]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolved-manager.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
resolved: maintain order when writing resolv.conf entries
[thirdparty/systemd.git] / src / resolve / resolved-manager.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2014 Tom Gundersen <teg@jklm.no>
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <resolv.h>
23 #include <sys/ioctl.h>
24 #include <poll.h>
25 #include <netinet/in.h>
26
27 #include "rtnl-util.h"
28 #include "network-internal.h"
29 #include "socket-util.h"
30 #include "af-list.h"
31 #include "utf8.h"
32 #include "fileio-label.h"
33 #include "ordered-set.h"
34
35 #include "resolved-dns-domain.h"
36 #include "resolved-conf.h"
37 #include "resolved-bus.h"
38 #include "resolved-manager.h"
39
40 #define SEND_TIMEOUT_USEC (200 * USEC_PER_MSEC)
41
42 static int manager_process_link(sd_rtnl *rtnl, sd_rtnl_message *mm, void *userdata) {
43 Manager *m = userdata;
44 uint16_t type;
45 Link *l;
46 int ifindex, r;
47
48 assert(rtnl);
49 assert(m);
50 assert(mm);
51
52 r = sd_rtnl_message_get_type(mm, &type);
53 if (r < 0)
54 goto fail;
55
56 r = sd_rtnl_message_link_get_ifindex(mm, &ifindex);
57 if (r < 0)
58 goto fail;
59
60 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
61
62 switch (type) {
63
64 case RTM_NEWLINK:{
65 bool is_new = !l;
66
67 if (!l) {
68 r = link_new(m, &l, ifindex);
69 if (r < 0)
70 goto fail;
71 }
72
73 r = link_update_rtnl(l, mm);
74 if (r < 0)
75 goto fail;
76
77 r = link_update_monitor(l);
78 if (r < 0)
79 goto fail;
80
81 if (is_new)
82 log_debug("Found new link %i/%s", ifindex, l->name);
83
84 break;
85 }
86
87 case RTM_DELLINK:
88 if (l) {
89 log_debug("Removing link %i/%s", l->ifindex, l->name);
90 link_free(l);
91 }
92
93 break;
94 }
95
96 return 0;
97
98 fail:
99 log_warning_errno(r, "Failed to process RTNL link message: %m");
100 return 0;
101 }
102
103 static int manager_process_address(sd_rtnl *rtnl, sd_rtnl_message *mm, void *userdata) {
104 Manager *m = userdata;
105 union in_addr_union address;
106 uint16_t type;
107 int r, ifindex, family;
108 LinkAddress *a;
109 Link *l;
110
111 assert(rtnl);
112 assert(mm);
113 assert(m);
114
115 r = sd_rtnl_message_get_type(mm, &type);
116 if (r < 0)
117 goto fail;
118
119 r = sd_rtnl_message_addr_get_ifindex(mm, &ifindex);
120 if (r < 0)
121 goto fail;
122
123 l = hashmap_get(m->links, INT_TO_PTR(ifindex));
124 if (!l)
125 return 0;
126
127 r = sd_rtnl_message_addr_get_family(mm, &family);
128 if (r < 0)
129 goto fail;
130
131 switch (family) {
132
133 case AF_INET:
134 r = sd_rtnl_message_read_in_addr(mm, IFA_LOCAL, &address.in);
135 if (r < 0) {
136 r = sd_rtnl_message_read_in_addr(mm, IFA_ADDRESS, &address.in);
137 if (r < 0)
138 goto fail;
139 }
140
141 break;
142
143 case AF_INET6:
144 r = sd_rtnl_message_read_in6_addr(mm, IFA_LOCAL, &address.in6);
145 if (r < 0) {
146 r = sd_rtnl_message_read_in6_addr(mm, IFA_ADDRESS, &address.in6);
147 if (r < 0)
148 goto fail;
149 }
150
151 break;
152
153 default:
154 return 0;
155 }
156
157 a = link_find_address(l, family, &address);
158
159 switch (type) {
160
161 case RTM_NEWADDR:
162
163 if (!a) {
164 r = link_address_new(l, &a, family, &address);
165 if (r < 0)
166 return r;
167 }
168
169 r = link_address_update_rtnl(a, mm);
170 if (r < 0)
171 return r;
172
173 break;
174
175 case RTM_DELADDR:
176 if (a)
177 link_address_free(a);
178 break;
179 }
180
181 return 0;
182
183 fail:
184 log_warning_errno(r, "Failed to process RTNL address message: %m");
185 return 0;
186 }
187
188 static int manager_rtnl_listen(Manager *m) {
189 _cleanup_rtnl_message_unref_ sd_rtnl_message *req = NULL, *reply = NULL;
190 sd_rtnl_message *i;
191 int r;
192
193 assert(m);
194
195 /* First, subscribe to interfaces coming and going */
196 r = sd_rtnl_open(&m->rtnl, 3, RTNLGRP_LINK, RTNLGRP_IPV4_IFADDR, RTNLGRP_IPV6_IFADDR);
197 if (r < 0)
198 return r;
199
200 r = sd_rtnl_attach_event(m->rtnl, m->event, 0);
201 if (r < 0)
202 return r;
203
204 r = sd_rtnl_add_match(m->rtnl, RTM_NEWLINK, manager_process_link, m);
205 if (r < 0)
206 return r;
207
208 r = sd_rtnl_add_match(m->rtnl, RTM_DELLINK, manager_process_link, m);
209 if (r < 0)
210 return r;
211
212 r = sd_rtnl_add_match(m->rtnl, RTM_NEWADDR, manager_process_address, m);
213 if (r < 0)
214 return r;
215
216 r = sd_rtnl_add_match(m->rtnl, RTM_DELADDR, manager_process_address, m);
217 if (r < 0)
218 return r;
219
220 /* Then, enumerate all links */
221 r = sd_rtnl_message_new_link(m->rtnl, &req, RTM_GETLINK, 0);
222 if (r < 0)
223 return r;
224
225 r = sd_rtnl_message_request_dump(req, true);
226 if (r < 0)
227 return r;
228
229 r = sd_rtnl_call(m->rtnl, req, 0, &reply);
230 if (r < 0)
231 return r;
232
233 for (i = reply; i; i = sd_rtnl_message_next(i)) {
234 r = manager_process_link(m->rtnl, i, m);
235 if (r < 0)
236 return r;
237 }
238
239 req = sd_rtnl_message_unref(req);
240 reply = sd_rtnl_message_unref(reply);
241
242 /* Finally, enumerate all addresses, too */
243 r = sd_rtnl_message_new_addr(m->rtnl, &req, RTM_GETADDR, 0, AF_UNSPEC);
244 if (r < 0)
245 return r;
246
247 r = sd_rtnl_message_request_dump(req, true);
248 if (r < 0)
249 return r;
250
251 r = sd_rtnl_call(m->rtnl, req, 0, &reply);
252 if (r < 0)
253 return r;
254
255 for (i = reply; i; i = sd_rtnl_message_next(i)) {
256 r = manager_process_address(m->rtnl, i, m);
257 if (r < 0)
258 return r;
259 }
260
261 return r;
262 }
263
264 static int on_network_event(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
265 Manager *m = userdata;
266 Iterator i;
267 Link *l;
268 int r;
269
270 assert(m);
271
272 sd_network_monitor_flush(m->network_monitor);
