[PATCH 1/2] netconfig: add global MulticastDNS option

[PATCH 1/2] netconfig: add global MulticastDNS option

[Andrea Pappacoda]

From: James Prestwood <prestwoj@gmail.com>

Adds the MulticastDNS option globally to main.conf. If set all
network connections (when netconfig is enabled) will set mDNS
support into the resolver. Note that an individual network profile
can still override the global value if it sets MulticastDNS.
---
 src/netconfig.c | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/src/netconfig.c b/src/netconfig.c
index e6779d7c..8b798e0b 100644
--- a/src/netconfig.c
+++ b/src/netconfig.c
@@ -56,6 +56,7 @@
  */
 static uint32_t ROUTE_PRIORITY_OFFSET;
 static bool ipv6_enabled;
+static char *mdns_global;
 
 static void do_debug(const char *str, void *user_data)
 {
@@ -396,13 +397,16 @@ send_hostname:
 	}
 
 mdns:
-	if (l_settings_has_key(active_settings, "Network", "MulticastDNS") &&
-			!(mdns = l_settings_get_string(active_settings,
-							"Network",
-							"MulticastDNS"))) {
-		l_error("netconfig: Can't load Network.MulticastDNS");
-		success = false;
-	}
+	/* If the networks has this set take that over the global */
+	if (l_settings_has_key(active_settings, "Network", "MulticastDNS")) {
+		mdns = l_settings_get_string(active_settings, "Network",
+							"MulticastDNS");
+		if (!mdns) {
+			l_error("netconfig: Can't load Network.MulticastDNS");
+			success = false;
+		}
+	} else if (mdns_global)
+		mdns = l_strdup(mdns_global);
 
 	if (mdns && !L_IN_STRSET(mdns, "true", "false", "resolve")) {
 		l_error("netconfig: Bad Network.MulticastDNS value '%s'", mdns);
@@ -753,11 +757,15 @@ static int netconfig_init(void)
 					&ipv6_enabled))
 		ipv6_enabled = false;
 
+	mdns_global = l_settings_get_string(iwd_get_config(), "Network",
+						"MulticastDNS");
+
 	return 0;
 }
 
 static void netconfig_exit(void)
 {
+	l_free(mdns_global);
 }
 
 IWD_MODULE(netconfig, netconfig_init, netconfig_exit)
-- 
2.35.1

[PATCH 2/2] doc: document global MulticastDNS option

[Andrea Pappacoda]

Documents the new MulticastDNS global option, also adding some more
details regarding how and when systemd-resolved enables mDNS, and how
iwd handles it.
---
See <https://lore.kernel.org/iwd/A4TIKR.5DC9OCNE90W6@pappacoda.it/T/>
for more context.

 doc/main.conf       |  6 ++++++
 src/iwd.config.rst  | 19 +++++++++++++++++++
 src/iwd.network.rst |  4 ++--
 3 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/doc/main.conf b/doc/main.conf
index e85aab10..f49d27db 100644
--- a/doc/main.conf
+++ b/doc/main.conf
@@ -37,6 +37,12 @@
 #
 #NameResolvingService=resolvconf
 #
+# If NameResolvingService=systemd is set, iwd can tell systemd-resolved to
+# enable multicast DNS for a given interface. Uncomment the value below to
+# enable mDNS for all the interfaces:
+#
+#MulticastDNS=true
+#
 # iwd's support for IPv6 is still experimental and is disabled by default.
 # If you want to try it anyway, uncomment the setting below.  Note that
 # configuration via SLAAC is currently not supported (DHCPv6 only).
diff --git a/src/iwd.config.rst b/src/iwd.config.rst
index bafb6b85..27433cb1 100644
--- a/src/iwd.config.rst
+++ b/src/iwd.config.rst
@@ -249,6 +249,25 @@ The group ``[Network]`` contains network configuration related settings.
        If ``none`` is specified, then DNS and domain name information is
        ignored.
 
+   * - MulticastDNS
+     - Values: true, false, resolve
+
+       When ``NameResolvingService`` is set to ``systemd``, **iwd** can tell
+       **systemd-resolved** to enable multicast DNS for a given interface.
+       This setting configures the default for all the interfaces.
+
+       If ``EnableNetworkConfiguration`` is enabled and no other network
+       manager is configured, mDNS will be completely governed by this
+       option, assuming that MulticastDNS is enabled in ``resolved.conf``.
+
+       Note that individual network profiles can override this global value;
+       also see ``man 5 iwd.network``.
+
+       When no value is set, systemd-resolved's per-link setting will remain
+       untouched.
+
+       See ``man 5 resolved.conf`` for details.
+
    * - RoutePriorityOffset
      - Values: uint32 value (default: **300**)
 
diff --git a/src/iwd.network.rst b/src/iwd.network.rst
index d3692834..4a207514 100644
--- a/src/iwd.network.rst
+++ b/src/iwd.network.rst
@@ -330,8 +330,8 @@ file.
      - Values: true, false, resolve
 
        Configures multicast DNS for this network. If not specified,
-       systemd-resolved's default value will remain untouched.
-       See ``man 5 systemd.network`` for details.
+       the global iwd default will be used instead.
+       See ``man 5 iwd.config`` for details.
 
