summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--man/nss-resolve.xml20
-rw-r--r--src/basic/in-addr-util.c43
-rw-r--r--src/basic/in-addr-util.h7
-rw-r--r--src/libsystemd-network/ndisc-router.c2
-rw-r--r--src/libsystemd-network/sd-dhcp-client.c32
-rw-r--r--src/libsystemd-network/sd-dhcp-lease.c19
-rw-r--r--src/network/networkd-dhcp4.c44
-rw-r--r--src/network/networkd-link.c50
-rw-r--r--src/network/networkd-manager.c56
-rw-r--r--src/network/networkd-network-gperf.gperf2
-rw-r--r--src/network/networkd-network.c87
-rw-r--r--src/network/networkd-network.h22
-rw-r--r--src/shared/dns-domain.c12
-rw-r--r--src/shared/dns-domain.h2
-rw-r--r--src/test/test-dns-domain.c13
15 files changed, 286 insertions, 125 deletions
diff --git a/man/nss-resolve.xml b/man/nss-resolve.xml
index 9f24f65019..4e102cec26 100644
--- a/man/nss-resolve.xml
+++ b/man/nss-resolve.xml
@@ -63,16 +63,13 @@
hostnames via DNS.</para>
<para>To activate the NSS module, add <literal>resolve</literal> to the line starting with
- <literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>
-
- <para>It is recommended to place <literal>resolve</literal> early in <filename>/etc/nsswitch.conf</filename>'
- <literal>hosts:</literal> line (but after the <literal>files</literal> or <literal>mymachines</literal> entries),
- replacing the <literal>dns</literal> entry if it exists, to ensure DNS queries are always routed via
- <citerefentry><refentrytitle>systemd-resolved</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
-
- <para>Note that <command>nss-resolve</command> will chain-load <command>nss-dns</command> if
- <filename>systemd-resolved.service</filename> is not running, ensuring that basic DNS resolution continues to work
- if the service is down.</para>
+ <literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>. Specifcally, it is recommended to place
+ <literal>resolve</literal> early in <filename>/etc/nsswitch.conf</filename>' <literal>hosts:</literal> line (but
+ after the <literal>files</literal> or <literal>mymachines</literal> entries), right before the
+ <literal>dns</literal> entry if it exists, followed by <literal>[!UNAVAIL=return]</literal>, to ensure DNS queries
+ are always routed via
+ <citerefentry><refentrytitle>systemd-resolved</refentrytitle><manvolnum>8</manvolnum></citerefentry> if it is
+ running, but are routed to <command>nss-dns</command> if this service is not available.</para>
</refsect1>
<refsect1>
@@ -94,9 +91,6 @@ ethers: db files
rpc: db files
netgroup: nis</programlisting>
-
- <para>This keeps the <command>dns</command> module as a fallback for cases where the <command>nss-resolve</command>
- module is not installed.</para>
</refsect1>
<refsect1>
diff --git a/src/basic/in-addr-util.c b/src/basic/in-addr-util.c
index aa7ccd1afd..3b06cb00ad 100644
--- a/src/basic/in-addr-util.c
+++ b/src/basic/in-addr-util.c
@@ -31,15 +31,9 @@
#include "util.h"
bool in4_addr_is_null(const struct in_addr *a) {
- return a->s_addr == 0;
-}
+ assert(a);
-bool in6_addr_is_null(const struct in6_addr *a) {
- return
- a->s6_addr32[0] == 0 &&
- a->s6_addr32[1] == 0 &&
- a->s6_addr32[2] == 0 &&
- a->s6_addr32[3] == 0;
+ return a->s_addr == 0;
}
int in_addr_is_null(int family, const union in_addr_union *u) {
