summaryrefslogtreecommitdiffstats
path: root/src/resolve/resolved-manager.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-07-29 14:24:02 +0200
committerLennart Poettering <lennart@poettering.net>2014-07-29 20:57:58 +0200
commit623a4c97b9175f95c4b1c6fc34e36c56f1e4ddbf (patch)
tree2590cdcc3e9a36ea63d75407c178253ff2669261 /src/resolve/resolved-manager.c
parentbarrier: fix race in test-code (diff)
downloadsystemd-623a4c97b9175f95c4b1c6fc34e36c56f1e4ddbf.tar.xz
systemd-623a4c97b9175f95c4b1c6fc34e36c56f1e4ddbf.zip
resolve: add llmnr responder side for UDP and TCP
Name defending is still missing.
Diffstat (limited to 'src/resolve/resolved-manager.c')
-rw-r--r--src/resolve/resolved-manager.c317
1 files changed, 302 insertions, 15 deletions
diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c
index f4fa197d49..a8715bd5bf 100644
--- a/src/resolve/resolved-manager.c
+++ b/src/resolve/resolved-manager.c
@@ -390,6 +390,7 @@ int manager_new(Manager **ret) {
m->dns_ipv4_fd = m->dns_ipv6_fd = -1;
m->llmnr_ipv4_udp_fd = m->llmnr_ipv6_udp_fd = -1;
+ m->llmnr_ipv4_tcp_fd = m->llmnr_ipv6_tcp_fd = -1;
m->use_llmnr = true;
@@ -397,6 +398,10 @@ int manager_new(Manager **ret) {
if (r < 0)
return r;
+ m->hostname = gethostname_malloc();
+ if (!m->hostname)
+ return -ENOMEM;
+
r = sd_event_default(&m->event);
if (r < 0)
return r;
@@ -422,6 +427,19 @@ int manager_new(Manager **ret) {
if (r < 0)
return r;
+ r = manager_llmnr_ipv4_udp_fd(m);
+ if (r < 0)
+ return r;
+ r = manager_llmnr_ipv6_udp_fd(m);
+ if (r < 0)
+ return r;
+ r = manager_llmnr_ipv4_tcp_fd(m);
+ if (r < 0)
+ return r;
+ r = manager_llmnr_ipv6_tcp_fd(m);
+ if (r < 0)
+ return r;
+
*ret = m;
m = NULL;
@@ -461,10 +479,19 @@ Manager *manager_free(Manager *m) {
safe_close(m->llmnr_ipv4_udp_fd);
safe_close(m->llmnr_ipv6_udp_fd);
+ sd_event_source_unref(m->llmnr_ipv4_tcp_event_source);
+ sd_event_source_unref(m->llmnr_ipv6_tcp_event_source);
+ safe_close(m->llmnr_ipv4_tcp_fd);
+ safe_close(m->llmnr_ipv6_tcp_fd);
+
sd_event_source_unref(m->bus_retry_event_source);
sd_bus_unref(m->bus);
sd_event_unref(m->event);
+
+ dns_resource_key_unref(m->host_ipv4_key);
+ dns_resource_key_unref(m->host_ipv6_key);
+ free(m->hostname);
free(m);
return NULL;
@@ -545,7 +572,7 @@ int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) {
struct cmsghdr header; /* For alignment */
uint8_t buffer[CMSG_SPACE(MAX(sizeof(struct in_pktinfo), sizeof(struct in6_pktinfo)))
+ CMSG_SPACE(int) /* ttl/hoplimit */
- + 1024 /* kernel appears to require extra buffer space */];
+ + EXTRA_CMSG_SPACE /* kernel appears to require extra buffer space */];
} control;
union sockaddr_union sa;
struct msghdr mh = {};
@@ -595,11 +622,15 @@ int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) {
p->size = (size_t) l;
p->family = sa.sa.sa_family;
- if (p->family == AF_INET)
+ p->ipproto = IPPROTO_UDP;
+ if (p->family == AF_INET) {
p->sender.in = sa.in.sin_addr;
- else if (p->family == AF_INET6)
+ p->sender_port = be16toh(sa.in.sin_port);
+ } else if (p->family == AF_INET6) {
