diff options
| author | Lennart Poettering <lennart@poettering.net> | 2015-11-27 00:41:32 +0100 | 
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2015-11-27 00:46:51 +0100 | 
| commit | d830ebbdf67d8cb32d33d8fdd47cf467fd6d3815 (patch) | |
| tree | 97152e692c31f5c578354736a3e0c8d514d25a81 | |
| parent | 452b4e327d23b9e468d3198f4c91e8efd0b52a71 (diff) | |
resolved: never cache RRs originating from localhost
After all, this is likely a local DNS forwarder that caches anyway,
hence there's no point in caching twice.
Fixes #2038.
| -rw-r--r-- | src/basic/in-addr-util.c | 15 | ||||
| -rw-r--r-- | src/basic/in-addr-util.h | 1 | ||||
| -rw-r--r-- | src/resolve/resolved-dns-packet.h | 8 | ||||
| -rw-r--r-- | src/resolve/resolved-dns-transaction.c | 3 | 
4 files changed, 25 insertions, 2 deletions
| diff --git a/src/basic/in-addr-util.c b/src/basic/in-addr-util.c index f4e24121e7..1f61b68efd 100644 --- a/src/basic/in-addr-util.c +++ b/src/basic/in-addr-util.c @@ -44,7 +44,7 @@ int in_addr_is_link_local(int family, const union in_addr_union *u) {          assert(u);          if (family == AF_INET) -                return (be32toh(u->in.s_addr) & 0xFFFF0000) == (169U << 24 | 254U << 16); +                return (be32toh(u->in.s_addr) & UINT32_C(0xFFFF0000)) == (UINT32_C(169) << 24 | UINT32_C(254) << 16);          if (family == AF_INET6)                  return IN6_IS_ADDR_LINKLOCAL(&u->in6); @@ -52,6 +52,19 @@ int in_addr_is_link_local(int family, const union in_addr_union *u) {          return -EAFNOSUPPORT;  } +int in_addr_is_localhost(int family, const union in_addr_union *u) { +        assert(u); + +        if (family == AF_INET) +                /* All of 127.x.x.x is localhost. */ +                return (be32toh(u->in.s_addr) & UINT32_C(0xFF000000)) == UINT32_C(127) << 24; + +        if (family == AF_INET) +                return IN6_IS_ADDR_LOOPBACK(&u->in6); + +        return -EAFNOSUPPORT; +} +  int in_addr_equal(int family, const union in_addr_union *a, const union in_addr_union *b) {          assert(a);          assert(b); diff --git a/src/basic/in-addr-util.h b/src/basic/in-addr-util.h index 51af08868c..58f55b3418 100644 --- a/src/basic/in-addr-util.h +++ b/src/basic/in-addr-util.h @@ -33,6 +33,7 @@ union in_addr_union {  int in_addr_is_null(int family, const union in_addr_union *u);  int in_addr_is_link_local(int family, const union in_addr_union *u); +int in_addr_is_localhost(int family, const union in_addr_union *u);  int in_addr_equal(int family, const union in_addr_union *a, const union in_addr_union *b);  int in_addr_prefix_intersect(int family, const union in_addr_union *a, unsigned aprefixlen, const union in_addr_union *b, unsigned bprefixlen);  int in_addr_prefix_next(int family, union in_addr_union *u, unsigned prefixlen); diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h index 48df5dfc53..90b5a7c8bd 100644 --- a/src/resolve/resolved-dns-packet.h +++ b/src/resolve/resolved-dns-packet.h @@ -177,6 +177,14 @@ void dns_packet_rewind(DnsPacket *p, size_t idx);  int dns_packet_skip_question(DnsPacket *p);  int dns_packet_extract(DnsPacket *p); +static inline bool DNS_PACKET_SHALL_CACHE(DnsPacket *p) { +        /* Never cache data originating from localhost, under the +         * assumption, that it's coming from a locally DNS forwarder +         * or server, that is caching on its own. */ + +        return in_addr_is_localhost(p->family, &p->sender) == 0; +} +  enum {          DNS_RCODE_SUCCESS = 0,          DNS_RCODE_FORMERR = 1, diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index c65c9c9f49..8c4f23a4da 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -478,7 +478,8 @@ void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p) {          }          /* According to RFC 4795, section 2.9. only the RRs from the answer section shall be cached */ -        dns_cache_put(&t->scope->cache, t->key, DNS_PACKET_RCODE(p), p->answer, DNS_PACKET_ANCOUNT(p), 0, p->family, &p->sender); +        if (DNS_PACKET_SHALL_CACHE(p)) +                dns_cache_put(&t->scope->cache, t->key, DNS_PACKET_RCODE(p), p->answer, DNS_PACKET_ANCOUNT(p), 0, p->family, &p->sender);          if (DNS_PACKET_RCODE(p) == DNS_RCODE_SUCCESS)                  dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS); | 