@@ -49,16 +43,22 @@ int in_addr_is_null(int family, const union in_addr_union *u) {
return in4_addr_is_null(&u->in);
if (family == AF_INET6)
- return in6_addr_is_null(&u->in6);
+ return IN6_IS_ADDR_UNSPECIFIED(&u->in6);
return -EAFNOSUPPORT;
}
+bool in4_addr_is_link_local(const struct in_addr *a) {
+ assert(a);
+
+ return (be32toh(a->s_addr) & UINT32_C(0xFFFF0000)) == (UINT32_C(169) << 24 | UINT32_C(254) << 16);
+}
+
int in_addr_is_link_local(int family, const union in_addr_union *u) {
assert(u);
if (family == AF_INET)
- return (be32toh(u->in.s_addr) & UINT32_C(0xFFFF0000)) == (UINT32_C(169) << 24 | UINT32_C(254) << 16);
+ return in4_addr_is_link_local(&u->in);
if (family == AF_INET6)
return IN6_IS_ADDR_LINKLOCAL(&u->in6);
@@ -66,12 +66,18 @@ int in_addr_is_link_local(int family, const union in_addr_union *u) {
return -EAFNOSUPPORT;
}
+bool in4_addr_is_localhost(const struct in_addr *a) {
+ assert(a);
+
+ /* All of 127.x.x.x is localhost. */
+ return (be32toh(a->s_addr) & UINT32_C(0xFF000000)) == UINT32_C(127) << 24;
+}
+
int in_addr_is_localhost(int family, const union in_addr_union *u) {
assert(u);
if (family == AF_INET)
- /* All of 127.x.x.x is localhost. */
- return (be32toh(u->in.s_addr) & UINT32_C(0xFF000000)) == UINT32_C(127) << 24;
+ return in4_addr_is_localhost(&u->in);
if (family == AF_INET6)
return IN6_IS_ADDR_LOOPBACK(&u->in6);
@@ -277,15 +283,14 @@ fallback:
}
int in_addr_from_string(int family, const char *s, union in_addr_union *ret) {
-
+ union in_addr_union buffer;
assert(s);
- assert(ret);
if (!IN_SET(family, AF_INET, AF_INET6))
return -EAFNOSUPPORT;
errno = 0;
- if (inet_pton(family, s, ret) <= 0)
+ if (inet_pton(family, s, ret ?: &buffer) <= 0)
return errno > 0 ? -errno : -EINVAL;
return 0;
@@ -295,18 +300,18 @@ int in_addr_from_string_auto(const char *s, int *family, union in_addr_union *re
int r;
assert(s);
- assert(family);
- assert(ret);
r = in_addr_from_string(AF_INET, s, ret);
if (r >= 0) {
- *family = AF_INET;
+ if (family)
+ *family = AF_INET;
return 0;
}
r = in_addr_from_string(AF_INET6, s, ret);
if (r >= 0) {
- *family = AF_INET6;
+ if (family)
+ *family = AF_INET6;
return 0;
}
diff --git a/src/basic/in-addr-util.h b/src/basic/in-addr-util.h
index d60064aef8..64a812c322 100644
--- a/src/basic/in-addr-util.h
+++ b/src/basic/in-addr-util.h
@@ -37,11 +37,14 @@ struct in_addr_data {
};
bool in4_addr_is_null(const struct in_addr *a);
-bool in6_addr_is_null(const struct in6_addr *a);
-
int in_addr_is_null(int family, const union in_addr_union *u);
+
+bool in4_addr_is_link_local(const struct in_addr *a);
int in_addr_is_link_local(int family, const union in_addr_union *u);
+
+bool in4_addr_is_localhost(const struct in_addr *a);
int in_addr_is_localhost(int family, const union in_addr_union *u);
+
int in_addr_equal(int family, const union in_addr_union *a, const union in_addr_union *b);
int in_addr_prefix_intersect(int family, const union in_addr_union *a, unsigned aprefixlen, const union in_addr_union *b, unsigned bprefixlen);
int in_addr_prefix_next(int family, union in_addr_union *u, unsigned prefixlen);
diff --git a/src/libsystemd-network/ndisc-router.c b/src/libsystemd-network/ndisc-router.c
index 41ff2b353a..cf56c89d76 100644