p->sender.in6 = sa.in6.sin6_addr;
- else
+ p->sender_port = be16toh(sa.in6.sin6_port);
+ p->ifindex = sa.in6.sin6_scope_id;
+ } else
return -EAFNOSUPPORT;
for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) {
@@ -612,7 +643,9 @@ int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) {
case IPV6_PKTINFO: {
struct in6_pktinfo *i = (struct in6_pktinfo*) CMSG_DATA(cmsg);
- p->ifindex = i->ipi6_ifindex;
+ if (p->ifindex <= 0)
+ p->ifindex = i->ipi6_ifindex;
+
p->destination.in6 = i->ipi6_addr;
break;
}
@@ -630,18 +663,32 @@ int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) {
case IP_PKTINFO: {
struct in_pktinfo *i = (struct in_pktinfo*) CMSG_DATA(cmsg);
- p->ifindex = i->ipi_ifindex;
+ if (p->ifindex <= 0)
+ p->ifindex = i->ipi_ifindex;
+
p->destination.in = i->ipi_addr;
break;
}
- case IP_RECVTTL:
+ case IP_TTL:
p->ttl = *(int *) CMSG_DATA(cmsg);
break;
}
}
}
+ /* The Linux kernel sets the interface index to the loopback
+ * device if the packet came from the local host since it
+ * avoids the routing table in such a case. Let's unset the
+ * interface index in such a case. */
+ if (p->ifindex > 0 && manager_ifindex_is_loopback(m, p->ifindex) != 0)
+ p->ifindex = 0;
+
+ /* If we don't know the interface index still, we look for the
+ * first local interface with a matching address. Yuck! */
+ if (p->ifindex <= 0)
+ p->ifindex = manager_find_ifindex(m, p->family, &p->destination);
+
*ret = p;
p = NULL;
@@ -658,14 +705,15 @@ static int on_dns_packet(sd_event_source *s, int fd, uint32_t revents, void *use
if (r <= 0)
return r;
- if (dns_packet_validate_reply(p) >= 0) {
+ if (dns_packet_validate_reply(p) > 0) {
t = hashmap_get(m->dns_query_transactions, UINT_TO_PTR(DNS_PACKET_ID(p)));
if (!t)
return 0;
dns_query_transaction_process_reply(t, p);
+
} else
- log_debug("Invalid reply packet.");
+ log_debug("Invalid DNS packet.");
return 0;
}
@@ -754,7 +802,7 @@ static int sendmsg_loop(int fd, struct msghdr *mh, int flags) {
}
}
-static int manager_ipv4_send(Manager *m, int fd, int ifindex, struct in_addr *addr, uint16_t port, DnsPacket *p) {
+static int manager_ipv4_send(Manager *m, int fd, int ifindex, const struct in_addr *addr, uint16_t port, DnsPacket *p) {
union sockaddr_union sa = {
.in.sin_family = AF_INET,
};
@@ -803,7 +851,7 @@ static int manager_ipv4_send(Manager *m, int fd, int ifindex, struct in_addr *ad
return sendmsg_loop(fd, &mh, 0);
}
-static int manager_ipv6_send(Manager *m, int fd, int ifindex, struct in6_addr *addr, uint16_t port, DnsPacket *p) {
+static int manager_ipv6_send(Manager *m, int fd, int ifindex, const struct in6_addr *addr, uint16_t port, DnsPacket *p) {
union sockaddr_union sa = {
.in6.sin6_family = AF_INET6,
};
@@ -853,7 +901,7 @@ static int manager_ipv6_send(Manager *m, int fd, int ifindex, struct in6_addr *a
return sendmsg_loop(fd, &mh, 0);
}
-int manager_send(Manager *m, int fd, int ifindex, int family, union in_addr_union *addr, uint16_t port, DnsPacket *p) {
+int manager_send(Manager *m, int fd, int ifindex, int family, const union in_addr_union *addr, uint16_t port, DnsPacket *p) {
