]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolved-link.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #4733 from poettering/binds-to
[thirdparty/systemd.git] / src / resolve / resolved-link.c
1 /***
2 This file is part of systemd.
3
4 Copyright 2014 Lennart Poettering
5
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
10
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
15
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
18 ***/
19
20 #include <net/if.h>
21
22 #include "sd-network.h"
23
24 #include "alloc-util.h"
25 #include "fd-util.h"
26 #include "fileio.h"
27 #include "missing.h"
28 #include "mkdir.h"
29 #include "parse-util.h"
30 #include "resolved-link.h"
31 #include "string-util.h"
32 #include "strv.h"
33
34 int link_new(Manager *m, Link **ret, int ifindex) {
35 _cleanup_(link_freep) Link *l = NULL;
36 int r;
37
38 assert(m);
39 assert(ifindex > 0);
40
41 r = hashmap_ensure_allocated(&m->links, NULL);
42 if (r < 0)
43 return r;
44
45 l = new0(Link, 1);
46 if (!l)
47 return -ENOMEM;
48
49 l->ifindex = ifindex;
50 l->llmnr_support = RESOLVE_SUPPORT_YES;
51 l->mdns_support = RESOLVE_SUPPORT_NO;
52 l->dnssec_mode = _DNSSEC_MODE_INVALID;
53 l->operstate = IF_OPER_UNKNOWN;
54
55 if (asprintf(&l->state_file, "/run/systemd/resolve/netif/%i", ifindex) < 0)
56 return -ENOMEM;
57
58 r = hashmap_put(m->links, INT_TO_PTR(ifindex), l);
59 if (r < 0)
60 return r;
61
62 l->manager = m;
63
64 if (ret)
65 *ret = l;
66 l = NULL;
67
68 return 0;
69 }
70
71 void link_flush_settings(Link *l) {
72 assert(l);
73
74 l->llmnr_support = RESOLVE_SUPPORT_YES;
75 l->mdns_support = RESOLVE_SUPPORT_NO;
76 l->dnssec_mode = _DNSSEC_MODE_INVALID;
77
78 dns_server_unlink_all(l->dns_servers);
79 dns_search_domain_unlink_all(l->search_domains);
80
81 l->dnssec_negative_trust_anchors = set_free_free(l->dnssec_negative_trust_anchors);
82 }
83
84 Link *link_free(Link *l) {
85 if (!l)
86 return NULL;
87
88 /* Send goodbye messages. */
89 dns_scope_announce(l->mdns_ipv4_scope, true);
90 dns_scope_announce(l->mdns_ipv6_scope, true);
91
92 link_flush_settings(l);
93
94 while (l->addresses)
95 (void) link_address_free(l->addresses);
96
97 if (l->manager)
98 hashmap_remove(l->manager->links, INT_TO_PTR(l->ifindex));
99
100 dns_scope_free(l->unicast_scope);
101 dns_scope_free(l->llmnr_ipv4_scope);
102 dns_scope_free(l->llmnr_ipv6_scope);
103 dns_scope_free(l->mdns_ipv4_scope);
104 dns_scope_free(l->mdns_ipv6_scope);
105
106 free(l->state_file);
107
108 return mfree(l);
109 }
110
111 void link_allocate_scopes(Link *l) {
112 int r;
113
114 assert(l);
115
116 if (link_relevant(l, AF_UNSPEC, false) &&
117 l->dns_servers) {
118 if (!l->unicast_scope) {
119 r = dns_scope_new(l->manager, &l->unicast_scope, l, DNS_PROTOCOL_DNS, AF_UNSPEC);
120 if (r < 0)
121 log_warning_errno(r, "Failed to allocate DNS scope: %m");
122 }
123 } else
124 l->unicast_scope = dns_scope_free(l->unicast_scope);
125
126 if (link_relevant(l, AF_INET, true) &&
127 l->llmnr_support != RESOLVE_SUPPORT_NO &&
128 l->manager->llmnr_support != RESOLVE_SUPPORT_NO) {
129 if (!l->llmnr_ipv4_scope) {
130 r = dns_scope_new(l->manager, &l->llmnr_ipv4_scope, l, DNS_PROTOCOL_LLMNR, AF_INET);
131 if (r < 0)
132 log_warning_errno(r, "Failed to allocate LLMNR IPv4 scope: %m");
133 }
134 } else
135 l->llmnr_ipv4_scope = dns_scope_free(l->llmnr_ipv4_scope);
136
137 if (link_relevant(l, AF_INET6, true) &&
138 l->llmnr_support != RESOLVE_SUPPORT_NO &&
139 l->manager->llmnr_support != RESOLVE_SUPPORT_NO &&
140 socket_ipv6_is_supported()) {
141 if (!l->llmnr_ipv6_scope) {
142 r = dns_scope_new(l->manager, &l->llmnr_ipv6_scope, l, DNS_PROTOCOL_LLMNR, AF_INET6);
143 if (r < 0)
144 log_warning_errno(r, "Failed to allocate LLMNR IPv6 scope: %m");
145 }
146 } else
147 l->llmnr_ipv6_scope = dns_scope_free(l->llmnr_ipv6_scope);
148
149 if (link_relevant(l, AF_INET, true) &&
150 l->mdns_support != RESOLVE_SUPPORT_NO &&
151 l->manager->mdns_support != RESOLVE_SUPPORT_NO) {
152 if (!l->mdns_ipv4_scope) {
153 r = dns_scope_new(l->manager, &l->mdns_ipv4_scope, l, DNS_PROTOCOL_MDNS, AF_INET);
