mirror of
https://github.com/systemd/systemd.git
synced 2024-12-22 17:35:35 +03:00
Merge pull request #9280 from yuwata/follow-ups-8849
Several follow-ups for #8849
This commit is contained in:
commit
6f534ceb95
@ -283,7 +283,7 @@
|
|||||||
<listitem><para>Revert the per-interface DNS configuration. If the DNS configuration is reverted all
|
<listitem><para>Revert the per-interface DNS configuration. If the DNS configuration is reverted all
|
||||||
per-interface DNS setting are reset to their defaults, undoing all effects of <option>dns</option>,
|
per-interface DNS setting are reset to their defaults, undoing all effects of <option>dns</option>,
|
||||||
<option>domain</option>, <option>llmnr</option>, <option>mdns</option>, <option>dnssec</option>,
|
<option>domain</option>, <option>llmnr</option>, <option>mdns</option>, <option>dnssec</option>,
|
||||||
<option>privatedns</option>, <option>nta=</option>. Note that when a network interface disappears all
|
<option>privatedns</option>, <option>nta</option>. Note that when a network interface disappears all
|
||||||
configuration is lost automatically, an explicit reverting is not necessary in that case.</para></listitem>
|
configuration is lost automatically, an explicit reverting is not necessary in that case.</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
@ -48,12 +48,14 @@ _resolvectl() {
|
|||||||
[LINK]='revert dns domain nta'
|
[LINK]='revert dns domain nta'
|
||||||
[RESOLVE]='llmnr mdns'
|
[RESOLVE]='llmnr mdns'
|
||||||
[DNSSEC]='dnssec'
|
[DNSSEC]='dnssec'
|
||||||
|
[PRIVATEDNS]='privatedns'
|
||||||
[STANDALONE]='statistics reset-statistics flush-caches reset-server-features'
|
[STANDALONE]='statistics reset-statistics flush-caches reset-server-features'
|
||||||
)
|
)
|
||||||
local -A ARGS=(
|
local -A ARGS=(
|
||||||
[FAMILY]='tcp udp sctp'
|
[FAMILY]='tcp udp sctp'
|
||||||
[RESOLVE]='yes no resolve'
|
[RESOLVE]='yes no resolve'
|
||||||
[DNSSEC]='yes no allow-downgrade'
|
[DNSSEC]='yes no allow-downgrade'
|
||||||
|
[PRIVATEDNS]='no opportunistic'
|
||||||
)
|
)
|
||||||
local interfaces=$( __get_interfaces )
|
local interfaces=$( __get_interfaces )
|
||||||
|
|
||||||
@ -109,7 +111,7 @@ _resolvectl() {
|
|||||||
comps=""
|
comps=""
|
||||||
fi
|
fi
|
||||||
|
|
||||||
elif __contains_word "$verb" ${VERBS[LINK]} ${VERBS[RESOLVE]} ${VERBS[DNSSEC]}; then
|
elif __contains_word "$verb" ${VERBS[LINK]} ${VERBS[RESOLVE]} ${VERBS[DNSSEC]} ${VERBS[PRIVATEDNS]}; then
|
||||||
for ((i++; i < COMP_CWORD; i++)); do
|
for ((i++; i < COMP_CWORD; i++)); do
|
||||||
if __contains_word "${COMP_WORDS[i]}" $interfaces &&
|
if __contains_word "${COMP_WORDS[i]}" $interfaces &&
|
||||||
! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG]}; then
|
! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG]}; then
|
||||||
@ -153,6 +155,22 @@ _resolvectl() {
|
|||||||
comps=''
|
comps=''
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
elif __contains_word "$verb" ${VERBS[PRIVATEDNS]}; then
|
||||||
|
name=
|
||||||
|
for ((i++; i < COMP_CWORD; i++)); do
|
||||||
|
if __contains_word "${COMP_WORDS[i]}" ${ARGS[PRIVATEDNS]} &&
|
||||||
|
! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG]}; then
|
||||||
|
name=${COMP_WORDS[i]}
|
||||||
|
break;
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
if [[ -z $name ]]; then
|
||||||
|
comps=${ARGS[PRIVATEDNS]}
|
||||||
|
else
|
||||||
|
comps=''
|
||||||
|
fi
|
||||||
|
|
||||||
else
|
else
|
||||||
comps=''
|
comps=''
|
||||||
fi
|
fi
|
||||||
|
@ -65,6 +65,9 @@ _systemd-resolve() {
|
|||||||
--set-dnssec)
|
--set-dnssec)
|
||||||
comps="yes no allow-downgrade"
|
comps="yes no allow-downgrade"
|
||||||
;;
|
;;
|
||||||
|
--set-privatedns)
|
||||||
|
comps="no opportunistic"
|
||||||
|
;;
|
||||||
esac
|
esac
|
||||||
COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
|
COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
|
||||||
return 0
|
return 0
|
||||||
|
@ -1471,6 +1471,7 @@ static int bus_property_get_ntas(
|
|||||||
static BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_dns_stub_listener_mode, dns_stub_listener_mode, DnsStubListenerMode);
|
static BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_dns_stub_listener_mode, dns_stub_listener_mode, DnsStubListenerMode);
|
||||||
static BUS_DEFINE_PROPERTY_GET(bus_property_get_dnssec_supported, "b", Manager, manager_dnssec_supported);
|
static BUS_DEFINE_PROPERTY_GET(bus_property_get_dnssec_supported, "b", Manager, manager_dnssec_supported);
|
||||||
static BUS_DEFINE_PROPERTY_GET2(bus_property_get_dnssec_mode, "s", Manager, manager_get_dnssec_mode, dnssec_mode_to_string);
|
static BUS_DEFINE_PROPERTY_GET2(bus_property_get_dnssec_mode, "s", Manager, manager_get_dnssec_mode, dnssec_mode_to_string);
|
||||||
|
static BUS_DEFINE_PROPERTY_GET2(bus_property_get_private_dns_mode, "s", Manager, manager_get_private_dns_mode, private_dns_mode_to_string);
|
||||||
|
|
||||||
static int bus_method_reset_statistics(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
static int bus_method_reset_statistics(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
||||||
Manager *m = userdata;
|
Manager *m = userdata;
|
||||||
@ -1541,6 +1542,10 @@ static int bus_method_set_link_mdns(sd_bus_message *message, void *userdata, sd_
|
|||||||
return call_link_method(userdata, message, bus_link_method_set_mdns, error);
|
return call_link_method(userdata, message, bus_link_method_set_mdns, error);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int bus_method_set_link_private_dns(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
||||||
|
return call_link_method(userdata, message, bus_link_method_set_private_dns, error);
|
||||||
|
}
|
||||||
|
|
||||||
static int bus_method_set_link_dnssec(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
static int bus_method_set_link_dnssec(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
||||||
return call_link_method(userdata, message, bus_link_method_set_dnssec, error);
|
return call_link_method(userdata, message, bus_link_method_set_dnssec, error);
|
||||||
}
|
}
|
||||||
@ -1831,6 +1836,7 @@ static const sd_bus_vtable resolve_vtable[] = {
|
|||||||
SD_BUS_PROPERTY("LLMNRHostname", "s", NULL, offsetof(Manager, llmnr_hostname), 0),
|
SD_BUS_PROPERTY("LLMNRHostname", "s", NULL, offsetof(Manager, llmnr_hostname), 0),
|
||||||
SD_BUS_PROPERTY("LLMNR", "s", bus_property_get_resolve_support, offsetof(Manager, llmnr_support), 0),
|
SD_BUS_PROPERTY("LLMNR", "s", bus_property_get_resolve_support, offsetof(Manager, llmnr_support), 0),
|
||||||
SD_BUS_PROPERTY("MulticastDNS", "s", bus_property_get_resolve_support, offsetof(Manager, mdns_support), 0),
|
SD_BUS_PROPERTY("MulticastDNS", "s", bus_property_get_resolve_support, offsetof(Manager, mdns_support), 0),
|
||||||
|
SD_BUS_PROPERTY("PrivateDNS", "s", bus_property_get_private_dns_mode, 0, 0),
|
||||||
SD_BUS_PROPERTY("DNS", "a(iiay)", bus_property_get_dns_servers, 0, 0),
|
SD_BUS_PROPERTY("DNS", "a(iiay)", bus_property_get_dns_servers, 0, 0),
|
||||||
SD_BUS_PROPERTY("FallbackDNS", "a(iiay)", bus_property_get_fallback_dns_servers, offsetof(Manager, fallback_dns_servers), SD_BUS_VTABLE_PROPERTY_CONST),
|
SD_BUS_PROPERTY("FallbackDNS", "a(iiay)", bus_property_get_fallback_dns_servers, offsetof(Manager, fallback_dns_servers), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||||
SD_BUS_PROPERTY("CurrentDNSServer", "(iiay)", bus_property_get_current_dns_server, offsetof(Manager, current_dns_server), 0),
|
SD_BUS_PROPERTY("CurrentDNSServer", "(iiay)", bus_property_get_current_dns_server, offsetof(Manager, current_dns_server), 0),
