summaryrefslogtreecommitdiffstats
path: root/src/resolve/resolved-dns-stream.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* resolved: Make event flags logic robust for DoTJoan Bruguera2022-02-011-1/+2
| | | | | | | | | | | | | Since when handling a DNS over TLS stream, the TLS library can override the requested events through dnstls_events for handshake/shutdown purposes, obtaining the event flags through sd_event_source_get_io_events and checking for EPOLLIN or EPOLLOUT does not really tell us whether we want to read/write a packet. Instead, it could just be OpenSSL/GnuTLS doing something else. To make the logic more robust (and simpler), save the flags that tell us whether we want to read/write a packet, and check them instead of the IO flags. (& use uint32_t for the flags like in sd_event_source_set_io_events prototype)
* resolve: llmnr: fix never hit conditionYu Watanabe2022-01-281-0/+1
| | | | | | | | | | | | | | | | | | Previously, the condition in on_stream_io_impl() never hit, as the read packet is always taken from the stream in the few lines above. Instead of the dns_stream_complete() under the condition, the stream is unref()ed in the on_packet callback for LLMNR stream, unlike the other on_packet callbacks. That's quite tricky. Also, potentially, the stream may still have queued packets to write. This fix the condition, and drops the unref() in the on_packet callback. C.f. https://github.com/systemd/systemd/pull/22274#issuecomment-1023708449. Closes #22266.
* resolve: call dns_stream_take_read_packet() in on_stream_io()Yu Watanabe2022-01-281-4/+2
| | | | | As dns_stream_take_read_packet() is called only in on_packet callbacks, and all on_packet callbacks call it.
* resolve: make dns_stream_new() take on_packet and complete callbacksYu Watanabe2022-01-281-1/+10
| | | | And make on_packet callback mandatory.
* resolved: lower connection timeout for DoT connections in opportunistic modeLennart Poettering2021-11-221-1/+13
| | | | Fixes: #20801
* tree-wide: use -EINVAL for enum invalid valuesZbigniew Jędrzejewski-Szmek2021-02-101-1/+1
| | | | | | | | | As suggested in https://github.com/systemd/systemd/pull/11484#issuecomment-775288617. This does not touch anything exposed in src/systemd. Changing the defines there would be a compatibility break. Note that tests are broken after this commit. They will be fixed in the next one.
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-091-1/+1
|
* resolved: don't store udp/tcp fd in DnsPacket objectLennart Poettering2020-09-081-0/+3
| | | | | | | | | | | | | | | | DnsPacket should better be a "dead" object, i.e. list facts, not track resources. By including an fd in its fields it started tracking resources however, without actually taking a ref to the fd (i.e. no dup() or so was called on it). Let's hence rework things so that we don#t have to keep track of the fd a packet came in from. Instead, pass around the DnsStubListenerExtra object wherever we need to. This should be useful as soon as we start caching whole DnsPacket objects to allow replying to DNSSEC/CO packets, i.e. where we have to keep a copy of the original DnsPacket around for a long time in cache, potentially much longer than the fds the packet was received on.
* resolved: Break include cyclesDaan De Meyer2020-05-071-5/+9
|
* resolved: don't require check when importing resolved-dnstls.hIwan Timmer2019-06-191-3/+1
|
* resolved: keep stub stream connections up for as long as client wantsLennart Poettering2019-02-151-1/+1
| | | | | | This enables pipelining of queries from clients to our stub server. Fixes: #11332
* stream: track type of DnsStream objectLennart Poettering2019-02-151-1/+11
| | | | | | | | We use stream objects in four different cases: let's track them. This in particular allows us to make sure the limit on outgoing streams cannot be exhausted by having incoming streams as this means we can neatly separate the counters for all four types.
* resolved: drop unused field structureLennart Poettering2018-12-071-1/+0
|
* resolved: add new helper for carefully detach a stream from any serverLennart Poettering2018-12-071-0/+2
| | | | | | | | | | | | | This adds a helper call for detaching a DnsServer from a DnsStream if the latter is the "default" stream of the server. Also, let's unref the stream in dns_stream_stop() rather than dns_stream_free(): as soon as our stream is disconnected by stopping there's really no need to keep it as default stream for the server around. Since dns_stream_free() calls dns_stream_stop() we can remove it from the former.
* resolved: comment headers betterLennart Poettering2018-12-071-1/+1
|
* resolved: add new accessor dns_stream_take_read_packet() for taking read ↵Lennart Poettering2018-12-071-0/+2
| | | | | | | packet from stream This ensures the packet is complete when it is taken out, and resets n_read so that we can start reading the next one.
* tree-wide: use unsigned for refcountYu Watanabe2018-08-271-1/+1
|
* resolved: set io events after receiving EAGAIN for TLSIwan Timmer2018-07-271-0/+1
| | | During handshake and TLS session closing, messages needs to be exchanged. Therefore this patch overrides the requested IO events for the TCP stream when the TLS is waiting for sending or receiving of messages during theses periods. This fixes issues with correctly closing the TLS stream and prevents the handshake from hanging in rare cases (not seen yet).
* resolved: refactor GnuTLS specific code in separate source fileIwan Timmer2018-07-271-6/+6
| | | | | | This is a first step towards supporting alternative TLS implementations for DNS-over-TLS. Co-authored-by: Filipe Brandenburger <filbranden@google.com>
* meson: make DNS-over-TLS support optionalYu Watanabe2018-06-201-3/+3
| | | | | This adds dns-over-tls option to meson. If set to 'false', systemd-resolved is not linked with libgnutls.
