X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fresolve%2Fresolved-dns-scope.c;h=a43359f8c59c0d28939135565c5dddb79df7e2cb;hb=d2df88ffbac8858214adb9daaf7a93122fe26a50;hp=174249a9f762f7977cda2ed2052eef71b8dc93f7;hpb=a407657425a3e47fd2b559cd3bc800f791303f63;p=elogind.git diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c index 174249a9f..a43359f8c 100644 --- a/src/resolve/resolved-dns-scope.c +++ b/src/resolve/resolved-dns-scope.c @@ -82,10 +82,10 @@ DnsScope* dns_scope_free(DnsScope *s) { dns_transaction_free(t); } - while ((rr = hashmap_steal_first(s->conflict_queue))) + while ((rr = ordered_hashmap_steal_first(s->conflict_queue))) dns_resource_record_unref(rr); - hashmap_free(s->conflict_queue); + ordered_hashmap_free(s->conflict_queue); sd_event_source_unref(s->conflict_event_source); dns_cache_flush(&s->cache); @@ -291,12 +291,18 @@ int dns_scope_tcp_socket(DnsScope *s, int family, const union in_addr_union *add return ret; } -DnsScopeMatch dns_scope_good_domain(DnsScope *s, const char *domain) { +DnsScopeMatch dns_scope_good_domain(DnsScope *s, int ifindex, uint64_t flags, const char *domain) { char **i; assert(s); assert(domain); + if (ifindex != 0 && (!s->link || s->link->ifindex != ifindex)) + return DNS_SCOPE_NO; + + if ((SD_RESOLVED_FLAGS_MAKE(s->protocol, s->family) & flags) == 0) + return DNS_SCOPE_NO; + STRV_FOREACH(i, s->domains) if (dns_name_endswith(domain, *i) > 0) return DNS_SCOPE_YES; @@ -328,7 +334,8 @@ DnsScopeMatch dns_scope_good_domain(DnsScope *s, const char *domain) { if (s->protocol == DNS_PROTOCOL_LLMNR) { if (dns_name_endswith(domain, "in-addr.arpa") > 0 || dns_name_endswith(domain, "ip6.arpa") > 0 || - dns_name_single_label(domain) > 0) + (dns_name_single_label(domain) > 0 && + dns_name_equal(domain, "gateway") <= 0)) /* don't resolve "gateway" with LLMNR, let nss-myhostname handle this */ return DNS_SCOPE_MAYBE; return DNS_SCOPE_NO; @@ -359,6 +366,13 @@ int dns_scope_good_key(DnsScope *s, DnsResourceKey *key) { int dns_scope_llmnr_membership(DnsScope *s, bool b) { int fd; + assert(s); + + if (s->protocol != DNS_PROTOCOL_LLMNR) + return 0; + + assert(s->link); + if (s->family == AF_INET) { struct ip_mreqn mreqn = { .imr_multiaddr = LLMNR_MULTICAST_IPV4_ADDRESS, @@ -373,7 +387,7 @@ int dns_scope_llmnr_membership(DnsScope *s, bool b) { * one. This is necessary on some devices, such as * veth. */ if (b) - setsockopt(fd, IPPROTO_IP, IP_DROP_MEMBERSHIP, &mreqn, sizeof(mreqn)); + (void)setsockopt(fd, IPPROTO_IP, IP_DROP_MEMBERSHIP, &mreqn, sizeof(mreqn)); if (setsockopt(fd, IPPROTO_IP, b ? IP_ADD_MEMBERSHIP : IP_DROP_MEMBERSHIP, &mreqn, sizeof(mreqn)) < 0) return -errno; @@ -389,7 +403,7 @@ int dns_scope_llmnr_membership(DnsScope *s, bool b) { return fd; if (b) - setsockopt(fd, IPPROTO_IPV6, IPV6_DROP_MEMBERSHIP, &mreq, sizeof(mreq)); + (void)setsockopt(fd, IPPROTO_IPV6, IPV6_DROP_MEMBERSHIP, &mreq, sizeof(mreq)); if (setsockopt(fd, IPPROTO_IPV6, b ? IPV6_ADD_MEMBERSHIP : IPV6_DROP_MEMBERSHIP, &mreq, sizeof(mreq)) < 0) return -errno; @@ -526,7 +540,7 @@ void dns_scope_process_query(DnsScope *s, DnsStream *stream, DnsPacket *p) { r = dns_packet_extract(p); if (r < 0) { - log_debug("Failed to extract resources from incoming packet: %s", strerror(-r)); + log_debug_errno(r, "Failed to extract resources from incoming packet: %m"); return; } @@ -538,7 +552,7 @@ void dns_scope_process_query(DnsScope *s, DnsStream *stream, DnsPacket *p) { r = dns_zone_lookup(&s->zone, p->question, &answer, &soa, &tentative); if (r < 0) { - log_debug("Failed to lookup key: %s", strerror(-r)); + log_debug_errno(r, "Failed to lookup key: %m"); return; } if (r == 0) @@ -549,7 +563,7 @@ void dns_scope_process_query(DnsScope *s, DnsStream *stream, DnsPacket *p) { r = dns_scope_make_reply_packet(s, DNS_PACKET_ID(p), DNS_RCODE_SUCCESS, p->question, answer, soa, tentative, &reply); if (r < 0) { - log_debug("Failed to build reply packet: %s", strerror(-r)); + log_debug_errno(r, "Failed to build reply packet: %m"); return; } @@ -568,7 +582,7 @@ void dns_scope_process_query(DnsScope *s, DnsStream *stream, DnsPacket *p) { return; } if (fd < 0) { - log_debug("Failed to get reply socket: %s", strerror(-fd)); + log_debug_errno(fd, "Failed to get reply socket: %m"); return; } @@ -581,7 +595,7 @@ void dns_scope_process_query(DnsScope *s, DnsStream *stream, DnsPacket *p) { } if (r < 0) { - log_debug("Failed to send reply packet: %s", strerror(-r)); + log_debug_errno(r, "Failed to send reply packet: %m"); return; } } @@ -669,19 +683,19 @@ static int on_conflict_dispatch(sd_event_source *es, usec_t usec, void *userdata _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL; _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL; - rr = hashmap_steal_first(scope->conflict_queue); + rr = ordered_hashmap_steal_first(scope->conflict_queue); if (!rr) break; r = dns_scope_make_conflict_packet(scope, rr, &p); if (r < 0) { - log_error("Failed to make conflict packet: %s", strerror(-r)); + log_error_errno(r, "Failed to make conflict packet: %m"); return 0; } r = dns_scope_emit(scope, p); if (r < 0) - log_debug("Failed to send conflict packet: %s", strerror(-r)); + log_debug_errno(r, "Failed to send conflict packet: %m"); } return 0; @@ -696,7 +710,7 @@ int dns_scope_notify_conflict(DnsScope *scope, DnsResourceRecord *rr) { /* We don't send these queries immediately. Instead, we queue * them, and send them after some jitter delay. */ - r = hashmap_ensure_allocated(&scope->conflict_queue, dns_resource_key_hash_func, dns_resource_key_compare_func); + r = ordered_hashmap_ensure_allocated(&scope->conflict_queue, &dns_resource_key_hash_ops); if (r < 0) { log_oom(); return r; @@ -705,13 +719,11 @@ int dns_scope_notify_conflict(DnsScope *scope, DnsResourceRecord *rr) { /* We only place one RR per key in the conflict * messages, not all of them. That should be enough to * indicate where there might be a conflict */ - r = hashmap_put(scope->conflict_queue, rr->key, rr); + r = ordered_hashmap_put(scope->conflict_queue, rr->key, rr); if (r == -EEXIST || r == 0) return 0; - if (r < 0) { - log_debug("Failed to queue conflicting RR: %s", strerror(-r)); - return r; - } + if (r < 0) + return log_debug_errno(r, "Failed to queue conflicting RR: %m"); dns_resource_record_ref(rr); @@ -727,10 +739,8 @@ int dns_scope_notify_conflict(DnsScope *scope, DnsResourceRecord *rr) { now(clock_boottime_or_monotonic()) + jitter, LLMNR_JITTER_INTERVAL_USEC, on_conflict_dispatch, scope); - if (r < 0) { - log_debug("Failed to add conflict dispatch event: %s", strerror(-r)); - return r; - } + if (r < 0) + return log_debug_errno(r, "Failed to add conflict dispatch event: %m"); return 0; } @@ -759,7 +769,7 @@ void dns_scope_check_conflicts(DnsScope *scope, DnsPacket *p) { r = dns_packet_extract(p); if (r < 0) { - log_debug("Failed to extract packet: %s", strerror(-r)); + log_debug_errno(r, "Failed to extract packet: %m"); return; }