]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolved-manager.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
resolved: add missing error code check when initializing DNS-over-TLS
[thirdparty/systemd.git] / src / resolve / resolved-manager.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2
3 #include <fcntl.h>
4 #include <netinet/in.h>
5 #include <poll.h>
6 #include <sys/ioctl.h>
7 #include <sys/stat.h>
8 #include <sys/types.h>
9 #include <unistd.h>
10
11 #if HAVE_LIBIDN2
12 #include <idn2.h>
13 #endif
14
15 #include "af-list.h"
16 #include "alloc-util.h"
17 #include "dirent-util.h"
18 #include "dns-domain.h"
19 #include "fd-util.h"
20 #include "fileio.h"
21 #include "hostname-util.h"
22 #include "io-util.h"
23 #include "missing_network.h"
24 #include "netlink-util.h"
25 #include "network-internal.h"
26 #include "ordered-set.h"
27 #include "parse-util.h"
28 #include "random-util.h"
29 #include "resolved-bus.h"
30 #include "resolved-conf.h"
31 #include "resolved-dns-stub.h"
32 #include "resolved-dnssd.h"
33 #include "resolved-etc-hosts.h"
34 #include "resolved-llmnr.h"
35 #include "resolved-manager.h"
36 #include "resolved-mdns.h"
37 #include "resolved-resolv-conf.h"
38 #include "socket-util.h"
39 #include "string-table.h"
40 #include "string-util.h"
41 #include "utf8.h"
42
43 #define SEND_TIMEOUT_USEC (200 * USEC_PER_MSEC)
44
45 static int manager_process_link(sd_netlink *rtnl, sd_netlink_message *mm, void *userdata) {
46 Manager *m = userdata;
47 uint16_t type;
48 Link *l;
49 int ifindex, r;
50
51 assert(rtnl);
52 assert(m);
53 assert(mm);
54
55 r = sd_netlink_message_get_type(mm, &type);
56 if (r < 0)
57 goto fail;
58
59 r = sd_rtnl_message_link_get_ifindex(mm, &ifindex);
60 if (r < 0)
61 goto fail;
62
63 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
64
65 switch (type) {
66
67 case RTM_NEWLINK:{
68 bool is_new = !l;
69
70 if (!l) {
71 r = link_new(m, &l, ifindex);
72 if (r < 0)
73 goto fail;
74 }
75
76 r = link_process_rtnl(l, mm);
77 if (r < 0)
78 goto fail;
79
80 r = link_update(l);
81 if (r < 0)
82 goto fail;
83
84 if (is_new)
85 log_debug("Found new link %i/%s", ifindex, l->ifname);
86
87 break;
88 }
89
90 case RTM_DELLINK:
91 if (l) {
92 log_debug("Removing link %i/%s", l->ifindex, l->ifname);
93 link_remove_user(l);
94 link_free(l);
95 }
96
97 break;
98 }
99
100 return 0;
101
102 fail:
103 log_warning_errno(r, "Failed to process RTNL link message: %m");
104 return 0;
105 }
106
107 static int manager_process_address(sd_netlink *rtnl, sd_netlink_message *mm, void *userdata) {
108 Manager *m = userdata;
109 union in_addr_union address;
110 uint16_t type;
111 int r, ifindex, family;
112 LinkAddress *a;
113 Link *l;
114
115 assert(rtnl);
116 assert(mm);
117 assert(m);
118
119 r = sd_netlink_message_get_type(mm, &type);
120 if (r < 0)
121 goto fail;
122
123 r = sd_rtnl_message_addr_get_ifindex(mm, &ifindex);
124 if (r < 0)
125 goto fail;
126
127 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
128 if (!l)
129 return 0;
130
131 r = sd_rtnl_message_addr_get_family(mm, &family);
132 if (r < 0)
133 goto fail;
134
135 switch (family) {
136
137 case AF_INET:
138 r = sd_netlink_message_read_in_addr(mm, IFA_LOCAL, &address.in);
139 if (r < 0) {
140 r = sd_netlink_message_read_in_addr(mm, IFA_ADDRESS, &address.in);
141 if (r < 0)
142 goto fail;
143 }
144
145 break;
146
147 case AF_INET6:
148 r = sd_netlink_message_read_in6_addr(mm, IFA_LOCAL, &address.in6);
149 if (r < 0) {
150 r = sd_netlink_message_read_in6_addr(mm, IFA_ADDRESS, &address.in6);
151 if (r < 0)
152 goto fail;
153 }
154
155 break;
156
157 default:
158 return 0;
159 }
160
161 a = link_find_address(l, family, &address);
162
163 switch (type) {
164
165 case RTM_NEWADDR:
166
167 if (!a) {
168 r = link_address_new(l, &a, family, &address);
169 if (r < 0)
170 return r;
171 }
172
173 r = link_address_update_rtnl(a, mm);
174 if (r < 0)
175 return r;
176
177 break;
178
179 case RTM_DELADDR:
180 link_address_free(a);
181 break;
182 }
183
184 return 0;
185
186 fail:
187 log_warning_errno(r, "Failed to process RTNL address message: %m");
188 return 0;
189 }
190
191 static int manager_rtnl_listen(Manager *m) {
192 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
193 sd_netlink_message *i;
194 int r;
195
196 assert(m);
197
198 /* First, subscribe to interfaces coming and going */
199 r = sd_netlink_open(&m->rtnl);
200 if (r < 0)
201 return r;
202
203 r = sd_netlink_attach_event(m->rtnl, m->event, SD_EVENT_PRIORITY_IMPORTANT);
204 if (r < 0)
205 return r;
206
207 r = sd_netlink_add_match(m->rtnl, NULL, RTM_NEWLINK, manager_process_link, NULL, m, "resolve-NEWLINK");
208 if (r < 0)
209 return r;
210
211 r = sd_netlink_add_match(m->rtnl, NULL, RTM_DELLINK, manager_process_link, NULL, m, "resolve-DELLINK");
