158 l->mdns_ipv4_scope = dns_scope_free(l->mdns_ipv4_scope);
159
160 if (link_relevant(l, AF_INET6, true) &&
161 l->mdns_support != RESOLVE_SUPPORT_NO &&
162 l->manager->mdns_support != RESOLVE_SUPPORT_NO) {
163 if (!l->mdns_ipv6_scope) {
164 r = dns_scope_new(l->manager, &l->mdns_ipv6_scope, l, DNS_PROTOCOL_MDNS, AF_INET6);
165 if (r < 0)
166 log_warning_errno(r, "Failed to allocate mDNS IPv6 scope: %m");
167 }
168 } else
169 l->mdns_ipv6_scope = dns_scope_free(l->mdns_ipv6_scope);
170 }
171
172 void link_add_rrs(Link *l, bool force_remove) {
173 LinkAddress *a;
174
175 LIST_FOREACH(addresses, a, l->addresses)
176 link_address_add_rrs(a, force_remove);
177 }
178
179 int link_process_rtnl(Link *l, sd_netlink_message *m) {
180 const char *n = NULL;
181 int r;
182
183 assert(l);
184 assert(m);
185
186 r = sd_rtnl_message_link_get_flags(m, &l->flags);
187 if (r < 0)
188 return r;
189
190 (void) sd_netlink_message_read_u32(m, IFLA_MTU, &l->mtu);
191 (void) sd_netlink_message_read_u8(m, IFLA_OPERSTATE, &l->operstate);
192
193 if (sd_netlink_message_read_string(m, IFLA_IFNAME, &n) >= 0) {
194 strncpy(l->name, n, sizeof(l->name)-1);
195 char_array_0(l->name);
196 }
197
198 link_allocate_scopes(l);
199 link_add_rrs(l, false);
200
201 return 0;
202 }
203
204 static int link_update_dns_server_one(Link *l, const char *name) {
205 union in_addr_union a;
206 DnsServer *s;
207 int family, r;
208
209 assert(l);
210 assert(name);
211
212 r = in_addr_from_string_auto(name, &family, &a);
213 if (r < 0)
214 return r;
215
216 s = dns_server_find(l->dns_servers, family, &a, 0);
217 if (s) {
218 dns_server_move_back_and_unmark(s);
219 return 0;
220 }
221
222 return dns_server_new(l->manager, NULL, DNS_SERVER_LINK, l, family, &a, 0);
223 }
224
225 static int link_update_dns_servers(Link *l) {
226 _cleanup_strv_free_ char **nameservers = NULL;
227 char **nameserver;
228 int r;
229
230 assert(l);
231
232 r = sd_network_link_get_dns(l->ifindex, &nameservers);
233 if (r == -ENODATA) {
234 r = 0;
235 goto clear;
236 }
237 if (r < 0)
238 goto clear;
239
240 dns_server_mark_all(l->dns_servers);
241
242 STRV_FOREACH(nameserver, nameservers) {
243 r = link_update_dns_server_one(l, *nameserver);
244 if (r < 0)
245 goto clear;
246 }
247
248 dns_server_unlink_marked(l->dns_servers);
249 return 0;
250
251 clear:
252 dns_server_unlink_all(l->dns_servers);
253 return r;
254 }
255
256 static int link_update_llmnr_support(Link *l) {
257 _cleanup_free_ char *b = NULL;
258 int r;
259
260 assert(l);
261
262 r = sd_network_link_get_llmnr(l->ifindex, &b);
263 if (r == -ENODATA) {
264 r = 0;
265 goto clear;
266 }
267 if (r < 0)
268 goto clear;
269
270 l->llmnr_support = resolve_support_from_string(b);
271 if (l->llmnr_support < 0) {
272 r = -EINVAL;
273 goto clear;
274 }
275
276 return 0;
277
278 clear:
279 l->llmnr_support = RESOLVE_SUPPORT_YES;
280 return r;
281 }
282
283 static int link_update_mdns_support(Link *l) {
284 _cleanup_free_ char *b = NULL;
285 int r;
286
287 assert(l);
288
289 r = sd_network_link_get_mdns(l->ifindex, &b);
290 if (r == -ENODATA) {
291 r = 0;
292 goto clear;
293 }
294 if (r < 0)
295 goto clear;
296
297 l->mdns_support = resolve_support_from_string(b);
298 if (l->mdns_support < 0) {
299 r = -EINVAL;
300 goto clear;
301 }
302
303 return 0;
304
305 clear:
306 l->mdns_support = RESOLVE_SUPPORT_NO;
307 return r;
308 }
309
310 void link_set_dnssec_mode(Link *l, DnssecMode mode) {
311
312 assert(l);
313
314 if (l->dnssec_mode == mode)
315 return;
316
