| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
This query can never be answered, so let's no wait for it to timeout.
|
| |
|
| |
|
|
|
|
|
| |
As link_relevant() is called with AF_INET6, which returns true only when
the link has at least one relevant IPv6 address.
|
|
|
|
|
|
|
| |
Otherwise, if the link is not managed by systemd-networkd, mDNS cannot
be enabled without calling `resolvectl` explicitly.
Fixes #25252.
|
|
|
|
|
|
|
|
|
|
| |
Currently, NetworkManager will set DNSOverTLS according to its
`connection.dnsovertls` configuration only once during connection,
instead of every single restart of systemd-resolved, causing resolved to
lose the configuration on restart.
Fix this by persisting DNSOverTLS in the runtime state file, which will
also make it more consistent with other interface-specific settings.
|
|
|
|
| |
To make them consistent with other functions.
|
|
|
|
|
|
| |
changed
Fixes #23227.
|
|
|
|
| |
This also avoids multiple evaluations in STRV_FOREACH_BACKWARDS()
|
| |
|
|
|
|
|
|
|
| |
The function `link_relevant()` is called repeatedly in `link_allocate_scopes()`.
Let's not read networkd's link file in `link_relevant()`.
Closes #22190.
|
| |
|
| |
|
|
|
|
|
|
|
| |
In `manager_process_link()`, the function `link_update()` is called just
after `link_process_rtnl()`, and `link_update()` also calls
`link_allocate_scopes()` and `link_add_rrs()`. Hence, the calls in
`link_process_rtnl()` are redundant.
|
| |
|
| |
|
|
|
|
|
|
| |
If many interface creation/deletion occurs continuously, then resolved
becomes easily busy. Let's slightly optimize the event triggered by
sd-network.
|
|
|
|
|
|
|
|
| |
This allows resolved and importd to be built without libgcrypt.
Note that we now say either 'cryptographic library' or 'cryptolib'.
Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
|
|
|
|
|
|
|
|
|
|
| |
networkd
When networkd detects an unmanaged link, then the state is changed in
the following order:
pending -> initialized -> unmanaged
The "initialized" state was added by bd08ce56156751d58584a44e766ef61340cdae2d.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
matching interfaces
Let's preferably route traffic for reverse lookups to LLMNR/mDNS/DNS on
the matching interface if the IP address is in the local subnet. Also,
if looking up an IP address of our own host, let's avoid doing
LLMNR/mDNS at all.
This is useful if "~." is a routing domain to DNS, as it means, local
reverse lookups still go to LLMNR/mDNS, too.
Fixes: #16243 #10081
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a transaction fails and we decide to switch DNS servers, don#t do
so unconditionally. Check if the current DNS server is still the same as
when the transaction was initiated. And if not, do not do anything.
That should reduce the number of redundant DNS server switches if many
parallel transactions fail simultaneously (which is pretty likely if
DNSSEC is on).
Fixes: #17040
|
|
|
|
|
|
|
| |
The implementation is a bit ugly because we set the output variable
twice. But we were already doing this on error, so this is not
significantly worse. Doing this allows us to avoid goto's, and the
compiler should be able to figure this out and only set once.
|
| |
|
|
|
|
|
| |
We need to check for parent domains too. We did this correctly for the
system-wide NTA list, but not for the per-link one. Let's fix that.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Most error path in link_load_user() are ENOMEM. Hence, it is critical.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we're using a set with _put_strdup(), most of the time we want to use
string hash ops on the set, and free the strings when done. This defines
the appropriate a new string_hash_ops_free structure to automatically free
the keys when removing the set, and makes set_put_strdup() and set_put_strdupv()
instantiate the set with those hash ops.
hashmap_put_strdup() was already doing something similar.
(It is OK to instantiate the set earlier, possibly with a different hash ops
structure. set_put_strdup() will then use the existing set. It is also OK
to call set_free_free() instead of set_free() on a set with
string_hash_ops_free, the effect is the same, we're just overriding the
override of the cleanup function.)
No functional change intended.
|
|
|
|
|
|
|
|
|
| |
Some DNS providers need SNI to identify client.
This can be used by adding #name to a DNS.
Example:
[Resolve]
DNS=192.168.1.1#example.com
|
|
|
|
| |
Add strict mode for DNS-over-TLS, which will require TLS support from the server. Closes #10755
|
|
|
|
| |
Fixes #12285.
|
| |
|
|
|
|
|
|
| |
This also changes the type from char[IF_NAMESIZE] to char*.
By changing the type, now resolved-link.h can drop the dependency to
the header net/if.h.
|
|
|
|
|
|
|
|
| |
This is partially a refactoring, but also makes many more places use
unlocked operations implicitly, i.e. all users of fopen_temporary().
AFAICT, the uses are always for short-lived files which are not shared
externally, and are just used within the same context. Locking is not
necessary.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
default route
Previously, we'd use a link as "default" route depending on whether
there are route-only domains defined on it or not. (If there are, it
would not be used as default route, if there aren't it would.)
Let's make this explicit and add a link variable controlling this. The
variable is not changeable from the outside yet, but subsequent commits
are supposed to add that.
Note that making this configurable adds a certain amount of redundancy,
as there are now two ways to ensure a link does not receive "default"
lookup (i.e. DNS queries matching no configured route):
1. By ensuring that at least one other link configures a route on it
(for example by add "." to its search list)
2. By setting this new boolean to false.
But this is exactly what is intended with this patch: that there is an
explicit way to configure on the link itself whether it receives
'default' traffic, rather than require this to be configured on other
links.
The variable added is a tri-state: if true, the link is suitable for
recieving "default" traffic. If false, the link is not suitable for it.
If unset (i.e. negative) the original logic of "has this route-only
routes" is used, to ensure compatibility with the status quo ante.
|
|
|
|
| |
This was forgotten when DoT was added.
|
|
|
|
|
|
| |
It's quite complex, let's split this out.
No code changes, just some file rearranging.
|
|
|
|
|
|
|
|
| |
This splits out a bunch of functions from fileio.c that have to do with
temporary files. Simply to make the header files a bit shorter, and to
group things more nicely.
No code changes, just some rearranging of source files.
|
|
|
|
| |
Let's modernize things a bit.
|
|
|
|
|
|
|
| |
Now that we don't (mis-)use the env file parser to parse kernel command
lines there's no need anymore to override the used newline character
set. Let's hence drop the argument and just "\n\r" always. This nicely
simplifies our code.
|
|
|
|
|
| |
This adds dns-over-tls option to meson. If set to 'false',
systemd-resolved is not linked with libgnutls.
|
|
|
|
|
|
|
|
|
|
|
| |
These lines are generally out-of-date, incomplete and unnecessary. With
SPDX and git repository much more accurate and fine grained information
about licensing and authorship is available, hence let's drop the
per-file copyright notice. Of course, removing copyright lines of others
is problematic, hence this commit only removes my own lines and leaves
all others untouched. It might be nicer if sooner or later those could
go away too, making git the only and accurate source of authorship
information.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This part of the copyright blurb stems from the GPL use recommendations:
https://www.gnu.org/licenses/gpl-howto.en.html
The concept appears to originate in times where version control was per
file, instead of per tree, and was a way to glue the files together.
Ultimately, we nowadays don't live in that world anymore, and this
information is entirely useless anyway, as people are very welcome to
copy these files into any projects they like, and they shouldn't have to
change bits that are part of our copyright header for that.
hence, let's just get rid of this old cruft, and shorten our codebase a
bit.
|