154 if (r < 0)
155 log_warning_errno(r, "Failed to allocate mDNS IPv4 scope: %m");
156 }
157 } else
158 l->mdns_ipv4_scope = dns_scope_free(l->mdns_ipv4_scope);
159
160 if (link_relevant(l, AF_INET6, true) &&
161 l->mdns_support != RESOLVE_SUPPORT_NO &&
162 l->manager->mdns_support != RESOLVE_SUPPORT_NO) {
163 if (!l->mdns_ipv6_scope) {
164 r = dns_scope_new(l->manager, &l->mdns_ipv6_scope, l, DNS_PROTOCOL_MDNS, AF_INET6);
165 if (r < 0)
166 log_warning_errno(r, "Failed to allocate mDNS IPv6 scope: %m");
167 }
168 } else
169 l->mdns_ipv6_scope = dns_scope_free(l->mdns_ipv6_scope);
170 }
171
172 void link_add_rrs(Link *l, bool force_remove) {
173 LinkAddress *a;
174
175 LIST_FOREACH(addresses, a, l->addresses)
176 link_address_add_rrs(a, force_remove);
177 }
178
179 int link_process_rtnl(Link *l, sd_netlink_message *m) {
180 const char *n = NULL;
181 int r;
182
183 assert(l);
184 assert(m);
185
186 r = sd_rtnl_message_link_get_flags(m, &l->flags);
187 if (r < 0)
188 return r;
189
190 (void) sd_netlink_message_read_u32(m, IFLA_MTU, &l->mtu);
191 (void) sd_netlink_message_read_u8(m, IFLA_OPERSTATE, &l->operstate);
192
193 if (sd_netlink_message_read_string(m, IFLA_IFNAME, &n) >= 0) {
194 strncpy(l->name, n, sizeof(l->name)-1);
195 char_array_0(l->name);
196 }
197
198 link_allocate_scopes(l);
199 link_add_rrs(l, false);
200
201 return 0;
202 }
203
204 static int link_update_dns_server_one(Link *l, const char *name) {
205 union in_addr_union a;
206 DnsServer *s;
207 int family, r;
208
209 assert(l);
210 assert(name);
211
212 r = in_addr_from_string_auto(name, &family, &a);
213 if (r < 0)
214 return r;
215
216 s = dns_server_find(l->dns_servers, family, &a, 0);
217 if (s) {
218 dns_server_move_back_and_unmark(s);
219 return 0;
220 }
221
222 return dns_server_new(l->manager, NULL, DNS_SERVER_LINK, l, family, &a, 0);
223 }
224
225 static int link_update_dns_servers(Link *l) {
226 _cleanup_strv_free_ char **nameservers = NULL;
227 char **nameserver;
228 int r;
229
230 assert(l);
231
232 r = sd_network_link_get_dns(l->ifindex, &nameservers);
233 if (r == -ENODATA) {
234 r = 0;
235 goto clear;
236 }
237 if (r < 0)
238 goto clear;
239
240 dns_server_mark_all(l->dns_servers);
241
242 STRV_FOREACH(nameserver, nameservers) {
243 r = link_update_dns_server_one(l, *nameserver);
244 if (r < 0)
245 goto clear;
246 }
247
248 dns_server_unlink_marked(l->dns_servers);
249 return 0;
250
251 clear:
252 dns_server_unlink_all(l->dns_servers);
253 return r;
254 }
255
256 static int link_update_llmnr_support(Link *l) {
257 _cleanup_free_ char *b = NULL;
258 int r;
259
260 assert(l);
261
262 r = sd_network_link_get_llmnr(l->ifindex, &b);
263 if (r == -ENODATA) {
264 r = 0;
265 goto clear;
266 }
267 if (r < 0)
268 goto clear;
269
270 l->llmnr_support = resolve_support_from_string(b);
271 if (l->llmnr_support < 0) {
272 r = -EINVAL;
273 goto clear;
274 }
275
276 return 0;
277
278 clear:
279 l->llmnr_support = RESOLVE_SUPPORT_YES;
280 return r;
281 }
282
283 static int link_update_mdns_support(Link *l) {
284 _cleanup_free_ char *b = NULL;
285 int r;
286
287 assert(l);
288
289 r = sd_network_link_get_mdns(l->ifindex, &b);
290 if (r == -ENODATA) {
291 r = 0;
292 goto clear;
293 }
294 if (r < 0)
295 goto clear;
296
297 l->mdns_support = resolve_support_from_string(b);
298 if (l->mdns_support < 0) {
299 r = -EINVAL;
300 goto clear;
301 }
302
303 return 0;
304
305 clear:
306 l->mdns_support = RESOLVE_SUPPORT_NO;
307 return r;
308 }
309
310 void link_set_dnssec_mode(Link *l, DnssecMode mode) {
311
312 assert(l);
313
314 if (l->dnssec_mode == mode)
315 return;
316
317 if ((l->dnssec_mode == _DNSSEC_MODE_INVALID) ||
318 (l->dnssec_mode == DNSSEC_NO && mode != DNSSEC_NO) ||
319 (l->dnssec_mode == DNSSEC_ALLOW_DOWNGRADE && mode == DNSSEC_YES)) {
320
321 /* When switching from non-DNSSEC mode to DNSSEC mode, flush the cache. Also when switching from the
322 * allow-downgrade mode to full DNSSEC mode, flush it too. */
323 if (l->unicast_scope)
324 dns_cache_flush(&l->unicast_scope->cache);
