summaryrefslogtreecommitdiffstats
path: root/src/resolve (follow)
Commit message (Collapse)AuthorAgeFilesLines
* resolved: stop mdns/llmnr if no interface request it after bus methodYu Watanabe5 days1-0/+9
|
* resolved: do not disable mdns/llmnr globally if it's enabled on any linkYu Watanabe5 days6-5/+36
| | | | | | | | | Fixes a regression caused by 2976730a4d34749bfb7a88da341464f1834ab1c6. Fixes #36078. Fixes #36126. Co-authored-by: Luca Boccassi <luca.boccassi@gmail.com>
* tree-wide: insert a space at the end of commentsYu Watanabe5 days2-2/+2
|
* resolved: empty "ipv4hint" and "ipv6hint" SvcParams are invalidTommi Rantala9 days1-2/+2
| | | | | | According to RFC 9460 "An empty list of addresses is invalid." https://www.rfc-editor.org/rfc/rfc9460.html#section-7.3
* tree-wide: drop merely used _cleanup_ macros, and introduce several new ones ↵Yu Watanabe9 days1-1/+1
|\ | | | | | | (#36071)
| * tree-wide: use _cleanup_hashmap_free_ and friendsYu Watanabe11 days1-1/+1
| |
* | tree-wide: implement generic io.systemd.service Varlink interface in all ↵Lennart Poettering11 days1-2/+9
|/ | | | | | | | | long-running services Given we have the generic interface, let's hook it up everywhere. This doesnt bother with the Reload() call usually, since that's more involved, but hooks up the other relevant functions where applicable.
* fundamental: unify gcc warning pragmas at one placeLennart Poettering13 days1-9/+6
| | | | | This also drops HAVE_WSTRINGOP_TRUNCATION as the corresponding option was introduced in GCC 8, and our baseline is GCC 8.4.
* meson: enable -Wzero-as-null-pointer-constantMike Yuan14 days3-0/+9
| | | | | Support for C added in gcc 15: https://github.com/gcc-mirror/gcc/commit/236c0829ee21a179c81b83f0d7f112ca23c47a4d
* tree-wide: remove unnecessary gcc >= 7 version checkMike Yuan14 days2-4/+0
| | | | Our baseline is gcc 8.4.
* resolve: fix typo in DNS_EDE_RCODE_PROHIBITIED constant nameTobias Klauser2025-01-072-2/+2
| | | | | Drop the extra `I` and rename the constant to DNS_EDE_RCODE_PROHIBITED in accordance with the error code string.
* resolved: stop mdns/lnrr when config changes to disabled on reloadLuca Boccassi2025-01-031-2/+5
| | | | | | | Currently on reload mdns/lnrr are enabled if they were disabled, but not viceversa. Fix it. Follow-up for 14a52176798bc2d013297b503ac6fa49a64e2725
* resolved: if one transaction completes, expect other transactions within ↵Morten Hauke Solvang2024-12-186-30/+88
| | | | | | | | | | | | | | | | | | | | candidate to succeed quickly Fixes #22575, as suggested by poettering in #35514. Intended as a workaround for some buggy routers, which refuse to send empty replies. If systemd-resolved starts two DnsTransactions, one for A and one for AAAA, and the domain in question has no AAAA entry, then the server will send a reply for A and no reply for AAAA. Correct behavior for the server would be to send an empty reply for AAAA. systemd-resolved would previously keep retrying the AAAA transaction, and eventually timeout the whole query, returning an error to the caller. Now, if the server replies to one query and not another, we cut short the timeout and return the partial result. Returning the partial result allows the rest of the system to keep working. It matches how e.g. glibc libnss_dns behaves.
* various: set info on varlink server objectZbigniew Jędrzejewski-Szmek2024-12-101-6/+3
| | | | | | The values that were previously hardcoded in sd-varlink.c are now defined in new varlink_set_info_systemd() and that function is called everywhere where we create a server.
* tree-wide: time-out → timeoutZbigniew Jędrzejewski-Szmek2024-11-053-3/+3
| | | | For justification, see 3f9a0a522f2029e9295ea5e9984259022be88413.
* resolved: log error messages for openssl/gnutls context creationZbigniew Jędrzejewski-Szmek2024-11-052-4/+9
| | | | | | | | | | | In https://bugzilla.redhat.com/show_bug.cgi?id=2322937 we're getting an error message: Okt 29 22:21:03 fedora systemd-resolved[29311]: Could not create manager: Cannot allocate memory I expect that this actually comes from dnstls_manager_init(), the openssl version. But without real logs it's hard to know for sure. Use EIO instead of ENOMEM, because the problem is unlikely to be actually related to memory.
