systemd-252-4

Resolves: #2138081,#2159448
This commit is contained in:
Jan Macku 2023-02-06 12:28:47 +01:00
parent b81de9fb53
commit 2d7302fd0b
29 changed files with 2386 additions and 1 deletions

View File

@ -0,0 +1,29 @@
From fe2d716926d6b800be8775251826453b9a2808da Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 1 Feb 2023 23:39:43 +0900
Subject: [PATCH] udev: make get_virtfn_info() provide physical PCI device
Fixes a bug introduced by 78463c6c4fdcb703bc0dc694c3ea77df3c5624e0.
Fixes #25545.
(cherry picked from commit cf74e2e16fb06b7de9e3875c6462290998fb06bd)
Resolves: #2159448
---
src/udev/udev-builtin-net_id.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
index 7504123700..d4e9dcb60d 100644
--- a/src/udev/udev-builtin-net_id.c
+++ b/src/udev/udev-builtin-net_id.c
@@ -144,7 +144,7 @@ static int get_virtfn_info(sd_device *pcidev, sd_device **ret_physfn_pcidev, cha
if (!suffix)
return -ENOMEM;
- *ret_physfn_pcidev = sd_device_ref(child);
+ *ret_physfn_pcidev = sd_device_ref(physfn_pcidev);
*ret_suffix = suffix;
return 0;
}

View File

@ -0,0 +1,40 @@
From 54c173eb34da7c94953ed3556b448da13a4dc5fa Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 1 Feb 2023 23:03:54 +0900
Subject: [PATCH] test: make helper_check_device_units() log unit name
(cherry picked from commit 5479d0f83a80810c475b14fbaf61872f4df6b20e)
Related: #2138081
---
test/units/testsuite-64.sh | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/test/units/testsuite-64.sh b/test/units/testsuite-64.sh
index fd1ad7c041..c572671c20 100755
--- a/test/units/testsuite-64.sh
+++ b/test/units/testsuite-64.sh
@@ -89,6 +89,8 @@ check_device_unit() {(
path="${2?}"
unit=$(systemd-escape --path --suffix=device "$path")
+ [[ "$log_level" == 1 ]] && echo "INFO: check_device_unit($unit)"
+
syspath=$(systemctl show --value --property SysFSPath "$unit" 2>/dev/null)
if [[ -z "$syspath" ]]; then
[[ "$log_level" == 1 ]] && echo >&2 "ERROR: $unit not found."
@@ -156,12 +158,11 @@ helper_check_device_units() {(
local i
- for ((i = 0; i < 20; i++)); do
- (( i == 0 )) || sleep .5
-
+ for (( i = 0; i < 20; i++ )); do
if check_device_units 0 "$@"; then
return 0
fi
+ sleep .5
done
check_device_units 1 "$@"

View File

@ -0,0 +1,45 @@
From 0894f502ad5a89a98a0a88ee739c0c5f516338c2 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 1 Feb 2023 21:25:40 +0900
Subject: [PATCH] test: add a testcase for lvextend
For RHBZ#2158628 (https://bugzilla.redhat.com/show_bug.cgi?id=2158628)
(cherry picked from commit d60e3482613d26e559fc4dc5a56b8edaa765a318)
Related: #2138081
---
test/units/testsuite-64.sh | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/test/units/testsuite-64.sh b/test/units/testsuite-64.sh
index c572671c20..4017f61f59 100755
--- a/test/units/testsuite-64.sh
+++ b/test/units/testsuite-64.sh
@@ -425,6 +425,26 @@ testcase_lvm_basic() {
helper_check_device_symlinks "/dev/disk" "/dev/$vgroup"
helper_check_device_units
+ # Mount mypart1 through by-label devlink
+ mkdir -p /tmp/mypart1-mount-point
+ mount /dev/disk/by-label/mylvpart1 /tmp/mypart1-mount-point
+ timeout 30 bash -c "while ! systemctl -q is-active /tmp/mypart1-mount-point; do sleep .2; done"
+ # Extend the partition and check if the device and mount units are still active.
+ # See https://bugzilla.redhat.com/show_bug.cgi?id=2158628
+ # Note, the test below may be unstable with LVM2 without the following patch:
+ # https://github.com/lvmteam/lvm2/pull/105
+ # But, to reproduce the issue, udevd must start to process the first 'change' uevent
+ # earlier than extending the volume has been finished, and in most case, the extension
+ # is hopefully fast.
+ lvm lvextend -y --size 8M "/dev/$vgroup/mypart1"
+ udevadm wait --settle --timeout="$timeout" "/dev/disk/by-label/mylvpart1"
+ timeout 30 bash -c "while ! systemctl -q is-active '/dev/$vgroup/mypart1'; do sleep .2; done"
+ timeout 30 bash -c "while ! systemctl -q is-active /tmp/mypart1-mount-point; do sleep .2; done"
+ # Umount the partition, otherwise the underlying device unit will stay in
+ # the inactive state and not be collected, and helper_check_device_units() will fail.
+ systemctl show /tmp/mypart1-mount-point
+ umount /tmp/mypart1-mount-point
+
# Rename partitions (see issue #24518)
lvm lvrename "/dev/$vgroup/mypart1" renamed1
lvm lvrename "/dev/$vgroup/mypart2" renamed2

View File

@ -0,0 +1,36 @@
From ba575dced76ed7420c8eaa77942e31b134927524 Mon Sep 17 00:00:00 2001
From: Robin Humble <plaguedbypenguins@gmail.com>
Date: Wed, 1 Feb 2023 23:36:48 +1100
Subject: [PATCH] pid1: fix segv triggered by status query (#26279)
If any query makes it to the end of install_info_follow() then I think symlink_target is set to NULL.
If that is followed by -EXDEV from unit_file_load_or_readlink(), then that causes basename(NULL)
which segfaults pid 1.
This is triggered by eg. "systemctl status crond" in RHEL9 if
/etc/systemd/system/crond.service
-> /ram/etc/systemd/system/crond.service
-> /usr/lib/systemd/system/.crond.service.blah.blah
-> /usr/lib/systemd/system/crond.service
(cherry picked from commit 19cfda9fc3c60de21a362ebb56bcb9f4a9855e85)
Related: #2138081
---
src/shared/install.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/shared/install.c b/src/shared/install.c
index 4b610b20a5..a760726628 100644
--- a/src/shared/install.c
+++ b/src/shared/install.c
@@ -1653,7 +1653,7 @@ static int install_info_traverse(
r = install_info_follow(ctx, i, lp, flags,
/* If linked, don't look at the target name */
/* ignore_different_name= */ i->install_mode == INSTALL_MODE_LINKED);
- if (r == -EXDEV) {
+ if (r == -EXDEV && i->symlink_target) {
_cleanup_free_ char *buffer = NULL;
const char *bn;

View File

@ -0,0 +1,31 @@
From e99dcd2e9e9547d84c0bfc1dc4c68f1fe2f56f62 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 10 Nov 2022 15:51:30 +0900
Subject: [PATCH] test: create config under /run
(cherry picked from commit e4b3f0dfe91ae0b95f30594c7671be39c0a599b1)
Related: #2138081
---
test/units/testsuite-75.sh | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/test/units/testsuite-75.sh b/test/units/testsuite-75.sh
index 04a8b6e9cc..53ceced641 100755
--- a/test/units/testsuite-75.sh
+++ b/test/units/testsuite-75.sh
@@ -79,11 +79,13 @@ DNSSEC=allow-downgrade
DNS=10.0.0.1
EOF
+mkdir -p /run/systemd/resolved.conf.d
{
+ echo "[Resolve]"
echo "FallbackDNS="
echo "DNSSEC=allow-downgrade"
echo "DNSOverTLS=opportunistic"
-} >>/etc/systemd/resolved.conf
+} >/run/systemd/resolved.conf.d/test.conf
ln -svf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
# Override the default NTA list, which turns off DNSSEC validation for (among
# others) the test. domain

View File

@ -0,0 +1,96 @@
From 0845d4d0f5a37493d3da68624aba1a576382e961 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 10 Nov 2022 15:52:57 +0900
Subject: [PATCH] test: add tests for mDNS and LLMNR settings
(cherry picked from commit b77899af0d75ea59c35ba454d869fa759fe7b3a1)
Related: #2138081
---
test/units/testsuite-75.sh | 73 ++++++++++++++++++++++++++++++++++++++
1 file changed, 73 insertions(+)
diff --git a/test/units/testsuite-75.sh b/test/units/testsuite-75.sh
index 53ceced641..1a656fcdc1 100755
--- a/test/units/testsuite-75.sh
+++ b/test/units/testsuite-75.sh
@@ -55,6 +55,79 @@ echo nameserver 10.0.3.1 10.0.3.2 | "$RESOLVCONF" -a hoge.inet.ipsec.192.168.35
echo nameserver 10.0.3.3 10.0.3.4 | "$RESOLVCONF" -a hoge.foo.dhcp
assert_in '10.0.3.1 10.0.3.2' "$(resolvectl dns hoge)"
assert_in '10.0.3.3 10.0.3.4' "$(resolvectl dns hoge.foo)"
+
+# Tests for mDNS and LLMNR settings
+mkdir -p /run/systemd/resolved.conf.d
+{
+ echo "[Resolve]"
+ echo "MulticastDNS=yes"
+ echo "LLMNR=yes"
+} >/run/systemd/resolved.conf.d/mdns-llmnr.conf
+systemctl restart systemd-resolved.service
+systemctl service-log-level systemd-resolved.service debug
+# make sure networkd is not running.
+systemctl stop systemd-networkd.service
+# defaults to yes (both the global and per-link settings are yes)
+assert_in 'yes' "$(resolvectl mdns hoge)"
+assert_in 'yes' "$(resolvectl llmnr hoge)"
+# set per-link setting
+resolvectl mdns hoge yes
+resolvectl llmnr hoge yes
+assert_in 'yes' "$(resolvectl mdns hoge)"
+assert_in 'yes' "$(resolvectl llmnr hoge)"
+resolvectl mdns hoge resolve
+resolvectl llmnr hoge resolve
+assert_in 'resolve' "$(resolvectl mdns hoge)"
+assert_in 'resolve' "$(resolvectl llmnr hoge)"
+resolvectl mdns hoge no
+resolvectl llmnr hoge no
+assert_in 'no' "$(resolvectl mdns hoge)"
+assert_in 'no' "$(resolvectl llmnr hoge)"
+# downgrade global setting to resolve
+{
+ echo "[Resolve]"
+ echo "MulticastDNS=resolve"
+ echo "LLMNR=resolve"
+} >/run/systemd/resolved.conf.d/mdns-llmnr.conf
+systemctl restart systemd-resolved.service
+systemctl service-log-level systemd-resolved.service debug
+# set per-link setting
+resolvectl mdns hoge yes
+resolvectl llmnr hoge yes
+assert_in 'resolve' "$(resolvectl mdns hoge)"
+assert_in 'resolve' "$(resolvectl llmnr hoge)"
+resolvectl mdns hoge resolve
+resolvectl llmnr hoge resolve
+assert_in 'resolve' "$(resolvectl mdns hoge)"
+assert_in 'resolve' "$(resolvectl llmnr hoge)"
+resolvectl mdns hoge no
+resolvectl llmnr hoge no
+assert_in 'no' "$(resolvectl mdns hoge)"
+assert_in 'no' "$(resolvectl llmnr hoge)"
+# downgrade global setting to no
+{
+ echo "[Resolve]"
+ echo "MulticastDNS=no"
+ echo "LLMNR=no"
+} >/run/systemd/resolved.conf.d/mdns-llmnr.conf
+systemctl restart systemd-resolved.service
+systemctl service-log-level systemd-resolved.service debug
+# set per-link setting
+resolvectl mdns hoge yes
+resolvectl llmnr hoge yes
+assert_in 'no' "$(resolvectl mdns hoge)"
+assert_in 'no' "$(resolvectl llmnr hoge)"
+resolvectl mdns hoge resolve
+resolvectl llmnr hoge resolve
+assert_in 'no' "$(resolvectl mdns hoge)"
+assert_in 'no' "$(resolvectl llmnr hoge)"
+resolvectl mdns hoge no
+resolvectl llmnr hoge no
+assert_in 'no' "$(resolvectl mdns hoge)"
+assert_in 'no' "$(resolvectl llmnr hoge)"
+
+# Cleanup
+rm -f /run/systemd/resolved.conf.d/mdns-llmnr.conf
ip link del hoge
ip link del hoge.foo