212 if (r < 0)
213 return r;
214
215 r = sd_netlink_add_match(m->rtnl, NULL, RTM_NEWADDR, manager_process_address, NULL, m, "resolve-NEWADDR");
216 if (r < 0)
217 return r;
218
219 r = sd_netlink_add_match(m->rtnl, NULL, RTM_DELADDR, manager_process_address, NULL, m, "resolve-DELADDR");
220 if (r < 0)
221 return r;
222
223 /* Then, enumerate all links */
224 r = sd_rtnl_message_new_link(m->rtnl, &req, RTM_GETLINK, 0);
225 if (r < 0)
226 return r;
227
228 r = sd_netlink_message_request_dump(req, true);
229 if (r < 0)
230 return r;
231
232 r = sd_netlink_call(m->rtnl, req, 0, &reply);
233 if (r < 0)
234 return r;
235
236 for (i = reply; i; i = sd_netlink_message_next(i)) {
237 r = manager_process_link(m->rtnl, i, m);
238 if (r < 0)
239 return r;
240 }
241
242 req = sd_netlink_message_unref(req);
243 reply = sd_netlink_message_unref(reply);
244
245 /* Finally, enumerate all addresses, too */
246 r = sd_rtnl_message_new_addr(m->rtnl, &req, RTM_GETADDR, 0, AF_UNSPEC);
247 if (r < 0)
248 return r;
249
250 r = sd_netlink_message_request_dump(req, true);
251 if (r < 0)
252 return r;
253
254 r = sd_netlink_call(m->rtnl, req, 0, &reply);
255 if (r < 0)
256 return r;
257
258 for (i = reply; i; i = sd_netlink_message_next(i)) {
259 r = manager_process_address(m->rtnl, i, m);
260 if (r < 0)
261 return r;
262 }
263
264 return r;
265 }
266
267 static int on_network_event(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
268 Manager *m = userdata;
269 Iterator i;
270 Link *l;
271 int r;
272
273 assert(m);
274
275 sd_network_monitor_flush(m->network_monitor);
276
277 HASHMAP_FOREACH(l, m->links, i) {
278 r = link_update(l);
279 if (r < 0)
280 log_warning_errno(r, "Failed to update monitor information for %i: %m", l->ifindex);
281 }
282
283 (void) manager_write_resolv_conf(m);
284
285 return 0;
286 }
287
288 static int manager_network_monitor_listen(Manager *m) {
289 int r, fd, events;
290
291 assert(m);
292
293 r = sd_network_monitor_new(&m->network_monitor, NULL);
294 if (r < 0)
295 return r;
296
297 fd = sd_network_monitor_get_fd(m->network_monitor);
298 if (fd < 0)
299 return fd;
300
301 events = sd_network_monitor_get_events(m->network_monitor);
302 if (events < 0)
303 return events;
304
305 r = sd_event_add_io(m->event, &m->network_event_source, fd, events, &on_network_event, m);
306 if (r < 0)
307 return r;
308
309 r = sd_event_source_set_priority(m->network_event_source, SD_EVENT_PRIORITY_IMPORTANT+5);
310 if (r < 0)
311 return r;
312
313 (void) sd_event_source_set_description(m->network_event_source, "network-monitor");
314
315 return 0;
316 }
317
318 static int determine_hostname(char **full_hostname, char **llmnr_hostname, char **mdns_hostname) {
319 _cleanup_free_ char *h = NULL, *n = NULL;
320 #if HAVE_LIBIDN2
321 _cleanup_free_ char *utf8 = NULL;
322 #elif HAVE_LIBIDN
323 int k;
324 #endif
325 char label[DNS_LABEL_MAX];
326 const char *p, *decoded;
327 int r;
328
329 assert(full_hostname);
330 assert(llmnr_hostname);
331 assert(mdns_hostname);
332
333 /* Extract and normalize the first label of the locally configured hostname, and check it's not "localhost". */
334
335 r = gethostname_strict(&h);
336 if (r < 0)
337 return log_debug_errno(r, "Can't determine system hostname: %m");
338
339 p = h;
340 r = dns_label_unescape(&p, label, sizeof label, 0);
341 if (r < 0)
342 return log_error_errno(r, "Failed to unescape host name: %m");
343 if (r == 0)
344 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
345 "Couldn't find a single label in hostname.");
346
347 #if HAVE_LIBIDN2
348 r = idn2_to_unicode_8z8z(label, &utf8, 0);
349 if (r != IDN2_OK)
350 return log_error("Failed to undo IDNA: %s", idn2_strerror(r));
351 assert(utf8_is_valid(utf8));
352
353 r = strlen(utf8);
354 decoded = utf8;
355 #elif HAVE_LIBIDN
356 k = dns_label_undo_idna(label, r, label, sizeof label);
357 if (k < 0)
358 return log_error_errno(k, "Failed to undo IDNA: %m");
359 if (k > 0)
360 r = k;
361
362 if (!utf8_is_valid(label))
363 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
364 "System hostname is not UTF-8 clean.");
365 decoded = label;
366 #else
367 decoded = label; /* no decoding */
368 #endif
369
370 r = dns_label_escape_new(decoded, r, &n);
371 if (r < 0)
372 return log_error_errno(r, "Failed to escape host name: %m");
373
374 if (is_localhost(n))
375 return log_debug_errno(SYNTHETIC_ERRNO(EINVAL),
376 "System hostname is 'localhost', ignoring.");
377
378 r = dns_name_concat(n, "local", 0, mdns_hostname);
379 if (r < 0)
380 return log_error_errno(r, "Failed to determine mDNS hostname: %m");
381
382 *llmnr_hostname = TAKE_PTR(n);
383 *full_hostname = TAKE_PTR(h);
384
385 return 0;
386 }
387
388 static const char *fallback_hostname(void) {
389
