summaryrefslogtreecommitdiff
path: root/src/basic
AgeCommit message (Collapse)Author
2016-01-26networkd: rework Domains= settingLennart Poettering
Previously, .network files only knew a vaguely defined "Domains=" concept, for which the documentation declared it was the "DNS domain" for the network connection, without specifying what that means. With this the Domains setting is reworked, so that there are now "routing" domains and "search" domains. The former are to be used by resolved to route DNS request to specific network interfaces, the latter is to be used for searching single-label hostnames with (in addition to being used for routing). Both settings are configured in the "Domains=" setting. Normal domain names listed in it are now considered search domains (for compatibility with existing setups), while those prefixed with "~" are considered routing domains only. To route all lookups to a specific interface the routing domain "." may be used, referring to the root domain. An alternative syntax for this is the "*", as was already implemented before using the "wildcard" domain concept. This commit adds proper parsers for this new logic, and exposes this via the sd-network API. This information is not used by resolved yet, this will be added in a later commit.
2016-01-26Merge pull request #2424 from keszybz/journald-disk-usageLennart Poettering
Journald disk usage
2016-01-25resolved: properly handle LLMNR/TCP connection errorsLennart Poettering
The LLMNR spec suggests to do do reverse address lookups by doing direct LLMNR/TCP connections to the indicated address, instead of doing any LLMNR multicast queries. When we do this and the peer doesn't actually implement LLMNR this will result in a TCP connection error, which we need to handle. In contrast to most LLMNR lookups this will give us a quick response on whether we can find a suitable name. Report this as new transaction state, since this should mostly be treated like an NXDOMAIN rcode, except that it's not one.
2016-01-25resolved: when checking whether a link is relevant, check kernel operstateLennart Poettering
This mimics what networkd is doing to detect a carrier.
2016-01-23journald: allow additional payload in server_driver_messageZbigniew Jędrzejewski-Szmek
The code to format the iovec is shared with log.c. All call sites to server_driver_message are changed to include the additional "MESSAGE=" part, but the new functionality is not used and change in functionality is not expected. iovec is preallocated, so the maximum number of messages is limited. In server_driver_message N_IOVEC_PAYLOAD_FIELDS is currently set to 1. New code is not oom safe, it will fail if memory cannot be allocated. This will be fixed in subsequent commit.
2016-01-22Merge pull request #2080 from ↵Daniel Mack
chaloulo/split-mode-host-remove-port-from-journal-filename journal-remote: split-mode=host, remove port from journal filename
2016-01-22systemd-activate: Add support for datagram socketsSusant Sahani
core: Add flexible way to provide socket type the socket type should be a diffrent argumet in make_socket_fd . In this way we can set the socket type like SOCK_STREAM SOCK_DGRAM in the address. journal-remote: modify make_socket_fd
2016-01-21Merge pull request #2371 from evverx/add-valgrind-helper-for-daemon-reexecDaniel Mack
core: add valgrind helper for daemon-reexec
2016-01-21Merge pull request #2391 from keszybz/coverityDaniel Mack
Coverity inspired fixes
2016-01-21core: add valgrind helper for daemon-reexecEvgeny Vereshchagin
Inspired by https://github.com/systemd/systemd/issues/2187#issuecomment-165587140
2016-01-20Add assert in barrier codeZbigniew Jędrzejewski-Szmek
This function is not supposed to fail, it only returns a boolean. So add an assert in case anyone calls it without proper initialization of *b.
2016-01-20Merge pull request #2337 from dhxgit/patch-1Tom Gundersen
Fix IPv6PrivacyExtension (networkd-ndisc.c)
2016-01-20Merge pull request #2381 from jsynacek/journalctl-colors-v4Lennart Poettering
basic/terminal-util: introduce SYSTEMD_COLORS environment variable
2016-01-20basic/terminal-util: introduce SYSTEMD_COLORS environment variableJan Synacek
... to determine if color output should be enabled. If the variable is not set, fall back to using on_tty(). Also, rewrite existing code to use colors_enabled() where appropriate.
2016-01-19resolved: add bus API for configuring per-link DNS settingsLennart Poettering
This is useful for alternative network management solutions (such as NetworkManager) to push DNS configuration data into resolved. The calls will fail should networkd already have taken possesion of a link, so that the bus API is only available if we don't get the data from networkd.