View File

@ -0,0 +1,278 @@
From 677b20b6738ee287d1b882815b3bcca67754e003 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 25 Nov 2022 12:15:56 +0100
Subject: [PATCH] resolved: introduce the _localdnsstub and _localdnsproxy
special hostnames for 127.0.0.54 + 127.0.0.53
Let's give these special IP addresses names. After all name resolution
is our job here.
Fixes: #23623
(cherry picked from commit 17f244e8f9de008ea1c6e0880bdc924b95a66e2b)
Related: #2138081
---
man/resolvectl.xml | 11 +--
man/systemd-resolved.service.xml | 6 ++
src/basic/hostname-util.h | 8 ++
src/resolve/resolvectl.c | 6 +-
src/resolve/resolved-dns-scope.c | 7 +-
src/resolve/resolved-dns-synthesize.c | 110 +++++++++++++++++++++++++-
test/units/testsuite-75.sh | 11 +++
7 files changed, 147 insertions(+), 12 deletions(-)
diff --git a/man/resolvectl.xml b/man/resolvectl.xml
index 2cb855c360..c966ca67bd 100644
--- a/man/resolvectl.xml
+++ b/man/resolvectl.xml
@@ -323,11 +323,12 @@
<listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true
(the default), select domains are resolved on the local system, among them
- <literal>localhost</literal>, <literal>_gateway</literal> and <literal>_outbound</literal>, or
- entries from <filename>/etc/hosts</filename>. If false these domains are not resolved locally, and
- either fail (in case of <literal>localhost</literal>, <literal>_gateway</literal> or
- <literal>_outbound</literal> and suchlike) or go to the network via regular DNS/mDNS/LLMNR lookups
- (in case of <filename>/etc/hosts</filename> entries).</para></listitem>
+ <literal>localhost</literal>, <literal>_gateway</literal>, <literal>_outbound</literal>,
+ <literal>_localdnsstub</literal> and <literal>_localdnsproxy</literal> or entries from
+ <filename>/etc/hosts</filename>. If false these domains are not resolved locally, and either fail (in
+ case of <literal>localhost</literal>, <literal>_gateway</literal> or <literal>_outbound</literal> and
+ suchlike) or go to the network via regular DNS/mDNS/LLMNR lookups (in case of
+ <filename>/etc/hosts</filename> entries).</para></listitem>
</varlistentry>
<varlistentry>
diff --git a/man/systemd-resolved.service.xml b/man/systemd-resolved.service.xml
index 7f30fa6536..c006c03b53 100644
--- a/man/systemd-resolved.service.xml
+++ b/man/systemd-resolved.service.xml
@@ -118,6 +118,12 @@
local default gateway configured. This assigns a stable hostname to the local outbound IP addresses,
useful for referencing them independently of the current network configuration state.</para></listitem>
+ <listitem><para>The hostname <literal>_localdnsstub</literal> is resolved to the IP address 127.0.0.53,
+ i.e. the address the local DNS stub (see above) is listening on.</para></listitem>
+
+ <listitem><para>The hostname <literal>_localdnsproxy</literal> is resolved to the IP address 127.0.0.54,
+ i.e. the address the local DNS proxy (see above) is listening on.</para></listitem>
+
<listitem><para>The mappings defined in <filename>/etc/hosts</filename> are resolved to their
configured addresses and back, but they will not affect lookups for non-address types (like MX).
Support for <filename>/etc/hosts</filename> may be disabled with <varname>ReadEtcHosts=no</varname>,
diff --git a/src/basic/hostname-util.h b/src/basic/hostname-util.h
index a00b852395..bcac3d9fb0 100644
--- a/src/basic/hostname-util.h
+++ b/src/basic/hostname-util.h
@@ -60,4 +60,12 @@ static inline bool is_outbound_hostname(const char *hostname) {
return STRCASE_IN_SET(hostname, "_outbound", "_outbound.");
}
+static inline bool is_dns_stub_hostname(const char *hostname) {
+ return STRCASE_IN_SET(hostname, "_localdnsstub", "_localdnsstub.");
+}
+
+static inline bool is_dns_proxy_stub_hostname(const char *hostname) {
+ return STRCASE_IN_SET(hostname, "_localdnsproxy", "_localdnsproxy.");
+}
+
int get_pretty_hostname(char **ret);
diff --git a/src/resolve/resolvectl.c b/src/resolve/resolvectl.c
index b07761a495..2a7347ca27 100644
--- a/src/resolve/resolvectl.c
+++ b/src/resolve/resolvectl.c
@@ -478,7 +478,11 @@ static bool single_label_nonsynthetic(const char *name) {
if (!dns_name_is_single_label(name))
return false;
- if (is_localhost(name) || is_gateway_hostname(name))
+ if (is_localhost(name) ||
+ is_gateway_hostname(name) ||
+ is_outbound_hostname(name) ||
+ is_dns_stub_hostname(name) ||
+ is_dns_proxy_stub_hostname(name))
return false;
r = resolve_system_hostname(NULL, &first_label);
diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c
index 4f744499aa..607109ee0f 100644
--- a/src/resolve/resolved-dns-scope.c
+++ b/src/resolve/resolved-dns-scope.c
@@ -635,8 +635,11 @@ DnsScopeMatch dns_scope_good_domain(
if (dns_name_dont_resolve(domain))
return DNS_SCOPE_NO;
- /* Never go to network for the _gateway or _outbound domain — they're something special, synthesized locally. */
- if (is_gateway_hostname(domain) || is_outbound_hostname(domain))
+ /* Never go to network for the _gateway, _outbound, _localdnsstub, _localdnsproxy domain — they're something special, synthesized locally. */
+ if (is_gateway_hostname(domain) ||
+ is_outbound_hostname(domain) ||
+ is_dns_stub_hostname(domain) ||
+ is_dns_proxy_stub_hostname(domain))
return DNS_SCOPE_NO;
switch (s->protocol) {
diff --git a/src/resolve/resolved-dns-synthesize.c b/src/resolve/resolved-dns-synthesize.c
index b3442ad906..fa8b4a5760 100644
--- a/src/resolve/resolved-dns-synthesize.c
+++ b/src/resolve/resolved-dns-synthesize.c
@@ -356,7 +356,90 @@ static int synthesize_gateway_rr(
return 1; /* > 0 means: we have some gateway */
}
-static int synthesize_gateway_ptr(Manager *m, int af, const union in_addr_union *address, int ifindex, DnsAnswer **answer) {
+static int synthesize_dns_stub_rr(
+ Manager *m,
+ const DnsResourceKey *key,
+ in_addr_t addr,
+ DnsAnswer **answer) {
+
+ _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
+ int r;
+
+ assert(m);
+ assert(key);
+ assert(answer);
+
+ if (!IN_SET(key->type, DNS_TYPE_A, DNS_TYPE_ANY))
+ return 1; /* we still consider ourselves the owner of this name */
+
+ r = dns_answer_reserve(answer, 1);
+ if (r < 0)
+ return r;
+
+ rr = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_A, dns_resource_key_name(key));
+ if (!rr)
+ return -ENOMEM;
+
+ rr->a.in_addr.s_addr = htobe32(addr);
+
+ r = dns_answer_add(*answer, rr, LOOPBACK_IFINDEX, DNS_ANSWER_AUTHENTICATED, NULL);
+ if (r < 0)
+ return r;
+
+ return 1;
+}
+
+static int synthesize_dns_stub_ptr(
+ Manager *m,
+ int af,
+ const union in_addr_union *address,
+ DnsAnswer **answer) {
+
+ int r;
+
+ assert(m);
+ assert(address);
+ assert(answer);
+
+ if (af != AF_INET)
+ return 0;
+
+ if (address->in.s_addr == htobe32(INADDR_DNS_STUB)) {
+
+ r = dns_answer_reserve(answer, 1);
+ if (r < 0)
+ return r;
+
+ r = answer_add_ptr(answer, "53.0.0.127.in-addr.arpa", "_localdnsstub", LOOPBACK_IFINDEX, DNS_ANSWER_AUTHENTICATED);
+ if (r < 0)
+ return r;
+
+ return 1;
+ }
+
+ if (address->in.s_addr == htobe32(INADDR_DNS_PROXY_STUB)) {
+
+ r = dns_answer_reserve(answer, 1);
+ if (r < 0)
+ return r;
+
+ r = answer_add_ptr(answer, "54.0.0.127.in-addr.arpa", "_localdnsproxy", LOOPBACK_IFINDEX, DNS_ANSWER_AUTHENTICATED);
+ if (r < 0)
+ return r;
+
+ return 1;
+ }
+
+ return 0;
+}
+
+static int synthesize_gateway_ptr(
+ Manager *m,
+ int af,
+ const union in_addr_union *address,
+ int ifindex,
+ DnsAnswer **answer) {
+
_cleanup_free_ struct local_address *addresses = NULL;
int n;
@@ -437,7 +520,22 @@ int dns_synthesize_answer(
continue;
}
- } else if ((dns_name_endswith(name, "127.in-addr.arpa") > 0 && dns_name_equal(name, "2.0.0.127.in-addr.arpa") == 0) ||
+ } else if (is_dns_stub_hostname(name)) {
+
+ r = synthesize_dns_stub_rr(m, key, INADDR_DNS_STUB, &answer);
+ if (r < 0)
+ return log_error_errno(r, "Failed to synthesize local DNS stub RRs: %m");
+
+ } else if (is_dns_proxy_stub_hostname(name)) {
+
+ r = synthesize_dns_stub_rr(m, key, INADDR_DNS_PROXY_STUB, &answer);
+ if (r < 0)
+ return log_error_errno(r, "Failed to synthesize local DNS stub RRs: %m");
+
+ } else if ((dns_name_endswith(name, "127.in-addr.arpa") > 0 &&
+ dns_name_equal(name, "2.0.0.127.in-addr.arpa") == 0 &&
+ dns_name_equal(name, "53.0.0.127.in-addr.arpa") == 0 &&
+ dns_name_equal(name, "54.0.0.127.in-addr.arpa") == 0) ||
dns_name_equal(name, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa") > 0) {
r = synthesize_localhost_ptr(m, key, ifindex, &answer);
@@ -445,7 +543,7 @@ int dns_synthesize_answer(
return log_error_errno(r, "Failed to synthesize localhost PTR RRs: %m");
} else if (dns_name_address(name, &af, &address) > 0) {
- int v, w;
+ int v, w, u;
if (getenv_bool("SYSTEMD_RESOLVED_SYNTHESIZE_HOSTNAME") == 0)
continue;
@@ -458,7 +556,11 @@ int dns_synthesize_answer(
if (w < 0)
return log_error_errno(w, "Failed to synthesize gateway hostname PTR RR: %m");
- if (v == 0 && w == 0) /* This IP address is neither a local one nor a gateway */
+ u = synthesize_dns_stub_ptr(m, af, &address, &answer);
+ if (u < 0)
+ return log_error_errno(u, "Failed to synthesize local stub hostname PTR PR: %m");
+
+ if (v == 0 && w == 0 && u == 0) /* This IP address is neither a local one, nor a gateway, nor a stub address */
continue;
/* Note that we never synthesize reverse PTR for _outbound, since those are local
diff --git a/test/units/testsuite-75.sh b/test/units/testsuite-75.sh
index 1a656fcdc1..0c68e0636f 100755
--- a/test/units/testsuite-75.sh
+++ b/test/units/testsuite-75.sh
@@ -56,6 +56,17 @@ echo nameserver 10.0.3.3 10.0.3.4 | "$RESOLVCONF" -a hoge.foo.dhcp
assert_in '10.0.3.1 10.0.3.2' "$(resolvectl dns hoge)"
assert_in '10.0.3.3 10.0.3.4' "$(resolvectl dns hoge.foo)"
+# Tests for _localdnsstub and _localdnsproxy
+assert_in '127.0.0.53' "$(resolvectl query _localdnsstub)"
+assert_in '_localdnsstub' "$(resolvectl query 127.0.0.53)"
+assert_in '127.0.0.54' "$(resolvectl query _localdnsproxy)"
+assert_in '_localdnsproxy' "$(resolvectl query 127.0.0.54)"
+
+assert_in '127.0.0.53' "$(dig @127.0.0.53 _localdnsstub)"
+assert_in '_localdnsstub' "$(dig @127.0.0.53 -x 127.0.0.53)"
+assert_in '127.0.0.54' "$(dig @127.0.0.53 _localdnsproxy)"
+assert_in '_localdnsproxy' "$(dig @127.0.0.53 -x 127.0.0.54)"
+
# Tests for mDNS and LLMNR settings
mkdir -p /run/systemd/resolved.conf.d
{