390 /* Determine the fall back hostname. For exposing this system to the outside world, we cannot have it to be
391 * "localhost" even if that's the compiled in hostname. In this case, let's revert to "linux" instead. */
392
393 if (is_localhost(FALLBACK_HOSTNAME))
394 return "linux";
395
396 return FALLBACK_HOSTNAME;
397 }
398
399 static int make_fallback_hostnames(char **full_hostname, char **llmnr_hostname, char **mdns_hostname) {
400 _cleanup_free_ char *n = NULL, *m = NULL;
401 char label[DNS_LABEL_MAX], *h;
402 const char *p;
403 int r;
404
405 assert(full_hostname);
406 assert(llmnr_hostname);
407 assert(mdns_hostname);
408
409 p = fallback_hostname();
410 r = dns_label_unescape(&p, label, sizeof label, 0);
411 if (r < 0)
412 return log_error_errno(r, "Failed to unescape fallback host name: %m");
413
414 assert(r > 0); /* The fallback hostname must have at least one label */
415
416 r = dns_label_escape_new(label, r, &n);
417 if (r < 0)
418 return log_error_errno(r, "Failed to escape fallback hostname: %m");
419
420 r = dns_name_concat(n, "local", 0, &m);
421 if (r < 0)
422 return log_error_errno(r, "Failed to concatenate mDNS hostname: %m");
423
424 h = strdup(fallback_hostname());
425 if (!h)
426 return log_oom();
427
428 *llmnr_hostname = TAKE_PTR(n);
429 *mdns_hostname = TAKE_PTR(m);
430
431 *full_hostname = h;
432
433 return 0;
434 }
435
436 static int on_hostname_change(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
437 _cleanup_free_ char *full_hostname = NULL, *llmnr_hostname = NULL, *mdns_hostname = NULL;
438 Manager *m = userdata;
439 int r;
440
441 assert(m);
442
443 r = determine_hostname(&full_hostname, &llmnr_hostname, &mdns_hostname);
444 if (r < 0)
445 return 0; /* ignore invalid hostnames */
446
447 if (streq(full_hostname, m->full_hostname) &&
448 streq(llmnr_hostname, m->llmnr_hostname) &&
449 streq(mdns_hostname, m->mdns_hostname))
450 return 0;
451
452 log_info("System hostname changed to '%s'.", full_hostname);
453
454 free_and_replace(m->full_hostname, full_hostname);
455 free_and_replace(m->llmnr_hostname, llmnr_hostname);
456 free_and_replace(m->mdns_hostname, mdns_hostname);
457
458 manager_refresh_rrs(m);
459
460 return 0;
461 }
462
463 static int manager_watch_hostname(Manager *m) {
464 int r;
465
466 assert(m);
467
468 m->hostname_fd = open("/proc/sys/kernel/hostname",
469 O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
470 if (m->hostname_fd < 0) {
471 log_warning_errno(errno, "Failed to watch hostname: %m");
472 return 0;
473 }
474
475 r = sd_event_add_io(m->event, &m->hostname_event_source, m->hostname_fd, 0, on_hostname_change, m);
476 if (r < 0) {
477 if (r == -EPERM)
478 /* kernels prior to 3.2 don't support polling this file. Ignore the failure. */
479 m->hostname_fd = safe_close(m->hostname_fd);
480 else
481 return log_error_errno(r, "Failed to add hostname event source: %m");
482 }
483
484 (void) sd_event_source_set_description(m->hostname_event_source, "hostname");
485
486 r = determine_hostname(&m->full_hostname, &m->llmnr_hostname, &m->mdns_hostname);
487 if (r < 0) {
488 log_info("Defaulting to hostname '%s'.", fallback_hostname());
489
490 r = make_fallback_hostnames(&m->full_hostname, &m->llmnr_hostname, &m->mdns_hostname);
491 if (r < 0)
492 return r;
493 } else
494 log_info("Using system hostname '%s'.", m->full_hostname);
495
496 return 0;
497 }
498
499 static int manager_sigusr1(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
500 _cleanup_free_ char *buffer = NULL;
501 _cleanup_fclose_ FILE *f = NULL;
502 Manager *m = userdata;
503 DnsServer *server;
504 size_t size = 0;
505 DnsScope *scope;
506 Iterator i;
507 Link *l;
508
509 assert(s);
510 assert(si);
511 assert(m);
512
513 f = open_memstream_unlocked(&buffer, &size);
514 if (!f)
515 return log_oom();
516
517 LIST_FOREACH(scopes, scope, m->dns_scopes)
518 dns_scope_dump(scope, f);
519
520 LIST_FOREACH(servers, server, m->dns_servers)
521 dns_server_dump(server, f);
522 LIST_FOREACH(servers, server, m->fallback_dns_servers)
523 dns_server_dump(server, f);
524 HASHMAP_FOREACH(l, m->links, i)
525 LIST_FOREACH(servers, server, l->dns_servers)
526 dns_server_dump(server, f);
527
528 if (fflush_and_check(f) < 0)
529 return log_oom();
530
531 log_dump(LOG_INFO, buffer);
532 return 0;
533 }
534
535 static int manager_sigusr2(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
536 Manager *m = userdata;
537
538 assert(s);
539 assert(si);
540 assert(m);
541
542 manager_flush_caches(m);
543
544 return 0;
545 }
546
547 static int manager_sigrtmin1(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
548 Manager *m = userdata;
549
550 assert(s);
551 assert(si);
552 assert(m);
553
554 manager_reset_server_features(m);
555 return 0;
556 }
557
558 int manager_new(Manager **ret) {