--- a/src/libsystemd-network/ndisc-router.c
+++ b/src/libsystemd-network/ndisc-router.c
@@ -91,7 +91,7 @@ _public_ int sd_ndisc_router_get_address(sd_ndisc_router *rt, struct in6_addr *r
assert_return(rt, -EINVAL);
assert_return(ret_addr, -EINVAL);
- if (in6_addr_is_null(&rt->address))
+ if (IN6_IS_ADDR_UNSPECIFIED(&rt->address))
return -ENODATA;
*ret_addr = rt->address;
diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c
index 6475da2c2a..1423264806 100644
--- a/src/libsystemd-network/sd-dhcp-client.c
+++ b/src/libsystemd-network/sd-dhcp-client.c
@@ -386,45 +386,23 @@ int sd_dhcp_client_set_hostname(
sd_dhcp_client *client,
const char *hostname) {
- char *new_hostname = NULL;
-
assert_return(client, -EINVAL);
- if (!hostname_is_valid(hostname, false) && !dns_name_is_valid(hostname))
+ /* Refuse hostnames that neither qualify as DNS nor as Linux hosntames */
+ if (hostname &&
+ !(hostname_is_valid(hostname, false) || dns_name_is_valid(hostname) > 0))
return -EINVAL;
- if (streq_ptr(client->hostname, hostname))
- return 0;
-
- if (hostname) {
- new_hostname = strdup(hostname);
- if (!new_hostname)
- return -ENOMEM;
- }
-
- free(client->hostname);
- client->hostname = new_hostname;
-
- return 0;
+ return free_and_strdup(&client->hostname, hostname);
}
int sd_dhcp_client_set_vendor_class_identifier(
sd_dhcp_client *client,
const char *vci) {
- char *new_vci = NULL;
-
assert_return(client, -EINVAL);
- new_vci = strdup(vci);
- if (!new_vci)
- return -ENOMEM;
-
- free(client->vendor_class_identifier);
-
- client->vendor_class_identifier = new_vci;
-
- return 0;
+ return free_and_strdup(&client->vendor_class_identifier, vci);
}
int sd_dhcp_client_set_client_port(
diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c
index 8387b185c0..7fed55c5fc 100644
--- a/src/libsystemd-network/sd-dhcp-lease.c
+++ b/src/libsystemd-network/sd-dhcp-lease.c
@@ -383,6 +383,23 @@ static int lease_parse_domain(const uint8_t *option, size_t len, char **ret) {
return 0;
}
+static void filter_bogus_addresses(struct in_addr *addresses, size_t *n) {
+ size_t i, j;
+
+ /* Silently filter DNS/NTP servers supplied to us that do not make outside of the local scope. */
+
+ for (i = 0, j = 0; i < *n; i ++) {
+
+ if (in4_addr_is_null(addresses+i) ||
+ in4_addr_is_localhost(addresses+i))
+ continue;
+
+ addresses[j++] = addresses[i];
+ }
+
+ *n = j;
+}
+
static int lease_parse_in_addrs(const uint8_t *option, size_t len, struct in_addr **ret, size_t *n_ret) {
assert(option);
assert(ret);
@@ -404,6 +421,8 @@ static int lease_parse_in_addrs(const uint8_t *option, size_t len, struct in_add
if (!addresses)
return -ENOMEM;
+ filter_bogus_addresses(addresses, &n_addresses);
+
free(*ret);
*ret = addresses;
*n_ret = n_addresses;
diff --git a/src/network/networkd-dhcp4.c b/src/network/networkd-dhcp4.c
index 614bceefab..ca23c1c2a7 100644
--- a/src/network/networkd-dhcp4.c
+++ b/src/network/networkd-dhcp4.c
@@ -536,6 +536,28 @@ static void dhcp4_handler(sd_dhcp_client *client, int event, void *userdata) {
return;
}
+static int dhcp4_set_hostname(Link *link) {
+ _cleanup_free_ char *hostname = NULL;
+ const char *hn;
+ int r;
+
+ assert(link);
+
+ if (!link->network->dhcp_send_hostname)
+ hn = NULL;
+ else if (link->network->dhcp_hostname)