View File

@ -0,0 +1,65 @@
From 874959f2d9dfadd027f3d7e399ef8a32a408e1c8 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Wed, 7 Dec 2022 20:44:07 +0100
Subject: [PATCH] test: wait for the monitoring service to become active
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Otherwise we might start querying resolved too early, causing the
monitoring service to miss stuff:
```
[ 1103.149474] testsuite-75.sh[35]: + systemd-run -u resmontest.service -p Type=notify resolvectl monitor
[ 1103.353803] testsuite-75.sh[423]: Running as unit: resmontest.service
[ 1103.353989] testsuite-75.sh[35]: + knotc zone-begin test.
[ 1103.354160] testsuite-75.sh[425]: OK
...
[ 1103.355298] testsuite-75.sh[35]: + knotc reload
[ 1103.355363] testsuite-75.sh[438]: Reloaded
[ 1103.355536] testsuite-75.sh[35]: + : '--- nss-resolve/nss-myhostname tests'
[ 1103.355536] testsuite-75.sh[35]: + run getent -s resolve hosts ns1.unsigned.test
[ 1103.356127] testsuite-75.sh[443]: + getent -s resolve hosts ns1.unsigned.test
[ 1103.356505] testsuite-75.sh[444]: + tee /tmp/tmp.bXg5Uj5Jkk
[ 1103.359591] resolvectl[424]: → Q: ns1.unsigned.test IN AAAA
[ 1103.359591] resolvectl[424]: ← S: success
[ 1103.359850] testsuite-75.sh[444]: 10.0.0.1 ns1.unsigned.test
[ 1103.359939] resolvectl[424]: → Q: ns1.unsigned.test IN A
[ 1103.359939] resolvectl[424]: ← S: success
[ 1103.359939] resolvectl[424]: ← A: ns1.unsigned.test IN A 10.0.0.1
[ 1103.360149] testsuite-75.sh[35]: + grep -qE '^10\.0\.0\.1\s+ns1\.unsigned\.test' /tmp/tmp.bXg5Uj5Jkk
[ 1103.362119] systemd[1]: Starting resmontest.service...
[ 1103.362633] systemd[1]: Started resmontest.service.
[ 1103.363263] testsuite-75.sh[35]: + monitor_check_rr 'ns1.unsigned.test IN A 10.0.0.1'
[ 1103.363263] testsuite-75.sh[35]: + local 'match=ns1.unsigned.test IN A 10.0.0.1'
[ 1103.363377] testsuite-75.sh[35]: + set +o pipefail
[ 1103.363836] testsuite-75.sh[458]: + journalctl -u resmontest.service -f --full
[ 1103.364042] testsuite-75.sh[459]: + grep -m1 'ns1.unsigned.test IN A 10.0.0.1'
...
Trying to halt container. Send SIGTERM again to trigger immediate termination.
Container TEST-75 terminated by signal KILL.
```
(cherry picked from commit 5dd34c2604567320707625bc009cf01c3769605f)
Related: #2138081
---
test/units/testsuite-75.sh | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/test/units/testsuite-75.sh b/test/units/testsuite-75.sh
index 0c68e0636f..d2062c7b05 100755
--- a/test/units/testsuite-75.sh
+++ b/test/units/testsuite-75.sh
@@ -212,6 +212,11 @@ resolvectl log-level debug
# Start monitoring queries
systemd-run -u resmontest.service -p Type=notify resolvectl monitor
+# Wait for the monitoring service to become active
+for _ in {0..9}; do
+ [[ "$(systemctl show -P ActiveState resmontest.service)" == "active" ]] && break
+ sleep .5
+done
# We need to manually propagate the DS records of onlinesign.test. to the parent
# zone, since they're generated online

View File

@ -0,0 +1,38 @@
From b6f459c221004de9753569e2ec5ee5f887fc8b51 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 15 Dec 2022 15:28:56 +0900
Subject: [PATCH] test: suppress echo in monitor_check_rr()
(cherry picked from commit ef09861a0b0aa7c6a948f4e008e2fea312bc68d6)
Related: #2138081
---
test/units/testsuite-75.sh | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/test/units/testsuite-75.sh b/test/units/testsuite-75.sh
index d2062c7b05..d0c7133412 100755
--- a/test/units/testsuite-75.sh
+++ b/test/units/testsuite-75.sh
@@ -16,17 +16,17 @@ run() {
"$@" |& tee "$RUN_OUT"
}
-monitor_check_rr() {
+monitor_check_rr() (
+ set +x
+ set +o pipefail
local match="${1:?}"
# Wait until the first mention of the specified log message is
# displayed. We turn off pipefail for this, since we don't care about the
# lhs of this pipe expression, we only care about the rhs' result to be
# clean
- set +o pipefail
journalctl -u resmontest.service -f --full | grep -m1 "$match"
- set -o pipefail
-}
+)
# Test for resolvectl, resolvconf
systemctl unmask systemd-resolved.service

View File

@ -0,0 +1,34 @@
From 058fab8aaad9fc6ececc647e369bf447a8327a4a Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 15 Dec 2022 16:28:52 +0900
Subject: [PATCH] Revert "test: wait for the monitoring service to become
active"
This reverts commit 5dd34c2604567320707625bc009cf01c3769605f.
`resolvectl monitor` sends notify event, and systemd-run wait for the
service being in active state. Hence, the loop is not necessary.
(cherry picked from commit 133708b8790ab79e35ade63506c16e4d1e79a025)
Related: #2138081
---
test/units/testsuite-75.sh | 5 -----
1 file changed, 5 deletions(-)
diff --git a/test/units/testsuite-75.sh b/test/units/testsuite-75.sh
index d0c7133412..844dbaebcc 100755
--- a/test/units/testsuite-75.sh
+++ b/test/units/testsuite-75.sh
@@ -212,11 +212,6 @@ resolvectl log-level debug
# Start monitoring queries
systemd-run -u resmontest.service -p Type=notify resolvectl monitor
-# Wait for the monitoring service to become active
-for _ in {0..9}; do
- [[ "$(systemctl show -P ActiveState resmontest.service)" == "active" ]] && break
- sleep .5
-done
# We need to manually propagate the DS records of onlinesign.test. to the parent
# zone, since they're generated online

View File

@ -0,0 +1,113 @@
From 3e7bcbb274618a0d3cea9027db4e6abb1207f27d Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 16 Dec 2022 01:11:39 +0900
Subject: [PATCH] test: show and check almost all journal entries since the
relevant command being invoked
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
For some reasons, journal timestamps from other sources sometimes
inconsistent. For example,
```
$ journalctl --file system.journal -o short-monotonic -u resmontest.service
[ 1112.168109] ns1.unsigned.test resolvectl[419]: → Q: ns1.unsigned.test IN AAAA
[ 1112.168109] ns1.unsigned.test resolvectl[419]: ← S: success
[ 1112.168109] ns1.unsigned.test resolvectl[419]: → Q: ns1.unsigned.test IN A
[ 1112.168109] ns1.unsigned.test resolvectl[419]: ← S: success
[ 1112.168109] ns1.unsigned.test resolvectl[419]: ← A: ns1.unsigned.test IN A 10.0.0.1
[ 1112.171961] ns1.unsigned.test systemd[1]: resmontest.service: Failed to load configuration: No such file or directory
[ 1112.172223] ns1.unsigned.test systemd[1]: resmontest.service: Trying to enqueue job resmontest.service/start/fail
[ 1112.179866] ns1.unsigned.test systemd[1]: resmontest.service: Installed new job resmontest.service/start as 312
[ 1112.179894] ns1.unsigned.test systemd[1]: resmontest.service: Enqueued job resmontest.service/start as 312
[ 1112.180389] ns1.unsigned.test systemd[1]: resmontest.service: Will spawn child (service_enter_start): /usr/bin/resolvectl
[ 1112.180418] ns1.unsigned.test systemd[1]: resmontest.service: Passing 0 fds to service
[ 1112.180447] ns1.unsigned.test systemd[1]: resmontest.service: About to execute /usr/bin/resolvectl monitor
[ 1112.180477] ns1.unsigned.test systemd[1]: resmontest.service: Forked /usr/bin/resolvectl as 419
[ 1112.180619] ns1.unsigned.test systemd[1]: resmontest.service: Changed dead -> start
[ 1112.180651] ns1.unsigned.test systemd[1]: Starting resmontest.service...
[ 1112.180799] ns1.unsigned.test systemd[419]: resmontest.service: Kernel keyring access prohibited, ignoring.
[ 1112.180895] ns1.unsigned.test systemd[419]: resmontest.service: Executing: /usr/bin/resolvectl monitor
[ 1112.181383] ns1.unsigned.test systemd[1]: resmontest.service: Got notification message from PID 419 (READY=1)
[ 1112.181413] ns1.unsigned.test systemd[1]: resmontest.service: Changed start -> running
[ 1112.181441] ns1.unsigned.test systemd[1]: resmontest.service: Job 312 resmontest.service/start finished, result=done
[ 1112.181469] ns1.unsigned.test systemd[1]: Started resmontest.service.
```
In such case, `journalctl -f` may not show the entries what we are interested in.
Fixes #25749. (At least, workarond for the issue.)
(cherry picked from commit ad48ff12bd0f7b19dc6bfa33c96221fd9c22e89c)
Related: #2138081
---
test/units/testsuite-75.sh | 22 +++++++++++++---------
1 file changed, 13 insertions(+), 9 deletions(-)
diff --git a/test/units/testsuite-75.sh b/test/units/testsuite-75.sh
index 844dbaebcc..852caac605 100755
--- a/test/units/testsuite-75.sh
+++ b/test/units/testsuite-75.sh
@@ -19,13 +19,14 @@ run() {
monitor_check_rr() (
set +x
set +o pipefail
- local match="${1:?}"
+ local since="${1:?}"
+ local match="${2:?}"
# Wait until the first mention of the specified log message is
# displayed. We turn off pipefail for this, since we don't care about the
# lhs of this pipe expression, we only care about the rhs' result to be
# clean
- journalctl -u resmontest.service -f --full | grep -m1 "$match"
+ journalctl -u resmontest.service --since "$since" -f --full | grep -m1 "$match"
)
# Test for resolvectl, resolvconf
@@ -232,9 +233,10 @@ knotc reload
: "--- nss-resolve/nss-myhostname tests"
# Sanity check
+TIMESTAMP=$(date '+%F %T')
run getent -s resolve hosts ns1.unsigned.test
grep -qE "^10\.0\.0\.1\s+ns1\.unsigned\.test" "$RUN_OUT"
-monitor_check_rr "ns1.unsigned.test IN A 10.0.0.1"
+monitor_check_rr "$TIMESTAMP" "ns1.unsigned.test IN A 10.0.0.1"
# Issue: https://github.com/systemd/systemd/issues/18812
# PR: https://github.com/systemd/systemd/pull/18896
@@ -324,15 +326,16 @@ run delv dupe.signed.test
grep -qF "; fully validated" "$RUN_OUT"
# Test resolution of CNAME chains
+TIMESTAMP=$(date '+%F %T')
run resolvectl query -t A cname-chain.signed.test
grep -qF "follow14.final.signed.test IN A 10.0.0.14" "$RUN_OUT"
grep -qF "authenticated: yes" "$RUN_OUT"
-monitor_check_rr "follow10.so.close.signed.test IN CNAME follow11.yet.so.far.signed.test"
-monitor_check_rr "follow11.yet.so.far.signed.test IN CNAME follow12.getting.hot.signed.test"
-monitor_check_rr "follow12.getting.hot.signed.test IN CNAME follow13.almost.final.signed.test"
-monitor_check_rr "follow13.almost.final.signed.test IN CNAME follow14.final.signed.test"
-monitor_check_rr "follow14.final.signed.test IN A 10.0.0.14"
+monitor_check_rr "$TIMESTAMP" "follow10.so.close.signed.test IN CNAME follow11.yet.so.far.signed.test"
+monitor_check_rr "$TIMESTAMP" "follow11.yet.so.far.signed.test IN CNAME follow12.getting.hot.signed.test"
+monitor_check_rr "$TIMESTAMP" "follow12.getting.hot.signed.test IN CNAME follow13.almost.final.signed.test"
+monitor_check_rr "$TIMESTAMP" "follow13.almost.final.signed.test IN CNAME follow14.final.signed.test"
+monitor_check_rr "$TIMESTAMP" "follow14.final.signed.test IN A 10.0.0.14"
# Non-existing RR + CNAME chain
run dig +dnssec AAAA cname-chain.signed.test
@@ -370,9 +373,10 @@ grep -qF 'this.should.be.authenticated.wild.onlinesign.test IN TXT "this is an o
grep -qF "authenticated: yes" "$RUN_OUT"
# Resolve via dbus method
+TIMESTAMP=$(date '+%F %T')
run busctl call org.freedesktop.resolve1 /org/freedesktop/resolve1 org.freedesktop.resolve1.Manager ResolveHostname 'isit' 0 secondsub.onlinesign.test 0 0
grep -qF '10 0 0 134 "secondsub.onlinesign.test"' "$RUN_OUT"
-monitor_check_rr "secondsub.onlinesign.test IN A 10.0.0.134"
+monitor_check_rr "$TIMESTAMP" "secondsub.onlinesign.test IN A 10.0.0.134"
: "--- ZONE: untrusted.test (DNSSEC without propagated DS records) ---"
run dig +short untrusted.test