273
274 HASHMAP_FOREACH(l, m->links, i) {
275 r = link_update_monitor(l);
276 if (r < 0)
277 log_warning_errno(r, "Failed to update monitor information for %i: %m", l->ifindex);
278 }
279
280 r = manager_write_resolv_conf(m);
281 if (r < 0)
282 log_warning_errno(r, "Could not update resolv.conf: %m");
283
284 return 0;
285 }
286
287 static int manager_network_monitor_listen(Manager *m) {
288 int r, fd, events;
289
290 assert(m);
291
292 r = sd_network_monitor_new(&m->network_monitor, NULL);
293 if (r < 0)
294 return r;
295
296 fd = sd_network_monitor_get_fd(m->network_monitor);
297 if (fd < 0)
298 return fd;
299
300 events = sd_network_monitor_get_events(m->network_monitor);
301 if (events < 0)
302 return events;
303
304 r = sd_event_add_io(m->event, &m->network_event_source, fd, events, &on_network_event, m);
305 if (r < 0)
306 return r;
307
308 return 0;
309 }
310
311 static int determine_hostname(char **ret) {
312 _cleanup_free_ char *h = NULL, *n = NULL;
313 int r;
314
315 assert(ret);
316
317 h = gethostname_malloc();
318 if (!h)
319 return log_oom();
320
321 if (!utf8_is_valid(h)) {
322 log_error("System hostname is not UTF-8 clean.");
323 return -EINVAL;
324 }
325
326 r = dns_name_normalize(h, &n);
327 if (r < 0) {
328 log_error("System hostname '%s' cannot be normalized.", h);
329 return r;
330 }
331
332 *ret = n;
333 n = NULL;
334
335 return 0;
336 }
337
338 static int on_hostname_change(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
339 _cleanup_free_ char *h = NULL;
340 Manager *m = userdata;
341 int r;
342
343 assert(m);
344
345 r = determine_hostname(&h);
346 if (r < 0)
347 return 0; /* ignore invalid hostnames */
348
349 if (streq(h, m->hostname))
350 return 0;
351
352 log_info("System hostname changed to '%s'.", h);
353 free(m->hostname);
354 m->hostname = h;
355 h = NULL;
356
357 manager_refresh_rrs(m);
358
359 return 0;
360 }
361
362 static int manager_watch_hostname(Manager *m) {
363 int r;
364
365 assert(m);
366
367 m->hostname_fd = open("/proc/sys/kernel/hostname", O_RDONLY|O_CLOEXEC|O_NDELAY|O_NOCTTY);
368 if (m->hostname_fd < 0) {
369 log_warning_errno(errno, "Failed to watch hostname: %m");
370 return 0;
371 }
372
373 r = sd_event_add_io(m->event, &m->hostname_event_source, m->hostname_fd, 0, on_hostname_change, m);
374 if (r < 0) {
375 if (r == -EPERM)
376 /* kernels prior to 3.2 don't support polling this file. Ignore the failure. */
377 m->hostname_fd = safe_close(m->hostname_fd);
378 else
379 return log_error_errno(r, "Failed to add hostname event source: %m");
380 }
381
382 r = determine_hostname(&m->hostname);
383 if (r < 0) {
384 log_info("Defaulting to hostname 'linux'.");
385 m->hostname = strdup("linux");
386 if (!m->hostname)
387 return log_oom();
388 } else
389 log_info("Using system hostname '%s'.", m->hostname);
390
391 return 0;
392 }
393
394 static void manager_llmnr_stop(Manager *m) {
395 assert(m);
396
397 m->llmnr_ipv4_udp_event_source = sd_event_source_unref(m->llmnr_ipv4_udp_event_source);
398 m->llmnr_ipv4_udp_fd = safe_close(m->llmnr_ipv4_udp_fd);
399
400 m->llmnr_ipv6_udp_event_source = sd_event_source_unref(m->llmnr_ipv6_udp_event_source);
401 m->llmnr_ipv6_udp_fd = safe_close(m->llmnr_ipv6_udp_fd);
402
403 m->llmnr_ipv4_tcp_event_source = sd_event_source_unref(m->llmnr_ipv4_tcp_event_source);
404 m->llmnr_ipv4_tcp_fd = safe_close(m->llmnr_ipv4_tcp_fd);
405
406 m->llmnr_ipv6_tcp_event_source = sd_event_source_unref(m->llmnr_ipv6_tcp_event_source);
407 m->llmnr_ipv6_tcp_fd = safe_close(m->llmnr_ipv6_tcp_fd);
408 }
409
410 static int manager_llmnr_start(Manager *m) {
411 int r;
412
413 assert(m);
414
415 if (m->llmnr_support == SUPPORT_NO)
416 return 0;
417
418 r = manager_llmnr_ipv4_udp_fd(m);
419 if (r == -EADDRINUSE)
420 goto eaddrinuse;
421 if (r < 0)
422 return r;
423
424 r = manager_llmnr_ipv4_tcp_fd(m);
425 if (r == -EADDRINUSE)
426 goto eaddrinuse;
427 if (r < 0)
428 return r;
429
430 if (socket_ipv6_is_supported()) {
431 r = manager_llmnr_ipv6_udp_fd(m);
432 if (r == -EADDRINUSE)
433 goto eaddrinuse;
434 if (r < 0)
435 return r;
436
437 r = manager_llmnr_ipv6_tcp_fd(m);
438 if (r == -EADDRINUSE)
439 goto eaddrinuse;
440 if (r < 0)
441 return r;
442 }
443
444 return 0;
445
446 eaddrinuse:
447 log_warning("There appears to be another LLMNR responder running. Turning off LLMNR support.");
448 m->llmnr_support = SUPPORT_NO;
449 manager_llmnr_stop(m);
450
451 return 0;
452 }
453
454 int manager_new(Manager **ret) {
455 _cleanup_(manager_freep) Manager *m = NULL;
456 int r;
457
458 assert(ret);
459
460 m = new0(Manager, 1);
461 if (!m)
462 return -ENOMEM;
463
464 m->dns_ipv4_fd = m->dns_ipv6_fd = -1;
465 m->llmnr_ipv4_udp_fd = m->llmnr_ipv6_udp_fd = -1;
466 m->llmnr_ipv4_tcp_fd = m->llmnr_ipv6_tcp_fd = -1;
467 m->hostname_fd = -1;
468
469 m->llmnr_support = SUPPORT_YES;
470 m->read_resolv_conf = true;
471
472 r = manager_parse_dns_server(m, DNS_SERVER_FALLBACK, DNS_SERVERS);
473 if (r < 0)
474 return r;
475
476 r = sd_event_default(&m->event);
477 if (r < 0)
478 return r;
479
480 sd_event_add_signal(m->event, NULL, SIGTERM, NULL, NULL);
481 sd_event_add_signal(m->event, NULL, SIGINT, NULL, NULL);
482
483 sd_event_set_watchdog(m->event, true);
484
485 r = manager_watch_hostname(m);
486 if (r < 0)
487 return r;
488
489 r = dns_scope_new(m, &m->unicast_scope, NULL, DNS_PROTOCOL_DNS, AF_UNSPEC);
490 if (r < 0)
491 return r;
492
493 r = manager_network_monitor_listen(m);
494 if (r < 0)
495 return r;
496
497 r = manager_rtnl_listen(m);
498 if (r < 0)
499 return r;
500
501 r = manager_connect_bus(m);
502 if (r < 0)
503 return r;
504
505 *ret = m;
506 m = NULL;
