summaryrefslogtreecommitdiffstats
path: root/src/resolve (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add SPDX license identifiers to source files under the LGPLZbigniew Jędrzejewski-Szmek2017-11-1960-0/+60
| | | | | This follows what the kernel is doing, c.f. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fd54ace4721fc5ce2bb5aef6318fcf17f421460.
* conf-parser: turn three bool function params into a flags fieldsLennart Poettering2017-11-131-1/+1
| | | | | This makes things more readable and fixes some issues with incorrect flag propagation between the various flavours of config_parse().
* resolved: change newline position in stub-resolv.conf (#7216)Yu Watanabe2017-10-301-2/+2
| | | Follow-up for e6b2d948f8f5aabf6cdede8bd39256fe83db205e.
* resolved: fix loop on packets with pseudo dns typesZbigniew Jędrzejewski-Szmek2017-10-251-5/+1
| | | | | | Reported by Karim Hossen & Thomas Imbert from Sogeti ESEC R&D. https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351
* resolved: create private stub resolve file for /etc/resolv.conf integration ↵Dimitri John Ledkov2017-10-243-16/+49
| | | | | | | | | | | (#7014) This creates a second private resolve.conf file which lists the stub resolver and the resolved acquired search domains. This runtime file should be used as a symlink target for /etc/resolv.conf such that non-nss based applications can resolve search domains. Fixes: #7009
* mkdir: introduce follow_symlink flag to mkdir_safe{,_label}()Yu Watanabe2017-10-061-1/+1
|
* resolved: include DNS server feature level info in SIGUSR1 status dumpLennart Poettering2017-10-053-0/+64
| | | | let's make the status dump more useful for tracking down server issues.
* resolved: add support for explicitly forgetting everything we learnt about ↵Lennart Poettering2017-10-055-21/+84
| | | | | | | | | DNS server feature levels This adds "systemd-resolve --reset-server-features" for explicitly forgetting what we learnt. This might be useful for debugging purposes, and to force systemd-resolved to restart its learning logic for all DNS servers.
* resolved: automatically forget all learnt DNS server information when the ↵Lennart Poettering2017-10-057-7/+74
| | | | | | | | network configuration changes When the network configuration changes we should relearn everything there is to know about the configured DNS servers, because we might talk to the same addresses, but there might be different servers behind them.
* resolved: rework how we handle truncation in the stub resolverLennart Poettering2017-10-059-37/+69
| | | | | | | | | | | | | When we a reply message gets longer than the client supports we need to truncate the response and set the TC bit, and we already do that. However, we are not supposed to send incomplete RRs in that case, but instead truncate right at a record boundary. Do that. This fixes the "Message parser reports malformed message packet." warning the venerable "host" tool outputs when a very large response is requested. See: #6520
* resolved: take benefit of log_xyz_errno() returning the negative error codeLennart Poettering2017-10-051-12/+6
| | | | Just some modernizations.
* Merge pull request #6974 from keszybz/clean-up-definesLennart Poettering2017-10-047-18/+18
|\ | | | | Clean up define definitions
| * build-sys: s/ENABLE_RESOLVED/ENABLE_RESOLVE/Zbigniew Jędrzejewski-Szmek2017-10-041-6/+6
| | | | | | | | | | | | The configuration option was called -Dresolve, but the internal define was …RESOLVED. This options governs more than just resolved itself, so let's settle on the version without "d".
| * build-sys: use #if Y instead of #ifdef Y everywhereZbigniew Jędrzejewski-Szmek2017-10-047-13/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The advantage is that is the name is mispellt, cpp will warn us. $ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/" $ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;' $ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g' $ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g' + manual changes to meson.build squash! build-sys: use #if Y instead of #ifdef Y everywhere v2: - fix incorrect setting of HAVE_LIBIDN2
* | tree-wide: use IN_SET macro (#6977)Yu Watanabe2017-10-046-9/+8
|/
* Merge pull request #6946 from poettering/synthesize-dnsZbigniew Jędrzejewski-Szmek2017-10-032-23/+72
|\ | | | | Some DNS RR synthesizing fixes
| * resolved: synthesize records for the full local hostname, tooLennart Poettering2017-09-291-3/+12
| | | | | | | | | | This was forgotten, let's add it too, so that the llmnr, mdns and full hostname RRs are all synthesized if needed.
| * resolved: make sure a non-existing PTR record never gets mangled into NODATALennart Poettering2017-09-291-9/+26
| | | | | | | | | | | | | | | | | | Previously, if a PTR query is seen for a non-existing record, we'd generate an empty response (but not NXDOMAIN or so). Fix that. If we have no data about an IP address, then let's say so, so that the original error is returned, instead of anything synthesized. Fixes: #6543
| * resolved: when there is no gateway, make sure _gateway results in NXDOMAINLennart Poettering2017-09-292-11/+34
| | | | | | | | | | | | Let's ensure that "no gateway" translates to "no domain", instead of an empty reply. This is in line with what nss-myhostname does in the same case, hence let's unify behaviour here of nss-myhostname and resolved.