View File

@ -0,0 +1,449 @@
From 6aa57233e5981473efb4fdc4351d8f407b0b5384 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Fri, 8 Jul 2022 13:36:03 +0200
Subject: [PATCH] test: cover IPv6 in the resolved test suite
(cherry picked from commit 5c9111fe779b44745256279052786e9cc499e57a)
Related: #2138081
---
test/knot-data/knot.conf | 3 +
test/knot-data/zones/onlinesign.test.zone | 15 ++-
test/knot-data/zones/root.zone | 8 +-
test/knot-data/zones/signed.test.zone | 23 ++--
test/knot-data/zones/test.zone | 12 +-
test/knot-data/zones/unsigned.test.zone | 12 +-
test/knot-data/zones/untrusted.test.zone | 11 +-
test/units/testsuite-75.sh | 135 ++++++++++++++++++----
8 files changed, 169 insertions(+), 50 deletions(-)
diff --git a/test/knot-data/knot.conf b/test/knot-data/knot.conf
index e3de69d0f4..6ea0cca3db 100644
--- a/test/knot-data/knot.conf
+++ b/test/knot-data/knot.conf
@@ -4,6 +4,7 @@ server:
rundir: "/run/knot"
user: knot:knot
listen: 10.0.0.1@53
+ listen: fd00:dead:beef:cafe::1@53
log:
- target: syslog
@@ -15,11 +16,13 @@ database:
acl:
- id: update_acl
address: 10.0.0.0/24
+ address: fd00:dead:beef:cafe::/64
action: update
remote:
- id: parent_zone_server
address: 10.0.0.1@53
+ address: fd00:dead:beef:cafe::1@53
submission:
- id: parent_zone_sbm
diff --git a/test/knot-data/zones/onlinesign.test.zone b/test/knot-data/zones/onlinesign.test.zone
index c12c6b3396..c8662fa3ed 100644
--- a/test/knot-data/zones/onlinesign.test.zone
+++ b/test/knot-data/zones/onlinesign.test.zone
@@ -11,12 +11,17 @@ $ORIGIN onlinesign.test.
)
; NS info
- NS ns1.unsigned.test.
+ NS ns1.unsigned.test.
- TXT "hello from onlinesign"
+ TXT "hello from onlinesign"
-*.wild TXT "this is an onlinesign wildcard"
+*.wild TXT "this is an onlinesign wildcard"
; No A/AAAA record for the $ORIGIN
-sub A 10.0.0.133
-secondsub A 10.0.0.134
+sub A 10.0.0.133
+secondsub A 10.0.0.134
+
+dual A 10.0.0.135
+dual AAAA fd00:dead:beef:cafe::135
+
+ipv6 AAAA fd00:dead:beef:cafe::136
diff --git a/test/knot-data/zones/root.zone b/test/knot-data/zones/root.zone
index 72439fdc55..f601e8676d 100644
--- a/test/knot-data/zones/root.zone
+++ b/test/knot-data/zones/root.zone
@@ -8,7 +8,9 @@ $TTL 300
1D ; minimum TTL
)
-. NS ns1.unsigned.test
-ns1.unsigned.test A 10.0.0.1
+. NS ns1.unsigned.test
+; NS glue records
+ns1.unsigned.test A 10.0.0.1
+ns1.unsigned.test AAAA fd00:dead:beef:cafe::1
-test NS ns1.unsigned.test
+test NS ns1.unsigned.test
diff --git a/test/knot-data/zones/signed.test.zone b/test/knot-data/zones/signed.test.zone
index 38d8e2aa13..fa6706205a 100644
--- a/test/knot-data/zones/signed.test.zone
+++ b/test/knot-data/zones/signed.test.zone
@@ -11,18 +11,27 @@ $ORIGIN signed.test.
)
; NS info
- NS ns1.unsigned.test.
+ NS ns1.unsigned.test.
-*.wild TXT "this is a wildcard"
+*.wild TXT "this is a wildcard"
-@ MX 10 mail.signed.test.
+@ MX 10 mail.signed.test.
- A 10.0.0.10
-mail A 10.0.0.11
+ A 10.0.0.10
+mail A 10.0.0.11
+mail AAAA fd00:dead:beef:cafe::11
; https://github.com/systemd/systemd/issues/22002
-dupe A 10.0.0.12
-dupe A 10.0.0.13
+dupe A 10.0.0.12
+dupe A 10.0.0.13
+dupe-ipv6 AAAA fd00:dead:beef:cafe::12
+dupe-ipv6 AAAA fd00:dead:beef:cafe::13
+dupe-mixed A 10.0.0.15
+dupe-mixed A 10.0.0.16
+dupe-mixed A 10.0.0.17
+dupe-mixed AAAA fd00:dead:beef:cafe::15
+dupe-mixed AAAA fd00:dead:beef:cafe::16
+dupe-mixed AAAA fd00:dead:beef:cafe::17
; CNAME_REDIRECTS_MAX is 16, so let's test something close to that
cname-chain CNAME follow1.signed.test.
diff --git a/test/knot-data/zones/test.zone b/test/knot-data/zones/test.zone
index 6cc2633082..ba5fcebc2d 100644
--- a/test/knot-data/zones/test.zone
+++ b/test/knot-data/zones/test.zone
@@ -11,9 +11,11 @@ $ORIGIN test.
)
; NS info
-@ NS ns1.unsigned
-ns1.signed A 10.0.0.1
+@ NS ns1.unsigned
+; NS glue records
+ns1.unsigned A 10.0.0.1
+ns1.unsigned AAAA fd00:dead:beef:cafe::1
-onlinesign NS ns1.unsigned
-signed NS ns1.unsigned
-unsigned NS ns1.unsigned
+onlinesign NS ns1.unsigned
+signed NS ns1.unsigned
+unsigned NS ns1.unsigned
diff --git a/test/knot-data/zones/unsigned.test.zone b/test/knot-data/zones/unsigned.test.zone
index 87d9437e2c..c5445d7672 100644
--- a/test/knot-data/zones/unsigned.test.zone
+++ b/test/knot-data/zones/unsigned.test.zone
@@ -11,10 +11,12 @@ $ORIGIN unsigned.test.
)
; NS info
-@ NS ns1.unsigned.test.
-ns1 A 10.0.0.1
+@ NS ns1
+ns1 A 10.0.0.1
+ns1 AAAA fd00:dead:beef:cafe::1
-@ MX 15 mail.unsigned.test.
+@ MX 15 mail.unsigned.test.
- A 10.0.0.101
-mail A 10.0.0.111
+ A 10.0.0.101
+ AAAA fd00:dead:beef:cafe::101
+mail A 10.0.0.111
diff --git a/test/knot-data/zones/untrusted.test.zone b/test/knot-data/zones/untrusted.test.zone
index 6d29bd77fe..cf0dec5296 100644
--- a/test/knot-data/zones/untrusted.test.zone
+++ b/test/knot-data/zones/untrusted.test.zone
@@ -11,11 +11,12 @@ $ORIGIN untrusted.test.
)
; NS info
-@ NS ns1.unsigned.test.
+@ NS ns1.unsigned.test.
-*.wild TXT "this is an untrusted wildcard"
+*.wild TXT "this is an untrusted wildcard"
-@ MX 10 mail.untrusted.test.
+@ MX 10 mail.untrusted.test.
- A 10.0.0.121
-mail A 10.0.0.121
+ A 10.0.0.121
+ AAAA fd00:dead:beef:cafe::121
+mail A 10.0.0.122
diff --git a/test/units/testsuite-75.sh b/test/units/testsuite-75.sh
index 852caac605..76b8f5b3c7 100755
--- a/test/units/testsuite-75.sh
+++ b/test/units/testsuite-75.sh
@@ -2,6 +2,12 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
# vi: ts=4 sw=4 tw=0 et:
+# TODO:
+# - IPv6-only stack
+# - mDNS
+# - LLMNR
+# - DoT/DoH
+
set -eux
set -o pipefail
@@ -16,6 +22,15 @@ run() {
"$@" |& tee "$RUN_OUT"
}
+disable_ipv6() {
+ sysctl -w net.ipv6.conf.all.disable_ipv6=1
+}
+
+enable_ipv6() {
+ sysctl -w net.ipv6.conf.all.disable_ipv6=0
+ networkctl reconfigure dns0
+}
+
monitor_check_rr() (
set +x
set +o pipefail
@@ -146,7 +161,10 @@ ip link del hoge.foo
### SETUP ###
# Configure network
hostnamectl hostname ns1.unsigned.test
-echo "10.0.0.1 ns1.unsigned.test" >>/etc/hosts
+{
+ echo "10.0.0.1 ns1.unsigned.test"
+ echo "fd00:dead:beef:cafe::1 ns1.unsigned.test"
+} >>/etc/hosts
mkdir -p /etc/systemd/network
cat >/etc/systemd/network/dns0.netdev <<EOF
@@ -160,10 +178,17 @@ Name=dns0
[Network]
Address=10.0.0.1/24
+Address=fd00:dead:beef:cafe::1/64
DNSSEC=allow-downgrade
DNS=10.0.0.1
+DNS=fd00:dead:beef:cafe::1
EOF
+DNS_ADDRESSES=(
+ "10.0.0.1"
+ "fd00:dead:beef:cafe::1"
+)
+
mkdir -p /run/systemd/resolved.conf.d
{
echo "[Resolve]"
@@ -214,6 +239,10 @@ resolvectl log-level debug
# Start monitoring queries
systemd-run -u resmontest.service -p Type=notify resolvectl monitor
+# Check if all the zones are valid (zone-check always returns 0, so let's check
+# if it produces any errors/warnings)
+run knotc zone-check
+[[ ! -s "$RUN_OUT" ]]
# We need to manually propagate the DS records of onlinesign.test. to the parent
# zone, since they're generated online
knotc zone-begin test.
@@ -234,9 +263,19 @@ knotc reload
: "--- nss-resolve/nss-myhostname tests"
# Sanity check
TIMESTAMP=$(date '+%F %T')
+# Issue: https://github.com/systemd/systemd/issues/23951
+# With IPv6 enabled
run getent -s resolve hosts ns1.unsigned.test
-grep -qE "^10\.0\.0\.1\s+ns1\.unsigned\.test" "$RUN_OUT"
-monitor_check_rr "$TIMESTAMP" "ns1.unsigned.test IN A 10.0.0.1"
+grep -qE "^fd00:dead:beef:cafe::1\s+ns1\.unsigned\.test" "$RUN_OUT"
+monitor_check_rr "$TIMESTAMP" "ns1.unsigned.test IN AAAA fd00:dead:beef:cafe::1"
+# With IPv6 disabled
+# Issue: https://github.com/systemd/systemd/issues/23951
+# FIXME
+#disable_ipv6
+#run getent -s resolve hosts ns1.unsigned.test
+#grep -qE "^10\.0\.0\.1\s+ns1\.unsigned\.test" "$RUN_OUT"
+#monitor_check_rr "$TIMESTAMP" "ns1.unsigned.test IN A 10.0.0.1"
+enable_ipv6
# Issue: https://github.com/systemd/systemd/issues/18812
# PR: https://github.com/systemd/systemd/pull/18896
@@ -248,13 +287,12 @@ grep -qE "^::1\s+localhost" "$RUN_OUT"
run getent -s myhostname hosts localhost
grep -qE "^::1\s+localhost" "$RUN_OUT"
# With IPv6 disabled
-sysctl -w net.ipv6.conf.all.disable_ipv6=1
+disable_ipv6
run getent -s resolve hosts localhost
grep -qE "^127\.0\.0\.1\s+localhost" "$RUN_OUT"
run getent -s myhostname hosts localhost
grep -qE "^127\.0\.0\.1\s+localhost" "$RUN_OUT"
-sysctl -w net.ipv6.conf.all.disable_ipv6=0
-
+enable_ipv6
: "--- Basic resolved tests ---"
# Issue: https://github.com/systemd/systemd/issues/22229
@@ -280,12 +318,14 @@ grep -qE "IN\s+SOA\s+ns1\.unsigned\.test\." "$RUN_OUT"
: "--- ZONE: unsigned.test. ---"
-run dig @10.0.0.1 +short unsigned.test
+run dig @ns1.unsigned.test +short unsigned.test A unsigned.test AAAA
grep -qF "10.0.0.101" "$RUN_OUT"
+grep -qF "fd00:dead:beef:cafe::101" "$RUN_OUT"
run resolvectl query unsigned.test
-grep -qF "unsigned.test: 10.0.0.10" "$RUN_OUT"
+grep -qF "10.0.0.10" "$RUN_OUT"
+grep -qF "fd00:dead:beef:cafe::101" "$RUN_OUT"
grep -qF "authenticated: no" "$RUN_OUT"
-run dig @10.0.0.1 +short MX unsigned.test
+run dig @ns1.unsigned.test +short MX unsigned.test
grep -qF "15 mail.unsigned.test." "$RUN_OUT"
run resolvectl query --legend=no -t MX unsigned.test
grep -qF "unsigned.test IN MX 15 mail.unsigned.test" "$RUN_OUT"
@@ -295,17 +335,28 @@ grep -qF "unsigned.test IN MX 15 mail.unsigned.test" "$RUN_OUT"
# Check the trust chain (with and without systemd-resolved in between
# Issue: https://github.com/systemd/systemd/issues/22002
# PR: https://github.com/systemd/systemd/pull/23289
-run delv @10.0.0.1 signed.test
+run delv @ns1.unsigned.test signed.test
grep -qF "; fully validated" "$RUN_OUT"
run delv signed.test
grep -qF "; fully validated" "$RUN_OUT"
+for addr in "${DNS_ADDRESSES[@]}"; do
+ run delv "@$addr" -t A mail.signed.test
+ grep -qF "; fully validated" "$RUN_OUT"
+ run delv "@$addr" -t AAAA mail.signed.test
+ grep -qF "; fully validated" "$RUN_OUT"
+done
+run resolvectl query mail.signed.test
+grep -qF "10.0.0.11" "$RUN_OUT"
+grep -qF "fd00:dead:beef:cafe::11" "$RUN_OUT"
+grep -qF "authenticated: yes" "$RUN_OUT"
+
run dig +short signed.test
grep -qF "10.0.0.10" "$RUN_OUT"
run resolvectl query signed.test
grep -qF "signed.test: 10.0.0.10" "$RUN_OUT"
grep -qF "authenticated: yes" "$RUN_OUT"
-run dig @10.0.0.1 +short MX signed.test
+run dig @ns1.unsigned.test +short MX signed.test
grep -qF "10 mail.signed.test." "$RUN_OUT"
run resolvectl query --legend=no -t MX signed.test
grep -qF "signed.test IN MX 10 mail.signed.test" "$RUN_OUT"
@@ -320,10 +371,30 @@ grep -qF "authenticated: yes" "$RUN_OUT"
# DNSSEC validation with multiple records of the same type for the same name
# Issue: https://github.com/systemd/systemd/issues/22002
# PR: https://github.com/systemd/systemd/pull/23289
-run delv @10.0.0.1 dupe.signed.test
-grep -qF "; fully validated" "$RUN_OUT"
-run delv dupe.signed.test
-grep -qF "; fully validated" "$RUN_OUT"
+check_domain() {
+ local domain="${1:?}"
+ local record="${2:?}"
+ local message="${3:?}"
+ local addr
+
+ for addr in "${DNS_ADDRESSES[@]}"; do
+ run delv "@$addr" -t "$record" "$domain"
+ grep -qF "$message" "$RUN_OUT"
+ done
+
+ run delv -t "$record" "$domain"
+ grep -qF "$message" "$RUN_OUT"
+
+ run resolvectl query "$domain"
+ grep -qF "authenticated: yes" "$RUN_OUT"
+}
+
+check_domain "dupe.signed.test" "A" "; fully validated"
+check_domain "dupe.signed.test" "AAAA" "; negative response, fully validated"
+check_domain "dupe-ipv6.signed.test" "AAAA" "; fully validated"
+check_domain "dupe-ipv6.signed.test" "A" "; negative response, fully validated"
+check_domain "dupe-mixed.signed.test" "A" "; fully validated"
+check_domain "dupe-mixed.signed.test" "AAAA" "; fully validated"
# Test resolution of CNAME chains
TIMESTAMP=$(date '+%F %T')
@@ -347,7 +418,7 @@ grep -qE "^follow14\.final\.signed\.test\..+IN\s+NSEC\s+" "$RUN_OUT"
# Check the trust chain (with and without systemd-resolved in between
# Issue: https://github.com/systemd/systemd/issues/22002
# PR: https://github.com/systemd/systemd/pull/23289
-run delv @10.0.0.1 sub.onlinesign.test
+run delv @ns1.unsigned.test sub.onlinesign.test
grep -qF "; fully validated" "$RUN_OUT"
run delv sub.onlinesign.test
grep -qF "; fully validated" "$RUN_OUT"
@@ -357,10 +428,27 @@ grep -qF "10.0.0.133" "$RUN_OUT"
run resolvectl query sub.onlinesign.test
grep -qF "sub.onlinesign.test: 10.0.0.133" "$RUN_OUT"
grep -qF "authenticated: yes" "$RUN_OUT"
-run dig @10.0.0.1 +short TXT onlinesign.test
+run dig @ns1.unsigned.test +short TXT onlinesign.test
grep -qF '"hello from onlinesign"' "$RUN_OUT"
run resolvectl query --legend=no -t TXT onlinesign.test
grep -qF 'onlinesign.test IN TXT "hello from onlinesign"' "$RUN_OUT"
+
+for addr in "${DNS_ADDRESSES[@]}"; do
+ run delv "@$addr" -t A dual.onlinesign.test
+ grep -qF "10.0.0.135" "$RUN_OUT"
+ run delv "@$addr" -t AAAA dual.onlinesign.test
+ grep -qF "fd00:dead:beef:cafe::135" "$RUN_OUT"
+ run delv "@$addr" -t ANY ipv6.onlinesign.test
+ grep -qF "fd00:dead:beef:cafe::136" "$RUN_OUT"
+done
+run resolvectl query dual.onlinesign.test
+grep -qF "10.0.0.135" "$RUN_OUT"
+grep -qF "fd00:dead:beef:cafe::135" "$RUN_OUT"
+grep -qF "authenticated: yes" "$RUN_OUT"
+run resolvectl query ipv6.onlinesign.test
+grep -qF "fd00:dead:beef:cafe::136" "$RUN_OUT"
+grep -qF "authenticated: yes" "$RUN_OUT"
+
# Check a non-existent domain
# Note: mod-onlinesign utilizes Minimally Covering NSEC Records, hence the
# different response than with "standard" DNSSEC
@@ -378,11 +466,18 @@ run busctl call org.freedesktop.resolve1 /org/freedesktop/resolve1 org.freedeskt
grep -qF '10 0 0 134 "secondsub.onlinesign.test"' "$RUN_OUT"
monitor_check_rr "$TIMESTAMP" "secondsub.onlinesign.test IN A 10.0.0.134"
+
: "--- ZONE: untrusted.test (DNSSEC without propagated DS records) ---"
-run dig +short untrusted.test
-grep -qF "10.0.0.121" "$RUN_OUT"
+# Issue: https://github.com/systemd/systemd/issues/23955
+# FIXME
+resolvectl flush-caches
+#run dig +short untrusted.test A untrusted.test AAAA
+#grep -qF "10.0.0.121" "$RUN_OUT"
+#grep -qF "fd00:dead:beef:cafe::121" "$RUN_OUT"
run resolvectl query untrusted.test
-grep -qF "untrusted.test: 10.0.0.121" "$RUN_OUT"
+grep -qF "untrusted.test:" "$RUN_OUT"
+grep -qF "10.0.0.121" "$RUN_OUT"
+grep -qF "fd00:dead:beef:cafe::121" "$RUN_OUT"
grep -qF "authenticated: no" "$RUN_OUT"
# Issue: https://github.com/systemd/systemd/issues/19472

