tree-wide: remove Emacs lines from all files This should be handled fine now by .dir-locals.el, so need to carry that stuff in every file.

resolved: rework what ResolveHostname() with family == AF_UNSPEC means Previously, if a hostanem is resolved with AF_UNSPEC specified, this would be used as indication to resolve both an AF_INET and an AF_INET6 address. With this change this logic is altered: an AF_INET address is only resolved if there's actually a routable IPv4 address on the specific interface, and similar an AF_INET6 address is only resolved if there's a routable IPv6 address. With this in place, it's ensured that the returned data is actually connectable by applications. This logic mimics glibc's resolver behaviour. Note that if the client asks explicitly for AF_INET or AF_INET6 it will get what it asked for. This also simplifies the logic how it is determined whether a specific lookup shall take place on a scope. Specifically, the checks with dns_scope_good_key() are now moved out of the transaction code and into the query code, so that we don't even create a transaction object on a specific scope if we cannot execute the resolution on it anyway.

resolved: emit full path to file we failed to write Otherwise it's unclear if it's /etc/resolv.conf or some other file that is meant.

resolved: prorize rtnl and sd-network event sources Lets make sure we always take notice of network changes before answering client requests. This way, calls like SetLinkDNS() become race-free as the specified interface index is guarantee to have been processed if it exists before we make changes to it.

resolved: synthesize RRs for data from /etc/hosts This way the difference between lookups via NSS and our native bus API should become minimal.

resolved: log each time we increase the DNSSEC verdict counters Also, don't consider RRs that aren't primary to the lookups we do as relevant to the lookups.

resolved: rework DNSSECSupported property Not only report whether the server actually supports DNSSEC, but also first check whether DNSSEC is actually enabled for it in our local configuration. Also, export a per-link DNSSECSupported property in addition to the existing manager-wide property.

resolved: set a description on all our event sources

resolved,networkd: add a per-interface DNSSEC setting This adds a DNSSEC= setting to .network files, and makes resolved honour them.

resolved,networkd: unify ResolveSupport enum networkd previously knew an enum "ResolveSupport" for configuring per-interface LLMNR support, resolved had a similar enum just called "Support", with the same value and similar pasers. Unify this, call the enum ResolveSupport, and port both daemons to it.

basic: add string table macros for "extended boolean" enums In a couple of cases we maintain configuration settings that know an on and off state, like a boolean, plus some additional states. We generally parse them as booleans first, and if that fails check for specific additional values. This adds a generalized set of macros for parsing such settings, and ports one use in resolved and another in networkd over to it.

resolved: use right format specifier to print transaction ID

resolved: create dns scopes for mDNS Follow what LLMNR does, and create per-link DnsScope objects.

resolved: add infrastructure for mDNS related sockets Just hook up mDNS listeners with an empty packet dispather function, introduce a config directive, man page updates etc.

resolved: add a simple trust anchor database as additional RR source When doing DNSSEC lookups we need to know one or more DS or DNSKEY RRs as trust anchors to validate lookups. With this change we add a compiled-in trust anchor database, serving the root DS key as of today, retrieved from: https://data.iana.org/root-anchors/root-anchors.xml The interface is kept generic, so that additional DS or DNSKEY RRs may be served via the same interface, for example by provisioning them locally in external files to support "islands" of security. The trust anchor database becomes the fourth source of RRs we maintain, besides, the network, the local cache, and the local zone.

tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy GLIB has recently started to officially support the gcc cleanup attribute in its public API, hence let's do the same for our APIs. With this patch we'll define an xyz_unrefp() call for each public xyz_unref() call, to make it easy to use inside a __attribute__((cleanup())) expression. Then, all code is ported over to make use of this. The new calls are also documented in the man pages, with examples how to use them (well, I only added docs where the _unref() call itself already had docs, and the examples, only cover sd_bus_unrefp() and sd_event_unrefp()). This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we tend to call our destructors these days. Note that this defines no public macro that wraps gcc's attribute and makes it easier to use. While I think it's our duty in the library to make our stuff easy to use, I figure it's not our duty to make gcc's own features easy to use on its own. Most likely, client code which wants to make use of this should define its own: #define _cleanup_(function) __attribute__((cleanup(function))) Or similar, to make the gcc feature easier to use. Making this logic public has the benefit that we can remove three header files whose only purpose was to define these functions internally. See #2008.

dns-domain: rework dns_label_escape() to not imply memory allocation The new dns_label_escape() call now operates on a buffer passed in, similar to dns_label_unescape(). This should make decoding a bit faster, and nicer.

resolved: split out calls to compile full list of dns servers and search domains Let's split this out from the resolv.conf parser, so that this becomes generically useful.