|
||||||
@ -1855,6 +1861,7 @@ static const sd_bus_vtable resolve_vtable[] = {
|
|||||||
SD_BUS_METHOD("SetLinkDomains", "ia(sb)", NULL, bus_method_set_link_domains, 0),
|
SD_BUS_METHOD("SetLinkDomains", "ia(sb)", NULL, bus_method_set_link_domains, 0),
|
||||||
SD_BUS_METHOD("SetLinkLLMNR", "is", NULL, bus_method_set_link_llmnr, 0),
|
SD_BUS_METHOD("SetLinkLLMNR", "is", NULL, bus_method_set_link_llmnr, 0),
|
||||||
SD_BUS_METHOD("SetLinkMulticastDNS", "is", NULL, bus_method_set_link_mdns, 0),
|
SD_BUS_METHOD("SetLinkMulticastDNS", "is", NULL, bus_method_set_link_mdns, 0),
|
||||||
|
SD_BUS_METHOD("SetLinkPrivateDNS", "is", NULL, bus_method_set_link_private_dns, 0),
|
||||||
SD_BUS_METHOD("SetLinkDNSSEC", "is", NULL, bus_method_set_link_dnssec, 0),
|
SD_BUS_METHOD("SetLinkDNSSEC", "is", NULL, bus_method_set_link_dnssec, 0),
|
||||||
SD_BUS_METHOD("SetLinkDNSSECNegativeTrustAnchors", "ias", NULL, bus_method_set_link_dnssec_negative_trust_anchors, 0),
|
SD_BUS_METHOD("SetLinkDNSSECNegativeTrustAnchors", "ias", NULL, bus_method_set_link_dnssec_negative_trust_anchors, 0),
|
||||||
SD_BUS_METHOD("RevertLink", "i", NULL, bus_method_revert_link, 0),
|
SD_BUS_METHOD("RevertLink", "i", NULL, bus_method_revert_link, 0),
|
||||||
|
@ -302,7 +302,7 @@ void dns_server_packet_received(DnsServer *s, int protocol, DnsServerFeatureLeve
|
|||||||
s->received_udp_packet_max = size;
|
s->received_udp_packet_max = size;
|
||||||
}
|
}
|
||||||
|
|
||||||
void dns_server_packet_lost(DnsServer *s, int protocol, DnsServerFeatureLevel level, usec_t usec) {
|
void dns_server_packet_lost(DnsServer *s, int protocol, DnsServerFeatureLevel level) {
|
||||||
assert(s);
|
assert(s);
|
||||||
assert(s->manager);
|
assert(s->manager);
|
||||||
|
|
||||||
@ -446,7 +446,7 @@ DnsServerFeatureLevel dns_server_possible_feature_level(DnsServer *s) {
|
|||||||
/* We tried to connect using DNS-over-TLS, and it didn't work. Downgrade to plaintext UDP
|
/* We tried to connect using DNS-over-TLS, and it didn't work. Downgrade to plaintext UDP
|
||||||
* if we don't require DNS-over-TLS */
|
* if we don't require DNS-over-TLS */
|
||||||
|
|
||||||
log_debug("Server doesn't support seem to support DNS-over-TLS, downgrading protocol...");
|
log_debug("Server doesn't support DNS-over-TLS, downgrading protocol...");
|
||||||
s->possible_feature_level--;
|
s->possible_feature_level--;
|
||||||
} else if (s->packet_bad_opt &&
|
} else if (s->packet_bad_opt &&
|
||||||
s->possible_feature_level >= DNS_SERVER_FEATURE_LEVEL_EDNS0) {
|
s->possible_feature_level >= DNS_SERVER_FEATURE_LEVEL_EDNS0) {
|
||||||
|
@ -110,7 +110,7 @@ void dns_server_unlink(DnsServer *s);
|
|||||||
void dns_server_move_back_and_unmark(DnsServer *s);
|
void dns_server_move_back_and_unmark(DnsServer *s);
|
||||||
|
|
||||||
void dns_server_packet_received(DnsServer *s, int protocol, DnsServerFeatureLevel level, size_t size);
|
void dns_server_packet_received(DnsServer *s, int protocol, DnsServerFeatureLevel level, size_t size);
|
||||||
void dns_server_packet_lost(DnsServer *s, int protocol, DnsServerFeatureLevel level, usec_t usec);
|
void dns_server_packet_lost(DnsServer *s, int protocol, DnsServerFeatureLevel level);
|
||||||
void dns_server_packet_truncated(DnsServer *s, DnsServerFeatureLevel level);
|
void dns_server_packet_truncated(DnsServer *s, DnsServerFeatureLevel level);
|
||||||
void dns_server_packet_rrsig_missing(DnsServer *s, DnsServerFeatureLevel level);
|
void dns_server_packet_rrsig_missing(DnsServer *s, DnsServerFeatureLevel level);
|
||||||
void dns_server_packet_bad_opt(DnsServer *s, DnsServerFeatureLevel level);
|
void dns_server_packet_bad_opt(DnsServer *s, DnsServerFeatureLevel level);
|
||||||
|
@ -467,9 +467,11 @@ static void on_transaction_stream_error(DnsTransaction *t, int error) {
