fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2025-12-26 17:00:08 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

dns: use DBus to make dnsmasq nameserver changes

Browse source 
Use DBus to make nameserver updates rather than restarting the dnsmasq binary
again and again.

Signed-off-by: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>

https://mail.gnome.org/archives/networkmanager-list/2016-March/msg00144.html
(cherry picked from commit 18282df0aa)
This commit is contained in:
Mathieu Trudel-Lapierre 2016-03-22 10:03:44 -04:00 committed by Thomas Haller
parent 9f3c8f3e01
commit 08673a623f
5 changed files with 319 additions and 64 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

340
src/dns-manager/nm-dns-dnsmasq.c
View file

@ -32,6 +32,7 @@
#include "nm-ip4-config.h"
#include "nm-ip6-config.h"
#include "nm-dns-utils.h"
#include "nm-bus-manager.h"
#include "NetworkManagerUtils.h"
G_DEFINE_TYPE (NMDnsDnsmasq, nm_dns_dnsmasq, NM_TYPE_DNS_PLUGIN)
@ -42,8 +43,16 @@ G_DEFINE_TYPE (NMDnsDnsmasq, nm_dns_dnsmasq, NM_TYPE_DNS_PLUGIN)
#define CONFFILE NMRUNDIR "/dnsmasq.conf"
#define CONFDIR NMCONFDIR "/dnsmasq.d"
#define DNSMASQ_DBUS_SERVICE "org.freedesktop.NetworkManager.dnsmasq"
#define DNSMASQ_DBUS_PATH "/uk/org/thekelleys/dnsmasq"
typedef struct {
guint32 foo;
NMBusManager *dbus_mgr;
GDBusConnection *connection;
GDBusProxy *dnsmasq;
gboolean running;
GVariantBuilder *servers;
} NMDnsDnsmasqPrivate;
/*****************************************************************************/
@ -61,8 +70,27 @@ typedef struct {
/*****************************************************************************/
static void
add_dnsmasq_nameserver (GVariantBuilder *servers,
const char *ip,
const char *domain)
{
nm_log_dbg (LOGD_DNS, "Adding nameserver '%s' for domain '%s'",
ip, domain);
g_return_if_fail (ip);
g_variant_builder_open (servers, G_VARIANT_TYPE ("as"));
if (domain)
g_variant_builder_add (servers, "s", domain);
g_variant_builder_add (servers, "s", ip);
g_variant_builder_close (servers);
}
static gboolean
add_ip4_config (GString *str, NMIP4Config *ip4, gboolean split)
add_ip4_config (GVariantBuilder *servers, NMIP4Config *ip4, gboolean split)
{
char buf[INET_ADDRSTRLEN];
in_addr_t addr;
@ -84,9 +112,9 @@ add_ip4_config (GString *str, NMIP4Config *ip4, gboolean split)
/* searches are preferred over domains */
n = nm_ip4_config_get_num_searches (ip4);
for (i = 0; i < n; i++) {
g_string_append_printf (str, "server=/%s/%s\n",
nm_ip4_config_get_search (ip4, i),
buf);
add_dnsmasq_nameserver (servers,
buf,
nm_ip4_config_get_search (ip4, i));
added = TRUE;
}
@ -94,9 +122,9 @@ add_ip4_config (GString *str, NMIP4Config *ip4, gboolean split)
/* If not searches, use any domains */
n = nm_ip4_config_get_num_domains (ip4);
for (i = 0; i < n; i++) {
g_string_append_printf (str, "server=/%s/%s\n",
nm_ip4_config_get_domain (ip4, i),
buf);
add_dnsmasq_nameserver (servers,
buf,
nm_ip4_config_get_domain (ip4, i));