+ hn = link->network->dhcp_hostname;
+ else {
+ r = gethostname_strict(&hostname);
+ if (r < 0 && r != -ENXIO) /* ENXIO: no hostname set or hostname is "localhost" */
+ return r;
+
+ hn = hostname;
+ }
+
+ return sd_dhcp_client_set_hostname(link->dhcp_client, hn);
+}
+
int dhcp4_configure(Link *link) {
int r;
@@ -605,25 +627,9 @@ int dhcp4_configure(Link *link) {
if (r < 0)
return r;
- if (link->network->dhcp_send_hostname) {
- _cleanup_free_ char *hostname = NULL;
- const char *hn = NULL;
-
- if (!link->network->dhcp_hostname) {
- hostname = gethostname_malloc();
- if (!hostname)
- return -ENOMEM;
-
- hn = hostname;
- } else
- hn = link->network->dhcp_hostname;
-
- if (!is_localhost(hn)) {
- r = sd_dhcp_client_set_hostname(link->dhcp_client, hn);
- if (r < 0)
- return r;
- }
- }
+ r = dhcp4_set_hostname(link);
+ if (r < 0)
+ return r;
if (link->network->dhcp_vendor_class_identifier) {
r = sd_dhcp_client_set_vendor_class_identifier(link->dhcp_client,
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
index 0b634572a9..b38eec1ba7 100644
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@@ -851,21 +851,27 @@ static int address_handler(sd_netlink *rtnl, sd_netlink_message *m, void *userda
return 1;
}
-static int link_push_dns_to_dhcp_server(Link *link, sd_dhcp_server *s) {
+static int link_push_uplink_dns_to_dhcp_server(Link *link, sd_dhcp_server *s) {
_cleanup_free_ struct in_addr *addresses = NULL;
size_t n_addresses = 0, n_allocated = 0;
- char **a;
+ unsigned i;
log_debug("Copying DNS server information from %s", link->ifname);
if (!link->network)
return 0;
- STRV_FOREACH(a, link->network->dns) {
+ for (i = 0; i < link->network->n_dns; i++) {
struct in_addr ia;
/* Only look for IPv4 addresses */
- if (inet_pton(AF_INET, *a, &ia) <= 0)
+ if (link->network->dns[i].family != AF_INET)
+ continue;
+
+ ia = link->network->dns[i].address.in;
+
+ /* Never propagate obviously borked data */
+ if (in4_addr_is_null(&ia) || in4_addr_is_localhost(&ia))
continue;
if (!GREEDY_REALLOC(addresses, n_allocated, n_addresses + 1))
@@ -874,8 +880,7 @@ static int link_push_dns_to_dhcp_server(Link *link, sd_dhcp_server *s) {
addresses[n_addresses++] = ia;
}
- if (link->network->dhcp_use_dns &&
- link->dhcp_lease) {
+ if (link->network->dhcp_use_dns && link->dhcp_lease) {
const struct in_addr *da = NULL;
int n;
@@ -896,7 +901,7 @@ static int link_push_dns_to_dhcp_server(Link *link, sd_dhcp_server *s) {
return sd_dhcp_server_set_dns(s, addresses, n_addresses);
}
-static int link_push_ntp_to_dhcp_server(Link *link, sd_dhcp_server *s) {
+static int link_push_uplink_ntp_to_dhcp_server(Link *link, sd_dhcp_server *s) {
_cleanup_free_ struct in_addr *addresses = NULL;
size_t n_addresses = 0, n_allocated = 0;
char **a;
@@ -913,14 +918,17 @@ static int link_push_ntp_to_dhcp_server(Link *link, sd_dhcp_server *s) {
if (inet_pton(AF_INET, *a, &ia) <= 0)
continue;
+ /* Never propagate obviously borked data */
+ if (in4_addr_is_null(&ia) || in4_addr_is_localhost(&ia))
+ continue;
+
if (!GREEDY_REALLOC(addresses, n_allocated, n_addresses + 1))
return log_oom();
addresses[n_addresses++] = ia;
}
- if (link->network->dhcp_use_ntp &&
- link->dhcp_lease) {
+ if (link->network->dhcp_use_ntp && link->dhcp_lease) {
