[systemd-commits] 4 commits - TODO src/resolve
Lennart Poettering
lennart at kemper.freedesktop.org
Tue Aug 5 08:02:54 PDT 2014
TODO | 2 --
src/resolve/resolved-dns-scope.c | 17 +++++++++++++++++
src/resolve/resolved-dns-scope.h | 2 ++
src/resolve/resolved-dns-transaction.c | 33 +++++++++++++++++++++++++++++++--
src/resolve/resolved-dns-transaction.h | 4 +++-
src/resolve/resolved-link.h | 3 ---
6 files changed, 53 insertions(+), 8 deletions(-)
New commits:
commit 08b6604c0522d6f03d38897262f07a1907517d4e
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Aug 5 17:02:39 2014 +0200
update TODO
diff --git a/TODO b/TODO
index 9e322b3..f624397 100644
--- a/TODO
+++ b/TODO
@@ -38,9 +38,7 @@ Features:
- send notifications of conflict
- detect conflicts
- collect multiple responses
- - jitter interval support
- reprobe after suspend
- - enforce packet rate limit
- DNS
- search paths
- mDNS/DNS-SD
commit e56187ca4a4841bffdbf3f547d6aa3888d85b1a2
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Aug 5 17:02:23 2014 +0200
resolved: don't abort if a transaction is aborted because its scope is removed
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index 53d6e18..a2e4f2c 100644
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -147,7 +147,9 @@ void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state) {
assert(t);
assert(!IN_SET(state, DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING));
- assert(IN_SET(t->state, DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING));
+
+ if (!IN_SET(t->state, DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING))
+ return;
/* Note that this call might invalidate the query. Callers
* should hence not attempt to access the query or transaction
@@ -443,7 +445,7 @@ int dns_transaction_go(DnsTransaction *t) {
dns_transaction_stop(t);
- log_debug("Beginning transaction on scope %s on %s/%s",
+ log_debug("Excercising transaction on scope %s on %s/%s",
dns_protocol_to_string(t->scope->protocol),
t->scope->link ? t->scope->link->name : "*",
t->scope->family == AF_UNSPEC ? "*" : af_to_name(t->scope->family));
commit 6e0684729420912df019cc64d3f8a3c8290cc5f1
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Aug 5 17:01:33 2014 +0200
resolved: add 100ms initial jitter to all LLMNR requests
diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c
index 8d16101..40c326a 100644
--- a/src/resolve/resolved-dns-scope.c
+++ b/src/resolve/resolved-dns-scope.c
@@ -549,6 +549,11 @@ void dns_scope_process_query(DnsScope *s, DnsStream *stream, DnsPacket *p) {
return;
}
+ /* Note that we always immediately reply to all LLMNR
+ * requests, and do not wait any time, since we
+ * verified uniqueness for all records. Also see RFC
+ * 4795, Section 2.7 */
+
r = manager_send(s->manager, fd, p->ifindex, p->family, &p->sender, p->sender_port, reply);
}
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index ad1b277..53d6e18 100644
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -490,6 +490,33 @@ int dns_transaction_go(DnsTransaction *t) {
}
}
+ if (t->scope->protocol == DNS_PROTOCOL_LLMNR && !t->initial_jitter) {
+ usec_t jitter;
+
+ /* RFC 4795 Section 2.7 suggests all queries should be
+ * delayed by a random time from 0 to JITTER_INTERVAL. */
+
+ t->initial_jitter = true;
+
+ random_bytes(&jitter, sizeof(jitter));
+ jitter %= LLMNR_JITTER_INTERVAL_USEC;
+
+ r = sd_event_add_time(
+ t->scope->manager->event,
+ &t->timeout_event_source,
+ clock_boottime_or_monotonic(),