559 _cleanup_(manager_freep) Manager *m = NULL;
560 int r;
561
562 assert(ret);
563
564 m = new(Manager, 1);
565 if (!m)
566 return -ENOMEM;
567
568 *m = (Manager) {
569 .llmnr_ipv4_udp_fd = -1,
570 .llmnr_ipv6_udp_fd = -1,
571 .llmnr_ipv4_tcp_fd = -1,
572 .llmnr_ipv6_tcp_fd = -1,
573 .mdns_ipv4_fd = -1,
574 .mdns_ipv6_fd = -1,
575 .dns_stub_udp_fd = -1,
576 .dns_stub_tcp_fd = -1,
577 .hostname_fd = -1,
578
579 .llmnr_support = RESOLVE_SUPPORT_YES,
580 .mdns_support = RESOLVE_SUPPORT_YES,
581 .dnssec_mode = DEFAULT_DNSSEC_MODE,
582 .dns_over_tls_mode = DEFAULT_DNS_OVER_TLS_MODE,
583 .enable_cache = true,
584 .dns_stub_listener_mode = DNS_STUB_LISTENER_YES,
585 .read_resolv_conf = true,
586 .need_builtin_fallbacks = true,
587 .etc_hosts_last = USEC_INFINITY,
588 .etc_hosts_mtime = USEC_INFINITY,
589 .read_etc_hosts = true,
590 };
591
592 r = dns_trust_anchor_load(&m->trust_anchor);
593 if (r < 0)
594 return r;
595
596 r = manager_parse_config_file(m);
597 if (r < 0)
598 log_warning_errno(r, "Failed to parse configuration file: %m");
599
600 #if ENABLE_DNS_OVER_TLS
601 r = dnstls_manager_init(m);
602 if (r < 0)
603 return r;
604 #endif
605
606 r = sd_event_default(&m->event);
607 if (r < 0)
608 return r;
609
610 (void) sd_event_add_signal(m->event, NULL, SIGTERM, NULL, NULL);
611 (void) sd_event_add_signal(m->event, NULL, SIGINT, NULL, NULL);
612
613 (void) sd_event_set_watchdog(m->event, true);
614
615 r = manager_watch_hostname(m);
616 if (r < 0)
617 return r;
618
619 r = dnssd_load(m);
620 if (r < 0)
621 log_warning_errno(r, "Failed to load DNS-SD configuration files: %m");
622
623 r = dns_scope_new(m, &m->unicast_scope, NULL, DNS_PROTOCOL_DNS, AF_UNSPEC);
624 if (r < 0)
625 return r;
626
627 r = manager_network_monitor_listen(m);
628 if (r < 0)
629 return r;
630
631 r = manager_rtnl_listen(m);
632 if (r < 0)
633 return r;
634
635 r = manager_connect_bus(m);
636 if (r < 0)
637 return r;
638
639 (void) sd_event_add_signal(m->event, &m->sigusr1_event_source, SIGUSR1, manager_sigusr1, m);
640 (void) sd_event_add_signal(m->event, &m->sigusr2_event_source, SIGUSR2, manager_sigusr2, m);
641 (void) sd_event_add_signal(m->event, &m->sigrtmin1_event_source, SIGRTMIN+1, manager_sigrtmin1, m);
642
643 manager_cleanup_saved_user(m);
644
645 *ret = TAKE_PTR(m);
646
647 return 0;
648 }
649
650 int manager_start(Manager *m) {
651 int r;
652
653 assert(m);
654
655 r = manager_dns_stub_start(m);
656 if (r < 0)
657 return r;
658
659 return 0;
660 }
661
662 Manager *manager_free(Manager *m) {
663 Link *l;
664 DnssdService *s;
665
666 if (!m)
667 return NULL;
668
669 dns_server_unlink_all(m->dns_servers);
670 dns_server_unlink_all(m->fallback_dns_servers);
671 dns_search_domain_unlink_all(m->search_domains);
672
673 while ((l = hashmap_first(m->links)))
674 link_free(l);
675
676 while (m->dns_queries)
677 dns_query_free(m->dns_queries);
678
679 dns_scope_free(m->unicast_scope);
680
681 /* At this point only orphaned streams should remain. All others should have been freed already by their
682 * owners */
683 while (m->dns_streams)
684 dns_stream_unref(m->dns_streams);
685
686 #if ENABLE_DNS_OVER_TLS
687 dnstls_manager_free(m);
688 #endif
689
690 hashmap_free(m->links);
691 hashmap_free(m->dns_transactions);
692
693 sd_event_source_unref(m->network_event_source);
694 sd_network_monitor_unref(m->network_monitor);
695
696 sd_netlink_unref(m->rtnl);
697 sd_event_source_unref(m->rtnl_event_source);
698
699 manager_llmnr_stop(m);
700 manager_mdns_stop(m);
701 manager_dns_stub_stop(m);
702
703 sd_bus_flush_close_unref(m->bus);
704
705 sd_event_source_unref(m->sigusr1_event_source);
706 sd_event_source_unref(m->sigusr2_event_source);
707 sd_event_source_unref(m->sigrtmin1_event_source);
708
709 sd_event_unref(m->event);
710
711 dns_resource_key_unref(m->llmnr_host_ipv4_key);
712 dns_resource_key_unref(m->llmnr_host_ipv6_key);
713 dns_resource_key_unref(m->mdns_host_ipv4_key);
714 dns_resource_key_unref(m->mdns_host_ipv6_key);
715
716 sd_event_source_unref(m->hostname_event_source);
717 safe_close(m->hostname_fd);
718
719 free(m->full_hostname);
720 free(m->llmnr_hostname);
721 free(m->mdns_hostname);
722
723 while ((s = hashmap_first(m->dnssd_services)))
724 dnssd_service_free(s);
725 hashmap_free(m->dnssd_services);
726
727 dns_trust_anchor_flush(&m->trust_anchor);
728 manager_etc_hosts_flush(m);
729
730 return mfree(m);
731 }
732
733 int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) {
734 _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
735 union {
736 struct cmsghdr header; /* For alignment */
737 uint8_t buffer[CMSG_SPACE(MAXSIZE(struct in_pktinfo, struct in6_pktinfo))
738 + CMSG_SPACE(int) /* ttl/hoplimit */
739 + EXTRA_CMSG_SPACE /* kernel appears to require extra buffer space */];