|
|||||||
/* If the LLMNR/TCP connection failed, the host doesn't support LLMNR, and we cannot answer the
|
/* If the LLMNR/TCP connection failed, the host doesn't support LLMNR, and we cannot answer the
|
||||||
* question on this scope. */
|
* question on this scope. */
|
||||||
dns_transaction_complete(t, DNS_TRANSACTION_NOT_FOUND);
|
dns_transaction_complete(t, DNS_TRANSACTION_NOT_FOUND);
|
||||||
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
dns_transaction_retry(t, true);
|
dns_transaction_retry(t, true);
|
||||||
|
return;
|
||||||
}
|
}
|
||||||
if (error != 0) {
|
if (error != 0) {
|
||||||
t->answer_errno = error;
|
t->answer_errno = error;
|
||||||
@ -536,7 +538,7 @@ static int on_stream_complete(DnsStream *s, int error) {
|
|||||||
if (s->transactions) {
|
if (s->transactions) {
|
||||||
t = s->transactions;
|
t = s->transactions;
|
||||||
assert_se(sd_event_now(t->scope->manager->event, clock_boottime_or_monotonic(), &usec) >= 0);
|
assert_se(sd_event_now(t->scope->manager->event, clock_boottime_or_monotonic(), &usec) >= 0);
|
||||||
dns_server_packet_lost(t->server, IPPROTO_UDP, t->current_feature_level, usec - t->start_usec);
|
dns_server_packet_lost(t->server, IPPROTO_TCP, t->current_feature_level);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1229,7 +1231,7 @@ static int on_dns_packet(sd_event_source *s, int fd, uint32_t revents, void *use
|
|||||||
|
|
||||||
log_debug_errno(r, "Connection failure for DNS UDP packet: %m");
|
log_debug_errno(r, "Connection failure for DNS UDP packet: %m");
|
||||||
assert_se(sd_event_now(t->scope->manager->event, clock_boottime_or_monotonic(), &usec) >= 0);
|
assert_se(sd_event_now(t->scope->manager->event, clock_boottime_or_monotonic(), &usec) >= 0);
|
||||||
dns_server_packet_lost(t->server, IPPROTO_UDP, t->current_feature_level, usec - t->start_usec);
|
dns_server_packet_lost(t->server, IPPROTO_UDP, t->current_feature_level);
|
||||||
|
|
||||||
dns_transaction_retry(t, true);
|
dns_transaction_retry(t, true);
|
||||||
return 0;
|
return 0;
|
||||||
@ -1322,7 +1324,7 @@ static int on_transaction_timeout(sd_event_source *s, usec_t usec, void *userdat
|
|||||||
|
|
||||||
case DNS_PROTOCOL_DNS:
|
case DNS_PROTOCOL_DNS:
|
||||||
assert(t->server);
|
assert(t->server);
|
||||||
dns_server_packet_lost(t->server, t->stream ? IPPROTO_TCP : IPPROTO_UDP, t->current_feature_level, usec - t->start_usec);
|
dns_server_packet_lost(t->server, t->stream ? IPPROTO_TCP : IPPROTO_UDP, t->current_feature_level);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case DNS_PROTOCOL_LLMNR:
|
case DNS_PROTOCOL_LLMNR:
|
||||||
|
@ -1391,7 +1391,7 @@ PrivateDnsMode manager_get_private_dns_mode(Manager *m) {
|
|||||||
if (m->private_dns_mode != _PRIVATE_DNS_MODE_INVALID)
|
if (m->private_dns_mode != _PRIVATE_DNS_MODE_INVALID)
|
||||||
return m->private_dns_mode;
|
return m->private_dns_mode;
|
||||||
|
|
||||||
return _PRIVATE_DNS_MODE_INVALID;
|
return PRIVATE_DNS_NO;
|
||||||
}
|
}
|
||||||
|
|
||||||
void manager_dnssec_verdict(Manager *m, DnssecVerdict verdict, const DnsResourceKey *key) {
|
void manager_dnssec_verdict(Manager *m, DnssecVerdict verdict, const DnsResourceKey *key) {
|
||||||
|
@ -31,4 +31,4 @@ static const char* const private_dns_mode_table[_PRIVATE_DNS_MODE_MAX] = {
|
|||||||
[PRIVATE_DNS_NO] = "no",
|
[PRIVATE_DNS_NO] = "no",
|
||||||
[PRIVATE_DNS_OPPORTUNISTIC] = "opportunistic",
|
[PRIVATE_DNS_OPPORTUNISTIC] = "opportunistic",
|
||||||
};
|
};
|
||||||
DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(private_dns_mode, PrivateDnsMode, PRIVATE_DNS_OPPORTUNISTIC);
|
DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(private_dns_mode, PrivateDnsMode, _PRIVATE_DNS_MODE_INVALID);
|
||||||
|
Loading…
Reference in New Issue
Block a user