325 }
326
327 l->dnssec_mode = mode;
328 }
329
330 static int link_update_dnssec_mode(Link *l) {
331 _cleanup_free_ char *m = NULL;
332 DnssecMode mode;
333 int r;
334
335 assert(l);
336
337 r = sd_network_link_get_dnssec(l->ifindex, &m);
338 if (r == -ENODATA) {
339 r = 0;
340 goto clear;
341 }
342 if (r < 0)
343 goto clear;
344
345 mode = dnssec_mode_from_string(m);
346 if (mode < 0) {
347 r = -EINVAL;
348 goto clear;
349 }
350
351 link_set_dnssec_mode(l, mode);
352
353 return 0;
354
355 clear:
356 l->dnssec_mode = _DNSSEC_MODE_INVALID;
357 return r;
358 }
359
360 static int link_update_dnssec_negative_trust_anchors(Link *l) {
361 _cleanup_strv_free_ char **ntas = NULL;
362 _cleanup_set_free_free_ Set *ns = NULL;
363 int r;
364
365 assert(l);
366
367 r = sd_network_link_get_dnssec_negative_trust_anchors(l->ifindex, &ntas);
368 if (r == -ENODATA) {
369 r = 0;
370 goto clear;
371 }
372 if (r < 0)
373 goto clear;
374
375 ns = set_new(&dns_name_hash_ops);
376 if (!ns)
377 return -ENOMEM;
378
379 r = set_put_strdupv(ns, ntas);
380 if (r < 0)
381 return r;
382
383 set_free_free(l->dnssec_negative_trust_anchors);
384 l->dnssec_negative_trust_anchors = ns;
385 ns = NULL;
386
387 return 0;
388
389 clear:
390 l->dnssec_negative_trust_anchors = set_free_free(l->dnssec_negative_trust_anchors);
391 return r;
392 }
393
394 static int link_update_search_domain_one(Link *l, const char *name, bool route_only) {
395 DnsSearchDomain *d;
396 int r;
397
398 assert(l);
399 assert(name);
400
401 r = dns_search_domain_find(l->search_domains, name, &d);
402 if (r < 0)
403 return r;
404 if (r > 0)
405 dns_search_domain_move_back_and_unmark(d);
406 else {
407 r = dns_search_domain_new(l->manager, &d, DNS_SEARCH_DOMAIN_LINK, l, name);
408 if (r < 0)
409 return r;
410 }
411
412 d->route_only = route_only;
413 return 0;
414 }
415
416 static int link_update_search_domains(Link *l) {
417 _cleanup_strv_free_ char **sdomains = NULL, **rdomains = NULL;
418 char **i;
419 int r, q;
420
421 assert(l);
422
423 r = sd_network_link_get_search_domains(l->ifindex, &sdomains);
424 if (r < 0 && r != -ENODATA)
425 goto clear;
426
427 q = sd_network_link_get_route_domains(l->ifindex, &rdomains);
428 if (q < 0 && q != -ENODATA) {
429 r = q;
430 goto clear;
431 }
432
433 if (r == -ENODATA && q == -ENODATA) {
434 /* networkd knows nothing about this interface, and that's fine. */
435 r = 0;
436 goto clear;
437 }
438
439 dns_search_domain_mark_all(l->search_domains);
440
441 STRV_FOREACH(i, sdomains) {
442 r = link_update_search_domain_one(l, *i, false);
443 if (r < 0)
444 goto clear;
445 }
446
447 STRV_FOREACH(i, rdomains) {
448 r = link_update_search_domain_one(l, *i, true);
449 if (r < 0)
450 goto clear;
451 }
452
453 dns_search_domain_unlink_marked(l->search_domains);
454 return 0;
455
456 clear:
457 dns_search_domain_unlink_all(l->search_domains);
458 return r;
459 }
460
461 static int link_is_managed(Link *l) {
462 _cleanup_free_ char *state = NULL;
463 int r;
464
465 assert(l);
466
467 r = sd_network_link_get_setup_state(l->ifindex, &state);
468 if (r == -ENODATA)
469 return 0;
470 if (r < 0)
471 return r;
472
473 return !STR_IN_SET(state, "pending", "unmanaged");
474 }
475
476 static void link_read_settings(Link *l) {
477 int r;
478
479 assert(l);
480
481 /* Read settings from networkd, except when networkd is not managing this interface. */
482
483 r = link_is_managed(l);
484 if (r < 0) {
485 log_warning_errno(r, "Failed to determine whether interface %s is managed: %m", l->name);
486 return;
487 }
488 if (r == 0) {
489
490 /* If this link used to be managed, but is now unmanaged, flush all our settings — but only once. */
491 if (l->is_managed)
492 link_flush_settings(l);
493
494 l->is_managed = false;
495 return;
496 }
497
498 l->is_managed = true;
499
500 r = link_update_dns_servers(l);
501 if (r < 0)
502 log_warning_errno(r, "Failed to read DNS servers for interface %s, ignoring: %m", l->name);
503
504 r = link_update_llmnr_support(l);
505 if (r < 0)
506 log_warning_errno(r, "Failed to read LLMNR support for interface %s, ignoring: %m", l->name);