resolved: unify DnsServer handling code between Link and Manager This copies concepts we introduced for the DnsSearchDomain stuff, and reworks the operations on lists of dns servers to be reusable and generic for use both with the Link and the Manager object.

resolved: add a generic DnsSearchDomain concept With this change, we add a new object to resolved, "DnsSearchDomain=" which wraps a search domain. This is then used to introduce a global search domain list, in addition to the existing per-link search domain list which is reword to make use of this new object too. This is preparation for implement proper unicast DNS search domain support.

resolved: make sure FallbackDNS= overrides built-in servers, doesn't extend them Closes #342.

resolved: rework dns server lifecycle logic Previously, there was a chance of memory corruption, because when switching to the next DNS server we didn't care whether they linked list of DNS servers was still valid. Clean up lifecycle of the dns server logic: - When a DnsServer object is still in the linked list of DnsServers for a link or the manager, indicate so with a "linked" boolean field, and never follow the linked list if that boolean is not set. - When picking a DnsServer to use for a link ot manager, always explicitly take a reference. This also rearranges some logic, to make the tracking of dns servers by link and globally more alike.

resolved: move dns server picking code from resolved-manager.c to resolved-dns-server.c

resolved: split out all code dealing with /etc/resolv.conf into its own .c file No functional changes.

resolved: unify code for parsing dns server information Let's use the same parser when parsing dns server information from /etc/resolv.conf and our native configuration file. Also, move all code that manages lists of dns servers to a single place. resolved-dns-server.c

resolved: /etc/resolved.conf missing is not an error Don't propagate any error in this case, it's really not an error.

resolved: fix minor memory leak when shuttin down We need to free the rtnl watch too.

util-lib: split out allocation calls into alloc-util.[ch]

util-lib: move string table stuff into its own string-table.[ch]

util-lib: split string parsing related calls from util.[ch] into parse-util.[ch]

util-lib: split out IO related calls to io-util.[ch]

util-lib: split out fd-related operations into fd-util.[ch] There are more than enough to deserve their own .c file, hence move them over.

util-lib: split our string related calls from util.[ch] into its own file string-util.[ch] There are more than enough calls doing string manipulations to deserve its own files, hence do something about it. This patch also sorts the #include blocks of all files that needed to be updated, according to the sorting suggestions from CODING_STYLE. Since pretty much every file needs our string manipulation functions this effectively means that most files have sorted #include blocks now. Also touches a few unrelated include files.

tree-wide: make use of log_error_errno() return value Turns this: r = -errno; log_error_errno(errno, "foo"); into this: r = log_error_errno(errno, "foo"); and this: r = log_error_errno(errno, "foo"); return r; into this: return log_error_errno(errno, "foo");

manager: close hostname fd *after* removing it epoll Otherwise the epoll removal will fail and result in a warning.

resolved: dump cache and zone contents to syslog on SIGUSR1

remove unused variables

resolved: rework synthesizing logic With this change we'll now also generate synthesized RRs for the local LLMNR hostname (first label of system hostname), the local mDNS hostname (first label of system hostname suffixed with .local), the "gateway" hostname and all the reverse PTRs. This hence takes over part of what nss-myhostname already implemented. Local hostnames resolve to the set of local IP addresses. Since the addresses are possibly on different interfaces it is necessary to change the internal DnsAnswer object to track per-RR interface indexes, and to change the bus API to always return the interface per-address rather than per-reply. This change also patches the existing clients for resolved accordingly (nss-resolve + systemd-resolve-host). This also changes the routing logic for queries slightly: we now ensure that the local hostname is never resolved via LLMNR, thus making it trustable on the local system.

Bug #944: Deletion of unnecessary checks before a few calls of systemd functions The following functions return immediately if a null pointer was passed. * calendar_spec_free * link_address_free * manager_free * sd_bus_unref * sd_journal_close * udev_monitor_unref * udev_unref It is therefore not needed that a function caller repeats a corresponding check. This issue was fixed by using the software Coccinelle 1.0.1.

resolved: scope - write() unicast DNS packets As we have connect()ed to the desired DNS server, we no longer need to pass control messages manually when sending packets. Simplify the logic accordingly.

resolved: transaction - don't request PKTINFO for unicast DNS This was only ever used by LLMNR, so don't request this for unicast DNS packets.

resolved: use one UDP socket per transaction We used to have one global socket, use one per transaction instead. This has the side-effect of giving us a random UDP port per transaction, and hence increasing the entropy and making cache poisoining significantly harder to achieve. We still reuse the same port number for packets belonging to the same transaction (resent packets).

resolved: reference count the dns servers We want to reference the servers from their active transactions, so make sure they stay around as long as the transaction does.