507
508 return 0;
509 }
510
511 int manager_start(Manager *m) {
512 int r;
513
514 assert(m);
515
516 r = manager_llmnr_start(m);
517 if (r < 0)
518 return r;
519
520 return 0;
521 }
522
523 Manager *manager_free(Manager *m) {
524 Link *l;
525
526 if (!m)
527 return NULL;
528
529 while ((l = hashmap_first(m->links)))
530 link_free(l);
531
532 while (m->dns_queries)
533 dns_query_free(m->dns_queries);
534
535 dns_scope_free(m->unicast_scope);
536
537 manager_flush_dns_servers(m, DNS_SERVER_SYSTEM);
538 manager_flush_dns_servers(m, DNS_SERVER_FALLBACK);
539
540 hashmap_free(m->links);
541 hashmap_free(m->dns_transactions);
542
543 sd_event_source_unref(m->network_event_source);
544 sd_network_monitor_unref(m->network_monitor);
545
546 sd_event_source_unref(m->dns_ipv4_event_source);
547 sd_event_source_unref(m->dns_ipv6_event_source);
548 safe_close(m->dns_ipv4_fd);
549 safe_close(m->dns_ipv6_fd);
550
551 manager_llmnr_stop(m);
552
553 sd_bus_slot_unref(m->prepare_for_sleep_slot);
554 sd_event_source_unref(m->bus_retry_event_source);
555 sd_bus_unref(m->bus);
556
557 sd_event_unref(m->event);
558
559 dns_resource_key_unref(m->host_ipv4_key);
560 dns_resource_key_unref(m->host_ipv6_key);
561
562 safe_close(m->hostname_fd);
563 sd_event_source_unref(m->hostname_event_source);
564 free(m->hostname);
565
566 free(m);
567
568 return NULL;
569 }
570
571 int manager_read_resolv_conf(Manager *m) {
572 _cleanup_fclose_ FILE *f = NULL;
573 struct stat st, own;
574 char line[LINE_MAX];
575 DnsServer *s, *nx;
576 usec_t t;
577 int r;
578
579 assert(m);
580
581 /* Reads the system /etc/resolv.conf, if it exists and is not
582 * symlinked to our own resolv.conf instance */
583
584 if (!m->read_resolv_conf)
585 return 0;
586
587 r = stat("/etc/resolv.conf", &st);
588 if (r < 0) {
589 if (errno != ENOENT)
590 log_warning_errno(errno, "Failed to open /etc/resolv.conf: %m");
591 r = -errno;
592 goto clear;
593 }
594
595 /* Have we already seen the file? */
596 t = timespec_load(&st.st_mtim);
597 if (t == m->resolv_conf_mtime)
598 return 0;
599
600 m->resolv_conf_mtime = t;
601
602 /* Is it symlinked to our own file? */
603 if (stat("/run/systemd/resolve/resolv.conf", &own) >= 0 &&
604 st.st_dev == own.st_dev &&
605 st.st_ino == own.st_ino) {
606 r = 0;
607 goto clear;
608 }
609
610 f = fopen("/etc/resolv.conf", "re");
611 if (!f) {
612 if (errno != ENOENT)
613 log_warning_errno(errno, "Failed to open /etc/resolv.conf: %m");
614 r = -errno;
615 goto clear;
616 }
617
618 if (fstat(fileno(f), &st) < 0) {
619 log_error_errno(errno, "Failed to stat open file: %m");
620 r = -errno;
621 goto clear;
622 }
623
624 LIST_FOREACH(servers, s, m->dns_servers)
625 s->marked = true;
626
627 FOREACH_LINE(line, f, r = -errno; goto clear) {
628 union in_addr_union address;
629 int family;
630 char *l;
631 const char *a;
632
633 truncate_nl(line);
634
635 l = strstrip(line);
636 if (*l == '#' || *l == ';')
637 continue;
638
639 a = first_word(l, "nameserver");
640 if (!a)
641 continue;
642
643 r = in_addr_from_string_auto(a, &family, &address);
644 if (r < 0) {
645 log_warning("Failed to parse name server %s.", a);
646 continue;
647 }
648
649 LIST_FOREACH(servers, s, m->dns_servers)
650 if (s->family == family && in_addr_equal(family, &s->address, &address) > 0)
651 break;
652
653 if (s)
654 s->marked = false;
655 else {
656 r = dns_server_new(m, NULL, DNS_SERVER_SYSTEM, NULL, family, &address);
657 if (r < 0)
658 goto clear;
659 }
660 }
661
662 LIST_FOREACH_SAFE(servers, s, nx, m->dns_servers)
663 if (s->marked)
664 dns_server_free(s);
665
666 /* Whenever /etc/resolv.conf changes, start using the first
667 * DNS server of it. This is useful to deal with broken
668 * network managing implementations (like NetworkManager),
669 * that when connecting to a VPN place both the VPN DNS
670 * servers and the local ones in /etc/resolv.conf. Without
671 * resetting the DNS server to use back to the first entry we
672 * will continue to use the local one thus being unable to
673 * resolve VPN domains. */
674 manager_set_dns_server(m, m->dns_servers);
675
676 return 0;
677
678 clear:
679 while (m->dns_servers)
680 dns_server_free(m->dns_servers);
681
682 return r;
683 }
684
685 static void write_resolv_conf_server(DnsServer *s, FILE *f, unsigned *count) {
686 _cleanup_free_ char *t = NULL;
687 int r;
688
689 assert(s);
690 assert(f);
691 assert(count);
692
693 r = in_addr_to_string(s->family, &s->address, &t);
694 if (r < 0) {
695 log_warning_errno(r, "Invalid DNS address. Ignoring: %m");
696 return;
697 }
698
699 if (*count == MAXNS)
700 fputs("# Too many DNS servers configured, the following entries may be ignored.\n", f);
701
702 fprintf(f, "nameserver %s\n", t);
703 (*count) ++;
704 }
705
706 static void write_resolv_conf_search(
707 const char *domain, FILE *f,
708 unsigned *count,
709 unsigned *length) {
710
711 assert(domain);
712 assert(f);
713 assert(length);
714
715 if (*count >= MAXDNSRCH ||
716 *length + strlen(domain) > 256) {
717 if (*count == MAXDNSRCH)
718 fputs(" # Too many search domains configured, remaining ones ignored.", f);
719 if (*length <= 256)
720 fputs(" # Total length of all search domains is too long, remaining ones ignored.", f);
721
722 return;
723 }
724
725 fprintf(f, " %s", domain);
726
727 (*length) += strlen(domain);
728 (*count) ++;
729 }
730
731 static int write_resolv_conf_contents(FILE *f, OrderedSet *dns, OrderedSet *domains) {
732 Iterator i;
733
734 fputs("# This file is managed by systemd-resolved(8). Do not edit.\n#\n"
735 "# Third party programs must not access this file directly, but\n"
736 "# only through the symlink at /etc/resolv.conf. To manage\n"
