dasharo/systemd
0
0
Fork 0
mirror of https://github.com/Dasharo/systemd.git synced 2026-03-06 15:02:31 -08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #17476 from poettering/resolved-tweaks

Browse Source 
three small resolved cleanups
This commit is contained in:
Zbigniew Jędrzejewski-Szmek
2020-10-29 18:58:56 +01:00
committed by GitHub
parent ac6a1b9017 b370adb593
commit ae7e5d2037
10 changed files with 160 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
src/resolve/resolved-dns-cache.c
View File

@@ -436,20 +436,22 @@ static int dns_cache_put_positive(
dns_cache_make_space(c, 1);
i = new0(DnsCacheItem, 1);
i = new(DnsCacheItem, 1);
if (!i)
return -ENOMEM;
i->type = DNS_CACHE_POSITIVE;
i->key = dns_resource_key_ref(rr->key);
i->rr = dns_resource_record_ref(rr);
i->until = calculate_until(rr, (uint32_t) -1, timestamp, false);
i->authenticated = authenticated;
i->shared_owner = shared_owner;
i->ifindex = ifindex;
i->owner_family = owner_family;
i->owner_address = *owner_address;
i->prioq_idx = PRIOQ_IDX_NULL;
*i = (DnsCacheItem) {
.type = DNS_CACHE_POSITIVE,
.key = dns_resource_key_ref(rr->key),
.rr = dns_resource_record_ref(rr),
.until = calculate_until(rr, (uint32_t) -1, timestamp, false),
.authenticated = authenticated,
.shared_owner = shared_owner,
.ifindex = ifindex,
.owner_family = owner_family,
.owner_address = *owner_address,
.prioq_idx = PRIOQ_IDX_NULL,
};
r = dns_cache_link_item(c, i);
if (r < 0)
@@ -521,21 +523,23 @@ static int dns_cache_put_negative(
dns_cache_make_space(c, 1);
i = new0(DnsCacheItem, 1);
i = new(DnsCacheItem, 1);
if (!i)
return -ENOMEM;
i->type =
rcode == DNS_RCODE_SUCCESS ? DNS_CACHE_NODATA :
rcode == DNS_RCODE_NXDOMAIN ? DNS_CACHE_NXDOMAIN : DNS_CACHE_RCODE;
i->until =
i->type == DNS_CACHE_RCODE ? timestamp + CACHE_TTL_STRANGE_RCODE_USEC :
calculate_until(soa, nsec_ttl, timestamp, true);
i->authenticated = authenticated;
i->owner_family = owner_family;
i->owner_address = *owner_address;
i->prioq_idx = PRIOQ_IDX_NULL;
i->rcode = rcode;
*i = (DnsCacheItem) {
.type =
rcode == DNS_RCODE_SUCCESS ? DNS_CACHE_NODATA :
rcode == DNS_RCODE_NXDOMAIN ? DNS_CACHE_NXDOMAIN : DNS_CACHE_RCODE,
.until =
i->type == DNS_CACHE_RCODE ? timestamp + CACHE_TTL_STRANGE_RCODE_USEC :
calculate_until(soa, nsec_ttl, timestamp, true),
.authenticated = authenticated,
.owner_family = owner_family,
.owner_address = *owner_address,
.prioq_idx = PRIOQ_IDX_NULL,
.rcode = rcode,
};
if (i->type == DNS_CACHE_NXDOMAIN) {
/* NXDOMAIN entries should apply equally to all types, so we use ANY as

16
src/resolve/resolved-dns-packet.c
View File

@@ -75,12 +75,16 @@ int dns_packet_new(
if (!p)
return -ENOMEM;
p->size = p->rindex = DNS_PACKET_HEADER_SIZE;
p->allocated = a;
p->max_size = max_size;
p->protocol = protocol;
p->opt_start = p->opt_size = (size_t) -1;
p->n_ref = 1;
*p = (DnsPacket) {
.n_ref = 1,
.protocol = protocol,
.size = DNS_PACKET_HEADER_SIZE,
.rindex = DNS_PACKET_HEADER_SIZE,
.allocated = a,
.max_size = max_size,
.opt_start = (size_t) -1,
.opt_size = (size_t) -1,
};
*ret = p;