507
508 r = link_update_mdns_support(l);
509 if (r < 0)
510 log_warning_errno(r, "Failed to read mDNS support for interface %s, ignoring: %m", l->name);
511
512 r = link_update_dnssec_mode(l);
513 if (r < 0)
514 log_warning_errno(r, "Failed to read DNSSEC mode for interface %s, ignoring: %m", l->name);
515
516 r = link_update_dnssec_negative_trust_anchors(l);
517 if (r < 0)
518 log_warning_errno(r, "Failed to read DNSSEC negative trust anchors for interface %s, ignoring: %m", l->name);
519
520 r = link_update_search_domains(l);
521 if (r < 0)
522 log_warning_errno(r, "Failed to read search domains for interface %s, ignoring: %m", l->name);
523 }
524
525 int link_update(Link *l) {
526 assert(l);
527
528 link_read_settings(l);
529 link_load_user(l);
530 link_allocate_scopes(l);
531 link_add_rrs(l, false);
532
533 return 0;
534 }
535
536 bool link_relevant(Link *l, int family, bool local_multicast) {
537 _cleanup_free_ char *state = NULL;
538 LinkAddress *a;
539
540 assert(l);
541
542 /* A link is relevant for local multicast traffic if it isn't a loopback or pointopoint device, has a link
543 * beat, can do multicast and has at least one link-local (or better) IP address.
544 *
545 * A link is relevant for non-multicast traffic if it isn't a loopback device, has a link beat, and has at
546 * least one routable address.*/
547
548 if (l->flags & (IFF_LOOPBACK|IFF_DORMANT))
549 return false;
550
551 if ((l->flags & (IFF_UP|IFF_LOWER_UP)) != (IFF_UP|IFF_LOWER_UP))
552 return false;
553
554 if (local_multicast) {
555 if (l->flags & IFF_POINTOPOINT)
556 return false;
557
558 if ((l->flags & IFF_MULTICAST) != IFF_MULTICAST)
559 return false;
560 }
561
562 /* Check kernel operstate
563 * https://www.kernel.org/doc/Documentation/networking/operstates.txt */
564 if (!IN_SET(l->operstate, IF_OPER_UNKNOWN, IF_OPER_UP))
565 return false;
566
567 (void) sd_network_link_get_operational_state(l->ifindex, &state);
568 if (state && !STR_IN_SET(state, "unknown", "degraded", "routable"))
569 return false;
570
571 LIST_FOREACH(addresses, a, l->addresses)
572 if ((family == AF_UNSPEC || a->family == family) && link_address_relevant(a, local_multicast))
573 return true;
574
575 return false;
576 }
577
578 LinkAddress *link_find_address(Link *l, int family, const union in_addr_union *in_addr) {
579 LinkAddress *a;
580
581 assert(l);
582
583 LIST_FOREACH(addresses, a, l->addresses)
584 if (a->family == family && in_addr_equal(family, &a->in_addr, in_addr))
585 return a;
586
587 return NULL;
588 }
589
590 DnsServer* link_set_dns_server(Link *l, DnsServer *s) {
591 assert(l);
592
593 if (l->current_dns_server == s)
594 return s;
595
596 if (s)
597 log_info("Switching to DNS server %s for interface %s.", dns_server_string(s), l->name);
598
599 dns_server_unref(l->current_dns_server);
600 l->current_dns_server = dns_server_ref(s);
601
602 if (l->unicast_scope)
603 dns_cache_flush(&l->unicast_scope->cache);
604
605 return s;
606 }
607
608 DnsServer *link_get_dns_server(Link *l) {
609 assert(l);
610
611 if (!l->current_dns_server)
612 link_set_dns_server(l, l->dns_servers);
613
614 return l->current_dns_server;
615 }
616
617 void link_next_dns_server(Link *l) {
618 assert(l);
619
620 if (!l->current_dns_server)
621 return;
622
623 /* Change to the next one, but make sure to follow the linked
624 * list only if this server is actually still linked. */
625 if (l->current_dns_server->linked && l->current_dns_server->servers_next) {
626 link_set_dns_server(l, l->current_dns_server->servers_next);
627 return;
628 }
629
630 link_set_dns_server(l, l->dns_servers);
631 }
632
633 DnssecMode link_get_dnssec_mode(Link *l) {
634 assert(l);
635
636 if (l->dnssec_mode != _DNSSEC_MODE_INVALID)
637 return l->dnssec_mode;
638
639 return manager_get_dnssec_mode(l->manager);
640 }
641
642 bool link_dnssec_supported(Link *l) {
643 DnsServer *server;
644
645 assert(l);
646
647 if (link_get_dnssec_mode(l) == DNSSEC_NO)
648 return false;
649
650 server = link_get_dns_server(l);
651 if (server)