737 "# resolv.conf(5) in a different way, replace the symlink by a\n"
738 "# static file or a different symlink.\n\n", f);
739
740 if (ordered_set_isempty(dns))
741 fputs("# No DNS servers known.\n", f);
742 else {
743 DnsServer *s;
744 unsigned count = 0;
745
746 ORDERED_SET_FOREACH(s, dns, i)
747 write_resolv_conf_server(s, f, &count);
748 }
749
750 if (!ordered_set_isempty(domains)) {
751 unsigned length = 0, count = 0;
752 char *domain;
753
754 fputs("search", f);
755 ORDERED_SET_FOREACH(domain, domains, i)
756 write_resolv_conf_search(domain, f, &count, &length);
757 fputs("\n", f);
758 }
759
760 return fflush_and_check(f);
761 }
762
763 int manager_write_resolv_conf(Manager *m) {
764 static const char path[] = "/run/systemd/resolve/resolv.conf";
765 _cleanup_free_ char *temp_path = NULL;
766 _cleanup_fclose_ FILE *f = NULL;
767 _cleanup_ordered_set_free_ OrderedSet *dns = NULL, *domains = NULL;
768 DnsServer *s;
769 Iterator i;
770 Link *l;
771 int r;
772
773 assert(m);
774
775 /* Read the system /etc/resolv.conf first */
776 manager_read_resolv_conf(m);
777
778 /* Add the full list to a set, to filter out duplicates */
779 dns = ordered_set_new(&dns_server_hash_ops);
780 if (!dns)
781 return -ENOMEM;
782
783 domains = ordered_set_new(&dns_name_hash_ops);
784 if (!domains)
785 return -ENOMEM;
786
787 /* First add the system-wide servers */
788 LIST_FOREACH(servers, s, m->dns_servers) {
789 r = ordered_set_put(dns, s);
790 if (r == -EEXIST)
791 continue;
792 if (r < 0)
793 return r;
794 }
795
796 /* Then, add the per-link servers and domains */
797 HASHMAP_FOREACH(l, m->links, i) {
798 char **domain;
799
800 LIST_FOREACH(servers, s, l->dns_servers) {
801 r = ordered_set_put(dns, s);
802 if (r == -EEXIST)
803 continue;
804 if (r < 0)
805 return r;
806 }
807
808 if (!l->unicast_scope)
809 continue;
810
811 STRV_FOREACH(domain, l->unicast_scope->domains) {
812 r = ordered_set_put(domains, *domain);
813 if (r == -EEXIST)
814 continue;
815 if (r < 0)
816 return r;
817 }
818 }
819
820 /* If we found nothing, add the fallback servers */
821 if (ordered_set_isempty(dns)) {
822 LIST_FOREACH(servers, s, m->fallback_dns_servers) {
823 r = ordered_set_put(dns, s);
824 if (r == -EEXIST)
825 continue;
826 if (r < 0)
827 return r;
828 }
829 }
830
831 r = fopen_temporary_label(path, path, &f, &temp_path);
832 if (r < 0)
833 return r;
834
835 fchmod(fileno(f), 0644);
836
837 r = write_resolv_conf_contents(f, dns, domains);
838 if (r < 0)
839 goto fail;
840
841 if (rename(temp_path, path) < 0) {
842 r = -errno;
843 goto fail;
844 }
845
846 return 0;
847
848 fail:
849 (void) unlink(path);
850 (void) unlink(temp_path);
851 return r;
852 }
853
854 int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) {
855 _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
856 union {
857 struct cmsghdr header; /* For alignment */
858 uint8_t buffer[CMSG_SPACE(MAXSIZE(struct in_pktinfo, struct in6_pktinfo))
859 + CMSG_SPACE(int) /* ttl/hoplimit */
860 + EXTRA_CMSG_SPACE /* kernel appears to require extra buffer space */];
861 } control;
862 union sockaddr_union sa;
863 struct msghdr mh = {};
864 struct cmsghdr *cmsg;
865 struct iovec iov;
866 int ms = 0, r;
867 ssize_t l;
868
869 assert(m);
870 assert(fd >= 0);
871 assert(ret);
872
873 r = ioctl(fd, FIONREAD, &ms);
874 if (r < 0)
875 return -errno;
876 if (ms < 0)
877 return -EIO;
878
879 r = dns_packet_new(&p, protocol, ms);
880 if (r < 0)
881 return r;
882
883 iov.iov_base = DNS_PACKET_DATA(p);
884 iov.iov_len = p->allocated;
885
886 mh.msg_name = &sa.sa;
887 mh.msg_namelen = sizeof(sa);
888 mh.msg_iov = &iov;
889 mh.msg_iovlen = 1;
890 mh.msg_control = &control;
891 mh.msg_controllen = sizeof(control);
892
893 l = recvmsg(fd, &mh, 0);
894 if (l < 0) {
895 if (errno == EAGAIN || errno == EINTR)
896 return 0;
897
898 return -errno;
899 }
900
901 if (l <= 0)
902 return -EIO;
903
904 assert(!(mh.msg_flags & MSG_CTRUNC));
905 assert(!(mh.msg_flags & MSG_TRUNC));
906
907 p->size = (size_t) l;
908
909 p->family = sa.sa.sa_family;
910 p->ipproto = IPPROTO_UDP;
911 if (p->family == AF_INET) {
912 p->sender.in = sa.in.sin_addr;
913 p->sender_port = be16toh(sa.in.sin_port);
914 } else if (p->family == AF_INET6) {
915 p->sender.in6 = sa.in6.sin6_addr;
916 p->sender_port = be16toh(sa.in6.sin6_port);
917 p->ifindex = sa.in6.sin6_scope_id;
918 } else
919 return -EAFNOSUPPORT;
920
921 for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) {
922
923 if (cmsg->cmsg_level == IPPROTO_IPV6) {
924 assert(p->family == AF_INET6);
925
926 switch (cmsg->cmsg_type) {
927
928 case IPV6_PKTINFO: {
929 struct in6_pktinfo *i = (struct in6_pktinfo*) CMSG_DATA(cmsg);
930
931 if (p->ifindex <= 0)
932 p->ifindex = i->ipi6_ifindex;
933
934 p->destination.in6 = i->ipi6_addr;
935 break;
936 }
937
938 case IPV6_HOPLIMIT:
939 p->ttl = *(int *) CMSG_DATA(cmsg);
940 break;
941
942 }
943 } else if (cmsg->cmsg_level == IPPROTO_IP) {
944 assert(p->family == AF_INET);
945
946 switch (cmsg->cmsg_type) {
947
948 case IP_PKTINFO: {
949 struct in_pktinfo *i = (struct in_pktinfo*) CMSG_DATA(cmsg);
950
951 if (p->ifindex <= 0)
952 p->ifindex = i->ipi_ifindex;
953
954 p->destination.in = i->ipi_addr;
955 break;
956 }
957
958 case IP_TTL:
959 p->ttl = *(int *) CMSG_DATA(cmsg);
960 break;
961 }
962 }
963 }
964
965 /* The Linux kernel sets the interface index to the loopback
966 * device if the packet came from the local host since it
967 * avoids the routing table in such a case. Let's unset the
968 * interface index in such a case. */
969 if (p->ifindex == LOOPBACK_IFINDEX)
970 p->ifindex = 0;
971