const struct in_addr *da = NULL;
int n;
@@ -1034,7 +1042,7 @@ static int link_enter_set_addresses(Link *link) {
log_link_debug(link, "Not emitting DNS server information on link, couldn't find suitable uplink.");
r = 0;
} else
- r = link_push_dns_to_dhcp_server(uplink, link->dhcp_server);
+ r = link_push_uplink_dns_to_dhcp_server(uplink, link->dhcp_server);
}
if (r < 0)
log_link_warning_errno(link, r, "Failed to set DNS server for DHCP server, ignoring: %m");
@@ -1053,7 +1061,7 @@ static int link_enter_set_addresses(Link *link) {
log_link_debug(link, "Not emitting NTP server information on link, couldn't find suitable uplink.");
r = 0;
} else
- r = link_push_ntp_to_dhcp_server(uplink, link->dhcp_server);
+ r = link_push_uplink_ntp_to_dhcp_server(uplink, link->dhcp_server);
}
if (r < 0)
@@ -3235,7 +3243,7 @@ int link_save(Link *link) {
if (r < 0)
goto fail;
- fchmod(fileno(f), 0644);
+ (void) fchmod(fileno(f), 0644);
fprintf(f,
"# This is private data. Do not parse.\n"
@@ -3248,6 +3256,7 @@ int link_save(Link *link) {
sd_dhcp6_lease *dhcp6_lease = NULL;
const char *dhcp_domainname = NULL;
char **dhcp6_domains = NULL;
+ unsigned j;
if (link->dhcp6_client) {
r = sd_dhcp6_client_get_lease(link->dhcp6_client, &dhcp6_lease);
@@ -3259,7 +3268,22 @@ int link_save(Link *link) {
fputs("DNS=", f);
space = false;
- fputstrv(f, link->network->dns, NULL, &space);
+
+ for (j = 0; j < link->network->n_dns; j++) {
+ _cleanup_free_ char *b = NULL;
+
+ r = in_addr_to_string(link->network->dns[j].family,
+ &link->network->dns[j].address, &b);
+ if (r < 0) {
+ log_debug_errno(r, "Failed to format address, ignoring: %m");
+ continue;
+ }
+
+ if (space)
+ fputc(' ', f);
+ fputs(b, f);
+ space = true;
+ }
if (link->network->dhcp_use_dns &&
link->dhcp_lease) {
diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c
index a1252c9b51..c3d3f48a3f 100644
--- a/src/network/networkd-manager.c
+++ b/src/network/networkd-manager.c
@@ -774,11 +774,48 @@ static int manager_connect_rtnl(Manager *m) {
return 0;
}
-static int ordered_set_put_in_addr(OrderedSet *s, const struct in_addr *address) {
+static int ordered_set_put_in_addr_data(OrderedSet *s, const struct in_addr_data *address) {
char *p;
int r;
assert(s);
+ assert(address);
+
+ r = in_addr_to_string(address->family, &address->address, &p);
+ if (r < 0)
+ return r;
+
+ r = ordered_set_consume(s, p);
+ if (r == -EEXIST)
+ return 0;
+
+ return r;
+}
+
+static int ordered_set_put_in_addr_datav(OrderedSet *s, const struct in_addr_data *addresses, unsigned n) {
+ int r, c = 0;
+ unsigned i;
+
+ assert(s);
+ assert(addresses || n == 0);
+
+ for (i = 0; i < n; i++) {
+ r = ordered_set_put_in_addr_data(s, addresses+i);
+ if (r < 0)
+ return r;
+
+ c += r;
+ }
+
+ return c;
+}
+
+static int ordered_set_put_in4_addr(OrderedSet *s, const struct in_addr *address) {
+ char *p;
+ int r;
+
+ assert(s);
+ assert(address);
r = in_addr_to_string(AF_INET, (const union in_addr_union*) address, &p);
if (r < 0)
@@ -791,14 +828,15 @@ static int ordered_set_put_in_addr(OrderedSet *s, const struct in_addr *address)
return r;
}
-static int ordered_set_put_in_addrv(OrderedSet *s, const struct in_addr *addresses, int n) {
- int r, i, c = 0;