652 return dns_server_dnssec_supported(server);
653
654 return true;
655 }
656
657 int link_address_new(Link *l, LinkAddress **ret, int family, const union in_addr_union *in_addr) {
658 LinkAddress *a;
659
660 assert(l);
661 assert(in_addr);
662
663 a = new0(LinkAddress, 1);
664 if (!a)
665 return -ENOMEM;
666
667 a->family = family;
668 a->in_addr = *in_addr;
669
670 a->link = l;
671 LIST_PREPEND(addresses, l->addresses, a);
672 l->n_addresses++;
673
674 if (ret)
675 *ret = a;
676
677 return 0;
678 }
679
680 LinkAddress *link_address_free(LinkAddress *a) {
681 if (!a)
682 return NULL;
683
684 if (a->link) {
685 LIST_REMOVE(addresses, a->link->addresses, a);
686
687 assert(a->link->n_addresses > 0);
688 a->link->n_addresses--;
689
690 if (a->llmnr_address_rr) {
691 if (a->family == AF_INET && a->link->llmnr_ipv4_scope)
692 dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_address_rr);
693 else if (a->family == AF_INET6 && a->link->llmnr_ipv6_scope)
694 dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_address_rr);
695 }
696
697 if (a->llmnr_ptr_rr) {
698 if (a->family == AF_INET && a->link->llmnr_ipv4_scope)
699 dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_ptr_rr);
700 else if (a->family == AF_INET6 && a->link->llmnr_ipv6_scope)
701 dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_ptr_rr);
702 }
703
704 if (a->mdns_address_rr) {
705 if (a->family == AF_INET && a->link->mdns_ipv4_scope)
706 dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_address_rr);
707 else if (a->family == AF_INET6 && a->link->mdns_ipv6_scope)
708 dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_address_rr);
709 }
710
711 if (a->mdns_ptr_rr) {
712 if (a->family == AF_INET && a->link->mdns_ipv4_scope)
713 dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_ptr_rr);
714 else if (a->family == AF_INET6 && a->link->mdns_ipv6_scope)
715 dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_ptr_rr);
716 }
717 }
718
719 dns_resource_record_unref(a->llmnr_address_rr);
720 dns_resource_record_unref(a->llmnr_ptr_rr);
721 dns_resource_record_unref(a->mdns_address_rr);
722 dns_resource_record_unref(a->mdns_ptr_rr);
723
724 return mfree(a);
725 }
726
727 void link_address_add_rrs(LinkAddress *a, bool force_remove) {
728 int r;
729
730 assert(a);
731
732 if (a->family == AF_INET) {
733
734 if (!force_remove &&
735 link_address_relevant(a, true) &&
736 a->link->llmnr_ipv4_scope &&
737 a->link->llmnr_support == RESOLVE_SUPPORT_YES &&
738 a->link->manager->llmnr_support == RESOLVE_SUPPORT_YES) {
739
740 if (!a->link->manager->llmnr_host_ipv4_key) {
741 a->link->manager->llmnr_host_ipv4_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_A, a->link->manager->llmnr_hostname);
742 if (!a->link->manager->llmnr_host_ipv4_key) {
743 r = -ENOMEM;
744 goto fail;
745 }
746 }
747
748 if (!a->llmnr_address_rr) {
749 a->llmnr_address_rr = dns_resource_record_new(a->link->manager->llmnr_host_ipv4_key);
750 if (!a->llmnr_address_rr) {
751 r = -ENOMEM;
752 goto fail;
753 }
754
755 a->llmnr_address_rr->a.in_addr = a->in_addr.in;
756 a->llmnr_address_rr->ttl = LLMNR_DEFAULT_TTL;
757 }
758
759 if (!a->llmnr_ptr_rr) {
760 r = dns_resource_record_new_reverse(&a->llmnr_ptr_rr, a->family, &a->in_addr, a->link->manager->llmnr_hostname);
761 if (r < 0)
762 goto fail;
763
764 a->llmnr_ptr_rr->ttl = LLMNR_DEFAULT_TTL;
765 }
766
767 r = dns_zone_put(&a->link->llmnr_ipv4_scope->zone, a->link->llmnr_ipv4_scope, a->llmnr_address_rr, true);
768 if (r < 0)
769 log_warning_errno(r, "Failed to add A record to LLMNR zone: %m");
770
771 r = dns_zone_put(&a->link->llmnr_ipv4_scope->zone, a->link->llmnr_ipv4_scope, a->llmnr_ptr_rr, false);
772 if (r < 0)
773 log_warning_errno(r, "Failed to add IPv4 PTR record to LLMNR zone: %m");
774 } else {
775 if (a->llmnr_address_rr) {
776 if (a->link->llmnr_ipv4_scope)
777 dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_address_rr);
778 a->llmnr_address_rr = dns_resource_record_unref(a->llmnr_address_rr);
779 }
780
781 if (a->llmnr_ptr_rr) {
782 if (a->link->llmnr_ipv4_scope)