740 } control;
741 union sockaddr_union sa;
742 struct iovec iov;
743 struct msghdr mh = {
744 .msg_name = &sa.sa,
745 .msg_namelen = sizeof(sa),
746 .msg_iov = &iov,
747 .msg_iovlen = 1,
748 .msg_control = &control,
749 .msg_controllen = sizeof(control),
750 };
751 struct cmsghdr *cmsg;
752 ssize_t ms, l;
753 int r;
754
755 assert(m);
756 assert(fd >= 0);
757 assert(ret);
758
759 ms = next_datagram_size_fd(fd);
760 if (ms < 0)
761 return ms;
762
763 r = dns_packet_new(&p, protocol, ms, DNS_PACKET_SIZE_MAX);
764 if (r < 0)
765 return r;
766
767 iov = IOVEC_MAKE(DNS_PACKET_DATA(p), p->allocated);
768
769 l = recvmsg(fd, &mh, 0);
770 if (l < 0) {
771 if (IN_SET(errno, EAGAIN, EINTR))
772 return 0;
773
774 return -errno;
775 }
776 if (l == 0)
777 return 0;
778
779 assert(!(mh.msg_flags & MSG_CTRUNC));
780 assert(!(mh.msg_flags & MSG_TRUNC));
781
782 p->size = (size_t) l;
783
784 p->family = sa.sa.sa_family;
785 p->ipproto = IPPROTO_UDP;
786 if (p->family == AF_INET) {
787 p->sender.in = sa.in.sin_addr;
788 p->sender_port = be16toh(sa.in.sin_port);
789 } else if (p->family == AF_INET6) {
790 p->sender.in6 = sa.in6.sin6_addr;
791 p->sender_port = be16toh(sa.in6.sin6_port);
792 p->ifindex = sa.in6.sin6_scope_id;
793 } else
794 return -EAFNOSUPPORT;
795
796 CMSG_FOREACH(cmsg, &mh) {
797
798 if (cmsg->cmsg_level == IPPROTO_IPV6) {
799 assert(p->family == AF_INET6);
800
801 switch (cmsg->cmsg_type) {
802
803 case IPV6_PKTINFO: {
804 struct in6_pktinfo *i = (struct in6_pktinfo*) CMSG_DATA(cmsg);
805
806 if (p->ifindex <= 0)
807 p->ifindex = i->ipi6_ifindex;
808
809 p->destination.in6 = i->ipi6_addr;
810 break;
811 }
812
813 case IPV6_HOPLIMIT:
814 p->ttl = *(int *) CMSG_DATA(cmsg);
815 break;
816
817 }
818 } else if (cmsg->cmsg_level == IPPROTO_IP) {
819 assert(p->family == AF_INET);
820
821 switch (cmsg->cmsg_type) {
822
823 case IP_PKTINFO: {
824 struct in_pktinfo *i = (struct in_pktinfo*) CMSG_DATA(cmsg);
825
826 if (p->ifindex <= 0)
827 p->ifindex = i->ipi_ifindex;
828
829 p->destination.in = i->ipi_addr;
830 break;
831 }
832
833 case IP_TTL:
834 p->ttl = *(int *) CMSG_DATA(cmsg);
835 break;
836 }
837 }
838 }
839
840 /* The Linux kernel sets the interface index to the loopback
841 * device if the packet came from the local host since it
842 * avoids the routing table in such a case. Let's unset the
843 * interface index in such a case. */
844 if (p->ifindex == LOOPBACK_IFINDEX)
845 p->ifindex = 0;
846
847 if (protocol != DNS_PROTOCOL_DNS) {
848 /* If we don't know the interface index still, we look for the
849 * first local interface with a matching address. Yuck! */
850 if (p->ifindex <= 0)
851 p->ifindex = manager_find_ifindex(m, p->family, &p->destination);
852 }
853
854 *ret = TAKE_PTR(p);
855
856 return 1;
857 }
858
859 static int sendmsg_loop(int fd, struct msghdr *mh, int flags) {
860 int r;
861
862 assert(fd >= 0);
863 assert(mh);
864
865 for (;;) {
866 if (sendmsg(fd, mh, flags) >= 0)
867 return 0;
868
869 if (errno == EINTR)
870 continue;
871
872 if (errno != EAGAIN)
873 return -errno;
874
875 r = fd_wait_for_event(fd, POLLOUT, SEND_TIMEOUT_USEC);
876 if (r < 0)
877 return r;
878 if (r == 0)
879 return -ETIMEDOUT;
880 }
881 }
882
883 static int write_loop(int fd, void *message, size_t length) {
884 int r;
885
886 assert(fd >= 0);
887 assert(message);
888
889 for (;;) {
890 if (write(fd, message, length) >= 0)
891 return 0;
892
893 if (errno == EINTR)
894 continue;
895
896 if (errno != EAGAIN)
897 return -errno;
898
899 r = fd_wait_for_event(fd, POLLOUT, SEND_TIMEOUT_USEC);
900 if (r < 0)
901 return r;
902 if (r == 0)
903 return -ETIMEDOUT;
904 }
905 }
906
907 int manager_write(Manager *m, int fd, DnsPacket *p) {
908 int r;
909
910 log_debug("Sending %s packet with id %" PRIu16 ".", DNS_PACKET_QR(p) ? "response" : "query", DNS_PACKET_ID(p));
911
912 r = write_loop(fd, DNS_PACKET_DATA(p), p->size);
913 if (r < 0)
914 return r;
915
916 return 0;
917 }
918
919 static int manager_ipv4_send(
920 Manager *m,
921 int fd,
922 int ifindex,
923 const struct in_addr *destination,
924 uint16_t port,
925 const struct in_addr *source,
926 DnsPacket *p) {
927 union {
928 struct cmsghdr header; /* For alignment */
929 uint8_t buffer[CMSG_SPACE(sizeof(struct in_pktinfo))];
930 } control = {};
931 union sockaddr_union sa;
932 struct iovec iov;
933 struct msghdr mh = {
934 .msg_iov = &iov,
935 .msg_iovlen = 1,
936 .msg_name = &sa.sa,
937 .msg_namelen = sizeof(sa.in),
938 };
939
940 assert(m);
941 assert(fd >= 0);
942 assert(destination);
943 assert(port > 0);
944 assert(p);
945
946 iov = IOVEC_MAKE(DNS_PACKET_DATA(p), p->size);
947
948 sa = (union sockaddr_union) {
949 .in.sin_family = AF_INET,
950 .in.sin_addr = *destination,
951 .in.sin_port = htobe16(port),
