summaryrefslogtreecommitdiff
path: root/src/libsystemd
AgeCommit message (Collapse)Author
2016-01-27Merge pull request #1975 from ssahani/vxlan2Tom Gundersen
networkd: Add support to configure VXLAN Port
2016-01-26networkd: rework Domains= settingLennart Poettering
Previously, .network files only knew a vaguely defined "Domains=" concept, for which the documentation declared it was the "DNS domain" for the network connection, without specifying what that means. With this the Domains setting is reworked, so that there are now "routing" domains and "search" domains. The former are to be used by resolved to route DNS request to specific network interfaces, the latter is to be used for searching single-label hostnames with (in addition to being used for routing). Both settings are configured in the "Domains=" setting. Normal domain names listed in it are now considered search domains (for compatibility with existing setups), while those prefixed with "~" are considered routing domains only. To route all lookups to a specific interface the routing domain "." may be used, referring to the root domain. An alternative syntax for this is the "*", as was already implemented before using the "wildcard" domain concept. This commit adds proper parsers for this new logic, and exposes this via the sd-network API. This information is not used by resolved yet, this will be added in a later commit.
2016-01-25resolve: generate a nice clean error when clients try to resolve a name when ↵Lennart Poettering
the network is down
2016-01-19resolved: add bus API for configuring per-link DNS settingsLennart Poettering
This is useful for alternative network management solutions (such as NetworkManager) to push DNS configuration data into resolved. The calls will fail should networkd already have taken possesion of a link, so that the bus API is only available if we don't get the data from networkd.
2016-01-19resolved: add a couple of errors to the error mapping tablesLennart Poettering
These were previously forgotten, add them now.
2016-01-19sd-netlink introduce API to add any size and typeSusant Sahani
Now we dont have any public API that will support any size . sd_netlink_message_append_data will support this.
2016-01-18sd-event: fix theoretical leak on error in event_make_signal_dataZbigniew Jędrzejewski-Szmek
2016-01-18sd-device: initialize variables to avoid warningZbigniew Jędrzejewski-Szmek
The code is correct, assuming that the kernel does not feed us garbled data. Let's initialize those variables to avoid the warning anyway.
2016-01-18bus-kernel: reword assignment of dst_id in bus_message_setup_kmsgZbigniew Jędrzejewski-Szmek
Setting of dst_id was based on interplay of two booleans, making the logic hard to follow (for humans and compilers alike). gcc was confused and emmitted a warning about an uninitialized variable. Rework the code to make it obvious that dst_id is set properly.
2016-01-18sd-netlink: remove unused tableZbigniew Jędrzejewski-Szmek
2016-01-18test-bus-error: add tests for setting error == 0Zbigniew Jędrzejewski-Szmek
2016-01-18sd-event: check clock argument to sd_event_now()Zbigniew Jędrzejewski-Szmek
sd_event_now() is a public function, so we must check all arguments for validity. Update man page and add tests. Sample debug message: Assertion 'IN_SET(clock, CLOCK_REALTIME, CLOCK_REALTIME_ALARM, CLOCK_MONOTONIC, CLOCK_BOOTTIME, CLOCK_BOOTTIME_ALARM)' failed at src/libsystemd/sd-event/sd-event.c:2719, function sd_event_now(). Ignoring.
2016-01-18bus-error: verify additional error maps during installationZbigniew Jędrzejewski-Szmek
Go over the entries in the map and check that they make sense. Tests are added. In the future we might want to do additional checks, e.g. verifying that the error names are in the expected format.
2016-01-18basic,bus-error: return negative error from errno_from_nameZbigniew Jędrzejewski-Szmek
errno_from_name used an unusual return convention where 0 meant "not found". This tripped up config_parse_syscall_errno(), which would treat that as success. Return -EINVAL instead, and adjust bus_error_name_to_errno() for the new convention. Also remove a goto which was used as a simple if and clean up surroudning code a bit.
2016-01-13tree-wide: check if errno is greater than zero (2)Zbigniew Jędrzejewski-Szmek
Compare errno with zero in a way that tells gcc that (if the condition is true) errno is positive.
2016-01-12sd-event: minor fixups to delays profiling changesVito Caputo
2016-01-12Merge pull request #2147 from vcaputo/sd-event-measure-latenciesLennart Poettering
sd-event: instrument sd_event_run() for profiling delays
2016-01-12sd-event: instrument sd_event_run() for profiling delaysVito Caputo
Set SD_EVENT_PROFILE_DELAYS to activate accounting and periodic logging of the distribution of delays between sd_event_run() calls. Time spent in dispatching as well as time spent outside of sd_event_run() is measured and accounted for. Every 5 seconds a logarithmic histogram loop iteration delays since 5 seconds previous is logged. This is useful in identifying the frequency and magnitude of latencies affecting the event loop, which should be kept to a minimum.
2016-01-12tree-wide: use xsprintf() where applicableDaniel Mack
Also add a coccinelle receipt to help with such transitions.
