1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-31 16:21:26 +03:00
Commit Graph

49490 Commits

Author SHA1 Message Date
Lennart Poettering
49ef064c8d resolved: refuse sending packets to our own stub listeners
A previous commit made sure that when one of our own packets is looped
back to us, we ignore it. But let's go one step further, and refuse
operation if we notice the server we talk to is our own. This way we
won't generate unnecessary traffic and can return a cleaner error.

Fixes: #17413
2021-02-14 23:12:22 +01:00
Lennart Poettering
a9fd8837d4 resolved: refuse packets looped back to us
Fixes: #17413
2021-02-14 23:12:22 +01:00
Lennart Poettering
94378145e6 resolved: rename manager_our_packet() → manager_packet_from_local_address()
Let's be more precise in naming this function, after all this doesn#t
actually check if the packet is really ours, but just that the source IP
address is a local one. Hence name it that way.

(This is preparation to add a helper that checks if packet belongs to
local transaction later on)
2021-02-14 23:12:22 +01:00
Lennart Poettering
ae49ce8761 resolved: tweak answer reserve/clone logic a bit
Let's add some overflow checks. Also, if 0 records are reserved, use
this as indication that a copy shall be done and do not grow the answer
beyond the current size.
2021-02-14 23:12:22 +01:00
Lennart Poettering
894c7b7708 resolved: gracefully handle trailing packet garbage
Similar to the previous commit: if we see trailing garbage in a DNS
packet, let's assume EDNS is borked too, and suppress it.
2021-02-14 23:05:38 +01:00
Lennart Poettering
18674159eb resolved: gracefully handle with packets with too large RR count
Apparently, there are plenty routers in place that report an incorrect
RR count in the packets: they declare more RRs than are actually
included.

Let's accept these responses, but let's downgrade them to baseline, i.e.
let's suppress OPT in this case: if they don't even get the RR count
right, let's operate on the absolute baseline, and not bother with
anything fancier such as EDNS.

Prompted-by: https://github.com/systemd/systemd/issues/12841#issuecomment-724063973

Fixes: #3980
Most likely fixes: #12841
2021-02-14 23:05:28 +01:00
Lennart Poettering
8c9c68b593 resolved: if request on stub has AD set, respond with valid AD even if DO is not set
Fixes: #6434
2021-02-14 22:59:05 +01:00
Lennart Poettering
abf4e5c1d3 units: turn off DNSSEC validation when timesyncd resolves hostnames
We have a chicken and egg problem: validation of DNSSEC signatures
doesn't work without a correct clock, but to set the correct clock we
need to contact NTP servers which requires resolving a hostname, which
would normally require DNSSEC validation.

Let's break the cycle by excluding NTP hostname resolution from
validation for now.

Of course, this leaves NTP traffic unprotected. To cover that we need
NTPSEC support, which we can add later.

Fixes: #5873 #15607
2021-02-14 22:05:18 +01:00
Lennart Poettering
aee9d18c8d nss-resolve: allow turning off validation via env var 2021-02-14 22:01:09 +01:00
Luca Boccassi
acc8890a8a
Merge pull request #18565 from poettering/randomize-answers
resolved: randomize order in local query replies
2021-02-14 19:35:54 +00:00
Ardy
4468d44a99 hwdb: Add accel orientation quirk for Reeder A8iW Tablet
Add a quirk to fix the accelerometer orientation on the
Reeder A8iW tablet.
2021-02-14 19:34:17 +00:00
Zbigniew Jędrzejewski-Szmek
86beb21302 systemctl,loginctl,machinectl: use a shared helper for arg_signal
I seems frivolous to yet another two -util.[ch] files, but the helper
should be in shared/ and it doesn't seem to fit anywhere else.
2021-02-14 15:59:09 +01:00
Lennart Poettering
3f0a7b3a32 resolved: randomize RR order in answers each time we get something from the cache
This allows some minimal, crappy load balancing.

Fixes: #16297
2021-02-14 15:43:04 +01:00
Lennart Poettering
48662847ec answer: minor refactor – move link local check into RR code 2021-02-14 15:43:01 +01:00
Lennart Poettering
5b2d8ffb5a answer: add helper for randomizing RR of answers 2021-02-14 15:42:56 +01:00
Lennart Poettering
5464c96186 random-util: add random_u64_range() that acquires a random number from a certain range, unbiased
So far we have been quite sloppy with this and ignored modulus and range
bias. Let's do something about, and add the option to do better.
2021-02-14 15:42:12 +01:00
Zbigniew Jędrzejewski-Szmek
3b5ab02119 TEST-15-DROPINS: add test for linked units 2021-02-14 15:08:49 +01:00
Zbigniew Jędrzejewski-Szmek
3aa5765843 basic/unit-file: when loading linked unit files, use link source as "fragment path"
The general idea is that when a unit file is "linked" (i.e. installed by
symlinking from outside of the search paths), the *destination* name is
irrelevant. It doesn't even have to be a valid unit name, or to match the type
or instance value. The obvious collorary is that we shouldn't look at the
symlink destination name to derive the unit name, instance value, or anything
else at all.

