summaryrefslogtreecommitdiff
path: root/src/resolve
AgeCommit message (Collapse)Author
2015-08-25resolved: allow dns_cache_put() without a questionDaniel Mack
Currently, dns_cache_put() does a number of things: 1) It unconditionally removes all keys contained in the passed question before adding keys from the newly arrived answers. 2) It puts positive entries into the cache for all RRs contained in the answer. 3) It creates negative entries in the cache for all keys in the question that are not answered. Allow passing q = NULL in the parameters and skip 1) and 3), so we can use that function for mDNS responses. In this case, the question is irrelevant, we are interested in all answers we got.
2015-08-25resolved: move assertionDaniel Mack
Make a scope with invalid protocol state fail as soon as possible.
2015-08-25resolved: use switch-case statements for protocol detailsDaniel Mack
With more protocols to come, switch repetitive if-else blocks with a switch-case statements.
2015-08-25resolved: remove runtime check for previously asserted conditionDaniel Mack
2015-08-24resolved: change error code when trying to resolve direct LLMNR PTR RRsLennart Poettering
If we try to resoolve an LLMNR PTR RR we shall connect via TCP directly to the specified IP address. We already refuse to do this if the address to resolve is of a different address family as the transaction's scope. The error returned was EAFNOSUPPORT. Let's change this to ESRCH which is how we indicate "not server available" when connecting for LLMNR or DNS, since that's what this really is: we have no server we could connect to in this address family. This allows us to ensure that no server errors are always handled the same way.
2015-08-24resolved: remove duplicate handling of "no servers" query resultLennart Poettering
So far we handled immediate "no server" query results differently from "no server" results we ran into during operation: the former would cause the dns_query_go() call to fail with ESRCH, the later would result in the query completion callback to be called. Remove the duplicate codepaths, by always going through the completion callback. This allows us to remove quite a number of lines for handling the ESRCH. This commit should not alter behaviour at all.
2015-08-24resolved: replace transaction list by hashmapLennart Poettering
Right now we keep track of ongoing transactions in a linked listed for each scope. Replace this by a hashmap that is indexed by the RR key. Given that all ongoing transactions will be placed in pretty much the same scopes usually this should optimize behaviour. We used to require a list here, since we wanted to do "superset" query checks, but this became obsolete since transactions are now single-key instead of multi-key.
2015-08-22Merge pull request #1010 from poettering/resolved-question-keyTom Gundersen
only maintain one question RR key per transaction and other fixes
2015-08-21resolved: always split up questions into per-RR transactionsLennart Poettering
We do so for Unicast DNS and LLMNR anyway, let's also do this for mDNS, and simplify things.
2015-08-21resolved: only maintain one question RR key per transactionLennart Poettering
Let's simplify things and only maintain a single RR key per transaction object, instead of a full DnsQuestion. Unicast DNS and LLMNR don't support multiple questions per packet anway, and Multicast DNS suggests coalescing questions beyond a single dns query, across the whole system.
2015-08-21resolved: add extra check for family when doing LLMNR TCP connectionsLennart Poettering
It shouldn't happen that we try to resolve IPv4 addresses via LLMNR on IPv6 and vice versa, but let's explicitly verify that we don't turn an IPv4 LLMNR lookup into an IPv6 TCP connection.
2015-08-21resolved: add reference to negative caching RFCLennart Poettering
2015-08-21remove unused variablesThomas Hindoe Paaboel Andersen
2015-08-21resolved: when passing RRs across the bus, make sure not to use name compressionLennart Poettering
We explicitly need to turn off name compression when marshalling or demarshalling RRs for bus transfer, since they otherwise refer to packet offsets that reference packets that are not transmitted themselves.
2015-08-21resolved: rework synthesizing logicLennart Poettering
With this change we'll now also generate synthesized RRs for the local LLMNR hostname (first label of system hostname), the local mDNS hostname (first label of system hostname suffixed with .local), the "gateway" hostname and all the reverse PTRs. This hence takes over part of what nss-myhostname already implemented. Local hostnames resolve to the set of local IP addresses. Since the addresses are possibly on different interfaces it is necessary to change the internal DnsAnswer object to track per-RR interface indexes, and to change the bus API to always return the interface per-address rather than per-reply. This change also patches the existing clients for resolved accordingly (nss-resolve + systemd-resolve-host). This also changes the routing logic for queries slightly: we now ensure that the local hostname is never resolved via LLMNR, thus making it trustable on the local system.