added = TRUE;
}
}
@ -107,7 +135,7 @@ add_ip4_config (GString *str, NMIP4Config *ip4, gboolean split)
domains = nm_dns_utils_get_ip4_rdns_domains (ip4);
if (domains) {
for (iter = domains; iter && *iter; iter++)
g_string_append_printf (str, "server=/%s/%s\n", *iter, buf);
add_dnsmasq_nameserver (servers, buf, *iter);
g_strfreev (domains);
added = TRUE;
}
@ -118,7 +146,8 @@ add_ip4_config (GString *str, NMIP4Config *ip4, gboolean split)
if (!added) {
for (i = 0; i < nnameservers; i++) {
addr = nm_ip4_config_get_nameserver (ip4, i);
g_string_append_printf (str, "server=%s\n", nm_utils_inet4_ntop (addr, NULL));
add_dnsmasq_nameserver (servers,
nm_utils_inet4_ntop (addr, NULL), NULL);
}
}
@ -148,7 +177,7 @@ ip6_addr_to_string (const struct in6_addr *addr, const char *iface)
}
static void
add_global_config (GString *str, const NMGlobalDnsConfig *config)
add_global_config (GVariantBuilder *dnsmasq_servers, const NMGlobalDnsConfig *config)
{
guint i, j;
@ -163,16 +192,16 @@ add_global_config (GString *str, const NMGlobalDnsConfig *config)
for (j = 0; servers && servers[j]; j++) {
if (!strcmp (name, "*"))
g_string_append_printf (str, "server=%s\n", servers[j]);
add_dnsmasq_nameserver (dnsmasq_servers, servers[j], NULL);
else
g_string_append_printf (str, "server=/%s/%s\n", name, servers[j]);
add_dnsmasq_nameserver (dnsmasq_servers, servers[j], name);
}
}
}
static gboolean
add_ip6_config (GString *str, NMIP6Config *ip6, gboolean split)
add_ip6_config (GVariantBuilder *servers, NMIP6Config *ip6, gboolean split)
{
const struct in6_addr *addr;
char *buf = NULL;
@ -196,9 +225,9 @@ add_ip6_config (GString *str, NMIP6Config *ip6, gboolean split)
/* searches are preferred over domains */
n = nm_ip6_config_get_num_searches (ip6);
for (i = 0; i < n; i++) {
g_string_append_printf (str, "server=/%s/%s\n",
nm_ip6_config_get_search (ip6, i),
buf);
add_dnsmasq_nameserver (servers,
buf,
nm_ip6_config_get_search (ip6, i));
added = TRUE;
}
@ -206,9 +235,9 @@ add_ip6_config (GString *str, NMIP6Config *ip6, gboolean split)
/* If not searches, use any domains */
n = nm_ip6_config_get_num_domains (ip6);
for (i = 0; i < n; i++) {
g_string_append_printf (str, "server=/%s/%s\n",
nm_ip6_config_get_domain (ip6, i),
buf);
add_dnsmasq_nameserver (servers,
buf,
nm_ip6_config_get_domain (ip6, i));
added = TRUE;
}
}
@ -223,7 +252,7 @@ add_ip6_config (GString *str, NMIP6Config *ip6, gboolean split)
addr = nm_ip6_config_get_nameserver (ip6, i);
buf = ip6_addr_to_string (addr, iface);
if (buf) {
g_string_append_printf (str, "server=%s\n", buf);
add_dnsmasq_nameserver (servers, buf, NULL);
g_free (buf);
}
}
@ -232,30 +261,155 @@ add_ip6_config (GString *str, NMIP6Config *ip6, gboolean split)
return TRUE;
}
static gboolean
update (NMDnsPlugin *plugin,
const GSList *vpn_configs,
const GSList *dev_configs,
const GSList *other_configs,
const NMGlobalDnsConfig *global_config,
const char *hostname)
static void