317 if ((l->dnssec_mode == _DNSSEC_MODE_INVALID) ||
318 (l->dnssec_mode == DNSSEC_NO && mode != DNSSEC_NO) ||
319 (l->dnssec_mode == DNSSEC_ALLOW_DOWNGRADE && mode == DNSSEC_YES)) {
320
321 /* When switching from non-DNSSEC mode to DNSSEC mode, flush the cache. Also when switching from the
322 * allow-downgrade mode to full DNSSEC mode, flush it too. */
323 if (l->unicast_scope)
324 dns_cache_flush(&l->unicast_scope->cache);
325 }
326
327 l->dnssec_mode = mode;
328 }
329
330 static int link_update_dnssec_mode(Link *l) {
331 _cleanup_free_ char *m = NULL;
332 DnssecMode mode;
333 int r;
334
335 assert(l);
336
337 r = sd_network_link_get_dnssec(l->ifindex, &m);
338 if (r == -ENODATA) {
339 r = 0;
340 goto clear;
341 }
342 if (r < 0)
343 goto clear;
344
345 mode = dnssec_mode_from_string(m);
346 if (mode < 0) {
347 r = -EINVAL;
348 goto clear;
349 }
350
351 link_set_dnssec_mode(l, mode);
352
353 return 0;
354
355 clear:
356 l->dnssec_mode = _DNSSEC_MODE_INVALID;
357 return r;
358 }
359
360 static int link_update_dnssec_negative_trust_anchors(Link *l) {
361 _cleanup_strv_free_ char **ntas = NULL;
362 _cleanup_set_free_free_ Set *ns = NULL;
363 int r;
364
365 assert(l);
366
367 r = sd_network_link_get_dnssec_negative_trust_anchors(l->ifindex, &ntas);
368 if (r == -ENODATA) {
369 r = 0;
370 goto clear;
371 }
372 if (r < 0)
373 goto clear;
374
375 ns = set_new(&dns_name_hash_ops);
376 if (!ns)
377 return -ENOMEM;
378
379 r = set_put_strdupv(ns, ntas);
380 if (r < 0)
381 return r;
382
383 set_free_free(l->dnssec_negative_trust_anchors);
384 l->dnssec_negative_trust_anchors = ns;
385 ns = NULL;
386
387 return 0;
388
389 clear:
390 l->dnssec_negative_trust_anchors = set_free_free(l->dnssec_negative_trust_anchors);
391 return r;
392 }
393
394 static int link_update_search_domain_one(Link *l, const char *name, bool route_only) {
395 DnsSearchDomain *d;
396 int r;
397
398 assert(l);
399 assert(name);
400
401 r = dns_search_domain_find(l->search_domains, name, &d);
402 if (r < 0)
403 return r;
404 if (r > 0)
405 dns_search_domain_move_back_and_unmark(d);
406 else {
407 r = dns_search_domain_new(l->manager, &d, DNS_SEARCH_DOMAIN_LINK, l, name);
408 if (r < 0)
409 return r;
410 }
411
412 d->route_only = route_only;
413 return 0;
414 }
415
416 static int link_update_search_domains(Link *l) {
417 _cleanup_strv_free_ char **sdomains = NULL, **rdomains = NULL;
418 char **i;
419 int r, q;
420
421 assert(l);
422
423 r = sd_network_link_get_search_domains(l->ifindex, &sdomains);
424 if (r < 0 && r != -ENODATA)
425 goto clear;
426
427 q = sd_network_link_get_route_domains(l->ifindex, &rdomains);
428 if (q < 0 && q != -ENODATA) {
429 r = q;
430 goto clear;
431 }
432
433 if (r == -ENODATA && q == -ENODATA) {
434 /* networkd knows nothing about this interface, and that's fine. */
435 r = 0;
436 goto clear;
437 }
438
439 dns_search_domain_mark_all(l->search_domains);
440
441 STRV_FOREACH(i, sdomains) {
442 r = link_update_search_domain_one(l, *i, false);
443 if (r < 0)
444 goto clear;
445 }
446
447 STRV_FOREACH(i, rdomains) {
448 r = link_update_search_domain_one(l, *i, true);
449 if (r < 0)
450 goto clear;
451 }
452
453 dns_search_domain_unlink_marked(l->search_domains);
454 return 0;
455
456 clear:
457 dns_search_domain_unlink_all(l->search_domains);
458 return r;
459 }
460
461 static int link_is_managed(Link *l) {
462 _cleanup_free_ char *state = NULL;
463 int r;
464
465 assert(l);
466
467 r = sd_network_link_get_setup_state(l->ifindex, &state);
468 if (r == -ENODATA)
469 return 0;
470 if (r < 0)