952 };
953
954 if (ifindex > 0) {
955 struct cmsghdr *cmsg;
956 struct in_pktinfo *pi;
957
958 mh.msg_control = &control;
959 mh.msg_controllen = CMSG_LEN(sizeof(struct in_pktinfo));
960
961 cmsg = CMSG_FIRSTHDR(&mh);
962 cmsg->cmsg_len = mh.msg_controllen;
963 cmsg->cmsg_level = IPPROTO_IP;
964 cmsg->cmsg_type = IP_PKTINFO;
965
966 pi = (struct in_pktinfo*) CMSG_DATA(cmsg);
967 pi->ipi_ifindex = ifindex;
968
969 if (source)
970 pi->ipi_spec_dst = *source;
971 }
972
973 return sendmsg_loop(fd, &mh, 0);
974 }
975
976 static int manager_ipv6_send(
977 Manager *m,
978 int fd,
979 int ifindex,
980 const struct in6_addr *destination,
981 uint16_t port,
982 const struct in6_addr *source,
983 DnsPacket *p) {
984
985 union {
986 struct cmsghdr header; /* For alignment */
987 uint8_t buffer[CMSG_SPACE(sizeof(struct in6_pktinfo))];
988 } control = {};
989 union sockaddr_union sa;
990 struct iovec iov;
991 struct msghdr mh = {
992 .msg_iov = &iov,
993 .msg_iovlen = 1,
994 .msg_name = &sa.sa,
995 .msg_namelen = sizeof(sa.in6),
996 };
997
998 assert(m);
999 assert(fd >= 0);
1000 assert(destination);
1001 assert(port > 0);
1002 assert(p);
1003
1004 iov = IOVEC_MAKE(DNS_PACKET_DATA(p), p->size);
1005
1006 sa = (union sockaddr_union) {
1007 .in6.sin6_family = AF_INET6,
1008 .in6.sin6_addr = *destination,
1009 .in6.sin6_port = htobe16(port),
1010 .in6.sin6_scope_id = ifindex,
1011 };
1012
1013 if (ifindex > 0) {
1014 struct cmsghdr *cmsg;
1015 struct in6_pktinfo *pi;
1016
1017 mh.msg_control = &control;
1018 mh.msg_controllen = CMSG_LEN(sizeof(struct in6_pktinfo));
1019
1020 cmsg = CMSG_FIRSTHDR(&mh);
1021 cmsg->cmsg_len = mh.msg_controllen;
1022 cmsg->cmsg_level = IPPROTO_IPV6;
1023 cmsg->cmsg_type = IPV6_PKTINFO;
1024
1025 pi = (struct in6_pktinfo*) CMSG_DATA(cmsg);
1026 pi->ipi6_ifindex = ifindex;
1027
1028 if (source)
1029 pi->ipi6_addr = *source;
1030 }
1031
1032 return sendmsg_loop(fd, &mh, 0);
1033 }
1034
1035 int manager_send(
1036 Manager *m,
1037 int fd,
1038 int ifindex,
1039 int family,
1040 const union in_addr_union *destination,
1041 uint16_t port,
1042 const union in_addr_union *source,
1043 DnsPacket *p) {
1044
1045 assert(m);
1046 assert(fd >= 0);
1047 assert(destination);
1048 assert(port > 0);
1049 assert(p);
1050
1051 log_debug("Sending %s packet with id %" PRIu16 " on interface %i/%s.", DNS_PACKET_QR(p) ? "response" : "query", DNS_PACKET_ID(p), ifindex, af_to_name(family));
1052
1053 if (family == AF_INET)
1054 return manager_ipv4_send(m, fd, ifindex, &destination->in, port, source ? &source->in : NULL, p);
1055 if (family == AF_INET6)
1056 return manager_ipv6_send(m, fd, ifindex, &destination->in6, port, source ? &source->in6 : NULL, p);
1057
1058 return -EAFNOSUPPORT;
1059 }
1060
1061 uint32_t manager_find_mtu(Manager *m) {
1062 uint32_t mtu = 0;
1063 Link *l;
1064 Iterator i;
1065
1066 /* If we don't know on which link a DNS packet would be
1067 * delivered, let's find the largest MTU that works on all
1068 * interfaces we know of */
1069
1070 HASHMAP_FOREACH(l, m->links, i) {
1071 if (l->mtu <= 0)
1072 continue;
1073
1074 if (mtu <= 0 || l->mtu < mtu)
1075 mtu = l->mtu;
1076 }
1077
1078 return mtu;
1079 }
1080
1081 int manager_find_ifindex(Manager *m, int family, const union in_addr_union *in_addr) {
1082 LinkAddress *a;
1083
1084 assert(m);
1085
1086 a = manager_find_link_address(m, family, in_addr);
1087 if (a)
1088 return a->link->ifindex;
1089
1090 return 0;
1091 }
1092
1093 void manager_refresh_rrs(Manager *m) {
1094 Iterator i;
1095 Link *l;
1096 DnssdService *s;
1097
1098 assert(m);
1099
1100 m->llmnr_host_ipv4_key = dns_resource_key_unref(m->llmnr_host_ipv4_key);
1101 m->llmnr_host_ipv6_key = dns_resource_key_unref(m->llmnr_host_ipv6_key);
1102 m->mdns_host_ipv4_key = dns_resource_key_unref(m->mdns_host_ipv4_key);
1103 m->mdns_host_ipv6_key = dns_resource_key_unref(m->mdns_host_ipv6_key);
1104
1105 if (m->mdns_support == RESOLVE_SUPPORT_YES)
1106 HASHMAP_FOREACH(s, m->dnssd_services, i)
1107 if (dnssd_update_rrs(s) < 0)
1108 log_warning("Failed to refresh DNS-SD service '%s'", s->name);
1109
1110 HASHMAP_FOREACH(l, m->links, i) {
1111 link_add_rrs(l, true);
1112 link_add_rrs(l, false);
1113 }
1114 }
1115
1116 static int manager_next_random_name(const char *old, char **ret_new) {
1117 const char *p;
1118 uint64_t u, a;
1119 char *n;
1120
1121 p = strchr(old, 0);
1122 assert(p);
1123
1124 while (p > old) {
1125 if (!strchr(DIGITS, p[-1]))
1126 break;
1127
1128 p--;
1129 }
1130
1131 if (*p == 0 || safe_atou64(p, &u) < 0 || u <= 0)
1132 u = 1;
1133
1134 /* Add a random number to the old value. This way we can avoid
1135 * that two hosts pick the same hostname, win on IPv4 and lose
1136 * on IPv6 (or vice versa), and pick the same hostname