dnsmasq_update_done (GObject *source, GAsyncResult *res, gpointer user_data)
{
NMDnsDnsmasq *self = NM_DNS_DNSMASQ (plugin);
NMDnsDnsmasq *self = NM_DNS_DNSMASQ (user_data);
NMDnsDnsmasqPrivate *priv = NM_DNS_DNSMASQ_GET_PRIVATE (self);
GError *error = NULL;
GVariant *response;
response = g_dbus_proxy_call_finish (priv->dnsmasq, res, &error);
if (error) {
nm_log_warn (LOGD_DNS, "Dnsmasq update failed: (%d) %s",
error ? error->code : -1,
error && error->message ? error->message : "(unknown)");
}
if (response)
g_variant_unref (response);
}
static gboolean
send_dnsmasq_update (NMDnsDnsmasq *self)
{
NMDnsDnsmasqPrivate *priv = NM_DNS_DNSMASQ_GET_PRIVATE (self);
nm_log_dbg (LOGD_DNS, "trying to update dnsmasq nameservers");
if (!priv->servers) {
nm_log_warn (LOGD_DNS, "no nameservers list to send update");
return FALSE;
}
if (priv->running) {
g_dbus_proxy_call (priv->dnsmasq,
"SetServersEx",
g_variant_new ("(aas)",
priv->servers),
G_DBUS_CALL_FLAGS_NONE,
-1,
NULL,
(GAsyncReadyCallback) dnsmasq_update_done,
self);
g_variant_builder_unref (priv->servers);
priv->servers = NULL;
} else {
nm_log_warn (LOGD_DNS, "Dnsmasq not found on the bus.");
nm_log_warn (LOGD_DNS, "The nameserver update will be sent when dnsmasq appears.");
}
return TRUE;
}
static void
name_owner_changed (GObject *object,
GParamSpec *pspec,
gpointer user_data)
{
NMDnsDnsmasq *self = NM_DNS_DNSMASQ (user_data);
NMDnsDnsmasqPrivate *priv = NM_DNS_DNSMASQ_GET_PRIVATE (self);
gs_free char *owner = NULL;
owner = g_dbus_proxy_get_name_owner (G_DBUS_PROXY (object));
if (owner) {
nm_log_info (LOGD_DNS, "dnsmasq appeared as %s", owner);
priv->running = TRUE;
g_signal_emit_by_name (self, NM_DNS_PLUGIN_APPEARED);
} else {
nm_log_info (LOGD_DNS, "dnsmasq disappeared");
priv->running = FALSE;
g_signal_emit_by_name (self, NM_DNS_PLUGIN_FAILED);
}
}
static void
dnsmasq_proxy_cb (GObject *source, GAsyncResult *res, gpointer user_data)
{
NMDnsDnsmasq *self = NM_DNS_DNSMASQ (user_data);
NMDnsDnsmasqPrivate *priv = NM_DNS_DNSMASQ_GET_PRIVATE (self);
GError *error = NULL;
gs_free char *owner = NULL;
nm_log_dbg (LOGD_DNS, "dnsmasq proxy creation returned");
if (priv->dnsmasq) {
nm_log_dbg (LOGD_DNS, "already have an old proxy; replacing.");
g_object_unref (priv->dnsmasq);
priv->dnsmasq = NULL;
}
priv->dnsmasq = g_dbus_proxy_new_finish (res, &error);
if (!priv->dnsmasq) {
nm_log_warn (LOGD_DNS, "Failed to connect to dnsmasq via DBus: (%d) %s",
error ? error->code : -1,
error && error->message ? error->message : "(unknown)");
} else {
nm_log_dbg (LOGD_DNS, "dnsmasq proxy creation successful");
g_signal_connect (priv->dnsmasq, "notify::g-name-owner",
G_CALLBACK (name_owner_changed), self);
owner = g_dbus_proxy_get_name_owner (priv->dnsmasq);
priv->running = (owner != NULL);
if (priv->running && priv->servers)
send_dnsmasq_update (self);
}
}
static void
get_dnsmasq_proxy (NMDnsDnsmasq *self)
{
NMDnsDnsmasqPrivate *priv = NM_DNS_DNSMASQ_GET_PRIVATE (self);
g_return_if_fail (!priv->dnsmasq);
