From b761a10797794ab3db558b962a8d7d88d85d8fba Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 13 Jun 2018 10:50:30 +0900 Subject: [PATCH 01/10] resolve: add missing bus property and method Follow-up for #8849. --- src/resolve/resolved-bus.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c index b98f862be09..bead18f82d8 100644 --- a/src/resolve/resolved-bus.c +++ b/src/resolve/resolved-bus.c @@ -1471,6 +1471,7 @@ static int bus_property_get_ntas( static BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_dns_stub_listener_mode, dns_stub_listener_mode, DnsStubListenerMode); static BUS_DEFINE_PROPERTY_GET(bus_property_get_dnssec_supported, "b", Manager, manager_dnssec_supported); static BUS_DEFINE_PROPERTY_GET2(bus_property_get_dnssec_mode, "s", Manager, manager_get_dnssec_mode, dnssec_mode_to_string); +static BUS_DEFINE_PROPERTY_GET2(bus_property_get_private_dns_mode, "s", Manager, manager_get_private_dns_mode, private_dns_mode_to_string); static int bus_method_reset_statistics(sd_bus_message *message, void *userdata, sd_bus_error *error) { Manager *m = userdata; @@ -1541,6 +1542,10 @@ static int bus_method_set_link_mdns(sd_bus_message *message, void *userdata, sd_ return call_link_method(userdata, message, bus_link_method_set_mdns, error); } +static int bus_method_set_link_private_dns(sd_bus_message *message, void *userdata, sd_bus_error *error) { + return call_link_method(userdata, message, bus_link_method_set_private_dns, error); +} + static int bus_method_set_link_dnssec(sd_bus_message *message, void *userdata, sd_bus_error *error) { return call_link_method(userdata, message, bus_link_method_set_dnssec, error); } @@ -1831,6 +1836,7 @@ static const sd_bus_vtable resolve_vtable[] = { SD_BUS_PROPERTY("LLMNRHostname", "s", NULL, offsetof(Manager, llmnr_hostname), 0), SD_BUS_PROPERTY("LLMNR", "s", bus_property_get_resolve_support, offsetof(Manager, llmnr_support), 0), SD_BUS_PROPERTY("MulticastDNS", "s", bus_property_get_resolve_support, offsetof(Manager, mdns_support), 0), + SD_BUS_PROPERTY("PrivateDNS", "s", bus_property_get_private_dns_mode, 0, 0), SD_BUS_PROPERTY("DNS", "a(iiay)", bus_property_get_dns_servers, 0, 0), SD_BUS_PROPERTY("FallbackDNS", "a(iiay)", bus_property_get_fallback_dns_servers, offsetof(Manager, fallback_dns_servers), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("CurrentDNSServer", "(iiay)", bus_property_get_current_dns_server, offsetof(Manager, current_dns_server), 0), @@ -1855,6 +1861,7 @@ static const sd_bus_vtable resolve_vtable[] = { SD_BUS_METHOD("SetLinkDomains", "ia(sb)", NULL, bus_method_set_link_domains, 0), SD_BUS_METHOD("SetLinkLLMNR", "is", NULL, bus_method_set_link_llmnr, 0), SD_BUS_METHOD("SetLinkMulticastDNS", "is", NULL, bus_method_set_link_mdns, 0), + SD_BUS_METHOD("SetLinkPrivateDNS", "is", NULL, bus_method_set_link_private_dns, 0), SD_BUS_METHOD("SetLinkDNSSEC", "is", NULL, bus_method_set_link_dnssec, 0), SD_BUS_METHOD("SetLinkDNSSECNegativeTrustAnchors", "ias", NULL, bus_method_set_link_dnssec_negative_trust_anchors, 0), SD_BUS_METHOD("RevertLink", "i", NULL, bus_method_revert_link, 0), From 8adbd8658695181201ab9abb72d850b06c9acbf5 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 13 Jun 2018 10:56:02 +0900 Subject: [PATCH 02/10] resolve: make manager_get_private_dns_mode() always return valid setting --- src/resolve/resolved-manager.