471 return r;
472
473 return !STR_IN_SET(state, "pending", "unmanaged");
474 }
475
476 static void link_read_settings(Link *l) {
477 int r;
478
479 assert(l);
480
481 /* Read settings from networkd, except when networkd is not managing this interface. */
482
483 r = link_is_managed(l);
484 if (r < 0) {
485 log_warning_errno(r, "Failed to determine whether interface %s is managed: %m", l->name);
486 return;
487 }
488 if (r == 0) {
489
490 /* If this link used to be managed, but is now unmanaged, flush all our settings — but only once. */
491 if (l->is_managed)
492 link_flush_settings(l);
493
494 l->is_managed = false;
495 return;
496 }
497
498 l->is_managed = true;
499
500 r = link_update_dns_servers(l);
501 if (r < 0)
502 log_warning_errno(r, "Failed to read DNS servers for interface %s, ignoring: %m", l->name);
503
504 r = link_update_llmnr_support(l);
505 if (r < 0)
506 log_warning_errno(r, "Failed to read LLMNR support for interface %s, ignoring: %m", l->name);
507
508 r = link_update_mdns_support(l);
509 if (r < 0)
510 log_warning_errno(r, "Failed to read mDNS support for interface %s, ignoring: %m", l->name);
511
512 r = link_update_dnssec_mode(l);
513 if (r < 0)
514 log_warning_errno(r, "Failed to read DNSSEC mode for interface %s, ignoring: %m", l->name);
515
516 r = link_update_dnssec_negative_trust_anchors(l);
517 if (r < 0)
518 log_warning_errno(r, "Failed to read DNSSEC negative trust anchors for interface %s, ignoring: %m", l->name);
519
520 r = link_update_search_domains(l);
521 if (r < 0)
522 log_warning_errno(r, "Failed to read search domains for interface %s, ignoring: %m", l->name);
523 }
524
525 int link_update(Link *l) {
526 assert(l);
527
528 link_read_settings(l);
529 link_load_user(l);
530 link_allocate_scopes(l);
531 link_add_rrs(l, false);
532
533 return 0;
534 }
535
536 bool link_relevant(Link *l, int family, bool local_multicast) {
537 _cleanup_free_ char *state = NULL;
538 LinkAddress *a;
539
540 assert(l);
541
542 /* A link is relevant for local multicast traffic if it isn't a loopback or pointopoint device, has a link
543 * beat, can do multicast and has at least one link-local (or better) IP address.
544 *
545 * A link is relevant for non-multicast traffic if it isn't a loopback device, has a link beat, and has at
546 * least one routable address.*/
547
548 if (l->flags & (IFF_LOOPBACK|IFF_DORMANT))
549 return false;
550
551 if ((l->flags & (IFF_UP|IFF_LOWER_UP)) != (IFF_UP|IFF_LOWER_UP))
552 return false;
553
554 if (local_multicast) {
555 if (l->flags & IFF_POINTOPOINT)
556 return false;
557
558 if ((l->flags & IFF_MULTICAST) != IFF_MULTICAST)
559 return false;
560 }
561
562 /* Check kernel operstate
563 * https://www.kernel.org/doc/Documentation/networking/operstates.txt */
564 if (!IN_SET(l->operstate, IF_OPER_UNKNOWN, IF_OPER_UP))
565 return false;
566
567 (void) sd_network_link_get_operational_state(l->ifindex, &state);
568 if (state && !STR_IN_SET(state, "unknown", "degraded", "routable"))
569 return false;
570
571 LIST_FOREACH(addresses, a, l->addresses)
572 if ((family == AF_UNSPEC || a->family == family) && link_address_relevant(a, local_multicast))
573 return true;
574
575 return false;
576 }
577
578 LinkAddress *link_find_address(Link *l, int family, const union in_addr_union *in_addr) {
579 LinkAddress *a;
580
581 assert(l);
582
583 LIST_FOREACH(addresses, a, l->addresses)
584 if (a->family == family && in_addr_equal(family, &a->in_addr, in_addr))
585 return a;
586
587 return NULL;
588 }
589
