1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-31 16:21:26 +03:00
Commit Graph

49755 Commits

Author SHA1 Message Date
Lennart Poettering
cbf23f3853 resolved: optimize change notification handling away if bus calls set the same values as were already set
Prompted-by: #17577 (but doesn't fix this, since this commit only
handles D-Bus-induced changes, not the ones made via networkd)
2021-02-18 16:38:27 +01:00
Lennart Poettering
e4304fb8d4 basic: add set_equal() helper 2021-02-18 16:38:27 +01:00
Lennart Poettering
980821f3f0 resolved: take fragment size into consideration when determining EDNS0 udp packet size 2021-02-18 15:55:58 +01:00
Lennart Poettering
acbf761b5d resolved: let's track fragment sizes of servers/retry on fragmenting
Fragmenting sucks, let's avoid it. Thus let's start tracking the maximum
fragment size we receive.

Also, let's redo a transaction via TCP if we see fragmenting on UDP, as
effective mitigation against DNS fragment attacks.
2021-02-18 15:55:58 +01:00
Lennart Poettering
d79677ab44 resolved: tweak how we calculate MTU for sending packets
Let's take all MTU info we possibly have into account, i.e. the one
reported via netlink, as before and the one the socket might now (from
PMTUD and such), clamped by our own ideas.
2021-02-18 15:55:58 +01:00
Lennart Poettering
4565863fff resolved: add udp_header_size() helper 2021-02-18 15:55:58 +01:00
Lennart Poettering
20a001bdd7 resolved: collect incoming fragment size when receiving UDP datagrams
We can later use this to adapt our announced EDNS buffer size in order
to avoid fragmentation to make the best of large datagrams while still
avoiding he security weaknesses of it.
2021-02-18 15:42:18 +01:00
Lennart Poettering
eb170e75ab resolved: disable path MTU discovery for UDP traffic
This disables path MTU discovery both for our UDP upstream connections
and our UDP stub, following the suggestions of:

https://blog.apnic.net/2019/07/12/its-time-to-consider-avoiding-ip-fragmentation-in-the-dns/

This more or less follows the model of other DNS servers on this.
2021-02-18 15:42:18 +01:00
Дамјан Георгиевски
95aa3937da man: Rename duplicate Credentials section name
A "Credentials" section name in systemd.exec man page was used
both for User/Group and for actual credentials support in systemd.

Rename the first instance to "User/Group Identity"
2021-02-18 15:40:47 +01:00
Lennart Poettering
489344f24b networkd-test: reenable dnssec while testing
We need to list the synthesized domains as NTAs, otherwise the DNSSEC
validation of course cannot succeed.

Fixes: #10487 #5029
2021-02-18 14:12:42 +00:00
Zbigniew Jędrzejewski-Szmek
2a5095af0c
Merge pull request #18557 from poettering/enum-force-s64
force public enums to be 64bit wide
2021-02-18 14:16:15 +01:00
Susant Sahani
d75bf6cfe2 network: Add "route_localnet" sysctl support 2021-02-18 21:04:17 +09:00
Zbigniew Jędrzejewski-Szmek
d97a35e228
Merge pull request #18665 from poettering/resolved-fastopen
resolved: use TCP FASTOPEN on the local DNS stub
2021-02-18 12:55:10 +01:00
Luca Boccassi
905348da28
Merge pull request #18625 from bluca/sysext_refactor
dissect: parse and store extension-release metadata
2021-02-18 10:43:08 +00:00
Zbigniew Jędrzejewski-Szmek
a71c096850 rfkill: use short writes and accept long reads
I'm seeing the following with kernel-core-5.10.16-200.fc33.x86_64:

$ sudo SYSTEMD_LOG_LEVEL=debug build/systemd-rfkill
Reading struct rfkill_event: got 8 bytes.
A new rfkill device has been added with index 0 and type bluetooth.
Found cgroup2 on /sys/fs/cgroup/, full unified hierarchy
Found container virtualization none.
rfkill0: Operating on rfkill device 'tpacpi_bluetooth_sw'.
Writing struct rfkill_event successful (8 of 9 bytes).
Loaded state '0' from /var/lib/systemd/rfkill/platform-thinkpad_acpi:bluetooth.
Reading struct rfkill_event: got 8 bytes.
A new rfkill device has been added with index 1 and type wwan.
rfkill1: Operating on rfkill device 'tpacpi_wwan_sw'.
Writing struct rfkill_event successful (8 of 9 bytes).
Loaded state '0' from /var/lib/systemd/rfkill/platform-thinkpad_acpi:wwan.
Reading struct rfkill_event: got 8 bytes.
A new rfkill device has been added with index 2 and type bluetooth.
rfkill2: Operating on rfkill device 'hci0'.
Writing struct rfkill_event successful (8 of 9 bytes).
Loaded state '0' from /var/lib/systemd/rfkill/pci-0000:00:14.0-usb-0:7:1.0:bluetooth.
Reading struct rfkill_event: got 8 bytes.
A new rfkill device has been added with index 3 and type wlan.
rfkill3: Operating on rfkill device 'phy0'.
Writing struct rfkill_event successful (8 of 9 bytes).
Loaded state '0' from /var/lib/systemd/rfkill/pci-0000:04:00.0:wlan.
All events read and idle, exiting.