+static int ordered_set_put_in4_addrv(OrderedSet *s, const struct in_addr *addresses, unsigned n) {
+ int r, c = 0;
+ unsigned i;
assert(s);
- assert(n <= 0 || addresses);
+ assert(n == 0 || addresses);
for (i = 0; i < n; i++) {
- r = ordered_set_put_in_addr(s, addresses+i);
+ r = ordered_set_put_in4_addr(s, addresses+i);
if (r < 0)
return r;
@@ -865,7 +903,7 @@ static int manager_save(Manager *m) {
continue;
/* First add the static configured entries */
- r = ordered_set_put_strdupv(dns, link->network->dns);
+ r = ordered_set_put_in_addr_datav(dns, link->network->dns, link->network->n_dns);
if (r < 0)
return r;
@@ -890,7 +928,7 @@ static int manager_save(Manager *m) {
r = sd_dhcp_lease_get_dns(link->dhcp_lease, &addresses);
if (r > 0) {
- r = ordered_set_put_in_addrv(dns, addresses, r);
+ r = ordered_set_put_in4_addrv(dns, addresses, r);
if (r < 0)
return r;
} else if (r < 0 && r != -ENODATA)
@@ -902,7 +940,7 @@ static int manager_save(Manager *m) {
r = sd_dhcp_lease_get_ntp(link->dhcp_lease, &addresses);
if (r > 0) {
- r = ordered_set_put_in_addrv(ntp, addresses, r);
+ r = ordered_set_put_in4_addrv(ntp, addresses, r);
if (r < 0)
return r;
} else if (r < 0 && r != -ENODATA)
@@ -934,7 +972,7 @@ static int manager_save(Manager *m) {
if (r < 0)
return r;
- fchmod(fileno(f), 0644);
+ (void) fchmod(fileno(f), 0644);
fprintf(f,
"# This is private data. Do not parse.\n"
diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf
index efd3176ac3..463f4595c1 100644
--- a/src/network/networkd-network-gperf.gperf
+++ b/src/network/networkd-network-gperf.gperf
@@ -54,7 +54,7 @@ Network.LLMNR, config_parse_resolve_support,
Network.MulticastDNS, config_parse_resolve_support, 0, offsetof(Network, mdns)
Network.DNSSEC, config_parse_dnssec_mode, 0, offsetof(Network, dnssec_mode)
Network.DNSSECNegativeTrustAnchors, config_parse_dnssec_negative_trust_anchors, 0, 0
-Network.NTP, config_parse_strv, 0, offsetof(Network, ntp)
+Network.NTP, config_parse_ntp, 0, offsetof(Network, ntp)
Network.IPForward, config_parse_address_family_boolean_with_kernel,0, offsetof(Network, ip_forward)
Network.IPMasquerade, config_parse_bool, 0, offsetof(Network, ip_masquerade)
Network.IPv6PrivacyExtensions, config_parse_ipv6_privacy_extensions, 0, offsetof(Network, ipv6_privacy_extensions)
diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
index 31e899eecd..bc4dc95ff9 100644
--- a/src/network/networkd-network.c
+++ b/src/network/networkd-network.c
@@ -244,7 +244,7 @@ void network_free(Network *network) {
free(network->mac);
strv_free(network->ntp);
- strv_free(network->dns);
+ free(network->dns);
strv_free(network->search_domains);
strv_free(network->route_domains);
strv_free(network->bind_carrier);
@@ -396,7 +396,7 @@ int network_apply(Network *network, Link *link) {
route->protocol = RTPROT_STATIC;
}
- if (!strv_isempty(network->dns) ||
+ if (network->n_dns > 0 ||
!strv_isempty(network->ntp) ||
!strv_isempty(network->search_domains) ||
!strv_isempty(network->route_domains))
@@ -909,13 +909,14 @@ int config_parse_dhcp_server_dns(
struct in_addr a, *m;
r = extract_first_word(&p, &w, NULL, 0);
+ if (r == -ENOMEM)
+ return log_oom();
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to extract word, ignoring: %s", rvalue);