View File

@ -0,0 +1,77 @@
From 87d5bd17be4893556652225ae44889ff7093a0aa Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Fri, 8 Jul 2022 18:12:47 +0200
Subject: [PATCH] test: add a couple of SRV records to check service resolution
(cherry picked from commit 3095bd2ccaf55f7c20567b990844dc2d9b451376)
Related: #2138081
---
test/knot-data/zones/signed.test.zone | 8 ++++++++
test/knot-data/zones/untrusted.test.zone | 4 ++++
test/units/testsuite-75.sh | 17 +++++++++++++++++
3 files changed, 29 insertions(+)
diff --git a/test/knot-data/zones/signed.test.zone b/test/knot-data/zones/signed.test.zone
index fa6706205a..6ddeb0048e 100644
--- a/test/knot-data/zones/signed.test.zone
+++ b/test/knot-data/zones/signed.test.zone
@@ -49,3 +49,11 @@ follow11.yet.so.far CNAME follow12.getting.hot.signed.test.
follow12.getting.hot CNAME follow13.almost.final.signed.test.
follow13.almost.final CNAME follow14.final.signed.test.
follow14.final A 10.0.0.14
+
+myservice A 10.0.0.20
+myservice AAAA fd00:dead:beef:cafe::17
+_mysvc._tcp SRV 10 5 1234 myservice
+
+_invalidsvc._udp SRV 5 5 1111 invalidservice
+
+_untrustedsvc._udp SRV 5 5 1111 myservice.untrusted.test.
diff --git a/test/knot-data/zones/untrusted.test.zone b/test/knot-data/zones/untrusted.test.zone
index cf0dec5296..a0dca62ca8 100644
--- a/test/knot-data/zones/untrusted.test.zone
+++ b/test/knot-data/zones/untrusted.test.zone
@@ -20,3 +20,7 @@ $ORIGIN untrusted.test.
A 10.0.0.121
AAAA fd00:dead:beef:cafe::121
mail A 10.0.0.122
+
+myservice A 10.0.0.123
+ AAAA fd00:dead:beef:cafe::123
+_mysvc._tcp SRV 10 5 1234 myservice
diff --git a/test/units/testsuite-75.sh b/test/units/testsuite-75.sh
index 76b8f5b3c7..66cc6c9d66 100755
--- a/test/units/testsuite-75.sh
+++ b/test/units/testsuite-75.sh
@@ -367,6 +367,19 @@ grep -qF "status: NXDOMAIN" "$RUN_OUT"
run resolvectl query -t TXT this.should.be.authenticated.wild.signed.test
grep -qF 'this.should.be.authenticated.wild.signed.test IN TXT "this is a wildcard"' "$RUN_OUT"
grep -qF "authenticated: yes" "$RUN_OUT"
+# Check SRV support
+run resolvectl service _mysvc._tcp signed.test
+grep -qF "myservice.signed.test:1234" "$RUN_OUT"
+grep -qF "10.0.0.20" "$RUN_OUT"
+grep -qF "fd00:dead:beef:cafe::17" "$RUN_OUT"
+grep -qF "authenticated: yes" "$RUN_OUT"
+(! run resolvectl service _invalidsvc._udp signed.test)
+grep -qE "invalidservice\.signed\.test' not found" "$RUN_OUT"
+run resolvectl service _untrustedsvc._udp signed.test
+grep -qF "myservice.untrusted.test:1111" "$RUN_OUT"
+grep -qF "10.0.0.123" "$RUN_OUT"
+grep -qF "fd00:dead:beef:cafe::123" "$RUN_OUT"
+grep -qF "authenticated: yes" "$RUN_OUT"
# DNSSEC validation with multiple records of the same type for the same name
# Issue: https://github.com/systemd/systemd/issues/22002
@@ -479,6 +492,10 @@ grep -qF "untrusted.test:" "$RUN_OUT"
grep -qF "10.0.0.121" "$RUN_OUT"
grep -qF "fd00:dead:beef:cafe::121" "$RUN_OUT"
grep -qF "authenticated: no" "$RUN_OUT"
+run resolvectl service _mysvc._tcp untrusted.test
+grep -qF "myservice.untrusted.test:1234" "$RUN_OUT"
+grep -qF "10.0.0.123" "$RUN_OUT"
+grep -qF "fd00:dead:beef:cafe::123" "$RUN_OUT"
# Issue: https://github.com/systemd/systemd/issues/19472
# 1) Query for a non-existing RR should return NOERROR + NSEC (?), not NXDOMAIN