2016-01-19Merge pull request #2357 from keszybz/warnings-2Lennart Poettering
Remove gcc warnings v2
2016-01-18basic: add missing word in commentZbigniew Jędrzejewski-Szmek
2016-01-18basic/escape: merge utf8 and non-utf8 paths in cunescape_oneZbigniew Jędrzejewski-Szmek
Not every byte sequence is valid utf8. We allow escaping of non-utf8 sequences in strings by using octal and hexadecimal escape sequences (\123 and \0xAB) for bytes at or above 128. Users of cunescape_one could infer whether such use occured when they received an answer between 128 and 256 in *ret (a non-ascii one byte character). But this is subtle and misleading: the comments were wrong, because ascii is a subset of unicode, so c != 0 did not mean non-unicode, but rather ascii-subset-of-unicode-or-raw-byte. This was all rather confusing, so make the "single byte" condition explicit. I'm not convinced that allowing non-utf8 sequences to be produced is useful in all cases where we allow it (e.g. in config files), but that behaviour is unchanged, just made more explicit. This also fixes an (invalid) gcc warning about unitialized variable (*ret_unicode) in callers of cunescape_one.
2016-01-18basic,bus-error: return negative error from errno_from_nameZbigniew Jędrzejewski-Szmek
errno_from_name used an unusual return convention where 0 meant "not found". This tripped up config_parse_syscall_errno(), which would treat that as success. Return -EINVAL instead, and adjust bus_error_name_to_errno() for the new convention. Also remove a goto which was used as a simple if and clean up surroudning code a bit.
2016-01-18Use negative_errno() to assert errno is positive after a few system callsZbigniew Jędrzejewski-Szmek
This is not particularly intrusive because it happens in simple utility functions. It helps gcc understand that error codes are negative. This gets a rid of most of the remaining warnings.
2016-01-16Fix IPv6PrivacyExtension (networkd-ndisc.c)Dominik Hannen
This small addition fixes the issues #1982 and #2242. IPv6PrivacyExtension now works as expected even when a RA is received.
2016-01-13tree-wide: check if errno is greater than zero (2)Zbigniew Jędrzejewski-Szmek
Compare errno with zero in a way that tells gcc that (if the condition is true) errno is positive.
2016-01-13tree-wide: check if errno is greater then zeroZbigniew Jędrzejewski-Szmek
gcc is confused by the common idiom of return errno ? -errno : -ESOMETHING and thinks a positive value may be returned. Replace this condition with errno > 0 to help gcc and avoid many spurious warnings. I filed a gcc rfe a long time ago, but it hard to say if it will ever be implemented [1]. Both conventions were used in the codebase, this change makes things more consistent. This is a follow up to bcb161b0230f. [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61846
2016-01-13basic: add ascii_strcasecmp_nn() callLennart Poettering
In contrast to ascii_strcasecmp_nn() it takes two character buffers with their individual length. It will then compare the buffers up the smaller size of the two buffers, and finally the length themselves.
2016-01-13basic: add new ascii_strcasecmp_n() callLennart Poettering
2016-01-12tree-wide: use xsprintf() where applicableDaniel Mack
Also add a coccinelle receipt to help with such transitions.
2016-01-12capabilities: added support for ambient capabilities.Ismo Puustinen
This patch adds support for ambient capabilities in service files. The idea with ambient capabilities is that the execed processes can run with non-root user and get some inherited capabilities, without having any need to add the capabilities to the executable file. You need at least Linux 4.3 to use ambient capabilities. SecureBit keep-caps is automatically added when you use ambient capabilities and wish to change the user. An example system service file might look like this: [Unit] Description=Service for testing caps [Service] ExecStart=/usr/bin/sleep 10000 User=nobody AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW After starting the service it has these capabilities: CapInh: 0000000000003000 CapPrm: 0000000000003000 CapEff: 0000000000003000 CapBnd: 0000003fffffffff CapAmb: 0000000000003000
2016-01-12capabilities: keep bounding set in non-inverted format.Ismo Puustinen
Change the capability bounding set parser and logic so that the bounding set is kept as a positive set internally. This means that the set reflects those capabilities that we want to keep instead of drop.
2016-01-11resolved: when we get a TCP connection failure, try againLennart Poettering
Previously, when we couldn't connect to a DNS server via TCP we'd abort the whole transaction using a "connection-failure" state. This change removes that, and counts failed connections as "lost packet" events, so that we switch back to the UDP protocol again.
2016-01-11shared: make sure foo.bar and foobar result in different domain name hashesLennart Poettering
This also introduces a new macro siphash24_compress_byte() which is useful to add a single byte into the hash stream, and ports one user over to it.
2016-01-11basic: split hash functions into their own header filesLennart Poettering
The hash operations are not really that specific to hashmaps, hence split them into a .c module of their own.