nm_log_dbg (LOGD_DNS, "retrieving dnsmasq proxy");
if (!priv->dnsmasq) {
g_dbus_proxy_new (priv->connection,
G_DBUS_PROXY_FLAGS_DO_NOT_AUTO_START,
NULL,
DNSMASQ_DBUS_SERVICE,
DNSMASQ_DBUS_PATH,
DNSMASQ_DBUS_SERVICE,
NULL,
dnsmasq_proxy_cb,
self);
}
}
static gboolean
start_dnsmasq (NMDnsDnsmasq *self)
{
NMDnsDnsmasqPrivate *priv = NM_DNS_DNSMASQ_GET_PRIVATE (self);
const char *dm_binary;
GString *conf;
GSList *iter;
const char *argv[15];
GError *error = NULL;
int ignored;
GPid pid = 0;
guint idx = 0;
GString *conf;
/* Kill the old dnsmasq; there doesn't appear to be a way to get dnsmasq
* to reread the config file using SIGHUP or similar. This is a small race
* here when restarting dnsmasq when DNS requests could go to the upstream
* servers instead of to dnsmasq.
/* dnsmasq is probably already started; if it's the case, don't do
* anything more.
*/
nm_dns_plugin_child_kill (plugin);
if (priv->running) {
nm_log_dbg (LOGD_DNS, "dnsmasq is already running");
return TRUE;
}
/* Start dnsmasq */
dm_binary = nm_utils_find_helper ("dnsmasq", DNSMASQ_PATH, NULL);
if (!dm_binary) {
@ -266,34 +420,6 @@ update (NMDnsPlugin *plugin,
/* Build up the new dnsmasq config file */
conf = g_string_sized_new (150);
if (global_config)
add_global_config (conf, global_config);
else {
/* Use split DNS for VPN configs */
for (iter = (GSList *) vpn_configs; iter; iter = g_slist_next (iter)) {
if (NM_IS_IP4_CONFIG (iter->data))
add_ip4_config (conf, NM_IP4_CONFIG (iter->data), TRUE);
else if (NM_IS_IP6_CONFIG (iter->data))
add_ip6_config (conf, NM_IP6_CONFIG (iter->data), TRUE);
}
/* Now add interface configs without split DNS */
for (iter = (GSList *) dev_configs; iter; iter = g_slist_next (iter)) {
if (NM_IS_IP4_CONFIG (iter->data))
add_ip4_config (conf, NM_IP4_CONFIG (iter->data), FALSE);
else if (NM_IS_IP6_CONFIG (iter->data))
add_ip6_config (conf, NM_IP6_CONFIG (iter->data), FALSE);
}
/* And any other random configs */
for (iter = (GSList *) other_configs; iter; iter = g_slist_next (iter)) {
if (NM_IS_IP4_CONFIG (iter->data))
add_ip4_config (conf, NM_IP4_CONFIG (iter->data), FALSE);
else if (NM_IS_IP6_CONFIG (iter->data))
add_ip6_config (conf, NM_IP6_CONFIG (iter->data), FALSE);
}
}
/* Write out the config file */
if (!g_file_set_contents (CONFFILE, conf->str, -1, &error)) {
_LOGW ("failed to write dnsmasq config file %s: %s",
@ -317,6 +443,7 @@ update (NMDnsPlugin *plugin,
argv[idx++] = "--conf-file=" CONFFILE;
argv[idx++] = "--cache-size=400";
argv[idx++] = "--proxy-dnssec"; /* Allow DNSSEC to pass through */
argv[idx++] = "--enable-dbus=" DNSMASQ_DBUS_SERVICE;
/* dnsmasq exits if the conf dir is not present */
if (g_file_test (CONFDIR, G_FILE_TEST_IS_DIR))
@ -328,11 +455,77 @@ update (NMDnsPlugin *plugin,
/* And finally spawn dnsmasq */
pid = nm_dns_plugin_child_spawn (NM_DNS_PLUGIN (self), argv, PIDFILE, "bin/dnsmasq");
if (pid && !priv->dnsmasq)
get_dnsmasq_proxy (self);
out:
g_string_free (conf, TRUE);