783 dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_ptr_rr);
784 a->llmnr_ptr_rr = dns_resource_record_unref(a->llmnr_ptr_rr);
785 }
786 }
787
788 if (!force_remove &&
789 link_address_relevant(a, true) &&
790 a->link->mdns_ipv4_scope &&
791 a->link->mdns_support == RESOLVE_SUPPORT_YES &&
792 a->link->manager->mdns_support == RESOLVE_SUPPORT_YES) {
793 if (!a->link->manager->mdns_host_ipv4_key) {
794 a->link->manager->mdns_host_ipv4_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_A, a->link->manager->mdns_hostname);
795 if (!a->link->manager->mdns_host_ipv4_key) {
796 r = -ENOMEM;
797 goto fail;
798 }
799 }
800
801 if (!a->mdns_address_rr) {
802 a->mdns_address_rr = dns_resource_record_new(a->link->manager->mdns_host_ipv4_key);
803 if (!a->mdns_address_rr) {
804 r = -ENOMEM;
805 goto fail;
806 }
807
808 a->mdns_address_rr->a.in_addr = a->in_addr.in;
809 a->mdns_address_rr->ttl = MDNS_DEFAULT_TTL;
810 }
811
812 if (!a->mdns_ptr_rr) {
813 r = dns_resource_record_new_reverse(&a->mdns_ptr_rr, a->family, &a->in_addr, a->link->manager->mdns_hostname);
814 if (r < 0)
815 goto fail;
816
817 a->mdns_ptr_rr->ttl = MDNS_DEFAULT_TTL;
818 }
819
820 r = dns_zone_put(&a->link->mdns_ipv4_scope->zone, a->link->mdns_ipv4_scope, a->mdns_address_rr, true);
821 if (r < 0)
822 log_warning_errno(r, "Failed to add A record to MDNS zone: %m");
823
824 r = dns_zone_put(&a->link->mdns_ipv4_scope->zone, a->link->mdns_ipv4_scope, a->mdns_ptr_rr, false);
825 if (r < 0)
826 log_warning_errno(r, "Failed to add IPv4 PTR record to MDNS zone: %m");
827 } else {
828 if (a->mdns_address_rr) {
829 if (a->link->mdns_ipv4_scope)
830 dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_address_rr);
831 a->mdns_address_rr = dns_resource_record_unref(a->mdns_address_rr);
832 }
833
834 if (a->mdns_ptr_rr) {
835 if (a->link->mdns_ipv4_scope)
836 dns_zone_remove_rr(&a->link->mdns_ipv4_scope->zone, a->mdns_ptr_rr);
837 a->mdns_ptr_rr = dns_resource_record_unref(a->mdns_ptr_rr);
838 }
839 }
840 }
841
842 if (a->family == AF_INET6) {
843
844 if (!force_remove &&
845 link_address_relevant(a, true) &&
846 a->link->llmnr_ipv6_scope &&
847 a->link->llmnr_support == RESOLVE_SUPPORT_YES &&
848 a->link->manager->llmnr_support == RESOLVE_SUPPORT_YES) {
849
850 if (!a->link->manager->llmnr_host_ipv6_key) {
851 a->link->manager->llmnr_host_ipv6_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_AAAA, a->link->manager->llmnr_hostname);
852 if (!a->link->manager->llmnr_host_ipv6_key) {
853 r = -ENOMEM;
854 goto fail;
855 }
856 }
857
858 if (!a->llmnr_address_rr) {
859 a->llmnr_address_rr = dns_resource_record_new(a->link->manager->llmnr_host_ipv6_key);
860 if (!a->llmnr_address_rr) {
861 r = -ENOMEM;
862 goto fail;
863 }
864
865 a->llmnr_address_rr->aaaa.in6_addr = a->in_addr.in6;
866 a->llmnr_address_rr->ttl = LLMNR_DEFAULT_TTL;
867 }
868
869 if (!a->llmnr_ptr_rr) {
870 r = dns_resource_record_new_reverse(&a->llmnr_ptr_rr, a->family, &a->in_addr, a->link->manager->llmnr_hostname);
871 if (r < 0)
872 goto fail;
873
874 a->llmnr_ptr_rr->ttl = LLMNR_DEFAULT_TTL;
875 }
876
877 r = dns_zone_put(&a->link->llmnr_ipv6_scope->zone, a->link->llmnr_ipv6_scope, a->llmnr_address_rr, true);
878 if (r < 0)
879 log_warning_errno(r, "Failed to add AAAA record to LLMNR zone: %m");
880
881 r = dns_zone_put(&a->link->llmnr_ipv6_scope->zone, a->link->llmnr_ipv6_scope, a->llmnr_ptr_rr, false);
882 if (r < 0)
883 log_warning_errno(r, "Failed to add IPv6 PTR record to LLMNR zone: %m");
884 } else {
885 if (a->llmnr_address_rr) {
886 if (a->link->llmnr_ipv6_scope)
887 dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_address_rr);
888 a->llmnr_address_rr = dns_resource_record_unref(a->llmnr_address_rr);
889 }
890
891 if (a->llmnr_ptr_rr) {
892 if (a->link->llmnr_ipv6_scope)
893 dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_ptr_rr);
894 a->llmnr_ptr_rr = dns_resource_record_unref(a->llmnr_ptr_rr);
895 }
896 }
897
898 if (!force_remove &&
899 link_address_relevant(a, true) &&
900 a->link->mdns_ipv6_scope &&