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c index 7532b39be5f..f8d372f9f0a 100644 --- a/src/resolve/resolved-manager.c +++ b/src/resolve/resolved-manager.c @@ -1391,7 +1391,7 @@ PrivateDnsMode manager_get_private_dns_mode(Manager *m) { if (m->private_dns_mode != _PRIVATE_DNS_MODE_INVALID) return m->private_dns_mode; - return _PRIVATE_DNS_MODE_INVALID; + return PRIVATE_DNS_NO; } void manager_dnssec_verdict(Manager *m, DnssecVerdict verdict, const DnsResourceKey *key) { From ddf1a953016cf3b23eff842df9340a3ddfb1ef83 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 13 Jun 2018 11:00:52 +0900 Subject: [PATCH 03/10] resolve: reject PrivateDNS=yes --- src/shared/resolve-util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/shared/resolve-util.c b/src/shared/resolve-util.c index c626da5ed4f..770334f2578 100644 --- a/src/shared/resolve-util.c +++ b/src/shared/resolve-util.c @@ -31,4 +31,4 @@ static const char* const private_dns_mode_table[_PRIVATE_DNS_MODE_MAX] = { [PRIVATE_DNS_NO] = "no", [PRIVATE_DNS_OPPORTUNISTIC] = "opportunistic", }; -DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(private_dns_mode, PrivateDnsMode, PRIVATE_DNS_OPPORTUNISTIC); +DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(private_dns_mode, PrivateDnsMode, _PRIVATE_DNS_MODE_INVALID); From 1a363edad1944ce1f8fabb04725e20b57b9997ab Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 13 Jun 2018 11:16:26 +0900 Subject: [PATCH 04/10] bash-completion/resolvectl: support privatedns command --- shell-completion/bash/resolvectl | 20 +++++++++++++++++++- shell-completion/bash/systemd-resolve | 3 +++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/shell-completion/bash/resolvectl b/shell-completion/bash/resolvectl index 9ffbbbcf1ee..a8b24bc757e 100644 --- a/shell-completion/bash/resolvectl +++ b/shell-completion/bash/resolvectl @@ -48,12 +48,14 @@ _resolvectl() { [LINK]='revert dns domain nta' [RESOLVE]='llmnr mdns' [DNSSEC]='dnssec' + [PRIVATEDNS]='privatedns' [STANDALONE]='statistics reset-statistics flush-caches reset-server-features' ) local -A ARGS=( [FAMILY]='tcp udp sctp' [RESOLVE]='yes no resolve' [DNSSEC]='yes no allow-downgrade' + [PRIVATEDNS]='no opportunistic' ) local interfaces=$( __get_interfaces ) @@ -109,7 +111,7 @@ _resolvectl() { comps="" fi - elif __contains_word "$verb" ${VERBS[LINK]} ${VERBS[RESOLVE]} ${VERBS[DNSSEC]}; then + elif __contains_word "$verb" ${VERBS[LINK]} ${VERBS[RESOLVE]} ${VERBS[DNSSEC]} ${VERBS[PRIVATEDNS]}; then for ((i++; i < COMP_CWORD; i++)); do if __contains_word "${COMP_WORDS[i]}" $interfaces && ! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG]}; then @@ -153,6 +155,22 @@ _resolvectl() { comps='' fi + elif __contains_word "$verb" ${VERBS[PRIVATEDNS]}; then + name= + for ((i++; i < COMP_CWORD; i++)); do + if __contains_word "${COMP_WORDS[i]}" ${ARGS[PRIVATEDNS]} && + ! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG]}; then + name=${COMP_WORDS[i]} + break; + fi + done + + if [[ -z $name ]]; then + comps=${ARGS[PRIVATEDNS]} + else + comps='' + fi + else comps='' fi diff --git a/shell-completion/bash/systemd-resolve b/shell-completion/bash/systemd-resolve index ecd1ebad54e..7bcd13563cf 100644 --- a/shell-completion/bash/systemd-resolve +++ b/shell-completion/bash/systemd-resolve @@ -65,6 +65,9 @@ _systemd-resolve() { --set-dnssec) comps="yes no allow-downgrade" ;; + --set-privatedns) + comps="no opportunistic" + ;; esac COMPREPLY=( $(compgen -W '$comps' -- "$cur") ) return 0 From 3c0dcbcf4feeb4d5a97aa0333d9ca100264672b4 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 13 Jun 2018 12:21:54 +0900 Subject: [PATCH 05/10] resolve: fix log message --- src/resolve/resolved-dns-server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/resolve/resolved-dns-server.c