* tree-wide: port things over to new json_dispatch_ifindex()Lennart Poettering2024-11-042-22/+10
|
* resolve: remove always-true superflous check and rename labelLuca Boccassi2024-11-011-8/+6
| | | | Fixes https://github.com/systemd/systemd/security/code-scanning/2900
* resolve: do not try to send varlink error more than onceYu Watanabe2024-10-311-70/+36
| | | | | | | After d2ebf5cc1d59e29139f06efaa3a9b2c184cdaa25, sd_varlink_error() and friends return negative errno. Fixes https://github.com/systemd/systemd/pull/34946#discussion_r1823703636.
* Merge pull request #34391 from poettering/dns-long-label-fixLennart Poettering2024-10-293-16/+141
|\ | | | | resolved: fixes when trying to serialize overly long DNS names
| * resolved: add test case from #33671Lennart Poettering2024-10-231-0/+30
| |
| * resolved: explicitly refuse adding invalid DNS names to DNS packetsLennart Poettering2024-10-231-0/+6
| | | | | | | | Fixes: #33671
| * resolved: when adding names to packet fails, remove them from label ↵Lennart Poettering2024-10-231-2/+15
| | | | | | | | | | | | | | | | | | compression hash table again let's make sure we undo any pollution of the label compression hash table. Fixes: #33671
| * dns-packet: refuse reading overlong DNS names from packetsLennart Poettering2024-10-232-14/+90
| | | | | | | | | | | | | | Even if we have no problem processing them they are invalid according to RFC, hence refuse. Fixes: #34416
* | sd-json,tree-wide: add sd_json_format_enabled() and use it everwhereZbigniew Jędrzejewski-Szmek2024-10-281-12/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We often used a pattern like if (!FLAGS_SET(flags, SD_JSON_FORMAT_OFF)), which is rather verbose and also contains a double negative, which we try to avoid. Add a little helper to avoid an explicit bit check. This change clarifies an aditional thing: in some cases we treated SD_JSON_FORMAT_OFF as a flag (flags & SD_JSON_FORMAT_OFF), while in other cases we treated it as an independent enum value (flags == SD_JSON_FORMAT_OFF). In the first form, flags like SD_JSON_FORMAT_SSE do _not_ turn the json output on, while in the second form they do. Let's use the first form everywhere. No functional change intended. Initially I wasn't sure if this helper should be made public or just internal, but it seems such a common pattern that if we expose the flags, we might just as well expose it too, to make life easier for any consumers.
* | tree-wide: replace for loop with FOREACH_ELEMENT or FOREACH_ARRAY macros ↵Integral2024-10-262-9/+9
|/ | | | (#34893)
* resolved: validate noerror response for CNAMEsRonan Pigott2024-10-221-10/+0
| | | | | | | | | CNAME doesn't exist at the zone apex. When we get an unsigned noerror response to a direct query for a CNAME record, we don't yet know if this name is zone apex. We already request the correct DS record in this case, but previously skipped it at validation time, causing the answer to appear bogus. Make sure to also consider the DS record for the query name for negative replies.
* Merge pull request #30952 from rpigott/resolved-dnrLennart Poettering2024-10-222-39/+39
|\ | | | | RFC9463: Discovery of Network-designated Resolvers
| * resolve: move sd-* api into libsystemd-networkRonan Pigott2024-10-213-4/+40
| | | | | | | | | | This duplicates the svc param constants for the benefit of the resolved-core library.
| * network: Introduce sd_dns_resolverRonan Pigott2024-09-143-40/+4
| | | | | | | | | | | | | | This type will be used to represent a "designated resolver", and the necessary info for communicating with it. Beyond and address endpoint, we may need to know the dns transport, authenticated domain name, DoH path, etc.
* | Merge pull request #34667 from rpigott/resolved-bypassLennart Poettering2024-10-213-12/+15
|\ \ | | | | | | resolve: fixes for sd-resolved bypass
| * | resolved: update condition for caching full packetsRonan Pigott2024-10-191-4/+2
| | | | | | | | | | | | | | | | | | | | | | | | Previously a full packet was cached only if the CD bit was set, but this no longer corresponds to the cases where bypass is enabled. Update the cache to retain a full packet in the cases where it might actually be useful.
| * | resolved: enable CD bit without DO setRonan Pigott2024-10-191-5/+2
| | | | | | | | | | | | | | | | | | | | | This is useful for a validating resolver to indicate to a non-validating resolver when checking was disabled for the query. This matches the behavior of the major public resovlers in response to queries with CD bu tnot DO set.
