[systemd-commits] 6 commits - TODO src/network src/resolve src/shared
Lennart Poettering
lennart at kemper.freedesktop.org
Tue Jul 29 16:50:35 PDT 2014
TODO | 3 +++
src/network/networkd-address.c | 4 ++--
src/network/networkd-link.c | 2 +-
src/resolve/resolved-dns-answer.c | 35 +++++++++++++++++++++++++++++++++++
src/resolve/resolved-dns-answer.h | 1 +
src/resolve/resolved-dns-cache.c | 4 ++--
src/resolve/resolved-dns-cache.h | 2 +-
src/resolve/resolved-dns-query.c | 36 +++++++++++++++++++++++++++++++-----
src/resolve/resolved-dns-scope.c | 2 ++
src/resolve/resolved-link.c | 15 ++++++++-------
src/shared/in-addr-util.c | 13 ++++++++++++-
src/shared/in-addr-util.h | 3 ++-
12 files changed, 100 insertions(+), 20 deletions(-)
New commits:
commit 6992efee44d3affd17dd9174e8673ae63ba01ec7
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Jul 30 01:48:34 2014 +0200
update TODO
diff --git a/TODO b/TODO
index 696582d..8c83c70 100644
--- a/TODO
+++ b/TODO
@@ -39,6 +39,9 @@ Features:
- verify new RRs
- detect conflicts
- queries with ANY types or classes
+ - collect multiple responses
+ - jitter interval support
+ - add SOA record to empty responses
- mDNS/DNS-SD
- DNS-SD service registration from socket units
- port sd-resolve to direct bus calls
commit 8bea3d6f887e336295a9cc24169f329c05f7383f
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Jul 30 01:48:22 2014 +0200
resolved: don't do llmnr on interfaces lacking multicasting
diff --git a/src/resolve/resolved-link.c b/src/resolve/resolved-link.c
index 341cb5a..cd6e4ba 100644
--- a/src/resolve/resolved-link.c
+++ b/src/resolve/resolved-link.c
@@ -96,7 +96,7 @@ static void link_allocate_scopes(Link *l) {
} else
l->unicast_scope = dns_scope_free(l->unicast_scope);
- if (link_relevant(l, AF_INET) && l->manager->use_llmnr) {
+ if (link_relevant(l, AF_INET) && (l->flags & IFF_MULTICAST) && l->manager->use_llmnr) {
if (!l->llmnr_ipv4_scope) {
r = dns_scope_new(l->manager, &l->llmnr_ipv4_scope, l, DNS_PROTOCOL_LLMNR, AF_INET);
if (r < 0)
@@ -105,7 +105,7 @@ static void link_allocate_scopes(Link *l) {
} else
l->llmnr_ipv4_scope = dns_scope_free(l->llmnr_ipv4_scope);
- if (link_relevant(l, AF_INET6) && l->manager->use_llmnr) {
+ if (link_relevant(l, AF_INET6) && (l->flags & IFF_MULTICAST) && l->manager->use_llmnr) {
if (!l->llmnr_ipv6_scope) {
r = dns_scope_new(l->manager, &l->llmnr_ipv6_scope, l, DNS_PROTOCOL_LLMNR, AF_INET6);
if (r < 0)
commit 0c903ae7db52af8ecad0619ec0da021f951c9c1c
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Jul 30 01:47:48 2014 +0200
resolved: follow more closely the recommend timeouts and TTLs from the LLMNR spec
diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c
index 8570251..14ae683 100644
--- a/src/resolve/resolved-dns-query.c
+++ b/src/resolve/resolved-dns-query.c
@@ -24,12 +24,27 @@
#include "resolved-dns-query.h"
#include "resolved-dns-domain.h"
-#define TRANSACTION_TIMEOUT_USEC (5 * USEC_PER_SEC)
+/* After how much time to repeat classic DNS requests */
+#define DNS_TRANSACTION_TIMEOUT_USEC (5 * USEC_PER_SEC)
+
