X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fresolve%2Fresolved-dns-scope.c;h=96a2ff7fae0fcdbae47af863dbd4775994423e31;hp=4e0a74276830f8ca76869158ea429c73b1cb4641;hb=faa133f3aa7a18f26563dc5d6b95898cb315c37a;hpb=74b2466e14a1961bf3ac0e8a60cfaceec705bd59
diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c
index 4e0a74276..96a2ff7fa 100644
--- a/src/resolve/resolved-dns-scope.c
+++ b/src/resolve/resolved-dns-scope.c
@@ -19,13 +19,17 @@
along with systemd; If not, see .
***/
+#include
+
#include "strv.h"
+#include "socket-util.h"
+#include "af-list.h"
#include "resolved-dns-domain.h"
#include "resolved-dns-scope.h"
#define SEND_TIMEOUT_USEC (2*USEC_PER_SEC)
-int dns_scope_new(Manager *m, DnsScope **ret, DnsScopeType t) {
+int dns_scope_new(Manager *m, DnsScope **ret, Link *l, DnsProtocol protocol, int family) {
DnsScope *s;
assert(m);
@@ -36,27 +40,44 @@ int dns_scope_new(Manager *m, DnsScope **ret, DnsScopeType t) {
return -ENOMEM;
s->manager = m;
- s->type = t;
+ s->link = l;
+ s->protocol = protocol;
+ s->family = family;
LIST_PREPEND(scopes, m->dns_scopes, s);
+ dns_scope_llmnr_membership(s, true);
+
+ log_debug("New scope on link %s, protocol %s, family %s", l ? l->name : "*", dns_protocol_to_string(protocol), family == AF_UNSPEC ? "*" : af_to_name(family));
+
*ret = s;
return 0;
}
DnsScope* dns_scope_free(DnsScope *s) {
+ DnsQueryTransaction *t;
+
if (!s)
return NULL;
- while (s->transactions) {
- DnsQuery *q;
+ log_debug("Removing scope on link %s, protocol %s, family %s", s->link ? s->link->name : "*", dns_protocol_to_string(s->protocol), s->family == AF_UNSPEC ? "*" : af_to_name(s->family));
- q = s->transactions->query;
- dns_query_transaction_free(s->transactions);
+ dns_scope_llmnr_membership(s, false);
- dns_query_finish(q);
+ while ((t = s->transactions)) {
+
+ /* Abort the transaction, but make sure it is not
+ * freed while we still look at it */
+
+ t->block_gc++;
+ dns_query_transaction_complete(t, DNS_QUERY_ABORTED);
+ t->block_gc--;
+
+ dns_query_transaction_free(t);
}
+ dns_cache_flush(&s->cache);
+
LIST_REMOVE(scopes, s->manager->dns_scopes, s);
strv_free(s->domains);
free(s);
@@ -67,6 +88,9 @@ DnsScope* dns_scope_free(DnsScope *s) {
DnsServer *dns_scope_get_server(DnsScope *s) {
assert(s);
+ if (s->protocol != DNS_PROTOCOL_DNS)
+ return NULL;
+
if (s->link)
return link_get_dns_server(s->link);
else
@@ -76,6 +100,9 @@ DnsServer *dns_scope_get_server(DnsScope *s) {
void dns_scope_next_dns_server(DnsScope *s) {
assert(s);
+ if (s->protocol != DNS_PROTOCOL_DNS)
+ return;
+
if (s->link)
link_next_dns_server(s->link);
else
@@ -83,65 +110,217 @@ void dns_scope_next_dns_server(DnsScope *s) {
}
int dns_scope_send(DnsScope *s, DnsPacket *p) {
- int ifindex = 0;
- DnsServer *srv;
- int r;
+ union in_addr_union addr;
+ int ifindex = 0, r;
+ int family;
+ uint16_t port;
