| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
This follows what the kernel is doing, c.f.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fd54ace4721fc5ce2bb5aef6318fcf17f421460.
|
|
|
|
|
| |
This makes things more readable and fixes some issues with incorrect
flag propagation between the various flavours of config_parse().
|
|
|
| |
Follow-up for e6b2d948f8f5aabf6cdede8bd39256fe83db205e.
|
|
|
|
|
|
| |
Reported by Karim Hossen & Thomas Imbert from Sogeti ESEC R&D.
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351
|
|
|
|
|
|
|
|
|
|
|
| |
(#7014)
This creates a second private resolve.conf file which lists the stub resolver
and the resolved acquired search domains.
This runtime file should be used as a symlink target for /etc/resolv.conf such
that non-nss based applications can resolve search domains.
Fixes: #7009
|
| |
|
|
|
|
| |
let's make the status dump more useful for tracking down server issues.
|
|
|
|
|
|
|
|
|
| |
DNS server feature levels
This adds "systemd-resolve --reset-server-features" for explicitly
forgetting what we learnt. This might be useful for debugging
purposes, and to force systemd-resolved to restart its learning logic
for all DNS servers.
|
|
|
|
|
|
|
|
| |
network configuration changes
When the network configuration changes we should relearn everything
there is to know about the configured DNS servers, because we might talk
to the same addresses, but there might be different servers behind them.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When we a reply message gets longer than the client supports we need to
truncate the response and set the TC bit, and we already do that.
However, we are not supposed to send incomplete RRs in that case, but
instead truncate right at a record boundary. Do that.
This fixes the "Message parser reports malformed message packet."
warning the venerable "host" tool outputs when a very large response is
requested.
See: #6520
|
|
|
|
| |
Just some modernizations.
|
|\
| |
| | |
Clean up define definitions
|
| |
| |
| |
| |
| |
| | |
The configuration option was called -Dresolve, but the internal define
was …RESOLVED. This options governs more than just resolved itself, so
let's settle on the version without "d".
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The advantage is that is the name is mispellt, cpp will warn us.
$ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/"
$ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;'
$ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g'
$ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g'
+ manual changes to meson.build
squash! build-sys: use #if Y instead of #ifdef Y everywhere
v2:
- fix incorrect setting of HAVE_LIBIDN2
|
|/ |
|
|\
| |
| | |
Some DNS RR synthesizing fixes
|
| |
| |
| |
| |
| | |
This was forgotten, let's add it too, so that the llmnr, mdns and full
hostname RRs are all synthesized if needed.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, if a PTR query is seen for a non-existing record, we'd
generate an empty response (but not NXDOMAIN or so). Fix that. If we
have no data about an IP address, then let's say so, so that the
original error is returned, instead of anything synthesized.
Fixes: #6543
|
| |
| |
| |
| |
| |
| | |
Let's ensure that "no gateway" translates to "no domain", instead of an
empty reply. This is in line with what nss-myhostname does in the same
case, hence let's unify behaviour here of nss-myhostname and resolved.
|
| |
| |
| |
| |
| |
| | |
The included cocci was used to generate the changes.
Thanks to @flo-wer for pointing this case out.
|
|/
|
|
|
| |
In addition to the changes from #6933 this handles cases that could be
matched with the included cocci file.
|
|
|
|
| |
Fixes: #6787
|
|\
| |
| | |
networkd: do not fail manager_connect_bus() if dbus is not active yet
|
| | |
|
|/
|
|
|
| |
Let's make use of !! to run resolved with ambient capabilities on
systems supporting them.
|
|\
| |
| | |
Rename "gateway" to "_gateway" and other resolved changes
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This changes the symbolic name for the default gateway from "gateway" to
"_gateway". A new configuration option -Dcompat-gateway-hostname=true|false
is added. If it is set, the old name is also supported, but the new name
is used as the canonical name in either case. This is intended as a temporary
measure to make the transition easier, and the option should be removed
after a few releases, at which point only the new name will be used.
The old "gateway" name mostly works OK, but hasn't gained widespread acceptance
because of the following (potential) conflicts:
- it is completely legal to have a host called "gateway"
- there is no guarantee that "gateway" will not be registered as a TLD, even
though this currently seems unlikely. (Even then, there would be no
conflict except for the case when the top-level domain itself was being resolved.