972 /* If we don't know the interface index still, we look for the
973 * first local interface with a matching address. Yuck! */
974 if (p->ifindex <= 0)
975 p->ifindex = manager_find_ifindex(m, p->family, &p->destination);
976
977 *ret = p;
978 p = NULL;
979
980 return 1;
981 }
982
983 static int on_dns_packet(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
984 _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
985 DnsTransaction *t = NULL;
986 Manager *m = userdata;
987 int r;
988
989 r = manager_recv(m, fd, DNS_PROTOCOL_DNS, &p);
990 if (r <= 0)
991 return r;
992
993 if (dns_packet_validate_reply(p) > 0) {
994 t = hashmap_get(m->dns_transactions, UINT_TO_PTR(DNS_PACKET_ID(p)));
995 if (!t)
996 return 0;
997
998 dns_transaction_process_reply(t, p);
999
1000 } else
1001 log_debug("Invalid DNS packet.");
1002
1003 return 0;
1004 }
1005
1006 int manager_dns_ipv4_fd(Manager *m) {
1007 const int one = 1;
1008 int r;
1009
1010 assert(m);
1011
1012 if (m->dns_ipv4_fd >= 0)
1013 return m->dns_ipv4_fd;
1014
1015 m->dns_ipv4_fd = socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
1016 if (m->dns_ipv4_fd < 0)
1017 return -errno;
1018
1019 r = setsockopt(m->dns_ipv4_fd, IPPROTO_IP, IP_PKTINFO, &one, sizeof(one));
1020 if (r < 0) {
1021 r = -errno;
1022 goto fail;
1023 }
1024
1025 r = sd_event_add_io(m->event, &m->dns_ipv4_event_source, m->dns_ipv4_fd, EPOLLIN, on_dns_packet, m);
1026 if (r < 0)
1027 goto fail;
1028
1029 return m->dns_ipv4_fd;
1030
1031 fail:
1032 m->dns_ipv4_fd = safe_close(m->dns_ipv4_fd);
1033 return r;
1034 }
1035
1036 int manager_dns_ipv6_fd(Manager *m) {
1037 const int one = 1;
1038 int r;
1039
1040 assert(m);
1041
1042 if (m->dns_ipv6_fd >= 0)
1043 return m->dns_ipv6_fd;
1044
1045 m->dns_ipv6_fd = socket(AF_INET6, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
1046 if (m->dns_ipv6_fd < 0)
1047 return -errno;
1048
1049 r = setsockopt(m->dns_ipv6_fd, IPPROTO_IPV6, IPV6_RECVPKTINFO, &one, sizeof(one));
1050 if (r < 0) {
1051 r = -errno;
1052 goto fail;
1053 }
1054
1055 r = sd_event_add_io(m->event, &m->dns_ipv6_event_source, m->dns_ipv6_fd, EPOLLIN, on_dns_packet, m);
1056 if (r < 0)
1057 goto fail;
1058
1059 return m->dns_ipv6_fd;
1060
1061 fail:
1062 m->dns_ipv6_fd = safe_close(m->dns_ipv6_fd);
1063 return r;
1064 }
1065
1066 static int sendmsg_loop(int fd, struct msghdr *mh, int flags) {
1067 int r;
1068
1069 assert(fd >= 0);
1070 assert(mh);
1071
1072 for (;;) {
1073 if (sendmsg(fd, mh, flags) >= 0)
1074 return 0;
1075
1076 if (errno == EINTR)
1077 continue;
1078
1079 if (errno != EAGAIN)
1080 return -errno;
1081
1082 r = fd_wait_for_event(fd, POLLOUT, SEND_TIMEOUT_USEC);
1083 if (r < 0)
1084 return r;
1085 if (r == 0)
1086 return -ETIMEDOUT;
1087 }
1088 }
1089
1090 static int manager_ipv4_send(Manager *m, int fd, int ifindex, const struct in_addr *addr, uint16_t port, DnsPacket *p) {
1091 union sockaddr_union sa = {
1092 .in.sin_family = AF_INET,
1093 };
1094 union {
1095 struct cmsghdr header; /* For alignment */
1096 uint8_t buffer[CMSG_SPACE(sizeof(struct in_pktinfo))];
1097 } control;
1098 struct msghdr mh = {};
1099 struct iovec iov;
1100
1101 assert(m);
1102 assert(fd >= 0);
1103 assert(addr);
1104 assert(port > 0);
1105 assert(p);
1106
1107 iov.iov_base = DNS_PACKET_DATA(p);
1108 iov.iov_len = p->size;
1109
1110 sa.in.sin_addr = *addr;
1111 sa.in.sin_port = htobe16(port),
1112
1113 mh.msg_iov = &iov;
1114 mh.msg_iovlen = 1;
1115 mh.msg_name = &sa.sa;
1116 mh.msg_namelen = sizeof(sa.in);
1117
1118 if (ifindex > 0) {
1119 struct cmsghdr *cmsg;
1120 struct in_pktinfo *pi;
1121
1122 zero(control);
1123
1124 mh.msg_control = &control;
1125 mh.msg_controllen = CMSG_LEN(sizeof(struct in_pktinfo));
1126
1127 cmsg = CMSG_FIRSTHDR(&mh);
1128 cmsg->cmsg_len = mh.msg_controllen;
1129 cmsg->cmsg_level = IPPROTO_IP;
1130 cmsg->cmsg_type = IP_PKTINFO;
1131
1132 pi = (struct in_pktinfo*) CMSG_DATA(cmsg);
1133 pi->ipi_ifindex = ifindex;
1134 }
1135
1136 return sendmsg_loop(fd, &mh, 0);
1137 }
1138
1139 static int manager_ipv6_send(Manager *m, int fd, int ifindex, const struct in6_addr *addr, uint16_t port, DnsPacket *p) {
1140 union sockaddr_union sa = {
1141 .in6.sin6_family = AF_INET6,
1142 };
1143 union {
1144 struct cmsghdr header; /* For alignment */
1145 uint8_t buffer[CMSG_SPACE(sizeof(struct in6_pktinfo))];
1146 } control;
1147 struct msghdr mh = {};
1148 struct iovec iov;
1149
1150 assert(m);
1151 assert(fd >= 0);
1152 assert(addr);
1153 assert(port > 0);
1154 assert(p);
1155
1156 iov.iov_base = DNS_PACKET_DATA(p);
1157 iov.iov_len = p->size;
1158
1159 sa.in6.sin6_addr = *addr;
1160 sa.in6.sin6_port = htobe16(port),
1161 sa.in6.sin6_scope_id = ifindex;
1162
1163 mh.msg_iov = &iov;
1164 mh.msg_iovlen = 1;
1165 mh.msg_name = &sa.sa;
1166 mh.msg_namelen = sizeof(sa.in6);
1167
1168 if (ifindex > 0) {
1169 struct cmsghdr *cmsg;
1170 struct in6_pktinfo *pi;
1171
1172 zero(control);
1173
1174 mh.msg_control = &control;
1175 mh.msg_controllen = CMSG_LEN(sizeof(struct in6_pktinfo));
1176
1177 cmsg = CMSG_FIRSTHDR(&mh);
1178 cmsg->cmsg_len = mh.msg_controllen;
1179 cmsg->cmsg_level = IPPROTO_IPV6;
1180 cmsg->cmsg_type = IPV6_PKTINFO;
1181
1182 pi = (struct in6_pktinfo*) CMSG_DATA(cmsg);
1183 pi->ipi6_ifindex = ifindex;
1184 }
1185
1186 return sendmsg_loop(fd, &mh, 0);
1187 }
1188
1189 int manager_send(Manager *m, int fd, int ifindex, int family, const union in_addr_union *addr, uint16_t port, DnsPacket *p) {
1190 assert(m);
1191 assert(fd >= 0);
1192 assert(addr);
1193 assert(port > 0);
1194 assert(p);
1195
1196 log_debug("Sending %s packet with id %u on interface %i/%s", DNS_PACKET_QR(p) ? "response" : "query", DNS_PACKET_ID(p), ifindex, af_to_name(family));