b/src/resolve/resolved-dns-server.c index 133d26df672..11af29bad84 100644 --- a/src/resolve/resolved-dns-server.c +++ b/src/resolve/resolved-dns-server.c @@ -446,7 +446,7 @@ DnsServerFeatureLevel dns_server_possible_feature_level(DnsServer *s) { /* We tried to connect using DNS-over-TLS, and it didn't work. Downgrade to plaintext UDP * if we don't require DNS-over-TLS */ - log_debug("Server doesn't support seem to support DNS-over-TLS, downgrading protocol..."); + log_debug("Server doesn't support DNS-over-TLS, downgrading protocol..."); s->possible_feature_level--; } else if (s->packet_bad_opt && s->possible_feature_level >= DNS_SERVER_FEATURE_LEVEL_EDNS0) { From eab39da1fa1454531f2bd655d46cc7fdc851b9df Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 13 Jun 2018 13:13:34 +0900 Subject: [PATCH 06/10] resolve: correctly count TCP transaction failures Fixes #9281. --- src/resolve/resolved-dns-transaction.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index 7a512a55f20..6144b03165f 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -536,7 +536,7 @@ static int on_stream_complete(DnsStream *s, int error) { if (s->transactions) { t = s->transactions; assert_se(sd_event_now(t->scope->manager->event, clock_boottime_or_monotonic(), &usec) >= 0); - dns_server_packet_lost(t->server, IPPROTO_UDP, t->current_feature_level, usec - t->start_usec); + dns_server_packet_lost(t->server, IPPROTO_TCP, t->current_feature_level, usec - t->start_usec); } } From 3da3cdd592d75a8a94021c72f07cbbbdab2ffd21 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 13 Jun 2018 13:20:23 +0900 Subject: [PATCH 07/10] resolve: drop unused argument of dns_server_packet_lost() --- src/resolve/resolved-dns-server.c | 2 +- src/resolve/resolved-dns-server.h | 2 +- src/resolve/resolved-dns-transaction.c | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/resolve/resolved-dns-server.c b/src/resolve/resolved-dns-server.c index 11af29bad84..d14dfd22ea0 100644 --- a/src/resolve/resolved-dns-server.c +++ b/src/resolve/resolved-dns-server.c @@ -302,7 +302,7 @@ void dns_server_packet_received(DnsServer *s, int protocol, DnsServerFeatureLeve s->received_udp_packet_max = size; } -void dns_server_packet_lost(DnsServer *s, int protocol, DnsServerFeatureLevel level, usec_t usec) { +void dns_server_packet_lost(DnsServer *s, int protocol, DnsServerFeatureLevel level) { assert(s); assert(s->manager); diff --git a/src/resolve/resolved-dns-server.h b/src/resolve/resolved-dns-server.h index 6b62e44a190..8972fef6362 100644 --- a/src/resolve/resolved-dns-server.h +++ b/src/resolve/resolved-dns-server.h @@ -110,7 +110,7 @@ void dns_server_unlink(DnsServer *s); void dns_server_move_back_and_unmark(DnsServer *s); void dns_server_packet_received(DnsServer *s, int protocol, DnsServerFeatureLevel level, size_t size); -void dns_server_packet_lost(DnsServer *s, int protocol, DnsServerFeatureLevel level, usec_t usec); +void dns_server_packet_lost(DnsServer *s, int protocol, DnsServerFeatureLevel level); void dns_server_packet_truncated(DnsServer *s, DnsServerFeatureLevel level); void dns_server_packet_rrsig_missing(DnsServer *s, DnsServerFeatureLevel level); void dns_server_packet_bad_opt(DnsServer *s, DnsServerFeatureLevel level); diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index 6144b03165f..f2347a414bd 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -536,7 +536,7 @@ static int on_stream_complete(DnsStream *s, int error) { if (s->transactions) { t = s->transactions; assert_se(sd_event_now(t->scope->manager->event, clock_boottime_or_monotonic(), &usec) >= 