return 0;
}
-
if (r == 0)
- return 0;
+ break;
if (inet_pton(AF_INET, w, &a) <= 0) {
log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse DNS server address, ignoring: %s", w);
@@ -929,6 +930,8 @@ int config_parse_dhcp_server_dns(
m[n->n_dhcp_server_dns++] = a;
n->dhcp_server_dns = m;
}
+
+ return 0;
}
int config_parse_dhcp_server_ntp(
@@ -956,11 +959,12 @@ int config_parse_dhcp_server_ntp(
struct in_addr a, *m;
r = extract_first_word(&p, &w, NULL, 0);
+ if (r == -ENOMEM)
+ return log_oom();
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to extract word, ignoring: %s", rvalue);
return 0;
}
-
if (r == 0)
return 0;
@@ -1000,29 +1004,35 @@ int config_parse_dns(
for (;;) {
_cleanup_free_ char *w = NULL;
union in_addr_union a;
+ struct in_addr_data *m;
int family;
- r = extract_first_word(&rvalue, &w, NULL, EXTRACT_QUOTES|EXTRACT_RETAIN_ESCAPE);
- if (r == 0)
- break;
+ r = extract_first_word(&rvalue, &w, NULL, 0);
if (r == -ENOMEM)
return log_oom();
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
break;
}
+ if (r == 0)
+ break;
r = in_addr_from_string_auto(w, &family, &a);
if (r < 0) {
- log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse dns server address, ignoring: %s", w);
+ log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse dns server address, ignoring: %s", w);
continue;
}
- r = strv_consume(&n->dns, w);
- if (r < 0)
+ m = realloc(n->dns, (n->n_dns + 1) * sizeof(struct in_addr_data));
+ if (!m)
return log_oom();
- w = NULL;
+ m[n->n_dns++] = (struct in_addr_data) {
+ .family = family,
+ .address = a,
+ };
+
+ n->dns = m;
}
return 0;
@@ -1084,6 +1094,59 @@ int config_parse_dnssec_negative_trust_anchors(
return 0;
}
+int config_parse_ntp(
+ const char *unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ char ***l = data;
+ int r;
+
+ assert(l);
+ assert(lvalue);
+ assert(rvalue);
+
+ if (isempty(rvalue)) {
+ *l = strv_free(*l);
+ return 0;
+ }
+
+ for (;;) {
+ _cleanup_free_ char *w = NULL;
+
+ r = extract_first_word(&rvalue, &w, NULL, 0);
+ if (r == -ENOMEM)
+ return log_oom();
+ if (r < 0) {
+ log_syntax(unit, LOG_ERR, filename, line, r, "Failed to extract NTP server name, ignoring: %s", rvalue);
+ break;
+ }
+ if (r == 0)
+ break;
+
+ r = dns_name_is_valid_or_address(w);
+ if (r <= 0) {
+ log_syntax(unit, LOG_ERR, filename, line, r, "%s is not a valid domain name or IP address, ignoring.", w);
+ continue;
+ }
+
+ r = strv_push(l, w);
+ if (r < 0)
+ return log_oom();
+
+ w = NULL;
+ }
+
+ return 0;
+}
+
int config_parse_dhcp_route_table(const char *unit,
const char *filename,
unsigned line,
diff --git a/src/network/networkd-network.h b/src/network/networkd-network.h
index e956a59fe3..17cff956da 100644
--- a/src/network/networkd-network.h
+++ b/src/network/networkd-network.h
@@ -112,19 +112,19 @@ struct Network {
DCHPClientIdentifier dhcp_client_identifier;
char *dhcp_vendor_class_identifier;
char *dhcp_hostname;
- bool dhcp_use_dns;
- bool dhcp_use_ntp;
- bool dhcp_use_mtu;
- bool dhcp_use_hostname;
- DHCPUseDomains dhcp_use_domains;
+ unsigned dhcp_route_metric;
+ uint32_t dhcp_route_table;
+ uint32_t dhcp_client_port;
bool dhcp_send_hostname;
bool dhcp_broadcast;
bool dhcp_critical;
+ bool dhcp_use_dns;
+ bool dhcp_use_ntp;
