resolved: instead of closing DNS UDP transaction fds right-away, add them to a socket "graveyard"

The "socket graveyard" shall contain sockets we have sent a question out
of, but not received a reply. If we'd close thus sockets immediately
when we are not interested anymore, we'd trigger ICMP port unreachable
messages once we after all *do* get a reply. Let's avoid that, by
leaving the fds open for a bit longer, until a timeout is reached or a
reply datagram received.

Fixes: #17421

1 files changed, 5 insertions, 0 deletions

diff --git a/src/resolve/resolved-manager.h b/src/resolve/resolved-manager.h
index 4dc55e6e41..90f5586230 100644
--- a/src/resolve/resolved-manager.h
+++ b/src/resolve/resolved-manager.h
@@ -21,6 +21,7 @@ typedef struct Manager Manager;
 #include "resolved-dns-stub.h"
 #include "resolved-dns-trust-anchor.h"
 #include "resolved-link.h"
+#include "resolved-socket-graveyard.h"
 
 #define MANAGER_SEARCH_DOMAINS_MAX 256
 #define MANAGER_DNS_SERVERS_MAX 256
@@ -144,6 +145,10 @@ struct Manager {
         VarlinkServer *varlink_server;
 
         sd_event_source *clock_change_event_source;
+
+        LIST_HEAD(SocketGraveyard, socket_graveyard);
+        SocketGraveyard *socket_graveyard_oldest;
+        size_t n_socket_graveyard;
 };
 
 /* Manager */