View File

@ -0,0 +1,52 @@
From c1a79dbfdf667e965d8d390e6d395b64de1e2253 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Fri, 8 Jul 2022 20:23:13 +0200
Subject: [PATCH] test: add a test for the OPENPGPKEY RR
(cherry picked from commit 05bb428952d0a91c53398e8b20801af9fb7530f1)
Related: #2138081
---
test/knot-data/zones/signed.test.zone | 14 ++++++++++++++
test/units/testsuite-75.sh | 6 ++++++
2 files changed, 20 insertions(+)
diff --git a/test/knot-data/zones/signed.test.zone b/test/knot-data/zones/signed.test.zone
index 6ddeb0048e..a2baac4284 100644
--- a/test/knot-data/zones/signed.test.zone
+++ b/test/knot-data/zones/signed.test.zone
@@ -57,3 +57,17 @@ _mysvc._tcp SRV 10 5 1234 myservice
_invalidsvc._udp SRV 5 5 1111 invalidservice
_untrustedsvc._udp SRV 5 5 1111 myservice.untrusted.test.
+
+; OPENPGPKEY RR for mr.smith@signed.test
+; The hash was generated using `echo -ne mr.smith | sha256sum | head -c56`
+; and exported via `gpg --export mr.smith | base64`
+5a786cdc59c161cdafd818143705026636962198c66ed4c5b3da321e._openpgpkey OPENPGPKEY (
+ mDMEYshhzhYJKwYBBAHaRw8BAQdAuU2RxKaycSdaR5YZ/q+/yoHeil/1WNRDVbpjPSd6QBa0GW1y
+ LnNtaXRoQHNpZ25lZC50ZXN0LnpvbmWImQQTFggAQRYhBIOXLJwlwowvXQVeJ3d9yvMKUDBWBQJi
+ yGHOAhsDBQkDwmcABQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEHd9yvMKUDBWo6MA/2oC
+ zdnzMlK9gM5bNCFfPyagJfFfv7fW1l7WXTve6FJtAP0faW24ahE1okjmrsTUwqZHvDThysW5zTSt
+ j49S3JQDA7g4BGLIYc4SCisGAQQBl1UBBQEBB0CuNcTAt5AUE3seFN/Gm2euC+8dgtztyzoO/78K
+ ictFLAMBCAeIeAQYFggAIBYhBIOXLJwlwowvXQVeJ3d9yvMKUDBWBQJiyGHOAhsMAAoJEHd9yvMK
+ UDBWtxkA/jlbUgHpSoTKFNNTeXYbTz9jnoupe9eT4O3tU55ofwO7AQCa5ntSIuzDJ1E2iy7oOLOZ
+ m2ocNqpC7SULHhSKYfUWDg==
+)
diff --git a/test/units/testsuite-75.sh b/test/units/testsuite-75.sh
index 66cc6c9d66..d36cab2923 100755
--- a/test/units/testsuite-75.sh
+++ b/test/units/testsuite-75.sh
@@ -380,6 +380,12 @@ grep -qF "myservice.untrusted.test:1111" "$RUN_OUT"
grep -qF "10.0.0.123" "$RUN_OUT"
grep -qF "fd00:dead:beef:cafe::123" "$RUN_OUT"
grep -qF "authenticated: yes" "$RUN_OUT"
+# Check OPENPGPKEY support
+run delv -t OPENPGPKEY 5a786cdc59c161cdafd818143705026636962198c66ed4c5b3da321e._openpgpkey.signed.test
+grep -qF "; fully validated" "$RUN_OUT"
+run resolvectl openpgp mr.smith@signed.test
+grep -qF "5a786cdc59c161cdafd818143705026636962198c66ed4c5b3da321e._openpgpkey.signed.test" "$RUN_OUT"
+grep -qF "authenticated: yes" "$RUN_OUT"
# DNSSEC validation with multiple records of the same type for the same name
# Issue: https://github.com/systemd/systemd/issues/22002

View File

@ -0,0 +1,25 @@
From 3da691ba7ed23db37930dff5452fe3c3dcd9a963 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Fri, 27 Jan 2023 14:29:42 +0100
Subject: [PATCH] test: don't hang indefinitely on no match
(cherry picked from commit 270e9dcdb8c7f0f3c8b56803d0ef7bbf867b9fd1)
Related: #2138081
---
test/units/testsuite-75.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/units/testsuite-75.sh b/test/units/testsuite-75.sh
index d36cab2923..ddd86d09bb 100755
--- a/test/units/testsuite-75.sh
+++ b/test/units/testsuite-75.sh
@@ -41,7 +41,7 @@ monitor_check_rr() (
# displayed. We turn off pipefail for this, since we don't care about the
# lhs of this pipe expression, we only care about the rhs' result to be
# clean
- journalctl -u resmontest.service --since "$since" -f --full | grep -m1 "$match"
+ timeout -v 30s journalctl -u resmontest.service --since "$since" -f --full | grep -m1 "$match"
)
# Test for resolvectl, resolvconf

View File

@ -0,0 +1,139 @@
From 1d93f12c7068dedf9393f8d4d86335e1f40537c3 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 20 Jan 2023 14:37:12 +0900
Subject: [PATCH] test-ndisc: fix memleak and fd leak
Fixes issues reported at #22576.
(cherry picked from commit 86d82cb8885afaac374225b945b2efc2a013cb7e)
Related: #2138081
---
src/libsystemd-network/test-ndisc-ra.c | 20 ++++++--------------
src/libsystemd-network/test-ndisc-rs.c | 21 ++++++++-------------
2 files changed, 14 insertions(+), 27 deletions(-)
diff --git a/src/libsystemd-network/test-ndisc-ra.c b/src/libsystemd-network/test-ndisc-ra.c
index 001df4d473..bd8c0fd426 100644
--- a/src/libsystemd-network/test-ndisc-ra.c
+++ b/src/libsystemd-network/test-ndisc-ra.c
@@ -53,7 +53,6 @@ static uint8_t advertisement[] = {
static bool test_stopped;
static int test_fd[2];
-static sd_event_source *recv_router_advertisement;
static struct {
struct in6_addr address;
unsigned char prefixlen;
@@ -281,9 +280,9 @@ static int radv_recv(sd_event_source *s, int fd, uint32_t revents, void *userdat
}
TEST(ra) {
- sd_event *e;
- sd_radv *ra;
- unsigned i;
+ _cleanup_(sd_event_unrefp) sd_event *e = NULL;
+ _cleanup_(sd_event_source_unrefp) sd_event_source *recv_router_advertisement = NULL;
+ _cleanup_(sd_radv_unrefp) sd_radv *ra = NULL;
assert_se(socketpair(AF_UNIX, SOCK_SEQPACKET | SOCK_CLOEXEC | SOCK_NONBLOCK, 0, test_fd) >= 0);
@@ -303,7 +302,7 @@ TEST(ra) {
assert_se(sd_radv_set_rdnss(ra, 60, &test_rdnss, 1) >= 0);
assert_se(sd_radv_set_dnssl(ra, 60, (char **)test_dnssl) >= 0);
- for (i = 0; i < ELEMENTSOF(prefix); i++) {
+ for (unsigned i = 0; i < ELEMENTSOF(prefix); i++) {
sd_radv_prefix *p;
printf("Test prefix %u\n", i);
@@ -324,8 +323,8 @@ TEST(ra) {
assert_se(!p);
}
- assert_se(sd_event_add_io(e, &recv_router_advertisement, test_fd[0],
- EPOLLIN, radv_recv, ra) >= 0);
+ assert_se(sd_event_add_io(e, &recv_router_advertisement, test_fd[0], EPOLLIN, radv_recv, ra) >= 0);
+ assert_se(sd_event_source_set_io_fd_own(recv_router_advertisement, true) >= 0);
assert_se(sd_event_add_time_relative(e, NULL, CLOCK_BOOTTIME,
2 * USEC_PER_SEC, 0,
@@ -334,13 +333,6 @@ TEST(ra) {
assert_se(sd_radv_start(ra) >= 0);
assert_se(sd_event_loop(e) >= 0);
-
- ra = sd_radv_unref(ra);
- assert_se(!ra);
-
- close(test_fd[0]);
-
- sd_event_unref(e);
}
DEFINE_TEST_MAIN(LOG_DEBUG);
diff --git a/src/libsystemd-network/test-ndisc-rs.c b/src/libsystemd-network/test-ndisc-rs.c
index 3c679f60b5..e501b64377 100644
--- a/src/libsystemd-network/test-ndisc-rs.c
+++ b/src/libsystemd-network/test-ndisc-rs.c
@@ -10,6 +10,7 @@
#include "sd-ndisc.h"
#include "alloc-util.h"
+#include "fd-util.h"
#include "hexdecoct.h"
#include "icmp6-util.h"
#include "socket-util.h"
@@ -255,8 +256,8 @@ static void test_callback(sd_ndisc *nd, sd_ndisc_event_t event, sd_ndisc_router
}
TEST(rs) {
- sd_event *e;
- sd_ndisc *nd;
+ _cleanup_(sd_event_unrefp) sd_event *e = NULL;
+ _cleanup_(sd_ndisc_unrefp) sd_ndisc *nd = NULL;
send_ra_function = send_ra;
@@ -279,17 +280,13 @@ TEST(rs) {
assert_se(sd_ndisc_start(nd) >= 0);
assert_se(sd_ndisc_start(nd) >= 0);
assert_se(sd_ndisc_stop(nd) >= 0);
+ test_fd[1] = safe_close(test_fd[1]);
assert_se(sd_ndisc_start(nd) >= 0);
assert_se(sd_event_loop(e) >= 0);
- nd = sd_ndisc_unref(nd);
- assert_se(!nd);
-
- close(test_fd[1]);
-
- sd_event_unref(e);
+ test_fd[1] = safe_close(test_fd[1]);
}
static int test_timeout_value(uint8_t flags) {
@@ -342,8 +339,8 @@ static int test_timeout_value(uint8_t flags) {
}
TEST(timeout) {
- sd_event *e;
- sd_ndisc *nd;
+ _cleanup_(sd_event_unrefp) sd_event *e = NULL;
+ _cleanup_(sd_ndisc_unrefp) sd_ndisc *nd = NULL;
send_ra_function = test_timeout_value;
@@ -367,9 +364,7 @@ TEST(timeout) {
assert_se(sd_event_loop(e) >= 0);
- nd = sd_ndisc_unref(nd);
-
- sd_event_unref(e);
+ test_fd[1] = safe_close(test_fd[1]);
}
DEFINE_TEST_MAIN(LOG_DEBUG);

View File

@ -0,0 +1,33 @@
From a1ab44a859080aebd79355f58e57739ce4225e97 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 20 Jan 2023 14:54:44 +0900
Subject: [PATCH] test-unit-name: fix fd leak
Fixes an issue reported at https://github.com/systemd/systemd/issues/22576#issuecomment-1396774385.
(cherry picked from commit 36f73b6c67afd9c826e612b751ea8f9249da7985)
Related: #2138081
---
src/test/test-unit-name.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c
index 43fdb15d1c..eec4831b4e 100644
--- a/src/test/test-unit-name.c
+++ b/src/test/test-unit-name.c
@@ -241,11 +241,13 @@ TEST_RET(unit_printf, .sd_booted = true) {
*user, *group, *uid, *gid, *home, *shell,
*tmp_dir, *var_tmp_dir;
_cleanup_(manager_freep) Manager *m = NULL;
+ _cleanup_close_ int fd = -EBADF;
Unit *u;
int r;
_cleanup_(unlink_tempfilep) char filename[] = "/tmp/test-unit_printf.XXXXXX";
- assert_se(mkostemp_safe(filename) >= 0);
+ fd = mkostemp_safe(filename);
+ assert_se(fd >= 0);
/* Using the specifier functions is admittedly a bit circular, but we don't want to reimplement the
* logic a second time. We're at least testing that the hookup works. */

View File

@ -0,0 +1,57 @@
From f2a1b51350d535cbb6ed3a3d11071651e54f5c3c Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Tue, 17 Jan 2023 18:04:30 +0100
Subject: [PATCH] test: bump D-Bus service start timeout if we run without
accel
The default (25s) doesn't seem to be enough in some cases (especially
in VMs without acceleration), causing spurious timeouts:
[ 174.297658] dbus-daemon[647]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' requested by ':1.0' (uid=0 pid=645 comm="hostnamectl " label="kernel")
[ 184.202313] systemd[1]: systemd-update-utmp-runlevel.service: Consumed 1.253s CPU time.
[ 197.335422] systemd[1]: Started dbus.service.
[ 199.211468] testsuite-71.sh[639]: + assert_in 'Static hostname: H' ''
[ 199.347192] dbus-daemon[647]: [system] Failed to activate service 'org.freedesktop.hostname1': timed out (service_start_timeout=25000ms)
[ 199.394879] testsuite-71.sh[657]: + set +ex
[ 199.438918] testsuite-71.sh[657]: FAIL: 'Static hostname: H' not found in:
[ 200.966006] systemd-logind[631]: Watching system buttons on /dev/input/event0 (Power Button)
[ 201.008178] systemd-logind[631]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
[ 201.034106] systemd-logind[631]: New seat seat0.
[ 201.238267] sh[658]: + systemctl poweroff --no-block
[ 201.329890] systemd[1]: Starting systemd-hostnamed.service...
[ 202.156622] systemd[1]: systemd-update-utmp-runlevel.service: Deactivated successfully.
[ 204.818913] hostnamectl[645]: Failed to query system properties: Connection timed out
[ 205.195583] systemd[1]: testsuite-71.service: Main process exited, code=exited, status=1/FAILURE
[ 205.227237] systemd[1]: testsuite-71.service: Failed with result 'exit-code'.
[ 205.712780] systemd[1]: Failed to start testsuite-71.service.
(cherry picked from commit c78d18215b3e5b0f0896ddb1d0d72c666b5e830b)
Related: #2138081
---
test/test-functions | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/test/test-functions b/test/test-functions
index 94e11a686a..6e4ea80d89 100644
--- a/test/test-functions
+++ b/test/test-functions
@@ -1909,6 +1909,18 @@ install_dbus() {
</policy>
</busconfig>
EOF
+
+ # If we run without KVM, bump the service start timeout
+ if ! get_bool "$QEMU_KVM"; then
+ cat >"$initdir/etc/dbus-1/system.d/service.timeout.conf" <<EOF
+<?xml version="1.0"?>
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "https://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+ <limit name="service_start_timeout">60000</limit>
+</busconfig>
+EOF
+ fi
}
install_user_dbus() {