1137 * replacement hostname, ad infinitum. We still want the
1138 * numbers to go up monotonically, hence we just add a random
1139 * value 1..10 */
1140
1141 random_bytes(&a, sizeof(a));
1142 u += 1 + a % 10;
1143
1144 if (asprintf(&n, "%.*s%" PRIu64, (int) (p - old), old, u) < 0)
1145 return -ENOMEM;
1146
1147 *ret_new = n;
1148
1149 return 0;
1150 }
1151
1152 int manager_next_hostname(Manager *m) {
1153 _cleanup_free_ char *h = NULL, *k = NULL;
1154 int r;
1155
1156 assert(m);
1157
1158 r = manager_next_random_name(m->llmnr_hostname, &h);
1159 if (r < 0)
1160 return r;
1161
1162 r = dns_name_concat(h, "local", 0, &k);
1163 if (r < 0)
1164 return r;
1165
1166 log_info("Hostname conflict, changing published hostname from '%s' to '%s'.", m->llmnr_hostname, h);
1167
1168 free_and_replace(m->llmnr_hostname, h);
1169 free_and_replace(m->mdns_hostname, k);
1170
1171 manager_refresh_rrs(m);
1172
1173 return 0;
1174 }
1175
1176 LinkAddress* manager_find_link_address(Manager *m, int family, const union in_addr_union *in_addr) {
1177 Iterator i;
1178 Link *l;
1179
1180 assert(m);
1181
1182 HASHMAP_FOREACH(l, m->links, i) {
1183 LinkAddress *a;
1184
1185 a = link_find_address(l, family, in_addr);
1186 if (a)
1187 return a;
1188 }
1189
1190 return NULL;
1191 }
1192
1193 bool manager_our_packet(Manager *m, DnsPacket *p) {
1194 assert(m);
1195 assert(p);
1196
1197 return !!manager_find_link_address(m, p->family, &p->sender);
1198 }
1199
1200 DnsScope* manager_find_scope(Manager *m, DnsPacket *p) {
1201 Link *l;
1202
1203 assert(m);
1204 assert(p);
1205
1206 l = hashmap_get(m->links, INT_TO_PTR(p->ifindex));
1207 if (!l)
1208 return NULL;
1209
1210 switch (p->protocol) {
1211 case DNS_PROTOCOL_LLMNR:
1212 if (p->family == AF_INET)
1213 return l->llmnr_ipv4_scope;
1214 else if (p->family == AF_INET6)
1215 return l->llmnr_ipv6_scope;
1216
1217 break;
1218
1219 case DNS_PROTOCOL_MDNS:
1220 if (p->family == AF_INET)
1221 return l->mdns_ipv4_scope;
1222 else if (p->family == AF_INET6)
1223 return l->mdns_ipv6_scope;
1224
1225 break;
1226
1227 default:
1228 break;
1229 }
1230
1231 return NULL;
1232 }
1233
1234 void manager_verify_all(Manager *m) {
1235 DnsScope *s;
1236
1237 assert(m);
1238
1239 LIST_FOREACH(scopes, s, m->dns_scopes)
1240 dns_zone_verify_all(&s->zone);
1241 }
1242
1243 int manager_is_own_hostname(Manager *m, const char *name) {
1244 int r;
1245
1246 assert(m);
1247 assert(name);
1248
1249 if (m->llmnr_hostname) {
1250 r = dns_name_equal(name, m->llmnr_hostname);
1251 if (r != 0)
1252 return r;
1253 }
1254
1255 if (m->mdns_hostname) {
1256 r = dns_name_equal(name, m->mdns_hostname);
1257 if (r != 0)
1258 return r;
1259 }
1260
1261 if (m->full_hostname)
1262 return dns_name_equal(name, m->full_hostname);
1263
1264 return 0;
1265 }
1266
1267 int manager_compile_dns_servers(Manager *m, OrderedSet **dns) {
1268 DnsServer *s;
1269 Iterator i;
1270 Link *l;
1271 int r;
1272
1273 assert(m);
1274 assert(dns);
1275
1276 r = ordered_set_ensure_allocated(dns, &dns_server_hash_ops);
1277 if (r < 0)
1278 return r;
1279
1280 /* First add the system-wide servers and domains */
1281 LIST_FOREACH(servers, s, m->dns_servers) {
1282 r = ordered_set_put(*dns, s);
1283 if (r == -EEXIST)
1284 continue;
1285 if (r < 0)
1286 return r;
1287 }
1288
1289 /* Then, add the per-link servers */
1290 HASHMAP_FOREACH(l, m->links, i) {
1291 LIST_FOREACH(servers, s, l->dns_servers) {
1292 r = ordered_set_put(*dns, s);
1293 if (r == -EEXIST)
1294 continue;
1295 if (r < 0)
1296 return r;
1297 }
1298 }
1299
1300 /* If we found nothing, add the fallback servers */
1301 if (ordered_set_isempty(*dns)) {
1302 LIST_FOREACH(servers, s, m->fallback_dns_servers) {
1303 r = ordered_set_put(*dns, s);
1304 if (r == -EEXIST)
1305 continue;
1306 if (r < 0)
1307 return r;
1308 }
1309 }
1310
1311 return 0;
1312 }
1313
1314 /* filter_route is a tri-state:
1315 * < 0: no filtering
1316 * = 0 or false: return only domains which should be used for searching
1317 * > 0 or true: return only domains which are for routing only
1318 */
1319 int manager_compile_search_domains(Manager *m, OrderedSet **domains, int filter_route) {
1320 DnsSearchDomain *d;
1321 Iterator i;
1322 Link *l;
1323 int r;
1324
1325 assert(m);
1326 assert(domains);
1327
1328 r = ordered_set_ensure_allocated(domains, &dns_name_hash_ops);
1329 if (r < 0)
1330 return r;
1331
1332 LIST_FOREACH(domains, d, m->search_domains) {
1333
1334 if (filter_route >= 0 &&
1335 d->route_only != !!filter_route)
1336 continue;
1337
1338 r = ordered_set_put(*domains, d->name);
1339 if (r == -EEXIST)
1340 continue;
1341 if (r < 0)
1342 return r;
1343 }
1344
1345 HASHMAP_FOREACH(l, m->links, i) {
1346
1347 LIST_FOREACH(domains, d, l->search_domains) {
1348
1349 if (filter_route >= 0 &&