2015-08-21resolved: make DnsQuestion logic handle NULL arrays as empty arraysLennart Poettering
Following our usual logic of treating NULL arrays as empty arrays (for example, see strv.c) do the same for questions too.
2015-08-21resolved: minor typo comment fixLennart Poettering
2015-08-17Merge pull request #976 from elfring/Remove_unnecessary_checks2Lennart Poettering
Delete unnecessary checks before some function calls
2015-08-17Bug #944: Deletion of unnecessary checks before a few calls of systemd functionsMarkus Elfring
The following functions return immediately if a null pointer was passed. * calendar_spec_free * link_address_free * manager_free * sd_bus_unref * sd_journal_close * udev_monitor_unref * udev_unref It is therefore not needed that a function caller repeats a corresponding check. This issue was fixed by using the software Coccinelle 1.0.1.
2015-08-17resolved: cache - add more detailed cache debug loggingTom Gundersen
2015-08-16resolved: packet - fix typo in read_rr()Tom Gundersen
2015-08-14resolved: never allow routing of "localhost" queries to DNS or LLMNRLennart Poettering
We should never allow leaking of "localhost" queries onto the network, even if there's an explicit domain rotue set for this.
2015-08-14resolved: locally synthesize replies for "localhost"Lennart Poettering
Let's make sure that clients querying resolved via the bus for A, AAAA or PTR records for "localhost" get a synthesized, local reply, so that we do not hit the network. This makes part of nss-myhostname redundant, if used in conjunction. However, given that nss-resolve shall be optional we need to keep this code in both places for now.
2015-08-03sd-event: make sure sd_event_now() cannot failLennart Poettering
Previously, if the event loop never ran before sd_event_now() would fail. With this change it will instead fall back to invoking now(). This way, the function cannot fail anymore, except for programming error when invoking it with wrong parameters. This takes into account the fact that many callers did not handle the error condition correctly, and if the callers did, then they kept simply invoking now() as fall back on their own. Hence let's shorten the code using this call, and make things more robust, and let's just fall back to now() internally. Whether now() is used or the cache timestamp may still be detected via the return value of sd_event_now(). If > 0 is returned, then the fall back to now() was used, if == 0 is returned, then the cached value was returned. This patch also simplifies many of the invocations of sd_event_now(): the manual fall back to now() can be removed. Also, in cases where the call is invoked withing void functions we can now protect the invocation via assert_se(), acknowledging the fact that the call cannot fail anymore except for programming errors with the parameters. This change is inspired by #841.
2015-08-03resolved: transaction - increase number of retry attemptsTom Gundersen
With the exponential backoff, we can perform more requests in the same amount of time, so bump this a bit. In case of large RTT this may be necessary in order not to regress, and in case of large packet-loss it will make us more robust. The latter is particularly relevant once we start probing for features (and hence may see packet-loss until we settle on the right feature level).
2015-08-03resolved: transaction - exponentially increase retry timeoutsTom Gundersen
Rather than fixing this to 5s for unicast DNS and 1s for LLMNR, start at a tenth of those values and increase exponentially until the old values are reached. For LLMNR the recommended timeout for IEEE802 networks (which basically means all of the ones we care about) is 100ms, so that should be uncontroversial. For unicast DNS I have found no recommended value. However, it seems vastly more likely that hitting a 500ms timeout is casued by a packet loss, rather than the RTT genuinely being greater than 500ms, so taking this as a startnig value seems reasonable to me. In the common case this greatly reduces the latency due to normal packet loss. Moreover, once we get support for probing for features, this means that we can send more packets before degrading the feature level whilst still allowing us to settle on the correct feature level in a reasonable timeframe. The timeouts are tracked per server (or per scope for the multicast protocols), and once a server (or scope) receives a successfull package the timeout is reset. We also track the largest RTT for the given server/scope, and always start our timouts at twice the largest observed RTT.