+ now(clock_boottime_or_monotonic()) + jitter, LLMNR_JITTER_INTERVAL_USEC,
+ on_transaction_timeout, t);
+ if (r < 0)
+ return r;
+
+ t->n_attempts = 0;
+ t->state = DNS_TRANSACTION_PENDING;
+
+ log_debug("Delaying LLMNR transaction for " USEC_FMT "us.", jitter);
+ return 0;
+ }
+
log_debug("Cache miss!");
/* Otherwise, we need to ask the network */
diff --git a/src/resolve/resolved-dns-transaction.h b/src/resolve/resolved-dns-transaction.h
index d825b3e..182fb77 100644
--- a/src/resolve/resolved-dns-transaction.h
+++ b/src/resolve/resolved-dns-transaction.h
@@ -54,6 +54,8 @@ struct DnsTransaction {
DnsTransactionState state;
uint16_t id;
+ bool initial_jitter;
+
DnsPacket *sent, *received;
DnsAnswer *cached;
int cached_rcode;
@@ -96,7 +98,7 @@ DnsTransactionState dns_transaction_state_from_string(const char *s) _pure_;
#define LLMNR_TRANSACTION_TIMEOUT_USEC (1 * USEC_PER_SEC)
/* LLMNR Jitter interval, see RFC 4795 Section 7 */
-#define LLMNR_TRANSACTION_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC)
+#define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC)
/* Maximum attempts to send DNS requests, across all DNS servers */
#define DNS_TRANSACTION_ATTEMPTS_MAX 8
commit aea2429d6ec32261dbf6b9caa125fcc6ea9ea76a
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Aug 5 16:34:45 2014 +0200
resolved: enforce ratelimit on LLMNR traffic
diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c
index f1de9bc..8d16101 100644
--- a/src/resolve/resolved-dns-scope.c
+++ b/src/resolve/resolved-dns-scope.c
@@ -28,6 +28,9 @@
#include "resolved-dns-domain.h"
#include "resolved-dns-scope.h"
+#define MULTICAST_RATELIMIT_INTERVAL_USEC (1*USEC_PER_SEC)
+#define MULTICAST_RATELIMIT_BURST 1000
+
int dns_scope_new(Manager *m, DnsScope **ret, Link *l, DnsProtocol protocol, int family) {
DnsScope *s;
@@ -49,6 +52,9 @@ int dns_scope_new(Manager *m, DnsScope **ret, Link *l, DnsProtocol protocol, int
log_debug("New scope on link %s, protocol %s, family %s", l ? l->name : "*", dns_protocol_to_string(protocol), family == AF_UNSPEC ? "*" : af_to_name(family));
+ /* Enforce ratelimiting for the multicast protocols */
+ RATELIMIT_INIT(s->ratelimit, MULTICAST_RATELIMIT_INTERVAL_USEC, MULTICAST_RATELIMIT_BURST);
+
*ret = s;
return 0;
}
@@ -161,6 +167,9 @@ int dns_scope_send(DnsScope *s, DnsPacket *p) {
if (DNS_PACKET_QDCOUNT(p) > 1)
return -ENOTSUP;
+ if (!ratelimit_test(&s->ratelimit))
+ return -EBUSY;
+
family = s->family;
port = 5355;
@@ -524,6 +533,9 @@ void dns_scope_process_query(DnsScope *s, DnsStream *stream, DnsPacket *p) {
if (stream)
r = dns_stream_write_packet(stream, reply);
else {
+ if (!ratelimit_test(&s->ratelimit))
+ return;
+
if (p->family == AF_INET)
fd = manager_llmnr_ipv4_udp_fd(s->manager);
else if (p->family == AF_INET6)
diff --git a/src/resolve/resolved-dns-scope.h b/src/resolve/resolved-dns-scope.h
index 7c18bff..ae9469a 100644
--- a/src/resolve/resolved-dns-scope.h
+++ b/src/resolve/resolved-dns-scope.h
@@ -55,6 +55,8 @@ struct DnsScope {
DnsCache cache;
DnsZone zone;
+ RateLimit ratelimit;
+
LIST_HEAD(DnsTransaction, transactions);
LIST_FIELDS(DnsScope, scopes);
diff --git a/src/resolve/resolved-link.h b/src/resolve/resolved-link.h
index af9a8ab..4f0702e 100644
--- a/src/resolve/resolved-link.h
+++ b/src/resolve/resolved-link.h
@@ -67,9 +67,6 @@ struct Link {
char name[IF_NAMESIZE];
uint32_t mtu;
-
- RateLimit mdns_ratelimit;
- RateLimit llmnr_ratelimit;
};
int link_new(Manager *m, Link **ret, int ifindex);
More information about the systemd-commits
mailing list