summaryrefslogtreecommitdiff
path: root/src/resolve/resolved-link.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/resolve/resolved-link.c')
-rw-r--r--src/resolve/resolved-link.c329
1 files changed, 302 insertions, 27 deletions
diff --git a/src/resolve/resolved-link.c b/src/resolve/resolved-link.c
index b189c21920..ea4a007139 100644
--- a/src/resolve/resolved-link.c
+++ b/src/resolve/resolved-link.c
@@ -22,7 +22,10 @@
#include "sd-network.h"
#include "alloc-util.h"
+#include "fd-util.h"
+#include "fileio.h"
#include "missing.h"
+#include "mkdir.h"
#include "parse-util.h"
#include "resolved-link.h"
#include "string-util.h"
@@ -49,6 +52,9 @@ int link_new(Manager *m, Link **ret, int ifindex) {
l->dnssec_mode = _DNSSEC_MODE_INVALID;
l->operstate = IF_OPER_UNKNOWN;
+ if (asprintf(&l->state_file, "/run/systemd/resolve/netif/%i", ifindex) < 0)
+ return -ENOMEM;
+
r = hashmap_put(m->links, INT_TO_PTR(ifindex), l);
if (r < 0)
return r;
@@ -93,6 +99,8 @@ Link *link_free(Link *l) {
dns_scope_free(l->mdns_ipv4_scope);
dns_scope_free(l->mdns_ipv6_scope);
+ free(l->state_file);
+
free(l);
return NULL;
}
@@ -165,7 +173,7 @@ void link_add_rrs(Link *l, bool force_remove) {
link_address_add_rrs(a, force_remove);
}
-int link_update_rtnl(Link *l, sd_netlink_message *m) {
+int link_process_rtnl(Link *l, sd_netlink_message *m) {
const char *n = NULL;
int r;
@@ -190,6 +198,27 @@ int link_update_rtnl(Link *l, sd_netlink_message *m) {
return 0;
}
+static int link_update_dns_server_one(Link *l, const char *name) {
+ union in_addr_union a;
+ DnsServer *s;
+ int family, r;
+
+ assert(l);
+ assert(name);
+
+ r = in_addr_from_string_auto(name, &family, &a);
+ if (r < 0)
+ return r;
+
+ s = dns_server_find(l->dns_servers, family, &a, 0);
+ if (s) {
+ dns_server_move_back_and_unmark(s);
+ return 0;
+ }
+
+ return dns_server_new(l->manager, NULL, DNS_SERVER_LINK, l, family, &a, 0);
+}
+
static int link_update_dns_servers(Link *l) {
_cleanup_strv_free_ char **nameservers = NULL;
char **nameserver;
@@ -208,22 +237,9 @@ static int link_update_dns_servers(Link *l) {
dns_server_mark_all(l->dns_servers);
STRV_FOREACH(nameserver, nameservers) {
- union in_addr_union a;
- DnsServer *s;
- int family;
-
- r = in_addr_from_string_auto(*nameserver, &family, &a);
+ r = link_update_dns_server_one(l, *nameserver);
if (r < 0)
goto clear;
-
- s = dns_server_find(l->dns_servers, family, &a, 0);
- if (s)
- dns_server_move_back_and_unmark(s);
- else {
- r = dns_server_new(l->manager, NULL, DNS_SERVER_LINK, l, family, &a, 0);
- if (r < 0)
- goto clear;
- }
}
dns_server_unlink_marked(l->dns_servers);
@@ -341,7 +357,6 @@ clear:
static int link_update_dnssec_negative_trust_anchors(Link *l) {
_cleanup_strv_free_ char **ntas = NULL;
_cleanup_set_free_free_ Set *ns = NULL;
- char **i;
int r;
assert(l);
@@ -358,11 +373,9 @@ static int link_update_dnssec_negative_trust_anchors(Link *l) {
if (!ns)
return -ENOMEM;
- STRV_FOREACH(i, ntas) {
- r = set_put_strdup(ns, *i);
- if (r < 0)
- return r;
- }
+ r = set_put_strdupv(ns, ntas);
+ if (r < 0)
+ return r;
set_free_free(l->dnssec_negative_trust_anchors);
l->dnssec_negative_trust_anchors = ns;
@@ -379,6 +392,9 @@ static int link_update_search_domain_one(Link *l, const char *name, bool route_o