26
src/resolve/resolved-dns-query.c
View File

@@ -21,12 +21,14 @@ static int dns_query_candidate_new(DnsQueryCandidate **ret, DnsQuery *q, DnsScop
assert(q);
assert(s);
c = new0(DnsQueryCandidate, 1);
c = new(DnsQueryCandidate, 1);
if (!c)
return -ENOMEM;
c->query = q;
c->scope = s;
*c = (DnsQueryCandidate) {
.query = q,
.scope = s,
};
LIST_PREPEND(candidates_by_query, q->candidates, c);
LIST_PREPEND(candidates_by_scope, s->query_candidates, c);
@@ -413,17 +415,19 @@ int dns_query_new(
if (m->n_dns_queries >= QUERIES_MAX)
return -EBUSY;
q = new0(DnsQuery, 1);
q = new(DnsQuery, 1);
if (!q)
return -ENOMEM;
q->question_utf8 = dns_question_ref(question_utf8);
q->question_idna = dns_question_ref(question_idna);
q->ifindex = ifindex;
q->flags = flags;
q->answer_dnssec_result = _DNSSEC_RESULT_INVALID;
q->answer_protocol = _DNS_PROTOCOL_INVALID;
q->answer_family = AF_UNSPEC;
*q = (DnsQuery) {
.question_utf8 = dns_question_ref(question_utf8),
.question_idna = dns_question_ref(question_idna),
.ifindex = ifindex,
.flags = flags,
.answer_dnssec_result = _DNSSEC_RESULT_INVALID,
.answer_protocol = _DNS_PROTOCOL_INVALID,
.answer_family = AF_UNSPEC,
};
/* First dump UTF8 question */
DNS_QUESTION_FOREACH(key, question_utf8)

25
src/resolve/resolved-dns-rr.c
View File

@@ -97,14 +97,16 @@ DnsResourceKey* dns_resource_key_new_consume(uint16_t class, uint16_t type, char
assert(name);
k = new0(DnsResourceKey, 1);
k = new(DnsResourceKey, 1);
if (!k)
return NULL;
k->n_ref = 1;
k->class = class;
k->type = type;
k->_name = name;
*k = (DnsResourceKey) {
.n_ref = 1,
.class = class,
.type = type,
._name = name,
};
return k;
}
@@ -372,14 +374,17 @@ bool dns_resource_key_reduce(DnsResourceKey **a, DnsResourceKey **b) {
DnsResourceRecord* dns_resource_record_new(DnsResourceKey *key) {
DnsResourceRecord *rr;
rr = new0(DnsResourceRecord, 1);
rr = new(DnsResourceRecord, 1);
if (!rr)
return NULL;
rr->n_ref = 1;
rr->key = dns_resource_key_ref(key);
rr->expiry = USEC_INFINITY;
rr->n_skip_labels_signer = rr->n_skip_labels_source = (unsigned) -1;
*rr = (DnsResourceRecord) {
.n_ref = 1,
.key = dns_resource_key_ref(key),
.expiry = USEC_INFINITY,
.n_skip_labels_signer = (unsigned) -1,
.n_skip_labels_source = (unsigned) -1,
};
return rr;
}

12
src/resolve/resolved-dns-search-domain.c
View File

@@ -33,14 +33,16 @@ int dns_search_domain_new(
return -E2BIG;
}
d = new0(DnsSearchDomain, 1);
d = new(DnsSearchDomain, 1);
if (!d)
return -ENOMEM;
d->n_ref = 1;
d->manager = m;
d->type = type;
d->name = TAKE_PTR(normalized);
*d = (DnsSearchDomain) {
.n_ref = 1,
.manager = m,
.type = type,
.name = TAKE_PTR(normalized),
};
switch (type) {