590 DnsServer* link_set_dns_server(Link *l, DnsServer *s) {
591 assert(l);
592
593 if (l->current_dns_server == s)
594 return s;
595
596 if (s)
597 log_info("Switching to DNS server %s for interface %s.", dns_server_string(s), l->name);
598
599 dns_server_unref(l->current_dns_server);
600 l->current_dns_server = dns_server_ref(s);
601
602 if (l->unicast_scope)
603 dns_cache_flush(&l->unicast_scope->cache);
604
605 return s;
606 }
607
608 DnsServer *link_get_dns_server(Link *l) {
609 assert(l);
610
611 if (!l->current_dns_server)
612 link_set_dns_server(l, l->dns_servers);
613
614 return l->current_dns_server;
615 }
616
617 void link_next_dns_server(Link *l) {
618 assert(l);
619
620 if (!l->current_dns_server)
621 return;
622
623 /* Change to the next one, but make sure to follow the linked
624 * list only if this server is actually still linked. */
625 if (l->current_dns_server->linked && l->current_dns_server->servers_next) {
626 link_set_dns_server(l, l->current_dns_server->servers_next);
627 return;
628 }
629
630 link_set_dns_server(l, l->dns_servers);
631 }
632
633 DnssecMode link_get_dnssec_mode(Link *l) {
634 assert(l);
635
636 if (l->dnssec_mode != _DNSSEC_MODE_INVALID)
637 return l->dnssec_mode;
638
639 return manager_get_dnssec_mode(l->manager);
640 }
641
642 bool link_dnssec_supported(Link *l) {
643 DnsServer *server;
644
645 assert(l);
646
647 if (link_get_dnssec_mode(l) == DNSSEC_NO)
648 return false;
649
650 server = link_get_dns_server(l);
651 if (server)
652 return dns_server_dnssec_supported(server);
653
654 return true;
655 }
656
657 int link_address_new(Link *l, LinkAddress **ret, int family, const union in_addr_union *in_addr) {
658 LinkAddress *a;
659
660 assert(l);
661 assert(in_addr);
662
663 a = new0(LinkAddress, 1);
664 if (!a)
665 return -ENOMEM;
666
667 a->family = family;
668 a->in_addr = *in_addr;
669
670 a->link = l;
671 LIST_PREPEND(addresses, l->addresses, a);
672
673 if (ret)
674 *ret = a;
675
676 return 0;
677 }
678
679 LinkAddress *link_address_free(LinkAddress *a) {
680 if (!a)
681 return NULL;
682
683 if (a->link) {
684 LIST_REMOVE(addresses, a->link->addresses, a);
685
686 if (a->llmnr_address_rr) {
687 if (a->family == AF_INET && a->link->llmnr_ipv4_scope)
688 dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_address_rr);
689 else if (a->family == AF_INET6 && a->link->llmnr_ipv6_scope)
690 dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_address_rr);
691 }
692
693 if (a->llmnr_ptr_rr) {
694 if (a->family == AF_INET && a->link->llmnr_ipv4_scope)
695 dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_ptr_rr);
696 else if (a->family == AF_INET6 && a->link->llmnr_ipv6_scope)
697 dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_ptr_rr);
698 }
699
700 if (a->mdns_address_rr) {
701 if (a->family == AF_INET && a->link->mdns_ipv4_scope)
702 dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_address_rr);
703 else if (a->family == AF_INET6 && a->link->mdns_ipv6_scope)
704 dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_address_rr);
705 }
706
707 if (a->mdns_ptr_rr) {
708 if (a->family == AF_INET && a->link->mdns_ipv4_scope)
709 dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_ptr_rr);
710 else if (a->family == AF_INET6 && a->link->mdns_ipv6_scope)
711 dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_ptr_rr);
712 }
713 }
714
715 dns_resource_record_unref(a->llmnr_address_rr);
716 dns_resource_record_unref(a->llmnr_ptr_rr);
717 dns_resource_record_unref(a->mdns_address_rr);
718 dns_resource_record_unref(a->mdns_ptr_rr);