We were expecting a read of exactly RFKILL_EVENT_SIZE_V1==8 bytes. But the
structure has 9 after [1].

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=14486c82612a177cb910980c70ba900827ca0894

For some reason the kernel does not accept the full structure size, but cuts
the write short after 8 bytes:

static ssize_t rfkill_fop_write(struct file *file, const char __user *buf,
				size_t count, loff_t *pos)
{
	struct rfkill_event ev;

	/* we don't need the 'hard' variable but accept it */
	if (count < RFKILL_EVENT_SIZE_V1 - 1)
		return -EINVAL;

	/*
	 * Copy as much data as we can accept into our 'ev' buffer,
	 * but tell userspace how much we've copied so it can determine
	 * our API version even in a write() call, if it cares.
	 */
	count = min(count, sizeof(ev));
	if (copy_from_user(&ev, buf, count))
		return -EFAULT;

... so it should accept the full size. I'm not sure what is going on here.

But we don't care about the extra fields, so let's accept a write as long as
it's at least RFKILL_EVENT_SIZE_V1.

Fixes #18677.
2021-02-18 11:25:04 +01:00
Zbigniew Jędrzejewski-Szmek
6c7afdeab0 rfkill: improve error logging
If we get something of unexpected size, log the sizes. Also, don't log twice.
2021-02-18 10:40:16 +01:00
Richard Laager
f542f3b2ed Remove outdated disable_ipv6 docs
This was changed in commit 482efedc08,
which was released in v243, to only enable and never disable IPv6.

Signed-off-by: Richard Laager <rlaager@wiktel.com>
2021-02-18 16:51:27 +09:00
Lennart Poettering
dc288ffeab
Merge pull request #18596 from keszybz/systemctl-quiet-legend
systemctl: hide legends with --quiet, allow overriding
2021-02-17 23:40:04 +01:00
Lennart Poettering
a63b54eda5
Merge pull request #18651 from poettering/einval-followup
two follow-up fixes for the enum einvalification
2021-02-17 23:15:50 +01:00
Susant Sahani
176321cb95 network: DHCP option- use correct byteorder 2021-02-17 23:15:26 +01:00
Lennart Poettering
07335f7f1f
Merge pull request #18656 from yuwata/network-nexthop-tiny-cleanups
network: nexthop: tiny cleanups
2021-02-17 23:14:12 +01:00
Lennart Poettering
6e825539d2 hwdb: fix indentation
a bunch of entries use 2ch instead of 1ch indentation. Fix that.
2021-02-17 23:13:45 +01:00
Lennart Poettering
2840d6f61d
Merge pull request #18662 from yuwata/in-addr-is-set
in-addr-util: introduce in_addr_is_set() or friends
2021-02-17 23:13:27 +01:00
Zbigniew Jędrzejewski-Szmek
42a033f784 sysctl: downgrade warning about excluded keys
Our own config generates logs like this:
systemd-sysctl[1280]: Not setting net/ipv4/conf/all/rp_filter (explicit setting exists).
systemd-sysctl[1280]: Not setting net/ipv4/conf/default/rp_filter (explicit setting exists).
systemd-sysctl[1280]: Not setting net/ipv4/conf/all/accept_source_route (explicit setting exists).
systemd-sysctl[1280]: Not setting net/ipv4/conf/default/accept_source_route (explicit setting exists).
systemd-sysctl[1280]: Not setting net/ipv4/conf/all/promote_secondaries (explicit setting exists).
systemd-sysctl[1280]: Not setting net/ipv4/conf/default/promote_secondaries (explicit setting exists).