2016-01-11resolved: don't attempt to send queries for DNSSEC RR types to servers not ↵Lennart Poettering
supporting them If we already degraded the feature level below DO don't bother with sending requests for DS, DNSKEY, RRSIG, NSEC, NSEC3 or NSEC3PARAM RRs. After all, we cannot do DNSSEC validation then anyway, and we better not press a legacy server like this with such modern concepts. This also has the benefit that when we try to validate a response we received using DNSSEC, and we detect a limited server support level while doing so, all further auxiliary DNSSEC queries will fail right-away.
2016-01-10sd-netlink: fix assertDaniel Mack
nl->fd can be 0.
2016-01-07Merge pull request #2285 from evverx/fix-test-resolveDaniel Mack
tests: test-resolve: wait until all queries are completed
2016-01-07tests: test-resolve: wait until all queries are completedEvgeny Vereshchagin
This is a follow-up for 4a134c4903dbf6ef6c6a Fixes: $ ./test-resolve 209.132.183.105:80 209.132.183.105:80 canonical name: n/a 193.99.144.85:0 [2a02:2e0:3fe:1001:7777:772e:2:85]:0 canonical name: www.heise.de Host: web.heise.de -- Serv: http $ ./test-resolve 193.99.144.85:0 [2a02:2e0:3fe:1001:7777:772e:2:85]:0 canonical name: www.heise.de Host: web.heise.de -- Serv: http $ ./test-resolve ...
2016-01-07Merge pull request #2276 from poettering/dnssec12Tom Gundersen
Twelfth DNSSEC PR
2016-01-06resolved: introduce support for per-interface negative trust anchorsLennart Poettering
2016-01-05resolved,networkd: add a per-interface DNSSEC settingLennart Poettering
This adds a DNSSEC= setting to .network files, and makes resolved honour them.
2016-01-05networkd,resolved: add a per-interface mdns configuration optionLennart Poettering
2016-01-05sd-network: unify parsing of /run/systemd/netif/links/* string fieldsLennart Poettering
2016-01-05tests: use sd_bus_flush_close_unref instead of sd_bus_unref in test-bus-cleanupEvgeny Vereshchagin
Fixes: $ make valgrind-tests TESTS=test-bus-cleanup ==6363== 9 bytes in 1 blocks are possibly lost in loss record 1 of 28 ==6363== at 0x4C2BBCF: malloc (vg_replace_malloc.c:299) ==6363== by 0x197D12: hexmem (hexdecoct.c:79) ==6363== by 0x183083: bus_socket_start_auth_client (bus-socket.c:639) ==6363== by 0x1832A0: bus_socket_start_auth (bus-socket.c:678) ==6363== by 0x183438: bus_socket_connect (bus-socket.c:705) ==6363== by 0x14B0F2: bus_start_address (sd-bus.c:1053) ==6363== by 0x14B592: sd_bus_start (sd-bus.c:1134) ==6363== by 0x14B95E: sd_bus_open_system (sd-bus.c:1235) ==6363== by 0x1127E2: test_bus_open (test-bus-cleanup.c:42) ==6363== by 0x112AAE: main (test-bus-cleanup.c:87) ==6363== ... $ ./libtool --mode=execute valgrind ./test-bus-cleanup ==6584== LEAK SUMMARY: ... ==6584== possibly lost: 10,566 bytes in 27 blocks
2016-01-04resolved: explicitly handle case when the trust anchor is emptyLennart Poettering
Since we honour RFC5011 revoked keys it might happen we end up with an empty trust anchor, or one where there's no entry for the root left. With this patch the logic is changed what to do in this case. Before this patch we'd end up requesting the root DS, which returns with NODATA but a signed NSEC we cannot verify, since the trust anchor is empty after all. Thus we'd return a DNSSEC result of "missing-key", as we lack a verified version of the key. With this patch in place, look-ups for the root DS are explicitly recognized, and not passed on to the DNS servers. Instead, if downgrade-ok mode is on an unsigned NODATA response is synthesized, so that the validator code continues under the assumption the root zone was unsigned. If downgrade-ok mode is off a new transaction failure is generated, that makes this case recognizable.
2016-01-04resolved: introduce a proper bus error for DNSSEC validation errorsLennart Poettering
2016-01-01Merge pull request #2241 from poettering/dnssec9Tom Gundersen
Ninth DNSSEC patch set
2015-12-29resolved: properly handle SRV RRs with the DNS root as hostnameLennart Poettering
2015-12-29resolved: add errno mapping for BUS_ERROR_CONNECTION_FAILURELennart Poettering
This was missing when the error type was added in ac720200b7e5b80cc4985087e38f3452e5b3b080.
2015-12-29resolved: change mapping of BUS_ERROR_NO_NAME_SERVERS to ESRCHLennart Poettering
EIO is really too generic, and indicates transmission problems.
