diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2021-12-15 11:42:59 +0100 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2021-12-15 11:47:06 +0100 |
commit | 0ad4efb14beea9148838a0d974821e3b98cafc47 (patch) | |
tree | 241f08e7b21fe542871588544d302cf9de135043 /src/resolve/resolved-manager.c | |
parent | 9d84fdec287532c0d58914c64988b3027902c4e7 (diff) | |
download | systemd-0ad4efb14beea9148838a0d974821e3b98cafc47.tar.gz |
resolved: filter out our own stub resolvers when parsing servers
We get "upstream" dns server config from ~three places: /etc/resolv.conf,
config files, and runtime config via dbus. With this commit, we'll filter out
our own stub listeners if they are configured in either of the first two
sources. For /etc/resolv.conf this is done quitely, and for our own config
files, a LOG_INFO message is emitted, since this is a small inconsistency in
the config.
Setting loops like this over dbus is still allowed. The reason is that in the
past we didn't treat this as an error, and if we were to start responding with
an error, we could break a scenario that worked previously. E.g. NM sends us a
list of servers, and one happens to be the our own. We would just not use that
stub server before, but it'd still be shown in the dbus properties and such.
We would have to return error for the whole message, also rejecting the other
valid servers. I think it's easier to just keep that part unchanged.
Test case:
$ ls -l /etc/resolv.conf
-rw-r--r-- 1 root root 57 Dec 15 10:26 /etc/resolv.conf
$ cat /etc/resolv.conf
nameserver 192.168.150.1
options edns0 trust-ad
search .
$ cat /etc/systemd/resolved.conf.d/stub.conf
[Resolve]
DNSStubListenerExtra=192.168.150.1
$ resolvectl
...
Global
resolv.conf mode: foreign
DNS Servers: 192.168.150.1
Fallback DNS Servers: ...
(with the patch):
Global
resolv.conf mode: foreign
Fallback DNS Servers: ...
Diffstat (limited to 'src/resolve/resolved-manager.c')
-rw-r--r-- | src/resolve/resolved-manager.c | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c index 6b32ee4cf0..223ef36691 100644 --- a/src/resolve/resolved-manager.c +++ b/src/resolve/resolved-manager.c @@ -1620,30 +1620,37 @@ bool manager_next_dnssd_names(Manager *m) { return tried; } -bool manager_server_is_stub(Manager *m, DnsServer *s) { +bool manager_server_address_is_stub(Manager *m, int family, const union in_addr_union *address, uint16_t port) { DnsStubListenerExtra *l; assert(m); - assert(s); + assert(address); /* Safety check: we generally already skip the main stub when parsing configuration. But let's be * extra careful, and check here again */ - if (s->family == AF_INET && - s->address.in.s_addr == htobe32(INADDR_DNS_STUB) && - dns_server_port(s) == 53) + if (family == AF_INET && + address->in.s_addr == htobe32(INADDR_DNS_STUB) && + port == 53) return true; /* Main reason to call this is to check server data against the extra listeners, and filter things * out. */ ORDERED_SET_FOREACH(l, m->dns_extra_stub_listeners) - if (s->family == l->family && - in_addr_equal(s->family, &s->address, &l->address) && - dns_server_port(s) == dns_stub_listener_extra_port(l)) + if (family == l->family && + in_addr_equal(family, address, &l->address) && + port == dns_stub_listener_extra_port(l)) return true; return false; } +bool manager_server_is_stub(Manager *m, DnsServer *s) { + assert(m); + assert(s); + + return manager_server_address_is_stub(m, s->family, &s->address, dns_server_port(s)); +} + int socket_disable_pmtud(int fd, int af) { int r; |