+ uint32_t mtu;
+ int fd;
assert(s);
assert(p);
+ assert(p->protocol == s->protocol);
- srv = dns_scope_get_server(s);
- if (!srv)
- return 0;
-
- if (s->link)
+ if (s->link) {
+ mtu = s->link->mtu;
ifindex = s->link->ifindex;
-
- if (srv->family == AF_INET)
- r = manager_dns_ipv4_send(s->manager, srv, ifindex, p);
- else if (srv->family == AF_INET6)
- r = manager_dns_ipv6_send(s->manager, srv, ifindex, p);
- else
+ } else
+ mtu = manager_find_mtu(s->manager);
+
+ if (s->protocol == DNS_PROTOCOL_DNS) {
+ DnsServer *srv;
+
+ srv = dns_scope_get_server(s);
+ if (!srv)
+ return -ESRCH;
+
+ family = srv->family;
+ addr = srv->address;
+ port = 53;
+
+ if (p->size > DNS_PACKET_UNICAST_SIZE_MAX)
+ return -EMSGSIZE;
+
+ if (p->size > mtu)
+ return -EMSGSIZE;
+
+ if (family == AF_INET)
+ fd = manager_dns_ipv4_fd(s->manager);
+ else if (family == AF_INET6)
+ fd = manager_dns_ipv6_fd(s->manager);
+ else
+ return -EAFNOSUPPORT;
+ if (fd < 0)
+ return fd;
+
+ } else if (s->protocol == DNS_PROTOCOL_LLMNR) {
+
+ if (DNS_PACKET_QDCOUNT(p) > 1)
+ return -ENOTSUP;
+
+ family = s->family;
+ port = 5355;
+
+ if (family == AF_INET) {
+ addr.in = LLMNR_MULTICAST_IPV4_ADDRESS;
+ /* fd = manager_dns_ipv4_fd(s->manager); */
+ fd = manager_llmnr_ipv4_udp_fd(s->manager);
+ } else if (family == AF_INET6) {
+ addr.in6 = LLMNR_MULTICAST_IPV6_ADDRESS;
+ fd = manager_llmnr_ipv6_udp_fd(s->manager);
+ /* fd = manager_dns_ipv6_fd(s->manager); */
+ } else
+ return -EAFNOSUPPORT;
+ if (fd < 0)
+ return fd;
+ } else
return -EAFNOSUPPORT;
+ r = manager_send(s->manager, fd, ifindex, family, &addr, port, p);
if (r < 0)
return r;
return 1;
}
-DnsScopeMatch dns_scope_test(DnsScope *s, const char *domain) {
+int dns_scope_tcp_socket(DnsScope *s) {
+ _cleanup_close_ int fd = -1;
+ union sockaddr_union sa = {};
+ socklen_t salen;
+ int one, ret;
+ DnsServer *srv;
+ int r;
+
+ assert(s);
+
+ srv = dns_scope_get_server(s);
+ if (!srv)
+ return -ESRCH;
+
+ sa.sa.sa_family = srv->family;
+ if (srv->family == AF_INET) {
+ sa.in.sin_port = htobe16(53);
+ sa.in.sin_addr = srv->address.in;
+ salen = sizeof(sa.in);
+ } else if (srv->family == AF_INET6) {
+ sa.in6.sin6_port = htobe16(53);
+ sa.in6.sin6_addr = srv->address.in6;
+ sa.in6.sin6_scope_id = s->link ? s->link->ifindex : 0;
+ salen = sizeof(sa.in6);
+ } else
+ return -EAFNOSUPPORT;
+
+ fd = socket(srv->family, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
+ if (fd < 0)
+ return -errno;
+
+ one = 1;
+ setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &one, sizeof(one));
+
+ r = connect(fd, &sa.sa, salen);
+ if (r < 0 && errno != EINPROGRESS)
+ return -errno;
+
+ ret = fd;
+ fd = -1;
+ return ret;
+}
+
+DnsScopeMatch dns_scope_good_domain(DnsScope *s, const char *domain) {
char **i;
assert(s);
assert(domain);
STRV_FOREACH(i, s->domains)
- if (dns_name_endswith(domain, *i))