DnsSearchDomain *d;
int r;
+ assert(l);
+ assert(name);
+
r = dns_search_domain_find(l->search_domains, name, &d);
if (r < 0)
return r;
@@ -439,7 +455,7 @@ clear:
return r;
}
-static int link_is_unmanaged(Link *l) {
+static int link_is_managed(Link *l) {
_cleanup_free_ char *state = NULL;
int r;
@@ -447,11 +463,11 @@ static int link_is_unmanaged(Link *l) {
r = sd_network_link_get_setup_state(l->ifindex, &state);
if (r == -ENODATA)
- return 1;
+ return 0;
if (r < 0)
return r;
- return STR_IN_SET(state, "pending", "unmanaged");
+ return !STR_IN_SET(state, "pending", "unmanaged");
}
static void link_read_settings(Link *l) {
@@ -461,12 +477,12 @@ static void link_read_settings(Link *l) {
/* Read settings from networkd, except when networkd is not managing this interface. */
- r = link_is_unmanaged(l);
+ r = link_is_managed(l);
if (r < 0) {
log_warning_errno(r, "Failed to determine whether interface %s is managed: %m", l->name);
return;
}
- if (r > 0) {
+ if (r == 0) {
/* If this link used to be managed, but is now unmanaged, flush all our settings — but only once. */
if (l->is_managed)
@@ -503,10 +519,11 @@ static void link_read_settings(Link *l) {
log_warning_errno(r, "Failed to read search domains for interface %s, ignoring: %m", l->name);
}
-int link_update_monitor(Link *l) {
+int link_update(Link *l) {
assert(l);
link_read_settings(l);
+ link_load_user(l);
link_allocate_scopes(l);
link_add_rrs(l, false);
@@ -838,3 +855,261 @@ bool link_address_relevant(LinkAddress *a, bool local_multicast) {
return true;
}
+
+static bool link_needs_save(Link *l) {
+ assert(l);
+
+ /* Returns true if any of the settings where set different from the default */
+
+ if (l->is_managed)
+ return false;
+
+ if (l->llmnr_support != RESOLVE_SUPPORT_YES ||
+ l->mdns_support != RESOLVE_SUPPORT_NO ||
+ l->dnssec_mode != _DNSSEC_MODE_INVALID)
+ return true;
+
+ if (l->dns_servers ||
+ l->search_domains)
+ return true;
+
+ if (!set_isempty(l->dnssec_negative_trust_anchors))
+ return true;
+
+ return false;
+}
+
+int link_save_user(Link *l) {
+ _cleanup_free_ char *temp_path = NULL;
+ _cleanup_fclose_ FILE *f = NULL;
+ const char *v;
+ int r;
+
+ assert(l);
+ assert(l->state_file);
+
+ if (!link_needs_save(l)) {
+ (void) unlink(l->state_file);
+ return 0;
+ }
+
+ r = mkdir_parents(l->state_file, 0700);
+ if (r < 0)
+ goto fail;
+
+ r = fopen_temporary(l->state_file, &f, &temp_path);
+ if (r < 0)
+ goto fail;
+
+ fputs("# This is private data. Do not parse.\n", f);
+
+ v = resolve_support_to_string(l->llmnr_support);
+ if (v)
+ fprintf(f, "LLMNR=%s\n", v);
+
+ v = resolve_support_to_string(l->mdns_support);
+ if (v)
+ fprintf(f, "MDNS=%s\n", v);
+
+ v = dnssec_mode_to_string(l->dnssec_mode);
+ if (v)
+ fprintf(f, "DNSSEC=%s\n", v);
+
+ if (l->dns_servers) {
+ DnsServer *server;
+
+ fputs("SERVERS=", f);
+ LIST_FOREACH(servers, server, l->dns_servers) {
+
+ if (server != l->dns_servers)
+ fputc(' ', f);
+
+ v = dns_server_string(server);
+ if (!v) {
+ r = -ENOMEM;
+ goto fail;
+ }
+
+ fputs(v, f);
+ }
+ fputc('\n', f);
+ }
+
+ if (l->search_domains) {
+ DnsSearchDomain *domain;
+
+ fputs("DOMAINS=", f);
+ LIST_FOREACH(domains, domain, l->search_domains) {