The "gateway" or "_gateway" labels have only special meaning when the
whole name consists of a single label, so resolution of any subdomain
of the hypothetical gateway. TLD would still work OK. )
Moving to "_gateway" avoids those issues because underscores are not allowed
in host names (RFC 1123, §2.1) and avoids potential conflicts with local or
global names.
v2:
- simplify the logic to hardcode "_gateway" and allow
-Dcompat-gateway-hostname=true as a temporary measure.
|
|\ \
| |/
|/| |
Make tests faster by default
|
| |
| |
| |
| |
| | |
We want to test the edge cases, but testing all the values in between
is mostly pointless and slow on slow architectures (>1s on rpi).
|
| |
| |
| |
| |
| |
| |
| |
| | |
As a follow-up for db3f45e2d2586d78f942a43e661415bc50716d11 let's do the
same for all other cases where we create a FILE* with local scope and
know that no other threads hence can have access to it.
For most cases this shouldn't change much really, but this should speed
dbus introspection and calender time formatting up a bit.
|
| |
| |
| |
| | |
... and other autotools-generated files.
|
|/
|
|
|
| |
v2:
- also mention m4
|
|
|
| |
Resolves #6313.
|
|
|
|
|
|
|
| |
https://tools.ietf.org/html/rfc5891#section-4.2.3.1 says that
> The Unicode string MUST NOT contain "--" (two consecutive hyphens) in the third
> and fourth character positions and MUST NOT start or end with a "-" (hyphen).
This means that libidn2 refuses to encode such names.
Let's just resolve them without trying to use IDN.
|
|\
| |
| | |
Config parsing tweaks
|
| |
| |
| |
| | |
Fixes #6014.
|
|/
|
|
|
|
|
|
|
|
|
|
| |
dns_packet_new (#6285)
Actually the caller of dns_packet_new() pass 0 or the data size of the UDP message.
So try to reflect that, so rename the `mtu` parameter to `min_alloc_dsize`.
In fact `mtu` is the size of the whole UDP message, including the UDP header,
and here we just need to pass the size of data (without header). This was confusing.
Also add a check on the requested allocated size, since some caller do not check what is really allocated.
Indeed the function do not allocate more than DNS_PACKET_SIZE_MAX whatever the value of the `mtu` parameter.
|
|
|
|
|
|
|
|
|
|
| |
As suggested in:
https://github.com/systemd/systemd/commit/496ae8c84b2d3622bc767a727e3582e2b6bcffcd#commitcomment-22819483
Let's drop some noise from the logs, as switching between DNS servers is
definitely useful for debugging, but shouldn't get more attention that
that.
|
|
|
|
| |
This reverts commit d718d20225bd631360ca5502b873278416616a03.
|
|
|
|
| |
mtu is always greater than UDP_PACKET_HEADER_SIZE at this point.
Pointed out by Benjamin Robin.
|
|\
| |
| | |
Resolved packet size
|
| |
| |
| |
| |
| | |
This seems like the right thing to do, and apparently at least some compilers
warn about signed/unsigned comparisons with DNS_PACKET_SIZE_MAX.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
dns_packet_new() is sometimes called with mtu == 0, and in that case we should
allocate more than the absolute minimum (which is the dns packet header size),
otherwise we have to resize immediately again after appending the first data to
the packet.
This partially reverts the previous commit.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The allocation size was calculated in a complicated way, and for values
close to the page size we would actually allocate less than requested.
Reported by Chris Coulson <chris.coulson@canonical.com>.
CVE-2017-9445
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
|
| |
When DNS is unreliable temporarily, the current implementation will
never improve resend behavior again and switch DNS servers only late
(current maximum timeout is 5 seconds).
We can improve this by biasing the resend_timeout back to the current
RTT when a successful response was received. Next time, a timeout is hit
on this server, it will switch to the next server faster.
Fixes: #5953
|
|
|
| |
Fixes #5583.
|
|
|
| |
See https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1621396
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libidn2 2.0.0 supports IDNA2008, in contrast to libidn which supports IDNA2003.
https://bugzilla.redhat.com/show_bug.cgi?id=1449145
From that bug report:
Internationalized domain names exist for quite some time (IDNA2003), although
the protocols describing them have evolved in an incompatible way (IDNA2008).
These incompatibilities will prevent applications written for IDNA2003 to
access certain problematic domain names defined with IDNA2008, e.g., faß.de is
translated to domain xn--fa-hia.de with IDNA2008, while in IDNA2003 it is
translated to fass.de domain. That not only causes incompatibility problems,
but may be used as an attack vector to redirect users to different web sites.
v2:
- keep libidn support
- require libidn2 >= 2.0.0
v3:
- keep dns_name_apply_idna caller dumb, and keep the #ifdefs inside of the
function.
- use both ±IDN and ±IDN2 in the version string
|