* | tree-wide: use `!IN_SET(..)` for `a != b && a != c && …`Andreas Rammhold2017-10-021-3/+3
| | | | | | | | | | | | The included cocci was used to generate the changes. Thanks to @flo-wer for pointing this case out.
* | tree-wide: use IN_SET where possibleAndreas Rammhold2017-10-025-8/+9
|/ | | | | In addition to the changes from #6933 this handles cases that could be matched with the included cocci file.
* exec-util,conf-files: skip non-executable files in execute_directories()Lennart Poettering2017-09-131-1/+1
| | | | Fixes: #6787
* Merge pull request #6659 from yuwata/econnrefusedLennart Poettering2017-08-301-2/+1
|\ | | | | networkd: do not fail manager_connect_bus() if dbus is not active yet
| * network,resolve: remove comments related to kdbusYu Watanabe2017-08-231-2/+1
| |
* | units: make use of the new !! ExecStart= prefix in systemd-resolved.serviceLennart Poettering2017-08-101-7/+12
|/ | | | | Let's make use of !! to run resolved with ambient capabilities on systems supporting them.
* Merge pull request #6420 from keszybz/gateway-nameLennart Poettering2017-08-012-1/+9
|\ | | | | Rename "gateway" to "_gateway" and other resolved changes
| * resolved: add debug message about stub listenerZbigniew Jędrzejewski-Szmek2017-07-311-0/+8
| |
| * resolved,nss-myhostname: use _gateway for the gatewayZbigniew Jędrzejewski-Szmek2017-07-311-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This changes the symbolic name for the default gateway from "gateway" to "_gateway". A new configuration option -Dcompat-gateway-hostname=true|false is added. If it is set, the old name is also supported, but the new name is used as the canonical name in either case. This is intended as a temporary measure to make the transition easier, and the option should be removed after a few releases, at which point only the new name will be used. The old "gateway" name mostly works OK, but hasn't gained widespread acceptance because of the following (potential) conflicts: - it is completely legal to have a host called "gateway" - there is no guarantee that "gateway" will not be registered as a TLD, even though this currently seems unlikely. (Even then, there would be no conflict except for the case when the top-level domain itself was being resolved. The "gateway" or "_gateway" labels have only special meaning when the whole name consists of a single label, so resolution of any subdomain of the hypothetical gateway. TLD would still work OK. ) Moving to "_gateway" avoids those issues because underscores are not allowed in host names (RFC 1123, §2.1) and avoids potential conflicts with local or global names. v2: - simplify the logic to hardcode "_gateway" and allow -Dcompat-gateway-hostname=true as a temporary measure.
* | Merge pull request #6365 from keszybz/fast-testsMartin Pitt2017-07-283-3/+9
|\ \ | |/ |/| Make tests faster by default
| * test-resolved-packet: skip most of the loopZbigniew Jędrzejewski-Szmek2017-07-133-3/+9
| | | | | | | | | | We want to test the edge cases, but testing all the values in between is mostly pointless and slow on slow architectures (>1s on rpi).
* | tree-wide: fput[cs]() → fput[cs]_unlocked() wherever that makes sense (#6396)Lennart Poettering2017-07-212-30/+30
| | | | | | | | | | | | | | | | As a follow-up for db3f45e2d2586d78f942a43e661415bc50716d11 let's do the same for all other cases where we create a FILE* with local scope and know that no other threads hence can have access to it. For most cases this shouldn't change much really, but this should speed dbus introspection and calender time formatting up a bit.
* | build-sys: drop gitignore patterns for in-tree buildsZbigniew Jędrzejewski-Szmek2017-07-181-6/+0
| | | | | | | | ... and other autotools-generated files.
* | build-sys: drop automake supportZbigniew Jędrzejewski-Szmek2017-07-181-1/+0
|/ | | | | v2: - also mention m4
* resolved: consider pointopoint links for local multicast (#6343)v234florianjacob2017-07-121-4/+1
| | | Resolves #6313.
* resolved: allow resolution of names which libidn2 considers invalid (#6315)Zbigniew Jędrzejewski-Szmek2017-07-112-3/+9
| | | | | | | https://tools.ietf.org/html/rfc5891#section-4.2.3.1 says that > The Unicode string MUST NOT contain "--" (two consecutive hyphens) in the third > and fourth character positions and MUST NOT start or end with a "-" (hyphen). This means that libidn2 refuses to encode such names. Let's just resolve them without trying to use IDN.