0); - dns_server_packet_lost(t->server, IPPROTO_TCP, t->current_feature_level, usec - t->start_usec); + dns_server_packet_lost(t->server, IPPROTO_TCP, t->current_feature_level); } } @@ -1229,7 +1229,7 @@ static int on_dns_packet(sd_event_source *s, int fd, uint32_t revents, void *use log_debug_errno(r, "Connection failure for DNS UDP packet: %m"); assert_se(sd_event_now(t->scope->manager->event, clock_boottime_or_monotonic(), &usec) >= 0); - dns_server_packet_lost(t->server, IPPROTO_UDP, t->current_feature_level, usec - t->start_usec); + dns_server_packet_lost(t->server, IPPROTO_UDP, t->current_feature_level); dns_transaction_retry(t, true); return 0; @@ -1322,7 +1322,7 @@ static int on_transaction_timeout(sd_event_source *s, usec_t usec, void *userdat case DNS_PROTOCOL_DNS: assert(t->server); - dns_server_packet_lost(t->server, t->stream ? IPPROTO_TCP : IPPROTO_UDP, t->current_feature_level, usec - t->start_usec); + dns_server_packet_lost(t->server, t->stream ? IPPROTO_TCP : IPPROTO_UDP, t->current_feature_level); break; case DNS_PROTOCOL_LLMNR: From daab72ea445f5941e4b0a077115e6785b430a9ff Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 13 Jun 2018 13:43:36 +0900 Subject: [PATCH 08/10] resolve: do not complete stream transaction when it is under retrying --- src/resolve/resolved-dns-transaction.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index f2347a414bd..b72a990783b 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -467,9 +467,11 @@ static void on_transaction_stream_error(DnsTransaction *t, int error) { /* If the LLMNR/TCP connection failed, the host doesn't support LLMNR, and we cannot answer the * question on this scope. */ dns_transaction_complete(t, DNS_TRANSACTION_NOT_FOUND); + return; } dns_transaction_retry(t, true); + return; } if (error != 0) { t->answer_errno = error; From 92936883d541431c194bec29f08bfdbbe3f48bad Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 13 Jun 2018 14:30:51 +0900 Subject: [PATCH 09/10] resolvectl: fix indentation --- src/resolve/resolvectl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/resolve/resolvectl.c b/src/resolve/resolvectl.c index 750001d407e..8517bcc692e 100644 --- a/src/resolve/resolvectl.c +++ b/src/resolve/resolvectl.c @@ -2464,7 +2464,7 @@ static int compat_parse_argv(int argc, char *argv[]) { { "set-domain", required_argument, NULL, ARG_SET_DOMAIN }, { "set-llmnr", required_argument, NULL, ARG_SET_LLMNR }, { "set-mdns", required_argument, NULL, ARG_SET_MDNS }, - { "set-privatedns", required_argument, NULL, ARG_SET_PRIVATE }, + { "set-privatedns", required_argument, NULL, ARG_SET_PRIVATE }, { "set-dnssec", required_argument, NULL, ARG_SET_DNSSEC }, { "set-nta", required_argument, NULL, ARG_SET_NTA }, { "revert", no_argument, NULL, ARG_REVERT_LINK }, From 87cbe069e6dbb669a1e90114e9f15d2f6c4b0ed1 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 13 Jun 2018 14:34:26 +0900 Subject: [PATCH 10/10] man: drop unnecessary '=' after nta --- man/resolvectl.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/resolvectl.xml b/man/resolvectl.xml index 69c3c0f7ea1..539a785f2bb 100644 --- a/man/resolvectl.xml +++ b/man/resolvectl.xml @@ -283,7 +283,7 @@ Revert the per-interface DNS configuration. If the DNS configuration is reverted all per-interface DNS setting are reset to their defaults, undoing all effects of , , , , , - , . Note that when a network interface disappears all + , . Note that when a network interface disappears all configuration is lost automatically, an explicit reverting is not necessary in that case.