View File

@ -0,0 +1,49 @@
From 922c24e6b2074d63dd5554f2f0015a680958293e Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Mon, 23 Jan 2023 18:40:38 +0100
Subject: [PATCH] test: bump the client-side timeout in sd-bus as well
Since c78d18215b D-Bus services now have 60s to start, but the client
side (sd-bus) still waits only for 25s before giving up:
```
[ 226.196380] testsuite-71.sh[556]: + assert_in 'Static hostname: H' ''
[ 226.332965] testsuite-71.sh[576]: + set +ex
[ 226.332965] testsuite-71.sh[576]: FAIL: 'Static hostname: H' not found in:
[ 228.910782] sh[577]: + systemctl poweroff --no-block
[ 232.255584] hostnamectl[565]: Failed to query system properties: Connection timed out
[ 236.827514] systemd[1]: end.service: Consumed 2.131s CPU time.
[ 237.476969] dbus-daemon[566]: [system] Successfully activated service 'org.freedesktop.hostname1'
[ 237.516308] systemd[1]: system-modprobe.slice: Consumed 1.533s CPU time.
[ 237.794635] systemd[1]: testsuite-71.service: Main process exited, code=exited, status=1/FAILURE
[ 237.818469] systemd[1]: testsuite-71.service: Failed with result 'exit-code'.
[ 237.931415] systemd[1]: Failed to start testsuite-71.service.
[ 238.000833] systemd[1]: testsuite-71.service: Consumed 5.651s CPU time.
[ 238.181030] systemd[1]: Reached target testsuite.target.
```
Let's override the timeout in sd-bus as well to mitigate this.
Follow-up to c78d18215b3e5b0f0896ddb1d0d72c666b5e830b.
(cherry picked from commit e0cbb739113b9e2fbb67b27099430c351f03315c)
Related: #2138081
---
test/test-functions | 3 +++
1 file changed, 3 insertions(+)
diff --git a/test/test-functions b/test/test-functions
index 6e4ea80d89..1608644cbb 100644
--- a/test/test-functions
+++ b/test/test-functions
@@ -1920,6 +1920,9 @@ EOF
<limit name="service_start_timeout">60000</limit>
</busconfig>
EOF
+ # Bump the client-side timeout in sd-bus as well
+ mkdir -p "$initdir/etc/systemd/system.conf.d"
+ echo -e '[Manager]\nDefaultEnvironment=SYSTEMD_BUS_TIMEOUT=60' >"$initdir/etc/systemd/system.conf.d/bus-timeout.conf"
fi
}

View File

@ -0,0 +1,28 @@
From 5b859cca580ee9c050486024ebd8cfdb34049008 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Mon, 23 Jan 2023 19:13:49 +0100
Subject: [PATCH] test: bump the container spawn timeout to 60s
As 30s might be not enough on busy systems (and we already bumped the
reboot timeout from 30s to 60s for this reason).
(cherry picked from commit d932022ddfe021b1c49ffaf4d7dfe4093656f0c5)
Related: #2138081
---
test/test-shutdown.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/test-shutdown.py b/test/test-shutdown.py
index e181f976be..13e18ecbaa 100755
--- a/test/test-shutdown.py
+++ b/test/test-shutdown.py
@@ -17,7 +17,7 @@ def run(args):
logger.info("spawning test")
console = pexpect.spawn(args.command, args.arg, env={
"TERM": "linux",
- }, encoding='utf-8', timeout=30)
+ }, encoding='utf-8', timeout=60)
if args.verbose:
console.logfile = sys.stdout

View File

@ -0,0 +1,55 @@
From 44d34632660f8456b7ca09510ed1b469541fac65 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 16 Jan 2023 22:07:06 +0900
Subject: [PATCH] network: fix memleak
Fixes a bug introduced by af2aea8bb64b0dc42ecbe5549216eb567681a803.
Fixes #25883 and #25891.
(cherry picked from commit 303dfa73b389e8f6dc58954e867c21724c1446f7)
Related: #2138081
---
src/network/networkd-address.c | 6 +++++-
src/network/networkd-route.c | 6 +++++-
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c
index 259cd312c9..4f8f95cba6 100644
--- a/src/network/networkd-address.c
+++ b/src/network/networkd-address.c
@@ -1189,9 +1189,13 @@ int link_request_address(
(void) address_get(link, address, &existing);
- if (address->lifetime_valid_usec == 0)
+ if (address->lifetime_valid_usec == 0) {
+ if (consume_object)
+ address_free(address);
+
/* The requested address is outdated. Let's remove it. */
return address_remove_and_drop(existing);
+ }
if (!existing) {
_cleanup_(address_freep) Address *tmp = NULL;
diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c
index d1f3bab092..5214a8ad2c 100644
--- a/src/network/networkd-route.c
+++ b/src/network/networkd-route.c
@@ -1437,9 +1437,13 @@ int link_request_route(
(void) route_get(link->manager, link, route, &existing);
- if (route->lifetime_usec == 0)
+ if (route->lifetime_usec == 0) {
+ if (consume_object)
+ route_free(route);
+
/* The requested route is outdated. Let's remove it. */
return route_remove_and_drop(existing);
+ }
if (!existing) {
_cleanup_(route_freep) Route *tmp = NULL;

View File

@ -0,0 +1,64 @@
From 25e4d71e788ee7467e1d764c631de44d599e2b1c Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 13 Jan 2023 14:12:31 +0900
Subject: [PATCH] busctl: fix introspecting DBus properties
Follow-up for f2f7785d7a47ffa48ac929648794e1288509ddd8.
Fixes #26033.
(cherry picked from commit 2cbb171d20a07ec0a25296f167b0385de102d74e)
Related: #2138081
---
src/busctl/busctl.c | 21 +++++++++++++++++++--
1 file changed, 19 insertions(+), 2 deletions(-)
diff --git a/src/busctl/busctl.c b/src/busctl/busctl.c
index f57a5d605d..cc2d0e3458 100644
--- a/src/busctl/busctl.c
+++ b/src/busctl/busctl.c
@@ -1022,10 +1022,11 @@ static int introspect(int argc, char **argv, void *userdata) {
for (;;) {
Member *z;
- _cleanup_free_ char *buf = NULL;
+ _cleanup_free_ char *buf = NULL, *signature = NULL;
_cleanup_fclose_ FILE *mf = NULL;
size_t sz = 0;
- const char *name;
+ const char *name, *contents;
+ char type;
r = sd_bus_message_enter_container(reply, 'e', "sv");
if (r < 0)
@@ -1042,6 +1043,21 @@ static int introspect(int argc, char **argv, void *userdata) {
if (r < 0)
return bus_log_parse_error(r);
+ r = sd_bus_message_peek_type(reply, &type, &contents);
+ if (r <= 0)
+ return bus_log_parse_error(r == 0 ? EINVAL : r);
+
+ if (type == SD_BUS_TYPE_STRUCT_BEGIN)
+ signature = strjoin(CHAR_TO_STR(SD_BUS_TYPE_STRUCT_BEGIN), contents, CHAR_TO_STR(SD_BUS_TYPE_STRUCT_END));
+ else if (type == SD_BUS_TYPE_DICT_ENTRY_BEGIN)
+ signature = strjoin(CHAR_TO_STR(SD_BUS_TYPE_DICT_ENTRY_BEGIN), contents, CHAR_TO_STR(SD_BUS_TYPE_DICT_ENTRY_END));
+ else if (contents)
+ signature = strjoin(CHAR_TO_STR(type), contents);
+ else
+ signature = strdup(CHAR_TO_STR(type));
+ if (!signature)
+ return log_oom();
+
mf = open_memstream_unlocked(&buf, &sz);
if (!mf)
return log_oom();
@@ -1055,6 +1071,7 @@ static int introspect(int argc, char **argv, void *userdata) {
z = set_get(members, &((Member) {
.type = "property",
.interface = m->interface,
+ .signature = signature,
.name = (char*) name }));
if (z)
free_and_replace(z->value, buf);

View File

@ -0,0 +1,82 @@
From ae1806eea8c688c6561b5f7dcbaa6f682233b73e Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 16 Jan 2023 14:16:14 +0100
Subject: [PATCH] busctl: simplify peeking the type
let's peek the type before we enter the variant, not after, so that we
can reuse it as-is, instead having to recombine it later.
Follow-up for: #26049
(cherry picked from commit ec56edf55c26ed2c65cf8e86b81ab0b516c94dd9)
Related: #2138081
---
src/busctl/busctl.c | 30 ++++++++++--------------------
1 file changed, 10 insertions(+), 20 deletions(-)
diff --git a/src/busctl/busctl.c b/src/busctl/busctl.c
index cc2d0e3458..901b0e15f6 100644
--- a/src/busctl/busctl.c
+++ b/src/busctl/busctl.c
@@ -1021,17 +1021,16 @@ static int introspect(int argc, char **argv, void *userdata) {
return bus_log_parse_error(r);
for (;;) {
- Member *z;
- _cleanup_free_ char *buf = NULL, *signature = NULL;
_cleanup_fclose_ FILE *mf = NULL;
- size_t sz = 0;
+ _cleanup_free_ char *buf = NULL;
const char *name, *contents;
+ size_t sz = 0;
+ Member *z;
char type;
r = sd_bus_message_enter_container(reply, 'e', "sv");
if (r < 0)
return bus_log_parse_error(r);
-
if (r == 0)
break;
@@ -1039,24 +1038,15 @@ static int introspect(int argc, char **argv, void *userdata) {
if (r < 0)
return bus_log_parse_error(r);
- r = sd_bus_message_enter_container(reply, 'v', NULL);
+ r = sd_bus_message_peek_type(reply, &type, &contents);
if (r < 0)
return bus_log_parse_error(r);
+ if (type != 'v')
+ return bus_log_parse_error(EINVAL);
- r = sd_bus_message_peek_type(reply, &type, &contents);
- if (r <= 0)
- return bus_log_parse_error(r == 0 ? EINVAL : r);
-
- if (type == SD_BUS_TYPE_STRUCT_BEGIN)
- signature = strjoin(CHAR_TO_STR(SD_BUS_TYPE_STRUCT_BEGIN), contents, CHAR_TO_STR(SD_BUS_TYPE_STRUCT_END));
- else if (type == SD_BUS_TYPE_DICT_ENTRY_BEGIN)
- signature = strjoin(CHAR_TO_STR(SD_BUS_TYPE_DICT_ENTRY_BEGIN), contents, CHAR_TO_STR(SD_BUS_TYPE_DICT_ENTRY_END));
- else if (contents)
- signature = strjoin(CHAR_TO_STR(type), contents);
- else
- signature = strdup(CHAR_TO_STR(type));
- if (!signature)
- return log_oom();
+ r = sd_bus_message_enter_container(reply, 'v', contents);
+ if (r < 0)
+ return bus_log_parse_error(r);
mf = open_memstream_unlocked(&buf, &sz);
if (!mf)
@@ -1071,7 +1061,7 @@ static int introspect(int argc, char **argv, void *userdata) {
z = set_get(members, &((Member) {
.type = "property",
.interface = m->interface,
- .signature = signature,
+ .signature = (char*) contents,
.name = (char*) name }));
if (z)
free_and_replace(z->value, buf);

View File

@ -0,0 +1,29 @@
From fb589eae3231c6d968b116774097c90a64755f19 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 4 Nov 2022 12:53:07 +0900
Subject: [PATCH] resolve: drop redundant call of socket_ipv6_is_supported()
As link_relevant() is called with AF_INET6, which returns true only when
the link has at least one relevant IPv6 address.
(cherry picked from commit f6e4aa7b0370c8b39739e9d5dda780932489507a)
Related: #2138081
---
src/resolve/resolved-link.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/resolve/resolved-link.c b/src/resolve/resolved-link.c
index 9ab55eb82e..409d725686 100644
--- a/src/resolve/resolved-link.c
+++ b/src/resolve/resolved-link.c
@@ -152,8 +152,7 @@ void link_allocate_scopes(Link *l) {
if (link_relevant(l, AF_INET6, true) &&
l->llmnr_support != RESOLVE_SUPPORT_NO &&
- l->manager->llmnr_support != RESOLVE_SUPPORT_NO &&
- socket_ipv6_is_supported()) {
+ l->manager->llmnr_support != RESOLVE_SUPPORT_NO) {
if (!l->llmnr_ipv6_scope) {
r = dns_scope_new(l->manager, &l->llmnr_ipv6_scope, l, DNS_PROTOCOL_LLMNR, AF_INET6);
if (r < 0)