There is no error and nothing really to see.
2021-02-17 23:13:01 +01:00
Luca Boccassi
93547f2812 env-util: refactor parsing helper for SYSTEMD_SYSEXT_HIERARCHIES out of sysext 2021-02-17 21:45:31 +00:00
Luca Boccassi
d335f4c583 os-util: allow missing VERSION_ID on the host
Rolling releases, like ArchLinux, do not set VERSION_ID in
their os-release files, so allow matching simply on ID if the host
does not provide anything.
2021-02-17 21:45:31 +00:00
Luca Boccassi
7eda2d7fa5 os-util: split extension_release_validate out of sysext 2021-02-17 21:45:31 +00:00
Luca Boccassi
bcf94222a5 machine: parse and store extension-release
Follow the same pattern as os-release parsing, and store the key-value
pairs in a strv if found
2021-02-17 21:45:31 +00:00
Luca Boccassi
7718ac9721 dissect: parse, store and show extension-release info 2021-02-17 21:45:31 +00:00
Luca Boccassi
593fe6c04d dissect: store image name, following usual parsing rules
The name of '/foo/bar/baz.raw' name is 'baz'
2021-02-17 21:24:23 +00:00
Luca Boccassi
42e6a77bc5 env-util: add strv_env_pairs_get helper 2021-02-17 21:24:23 +00:00
Luca Boccassi
eb590035b9 os-util: add load_extension_release_pairs helper 2021-02-17 21:24:23 +00:00
Luca Boccassi
1d0796739c os-util: add path_is_extension_tree helper 2021-02-17 21:24:23 +00:00
Lennart Poettering
b850e51320 resolved: also use TCP tweaks on LLMNR (plus unify setsockopt() code) 2021-02-17 21:12:53 +01:00
Lennart Poettering
8624f1286a resolved: enable TCP_FASTOPEN + TCP_NODELAY on stub TCP socket
Latency matters. Four our local DNS stub it's not really that important,
but let's still do it, it's basically free after all.
2021-02-17 21:12:53 +01:00
Zbigniew Jędrzejewski-Szmek
d60bd2ffb7 shell-completion: complete --legend=no for resolvectl and systemctl
I don't think it makes sense to complete --legend=yes. It is the default, and
it would be only used very rarely (and then it is easy enough to just remove
the '=no' part from the suggested string).
2021-02-17 21:09:14 +01:00
Zbigniew Jędrzejewski-Szmek
6906da2692 systemctl: hide legends with --quiet, allow overriding
--no-legend is replaced by --legend=no.

--quiet now implies --legend=no, but --legend=yes may be used to override that.
--quiet controls hints and warnings and such, and --legend controls just the
legends. I think it makes sense to allow both to controlled independently, in
particular --quiet --legend makes sense when using systemctl in a script to
provide some user-visible output.

Fixes #18560.
2021-02-17 21:09:14 +01:00
Zbigniew Jędrzejewski-Szmek
b01031e3ff journal-remote: inline one more iterator variable declaration 2021-02-17 21:09:14 +01:00
Zbigniew Jędrzejewski-Szmek
9c7f220173 journal-remote: convert to parse_boolean_argument() and fix type confusion
We were passing a reference to 'int arg_seal' to config_parse_bool(),
which expects a 'bool *'. Luckily, this would work, because 'bool'
is smaller than 'int', so config_parse_bool() would set the least-significant
byte of arg_seal. At least I think so. But let's use consistent types ;)

Also, modernize style a bit and don't use integers in boolean context.
2021-02-17 21:08:50 +01:00
Zbigniew Jędrzejewski-Szmek
c3470872c6 tree-wide: use parse_boolean_argument() for variables with non-boolean type
This still works nicely, but we need to assign the return value ourselves.
As before, one nice effect is that error messages are uniform.
2021-02-17 21:08:47 +01:00
Zbigniew Jędrzejewski-Szmek
599c7c545f tree-wide: add a helper to parse boolean optarg
This nicely covers the case when optarg is optional. The same parser can be
used when the option string passed to getopt_long() requires a parameter and
when it doesn't.

The error messages are made consistent.
Also fixes a log error c&p in --crash-reboot message.
2021-02-17 21:06:31 +01:00
Yu Watanabe
ccbd74f602 network: NHA_ID should be always set 2021-02-18 03:56:26 +09:00
Yu Watanabe
c004cd2bbe network: constify arguments 2021-02-18 03:54:50 +09:00
Yu Watanabe
56223d926d network: introduce log_nexthop_debug() 2021-02-18 03:54:50 +09:00
Lennart Poettering
6283e71ba8
Merge pull request #18640 from poettering/resolved-dnssec-retry-harder
resolved: two dnssec retry/downgrade tweaks
2021-02-17 19:50:58 +01:00
Yu Watanabe
c633628daf tree-wide: constify variables if possible 2021-02-18 03:48:07 +09:00
Yu Watanabe
94af46fc66 network: use temporary buffer for safety 2021-02-18 03:48:07 +09:00
Yu Watanabe
5380707aba network: use in_addr_prefix_to_string() 2021-02-18 03:48:07 +09:00
Yu Watanabe
b1dea5cffa resolve: use sockaddr_in_addr() 2021-02-18 03:48:07 +09:00
Yu Watanabe
bb3b08ad98 resolve: make manager_find_ifindex() or friends return earlier 2021-02-18 03:48:07 +09:00