+ bool dhcp_use_mtu;
bool dhcp_use_routes;
bool dhcp_use_timezone;
- unsigned dhcp_route_metric;
- uint32_t dhcp_route_table;
- uint32_t dhcp_client_port;
+ bool dhcp_use_hostname;
+ DHCPUseDomains dhcp_use_domains;
/* DHCP Server Support */
bool dhcp_server;
@@ -194,7 +194,10 @@ struct Network {
Hashmap *routes_by_section;
Hashmap *fdb_entries_by_section;
- char **search_domains, **route_domains, **dns, **ntp, **bind_carrier;
+ struct in_addr_data *dns;
+ unsigned n_dns;
+
+ char **search_domains, **route_domains, **ntp, **bind_carrier;
ResolveSupport llmnr;
ResolveSupport mdns;
@@ -233,6 +236,7 @@ int config_parse_dnssec_negative_trust_anchors(const char *unit, const char *fil
int config_parse_dhcp_use_domains(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_lldp_mode(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_dhcp_route_table(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+int config_parse_ntp(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
/* Legacy IPv4LL support */
int config_parse_ipv4ll(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
diff --git a/src/shared/dns-domain.c b/src/shared/dns-domain.c
index f9a6fd5f03..33debadb15 100644
--- a/src/shared/dns-domain.c
+++ b/src/shared/dns-domain.c
@@ -1324,3 +1324,15 @@ int dns_name_apply_idna(const char *name, char **ret) {
return (int) n;
}
+
+int dns_name_is_valid_or_address(const char *name) {
+ /* Returns > 0 if the specified name is either a valid IP address formatted as string or a valid DNS name */
+
+ if (isempty(name))
+ return 0;
+
+ if (in_addr_from_string_auto(name, NULL, NULL) >= 0)
+ return 1;
+
+ return dns_name_is_valid(name);
+}
diff --git a/src/shared/dns-domain.h b/src/shared/dns-domain.h
index af780f0b8b..03f160369c 100644
--- a/src/shared/dns-domain.h
+++ b/src/shared/dns-domain.h
@@ -107,3 +107,5 @@ int dns_name_equal_skip(const char *a, unsigned n_labels, const char *b);
int dns_name_common_suffix(const char *a, const char *b, const char **ret);
int dns_name_apply_idna(const char *name, char **ret);
+
+int dns_name_is_valid_or_address(const char *name);
diff --git a/src/test/test-dns-domain.c b/src/test/test-dns-domain.c
index e2f097c95e..b4db4a6702 100644
--- a/src/test/test-dns-domain.c
+++ b/src/test/test-dns-domain.c
@@ -627,6 +627,18 @@ static void test_dns_name_apply_idna(void) {
test_dns_name_apply_idna_one("föö.bär.", "xn--f-1gaa.xn--br-via");
}
+static void test_dns_name_is_valid_or_address(void) {
+ assert_se(dns_name_is_valid_or_address(NULL) == 0);
+ assert_se(dns_name_is_valid_or_address("") == 0);
+ assert_se(dns_name_is_valid_or_address("foobar") > 0);
+ assert_se(dns_name_is_valid_or_address("foobar.com") > 0);
+ assert_se(dns_name_is_valid_or_address("foobar..com") == 0);
+ assert_se(dns_name_is_valid_or_address("foobar.com.") > 0);
+ assert_se(dns_name_is_valid_or_address("127.0.0.1") > 0);
+ assert_se(dns_name_is_valid_or_address("::") > 0);
+ assert_se(dns_name_is_valid_or_address("::1") > 0);
+}
+
int main(int argc, char *argv[]) {
test_dns_label_unescape();
@@ -654,6 +666,7 @@ int main(int argc, char *argv[]) {
test_dns_name_compare_func();
test_dns_name_common_suffix();
test_dns_name_apply_idna();
+ test_dns_name_is_valid_or_address();
return 0;
}