        Only applies when ``NameResolvingService=systemd``.
 
-- 
2.35.1

Re: [PATCH 1/2] netconfig: add global MulticastDNS option

[Rhys Perry]

> Adds the MulticastDNS option globally to main.conf. If set all
> network connections (when netconfig is enabled) will set mDNS
> support into the resolver. Note that an individual network profile
> can still override the global value if it sets MulticastDNS.

Since we're getting a global setting for mDNS, would it make sense to
add a global setting for DNS at the same time too?

Re: [PATCH 1/2] netconfig: add global MulticastDNS option

[Andrea Pappacoda]

Il giorno gio 3 nov 2022 alle 14:23:57 +00:00:00, Rhys Perry 
<rhysperry111@gmail.com> ha scritto:
> Since we're getting a global setting for mDNS, would it make sense to
> add a global setting for DNS at the same time too?

I'm not sure about this. Setting a default system-wide DNS server is 
already possible by other means (by editing /etc/resolve.conf, 
modifying systemd-resolved options, etc.). Also, overriding the DNS 
server received via DHCP can create issues, and I wouldn't feel 
comfortable in enabling such a setting for all of my networks. Lastly, 
I believe that having a global MulticastDNS option makes sense because 
the network manager is the only entity that can tell sd-resolved to use 
mDNS on a given link.

Re: [PATCH 1/2] netconfig: add global MulticastDNS option

[Rhys Perry]

On Thu, 3 Nov 2022 at 15:48, Andrea Pappacoda <andrea@pappacoda.it> wrote:
>
> Il giorno gio 3 nov 2022 alle 14:23:57 +00:00:00, Rhys Perry
> <rhysperry111@gmail.com> ha scritto:
> > Since we're getting a global setting for mDNS, would it make sense to
> > add a global setting for DNS at the same time too?
>
> I'm not sure about this. Setting a default system-wide DNS server is
> already possible by other means (by editing /etc/resolve.conf,
> modifying systemd-resolved options, etc.).

This doesn't seem to work, as systemd-resolved will let the DNS server
passed from IWD have precedence over its configured default server.
systemd-resolved can take over /etc/resolve.conf (with its own stub)

> Also, overriding the DNS
> server received via DHCP can create issues, and I wouldn't feel
> comfortable in enabling such a setting for all of my networks.

Fair enough, although I feel some users like myself, who quite often
connect to untrusted networks, would like the option to be able to
avoid blindly trusting the DNS server provided through DHCP (without
having to manually configure the setting for new networks they join
and don't trust). I would certainly prefer to be able to set a global
DNS, and then override that in the cases that it causes problems (e.g.
captive portals).

Re: [PATCH 1/2] netconfig: add global MulticastDNS option

[James Prestwood]

On Thu, 2022-11-03 at 15:56 +0000, Rhys Perry wrote:
> On Thu, 3 Nov 2022 at 15:48, Andrea Pappacoda <andrea@pappacoda.it>
> wrote:
> > 
> > Il giorno gio 3 nov 2022 alle 14:23:57 +00:00:00, Rhys Perry
> > <rhysperry111@gmail.com> ha scritto:
> > > Since we're getting a global setting for mDNS, would it make
> > > sense to
> > > add a global setting for DNS at the same time too?
> > 
> > I'm not sure about this. Setting a default system-wide DNS server
> > is
> > already possible by other means (by editing /etc/resolve.conf,
> > modifying systemd-resolved options, etc.).
> 
> This doesn't seem to work, as systemd-resolved will let the DNS
> server
> passed from IWD have precedence over its configured default server.
> systemd-resolved can take over /etc/resolve.conf (with its own stub)

Couldn't you set [Network].NameResolvingService=none in main.conf to
work around this?

> 
> > Also, overriding the DNS
> > server received via DHCP can create issues, and I wouldn't feel
> > comfortable in enabling such a setting for all of my networks.
> 
> Fair enough, although I feel some users like myself, who quite often
> connect to untrusted networks, would like the option to be able to
> avoid blindly trusting the DNS server provided through DHCP (without
> having to manually configure the setting for new networks they join
> and don't trust). I would certainly prefer to be able to set a global
> DNS, and then override that in the cases that it causes problems
> (e.g.
> captive portals).