+
+ if (domain != l->search_domains)
+ fputc(' ', f);
+
+ if (domain->route_only)
+ fputc('~', f);
+
+ fputs(DNS_SEARCH_DOMAIN_NAME(domain), f);
+ }
+ fputc('\n', f);
+ }
+
+ if (!set_isempty(l->dnssec_negative_trust_anchors)) {
+ bool space = false;
+ Iterator i;
+ char *nta;
+
+ fputs("NTAS=", f);
+ SET_FOREACH(nta, l->dnssec_negative_trust_anchors, i) {
+
+ if (space)
+ fputc(' ', f);
+
+ fputs(nta, f);
+ space = true;
+ }
+ fputc('\n', f);
+ }
+
+ r = fflush_and_check(f);
+ if (r < 0)
+ goto fail;
+
+ if (rename(temp_path, l->state_file) < 0) {
+ r = -errno;
+ goto fail;
+ }
+
+ return 0;
+
+fail:
+ (void) unlink(l->state_file);
+
+ if (temp_path)
+ (void) unlink(temp_path);
+
+ return log_error_errno(r, "Failed to save link data %s: %m", l->state_file);
+}
+
+int link_load_user(Link *l) {
+ _cleanup_free_ char
+ *llmnr = NULL,
+ *mdns = NULL,
+ *dnssec = NULL,
+ *servers = NULL,
+ *domains = NULL,
+ *ntas = NULL;
+
+ ResolveSupport s;
+ int r;
+
+ assert(l);
+ assert(l->state_file);
+
+ /* Try to load only a single time */
+ if (l->loaded)
+ return 0;
+ l->loaded = true;
+
+ if (l->is_managed)
+ return 0; /* if the device is managed, then networkd is our configuration source, not the bus API */
+
+ r = parse_env_file(l->state_file, NEWLINE,
+ "LLMNR", &llmnr,
+ "MDNS", &mdns,
+ "DNSSEC", &dnssec,
+ "SERVERS", &servers,
+ "DOMAINS", &domains,
+ "NTAS", &ntas,
+ NULL);
+ if (r == -ENOENT)
+ return 0;
+ if (r < 0)
+ goto fail;
+
+ link_flush_settings(l);
+
+ /* If we can't recognize the LLMNR or MDNS setting we don't override the default */
+ s = resolve_support_from_string(llmnr);
+ if (s >= 0)
+ l->llmnr_support = s;
+
+ s = resolve_support_from_string(mdns);
+ if (s >= 0)
+ l->mdns_support = s;
+
+ /* If we can't recognize the DNSSEC setting, then set it to invalid, so that the daemon default is used. */
+ l->dnssec_mode = dnssec_mode_from_string(dnssec);
+
+ if (servers) {
+ const char *p = servers;
+
+ for (;;) {
+ _cleanup_free_ char *word = NULL;
+
+ r = extract_first_word(&p, &word, NULL, 0);
+ if (r < 0)
+ goto fail;
+ if (r == 0)
+ break;
+
+ r = link_update_dns_server_one(l, word);
+ if (r < 0) {
+ log_debug_errno(r, "Failed to load DNS server '%s', ignoring: %m", word);
+ continue;
+ }
+ }
+ }
+
+ if (domains) {
+ const char *p = domains;
+
+ for (;;) {
+ _cleanup_free_ char *word = NULL;
+ const char *n;
+ bool is_route;
+
+ r = extract_first_word(&p, &word, NULL, 0);
+ if (r < 0)
+ goto fail;
+ if (r == 0)
+ break;
+
+ is_route = word[0] == '~';
+ n = is_route ? word + 1 : word;
+
+ r = link_update_search_domain_one(l, n, is_route);
+ if (r < 0) {
+ log_debug_errno(r, "Failed to load search domain '%s', ignoring: %m", word);
+ continue;
+ }
+ }
+ }
+
+ if (ntas) {
+ _cleanup_set_free_free_ Set *ns = NULL;
+
+ ns = set_new(&dns_name_hash_ops);
+ if (!ns) {
+ r = -ENOMEM;
+ goto fail;
+ }
+
+ r = set_put_strsplit(ns, ntas, NULL, 0);
+ if (r < 0)
+ goto fail;
+
+ l->dnssec_negative_trust_anchors = ns;
+ ns = NULL;
+ }
+
+ return 0;
+
+fail:
+ return log_error_errno(r, "Failed to load link data %s: %m", l->state_file);
+}
+
+void link_remove_user(Link *l) {
+ assert(l);
+ assert(l->state_file);
+
+ (void) unlink(l->state_file);
+}