+/* After how much time to repeat LLMNR requests, see RFC 4795 Section 7 */
+#define LLMNR_TRANSACTION_TIMEOUT_USEC (1 * USEC_PER_SEC)
+
+/* How long to wait for the query in total */
#define QUERY_TIMEOUT_USEC (30 * USEC_PER_SEC)
-#define ATTEMPTS_MAX 8
+
+/* Maximum attempts to send DNS requests, across all DNS servers */
+#define DNS_TRANSACTION_ATTEMPTS_MAX 8
+
+/* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */
+#define LLMNR_TRANSACTION_ATTEMPTS_MAX 3
+
#define CNAME_MAX 8
#define QUERIES_MAX 2048
+#define TRANSACTION_TIMEOUT_USEC(p) ((t)->scope->protocol == DNS_PROTOCOL_LLMNR ? LLMNR_TRANSACTION_TIMEOUT_USEC : DNS_TRANSACTION_TIMEOUT_USEC)
+#define TRANSACTION_ATTEMPTS_MAX(p) ((t)->scope->protocol == DNS_PROTOCOL_LLMNR ? LLMNR_TRANSACTION_ATTEMPTS_MAX : DNS_TRANSACTION_ATTEMPTS_MAX)
+
static int dns_query_transaction_go(DnsQueryTransaction *t);
DnsQueryTransaction* dns_query_transaction_free(DnsQueryTransaction *t) {
@@ -411,10 +426,13 @@ static int dns_query_make_packet(DnsQueryTransaction *t) {
}
static int dns_query_transaction_go(DnsQueryTransaction *t) {
+ bool had_stream;
int r;
assert(t);
+ had_stream = !!t->stream;
+
dns_query_transaction_stop(t);
log_debug("Beginning transaction on scope %s on %s/%s",
@@ -422,7 +440,14 @@ static int dns_query_transaction_go(DnsQueryTransaction *t) {
t->scope->link ? t->scope->link->name : "*",
t->scope->family == AF_UNSPEC ? "*" : af_to_name(t->scope->family));
- if (t->n_attempts >= ATTEMPTS_MAX) {
+ if (t->n_attempts >= TRANSACTION_ATTEMPTS_MAX(t)) {
+ dns_query_transaction_complete(t, DNS_QUERY_ATTEMPTS_MAX);
+ return 0;
+ }
+
+ if (t->scope->protocol == DNS_PROTOCOL_LLMNR && had_stream) {
+ /* If we already tried via a stream, then we don't
+ * retry on LLMNR. See RFC 4795, Section 2.7. */
dns_query_transaction_complete(t, DNS_QUERY_ATTEMPTS_MAX);
return 0;
}
@@ -482,7 +507,7 @@ static int dns_query_transaction_go(DnsQueryTransaction *t) {
return dns_query_transaction_go(t);
}
- r = sd_event_add_time(t->scope->manager->event, &t->timeout_event_source, CLOCK_MONOTONIC, now(CLOCK_MONOTONIC) + TRANSACTION_TIMEOUT_USEC, 0, on_transaction_timeout, t);
+ r = sd_event_add_time(t->scope->manager->event, &t->timeout_event_source, CLOCK_MONOTONIC, now(CLOCK_MONOTONIC) + TRANSACTION_TIMEOUT_USEC(t), 0, on_transaction_timeout, t);
if (r < 0)
return r;
diff --git a/src/resolve/resolved-link.c b/src/resolve/resolved-link.c
index 6ac7c5b..341cb5a 100644
--- a/src/resolve/resolved-link.c
+++ b/src/resolve/resolved-link.c
@@ -25,7 +25,8 @@
#include "strv.h"
#include "resolved-link.h"
-#define DEFAULT_TTL (10)
+/* RFC 4795 Section 2.8. suggests a TTL of 30s by default */
+#define LLMNR_DEFAULT_TTL (30)
static void link_address_add_rrs(LinkAddress *a);
@@ -354,7 +355,7 @@ static void link_address_add_rrs(LinkAddress *a) {
}
a->llmnr_address_rr->a.in_addr = a->in_addr.in;
- a->llmnr_address_rr->ttl = DEFAULT_TTL;
+ a->llmnr_address_rr->ttl = LLMNR_DEFAULT_TTL;
}
if (!a->llmnr_ptr_rr) {
@@ -362,7 +363,7 @@ static void link_address_add_rrs(LinkAddress *a) {
if (r < 0)
goto fail;
- a->llmnr_ptr_rr->ttl = DEFAULT_TTL;