When building the name map, when we find a linked unit (possibly at the end
of a series of alias redirects), store the *source* of the final symlink as the
fragment path. This has two effects:
- we stop looking at the *target* file name to derive unit info, i.e. actually
  implement the stuff described in the first paragraph.
- we load the unit fragment through the symlink. If someone were to remove the
  symlink, we'll not load the unit. This seems like the right thing.

Fixes #18058.
Before this change, we were generally quite confused about unit alises for
linked units. Fortunately most poeple use the same symlink source and target,
so in practice we wouldn't hit this too often.

In unit_load_fragment() a comment is added to explain what we're doing there.
2021-02-14 14:49:00 +01:00
Zbigniew Jędrzejewski-Szmek
76e5e267fc systemctl: inline iterator declarations 2021-02-14 11:55:56 +01:00
Zbigniew Jędrzejewski-Szmek
e602abba15 basic/string-table: inline the iterator declaration 2021-02-14 11:24:45 +01:00
Luca Boccassi
26c59e4e95 NEWS: add a note about no longer probind mmcblk*boot* 2021-02-14 01:30:59 +09:00
Ansgar Burchardt
b9b4038831 NEWS: fix typo: as → at 2021-02-14 00:46:40 +09:00
Alan Perry
8db704b28b no blkid for mmcblk[0-9]boot[0-9]
Don't run blkid on mmcblk[0-9]boot[0-9] devices because they contain
bootloaders or boot parameters, and not partitions or file systems.
2021-02-13 10:38:29 +01:00
Zbigniew Jędrzejewski-Szmek
b3c57df0f5
Merge pull request #18401 from anitazha/oomdxattr
oomd: implement avoid/omit support for cgroups
2021-02-13 10:00:31 +01:00
Nick
7253850abf Added Trekstor Yourbook C11B to 60-sensor.hwdb
Added the Trekstor Yourbook C11B which is equivalent to Trekstor Primebook C11B.
2021-02-13 17:47:25 +09:00
Lennart Poettering
3ec2f7f2e3 udev: make net_setup_link builtin quiet when link vanishes while we operate on it
Fixes: #16175
2021-02-13 17:46:56 +09:00
Lennart Poettering
6b10a2e030 core: slightly improve error message on load errors
Let's be a bit more helpful when refusing jobs on units that failed to
load properly. We already have explicit D-Bus errors for the error
conditions that are common and expected (such as "not found"), but for
the rest we so far generate a fairly cryptic message.

Let's try to be friendlier towards users and suggest what to do on such
errors.

Fixes: #16487
2021-02-13 17:46:39 +09:00
Yu Watanabe
9ae4f96056
Merge pull request #18555 from yuwata/network-address-set-flag-on-remove
network: address: also set IFA_FLAGS on remove
2021-02-13 17:44:58 +09:00
Yu Watanabe
b2af6d66fb
Merge pull request #18455 from yuwata/network-change-link-state-only-when-new-address-or-route-will-be-assigned
network: change link state only when new address or route will be assigned
2021-02-13 17:43:27 +09:00
Luca Boccassi
9ba008cbc3 NEWS: mention new systemctl verb and fix typo 2021-02-13 08:41:13 +09:00
Anita Zhang
d8a4d64bc3 man: document ManagedOOMPreference= 2021-02-12 12:46:22 -08:00
Anita Zhang
4e806bfa9f oom: add unit file settings for oomd avoid/omit xattrs 2021-02-12 12:45:36 -08:00
Lennart Poettering
199d251b72
Merge pull request #18568 from keszybz/v248-prep
Start preparing for v238-rc1
2021-02-12 21:43:31 +01:00
Lennart Poettering
73b6fc7770 resolved: never route DNSSEC traffic to LLMNR/mDNS
LLMNR/mDNS don't support DNSSEC, hence there's no point in routing any
lookups asking for DNSSEC there.