assert(m);
assert(fd >= 0);
assert(addr);
@@ -869,7 +917,7 @@ int manager_send(Manager *m, int fd, int ifindex, int family, union in_addr_unio
}
-DnsServer* manager_find_dns_server(Manager *m, int family, union in_addr_union *in_addr) {
+DnsServer* manager_find_dns_server(Manager *m, int family, const union in_addr_union *in_addr) {
DnsServer *s;
assert(m);
@@ -943,13 +991,30 @@ static int on_llmnr_packet(sd_event_source *s, int fd, uint32_t revents, void *u
if (r <= 0)
return r;
- if (dns_packet_validate_reply(p) >= 0) {
+ if (dns_packet_validate_reply(p) > 0) {
t = hashmap_get(m->dns_query_transactions, UINT_TO_PTR(DNS_PACKET_ID(p)));
if (!t)
return 0;
dns_query_transaction_process_reply(t, p);
- }
+
+ } else if (dns_packet_validate_query(p) > 0) {
+ Link *l;
+
+ l = hashmap_get(m->links, INT_TO_PTR(p->ifindex));
+ if (l) {
+ DnsScope *scope = NULL;
+
+ if (p->family == AF_INET)
+ scope = l->llmnr_ipv4_scope;
+ else if (p->family == AF_INET6)
+ scope = l->llmnr_ipv6_scope;
+
+ if (scope)
+ dns_scope_process_query(scope, NULL, p);
+ }
+ } else
+ log_debug("Invalid LLMNR packet.");
return 0;
}
@@ -1108,3 +1173,225 @@ fail:
m->llmnr_ipv6_udp_fd = safe_close(m->llmnr_ipv6_udp_fd);
return r;
}
+
+static int on_llmnr_stream_packet(DnsStream *s) {
+ assert(s);
+
+ if (dns_packet_validate_query(s->read_packet) > 0) {
+ Link *l;
+
+ l = hashmap_get(s->manager->links, INT_TO_PTR(s->read_packet->ifindex));
+ if (l) {
+ DnsScope *scope = NULL;
+
+ if (s->read_packet->family == AF_INET)
+ scope = l->llmnr_ipv4_scope;
+ else if (s->read_packet->family == AF_INET6)
+ scope = l->llmnr_ipv6_scope;
+
+ if (scope) {
+ dns_scope_process_query(scope, s, s->read_packet);
+
+ /* If no reply packet was set, we free the stream */
+ if (s->write_packet)
+ return 0;
+ }
+ }
+ }
+
+ dns_stream_free(s);
+ return 0;
+}
+
+static int on_llmnr_stream(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+ DnsStream *stream;
+ Manager *m = userdata;
+ int cfd, r;
+
+ cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
+ if (cfd < 0) {
+ if (errno == EAGAIN || errno == EINTR)
+ return 0;
+
+ return -errno;
+ }
+
+ r = dns_stream_new(m, &stream, DNS_PROTOCOL_LLMNR, cfd);
+ if (r < 0) {
+ safe_close(cfd);
+ return r;
+ }
+
+ stream->on_packet = on_llmnr_stream_packet;
+ return 0;
+}
+
+int manager_llmnr_ipv4_tcp_fd(Manager *m) {
+ union sockaddr_union sa = {
+ .in.sin_family = AF_INET,
+ .in.sin_port = htobe16(5355),
+ };
+ static const int one = 1, pmtu = IP_PMTUDISC_DONT;
+ int r;
+
+ assert(m);
+
+ if (m->llmnr_ipv4_tcp_fd >= 0)
+ return m->llmnr_ipv4_tcp_fd;
+
+ m->llmnr_ipv4_tcp_fd = socket(AF_INET, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
+ if (m->llmnr_ipv4_tcp_fd < 0)
+ return -errno;
+
+ r = setsockopt(m->llmnr_ipv4_tcp_fd, IPPROTO_IP, IP_TTL, &one, sizeof(one));
+ if (r < 0) {
+ r = -errno;
+ goto fail;
+ }
+
+ r = setsockopt(m->llmnr_ipv4_tcp_fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));
+ if (r < 0) {
+ r = -errno;