+ if (dns_name_endswith(domain, *i) > 0)
return DNS_SCOPE_YES;
- if (dns_name_root(domain))
+ if (dns_name_root(domain) != 0)
return DNS_SCOPE_NO;
- if (s->type == DNS_SCOPE_MDNS) {
- if (dns_name_endswith(domain, "254.169.in-addr.arpa") ||
- dns_name_endswith(domain, "0.8.e.f.ip6.arpa"))
- return DNS_SCOPE_YES;
- else if (dns_name_endswith(domain, "local") ||
- !dns_name_single_label(domain))
+ if (is_localhost(domain))
+ return DNS_SCOPE_NO;
+
+ if (s->protocol == DNS_PROTOCOL_DNS) {
+ if (dns_name_endswith(domain, "254.169.in-addr.arpa") == 0 &&
+ dns_name_endswith(domain, "0.8.e.f.ip6.arpa") == 0 &&
+ dns_name_single_label(domain) == 0)
+ return DNS_SCOPE_MAYBE;
+
+ return DNS_SCOPE_NO;
+ }
+
+ if (s->protocol == DNS_PROTOCOL_MDNS) {
+ if (dns_name_endswith(domain, "254.169.in-addr.arpa") > 0 ||
+ dns_name_endswith(domain, "0.8.e.f.ip6.arpa") > 0 ||
+ (dns_name_endswith(domain, "local") > 0 && dns_name_equal(domain, "local") == 0))
return DNS_SCOPE_MAYBE;
return DNS_SCOPE_NO;
}
- if (s->type == DNS_SCOPE_DNS) {
- if (dns_name_endswith(domain, "254.169.in-addr.arpa") ||
- dns_name_endswith(domain, "0.8.e.f.ip6.arpa") ||
- dns_name_single_label(domain))
- return DNS_SCOPE_NO;
+ if (s->protocol == DNS_PROTOCOL_LLMNR) {
+ if (dns_name_endswith(domain, "254.169.in-addr.arpa") > 0 ||
+ dns_name_endswith(domain, "0.8.e.f.ip6.arpa") > 0 ||
+ dns_name_single_label(domain) > 0)
+ return DNS_SCOPE_MAYBE;
- return DNS_SCOPE_MAYBE;
+ return DNS_SCOPE_NO;
}
- assert_not_reached("Unknown scope type");
+ assert_not_reached("Unknown scope protocol");
+}
+
+int dns_scope_good_key(DnsScope *s, DnsResourceKey *key) {
+ assert(s);
+ assert(key);
+
+ if (s->protocol == DNS_PROTOCOL_DNS)
+ return true;
+
+ /* On mDNS and LLMNR, send A and AAAA queries only on the
+ * respective scopes */
+
+ if (s->family == AF_INET && key->class == DNS_CLASS_IN && key->type == DNS_TYPE_AAAA)
+ return false;
+
+ if (s->family == AF_INET6 && key->class == DNS_CLASS_IN && key->type == DNS_TYPE_A)
+ return false;
+
+ return true;
+}
+
+int dns_scope_llmnr_membership(DnsScope *s, bool b) {
+ int fd;
+
+ if (s->family == AF_INET) {
+ struct ip_mreqn mreqn = {
+ .imr_multiaddr = LLMNR_MULTICAST_IPV4_ADDRESS,
+ .imr_ifindex = s->link->ifindex,
+ };
+
+ fd = manager_llmnr_ipv4_udp_fd(s->manager);
+ if (fd < 0)
+ return fd;
+
+ if (setsockopt(fd, IPPROTO_IP, b ? IP_ADD_MEMBERSHIP : IP_DROP_MEMBERSHIP, &mreqn, sizeof(mreqn)) < 0)
+ return -errno;
+
+ } else if (s->family == AF_INET6) {
+ struct ipv6_mreq mreq = {
+ .ipv6mr_multiaddr = LLMNR_MULTICAST_IPV6_ADDRESS,
+ .ipv6mr_interface = s->link->ifindex,
+ };
+
+ fd = manager_llmnr_ipv6_udp_fd(s->manager);
+ if (fd < 0)
+ return fd;
+
+ if (setsockopt(fd, IPPROTO_IPV6, b ? IPV6_ADD_MEMBERSHIP : IPV6_DROP_MEMBERSHIP, &mreq, sizeof(mreq)) < 0)
+ return -errno;
+ } else
+ return -EAFNOSUPPORT;
+
+ return 0;
}