1350 d->route_only != !!filter_route)
1351 continue;
1352
1353 r = ordered_set_put(*domains, d->name);
1354 if (r == -EEXIST)
1355 continue;
1356 if (r < 0)
1357 return r;
1358 }
1359 }
1360
1361 return 0;
1362 }
1363
1364 DnssecMode manager_get_dnssec_mode(Manager *m) {
1365 assert(m);
1366
1367 if (m->dnssec_mode != _DNSSEC_MODE_INVALID)
1368 return m->dnssec_mode;
1369
1370 return DNSSEC_NO;
1371 }
1372
1373 bool manager_dnssec_supported(Manager *m) {
1374 DnsServer *server;
1375 Iterator i;
1376 Link *l;
1377
1378 assert(m);
1379
1380 if (manager_get_dnssec_mode(m) == DNSSEC_NO)
1381 return false;
1382
1383 server = manager_get_dns_server(m);
1384 if (server && !dns_server_dnssec_supported(server))
1385 return false;
1386
1387 HASHMAP_FOREACH(l, m->links, i)
1388 if (!link_dnssec_supported(l))
1389 return false;
1390
1391 return true;
1392 }
1393
1394 DnsOverTlsMode manager_get_dns_over_tls_mode(Manager *m) {
1395 assert(m);
1396
1397 if (m->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
1398 return m->dns_over_tls_mode;
1399
1400 return DNS_OVER_TLS_NO;
1401 }
1402
1403 void manager_dnssec_verdict(Manager *m, DnssecVerdict verdict, const DnsResourceKey *key) {
1404
1405 assert(verdict >= 0);
1406 assert(verdict < _DNSSEC_VERDICT_MAX);
1407
1408 if (DEBUG_LOGGING) {
1409 char s[DNS_RESOURCE_KEY_STRING_MAX];
1410
1411 log_debug("Found verdict for lookup %s: %s",
1412 dns_resource_key_to_string(key, s, sizeof s),
1413 dnssec_verdict_to_string(verdict));
1414 }
1415
1416 m->n_dnssec_verdict[verdict]++;
1417 }
1418
1419 bool manager_routable(Manager *m, int family) {
1420 Iterator i;
1421 Link *l;
1422
1423 assert(m);
1424
1425 /* Returns true if the host has at least one interface with a routable address of the specified type */
1426
1427 HASHMAP_FOREACH(l, m->links, i)
1428 if (link_relevant(l, family, false))
1429 return true;
1430
1431 return false;
1432 }
1433
1434 void manager_flush_caches(Manager *m) {
1435 DnsScope *scope;
1436
1437 assert(m);
1438
1439 LIST_FOREACH(scopes, scope, m->dns_scopes)
1440 dns_cache_flush(&scope->cache);
1441
1442 log_info("Flushed all caches.");
1443 }
1444
1445 void manager_reset_server_features(Manager *m) {
1446 Iterator i;
1447 Link *l;
1448
1449 dns_server_reset_features_all(m->dns_servers);
1450 dns_server_reset_features_all(m->fallback_dns_servers);
1451
1452 HASHMAP_FOREACH(l, m->links, i)
1453 dns_server_reset_features_all(l->dns_servers);
1454
1455 log_info("Resetting learnt feature levels on all servers.");
1456 }
1457
1458 void manager_cleanup_saved_user(Manager *m) {
1459 _cleanup_closedir_ DIR *d = NULL;
1460 struct dirent *de;
1461 int r;
1462
1463 assert(m);
1464
1465 /* Clean up all saved per-link files in /run/systemd/resolve/netif/ that don't have a matching interface
1466 * anymore. These files are created to persist settings pushed in by the user via the bus, so that resolved can
1467 * be restarted without losing this data. */
1468
1469 d = opendir("/run/systemd/resolve/netif/");
1470 if (!d) {
1471 if (errno == ENOENT)
1472 return;
1473
1474 log_warning_errno(errno, "Failed to open interface directory: %m");
1475 return;
1476 }
1477
1478 FOREACH_DIRENT_ALL(de, d, log_error_errno(errno, "Failed to read interface directory: %m")) {
1479 _cleanup_free_ char *p = NULL;
1480 int ifindex;
1481 Link *l;
1482
1483 if (!IN_SET(de->d_type, DT_UNKNOWN, DT_REG))
1484 continue;
1485
1486 if (dot_or_dot_dot(de->d_name))
1487 continue;
1488
1489 r = parse_ifindex(de->d_name, &ifindex);
1490 if (r < 0) /* Probably some temporary file from a previous run. Delete it */
1491 goto rm;
1492
1493 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
1494 if (!l) /* link vanished */
1495 goto rm;
1496
1497 if (l->is_managed) /* now managed by networkd, hence the bus settings are useless */
1498 goto rm;
1499
1500 continue;
1501
1502 rm:
1503 p = strappend("/run/systemd/resolve/netif/", de->d_name);
1504 if (!p) {
1505 log_oom();
1506 return;
1507 }
1508
1509 (void) unlink(p);
1510 }
1511 }
1512
1513 bool manager_next_dnssd_names(Manager *m) {
1514 Iterator i;
1515 DnssdService *s;
1516 bool tried = false;
1517 int r;
1518
1519 assert(m);
1520
1521 HASHMAP_FOREACH(s, m->dnssd_services, i) {
1522 _cleanup_free_ char * new_name = NULL;
1523
1524 if (!s->withdrawn)
1525 continue;
1526
1527 r = manager_next_random_name(s->name_template, &new_name);
1528 if (r < 0) {
1529 log_warning_errno(r, "Failed to get new name for service '%s': %m", s->name);
1530 continue;
1531 }
1532
1533 free_and_replace(s->name_template, new_name);
1534
1535 s->withdrawn = false;
1536
1537 tried = true;
1538 }
1539
1540 if (tried)
1541 manager_refresh_rrs(m);
1542
1543 return tried;
1544 }
Unnamed repository; edit this file 'description' to name the repository.