1197
1198 if (family == AF_INET)
1199 return manager_ipv4_send(m, fd, ifindex, &addr->in, port, p);
1200 else if (family == AF_INET6)
1201 return manager_ipv6_send(m, fd, ifindex, &addr->in6, port, p);
1202
1203 return -EAFNOSUPPORT;
1204 }
1205
1206 DnsServer* manager_find_dns_server(Manager *m, int family, const union in_addr_union *in_addr) {
1207 DnsServer *s;
1208
1209 assert(m);
1210 assert(in_addr);
1211
1212 LIST_FOREACH(servers, s, m->dns_servers)
1213 if (s->family == family && in_addr_equal(family, &s->address, in_addr) > 0)
1214 return s;
1215
1216 LIST_FOREACH(servers, s, m->fallback_dns_servers)
1217 if (s->family == family && in_addr_equal(family, &s->address, in_addr) > 0)
1218 return s;
1219
1220 return NULL;
1221 }
1222
1223 DnsServer *manager_set_dns_server(Manager *m, DnsServer *s) {
1224 assert(m);
1225
1226 if (m->current_dns_server == s)
1227 return s;
1228
1229 if (s) {
1230 _cleanup_free_ char *ip = NULL;
1231
1232 in_addr_to_string(s->family, &s->address, &ip);
1233 log_info("Switching to system DNS server %s.", strna(ip));
1234 }
1235
1236 m->current_dns_server = s;
1237
1238 if (m->unicast_scope)
1239 dns_cache_flush(&m->unicast_scope->cache);
1240
1241 return s;
1242 }
1243
1244 DnsServer *manager_get_dns_server(Manager *m) {
1245 Link *l;
1246 assert(m);
1247
1248 /* Try to read updates resolv.conf */
1249 manager_read_resolv_conf(m);
1250
1251 if (!m->current_dns_server)
1252 manager_set_dns_server(m, m->dns_servers);
1253
1254 if (!m->current_dns_server) {
1255 bool found = false;
1256 Iterator i;
1257
1258 /* No DNS servers configured, let's see if there are
1259 * any on any links. If not, we use the fallback
1260 * servers */
1261
1262 HASHMAP_FOREACH(l, m->links, i)
1263 if (l->dns_servers) {
1264 found = true;
1265 break;
1266 }
1267
1268 if (!found)
1269 manager_set_dns_server(m, m->fallback_dns_servers);
1270 }
1271
1272 return m->current_dns_server;
1273 }
1274
1275 void manager_next_dns_server(Manager *m) {
1276 assert(m);
1277
1278 /* If there's currently no DNS server set, then the next
1279 * manager_get_dns_server() will find one */
1280 if (!m->current_dns_server)
1281 return;
1282
1283 /* Change to the next one */
1284 if (m->current_dns_server->servers_next) {
1285 manager_set_dns_server(m, m->current_dns_server->servers_next);
1286 return;
1287 }
1288
1289 /* If there was no next one, then start from the beginning of
1290 * the list */
1291 if (m->current_dns_server->type == DNS_SERVER_FALLBACK)
1292 manager_set_dns_server(m, m->fallback_dns_servers);
1293 else
1294 manager_set_dns_server(m, m->dns_servers);
1295 }
1296
1297 uint32_t manager_find_mtu(Manager *m) {
1298 uint32_t mtu = 0;
1299 Link *l;
1300 Iterator i;
1301
1302 /* If we don't know on which link a DNS packet would be
1303 * delivered, let's find the largest MTU that works on all
1304 * interfaces we know of */
1305
1306 HASHMAP_FOREACH(l, m->links, i) {
1307 if (l->mtu <= 0)
1308 continue;
1309
1310 if (mtu <= 0 || l->mtu < mtu)
1311 mtu = l->mtu;
1312 }
1313
1314 return mtu;
1315 }
1316
1317 static int on_llmnr_packet(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
1318 _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
1319 DnsTransaction *t = NULL;
1320 Manager *m = userdata;
1321 DnsScope *scope;
1322 int r;
1323
1324 r = manager_recv(m, fd, DNS_PROTOCOL_LLMNR, &p);
1325 if (r <= 0)
1326 return r;
1327
1328 scope = manager_find_scope(m, p);
1329 if (!scope) {
1330 log_warning("Got LLMNR UDP packet on unknown scope. Ignoring.");
1331 return 0;
1332 }
1333
1334 if (dns_packet_validate_reply(p) > 0) {
1335 log_debug("Got reply packet for id %u", DNS_PACKET_ID(p));
1336
1337 dns_scope_check_conflicts(scope, p);
1338
1339 t = hashmap_get(m->dns_transactions, UINT_TO_PTR(DNS_PACKET_ID(p)));
1340 if (t)
1341 dns_transaction_process_reply(t, p);
1342
1343 } else if (dns_packet_validate_query(p) > 0) {
1344 log_debug("Got query packet for id %u", DNS_PACKET_ID(p));
1345
1346 dns_scope_process_query(scope, NULL, p);
1347 } else
1348 log_debug("Invalid LLMNR UDP packet.");
1349
1350 return 0;
1351 }
1352
1353 int manager_llmnr_ipv4_udp_fd(Manager *m) {
1354 union sockaddr_union sa = {
1355 .in.sin_family = AF_INET,
1356 .in.sin_port = htobe16(5355),
1357 };
1358 static const int one = 1, pmtu = IP_PMTUDISC_DONT, ttl = 255;
1359 int r;
1360
1361 assert(m);
1362
1363 if (m->llmnr_ipv4_udp_fd >= 0)
1364 return m->llmnr_ipv4_udp_fd;
1365
1366 m->llmnr_ipv4_udp_fd = socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
1367 if (m->llmnr_ipv4_udp_fd < 0)
1368 return -errno;
1369
1370 /* RFC 4795, section 2.5 recommends setting the TTL of UDP packets to 255. */
1371 r = setsockopt(m->llmnr_ipv4_udp_fd, IPPROTO_IP, IP_TTL, &ttl, sizeof(ttl));
1372 if (r < 0) {
1373 r = -errno;
1374 goto fail;
1375 }
1376
1377 r = setsockopt(m->llmnr_ipv4_udp_fd, IPPROTO_IP, IP_MULTICAST_TTL, &ttl, sizeof(ttl));
1378 if (r < 0) {
1379 r = -errno;
1380 goto fail;
1381 }
1382
1383 r = setsockopt(m->llmnr_ipv4_udp_fd, IPPROTO_IP, IP_MULTICAST_LOOP, &one, sizeof(one));
1384 if (r < 0) {
1385 r = -errno;
1386 goto fail;
1387 }
1388
1389 r = setsockopt(m->llmnr_ipv4_udp_fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));
1390 if (r < 0) {
1391 r = -errno;
1392 goto fail;
1393 }
1394
1395 r = setsockopt(m->llmnr_ipv4_udp_fd, IPPROTO_IP, IP_PKTINFO, &one, sizeof(one));
1396 if (r < 0) {
1397 r = -errno;
1398 goto fail;
1399 }
1400
1401 r = setsockopt(m->llmnr_ipv4_udp_fd, IPPROTO_IP, IP_RECVTTL, &one, sizeof(one));
1402 if (r < 0) {
1403 r = -errno;
1404 goto fail;
1405 }
1406