resolved: move LLMNR related functions into separate file

sd-netlink: rename from sd-rtnl

sd-rtnl: make joining broadcast groups implicit

resolve: move dns routines into shared

util: introduce CMSG_FOREACH() macro and make use of it everywhere It's only marginally shorter then the usual for() loop, but certainly more readable.

resolved: fix crash when shutting down Reported by Cristian Rodríguez http://lists.freedesktop.org/archives/systemd-devel/2015-May/031626.html

util: split all hostname related calls into hostname-util.c

shared: add random-util.[ch]

resolved: maintain order when writing resolv.conf entries http://lists.freedesktop.org/archives/systemd-devel/2015-March/029850.html

remove unused includes This patch removes includes that are not used. The removals were found with include-what-you-use which checks if any of the symbols from a header is in use.

include <poll.h> instead of <sys/poll.h> include-what-you-use automatically does this and it makes finding unnecessary harder to spot. The only content of poll.h is a include of sys/poll.h so should be harmless.

Revert "tree-wide: Always use recvmsg with MSG_CMSG_CLOEXEC" This reverts commit d6d810fbf8071f8510450dbacd1d083f37603656. It's apparently not OK to pass MSG_CMSG_CLOEXEC to recvmsg() of raw sockets.

tree-wide: Always use recvmsg with MSG_CMSG_CLOEXEC

treewide: fix multiple typos

resolved: when rereading /etc/resolv.conf, always start using first DNS server again Previously we tried to stick to a DNS server as long as it is available. When /etc/resolv.conf changed, and the old DNS server we used was still in there we'd continue to use it, even if it was at the end of the list. With this change we'll now always start with the first DNS server in the list again. Rationale: certain network managing implementations (notably NetworkManager) when connected to a VPN place both the VPN DNS server as well as the local DNS server in /etc/resolv.conf. If we used the local one before we would thus continue to use the local one, making VPN names unresolvable. NetworkManager really should be fixed to only place the VPN DNS servers in the file, but with this commit things are at least similarly bad as they used to be...

treewide: use log_*_errno whenever %m is in the format string If the format string contains %m, clearly errno must have a meaningful value, so we might as well use log_*_errno to have ERRNO= logged. Using: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_(debug|info|notice|warning|error|emergency)\((".*%m.*")/log_\1_errno(errno, \2/' Plus some whitespace, linewrap, and indent adjustments.

treewide: a few more log_*_errno + return simplifications The one in tmpfiles.c:create_item() even looks like it fixes a bug.

treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.

treewide: auto-convert the simple cases to log_*_errno() As a followup to 086891e5c1 "log: add an "error" parameter to all low-level logging calls and intrdouce log_error_errno() as log calls that take error numbers", use sed to convert the simple cases to use the new macros: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_(debug|info|notice|warning|error|emergency)\("(.*)%s"(.*), strerror\(-([a-zA-Z_]+)\)\);/log_\1_errno(-\4, "\2%m"\3);/' Multi-line log_*() invocations are not covered. And we also should add log_unit_*_errno().

resolved: simplify detection of packets from the loopback device We can simplify our code quite a bit if we explicitly check for the ifindex being 1 on Linux as a loopback check. Apparently, this is hardcoded on Linux on the kernel, and effectively exported to userspace via rtnl and such, hence we should be able to rely on it.

resolved: apply label to /run/systemd/resolve/resolv.conf Under an SELinux system, we want the file that is created to have a proper context, different from the default for files in /run. This is so that the policy can give access to almost everyone to this file.

resolved: split out writing of resolv.conf manager_write_resolv_conf() is quite long anyway.

hashmap: introduce hash_ops to make struct Hashmap smaller It is redundant to store 'hash' and 'compare' function pointers in struct Hashmap separately. The functions always comprise a pair. Store a single pointer to struct hash_ops instead. systemd keeps hundreds of hashmaps, so this saves a little bit of memory.

resolved: fall back to hardcoded ifindex when checking if a link is the loopback Reported by Philippe De Swert <philippedeswert@gmail.com>. Coverity CID#1237656

resolved: fix typo in log message

shared: add MAXSIZE() and use it in resolved The MAXSIZE() macro takes two types and returns the size of the larger one. It is much simpler to use than MAX(sizeof(A), sizeof(B)) and also avoids any compiler-extensions, unlike CONST_MAX() and MAX() (which are needed to avoid evaluating arguments more than once). This was suggested by Daniele Nicolodi <daniele@grinta.net>. Also make resolved use this macro instead of CONST_MAX(). This enhances readability quite a bit.

resolved: write resolv.conf search - switch arguments Found by Lukáš Nykrýn.