This speeds up looking up DNSSEC RRs for top-level domains, since we
don't have to wait for LLMNR to complete.
2021-02-12 21:41:01 +01:00
Zbigniew Jędrzejewski-Szmek
6dd990f3dc NEWS: start preparing for v248 2021-02-12 18:51:27 +01:00
Zbigniew Jędrzejewski-Szmek
b1b0cd3920 hwdb: update for v248
As usual, it seems to be additions and updates, no major removals.
2021-02-12 18:51:27 +01:00
Zbigniew Jędrzejewski-Szmek
b85ee926a8 syscall-tables: add missing preposition and fix file name path
I added an extension in 1f6f8cc803 but
forgot to fix the consumer script.
2021-02-12 18:51:27 +01:00
Lennart Poettering
e7a8f6b66f
Merge pull request #18558 from poettering/have-tpm2
ask the uefi firmware if TPM2 support is available
2021-02-12 15:49:20 +01:00
Yu Watanabe
4a70450104 test-network: merge test_address_static and test_address_preferred_lifetime_zero_ipv6 2021-02-12 23:09:21 +09:00
Yu Watanabe
53ae4762ef network: address: do not set IFA_F_PERMANENT flag
The flag is automatically set by kernel when the valid lifetime is
infinite. Note that the flag in netlink message for IPv4 address is
ignored. See set_ifa_lifetime() in kernel's net/ipv4/devinet.c.
But the flag is honored for IPv6 address. And if the flag is set with
finite valid lifetime, the address will not removed automatically by
the kernel.
2021-02-12 23:09:21 +09:00
Yu Watanabe
a8481354f0 network: address: also set IFA_FLAGS on remove
If an address is assigned with IFA_F_MANAGETEMPADDR, then the flag must
be also set on remove. Otherwise, temporary addresses will not be
removed. See also inet6_rtm_deladdr() in kernel's net/ipv6/addrconf.c.

Fixes #13218.
2021-02-12 23:09:21 +09:00
Yu Watanabe
111ce98419 network: dhcp6: change link state into "configuring" only when a new address or route will be assigned 2021-02-12 22:44:05 +09:00
Yu Watanabe
24b445c2ce network: ndisc: change link state into "configuring" only when a new address or route will be assigned 2021-02-12 22:44:05 +09:00
Yu Watanabe
b54aed29c6 network: dhcp6: fix condtion check 2021-02-12 22:43:39 +09:00
Yu Watanabe
0ef9f3c76f network: set return value at the end of the function
The later netlink_call_async() call may fail. We should not touch the
return value when the function failed.
2021-02-12 22:43:10 +09:00
Yu Watanabe
d9eee312a7 network: make address_configure() or friends return 1 when the address is new 2021-02-12 22:43:10 +09:00
Zbigniew Jędrzejewski-Szmek
e81fd9dd23
Merge pull request #18544 from yuwata/tree-wide-use-error-in-xxx_from_string
tree-wide: use error in xxx_from_string()
2021-02-12 12:16:23 +01:00
Zbigniew Jędrzejewski-Szmek
8c2524c7fd core: pahole optimization of struct Unit
We had a lone 'bool job_running_timeout_set:1', which generated a hole. Let's
move things around a bit. The structure is a tiny bit smaller and has less
holes:
        /* size: 1192, cachelines: 19, members: 149 */
        /* sum members: 1175, holes: 3, sum holes: 11 */
        /* sum bitfield members: 27 bits, bit holes: 1, sum bit holes: 7 bits */
        /* bit_padding: 14 bits */
        /* last cacheline: 40 bytes */

        /* size: 1184, cachelines: 19, members: 149 */
        /* sum members: 1175, holes: 1, sum holes: 4 */
        /* sum bitfield members: 27 bits (3 bytes) */
        /* bit_padding: 13 bits */
        /* last cacheline: 32 bytes */
2021-02-12 11:59:59 +01:00
Zbigniew Jędrzejewski-Szmek
ef3fc326b9 manager: remove unnecessary conditional 2021-02-12 11:59:59 +01:00
Zbigniew Jędrzejewski-Szmek
9466ec13a5 core: add helper macros for deserialization
A helper function would seem more natural, but there are two reasons why a
macro is needed:
- many bool fields are bitfields, so we can't take a pointer, and using a macro
  allows us to avoid taking a pointer.
- we have a few diffent types (bool, uint64_t, FreezerState), and we can have
  type safety without specifying the type by using the macro.

This also makes the error messages more informative: they print the exact field
identifier that failed, which is more useful for debugging than a description.
2021-02-12 11:59:41 +01:00