summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2015-12-26resolved: internalize string buffer of dns_resource_record_to_string()Lennart Poettering
Let's simplify usage and memory management of DnsResourceRecord's dns_resource_record_to_string() call: cache the formatted string as part of the object, and return it on subsequent calls, freeing it when the DnsResourceRecord itself is freed.
2015-12-26resolved: when matching SOA RRs, don't eat up errorsLennart Poettering
2015-12-26resolved: when matching SOA RRs, honour RR classLennart Poettering
2015-12-26resolved: when looking for a SOA RR in a reply, pick the right oneLennart Poettering
If there are multiple SOA RRs, and we look for a suitable one covering our request, then make sure to pick the one that is furthest away from the root name, not just the first one we encounter.
2015-12-26resolved: when caching NXDOMAIN for an RR, make sure we flush out old ANY ↵Lennart Poettering
entries We use ANY RR keys to store NXDOMAIN information, but we previously didn't flush out old ANY RR items in the cache when adding new entries. Fix that.
2015-12-26resolved: split out a new dns_type_may_redirect() callLennart Poettering
Let's abstract which RRs shall honour CNAMEs, and which ones should not.
2015-12-26resolve-host: propagate error properlyLennart Poettering
2015-12-25Merge pull request #2197 from mscherer/add_seal_configZbigniew Jędrzejewski-Szmek
Add Seal option in the configuration file for journald-remote
2015-12-25Merge pull request #2223 from ssahani/lldpZbigniew Jędrzejewski-Szmek
Closes #2223.
2015-12-25V3 LLDP: Add packet validation (system name and description)Susant Sahani
LLDP type system name and system description should be with in 255 characters and unique. Let's add the validation to discard corrupt packets.
2015-12-25lldp: improve loggingSusant Sahani
2015-12-24Merge pull request #2153 from evverx/fix-verify-for-templatesZbigniew Jędrzejewski-Szmek
analyze: verify verifies templates too
2015-12-24Merge pull request #2216 from zonque/nameownerchangedLennart Poettering
core: re-sync bus name list after deserializing during daemon-reload
2015-12-23core: re-sync bus name list after deserializing during daemon-reloadDaniel Mack
When the daemon reloads, it doesn not actually give up its DBus connection, as wrongly stated in an earlier commit. However, even though the bus connection stays open, the daemon flushes out all its internal state. Hence, if there is a NameOwnerChanged signal after the flush and before the deserialization, it cannot be matched against any pending unit. To fix this, rename bus_list_names() to manager_sync_bus_names() and call it explicitly at the end of the daemon reload operation.
2015-12-23Merge pull request #2158 from keszybz/journal-decompressionLennart Poettering
Journal decompression fixes
2015-12-22socket: nullify pointers after freeDaniel Mack
A socket shouldn't be used after socket_done() returns, but follow the general guideline here and avoid dangling pointers anyway.
2015-12-22socket: free fdname memberDaniel Mack
Plug a small memory leak.
2015-12-21Merge pull request #2202 from zonque/nameownerchangedLennart Poettering
core: fix bus name synchronization after daemon-reload
2015-12-21sd-event: improve debugging of event source errorsDaniel Mack
Printing the pointer variable really doesn't help, so drop that. Instead, add a string lookup table for the EventSourceType enum, and print the type of event source in case of errors.
2015-12-21core: fix bus name synchronization after daemon-reloadDaniel Mack
During daemon-reload, PID1 temporarly loses its DBus connection, so there's a small window in which all signals sent by dbus-daemon are lost. This is a problem, since we rely on the NameOwnerChanged signals in order to consider a service with Type=dbus fully started or terminated, respectively. In order to fix this, a rewrite of bus_list_names() is necessary. We used to walk the current list of names on the bus, and blindly triggered the bus_name_owner_change() callback on each service, providing the actual name as current owner. This implementation has a number of problems: * We cannot detect if the the name was moved from one owner to the other while we were reloading * We don't notify services which missed the name loss signal * Providing the actual name as current owner is a hack, as the comment also admits. To fix this, this patch carries the following changes: * Track the name of the current bus name owner, and (de-)serialize it during reload. This way, we can detect changes. * In bus_list_names(), walk the list of bus names we're interested in first, and then see if the name is active on the bus. If it is, check it it's still the same as it used to be, and synthesize NameOwnerChanged signals for the name add and/or loss. This should fully synchronize the current name list with the internal state of all services.
2015-12-20resolve: fix indentationThomas Hindoe Paaboel Andersen
2015-12-20Add Seal option in the configuration file for journald-remoteMichael Scherer
While journal received remotely can be sealed, it can only be done on the command line using --seal, so for consistency, we will also permit to set it in the configuration file.
2015-12-20Merge pull request #2190 from poettering/dnssec6Tom Gundersen
Add DNSSEC proof of unsignedness and NSEC3 proof
2015-12-19Fix typo on logind-dbus.cJoost Bremmer
method_schedule_shutdown referenced org.freedesktop.login1.poweroff* which is never registered in polkit. Now refers to org.freedesktop.login1.power-off* Signed-off-by: Joost Bremmer <toost.b@gmail.com>
2015-12-18resolved: propagate DNSSEC validation status from auxiliary transactionsLennart Poettering
Let's make sure we propagate the DNSSEC validation status from an auxiliary DNSSEC transaction back to the originating transaction, to improve the error messages we generate.
2015-12-18resolved: propagate the DNSSEC result from the transaction to the query and ↵Lennart Poettering
the the bus client It's useful to generate useful errors, so let's do that.
2015-12-18resolved: rename DNS_TRANSACTION_FAILURE → DNS_TRANSACTION_RCODE_FAILURELennart Poettering
We have many types of failure for a transaction, and DNS_TRANSACTION_FAILURE was just one specific one of them, if the server responded with a non-zero RCODE. Hence let's rename this, to indicate which kind of failure this actually refers to.