2015-08-03resolved: cache - use clock_boottime_or_monotonic()Tom Gundersen
We cannot rely on CLOCK_BOOTTIME being supported by the kernel, so fallack to CLOCK_MONOTONIC if the former is not supported.
2015-07-29Merge pull request #768 from poettering/resolved-localhostDaniel Mack
resolved: never attempt to resolve loopback addresses via DNS/LLMNR/mDNS
2015-07-29resolved: never attempt to resolve loopback addresses via DNS/LLMNR/mDNSLennart Poettering
We already refuse to resolve "localhost", hence we should also refuse resolving "127.0.0.1" and friends.
2015-07-29treewide: fix typosTorstein Husebø
2015-07-28resolved: packet - refuse empty type bitmapsTom Gundersen
The NSEC type itself must at least be in the bitmap, so NSEC records with empty bitmaps must be bogus.
2015-07-28resolved: packet - fix read_type_window()Tom Gundersen
We were tracking the bit offset inside each byte, rather than inside the whole bitmap.
2015-07-28resolve: packet - fix append_types()Tom Gundersen
We were counting the number of bits set rather than the number of bytes they occupied.
2015-07-28resolved: compare dns question arrays properlyLennart Poettering
Let's optimize things a bit and properly compare DNS question arrays, instead of checking if they are mutual supersets. This also makes ANY query handling more accurate.
2015-07-27resolved: transaction - don't explicitly verify packet sourceTom Gundersen
This is handled by the kernel now that the socket is connect()ed.
2015-07-27resolved: transaction - don't unref server when creating TCP socketTom Gundersen
This was a bug.
2015-07-27resolved: scope - write() unicast DNS packetsTom Gundersen
As we have connect()ed to the desired DNS server, we no longer need to pass control messages manually when sending packets. Simplify the logic accordingly.
2015-07-27resolved: transaction - introduce dns_transaction_emit()Tom Gundersen
This function emits the UDP packet via the scope, but first it will determine the current server (and connect to it) and store the server in the transaction. This should not change the behavior, but simplifies the code.
2015-07-27resolved: transaction - move a couple of functionsTom Gundersen
No functional change, but makes follow-up patch clearer.
2015-07-27resolved: transaction - move DNS UDP socket creation to the scopeTom Gundersen
With access to the server when creating the socket, we can connect() to the server and hence simplify message sending and receiving in follow-up patches.
2015-07-27resolved: transaction - close socket when changing serverTom Gundersen
Close the socket when changing the server in a transaction, in order for it to be reopened with the right server when we send the next packet. This fixes a regression where we could get stuck with a failing server.
2015-07-27resolved: transaction - don't request PKTINFO for unicast DNSTom Gundersen
This was only ever used by LLMNR, so don't request this for unicast DNS packets.
2015-07-27resloved: transaction - unify IPv4 and IPv6 socketsTom Gundersen
A transaction can only have one socket at a time, so no need to distinguish these.
2015-07-24resolved: fix DNS_TYPE_ANY vs DNS_CLASS_ANY confusionDaniel Mack
Assigning a TPYE enum value to a class variable is certainly wrong. However, they both have the same value, so the result was correct nevertheless.
2015-07-23resolve: transaction - stop processing packet when found to be invalidTom Gundersen
We were stopping the transaction, but we need to stop processing the packet alltogether.
2015-07-23resolved: packet - fix segfault in truncate()Tom Gundersen
A size_t was being accessed as a char* due to the order of arguments being inverted.
2015-07-23resolved: rr - ignore pseudo types in NSEC(3) bitmapsTom Gundersen
2015-07-23resolved: rr - fix parsing of NSEC3Tom Gundersen
We were appending rather than reading the bitmap.
2015-07-23resolved: rr - don't read past end of RR when parsing NSEC(3)Tom Gundersen
We can never read past the end of the packet, so this seems impossible to exploit, but let's error out early as reading past the end of the current RR is clearly an error. Found by Lennart, based on patch by Daniel.
2015-07-23resolved: rr - SSHFP contains the fingerprint, not the keyTom Gundersen
Rename the field to make this clearer.