* tree-wide: remove Lennart's copyright linesLennart Poettering2018-06-141-4/+0
| | | | | | | | | | | These lines are generally out-of-date, incomplete and unnecessary. With SPDX and git repository much more accurate and fine grained information about licensing and authorship is available, hence let's drop the per-file copyright notice. Of course, removing copyright lines of others is problematic, hence this commit only removes my own lines and leaves all others untouched. It might be nicer if sooner or later those could go away too, making git the only and accurate source of authorship information.
* tree-wide: drop 'This file is part of systemd' blurbLennart Poettering2018-06-141-2/+0
| | | | | | | | | | | | | | | | This part of the copyright blurb stems from the GPL use recommendations: https://www.gnu.org/licenses/gpl-howto.en.html The concept appears to originate in times where version control was per file, instead of per tree, and was a way to glue the files together. Ultimately, we nowadays don't live in that world anymore, and this information is entirely useless anyway, as people are very welcome to copy these files into any projects they like, and they shouldn't have to change bits that are part of our copyright header for that. hence, let's just get rid of this old cruft, and shorten our codebase a bit.
* resolved: support for DNS-over-TLSIwan Timmer2018-06-111-0/+17
| | | | Add support for DNS-over-TLS using GnuTLS. To reduce latency also TLS False Start and TLS session resumption is supported.
* resolved: TCP fast open connectionsIwan Timmer2018-06-111-1/+5
| | | | Add suport for TCP fast open connection to reduce latency for successive DNS request over TCP
* resolved: longlived TCP connectionsIwan Timmer2018-06-111-1/+5
| | | | Keep DNS over TCP connection open until it's closed by the server or after a timeout.
* tree-wide: drop license boilerplateZbigniew Jędrzejewski-Szmek2018-04-061-13/+0
| | | | | | | | | | Files which are installed as-is (any .service and other unit files, .conf files, .policy files, etc), are left as is. My assumption is that SPDX identifiers are not yet that well known, so it's better to retain the extended header to avoid any doubt. I also kept any copyright lines. We can probably remove them, but it'd nice to obtain explicit acks from all involved authors before doing that.
* Add SPDX license identifiers to source files under the LGPLZbigniew Jędrzejewski-Szmek2017-11-191-0/+1
| | | | | This follows what the kernel is doing, c.f. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fd54ace4721fc5ce2bb5aef6318fcf17f421460.
* resolved: directly include some required headers instead of inheritingDavid Michael2016-09-011-0/+1
|
* resolved: respond to local resolver requests on 127.0.0.53:53Lennart Poettering2016-06-211-2/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In order to improve compatibility with local clients that speak DNS directly (and do not use NSS or our bus API) listen locally on 127.0.0.53:53 and process any queries made that way. Note that resolved does not implement a full DNS server on this port, but simply enough to allow normal, local clients to resolve RRs through resolved. Specifically it does not implement queries without the RD bit set (these are requests where recursive lookups are explicitly disabled), and neither queries with DNSSEC DO set in combination with DNSSEC CD (i.e. DNSSEC lookups with validation turned off). It also refuses zone transfers and obsolete RR types. All lookups done this way will be rejected with a clean error code, so that the client side can repeat the query with a reduced feature set. The code will set the DNSSEC AD flag however, depending on whether the data resolved has been validated (or comes from a local, trusted source). Lookups made via this mechanisms are propagated to LLMNR and mDNS as necessary, but this is only partially useful as DNS packets cannot carry IP scope data (i.e. the ifindex), and hence link-local addresses returned cannot be used properly (and given that LLMNR/mDNS are mostly about link-local communication this is quite a limitation). Also, given that DNS tends to use IDNA for non-ASCII names, while LLMNR/mDNS uses UTF-8 lookups cannot be mapped 1:1. In general this should improve compatibility with clients bypassing NSS but it is highly recommended for clients to instead use NSS or our native bus API. This patch also beefs up the DnsStream logic, as it reuses the code for local TCP listening. DnsStream now provides proper reference counting for its objects. In order to avoid feedback loops resolved will no silently ignore 127.0.0.53 specified as DNS server when reading configuration. resolved listens on 127.0.0.53:53 instead of 127.0.0.1:53 in order to leave the latter free for local, external DNS servers or forwarders. This also changes the "etc.conf" tmpfiles snippet to create a symlink from /etc/resolv.conf to /usr/lib/systemd/resolv.conf by default, thus making this stub the default mode of operation if /etc is not populated.
* tree-wide: remove Emacs lines from all filesDaniel Mack2016-02-101-2/+0
| | | | | This should be handled fine now by .dir-locals.el, so need to carry that stuff in every file.
* remove unused includesThomas Hindoe Paaboel Andersen2015-02-231-1/+0
| | | | | | This patch removes includes that are not used. The removals were found with include-what-you-use which checks if any of the symbols from a header is in use.
* resolved: rename resolved.h to resolved-manager.hLennart Poettering2014-08-011-1/+1
| | | | | After all it pretty much exlcusively containers definitions about the "Manager" object, hence let's call this the most obvious way.
* resolved: implement LLMNR uniqueness verificationLennart Poettering2014-07-311-1/+3
|
* resolved: when resolving an address PTR record via llmnr, make a tcp ↵Lennart Poettering2014-07-291-0/+1
| | | | connection by default
* resolve: add llmnr responder side for UDP and TCPLennart Poettering2014-07-291-0/+61
Name defending is still missing.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-04 14:33:27 +0100