719
720 return mfree(a);
721 }
722
723 void link_address_add_rrs(LinkAddress *a, bool force_remove) {
724 int r;
725
726 assert(a);
727
728 if (a->family == AF_INET) {
729
730 if (!force_remove &&
731 link_address_relevant(a, true) &&
732 a->link->llmnr_ipv4_scope &&
733 a->link->llmnr_support == RESOLVE_SUPPORT_YES &&
734 a->link->manager->llmnr_support == RESOLVE_SUPPORT_YES) {
735
736 if (!a->link->manager->llmnr_host_ipv4_key) {
737 a->link->manager->llmnr_host_ipv4_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_A, a->link->manager->llmnr_hostname);
738 if (!a->link->manager->llmnr_host_ipv4_key) {
739 r = -ENOMEM;
740 goto fail;
741 }
742 }
743
744 if (!a->llmnr_address_rr) {
745 a->llmnr_address_rr = dns_resource_record_new(a->link->manager->llmnr_host_ipv4_key);
746 if (!a->llmnr_address_rr) {
747 r = -ENOMEM;
748 goto fail;
749 }
750
751 a->llmnr_address_rr->a.in_addr = a->in_addr.in;
752 a->llmnr_address_rr->ttl = LLMNR_DEFAULT_TTL;
753 }
754
755 if (!a->llmnr_ptr_rr) {
756 r = dns_resource_record_new_reverse(&a->llmnr_ptr_rr, a->family, &a->in_addr, a->link->manager->llmnr_hostname);
757 if (r < 0)
758 goto fail;
759
760 a->llmnr_ptr_rr->ttl = LLMNR_DEFAULT_TTL;
761 }
762
763 r = dns_zone_put(&a->link->llmnr_ipv4_scope->zone, a->link->llmnr_ipv4_scope, a->llmnr_address_rr, true);
764 if (r < 0)
765 log_warning_errno(r, "Failed to add A record to LLMNR zone: %m");
766
767 r = dns_zone_put(&a->link->llmnr_ipv4_scope->zone, a->link->llmnr_ipv4_scope, a->llmnr_ptr_rr, false);
768 if (r < 0)
769 log_warning_errno(r, "Failed to add IPv4 PTR record to LLMNR zone: %m");
770 } else {
771 if (a->llmnr_address_rr) {
772 if (a->link->llmnr_ipv4_scope)
773 dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_address_rr);
774 a->llmnr_address_rr = dns_resource_record_unref(a->llmnr_address_rr);
775 }
776
777 if (a->llmnr_ptr_rr) {
778 if (a->link->llmnr_ipv4_scope)
779 dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_ptr_rr);
780 a->llmnr_ptr_rr = dns_resource_record_unref(a->llmnr_ptr_rr);
781 }
782 }
783
784 if (!force_remove &&
785 link_address_relevant(a, true) &&
786 a->link->mdns_ipv4_scope &&
787 a->link->mdns_support == RESOLVE_SUPPORT_YES &&
788 a->link->manager->mdns_support == RESOLVE_SUPPORT_YES) {
789 if (!a->link->manager->mdns_host_ipv4_key) {
790 a->link->manager->mdns_host_ipv4_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_A, a->link->manager->mdns_hostname);
791 if (!a->link->manager->mdns_host_ipv4_key) {
792 r = -ENOMEM;
793 goto fail;
794 }
795 }
796
797 if (!a->mdns_address_rr) {
798 a->mdns_address_rr = dns_resource_record_new(a->link->manager->mdns_host_ipv4_key);
799 if (!a->mdns_address_rr) {
800 r = -ENOMEM;
801 goto fail;
802 }
803
804 a->mdns_address_rr->a.in_addr = a->in_addr.in;
805 a->mdns_address_rr->ttl = MDNS_DEFAULT_TTL;
806 }
807
808 if (!a->mdns_ptr_rr) {
809 r = dns_resource_record_new_reverse(&a->mdns_ptr_rr, a->family, &a->in_addr, a->link->manager->mdns_hostname);
810 if (r < 0)
811 goto fail;
812
813 a->mdns_ptr_rr->ttl = MDNS_DEFAULT_TTL;
814 }
815
816 r = dns_zone_put(&a->link->mdns_ipv4_scope->zone, a->link->mdns_ipv4_scope, a->mdns_address_rr, true);
817 if (r < 0)
818 log_warning_errno(r, "Failed to add A record to MDNS zone: %m");
819
820 r = dns_zone_put(&a->link->mdns_ipv4_scope->zone, a->link->mdns_ipv4_scope, a->mdns_ptr_rr, false);
821 if (r < 0)
822 log_warning_errno(r, "Failed to add IPv4 PTR record to MDNS zone: %m");
823 } else {
824 if (a->mdns_address_rr) {