+ a->llmnr_ptr_rr->ttl = LLMNR_DEFAULT_TTL;
}
if (link_address_relevant(a)) {
@@ -397,7 +398,7 @@ static void link_address_add_rrs(LinkAddress *a) {
}
a->llmnr_address_rr->aaaa.in6_addr = a->in_addr.in6;
- a->llmnr_address_rr->ttl = DEFAULT_TTL;
+ a->llmnr_address_rr->ttl = LLMNR_DEFAULT_TTL;
}
if (!a->llmnr_ptr_rr) {
@@ -405,7 +406,7 @@ static void link_address_add_rrs(LinkAddress *a) {
if (r < 0)
goto fail;
- a->llmnr_ptr_rr->ttl = DEFAULT_TTL;
+ a->llmnr_ptr_rr->ttl = LLMNR_DEFAULT_TTL;
}
if (link_address_relevant(a)) {
commit d2f47562d5d834339ef3030e345a76a8c6f09c74
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Jul 30 01:46:27 2014 +0200
resolved: only cache answer RRs, never additional or authoritative RRs of responses
diff --git a/src/resolve/resolved-dns-cache.c b/src/resolve/resolved-dns-cache.c
index 8c859d1..c971167 100644
--- a/src/resolve/resolved-dns-cache.c
+++ b/src/resolve/resolved-dns-cache.c
@@ -337,7 +337,7 @@ static int dns_cache_put_negative(DnsCache *c, DnsResourceKey *key, int rcode, u
return 0;
}
-int dns_cache_put(DnsCache *c, DnsQuestion *q, int rcode, DnsAnswer *answer, usec_t timestamp) {
+int dns_cache_put(DnsCache *c, DnsQuestion *q, int rcode, DnsAnswer *answer, unsigned max_rrs, usec_t timestamp) {
unsigned i;
int r;
@@ -365,7 +365,7 @@ int dns_cache_put(DnsCache *c, DnsQuestion *q, int rcode, DnsAnswer *answer, use
timestamp = now(CLOCK_MONOTONIC);
/* Second, add in positive entries for all contained RRs */
- for (i = 0; i < answer->n_rrs; i++) {
+ for (i = 0; i < MIN(max_rrs, answer->n_rrs); i++) {
r = dns_cache_put_positive(c, answer->rrs[i], timestamp);
if (r < 0)
goto fail;
diff --git a/src/resolve/resolved-dns-cache.h b/src/resolve/resolved-dns-cache.h
index 590cf69..d88d1d0 100644
--- a/src/resolve/resolved-dns-cache.h
+++ b/src/resolve/resolved-dns-cache.h
@@ -40,5 +40,5 @@ typedef struct DnsCache {
void dns_cache_flush(DnsCache *c);
void dns_cache_prune(DnsCache *c);
-int dns_cache_put(DnsCache *c, DnsQuestion *q, int rcode, DnsAnswer *answer, usec_t timestamp);
+int dns_cache_put(DnsCache *c, DnsQuestion *q, int rcode, DnsAnswer *answer, unsigned max_rrs, usec_t timestamp);
int dns_cache_lookup(DnsCache *c, DnsQuestion *q, int *rcode, DnsAnswer **answer);
diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c
index 271b8fd..8570251 100644
--- a/src/resolve/resolved-dns-query.c
+++ b/src/resolve/resolved-dns-query.c
@@ -344,7 +344,8 @@ void dns_query_transaction_process_reply(DnsQueryTransaction *t, DnsPacket *p) {
return;
}
- dns_cache_put(&t->scope->cache, p->question, DNS_PACKET_RCODE(p), p->answer, 0);
+ /* According to RFC 4795, section 2.9. only the RRs from the answer section shall be cached */
+ dns_cache_put(&t->scope->cache, p->question, DNS_PACKET_RCODE(p), p->answer, DNS_PACKET_ANCOUNT(p), 0);
if (DNS_PACKET_RCODE(p) == DNS_RCODE_SUCCESS)
dns_query_transaction_complete(t, DNS_QUERY_SUCCESS);
commit 0f05c387597a93fa74cdf7d351fd255aca56026d
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Jul 30 01:45:52 2014 +0200