2015-12-18resolved: merge two commentsLennart Poettering
2015-12-18resolved: rename dns_cache_item_remove_and_free() → _unlink_and_free()Lennart Poettering
In most of the other call, we called similar functions that remove the data structure link-ups to other objects "unlink", hence we should here, too.
2015-12-18resolved: rename dns_cache_remove() → dns_cache_remove_by_key()Lennart Poettering
Given that we already have dns_cache_remove_by_rr() this makes clearer what the operation actually does.
2015-12-18resolved: add a call that dumps the contents of a DnsAnswer structureLennart Poettering
This is not used anywhere, but it's extremely useful when debugging.
2015-12-18resolved: rework mDNS cache-flush bit handlingLennart Poettering
This adds a new DnsAnswer item flag "DNS_ANSWER_SHARED_OWNER" which is set for mDNS RRs that lack the cache-flush bit. The cache-flush bit is removed from the DnsResourceRecord object in favour of this. This also splits out the code that removes previous entries when adding new positive ones into a new separate call dns_cache_remove_previous().
2015-12-18resolved: properly determine size of DnsAnswer objectLennart Poettering
After all we want to allow NULL DnsAnswer objects as equivalent to empty ones, hence we should use the right checks everywhere.
2015-12-18resolved: pass out precise authenticated bit we got passed inLennart Poettering
Make sure the cache never altes the authenticated bit of RRs stored in it, and drops it for RRs when passing it out again.
2015-12-18resolved: don't honour mDNS cache-flush bit for OPT RRsLennart Poettering
OPT RRs after all use the class field for other purposes than actually encoding a class, hence the cache flush bit doesn't apply really.
2015-12-18resolve: optimize dns_cache_flush() a bitLennart Poettering
Let's use dns_cache_remove() rather than dns_cache_item_remove_and_free() to destroy the cache, since the former requires far fewer hash table lookups.
2015-12-18resolved: when receiving a TTL=0 RR, only flush that specific RRLennart Poettering
When we receieve a TTL=0 RR, then let's only flush that specific RR and not the whole RRset. On mDNS with RRsets that a shared-owner this is how specific RRs are removed from the set, hence support this. And on non-mDNS the whole RRset will already be removed much earlier in dns_cache_put() hence there's no reason remove it again.
2015-12-18resolved: optimize dns_cache_remove() a bitLennart Poettering
2015-12-18resolved: use dns_name_parent() where appropriateLennart Poettering
2015-12-18resolved: check SOA authentication state when negative cachingLennart Poettering
We should never use the TTL of an unauthenticated SOA to cache an authenticated RR.
2015-12-18resolved: don't call dns_cache_remove() from dns_cache_put_negative()Lennart Poettering
We call it anyway as one of the first calls in dns_cache_put(), hence there's no reason to do this multiple times.
2015-12-18resolved: bump cache size a bitLennart Poettering
Let's keep entries for longer and more of them. After all, due to the DNSSEC hookup the amount of RRs we need to store is much higher now.
2015-12-18resolved: make use of dns_{class|type}_is_{pseudo|valid_rr}() everywhereLennart Poettering
2015-12-18resolved: refuse accepting EDNS0 OPT RRs with a non-root domainLennart Poettering
2015-12-18resolved: move DNS class utilities to dns-type.c and add more helpersLennart Poettering
Let's make DNS class helpers more like DNS type helpers, let's move them from resolved-dns-rr.[ch] into dns-type.[ch]. This also adds two new calls dns_class_is_pseudo() and dns_class_is_valid_rr() which operate similar to dns_type_is_pseudo() and dns_type_is_valid_rr() but for classes instead of types. This should hopefully make handling of DNS classes and DNS types more alike.
2015-12-18resolved: update TODOLennart Poettering
2015-12-18resolved: add support NSEC3 proofs, as well as proofs for domains that are ↵Lennart Poettering
OK to be unsigned This large patch adds a couple of mechanisms to ensure we get NSEC3 and proof-of-unsigned support into place. Specifically: - Each item in an DnsAnswer gets two bit flags now: DNS_ANSWER_AUTHENTICATED and DNS_ANSWER_CACHEABLE. The former is necessary since DNS responses might contain signed as well as unsigned RRsets in one, and we need to remember which ones are signed and which ones aren't. The latter is necessary, since not we need to keep track which RRsets may be cached and which ones may not be, even while manipulating DnsAnswer objects. - The .n_answer_cachable of DnsTransaction is dropped now (it used to store how many of the first DnsAnswer entries are cachable), and replaced by the DNS_ANSWER_CACHABLE flag instead. - NSEC3 proofs are implemented now (lacking support for the wildcard part, to be added in a later commit). - Support for the "AD" bit has been dropped. It's unsafe, and now that we have end-to-end authentication we don't need it anymore. - An auxiliary DnsTransaction of a DnsTransactions is now kept around as least as long as the latter stays around. We no longer remove the auxiliary DnsTransaction as soon as it completed. THis is necessary, as we now are interested not only in the RRsets it acquired but also in its authentication status.
2015-12-18resolved: refuse to add auxiliary transactions loopsLennart Poettering
Let's be safe and explicitly avoid that we add an auxiliary transaction dependency on ourselves.
2015-12-18resolved: don't check for NULL DnsAnswer object explicitly where unnecessaryLennart Poettering
The DNS_ANSWER_FOREACH macros do this internally anyway, no need to duplicate this.
2015-12-18resolved: stop timeout timer when validating transactionsLennart Poettering
We need no separate timeout anymore as soon as we received a reply, as the auxiliary transactions have their own timeouts.