Re: [PATCH 2/2] doc: document global MulticastDNS option

[Denis Kenzior]

Hi Andrea,

On 11/3/22 05:56, Andrea Pappacoda wrote:
> Documents the new MulticastDNS global option, also adding some more
> details regarding how and when systemd-resolved enables mDNS, and how
> iwd handles it.
> ---
> See <https://lore.kernel.org/iwd/A4TIKR.5DC9OCNE90W6@pappacoda.it/T/>
> for more context.
> 
>   doc/main.conf       |  6 ++++++
>   src/iwd.config.rst  | 19 +++++++++++++++++++
>   src/iwd.network.rst |  4 ++--
>   3 files changed, 27 insertions(+), 2 deletions(-)
> 
So overall I don't mind doing this if there's no other way, but I do wonder... 
According to [1]:

"The SetLinkLLMNR() method enables or disables LLMNR support on a specific 
network interface. It takes a network interface index as well as a string that 
may either be empty or one of "yes", "no" or "resolve". If empty, the 
systemd-wide default LLMNR setting is used. If "yes", LLMNR is used for 
resolution of single-label names and the local hostname is registered on all 
local LANs for LLMNR resolution by peers. If "no", LLMNR is turned off fully on 
this interface. If "resolve", LLMNR is only enabled for resolving names, but the 
local hostname is not registered for other peers to use.

Similarly, the SetLinkMulticastDNS() method enables or disables MulticastDNS 
support on a specific interface. It takes the same parameters as SetLinkLLMNR() 
described above."

Right now, if no setting is provided, then we do not invoke 
SetLinkMulticastDNS() at all.  If we were to send SetLinkMulticastDNS() with an 
empty string, would it just apply the global resolved defaults?  In which case, 
should we simply default to using an empty string if the setting isn't provided?

[1] https://www.freedesktop.org/software/systemd/man/org.freedesktop.resolve1.html

Regards,
-Denis

Re: [PATCH 2/2] doc: document global MulticastDNS option

[Andrea Pappacoda]

Hi Denis, thanks for your feedback :)

Il giorno gio 3 nov 2022 alle 14:21:28 -05:00:00, Denis Kenzior 
<denkenz@gmail.com> ha scritto:
> Right now, if no setting is provided, then we do not invoke 
> SetLinkMulticastDNS() at all.  If we were to send 
> SetLinkMulticastDNS() with an empty string, would it just apply the 
> global resolved defaults?  In which case, should we simply default to 
> using an empty string if the setting isn't provided?

Unfortunately I don't know much about D-Bus, but I took a quick look at 
systemd-resolved's source and it seems that this wouldn't work.

As far as I understand, when no link-specific value is provided on the 
D-Bus interface, resolved sets LLMNR to "yes"[1] and mDNS to "no"[2]. 
It is possible that I have misinterpreted the code though, so checking 
if this is actually the case could still be worth it.

[1]: 
https://github.com/systemd/systemd/blob/6c83054c0133eb53245e479d71589dceff76cf74/src/resolve/resolved-link-bus.c#L514-L515

[2]: 
https://github.com/systemd/systemd/blob/6c83054c0133eb53245e479d71589dceff76cf74/src/resolve/resolved-link-bus.c#L562-L563

Re: [PATCH 2/2] doc: document global MulticastDNS option

[Andrea Pappacoda]

Hi again,

Il giorno gio 3 nov 2022 alle 22:31:53 +01:00:00, Andrea Pappacoda 
<andrea@pappacoda.it> ha scritto:
> As far as I understand, when no link-specific value is provided on 
> the D-Bus interface, resolved sets LLMNR to "yes"[1] and mDNS to 
> "no"[2]. It is possible that I have misinterpreted the code though, 
> so checking if this is actually the case could still be worth it.

Thinking about this more, I'm starting to see this as a bug in 
systemd-resolved. I've reported it on 
<https://github.com/systemd/systemd/issues/25252>.

For the time being, it may be better not to merge this.

Re: [PATCH 2/2] doc: document global MulticastDNS option

[James Prestwood]

On Thu, 2022-11-03 at 22:58 +0100, Andrea Pappacoda wrote:
> Hi again,
> 
> Il giorno gio 3 nov 2022 alle 22:31:53 +01:00:00, Andrea Pappacoda 
> <andrea@pappacoda.it> ha scritto:
> > As far as I understand, when no link-specific value is provided on 
> > the D-Bus interface, resolved sets LLMNR to "yes"[1] and mDNS to 
> > "no"[2]. It is possible that I have misinterpreted the code though,
> > so checking if this is actually the case could still be worth it.
> 
> Thinking about this more, I'm starting to see this as a bug in 
> systemd-resolved. I've reported it on 
> <https://github.com/systemd/systemd/issues/25252>.
> 
> For the time being, it may be better not to merge this.

In addition the documentation about calling with an empty string
doesn't appear to be true either. If I set main.conf:

[Network]
MulticastDNS=


And modify the logic to allow "" I both don't see +mDNS on my per-link
setting, nor do I see any mDNS packets.

So I guess we see what systemd says, I'll also comment on that bug
report about the empty string issue. Maybe you could try this out as
well to make sure I'm not crazy.

Thanks,
James