2015-12-29tests: fix memory leak in test-bus-marshalEvgeny Vereshchagin
Fixes: ``` $ ./configure ... --enable-dbus $ make $ make valgrind-tests TESTS=test-bus-marshal ... ==25301== 51 bytes in 1 blocks are definitely lost in loss record 7 of 18 ==25301== at 0x4C2DD9F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==25301== by 0x5496B8C: ??? (in /lib/x86_64-linux-gnu/libdbus-1.so.3.14.3) ==25301== by 0x54973E3: _dbus_string_append_printf_valist (in /lib/x86_64-linux-gnu/libdbus-1.so.3.14.3) ==25301== by 0x547E5C2: _dbus_set_error_valist (in /lib/x86_64-linux-gnu/libdbus-1.so.3.14.3) ==25301== by 0x547E73E: dbus_set_error (in /lib/x86_64-linux-gnu/libdbus-1.so.3.14.3) ==25301== by 0x548969A: dbus_message_demarshal (in /lib/x86_64-linux-gnu/libdbus-1.so.3.14.3) ==25301== by 0x115C1A: main (test-bus-marshal.c:244) ==25301== ```
2015-12-26resolved: generate an explicit transaction error when we cannot reach server ↵Lennart Poettering
via TCP Previously, if we couldn't reach a server via UDP we'd generate an MAX_ATTEMPTS transaction result, but if we couldn't reach it via TCP we'd generate a RESOURCES transaction result. While it is OK to generate two different errors I think, "RESOURCES" is certainly a misnomer. Introduce a new transaction result "CONNECTION_FAILURE" instead.
2015-12-21sd-event: improve debugging of event source errorsDaniel Mack
Printing the pointer variable really doesn't help, so drop that. Instead, add a string lookup table for the EventSourceType enum, and print the type of event source in case of errors.
2015-12-02tests: turn check if manager cannot be intialized into macroZbigniew Jędrzejewski-Szmek
We need to check the same thing in multiple tests. Use a shared macro to make it easier to update the list of errnos. Change the errno code for "unitialized cgroup fs" for ENOMEDIUM. Exec format error looks like something more serious. This fixes test-execute invocation in mock.
2015-11-27selinux: split up mac_selinux_have() from mac_selinux_use()Lennart Poettering
Let's distuingish the cases where our code takes an active role in selinux management, or just passively reports whatever selinux properties are set. mac_selinux_have() now checks whether selinux is around for the passive stuff, and mac_selinux_use() for the active stuff. The latter checks the former, plus also checks UID == 0, under the assumption that only when we run priviliged selinux management really makes sense. Fixes: #1941
2015-11-27tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easyLennart Poettering
GLIB has recently started to officially support the gcc cleanup attribute in its public API, hence let's do the same for our APIs. With this patch we'll define an xyz_unrefp() call for each public xyz_unref() call, to make it easy to use inside a __attribute__((cleanup())) expression. Then, all code is ported over to make use of this. The new calls are also documented in the man pages, with examples how to use them (well, I only added docs where the _unref() call itself already had docs, and the examples, only cover sd_bus_unrefp() and sd_event_unrefp()). This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we tend to call our destructors these days. Note that this defines no public macro that wraps gcc's attribute and makes it easier to use. While I think it's our duty in the library to make our stuff easy to use, I figure it's not our duty to make gcc's own features easy to use on its own. Most likely, client code which wants to make use of this should define its own: #define _cleanup_(function) __attribute__((cleanup(function))) Or similar, to make the gcc feature easier to use. Making this logic public has the benefit that we can remove three header files whose only purpose was to define these functions internally. See #2008.
2015-11-23tests: add sd_event_now to test_basicEvgeny Vereshchagin
2015-11-22tests: add missing sd_event_add_post to test_basicEvgeny Vereshchagin
2015-11-22tests: check exit handler invocationEvgeny Vereshchagin
2015-11-22sd-event: use prioq_ensure_allocated where possibleEvgeny Vereshchagin
2015-11-19sd-event: define a new PREPARING stateLennart Poettering
We already have a state RUNNING and EXITING when we dispatch regular and exit callbacks. Let's introduce a new state called PREPARING that is active while we invoke preparation callbacks. This way we have a state each for all three kinds of event handlers. The states are currently not documented, hence let's add a new state to the end, before we start documenting this.
2015-11-19sd-event: make _ref() calls NOPs when NULL is passed to themLennart Poettering
Let's make _ref() calls happy when NULL is passed to them, and simply return NULL without any assertion logic. This makes them nicely symmetric to the _unref() calls which also are happy to take NULL and become NOPs then.
2015-11-18tree-wide: sort includes in *.hThomas Hindoe Paaboel Andersen
This is a continuation of the previous include sort patch, which only sorted for .c files.
2015-11-17tree-wide: use right cast macros for UIDs, GIDs and PIDsLennart Poettering
2015-11-17Merge pull request #1923 from zonque/siphashLennart Poettering
siphash24: let siphash24_finalize() and siphash24() return the result…