resolve: fix compilation on LLVM+clang LLVM+clang does not allow statement-expressions inside of type-declarations (file-scope). Use CONST_MAX() to avoid this.

resolved: pull in domain names from sd-network

resolved: skip IPv6 LLMNR if IPv6 is not available

resolved: unify logic how we flush out DNS servers we learnt

resolved: filter out duplicate DNS servers when writing resolv.conf

resolved: when picking a new hostname make sure two hosts pick different ones This way we can avoid always picking the same replacement hostnames when picking one.

resolved: verify all RRs when we come back from suspend

resolved: implement full LLMNR conflict detection logic

resolved: actually read the initial state data from networkd when we initialize

resolved: fix order in which we destroy manager resources

resolved: when there's already somebody listening on the LLMNR ports, simple disable LLMNR and warn, but continue This allows us to run resolved inside an nspawn container that shares the network namespace with the host, if there's already an instance running.

resolved: remove unused variables

resolved: flush cache each time we change to a different DNS server

resolved: read the system /etc/resolv.conf unless we wrote it ourselves This way we integrate nicely with foreign network management stacks, such as NM.

resolved: rename resolved.h to resolved-manager.h After all it pretty much exlcusively containers definitions about the "Manager" object, hence let's call this the most obvious way.

resolved: beef up DNS server configuration logic We now maintain two lists of DNS servers: system servers and fallback servers. system servers are used in combination with any per-link servers. fallback servers are only used if there are no system servers or per-link servers configured. The system server list is supposed to be populated from a foreign tool's /etc/resolv.conf (not implemented yet). Also adds a configuration switch for LLMNR, that allows configuring whether LLMNR shall be used simply for resolving or also for responding.

hostnamed: watch system hostname changes and update LLMNR RRs accordingly

resolved: implement LLMNR uniqueness verification

Properly report invalid quoted strings $ systemd-analyze verify trailing-g.service [./trailing-g.service:2] Trailing garbage, ignoring. trailing-g.service lacks ExecStart setting. Refusing. Error: org.freedesktop.systemd1.LoadFailed: Unit trailing-g.service failed to load: Invalid argument. Failed to create trailing-g.service/start: Invalid argument

Reject invalid quoted strings String which ended in an unfinished quote were accepted, potentially with bad memory accesses. Reject anything which ends in a unfished quote, or contains non-whitespace characters right after the closing quote. _FOREACH_WORD now returns the invalid character in *state. But this return value is not checked anywhere yet. Also, make 'word' and 'state' variables const pointers, and rename 'w' to 'word' in various places. Things are easier to read if the same name is used consistently. mbiebl_> am I correct that something like this doesn't work mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"' mbiebl_> systemd seems to strip of the quotes mbiebl_> systemctl status shows mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint mbiebl_> which is pretty weird

resolved: add more debug logging

resolved: set LLMNR TCP and UDP TTLs to the values suggested by the RFC

resolve: add llmnr responder side for UDP and TCP Name defending is still missing.

resolved: don't read DHCP leases networkd will expose both statically configured DNS servers and servers receieved over DHCP in sd_network_get_dns(), so no need to keep the distinction in resolved.

resolved: rework logic so that we can share transactions between queries of different clients

change type for address family to "int" Let's settle on a single type for all address family values, even if UNIX is very inconsitent on the precise type otherwise. Given that socket() is the primary entrypoint for the sockets API, and that uses "int", and "int" is relatively simple and generic, we settle on "int" for this.

resolved: add LLMNR support for looking up names

resolved: properly handle MTU logic

sd-network: fix parameter order for sd_network_monitor_new() Constructors should return the object they created as first parameter, except when they are generated as a child/member object of some other object in which case that should be first.

Let config_parse open file where applicable Special care is needed so that we get an error message if the file failed to parse, but not when it is missing. To avoid duplicating the same error check in every caller, add an additional 'warn' boolean to tell config_parse whether a message should be issued. This makes things both shorter and more robust wrt. to error reporting.

resolved: support for TCP DNS queries

dns-domain: introduce macros for accessing all DNS header fields

Constify ConfigTableItem tables

resolved: add a DNS client stub resolver Let's turn resolved into a something truly useful: a fully asynchronous DNS stub resolver that subscribes to network changes. (More to come: caching, LLMNR, mDNS/DNS-SD, DNSSEC, IDN, NSS module)

resolved: properly free network monitor

resolved: make use of union in_addr_union in resolved, too

resolved: let config_parse() open the configuration file for us

resolved: move resolv.conf to resolved's runtime dir

resolved: add daemon to manage resolv.conf Also remove the equivalent functionality from networkd.