* Merge pull request #6289 from keszybz/config-tweaksDjalal Harouni2017-07-101-1/+1
|\ | | | | Config parsing tweaks
| * resolved: treat failure to parse config as non-fatalZbigniew Jędrzejewski-Szmek2017-07-051-1/+1
| | | | | | | | Fixes #6014.
* | resolve: Try to remove the ambiguity about the mtu parameter of ↵Benjamin Robin2017-07-063-10/+21
|/ | | | | | | | | | | | dns_packet_new (#6285) Actually the caller of dns_packet_new() pass 0 or the data size of the UDP message. So try to reflect that, so rename the `mtu` parameter to `min_alloc_dsize`. In fact `mtu` is the size of the whole UDP message, including the UDP header, and here we just need to pass the size of data (without header). This was confusing. Also add a check on the requested allocated size, since some caller do not check what is really allocated. Indeed the function do not allocate more than DNS_PACKET_SIZE_MAX whatever the value of the `mtu` parameter.
* resolved: downgrade log messages about switching DNS serversLennart Poettering2017-07-032-4/+4
| | | | | | | | | | As suggested in: https://github.com/systemd/systemd/commit/496ae8c84b2d3622bc767a727e3582e2b6bcffcd#commitcomment-22819483 Let's drop some noise from the logs, as switching between DNS servers is definitely useful for debugging, but shouldn't get more attention that that.
* Revert "resolved: drop unnecessary comparison (#6220)"Zbigniew Jędrzejewski-Szmek2017-06-281-1/+1
| | | | This reverts commit d718d20225bd631360ca5502b873278416616a03.
* resolved: drop unnecessary comparison (#6220)Zbigniew Jędrzejewski-Szmek2017-06-281-1/+1
| | | | mtu is always greater than UDP_PACKET_HEADER_SIZE at this point. Pointed out by Benjamin Robin.
* Merge pull request #6214 from keszybz/resolved-packet-sizeLennart Poettering2017-06-284-10/+66
|\ | | | | Resolved packet size
| * resolved: define various packet sizes as unsignedZbigniew Jędrzejewski-Szmek2017-06-272-4/+4
| | | | | | | | | | This seems like the right thing to do, and apparently at least some compilers warn about signed/unsigned comparisons with DNS_PACKET_SIZE_MAX.
| * resolved: do not allocate packets with minimum sizeZbigniew Jędrzejewski-Szmek2017-06-271-1/+11
| | | | | | | | | | | | | | | | | | dns_packet_new() is sometimes called with mtu == 0, and in that case we should allocate more than the absolute minimum (which is the dns packet header size), otherwise we have to resize immediately again after appending the first data to the packet. This partially reverts the previous commit.
| * resolved: simplify alloc size calculationZbigniew Jędrzejewski-Szmek2017-06-272-9/+1
| | | | | | | | | | | | | | | | | | The allocation size was calculated in a complicated way, and for values close to the page size we would actually allocate less than requested. Reported by Chris Coulson <chris.coulson@canonical.com>. CVE-2017-9445
| * test-resolved-packet: add a simple test for our allocation functionsZbigniew Jędrzejewski-Szmek2017-06-272-0/+54
| |
* | resolved: Recover from slow DNS responsesKai Krakow2017-06-271-1/+4
|/ | | | | | | | | | | | When DNS is unreliable temporarily, the current implementation will never improve resend behavior again and switch DNS servers only late (current maximum timeout is 5 seconds). We can improve this by biasing the resend_timeout back to the current RTT when a successful response was received. Next time, a timeout is hit on this server, it will switch to the next server faster. Fixes: #5953
* resolved: ignore DNSSEC= option when resolved is built without gcrypt (#6084)Yu Watanabe2017-06-172-0/+12
| | | Fixes #5583.
* resolved: bugfix of null pointer p->question dereferencing (#6020)Evgeny Vereshchagin2017-05-241-0/+3
| | | See https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1621396
* resolved: support libidn2 in addition to libidnZbigniew Jędrzejewski-Szmek2017-05-113-10/+32
| | | | | | | | | | | | | | | | | | | | | | | libidn2 2.0.0 supports IDNA2008, in contrast to libidn which supports IDNA2003. https://bugzilla.redhat.com/show_bug.cgi?id=1449145 From that bug report: Internationalized domain names exist for quite some time (IDNA2003), although the protocols describing them have evolved in an incompatible way (IDNA2008). These incompatibilities will prevent applications written for IDNA2003 to access certain problematic domain names defined with IDNA2008, e.g., faß.de is translated to domain xn--fa-hia.de with IDNA2008, while in IDNA2003 it is translated to fass.de domain. That not only causes incompatibility problems, but may be used as an attack vector to redirect users to different web sites. v2: - keep libidn support - require libidn2 >= 2.0.0 v3: - keep dns_name_apply_idna caller dumb, and keep the #ifdefs inside of the function. - use both ±IDN and ±IDN2 in the version string