resolved: never attempt negative caching of SOA records
diff --git a/src/resolve/resolved-dns-answer.c b/src/resolve/resolved-dns-answer.c
index 93e51fc..6096959 100644
--- a/src/resolve/resolved-dns-answer.c
+++ b/src/resolve/resolved-dns-answer.c
@@ -122,6 +122,10 @@ int dns_answer_find_soa(DnsAnswer *a, DnsResourceKey *key, DnsResourceRecord **r
assert(key);
assert(ret);
+ /* For a SOA record we can never find a matching SOA record */
+ if (key->type == DNS_TYPE_SOA)
+ return 0;
+
for (i = 0; i < a->n_rrs; i++) {
if (a->rrs[i]->key->class != DNS_CLASS_IN)
commit af93291cc4cbd2fe2fb4af7d3c56138fb39f31dc
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Jul 30 00:48:59 2014 +0200
resolved: when answer A or AAAA questions, order responses by whether addresses are link-local or not
diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c
index 539bd98..1b2d7d5 100644
--- a/src/network/networkd-address.c
+++ b/src/network/networkd-address.c
@@ -243,7 +243,7 @@ static int address_acquire(Link *link, Address *original, Address **ret) {
assert(ret);
/* Something useful was configured? just use it */
- if (in_addr_null(original->family, &original->in_addr) <= 0)
+ if (in_addr_is_null(original->family, &original->in_addr) <= 0)
return 0;
/* The address is configured to be 0.0.0.0 or [::] by the user?
@@ -345,7 +345,7 @@ int address_configure(Address *address, Link *link,
return r;
}
- if (!in_addr_null(address->family, &address->in_addr_peer)) {
+ if (!in_addr_is_null(address->family, &address->in_addr_peer)) {
if (address->family == AF_INET)
r = sd_rtnl_message_append_in_addr(req, IFA_ADDRESS, &address->in_addr_peer.in);
else if (address->family == AF_INET6)
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
index 7db71c0..87bdd85 100644
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@@ -283,7 +283,7 @@ static Address* link_find_dhcp_server_address(Link *link) {
if (address->family != AF_INET)
continue;
- if (in_addr_null(address->family, &address->in_addr))
+ if (in_addr_is_null(address->family, &address->in_addr))
continue;
return address;
diff --git a/src/resolve/resolved-dns-answer.c b/src/resolve/resolved-dns-answer.c
index d907664..93e51fc 100644
--- a/src/resolve/resolved-dns-answer.c
+++ b/src/resolve/resolved-dns-answer.c
@@ -175,3 +175,34 @@ DnsAnswer *dns_answer_merge(DnsAnswer *a, DnsAnswer *b) {
return k;
}
+
+void dns_answer_order_by_scope(DnsAnswer *a, bool prefer_link_local) {
+ DnsResourceRecord **rrs;
+ unsigned i, start, end;
+ assert(a);
+
+ if (a->n_rrs <= 1)
+ return;
+
+ start = 0;
+ end = a->n_rrs-1;
+
+ /* RFC 4795, Section 2.6 suggests we should order entries
+ * depending on whether the sender is a link-local address. */
+
+ rrs = newa(DnsResourceRecord*, a->n_rrs);
+ for (i = 0; i < a->n_rrs; i++) {
+
+ if (a->rrs[i]->key->class == DNS_CLASS_IN &&
+ ((a->rrs[i]->key->type == DNS_TYPE_A && in_addr_is_link_local(AF_INET, (union in_addr_union*) &a->rrs[i]->a.in_addr) != prefer_link_local) ||
+ (a->rrs[i]->key->type == DNS_TYPE_AAAA && in_addr_is_link_local(AF_INET6, (union in_addr_union*) &a->rrs[i]->aaaa.in6_addr) != prefer_link_local)))