1407 /* Disable Don't-Fragment bit in the IP header */
1408 r = setsockopt(m->llmnr_ipv4_udp_fd, IPPROTO_IP, IP_MTU_DISCOVER, &pmtu, sizeof(pmtu));
1409 if (r < 0) {
1410 r = -errno;
1411 goto fail;
1412 }
1413
1414 r = bind(m->llmnr_ipv4_udp_fd, &sa.sa, sizeof(sa.in));
1415 if (r < 0) {
1416 r = -errno;
1417 goto fail;
1418 }
1419
1420 r = sd_event_add_io(m->event, &m->llmnr_ipv4_udp_event_source, m->llmnr_ipv4_udp_fd, EPOLLIN, on_llmnr_packet, m);
1421 if (r < 0)
1422 goto fail;
1423
1424 return m->llmnr_ipv4_udp_fd;
1425
1426 fail:
1427 m->llmnr_ipv4_udp_fd = safe_close(m->llmnr_ipv4_udp_fd);
1428 return r;
1429 }
1430
1431 int manager_llmnr_ipv6_udp_fd(Manager *m) {
1432 union sockaddr_union sa = {
1433 .in6.sin6_family = AF_INET6,
1434 .in6.sin6_port = htobe16(5355),
1435 };
1436 static const int one = 1, ttl = 255;
1437 int r;
1438
1439 assert(m);
1440
1441 if (m->llmnr_ipv6_udp_fd >= 0)
1442 return m->llmnr_ipv6_udp_fd;
1443
1444 m->llmnr_ipv6_udp_fd = socket(AF_INET6, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
1445 if (m->llmnr_ipv6_udp_fd < 0)
1446 return -errno;
1447
1448 r = setsockopt(m->llmnr_ipv6_udp_fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &ttl, sizeof(ttl));
1449 if (r < 0) {
1450 r = -errno;
1451 goto fail;
1452 }
1453
1454 /* RFC 4795, section 2.5 recommends setting the TTL of UDP packets to 255. */
1455 r = setsockopt(m->llmnr_ipv6_udp_fd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, &ttl, sizeof(ttl));
1456 if (r < 0) {
1457 r = -errno;
1458 goto fail;
1459 }
1460
1461 r = setsockopt(m->llmnr_ipv6_udp_fd, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, &one, sizeof(one));
1462 if (r < 0) {
1463 r = -errno;
1464 goto fail;
1465 }
1466
1467 r = setsockopt(m->llmnr_ipv6_udp_fd, IPPROTO_IPV6, IPV6_V6ONLY, &one, sizeof(one));
1468 if (r < 0) {
1469 r = -errno;
1470 goto fail;
1471 }
1472
1473 r = setsockopt(m->llmnr_ipv6_udp_fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));
1474 if (r < 0) {
1475 r = -errno;
1476 goto fail;
1477 }
1478
1479 r = setsockopt(m->llmnr_ipv6_udp_fd, IPPROTO_IPV6, IPV6_RECVPKTINFO, &one, sizeof(one));
1480 if (r < 0) {
1481 r = -errno;
1482 goto fail;
1483 }
1484
1485 r = setsockopt(m->llmnr_ipv6_udp_fd, IPPROTO_IPV6, IPV6_RECVHOPLIMIT, &one, sizeof(one));
1486 if (r < 0) {
1487 r = -errno;
1488 goto fail;
1489 }
1490
1491 r = bind(m->llmnr_ipv6_udp_fd, &sa.sa, sizeof(sa.in6));
1492 if (r < 0) {
1493 r = -errno;
1494 goto fail;
1495 }
1496
1497 r = sd_event_add_io(m->event, &m->llmnr_ipv6_udp_event_source, m->llmnr_ipv6_udp_fd, EPOLLIN, on_llmnr_packet, m);
1498 if (r < 0) {
1499 r = -errno;
1500 goto fail;
1501 }
1502
1503 return m->llmnr_ipv6_udp_fd;
1504
1505 fail:
1506 m->llmnr_ipv6_udp_fd = safe_close(m->llmnr_ipv6_udp_fd);
1507 return r;
1508 }
1509
1510 static int on_llmnr_stream_packet(DnsStream *s) {
1511 DnsScope *scope;
1512
1513 assert(s);
1514
1515 scope = manager_find_scope(s->manager, s->read_packet);
1516 if (!scope) {
1517 log_warning("Got LLMNR TCP packet on unknown scope. Ignroing.");
1518 return 0;
1519 }
1520
1521 if (dns_packet_validate_query(s->read_packet) > 0) {
1522 log_debug("Got query packet for id %u", DNS_PACKET_ID(s->read_packet));
1523
1524 dns_scope_process_query(scope, s, s->read_packet);
1525
1526 /* If no reply packet was set, we free the stream */
1527 if (s->write_packet)
1528 return 0;
1529 } else
1530 log_debug("Invalid LLMNR TCP packet.");
1531
1532 dns_stream_free(s);
1533 return 0;
1534 }
1535
1536 static int on_llmnr_stream(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
1537 DnsStream *stream;
1538 Manager *m = userdata;
1539 int cfd, r;
1540
1541 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
1542 if (cfd < 0) {
1543 if (errno == EAGAIN || errno == EINTR)
1544 return 0;
1545
1546 return -errno;
1547 }
1548
1549 r = dns_stream_new(m, &stream, DNS_PROTOCOL_LLMNR, cfd);
1550 if (r < 0) {
1551 safe_close(cfd);
1552 return r;
1553 }
1554
1555 stream->on_packet = on_llmnr_stream_packet;
1556 return 0;
1557 }
1558
1559 int manager_llmnr_ipv4_tcp_fd(Manager *m) {
1560 union sockaddr_union sa = {
1561 .in.sin_family = AF_INET,
1562 .in.sin_port = htobe16(5355),
1563 };
1564 static const int one = 1, pmtu = IP_PMTUDISC_DONT;
1565 int r;
1566
1567 assert(m);
1568
1569 if (m->llmnr_ipv4_tcp_fd >= 0)
1570 return m->llmnr_ipv4_tcp_fd;
1571
1572 m->llmnr_ipv4_tcp_fd = socket(AF_INET, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
1573 if (m->llmnr_ipv4_tcp_fd < 0)
1574 return -errno;
1575
1576 /* RFC 4795, section 2.5. requires setting the TTL of TCP streams to 1 */
1577 r = setsockopt(m->llmnr_ipv4_tcp_fd, IPPROTO_IP, IP_TTL, &one, sizeof(one));
1578 if (r < 0) {
1579 r = -errno;
1580 goto fail;
1581 }
1582
1583 r = setsockopt(m->llmnr_ipv4_tcp_fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));
1584 if (r < 0) {
1585 r = -errno;
1586 goto fail;
1587 }
1588
1589 r = setsockopt(m->llmnr_ipv4_tcp_fd, IPPROTO_IP, IP_PKTINFO, &one, sizeof(one));
1590 if (r < 0) {
1591 r = -errno;
1592 goto fail;
1593 }
1594
1595 r = setsockopt(m->llmnr_ipv4_tcp_fd, IPPROTO_IP, IP_RECVTTL, &one, sizeof(one));
1596 if (r < 0) {
1597 r = -errno;
1598 goto fail;
1599 }
1600
1601 /* Disable Don't-Fragment bit in the IP header */
1602 r = setsockopt(m->llmnr_ipv4_tcp_fd, IPPROTO_IP, IP_MTU_DISCOVER, &pmtu, sizeof(pmtu));
1603 if (r < 0) {
1604 r = -errno;
1605 goto fail;
1606 }
1607
1608 r = bind(m->llmnr_ipv4_tcp_fd, &sa.sa, sizeof(sa.in));
1609 if (r < 0) {
1610 r = -errno;
1611 goto fail;
1612 }
1613
1614 r = listen(m->llmnr_ipv4_tcp_fd, SOMAXCONN);
1615 if (r < 0) {
1616 r = -errno;
1617 goto fail;
1618 }
1619