825 if (a->link->mdns_ipv4_scope)
826 dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_address_rr);
827 a->mdns_address_rr = dns_resource_record_unref(a->mdns_address_rr);
828 }
829
830 if (a->mdns_ptr_rr) {
831 if (a->link->mdns_ipv4_scope)
832 dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_ptr_rr);
833 a->mdns_ptr_rr = dns_resource_record_unref(a->mdns_ptr_rr);
834 }
835 }
836 }
837
838 if (a->family == AF_INET6) {
839
840 if (!force_remove &&
841 link_address_relevant(a, true) &&
842 a->link->llmnr_ipv6_scope &&
843 a->link->llmnr_support == RESOLVE_SUPPORT_YES &&
844 a->link->manager->llmnr_support == RESOLVE_SUPPORT_YES) {
845
846 if (!a->link->manager->llmnr_host_ipv6_key) {
847 a->link->manager->llmnr_host_ipv6_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_AAAA, a->link->manager->llmnr_hostname);
848 if (!a->link->manager->llmnr_host_ipv6_key) {
849 r = -ENOMEM;
850 goto fail;
851 }
852 }
853
854 if (!a->llmnr_address_rr) {
855 a->llmnr_address_rr = dns_resource_record_new(a->link->manager->llmnr_host_ipv6_key);
856 if (!a->llmnr_address_rr) {
857 r = -ENOMEM;
858 goto fail;
859 }
860
861 a->llmnr_address_rr->aaaa.in6_addr = a->in_addr.in6;
862 a->llmnr_address_rr->ttl = LLMNR_DEFAULT_TTL;
863 }
864
865 if (!a->llmnr_ptr_rr) {
866 r = dns_resource_record_new_reverse(&a->llmnr_ptr_rr, a->family, &a->in_addr, a->link->manager->llmnr_hostname);
867 if (r < 0)
868 goto fail;
869
870 a->llmnr_ptr_rr->ttl = LLMNR_DEFAULT_TTL;
871 }
872
873 r = dns_zone_put(&a->link->llmnr_ipv6_scope->zone, a->link->llmnr_ipv6_scope, a->llmnr_address_rr, true);
874 if (r < 0)
875 log_warning_errno(r, "Failed to add AAAA record to LLMNR zone: %m");
876
877 r = dns_zone_put(&a->link->llmnr_ipv6_scope->zone, a->link->llmnr_ipv6_scope, a->llmnr_ptr_rr, false);
878 if (r < 0)
879 log_warning_errno(r, "Failed to add IPv6 PTR record to LLMNR zone: %m");
880 } else {
881 if (a->llmnr_address_rr) {
882 if (a->link->llmnr_ipv6_scope)
883 dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_address_rr);
884 a->llmnr_address_rr = dns_resource_record_unref(a->llmnr_address_rr);
885 }
886
887 if (a->llmnr_ptr_rr) {
888 if (a->link->llmnr_ipv6_scope)
889 dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_ptr_rr);
890 a->llmnr_ptr_rr = dns_resource_record_unref(a->llmnr_ptr_rr);
891 }
892 }
893
894 if (!force_remove &&
895 link_address_relevant(a, true) &&
896 a->link->mdns_ipv6_scope &&
897 a->link->mdns_support == RESOLVE_SUPPORT_YES &&
898 a->link->manager->mdns_support == RESOLVE_SUPPORT_YES) {
899
900 if (!a->link->manager->mdns_host_ipv6_key) {
901 a->link->manager->mdns_host_ipv6_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_AAAA, a->link->manager->mdns_hostname);
902 if (!a->link->manager->mdns_host_ipv6_key) {
903 r = -ENOMEM;
904 goto fail;
905 }
906 }
907
908 if (!a->mdns_address_rr) {
909 a->mdns_address_rr = dns_resource_record_new(a->link->manager->mdns_host_ipv6_key);
910 if (!a->mdns_address_rr) {
911 r = -ENOMEM;
912 goto fail;
913 }
914
915 a->mdns_address_rr->aaaa.in6_addr = a->in_addr.in6;
916 a->mdns_address_rr->ttl = MDNS_DEFAULT_TTL;
917 }
918
919 if (!a->mdns_ptr_rr) {
920 r = dns_resource_record_new_reverse(&a->mdns_ptr_rr, a->family, &a->in_addr, a->link->manager->mdns_hostname);
921 if (r < 0)
922 goto fail;
923
924 a->mdns_ptr_rr->ttl = MDNS_DEFAULT_TTL;
925 }
926
927 r = dns_zone_put(&a->link->mdns_ipv6_scope->zone, a->link->mdns_ipv6_scope, a->mdns_address_rr, true);
928 if (r < 0)