21
src/resolve/resolved-dns-stub.c
View File

@@ -15,6 +15,9 @@
* IP and UDP header sizes */
#define ADVERTISE_DATAGRAM_SIZE_MAX (65536U-14U-20U-8U)
/* On the extra stubs, use a more conservative choice */
#define ADVERTISE_EXTRA_DATAGRAM_SIZE_MAX DNS_PACKET_UNICAST_SIZE_LARGE_MAX
static int manager_dns_stub_fd_extra(Manager *m, DnsStubListenerExtra *l, int type);
static void dns_stub_listener_extra_hash_func(const DnsStubListenerExtra *a, struct siphash *state) {
@@ -155,14 +158,15 @@ static int dns_stub_finish_reply_packet(
bool tc, /* set the Truncated bit? */
bool add_opt, /* add an OPT RR to this packet? */
bool edns0_do, /* set the EDNS0 DNSSEC OK bit? */
bool ad) { /* set the DNSSEC authenticated data bit? */
bool ad, /* set the DNSSEC authenticated data bit? */
uint16_t max_udp_size) { /* The maximum UDP datagram size to advertise to clients */
int r;
assert(p);
if (add_opt) {
r = dns_packet_append_opt(p, ADVERTISE_DATAGRAM_SIZE_MAX, edns0_do, /* include_rfc6975 = */ false, rcode, NULL);
r = dns_packet_append_opt(p, max_udp_size, edns0_do, /* include_rfc6975 = */ false, rcode, NULL);
if (r == -EMSGSIZE) /* Hit the size limit? then indicate truncation */
tc = true;
else if (r < 0)
@@ -245,7 +249,15 @@ static int dns_stub_send_failure(
if (r < 0)
return log_debug_errno(r, "Failed to make failure packet: %m");
r = dns_stub_finish_reply_packet(reply, DNS_PACKET_ID(p), rcode, false, !!p->opt, DNS_PACKET_DO(p), authenticated);
r = dns_stub_finish_reply_packet(
reply,
DNS_PACKET_ID(p),
rcode,
/* truncated = */ false,
!!p->opt,
DNS_PACKET_DO(p),
authenticated,
l ? ADVERTISE_EXTRA_DATAGRAM_SIZE_MAX : ADVERTISE_DATAGRAM_SIZE_MAX);
if (r < 0)
return log_debug_errno(r, "Failed to build failure packet: %m");
@@ -290,7 +302,8 @@ static void dns_stub_query_complete(DnsQuery *q) {
truncated,
!!q->request_dns_packet->opt,
DNS_PACKET_DO(q->request_dns_packet),
dns_query_fully_authenticated(q));
dns_query_fully_authenticated(q),
q->stub_listener_extra ? ADVERTISE_EXTRA_DATAGRAM_SIZE_MAX : ADVERTISE_DATAGRAM_SIZE_MAX);
if (r < 0) {
log_debug_errno(r, "Failed to finish reply packet: %m");
break;