return pid ? TRUE : FALSE;
}
static gboolean
update (NMDnsPlugin *plugin,
const GSList *vpn_configs,
const GSList *dev_configs,
const GSList *other_configs,
const NMGlobalDnsConfig *global_config,
const char *hostname)
{
NMDnsDnsmasq *self = NM_DNS_DNSMASQ (plugin);
NMDnsDnsmasqPrivate *priv = NM_DNS_DNSMASQ_GET_PRIVATE (self);
GSList *iter;
GError *error = NULL;
gboolean ret = FALSE;
if (!priv->running)
start_dnsmasq (self);
if (priv->servers)
g_variant_builder_unref (priv->servers);
priv->servers = g_variant_builder_new (G_VARIANT_TYPE ("aas"));
if (global_config)
add_global_config (priv->servers, global_config);
else {
/* Use split DNS for VPN configs */
for (iter = (GSList *) vpn_configs; iter; iter = g_slist_next (iter)) {
if (NM_IS_IP4_CONFIG (iter->data))
add_ip4_config (priv->servers, NM_IP4_CONFIG (iter->data), TRUE);
else if (NM_IS_IP6_CONFIG (iter->data))
add_ip6_config (priv->servers, NM_IP6_CONFIG (iter->data), TRUE);
}
/* Now add interface configs without split DNS */
for (iter = (GSList *) dev_configs; iter; iter = g_slist_next (iter)) {
if (NM_IS_IP4_CONFIG (iter->data))
add_ip4_config (priv->servers, NM_IP4_CONFIG (iter->data), FALSE);
else if (NM_IS_IP6_CONFIG (iter->data))
add_ip6_config (priv->servers, NM_IP6_CONFIG (iter->data), FALSE);
}
/* And any other random configs */
for (iter = (GSList *) other_configs; iter; iter = g_slist_next (iter)) {
if (NM_IS_IP4_CONFIG (iter->data))
add_ip4_config (priv->servers, NM_IP4_CONFIG (iter->data), FALSE);
else if (NM_IS_IP6_CONFIG (iter->data))
add_ip6_config (priv->servers, NM_IP6_CONFIG (iter->data), FALSE);
}
}
ret = send_dnsmasq_update (self);
/* If all the configs lists are empty, there is just nothing to be caching --
* we cleared up the dnsmasq cache; but we should also fail the update, so
* that we don't write 127.0.0.1 to resolv.conf.
*/
if (((vpn_configs && g_slist_length ((GSList *) vpn_configs) < 1) || !vpn_configs) &&
((dev_configs && g_slist_length ((GSList *) dev_configs) < 1) || !dev_configs) &&
((other_configs && g_slist_length ((GSList *) other_configs) < 1) || !other_configs))
ret = FALSE;
out:
return ret;
}
/****************************************************************/
static const char *
@ -405,13 +598,32 @@ nm_dns_dnsmasq_new (void)
static void
nm_dns_dnsmasq_init (NMDnsDnsmasq *self)
{
NMDnsDnsmasqPrivate *priv = NM_DNS_DNSMASQ_GET_PRIVATE (self);
priv->dbus_mgr = nm_bus_manager_get ();
priv->running = FALSE;
g_assert (priv->dbus_mgr);
priv->connection = nm_bus_manager_get_connection (priv->dbus_mgr);
if (!priv->connection)
nm_log_warn (LOGD_DNS, "Could not get the system bus to speak to dnsmasq.");
else
get_dnsmasq_proxy (self);
}
static void
dispose (GObject *object)
{
NMDnsDnsmasqPrivate *priv = NM_DNS_DNSMASQ_GET_PRIVATE (object);
unlink (CONFFILE);
if (priv->dbus_mgr) {
g_object_unref (priv->dbus_mgr);
priv->dbus_mgr = NULL;
}
G_OBJECT_CLASS (nm_dns_dnsmasq_parent_class)->dispose (object);
}