+ /* Order address records that are are not preferred to the end of the array */
+ rrs[end--] = a->rrs[i];
+ else
+ /* Order all other records to the beginning of the array */
+ rrs[start++] = a->rrs[i];
+ }
+
+ assert(start == end+1);
+ memcpy(a->rrs, rrs, sizeof(DnsResourceRecord*) * a->n_rrs);
+}
diff --git a/src/resolve/resolved-dns-answer.h b/src/resolve/resolved-dns-answer.h
index 135a421..268bb38 100644
--- a/src/resolve/resolved-dns-answer.h
+++ b/src/resolve/resolved-dns-answer.h
@@ -42,5 +42,6 @@ int dns_answer_contains(DnsAnswer *a, DnsResourceKey *key);
int dns_answer_find_soa(DnsAnswer *a, DnsResourceKey *key, DnsResourceRecord **ret);
DnsAnswer *dns_answer_merge(DnsAnswer *a, DnsAnswer *b);
+void dns_answer_order_by_scope(DnsAnswer *a, bool prefer_link_local);
DEFINE_TRIVIAL_CLEANUP_FUNC(DnsAnswer*, dns_answer_unref);
diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c
index b975ac4..b17de0c 100644
--- a/src/resolve/resolved-dns-scope.c
+++ b/src/resolve/resolved-dns-scope.c
@@ -483,6 +483,8 @@ void dns_scope_process_query(DnsScope *s, DnsStream *stream, DnsPacket *p) {
if (r == 0)
return;
+ dns_answer_order_by_scope(answer, in_addr_is_link_local(p->family, &p->sender) > 0);
+
r = dns_scope_make_reply_packet(s, DNS_PACKET_ID(p), DNS_RCODE_SUCCESS, p->question, answer, &reply);
if (r < 0) {
log_debug("Failed to build reply packet: %s", strerror(-r));
diff --git a/src/shared/in-addr-util.c b/src/shared/in-addr-util.c
index e9a9917..459f846 100644
--- a/src/shared/in-addr-util.c
+++ b/src/shared/in-addr-util.c
@@ -23,7 +23,7 @@
#include "in-addr-util.h"
-int in_addr_null(int family, const union in_addr_union *u) {
+int in_addr_is_null(int family, const union in_addr_union *u) {
assert(u);
if (family == AF_INET)
@@ -39,6 +39,17 @@ int in_addr_null(int family, const union in_addr_union *u) {
return -EAFNOSUPPORT;
}
+int in_addr_is_link_local(int family, const union in_addr_union *u) {
+ assert(u);
+
+ if (family == AF_INET)
+ return (be32toh(u->in.s_addr) & 0xFFFF0000) == (169U << 24 | 254U << 16);
+
+ if (family == AF_INET6)
+ return IN6_IS_ADDR_LINKLOCAL(&u->in6);
+
+ return -EAFNOSUPPORT;
+}
int in_addr_equal(int family, const union in_addr_union *a, const union in_addr_union *b) {
assert(a);
diff --git a/src/shared/in-addr-util.h b/src/shared/in-addr-util.h
index cff2c32..7d1d6ba 100644
--- a/src/shared/in-addr-util.h
+++ b/src/shared/in-addr-util.h
@@ -31,7 +31,8 @@ union in_addr_union {
struct in6_addr in6;
};
-int in_addr_null(int family, const union in_addr_union *u);
+int in_addr_is_null(int family, const union in_addr_union *u);
+int in_addr_is_link_local(int family, const union in_addr_union *u);
int in_addr_equal(int family, const union in_addr_union *a, const union in_addr_union *b);
int in_addr_prefix_intersect(int family, const union in_addr_union *a, unsigned aprefixlen, const union in_addr_union *b, unsigned bprefixlen);
int in_addr_prefix_next(int family, union in_addr_union *u, unsigned prefixlen);
More information about the systemd-commits
mailing list