2016-01-11basic: introduce generic ascii_strlower_n() call and make use of it everywhereLennart Poettering
2016-01-11macro.h: provide a switch-case statement generator for IN_SETDaniel Mack
Rather than walking a list of valid values one-by-one, generate a switch-case statement for the IN_SET() macro. This allows the compiler to further optimize its code output, possibly by generating jump tables. This effectively decreases the binary size slightly. The implementation is based on macro overloading depending on the number of arguments. h/t to the following post: https://stackoverflow.com/questions/11761703/overloading-macro-on-number-of-arguments
2016-01-05basic: add string table macros for "extended boolean" enumsLennart Poettering
In a couple of cases we maintain configuration settings that know an on and off state, like a boolean, plus some additional states. We generally parse them as booleans first, and if that fails check for specific additional values. This adds a generalized set of macros for parsing such settings, and ports one use in resolved and another in networkd over to it.
2016-01-03Merge pull request #2245 from ssahani/socket1Lennart Poettering
core: socket options fix SCTP_NODELAY
2016-01-02basic: modernize conf-files.c a bitLennart Poettering
2015-12-31core: socket options fix SCTP_NODELAYSusant Sahani
SCTP_NODELAY is diffrent to TCP_NODELAY. Apply proper options in case of SCTP.
2015-12-26bitmap: don't do bitwise XOR on booleansLennart Poettering
It's weird doing bitwise operations on booleans. Let's use the boolean XOR (i.e. "!=") instead of the bitweise XOR (i.e. "^") on them.
2015-12-26util-lib: make sure more bitmap calls can deal with NULL objects fineLennart Poettering
2015-12-15basic: ENABLE_DEBUG_HASHMAP needs <pthread.h>Henrik Kaare Poulsen
this is a follow-up for commit 11c3a36649e5e5e77db499c92f3
2015-12-10Use /proc/net/sockstat6 to detect IPv6 supportJorgen Schaefer
The file /sys/module/ipv6 does not exist in all container implementations (e.g. Virtuozzo). Using /proc/net/sockstat6 detects IPv6 support reliably in these environments, too. This file does not exist when the kernel is not compiled with IPv6 support, or if IPv6 support is disabled, so simply checking for existence should be a suitable check. Fixes #2059
2015-12-07basic: add RB-Tree implementationDavid Herrmann
This adds an self-standing RB-Tree implementation to src/basic/. This will be needed for NSEC RR lookups, since we need "close lookups", which hashmaps (not even ordered-hashmaps) can give us in reasonable time.
2015-12-03journal: unbreak sd_journal_sendvZbigniew Jędrzejewski-Szmek
Borked since commit 3ee897d6c2401effbc82f5eef35fce405781d6c8 Author: Lennart Poettering <lennart@poettering.net> Date: Wed Sep 23 01:00:04 2015 +0200 tree-wide: port more code to use send_one_fd() and receive_one_fd() because here our fd is not connected and we need to specify the address.
2015-12-02tests: turn check if manager cannot be intialized into macroZbigniew Jędrzejewski-Szmek
We need to check the same thing in multiple tests. Use a shared macro to make it easier to update the list of errnos. Change the errno code for "unitialized cgroup fs" for ENOMEDIUM. Exec format error looks like something more serious. This fixes test-execute invocation in mock.
2015-12-01basic/virt: add missing includes to compile on ppc64Zbigniew Jędrzejewski-Szmek
2015-12-01basic: re-sort includesThomas Hindoe Paaboel Andersen
My previous patch to only include what we use accidentially placed the added inlcudes in non-sorted order.
2015-12-01journal-remote: split-mode=host, remove port from journal filenameKlearchos Chaloulos
When constructing the journal filename to store logs from a remote host, remove the port of the tcp connection, as the port will change with every reboot/connection loss between sender/reveiver machines. Having the port in the filename will cause a new journal file to be created for every reboot or connection loss. For the implementation, a new argument "bool include_port" is added to the getpeername_pretty() function. This is passed to the sockaddr_pretty() function. The value of the include_port argument is set to true in all calls of getpeername_pretty(), except for 2 calls in journal-remote.c, where it is set to false.
2015-11-30basic: include only what we useThomas Hindoe Paaboel Andersen
This is a cleaned up result of running iwyu but without forward declarations on src/basic.
2015-11-27selinux: split up mac_selinux_have() from mac_selinux_use()Lennart Poettering
Let's distuingish the cases where our code takes an active role in selinux management, or just passively reports whatever selinux properties are set. mac_selinux_have() now checks whether selinux is around for the passive stuff, and mac_selinux_use() for the active stuff. The latter checks the former, plus also checks UID == 0, under the assumption that only when we run priviliged selinux management really makes sense. Fixes: #1941
2015-11-27util-lib: move nss-util.h from shared/ to basic/Lennart Poettering
The header file defines some helpers for GLIBC NSS and doesn't include anything else but glibc headers, hence there's little reason to keep it in shared/. See: #2008