901 a->link->mdns_support == RESOLVE_SUPPORT_YES &&
902 a->link->manager->mdns_support == RESOLVE_SUPPORT_YES) {
903
904 if (!a->link->manager->mdns_host_ipv6_key) {
905 a->link->manager->mdns_host_ipv6_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_AAAA, a->link->manager->mdns_hostname);
906 if (!a->link->manager->mdns_host_ipv6_key) {
907 r = -ENOMEM;
908 goto fail;
909 }
910 }
911
912 if (!a->mdns_address_rr) {
913 a->mdns_address_rr = dns_resource_record_new(a->link->manager->mdns_host_ipv6_key);
914 if (!a->mdns_address_rr) {
915 r = -ENOMEM;
916 goto fail;
917 }
918
919 a->mdns_address_rr->aaaa.in6_addr = a->in_addr.in6;
920 a->mdns_address_rr->ttl = MDNS_DEFAULT_TTL;
921 }
922
923 if (!a->mdns_ptr_rr) {
924 r = dns_resource_record_new_reverse(&a->mdns_ptr_rr, a->family, &a->in_addr, a->link->manager->mdns_hostname);
925 if (r < 0)
926 goto fail;
927
928 a->mdns_ptr_rr->ttl = MDNS_DEFAULT_TTL;
929 }
930
931 r = dns_zone_put(&a->link->mdns_ipv6_scope->zone, a->link->mdns_ipv6_scope, a->mdns_address_rr, true);
932 if (r < 0)
933 log_warning_errno(r, "Failed to add AAAA record to MDNS zone: %m");
934
935 r = dns_zone_put(&a->link->mdns_ipv6_scope->zone, a->link->mdns_ipv6_scope, a->mdns_ptr_rr, false);
936 if (r < 0)
937 log_warning_errno(r, "Failed to add IPv6 PTR record to MDNS zone: %m");
938 } else {
939 if (a->mdns_address_rr) {
940 if (a->link->mdns_ipv6_scope)
941 dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_address_rr);
942 a->mdns_address_rr = dns_resource_record_unref(a->mdns_address_rr);
943 }
944
945 if (a->mdns_ptr_rr) {
946 if (a->link->mdns_ipv6_scope)
947 dns_zone_remove_rr(&a->link->mdns_ipv6_scope->zone, a->mdns_ptr_rr);
948 a->mdns_ptr_rr = dns_resource_record_unref(a->mdns_ptr_rr);
949 }
950 }
951 }
952
953 return;
954
955 fail:
956 log_debug_errno(r, "Failed to update address RRs: %m");
957 }
958
959 int link_address_update_rtnl(LinkAddress *a, sd_netlink_message *m) {
960 int r;
961 assert(a);
962 assert(m);
963
964 r = sd_rtnl_message_addr_get_flags(m, &a->flags);
965 if (r < 0)
966 return r;
967
968 sd_rtnl_message_addr_get_scope(m, &a->scope);
969
970 link_allocate_scopes(a->link);
971 link_add_rrs(a->link, false);
972
973 return 0;
974 }
975
976 bool link_address_relevant(LinkAddress *a, bool local_multicast) {
977 assert(a);
978
979 if (a->flags & (IFA_F_DEPRECATED|IFA_F_TENTATIVE))
980 return false;
981
982 if (a->scope >= (local_multicast ? RT_SCOPE_HOST : RT_SCOPE_LINK))
983 return false;
984
985 return true;
986 }
987
988 static bool link_needs_save(Link *l) {
989 assert(l);
990
991 /* Returns true if any of the settings where set different from the default */
992
993 if (l->is_managed)
994 return false;
995
996 if (l->llmnr_support != RESOLVE_SUPPORT_YES ||
997 l->mdns_support != RESOLVE_SUPPORT_NO ||
998 l->dnssec_mode != _DNSSEC_MODE_INVALID)
999 return true;
1000
1001 if (l->dns_servers ||
1002 l->search_domains)
1003 return true;
1004
1005 if (!set_isempty(l->dnssec_negative_trust_anchors))
1006 return true;
1007
1008 return false;
1009 }
1010
1011 int link_save_user(Link *l) {
1012 _cleanup_free_ char *temp_path = NULL;
1013 _cleanup_fclose_ FILE *f = NULL;
1014 const char *v;
1015 int r;
1016
1017 assert(l);
1018 assert(l->state_file);
1019
1020 if (!link_needs_save(l)) {
1021 (void) unlink(l->state_file);
1022 return 0;
1023 }
1024
1025 r = mkdir_parents(l->state_file, 0700);
1026 if (r < 0)
1027 goto fail;
1028
1029 r = fopen_temporary(l->state_file, &f, &temp_path);
1030 if (r < 0)
1031 goto fail;
1032
1033 fputs("# This is private data. Do not parse.\n", f);
1034
1035 v = resolve_support_to_string(l->llmnr_support);
1036 if (v)
1037 fprintf(f, "LLMNR=%s\n", v);
1038
1039 v = resolve_support_to_string(l->mdns_support);
1040 if (v)
1041 fprintf(f, "MDNS=%s\n", v);
1042
1043 v = dnssec_mode_to_string(l->dnssec_mode);
1044 if (v)
1045 fprintf(f, "DNSSEC=%s\n", v);
1046
1047 if (l->dns_servers) {
1048 DnsServer *server;
1049
1050 fputs("SERVERS=", f);
1051 LIST_FOREACH(servers, server, l->dns_servers) {
1052
1053 if (server != l->dns_servers)