929 log_warning_errno(r, "Failed to add AAAA record to MDNS zone: %m");
930
931 r = dns_zone_put(&a->link->mdns_ipv6_scope->zone, a->link->mdns_ipv6_scope, a->mdns_ptr_rr, false);
932 if (r < 0)
933 log_warning_errno(r, "Failed to add IPv6 PTR record to MDNS zone: %m");
934 } else {
935 if (a->mdns_address_rr) {
936 if (a->link->mdns_ipv6_scope)
937 dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_address_rr);
938 a->mdns_address_rr = dns_resource_record_unref(a->mdns_address_rr);
939 }
940
941 if (a->mdns_ptr_rr) {
942 if (a->link->mdns_ipv6_scope)
943 dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_ptr_rr);
944 a->mdns_ptr_rr = dns_resource_record_unref(a->mdns_ptr_rr);
945 }
946 }
947 }
948
949 return;
950
951 fail:
952 log_debug_errno(r, "Failed to update address RRs: %m");
953 }
954
955 int link_address_update_rtnl(LinkAddress *a, sd_netlink_message *m) {
956 int r;
957 assert(a);
958 assert(m);
959
960 r = sd_rtnl_message_addr_get_flags(m, &a->flags);
961 if (r < 0)
962 return r;
963
964 sd_rtnl_message_addr_get_scope(m, &a->scope);
965
966 link_allocate_scopes(a->link);
967 link_add_rrs(a->link, false);
968
969 return 0;
970 }
971
972 bool link_address_relevant(LinkAddress *a, bool local_multicast) {
973 assert(a);
974
975 if (a->flags & (IFA_F_DEPRECATED|IFA_F_TENTATIVE))
976 return false;
977
978 if (a->scope >= (local_multicast ? RT_SCOPE_HOST : RT_SCOPE_LINK))
979 return false;
980
981 return true;
982 }
983
984 static bool link_needs_save(Link *l) {
985 assert(l);
986
987 /* Returns true if any of the settings where set different from the default */
988
989 if (l->is_managed)
990 return false;
991
992 if (l->llmnr_support != RESOLVE_SUPPORT_YES ||
993 l->mdns_support != RESOLVE_SUPPORT_NO ||
994 l->dnssec_mode != _DNSSEC_MODE_INVALID)
995 return true;
996
997 if (l->dns_servers ||
998 l->search_domains)
999 return true;
1000
1001 if (!set_isempty(l->dnssec_negative_trust_anchors))
1002 return true;
1003
1004 return false;
1005 }
1006
1007 int link_save_user(Link *l) {
1008 _cleanup_free_ char *temp_path = NULL;
1009 _cleanup_fclose_ FILE *f = NULL;
1010 const char *v;
1011 int r;
1012
1013 assert(l);
1014 assert(l->state_file);
1015
1016 if (!link_needs_save(l)) {
1017 (void) unlink(l->state_file);
1018 return 0;
1019 }
1020
1021 r = mkdir_parents(l->state_file, 0700);
1022 if (r < 0)
1023 goto fail;
1024
1025 r = fopen_temporary(l->state_file, &f, &temp_path);
1026 if (r < 0)
1027 goto fail;
1028
1029 fputs("# This is private data. Do not parse.\n", f);
1030
1031 v = resolve_support_to_string(l->llmnr_support);
1032 if (v)
1033 fprintf(f, "LLMNR=%s\n", v);
1034
1035 v = resolve_support_to_string(l->mdns_support);
1036 if (v)
1037 fprintf(f, "MDNS=%s\n", v);
1038
1039 v = dnssec_mode_to_string(l->dnssec_mode);
1040 if (v)
1041 fprintf(f, "DNSSEC=%s\n", v);
1042
1043 if (l->dns_servers) {
1044 DnsServer *server;
1045
1046 fputs("SERVERS=", f);
1047 LIST_FOREACH(servers, server, l->dns_servers) {
1048
1049 if (server != l->dns_servers)
1050 fputc(' ', f);
1051
1052 v = dns_server_string(server);
1053 if (!v) {
1054 r = -ENOMEM;
1055 goto fail;
1056 }
1057
1058 fputs(v, f);
1059 }
1060 fputc('\n', f);
1061 }
1062
1063 if (l->search_domains) {
1064 DnsSearchDomain *domain;
1065
1066 fputs("DOMAINS=", f);
1067 LIST_FOREACH(domains, domain, l->search_domains) {
1068
1069 if (domain != l->search_domains)
1070 fputc(' ', f);
1071
1072 if (domain->route_only)
1073 fputc('~', f);
1074
1075 fputs(DNS_SEARCH_DOMAIN_NAME(domain), f);
1076 }
1077 fputc('\n', f);
1078 }