22
src/dns-manager/nm-dns-manager.c
View file

@ -1064,6 +1064,27 @@ update_dns (NMDnsManager *self,
return !update || result == SR_SUCCESS;
}
static void
plugin_appeared (NMDnsPlugin *plugin, gpointer user_data)
{
NMDnsManager *self = NM_DNS_MANAGER (user_data);
NMDnsManagerPrivate *priv = NM_DNS_MANAGER_GET_PRIVATE (self);
GError *error = NULL;
/* Not applicable to non-caching plugins */
if (!nm_dns_plugin_is_caching (plugin))
return;
/* Try to update DNS again; since it's now available on the bus this
* might work. */
if (!update_dns (self, FALSE, &error)) {
nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s",
error ? error->code : -1,
error && error->message ? error->message : "(unknown)");
g_clear_error (&error);
}
}
static void
plugin_failed (NMDnsPlugin *plugin, gpointer user_data)
{
@ -1432,6 +1453,7 @@ init_resolv_conf_mode (NMDnsManager *self)
g_signal_connect (priv->plugin, NM_DNS_PLUGIN_FAILED, G_CALLBACK (plugin_failed), self);
g_signal_connect (priv->plugin, NM_DNS_PLUGIN_CHILD_QUIT, G_CALLBACK (plugin_child_quit), self);
g_signal_connect (priv->plugin, NM_DNS_PLUGIN_APPEARED, G_CALLBACK (plugin_appeared), self);
_NMLOG (immutable ? LOGL_WARN : LOGL_INFO,
"%s%s%s%s%s%s",

10
src/dns-manager/nm-dns-plugin.c
View file

@ -43,6 +43,7 @@ G_DEFINE_TYPE_EXTENDED (NMDnsPlugin, nm_dns_plugin, G_TYPE_OBJECT, G_TYPE_FLAG_A
enum {
FAILED,
APPEARED,
CHILD_QUIT,
LAST_SIGNAL
};
@ -285,6 +286,15 @@ nm_dns_plugin_class_init (NMDnsPluginClass *plugin_class)
g_cclosure_marshal_VOID__VOID,
G_TYPE_NONE, 0);
signals[APPEARED] =
g_signal_new (NM_DNS_PLUGIN_APPEARED,
G_OBJECT_CLASS_TYPE (object_class),
G_SIGNAL_RUN_FIRST,
G_STRUCT_OFFSET (NMDnsPluginClass, failed),
NULL, NULL,
g_cclosure_marshal_VOID__VOID,
G_TYPE_NONE, 0);
signals[CHILD_QUIT] =
g_signal_new (NM_DNS_PLUGIN_CHILD_QUIT,
G_OBJECT_CLASS_TYPE (object_class),

1
src/dns-manager/nm-dns-plugin.h
View file

@ -31,6 +31,7 @@
#define NM_DNS_PLUGIN_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NM_TYPE_DNS_PLUGIN, NMDnsPluginClass))
#define NM_DNS_PLUGIN_FAILED "failed"
#define NM_DNS_PLUGIN_APPEARED "appeared"
#define NM_DNS_PLUGIN_CHILD_QUIT "child-quit"
#define IP_CONFIG_IFACE_TAG "dns-manager-iface"

10
src/org.freedesktop.NetworkManager.conf
View file

@ -26,6 +26,13 @@
<allow send_destination="org.freedesktop.NetworkManager.fortisslvpn"/>
<allow send_destination="org.freedesktop.NetworkManager.strongswan"/>
<allow send_interface="org.freedesktop.NetworkManager.VPN.Plugin"/>
<!-- Allow the custom name for the dnsmasq instance spawned by NM
from the dns dnsmasq plugin to own it's dbus name, and for
messages to be sent to it.
-->
<allow own="org.freedesktop.NetworkManager.dnsmasq"/>
<allow send_destination="org.freedesktop.NetworkManager.dnsmasq"/>
</policy>
<policy context="default">
<deny own="org.freedesktop.NetworkManager"/>
@ -127,6 +134,9 @@
<deny send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.Settings"
send_member="ReloadConnections"/>
<deny own="org.freedesktop.NetworkManager.dnsmasq"/>
<deny send_destination="org.freedesktop.NetworkManager.dnsmasq"/>
</policy>
<limit name="max_replies_per_connection">1024</limit>