+ goto fail;
+ }
+
+ r = setsockopt(m->llmnr_ipv4_tcp_fd, IPPROTO_IP, IP_PKTINFO, &one, sizeof(one));
+ if (r < 0) {
+ r = -errno;
+ goto fail;
+ }
+
+ r = setsockopt(m->llmnr_ipv4_tcp_fd, IPPROTO_IP, IP_RECVTTL, &one, sizeof(one));
+ if (r < 0) {
+ r = -errno;
+ goto fail;
+ }
+
+ /* Disable Don't-Fragment bit in the IP header */
+ r = setsockopt(m->llmnr_ipv4_tcp_fd, IPPROTO_IP, IP_MTU_DISCOVER, &pmtu, sizeof(pmtu));
+ if (r < 0) {
+ r = -errno;
+ goto fail;
+ }
+
+ r = bind(m->llmnr_ipv4_tcp_fd, &sa.sa, sizeof(sa.in));
+ if (r < 0) {
+ r = -errno;
+ goto fail;
+ }
+
+ r = listen(m->llmnr_ipv4_tcp_fd, SOMAXCONN);
+ if (r < 0) {
+ r = -errno;
+ goto fail;
+ }
+
+ r = sd_event_add_io(m->event, &m->llmnr_ipv4_tcp_event_source, m->llmnr_ipv4_tcp_fd, EPOLLIN, on_llmnr_stream, m);
+ if (r < 0)
+ goto fail;
+
+ return m->llmnr_ipv4_tcp_fd;
+
+fail:
+ m->llmnr_ipv4_tcp_fd = safe_close(m->llmnr_ipv4_tcp_fd);
+ return r;
+}
+
+int manager_llmnr_ipv6_tcp_fd(Manager *m) {
+ union sockaddr_union sa = {
+ .in6.sin6_family = AF_INET6,
+ .in6.sin6_port = htobe16(5355),
+ };
+ static const int one = 1;
+ int r;
+
+ assert(m);
+
+ if (m->llmnr_ipv6_tcp_fd >= 0)
+ return m->llmnr_ipv6_tcp_fd;
+
+ m->llmnr_ipv6_tcp_fd = socket(AF_INET6, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
+ if (m->llmnr_ipv6_tcp_fd < 0)
+ return -errno;
+
+ r = setsockopt(m->llmnr_ipv6_tcp_fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &one, sizeof(one));
+ if (r < 0) {
+ r = -errno;
+ goto fail;
+ }
+
+ r = setsockopt(m->llmnr_ipv6_tcp_fd, IPPROTO_IPV6, IPV6_V6ONLY, &one, sizeof(one));
+ if (r < 0) {
+ r = -errno;
+ goto fail;
+ }
+
+ r = setsockopt(m->llmnr_ipv6_tcp_fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));
+ if (r < 0) {
+ r = -errno;
+ goto fail;
+ }
+
+ r = setsockopt(m->llmnr_ipv6_tcp_fd, IPPROTO_IPV6, IPV6_RECVPKTINFO, &one, sizeof(one));
+ if (r < 0) {
+ r = -errno;
+ goto fail;
+ }
+
+ r = setsockopt(m->llmnr_ipv6_tcp_fd, IPPROTO_IPV6, IPV6_RECVHOPLIMIT, &one, sizeof(one));
+ if (r < 0) {
+ r = -errno;
+ goto fail;
+ }
+
+ r = bind(m->llmnr_ipv6_tcp_fd, &sa.sa, sizeof(sa.in6));
+ if (r < 0) {
+ r = -errno;
+ goto fail;
+ }
+
+ r = listen(m->llmnr_ipv6_tcp_fd, SOMAXCONN);
+ if (r < 0) {
+ r = -errno;
+ goto fail;
+ }
+
+ r = sd_event_add_io(m->event, &m->llmnr_ipv6_tcp_event_source, m->llmnr_ipv6_tcp_fd, EPOLLIN, on_llmnr_stream, m);
+ if (r < 0) {
+ r = -errno;
+ goto fail;
+ }
+
+ return m->llmnr_ipv6_tcp_fd;
+
+fail:
+ m->llmnr_ipv6_tcp_fd = safe_close(m->llmnr_ipv6_tcp_fd);
+ return r;
+}
+
+int manager_ifindex_is_loopback(Manager *m, int ifindex) {
+ Link *l;
+ assert(m);
+
+ if (ifindex <= 0)
+ return -EINVAL;
+
+ l = hashmap_get(m->links, INT_TO_PTR(ifindex));
+ if (l->flags & IFF_LOOPBACK)
+ return 1;
+
+ return 0;
+}
+
+int manager_find_ifindex(Manager *m, int family, const union in_addr_union *in_addr) {
+ Link *l;
+ Iterator i;
+
+ assert(m);
+
+ HASHMAP_FOREACH(l, m->links, i)
+ if (link_find_address(l, family, in_addr))
+ return l->ifindex;
+
+ return 0;
+}