resolve: refuse mdns scope for ipv4 broadcast addresses

This query can never be answered, so let's no wait for it to timeout.
author: Ronan Pigott <ronan@rjp.ie> 2023-03-27 09:43:58 -0700
committer: Lennart Poettering <lennart@poettering.net> 2023-04-05 13:27:16 +0200
commit: cad0fc7a1363b3221566d37092b5cc7576e65d1f (patch)
tree: 7a0a1abf762c55ee08be8e222ad9e6e1c180ddaf /src/resolve
parent: effd05626df09872e4474baa3c3c3952999e001c (diff)
download: systemd-cad0fc7a1363b3221566d37092b5cc7576e65d1f.tar.gz
4 files changed, 22 insertions, 4 deletions
diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c
index c95875ec10..45f1d36311 100644
--- a/src/resolve/resolved-dns-scope.c
+++ b/src/resolve/resolved-dns-scope.c
@@ -556,6 +556,9 @@ static DnsScopeMatch match_subnet_reverse_lookups(
         if (s->family != AF_UNSPEC && f != s->family)
                 return _DNS_SCOPE_MATCH_INVALID; /* Don't look for IPv4 addresses on LLMNR/mDNS over IPv6 and vice versa */
 
+        if (in_addr_is_null(f, &ia))
+                return DNS_SCOPE_NO;
+
         LIST_FOREACH(addresses, a, s->link->addresses) {
 
                 if (a->family != f)
@@ -569,6 +572,10 @@ static DnsScopeMatch match_subnet_reverse_lookups(
                 if (a->prefixlen == UCHAR_MAX) /* don't know subnet mask */
                         continue;
 
+                /* Don't send mDNS queries for the IPv4 broadcast address */
+                if (f == AF_INET && in_addr_equal(f, &a->in_addr_broadcast, &ia) > 0)
+                        return DNS_SCOPE_NO;
+
                 /* Check if the address is in the local subnet */
                 r = in_addr_prefix_covers(f, &a->in_addr, a->prefixlen, &ia);
                 if (r < 0)
diff --git a/src/resolve/resolved-link.c b/src/resolve/resolved-link.c
index 70e726e417..9385b75e4b 100644
--- a/src/resolve/resolved-link.c
+++ b/src/resolve/resolved-link.c
@@ -816,7 +816,11 @@ ResolveSupport link_get_mdns_support(Link *link) {
         return MIN(link->mdns_support, link->manager->mdns_support);
 }
 
-int link_address_new(Link *l, LinkAddress **ret, int family, const union in_addr_union *in_addr) {
+int link_address_new(Link *l,
+                LinkAddress **ret,
+                int family,
+                const union in_addr_union *in_addr,
+                const union in_addr_union *in_addr_broadcast) {
         LinkAddress *a;
 
         assert(l);
@@ -829,6 +833,7 @@ int link_address_new(Link *l, LinkAddress **ret, int family, const union in_addr
         *a = (LinkAddress) {
                 .family = family,
                 .in_addr = *in_addr,
+                .in_addr_broadcast = *in_addr_broadcast,
                 .link = l,
                 .prefixlen = UCHAR_MAX,
         };
diff --git a/src/resolve/resolved-link.h b/src/resolve/resolved-link.h
index d2043a1000..0695a6ff83 100644
--- a/src/resolve/resolved-link.h
+++ b/src/resolve/resolved-link.h
@@ -26,6 +26,7 @@ struct LinkAddress {
 
         int family;
         union in_addr_union in_addr;
+        union in_addr_union in_addr_broadcast;
         unsigned char prefixlen;
 
         unsigned char flags, scope;
@@ -111,7 +112,11 @@ int link_save_user(Link *l);
 int link_load_user(Link *l);
 void link_remove_user(Link *l);
 
-int link_address_new(Link *l, LinkAddress **ret, int family, const union in_addr_union *in_addr);
+int link_address_new(Link *l,
+                LinkAddress **ret,
+                int family,
+                const union in_addr_union *in_addr,
+                const union in_addr_union *in_addr_broadcast);
 LinkAddress *link_address_free(LinkAddress *a);
 int link_address_update_rtnl(LinkAddress *a, sd_netlink_message *m);
 bool link_address_relevant(LinkAddress *l, bool local_multicast);
diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c
index ec854774af..57e26f4975 100644
--- a/src/resolve/resolved-manager.c
+++ b/src/resolve/resolved-manager.c
@@ -106,7 +106,7 @@ fail:
 
 static int manager_process_address(sd_netlink *rtnl, sd_netlink_message *mm, void *userdata) {
         Manager *m = ASSERT_PTR(userdata);
-        union in_addr_union address;
+        union in_addr_union address, broadcast = {};
         uint16_t type;
         int r, ifindex, family;
         LinkAddress *a;
@@ -134,6 +134,7 @@ static int manager_process_address(sd_netlink *rtnl, sd_netlink_message *mm, voi
         switch (family) {
 
         case AF_INET:
+                sd_netlink_message_read_in_addr(mm, IFA_BROADCAST, &broadcast.in);
                 r = sd_netlink_message_read_in_addr(mm, IFA_LOCAL, &address.in);
                 if (r < 0) {
                         r = sd_netlink_message_read_in_addr(mm, IFA_ADDRESS, &address.in);
@@ -164,7 +165,7 @@ static int manager_process_address(sd_netlink *rtnl, sd_netlink_message *mm, voi
         case RTM_NEWADDR:
 
                 if (!a) {
-                        r = link_address_new(l, &a, family, &address);
+                        r = link_address_new(l, &a, family, &address, &broadcast);
                         if (r < 0)
                                 return r;
                 }
author	Ronan Pigott <ronan@rjp.ie>	2023-03-27 09:43:58 -0700
committer	Lennart Poettering <lennart@poettering.net>	2023-04-05 13:27:16 +0200
commit	cad0fc7a1363b3221566d37092b5cc7576e65d1f (patch)
tree	7a0a1abf762c55ee08be8e222ad9e6e1c180ddaf /src/resolve
parent	effd05626df09872e4474baa3c3c3952999e001c (diff)
download	systemd-cad0fc7a1363b3221566d37092b5cc7576e65d1f.tar.gz