1620 r = sd_event_add_io(m->event, &m->llmnr_ipv4_tcp_event_source, m->llmnr_ipv4_tcp_fd, EPOLLIN, on_llmnr_stream, m);
1621 if (r < 0)
1622 goto fail;
1623
1624 return m->llmnr_ipv4_tcp_fd;
1625
1626 fail:
1627 m->llmnr_ipv4_tcp_fd = safe_close(m->llmnr_ipv4_tcp_fd);
1628 return r;
1629 }
1630
1631 int manager_llmnr_ipv6_tcp_fd(Manager *m) {
1632 union sockaddr_union sa = {
1633 .in6.sin6_family = AF_INET6,
1634 .in6.sin6_port = htobe16(5355),
1635 };
1636 static const int one = 1;
1637 int r;
1638
1639 assert(m);
1640
1641 if (m->llmnr_ipv6_tcp_fd >= 0)
1642 return m->llmnr_ipv6_tcp_fd;
1643
1644 m->llmnr_ipv6_tcp_fd = socket(AF_INET6, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
1645 if (m->llmnr_ipv6_tcp_fd < 0)
1646 return -errno;
1647
1648 /* RFC 4795, section 2.5. requires setting the TTL of TCP streams to 1 */
1649 r = setsockopt(m->llmnr_ipv6_tcp_fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &one, sizeof(one));
1650 if (r < 0) {
1651 r = -errno;
1652 goto fail;
1653 }
1654
1655 r = setsockopt(m->llmnr_ipv6_tcp_fd, IPPROTO_IPV6, IPV6_V6ONLY, &one, sizeof(one));
1656 if (r < 0) {
1657 r = -errno;
1658 goto fail;
1659 }
1660
1661 r = setsockopt(m->llmnr_ipv6_tcp_fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));
1662 if (r < 0) {
1663 r = -errno;
1664 goto fail;
1665 }
1666
1667 r = setsockopt(m->llmnr_ipv6_tcp_fd, IPPROTO_IPV6, IPV6_RECVPKTINFO, &one, sizeof(one));
1668 if (r < 0) {
1669 r = -errno;
1670 goto fail;
1671 }
1672
1673 r = setsockopt(m->llmnr_ipv6_tcp_fd, IPPROTO_IPV6, IPV6_RECVHOPLIMIT, &one, sizeof(one));
1674 if (r < 0) {
1675 r = -errno;
1676 goto fail;
1677 }
1678
1679 r = bind(m->llmnr_ipv6_tcp_fd, &sa.sa, sizeof(sa.in6));
1680 if (r < 0) {
1681 r = -errno;
1682 goto fail;
1683 }
1684
1685 r = listen(m->llmnr_ipv6_tcp_fd, SOMAXCONN);
1686 if (r < 0) {
1687 r = -errno;
1688 goto fail;
1689 }
1690
1691 r = sd_event_add_io(m->event, &m->llmnr_ipv6_tcp_event_source, m->llmnr_ipv6_tcp_fd, EPOLLIN, on_llmnr_stream, m);
1692 if (r < 0) {
1693 r = -errno;
1694 goto fail;
1695 }
1696
1697 return m->llmnr_ipv6_tcp_fd;
1698
1699 fail:
1700 m->llmnr_ipv6_tcp_fd = safe_close(m->llmnr_ipv6_tcp_fd);
1701 return r;
1702 }
1703
1704 int manager_find_ifindex(Manager *m, int family, const union in_addr_union *in_addr) {
1705 LinkAddress *a;
1706
1707 assert(m);
1708
1709 a = manager_find_link_address(m, family, in_addr);
1710 if (a)
1711 return a->link->ifindex;
1712
1713 return 0;
1714 }
1715
1716 void manager_refresh_rrs(Manager *m) {
1717 Iterator i;
1718 Link *l;
1719
1720 assert(m);
1721
1722 m->host_ipv4_key = dns_resource_key_unref(m->host_ipv4_key);
1723 m->host_ipv6_key = dns_resource_key_unref(m->host_ipv6_key);
1724
1725 HASHMAP_FOREACH(l, m->links, i) {
1726 link_add_rrs(l, true);
1727 link_add_rrs(l, false);
1728 }
1729 }
1730
1731 int manager_next_hostname(Manager *m) {
1732 const char *p;
1733 uint64_t u, a;
1734 char *h;
1735
1736 assert(m);
1737
1738 p = strchr(m->hostname, 0);
1739 assert(p);
1740
1741 while (p > m->hostname) {
1742 if (!strchr("0123456789", p[-1]))
1743 break;
1744
1745 p--;
1746 }
1747
1748 if (*p == 0 || safe_atou64(p, &u) < 0 || u <= 0)
1749 u = 1;
1750
1751 /* Add a random number to the old value. This way we can avoid
1752 * that two hosts pick the same hostname, win on IPv4 and lose
1753 * on IPv6 (or vice versa), and pick the same hostname
1754 * replacement hostname, ad infinitum. We still want the
1755 * numbers to go up monotonically, hence we just add a random
1756 * value 1..10 */
1757
1758 random_bytes(&a, sizeof(a));
1759 u += 1 + a % 10;
1760
1761 if (asprintf(&h, "%.*s%" PRIu64, (int) (p - m->hostname), m->hostname, u) < 0)
1762 return -ENOMEM;
1763
1764 log_info("Hostname conflict, changing published hostname from '%s' to '%s'.", m->hostname, h);
1765
1766 free(m->hostname);
1767 m->hostname = h;
1768
1769 manager_refresh_rrs(m);
1770
1771 return 0;
1772 }
1773
1774 LinkAddress* manager_find_link_address(Manager *m, int family, const union in_addr_union *in_addr) {
1775 Iterator i;
1776 Link *l;
1777
1778 assert(m);
1779
1780 HASHMAP_FOREACH(l, m->links, i) {
1781 LinkAddress *a;
1782
1783 a = link_find_address(l, family, in_addr);
1784 if (a)
1785 return a;
1786 }
1787
1788 return NULL;
1789 }
1790
1791 bool manager_our_packet(Manager *m, DnsPacket *p) {
1792 assert(m);
1793 assert(p);
1794
1795 return !!manager_find_link_address(m, p->family, &p->sender);
1796 }
1797
1798 DnsScope* manager_find_scope(Manager *m, DnsPacket *p) {
1799 Link *l;
1800
1801 assert(m);
1802 assert(p);
1803
1804 l = hashmap_get(m->links, INT_TO_PTR(p->ifindex));
1805 if (!l)
1806 return NULL;
1807
1808 if (p->protocol == DNS_PROTOCOL_LLMNR) {
1809 if (p->family == AF_INET)
1810 return l->llmnr_ipv4_scope;
1811 else if (p->family == AF_INET6)
1812 return l->llmnr_ipv6_scope;
1813 }
1814
1815 return NULL;
1816 }
1817
1818 void manager_verify_all(Manager *m) {
1819 DnsScope *s;
1820
1821 assert(m);
1822
1823 LIST_FOREACH(scopes, s, m->dns_scopes)
1824 dns_zone_verify_all(&s->zone);
1825 }
1826
1827 void manager_flush_dns_servers(Manager *m, DnsServerType t) {
1828 assert(m);
1829
1830 if (t == DNS_SERVER_SYSTEM)
1831 while (m->dns_servers)
1832 dns_server_free(m->dns_servers);
1833
1834 if (t == DNS_SERVER_FALLBACK)
1835 while (m->fallback_dns_servers)
1836 dns_server_free(m->fallback_dns_servers);
1837 }
1838
1839 static const char* const support_table[_SUPPORT_MAX] = {
1840 [SUPPORT_NO] = "no",
1841 [SUPPORT_YES] = "yes",
1842 [SUPPORT_RESOLVE] = "resolve",
1843 };
1844 DEFINE_STRING_TABLE_LOOKUP(support, Support);
Unnamed repository; edit this file 'description' to name the repository.