1079
1080 if (!set_isempty(l->dnssec_negative_trust_anchors)) {
1081 bool space = false;
1082 Iterator i;
1083 char *nta;
1084
1085 fputs("NTAS=", f);
1086 SET_FOREACH(nta, l->dnssec_negative_trust_anchors, i) {
1087
1088 if (space)
1089 fputc(' ', f);
1090
1091 fputs(nta, f);
1092 space = true;
1093 }
1094 fputc('\n', f);
1095 }
1096
1097 r = fflush_and_check(f);
1098 if (r < 0)
1099 goto fail;
1100
1101 if (rename(temp_path, l->state_file) < 0) {
1102 r = -errno;
1103 goto fail;
1104 }
1105
1106 return 0;
1107
1108 fail:
1109 (void) unlink(l->state_file);
1110
1111 if (temp_path)
1112 (void) unlink(temp_path);
1113
1114 return log_error_errno(r, "Failed to save link data %s: %m", l->state_file);
1115 }
1116
1117 int link_load_user(Link *l) {
1118 _cleanup_free_ char
1119 *llmnr = NULL,
1120 *mdns = NULL,
1121 *dnssec = NULL,
1122 *servers = NULL,
1123 *domains = NULL,
1124 *ntas = NULL;
1125
1126 ResolveSupport s;
1127 const char *p;
1128 int r;
1129
1130 assert(l);
1131 assert(l->state_file);
1132
1133 /* Try to load only a single time */
1134 if (l->loaded)
1135 return 0;
1136 l->loaded = true;
1137
1138 if (l->is_managed)
1139 return 0; /* if the device is managed, then networkd is our configuration source, not the bus API */
1140
1141 r = parse_env_file(l->state_file, NEWLINE,
1142 "LLMNR", &llmnr,
1143 "MDNS", &mdns,
1144 "DNSSEC", &dnssec,
1145 "SERVERS", &servers,
1146 "DOMAINS", &domains,
1147 "NTAS", &ntas,
1148 NULL);
1149 if (r == -ENOENT)
1150 return 0;
1151 if (r < 0)
1152 goto fail;
1153
1154 link_flush_settings(l);
1155
1156 /* If we can't recognize the LLMNR or MDNS setting we don't override the default */
1157 s = resolve_support_from_string(llmnr);
1158 if (s >= 0)
1159 l->llmnr_support = s;
1160
1161 s = resolve_support_from_string(mdns);
1162 if (s >= 0)
1163 l->mdns_support = s;
1164
1165 /* If we can't recognize the DNSSEC setting, then set it to invalid, so that the daemon default is used. */
1166 l->dnssec_mode = dnssec_mode_from_string(dnssec);
1167
1168 for (p = servers;;) {
1169 _cleanup_free_ char *word = NULL;
1170
1171 r = extract_first_word(&p, &word, NULL, 0);
1172 if (r < 0)
1173 goto fail;
1174 if (r == 0)
1175 break;
1176
1177 r = link_update_dns_server_one(l, word);
1178 if (r < 0) {
1179 log_debug_errno(r, "Failed to load DNS server '%s', ignoring: %m", word);
1180 continue;
1181 }
1182 }
1183
1184 for (p = domains;;) {
1185 _cleanup_free_ char *word = NULL;
1186 const char *n;
1187 bool is_route;
1188
1189 r = extract_first_word(&p, &word, NULL, 0);
1190 if (r < 0)
1191 goto fail;
1192 if (r == 0)
1193 break;
1194
1195 is_route = word[0] == '~';
1196 n = is_route ? word + 1 : word;
1197
1198 r = link_update_search_domain_one(l, n, is_route);
1199 if (r < 0) {
1200 log_debug_errno(r, "Failed to load search domain '%s', ignoring: %m", word);
1201 continue;
1202 }
1203 }
1204
1205 if (ntas) {
1206 _cleanup_set_free_free_ Set *ns = NULL;
1207
1208 ns = set_new(&dns_name_hash_ops);
1209 if (!ns) {
1210 r = -ENOMEM;
1211 goto fail;
1212 }
1213
1214 r = set_put_strsplit(ns, ntas, NULL, 0);
1215 if (r < 0)
1216 goto fail;
1217
1218 l->dnssec_negative_trust_anchors = ns;
1219 ns = NULL;
1220 }
1221
1222 return 0;
1223
1224 fail:
1225 return log_error_errno(r, "Failed to load link data %s: %m", l->state_file);
1226 }
1227
1228 void link_remove_user(Link *l) {
1229 assert(l);
1230 assert(l->state_file);
1231
1232 (void) unlink(l->state_file);
1233 }
Unnamed repository; edit this file 'description' to name the repository.