1054 fputc(' ', f);
1055
1056 v = dns_server_string(server);
1057 if (!v) {
1058 r = -ENOMEM;
1059 goto fail;
1060 }
1061
1062 fputs(v, f);
1063 }
1064 fputc('\n', f);
1065 }
1066
1067 if (l->search_domains) {
1068 DnsSearchDomain *domain;
1069
1070 fputs("DOMAINS=", f);
1071 LIST_FOREACH(domains, domain, l->search_domains) {
1072
1073 if (domain != l->search_domains)
1074 fputc(' ', f);
1075
1076 if (domain->route_only)
1077 fputc('~', f);
1078
1079 fputs(DNS_SEARCH_DOMAIN_NAME(domain), f);
1080 }
1081 fputc('\n', f);
1082 }
1083
1084 if (!set_isempty(l->dnssec_negative_trust_anchors)) {
1085 bool space = false;
1086 Iterator i;
1087 char *nta;
1088
1089 fputs("NTAS=", f);
1090 SET_FOREACH(nta, l->dnssec_negative_trust_anchors, i) {
1091
1092 if (space)
1093 fputc(' ', f);
1094
1095 fputs(nta, f);
1096 space = true;
1097 }
1098 fputc('\n', f);
1099 }
1100
1101 r = fflush_and_check(f);
1102 if (r < 0)
1103 goto fail;
1104
1105 if (rename(temp_path, l->state_file) < 0) {
1106 r = -errno;
1107 goto fail;
1108 }
1109
1110 return 0;
1111
1112 fail:
1113 (void) unlink(l->state_file);
1114
1115 if (temp_path)
1116 (void) unlink(temp_path);
1117
1118 return log_error_errno(r, "Failed to save link data %s: %m", l->state_file);
1119 }
1120
1121 int link_load_user(Link *l) {
1122 _cleanup_free_ char
1123 *llmnr = NULL,
1124 *mdns = NULL,
1125 *dnssec = NULL,
1126 *servers = NULL,
1127 *domains = NULL,
1128 *ntas = NULL;
1129
1130 ResolveSupport s;
1131 const char *p;
1132 int r;
1133
1134 assert(l);
1135 assert(l->state_file);
1136
1137 /* Try to load only a single time */
1138 if (l->loaded)
1139 return 0;
1140 l->loaded = true;
1141
1142 if (l->is_managed)
1143 return 0; /* if the device is managed, then networkd is our configuration source, not the bus API */
1144
1145 r = parse_env_file(l->state_file, NEWLINE,
1146 "LLMNR", &llmnr,
1147 "MDNS", &mdns,
1148 "DNSSEC", &dnssec,
1149 "SERVERS", &servers,
1150 "DOMAINS", &domains,
1151 "NTAS", &ntas,
1152 NULL);
1153 if (r == -ENOENT)
1154 return 0;
1155 if (r < 0)
1156 goto fail;
1157
1158 link_flush_settings(l);
1159
1160 /* If we can't recognize the LLMNR or MDNS setting we don't override the default */
1161 s = resolve_support_from_string(llmnr);
1162 if (s >= 0)
1163 l->llmnr_support = s;
1164
1165 s = resolve_support_from_string(mdns);
1166 if (s >= 0)
1167 l->mdns_support = s;
1168
1169 /* If we can't recognize the DNSSEC setting, then set it to invalid, so that the daemon default is used. */
1170 l->dnssec_mode = dnssec_mode_from_string(dnssec);
1171
1172 for (p = servers;;) {
1173 _cleanup_free_ char *word = NULL;
1174
1175 r = extract_first_word(&p, &word, NULL, 0);
1176 if (r < 0)
1177 goto fail;
1178 if (r == 0)
1179 break;
1180
1181 r = link_update_dns_server_one(l, word);
1182 if (r < 0) {
1183 log_debug_errno(r, "Failed to load DNS server '%s', ignoring: %m", word);
1184 continue;
1185 }
1186 }
1187
1188 for (p = domains;;) {
1189 _cleanup_free_ char *word = NULL;
1190 const char *n;
1191 bool is_route;
1192
1193 r = extract_first_word(&p, &word, NULL, 0);
1194 if (r < 0)
1195 goto fail;
1196 if (r == 0)
1197 break;
1198
1199 is_route = word[0] == '~';
1200 n = is_route ? word + 1 : word;
1201
1202 r = link_update_search_domain_one(l, n, is_route);
1203 if (r < 0) {
1204 log_debug_errno(r, "Failed to load search domain '%s', ignoring: %m", word);
1205 continue;
1206 }
1207 }
1208
1209 if (ntas) {
1210 _cleanup_set_free_free_ Set *ns = NULL;
1211
1212 ns = set_new(&dns_name_hash_ops);
1213 if (!ns) {
1214 r = -ENOMEM;
1215 goto fail;
1216 }
1217
1218 r = set_put_strsplit(ns, ntas, NULL, 0);
1219 if (r < 0)
1220 goto fail;
1221
1222 l->dnssec_negative_trust_anchors = ns;
1223 ns = NULL;
1224 }
1225
1226 return 0;
1227
1228 fail:
1229 return log_error_errno(r, "Failed to load link data %s: %m", l->state_file);
1230 }
1231
1232 void link_remove_user(Link *l) {
1233 assert(l);
1234 assert(l->state_file);
1235
1236 (void) unlink(l->state_file);
1237 }
Unnamed repository; edit this file 'description' to name the repository.