| * | resolved: authenticate bypass queriesRonan Pigott2024-10-192-3/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Following 13e15dae9f0b, resolved does not forward the AD bit for bypass queries, but resolved also didn't do it's own validation, making these replies appear to never be authentic. We should enable validation for bypass queries. Let's disable our own validation when processing a +cd query, and also ensure that it skips the cache so that we don't accidentally fail to return inauthentic replies from upstream. Previously, when we had a bypass transaction without cd, a cached, authenticated, reply with cd could be served, leaving the cd bit erroneously set in the reply. Only reply with a CD bit if the client requested it. Fixes: 13e15dae9f0b (resolved: clear the AD bit for bypass packets)
* | | resolved: refresh resolv.conf files when link goes awayLennart Poettering2024-10-181-0/+3
| | | | | | | | | | | | | | | | | | | | | This might have the effect that some DNS server or search domain disappears, hence rewrite the relevant files. See: #27543
* | | Fix maybe-uninitialized warnings with gcc 14.2Luca Boccassi2024-10-161-2/+2
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ../src/resolve/resolved-bus.c: In function ‘call_link_method’: ../src/resolve/resolved-bus.c:1769:16: warning: ‘l’ may be used uninitialized [-Wmaybe-uninitialized] 1769 | return handler(message, l, error); | ^~~~~~~~~~~~~~~~~~~~~~~~~~ ../src/resolve/resolved-bus.c:1755:15: note: ‘l’ was declared here 1755 | Link *l; | ^ ../src/resolve/resolved-bus.c: In function ‘bus_method_get_link’: ../src/resolve/resolved-bus.c:1828:13: warning: ‘l’ may be used uninitialized [-Wmaybe-uninitialized] 1828 | p = link_bus_path(l); | ^~~~~~~~~~~~~~~~ ../src/resolve/resolved-bus.c:1816:15: note: ‘l’ was declared here 1816 | Link *l; | ^
* | resolved: use SOCKADDR_LEN() where appropriateLennart Poettering2024-10-081-1/+2
| |
* | resolved: fix fastopen fallbackLennart Poettering2024-10-081-5/+8
| | | | | | | | | | | | We should not invalidate the socket address size before we use it. Fixes: #34579
* | tree-wide: drop doubled empty linesYu Watanabe2024-10-075-6/+0
| |
* | resolve: make sd_json_dispatch_field table staticYu Watanabe2024-09-181-10/+15
| |
* | resolvectl: make sd_json_dispatch_field table staticYu Watanabe2024-09-181-29/+50
| |
* | tree-wide: make sigprocmask() changes more automaticLennart Poettering2024-09-133-17/+22
|/ | | | | | | | | | | | | This tries to get rid of most manual sigprocmask() changes, in favour of: 1. The SD_EVENT_SIGNAL_PROCMASK flag to sd_event_add_signal() 2. The sd_event_set_signal_exit() call for handling SIGTERM/SIGINT 3. Move masking of SIGWINCH into ptyfwd, out of nspawn/vmspawn/run And while we are at it get rid of a bunch of event source fields whose lifetime is bound to the sd_event object they belong to anyway, and make use of the "floating" event source feature of sd-event instead.
* basic: split ifname related calls from format-util.h into format-ifname.hLennart Poettering2024-09-132-2/+2
| | | | | | | | This way we don't have to pull in net/if.h into format-util.h. This is supposed to address https://github.com/systemd/systemd/pull/32212#discussion_r1755639881 No actual code changes, just a .c/.h file split-up.
* resolvectl: rework StatusMode handling into a switch/case statementLennart Poettering2024-09-111-22/+31
|
* resolvectl: rename shallow destructors …_done()Lennart Poettering2024-09-111-4/+8
|
* Merge pull request #34373 from poettering/resolved-dnssd-move-outDaan De Meyer2024-09-115-227/+229
|\ | | | | move dnssd configuration file parsing from generic code into dnssd source files
| * resolved: move dnssd parsers to resolved-dnssd.cLennart Poettering2024-09-114-225/+227
| | | | | | | | Let's keep only the parsers for the main config in resolved-conf.c
| * resolved: move resolved_dnssd_gperf_lookup() prototype definition to ↵Lennart Poettering2024-09-113-2/+2
| | | | | | | | resolved-dnssd.h
* | resolved: simplify dns_scope_get_n_dns_servers(), don't count each timeLennart Poettering2024-09-111-10/+2
| |
* | resolved: use dns_scope_ifindex() at more placesLennart Poettering2024-09-112-3/+13
| | | | | | | | And add a mirroring dns_scope_ifname()
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-29 23:50:49 +0100