From: Lennart Poettering Date: Tue, 29 Jul 2014 22:48:59 +0000 (+0200) Subject: resolved: when answer A or AAAA questions, order responses by whether addresses are... X-Git-Tag: v216~388 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=af93291cc4cbd2fe2fb4af7d3c56138fb39f31dc resolved: when answer A or AAAA questions, order responses by whether addresses are link-local or not --- diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c index 539bd98b5..1b2d7d52f 100644 --- a/src/network/networkd-address.c +++ b/src/network/networkd-address.c @@ -243,7 +243,7 @@ static int address_acquire(Link *link, Address *original, Address **ret) { assert(ret); /* Something useful was configured? just use it */ - if (in_addr_null(original->family, &original->in_addr) <= 0) + if (in_addr_is_null(original->family, &original->in_addr) <= 0) return 0; /* The address is configured to be 0.0.0.0 or [::] by the user? @@ -345,7 +345,7 @@ int address_configure(Address *address, Link *link, return r; } - if (!in_addr_null(address->family, &address->in_addr_peer)) { + if (!in_addr_is_null(address->family, &address->in_addr_peer)) { if (address->family == AF_INET) r = sd_rtnl_message_append_in_addr(req, IFA_ADDRESS, &address->in_addr_peer.in); else if (address->family == AF_INET6) diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c index 7db71c0b7..87bdd8564 100644 --- a/src/network/networkd-link.c +++ b/src/network/networkd-link.c @@ -283,7 +283,7 @@ static Address* link_find_dhcp_server_address(Link *link) { if (address->family != AF_INET) continue; - if (in_addr_null(address->family, &address->in_addr)) + if (in_addr_is_null(address->family, &address->in_addr)) continue; return address; diff --git a/src/resolve/resolved-dns-answer.c b/src/resolve/resolved-dns-answer.c index d90766452..93e51fc24 100644 --- a/src/resolve/resolved-dns-answer.c +++ b/src/resolve/resolved-dns-answer.c @@ -175,3 +175,34 @@ DnsAnswer *dns_answer_merge(DnsAnswer *a, DnsAnswer *b) { return k; } + +void dns_answer_order_by_scope(DnsAnswer *a, bool prefer_link_local) { + DnsResourceRecord **rrs; + unsigned i, start, end; + assert(a); + + if (a->n_rrs <= 1) + return; + + start = 0; + end = a->n_rrs-1; + + /* RFC 4795, Section 2.6 suggests we should order entries + * depending on whether the sender is a link-local address. */ + + rrs = newa(DnsResourceRecord*, a->n_rrs); + for (i = 0; i < a->n_rrs; i++) { + + if (a->rrs[i]->key->class == DNS_CLASS_IN && + ((a->rrs[i]->key->type == DNS_TYPE_A && in_addr_is_link_local(AF_INET, (union in_addr_union*) &a->rrs[i]->a.in_addr) != prefer_link_local) || + (a->rrs[i]->key->type == DNS_TYPE_AAAA && in_addr_is_link_local(AF_INET6, (union in_addr_union*) &a->rrs[i]->aaaa.in6_addr) != prefer_link_local))) + /* Order address records that are are not preferred to the end of the array */ + rrs[end--] = a->rrs[i]; + else + /* Order all other records to the beginning of the array */ + rrs[start++] = a->rrs[i]; + } + + assert(start == end+1); + memcpy(a->rrs, rrs, sizeof(DnsResourceRecord*) * a->n_rrs); +} diff --git a/src/resolve/resolved-dns-answer.h b/src/resolve/resolved-dns-answer.h index 135a421f2..268bb3853 100644 --- a/src/resolve/resolved-dns-answer.h +++ b/src/resolve/resolved-dns-answer.h @@ -42,5 +42,6 @@ int dns_answer_contains(DnsAnswer *a, DnsResourceKey *key); int dns_answer_find_soa(DnsAnswer *a, DnsResourceKey *key, DnsResourceRecord **ret); DnsAnswer *dns_answer_merge(DnsAnswer *a, DnsAnswer *b); +void dns_answer_order_by_scope(DnsAnswer *a, bool prefer_link_local); DEFINE_TRIVIAL_CLEANUP_FUNC(DnsAnswer*, dns_answer_unref); diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c index b975ac409..b17de0c88 100644 --- a/src/resolve/resolved-dns-scope.c +++ b/src/resolve/resolved-dns-scope.c @@ -483,6 +483,8 @@ void dns_scope_process_query(DnsScope *s, DnsStream *stream, DnsPacket *p) { if (r == 0) return; + dns_answer_order_by_scope(answer, in_addr_is_link_local(p->family, &p->sender) > 0); + r = dns_scope_make_reply_packet(s, DNS_PACKET_ID(p), DNS_RCODE_SUCCESS, p->question, answer, &reply); if (r < 0) { log_debug("Failed to build reply packet: %s", strerror(-r)); diff --git a/src/shared/in-addr-util.c b/src/shared/in-addr-util.c index e9a99177f..459f84617 100644 --- a/src/shared/in-addr-util.c +++ b/src/shared/in-addr-util.c @@ -23,7 +23,7 @@ #include "in-addr-util.h" -int in_addr_null(int family, const union in_addr_union *u) { +int in_addr_is_null(int family, const union in_addr_union *u) { assert(u); if (family == AF_INET) @@ -39,6 +39,17 @@ int in_addr_null(int family, const union in_addr_union *u) { return -EAFNOSUPPORT; } +int in_addr_is_link_local(int family, const union in_addr_union *u) { + assert(u); + + if (family == AF_INET) + return (be32toh(u->in.s_addr) & 0xFFFF0000) == (169U << 24 | 254U << 16); + + if (family == AF_INET6) + return IN6_IS_ADDR_LINKLOCAL(&u->in6); + + return -EAFNOSUPPORT; +} int in_addr_equal(int family, const union in_addr_union *a, const union in_addr_union *b) { assert(a); diff --git a/src/shared/in-addr-util.h b/src/shared/in-addr-util.h index cff2c321e..7d1d6baa2 100644 --- a/src/shared/in-addr-util.h +++ b/src/shared/in-addr-util.h @@ -31,7 +31,8 @@ union in_addr_union { struct in6_addr in6; }; -int in_addr_null(int family, const union in_addr_union *u); +int in_addr_is_null(int family, const union in_addr_union *u); +int in_addr_is_link_local(int family, const union in_addr_union *u); int in_addr_equal(int family, const union in_addr_union *a, const union in_addr_union *b); int in_addr_prefix_intersect(int family, const union in_addr_union *a, unsigned aprefixlen, const union in_addr_union *b, unsigned bprefixlen); int in_addr_prefix_next(int family, union in_addr_union *u, unsigned prefixlen);