111
src/resolve/resolved-dns-transaction.c
View File

@@ -194,19 +194,20 @@ int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsResourceKey *key)
if (r < 0)
return r;
t = new0(DnsTransaction, 1);
t = new(DnsTransaction, 1);
if (!t)
return -ENOMEM;
t->dns_udp_fd = -1;
t->answer_source = _DNS_TRANSACTION_SOURCE_INVALID;
t->answer_dnssec_result = _DNSSEC_RESULT_INVALID;
t->answer_nsec_ttl = (uint32_t) -1;
t->key = dns_resource_key_ref(key);
t->current_feature_level = _DNS_SERVER_FEATURE_LEVEL_INVALID;
t->clamp_feature_level = _DNS_SERVER_FEATURE_LEVEL_INVALID;
t->id = pick_new_id(s->manager);
*t = (DnsTransaction) {
.dns_udp_fd = -1,
.answer_source = _DNS_TRANSACTION_SOURCE_INVALID,
.answer_dnssec_result = _DNSSEC_RESULT_INVALID,
.answer_nsec_ttl = (uint32_t) -1,
.key = dns_resource_key_ref(key),
.current_feature_level = _DNS_SERVER_FEATURE_LEVEL_INVALID,
.clamp_feature_level = _DNS_SERVER_FEATURE_LEVEL_INVALID,
.id = pick_new_id(s->manager),
};
r = hashmap_put(s->manager->dns_transactions, UINT_TO_PTR(t->id), t);
if (r < 0) {
@@ -1112,60 +1113,54 @@ void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p) {
if (r > 0) /* Transaction got restarted... */
return;
if (IN_SET(t->scope->protocol, DNS_PROTOCOL_DNS, DNS_PROTOCOL_LLMNR, DNS_PROTOCOL_MDNS)) {
/* When dealing with protocols other than mDNS only consider responses with
* equivalent query section to the request. For mDNS this check doesn't make
* sense, because the section 6 of RFC6762 states that "Multicast DNS responses MUST NOT
* contain any questions in the Question Section". */
if (t->scope->protocol != DNS_PROTOCOL_MDNS) {
r = dns_packet_is_reply_for(p, t->key);
if (r < 0)
goto fail;
if (r == 0) {
dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
return;
}
}
/* Install the answer as answer to the transaction */
dns_answer_unref(t->answer);
t->answer = dns_answer_ref(p->answer);
t->answer_rcode = DNS_PACKET_RCODE(p);
t->answer_dnssec_result = _DNSSEC_RESULT_INVALID;
t->answer_authenticated = false;
r = dns_transaction_fix_rcode(t);
/* When dealing with protocols other than mDNS only consider responses with equivalent query section
* to the request. For mDNS this check doesn't make sense, because the section 6 of RFC6762 states
* that "Multicast DNS responses MUST NOT contain any questions in the Question Section". */
if (t->scope->protocol != DNS_PROTOCOL_MDNS) {
r = dns_packet_is_reply_for(p, t->key);
if (r < 0)
goto fail;
/* Block GC while starting requests for additional DNSSEC RRs */
t->block_gc++;
r = dns_transaction_request_dnssec_keys(t);
t->block_gc--;
/* Maybe the transaction is ready for GC'ing now? If so, free it and return. */
if (!dns_transaction_gc(t))
return;
/* Requesting additional keys might have resulted in
* this transaction to fail, since the auxiliary
* request failed for some reason. If so, we are not
* in pending state anymore, and we should exit
* quickly. */
if (t->state != DNS_TRANSACTION_PENDING)
return;
if (r < 0)
goto fail;
if (r > 0) {
/* There are DNSSEC transactions pending now. Update the state accordingly. */
t->state = DNS_TRANSACTION_VALIDATING;
dns_transaction_close_connection(t);
dns_transaction_stop_timeout(t);
if (r == 0) {
dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
return;
}
}
/* Install the answer as answer to the transaction */
dns_answer_unref(t->answer);
t->answer = dns_answer_ref(p->answer);
t->answer_rcode = DNS_PACKET_RCODE(p);
t->answer_dnssec_result = _DNSSEC_RESULT_INVALID;
t->answer_authenticated = false;
r = dns_transaction_fix_rcode(t);
if (r < 0)
goto fail;
/* Block GC while starting requests for additional DNSSEC RRs */
t->block_gc++;
r = dns_transaction_request_dnssec_keys(t);
t->block_gc--;
/* Maybe the transaction is ready for GC'ing now? If so, free it and return. */
if (!dns_transaction_gc(t))
return;
/* Requesting additional keys might have resulted in this transaction to fail, since the auxiliary
* request failed for some reason. If so, we are not in pending state anymore, and we should exit
* quickly. */
if (t->state != DNS_TRANSACTION_PENDING)
return;
if (r < 0)
goto fail;
if (r > 0) {
/* There are DNSSEC transactions pending now. Update the state accordingly. */
t->state = DNS_TRANSACTION_VALIDATING;
dns_transaction_close_connection(t);
dns_transaction_stop_timeout(t);
return;
}
dns_transaction_process_dnssec(t);
return;

10
src/resolve/resolved-dns-zone.c
View File

@@ -231,13 +231,15 @@ int dns_zone_put(DnsZone *z, DnsScope *s, DnsResourceRecord *rr, bool probe) {
if (r < 0)
return r;
i = new0(DnsZoneItem, 1);
i = new(DnsZoneItem, 1);
if (!i)
return -ENOMEM;
i->scope = s;
i->rr = dns_resource_record_ref(rr);
i->probing_enabled = probe;
*i = (DnsZoneItem) {
.scope = s,
.rr = dns_resource_record_ref(rr),
.probing_enabled = probe,
};
r = dns_zone_link_item(z, i);
if (r < 0)

6
src/resolve/resolved-etc-hosts.c
View File

@@ -80,11 +80,13 @@ static int parse_line(EtcHosts *hosts, unsigned nr, const char *line) {
if (r < 0)
return log_oom();
item = new0(EtcHostsItem, 1);
item = new(EtcHostsItem, 1);
if (!item)
return log_oom();
item->address = address;
*item = (EtcHostsItem) {
.address = address,
};
r = hashmap_put(hosts->by_address, &item->address, item);
if (r < 0) {

10
src/resolve/resolved-link.c
View File

@@ -818,14 +818,16 @@ int link_address_new(Link *l, LinkAddress **ret, int family, const union in_addr
assert(l);
assert(in_addr);
a = new0(LinkAddress, 1);
a = new(LinkAddress, 1);
if (!a)
return -ENOMEM;
a->family = family;
a->in_addr = *in_addr;
*a = (LinkAddress) {
.family = family,
.in_addr = *in_addr,
.link = l,
};
a->link = l;
LIST_PREPEND(addresses, l->addresses, a);
l->n_addresses++;