View File

@ -0,0 +1,181 @@
From d34f971ad09e43f583ff570e26c87e6cdc83d69d Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 4 Nov 2022 12:53:07 +0900
Subject: [PATCH] resolve: introduce link_get_llmnr_support() and
link_get_mdns_support()
(cherry picked from commit bce459e3275249574f2142236275b2c33a9f88e3)
Related: #2138081
---
src/resolve/resolved-link.c | 49 ++++++++++++++++++++++---------------
src/resolve/resolved-link.h | 3 +++
src/shared/resolve-util.h | 3 ++-
3 files changed, 34 insertions(+), 21 deletions(-)
diff --git a/src/resolve/resolved-link.c b/src/resolve/resolved-link.c
index 409d725686..86112f3a3b 100644
--- a/src/resolve/resolved-link.c
+++ b/src/resolve/resolved-link.c
@@ -140,8 +140,7 @@ void link_allocate_scopes(Link *l) {
l->unicast_scope = dns_scope_free(l->unicast_scope);
if (link_relevant(l, AF_INET, true) &&
- l->llmnr_support != RESOLVE_SUPPORT_NO &&
- l->manager->llmnr_support != RESOLVE_SUPPORT_NO) {
+ link_get_llmnr_support(l) != RESOLVE_SUPPORT_NO) {
if (!l->llmnr_ipv4_scope) {
r = dns_scope_new(l->manager, &l->llmnr_ipv4_scope, l, DNS_PROTOCOL_LLMNR, AF_INET);
if (r < 0)
@@ -151,8 +150,7 @@ void link_allocate_scopes(Link *l) {
l->llmnr_ipv4_scope = dns_scope_free(l->llmnr_ipv4_scope);
if (link_relevant(l, AF_INET6, true) &&
- l->llmnr_support != RESOLVE_SUPPORT_NO &&
- l->manager->llmnr_support != RESOLVE_SUPPORT_NO) {
+ link_get_llmnr_support(l) != RESOLVE_SUPPORT_NO) {
if (!l->llmnr_ipv6_scope) {
r = dns_scope_new(l->manager, &l->llmnr_ipv6_scope, l, DNS_PROTOCOL_LLMNR, AF_INET6);
if (r < 0)
@@ -162,8 +160,7 @@ void link_allocate_scopes(Link *l) {
l->llmnr_ipv6_scope = dns_scope_free(l->llmnr_ipv6_scope);
if (link_relevant(l, AF_INET, true) &&
- l->mdns_support != RESOLVE_SUPPORT_NO &&
- l->manager->mdns_support != RESOLVE_SUPPORT_NO) {
+ link_get_mdns_support(l) != RESOLVE_SUPPORT_NO) {
if (!l->mdns_ipv4_scope) {
r = dns_scope_new(l->manager, &l->mdns_ipv4_scope, l, DNS_PROTOCOL_MDNS, AF_INET);
if (r < 0)
@@ -173,8 +170,7 @@ void link_allocate_scopes(Link *l) {
l->mdns_ipv4_scope = dns_scope_free(l->mdns_ipv4_scope);
if (link_relevant(l, AF_INET6, true) &&
- l->mdns_support != RESOLVE_SUPPORT_NO &&
- l->manager->mdns_support != RESOLVE_SUPPORT_NO) {
+ link_get_mdns_support(l) != RESOLVE_SUPPORT_NO) {
if (!l->mdns_ipv6_scope) {
r = dns_scope_new(l->manager, &l->mdns_ipv6_scope, l, DNS_PROTOCOL_MDNS, AF_INET6);
if (r < 0)
@@ -191,8 +187,7 @@ void link_add_rrs(Link *l, bool force_remove) {
link_address_add_rrs(a, force_remove);
if (!force_remove &&
- l->mdns_support == RESOLVE_SUPPORT_YES &&
- l->manager->mdns_support == RESOLVE_SUPPORT_YES) {
+ link_get_mdns_support(l) == RESOLVE_SUPPORT_YES) {
if (l->mdns_ipv4_scope) {
r = dns_scope_add_dnssd_services(l->mdns_ipv4_scope);
@@ -651,13 +646,13 @@ int link_update(Link *l) {
if (r < 0)
return r;
- if (l->llmnr_support != RESOLVE_SUPPORT_NO) {
+ if (link_get_llmnr_support(l) != RESOLVE_SUPPORT_NO) {
r = manager_llmnr_start(l->manager);
if (r < 0)
return r;
}
- if (l->mdns_support != RESOLVE_SUPPORT_NO) {
+ if (link_get_mdns_support(l) != RESOLVE_SUPPORT_NO) {
r = manager_mdns_start(l->manager);
if (r < 0)
return r;
@@ -802,6 +797,24 @@ bool link_dnssec_supported(Link *l) {
return true;
}
+ResolveSupport link_get_llmnr_support(Link *link) {
+ assert(link);
+ assert(link->manager);
+
+ /* This provides the effective LLMNR support level for the link, instead of the 'internal' per-link setting. */
+
+ return MIN(link->llmnr_support, link->manager->llmnr_support);
+}
+
+ResolveSupport link_get_mdns_support(Link *link) {
+ assert(link);
+ assert(link->manager);
+
+ /* This provides the effective mDNS support level for the link, instead of the 'internal' per-link setting. */
+
+ return MIN(link->mdns_support, link->manager->mdns_support);
+}
+
int link_address_new(Link *l, LinkAddress **ret, int family, const union in_addr_union *in_addr) {
LinkAddress *a;
@@ -885,8 +898,7 @@ void link_address_add_rrs(LinkAddress *a, bool force_remove) {
if (!force_remove &&
link_address_relevant(a, true) &&
a->link->llmnr_ipv4_scope &&
- a->link->llmnr_support == RESOLVE_SUPPORT_YES &&
- a->link->manager->llmnr_support == RESOLVE_SUPPORT_YES) {
+ link_get_llmnr_support(a->link) == RESOLVE_SUPPORT_YES) {
if (!a->link->manager->llmnr_host_ipv4_key) {
a->link->manager->llmnr_host_ipv4_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_A, a->link->manager->llmnr_hostname);
@@ -939,8 +951,7 @@ void link_address_add_rrs(LinkAddress *a, bool force_remove) {
if (!force_remove &&
link_address_relevant(a, true) &&
a->link->mdns_ipv4_scope &&
- a->link->mdns_support == RESOLVE_SUPPORT_YES &&
- a->link->manager->mdns_support == RESOLVE_SUPPORT_YES) {
+ link_get_mdns_support(a->link) == RESOLVE_SUPPORT_YES) {
if (!a->link->manager->mdns_host_ipv4_key) {
a->link->manager->mdns_host_ipv4_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_A, a->link->manager->mdns_hostname);
if (!a->link->manager->mdns_host_ipv4_key) {
@@ -995,8 +1006,7 @@ void link_address_add_rrs(LinkAddress *a, bool force_remove) {
if (!force_remove &&
link_address_relevant(a, true) &&
a->link->llmnr_ipv6_scope &&
- a->link->llmnr_support == RESOLVE_SUPPORT_YES &&
- a->link->manager->llmnr_support == RESOLVE_SUPPORT_YES) {
+ link_get_llmnr_support(a->link) == RESOLVE_SUPPORT_YES) {
if (!a->link->manager->llmnr_host_ipv6_key) {
a->link->manager->llmnr_host_ipv6_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_AAAA, a->link->manager->llmnr_hostname);
@@ -1049,8 +1059,7 @@ void link_address_add_rrs(LinkAddress *a, bool force_remove) {
if (!force_remove &&
link_address_relevant(a, true) &&
a->link->mdns_ipv6_scope &&
- a->link->mdns_support == RESOLVE_SUPPORT_YES &&
- a->link->manager->mdns_support == RESOLVE_SUPPORT_YES) {
+ link_get_mdns_support(a->link) == RESOLVE_SUPPORT_YES) {
if (!a->link->manager->mdns_host_ipv6_key) {
a->link->manager->mdns_host_ipv6_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_AAAA, a->link->manager->mdns_hostname);
diff --git a/src/resolve/resolved-link.h b/src/resolve/resolved-link.h
index b5299e0b5b..d2043a1000 100644
--- a/src/resolve/resolved-link.h
+++ b/src/resolve/resolved-link.h
@@ -104,6 +104,9 @@ bool link_dnssec_supported(Link *l);
DnsOverTlsMode link_get_dns_over_tls_mode(Link *l);
+ResolveSupport link_get_llmnr_support(Link *link);
+ResolveSupport link_get_mdns_support(Link *link);
+
int link_save_user(Link *l);
int link_load_user(Link *l);
void link_remove_user(Link *l);
diff --git a/src/shared/resolve-util.h b/src/shared/resolve-util.h
index d9ab387301..e58173d864 100644
--- a/src/shared/resolve-util.h
+++ b/src/shared/resolve-util.h
@@ -25,10 +25,11 @@ typedef enum ResolveSupport ResolveSupport;
typedef enum DnssecMode DnssecMode;
typedef enum DnsOverTlsMode DnsOverTlsMode;
+/* Do not change the order, see link_get_llmnr_support() or link_get_mdns_support(). */
enum ResolveSupport {
RESOLVE_SUPPORT_NO,
- RESOLVE_SUPPORT_YES,
RESOLVE_SUPPORT_RESOLVE,
+ RESOLVE_SUPPORT_YES,
_RESOLVE_SUPPORT_MAX,
_RESOLVE_SUPPORT_INVALID = -EINVAL,
};

View File

@ -0,0 +1,42 @@
From f04078d864c969c7694a2cd131ca9eff75c15ce8 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 4 Nov 2022 12:53:07 +0900
Subject: [PATCH] resolve: provide effective supporting levels of mDNS and
LLMNR
The per-link settings are ignored if the feature is disabled by the global setting.
Let's announce the effective level, to make not users confused.
Closes #24863.
(cherry picked from commit dc167037c4e7407bf597a65224c736874abeca11)
Related: #2138081
---
src/resolve/resolved-link-bus.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/resolve/resolved-link-bus.c b/src/resolve/resolved-link-bus.c
index a817b1b453..1f7d092112 100644
--- a/src/resolve/resolved-link-bus.c
+++ b/src/resolve/resolved-link-bus.c
@@ -22,6 +22,8 @@
static BUS_DEFINE_PROPERTY_GET(property_get_dnssec_supported, "b", Link, link_dnssec_supported);
static BUS_DEFINE_PROPERTY_GET2(property_get_dnssec_mode, "s", Link, link_get_dnssec_mode, dnssec_mode_to_string);
+static BUS_DEFINE_PROPERTY_GET2(property_get_llmnr_support, "s", Link, link_get_llmnr_support, resolve_support_to_string);
+static BUS_DEFINE_PROPERTY_GET2(property_get_mdns_support, "s", Link, link_get_mdns_support, resolve_support_to_string);
static int property_get_dns_over_tls_mode(
sd_bus *bus,
@@ -864,8 +866,8 @@ static const sd_bus_vtable link_vtable[] = {
SD_BUS_PROPERTY("CurrentDNSServerEx", "(iayqs)", property_get_current_dns_server_ex, offsetof(Link, current_dns_server), 0),
SD_BUS_PROPERTY("Domains", "a(sb)", property_get_domains, 0, 0),
SD_BUS_PROPERTY("DefaultRoute", "b", property_get_default_route, 0, 0),
- SD_BUS_PROPERTY("LLMNR", "s", bus_property_get_resolve_support, offsetof(Link, llmnr_support), 0),
- SD_BUS_PROPERTY("MulticastDNS", "s", bus_property_get_resolve_support, offsetof(Link, mdns_support), 0),
+ SD_BUS_PROPERTY("LLMNR", "s", property_get_llmnr_support, 0, 0),
+ SD_BUS_PROPERTY("MulticastDNS", "s", property_get_mdns_support, 0, 0),
SD_BUS_PROPERTY("DNSOverTLS", "s", property_get_dns_over_tls_mode, 0, 0),
SD_BUS_PROPERTY("DNSSEC", "s", property_get_dnssec_mode, 0, 0),
SD_BUS_PROPERTY("DNSSECNegativeTrustAnchors", "as", property_get_ntas, 0, 0),

View File

@ -0,0 +1,89 @@
From 4b911f2d385feb8153dacaf923108fc6d00fa149 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 4 Nov 2022 13:11:55 +0900
Subject: [PATCH] resolvectl: warn if the global mDNS or LLMNR support level is
lower than the requested one
(cherry picked from commit c38a03df4af78721f45947ffa2013554d81954a4)
Related: #2138081
---
src/resolve/resolvectl.c | 37 +++++++++++++++++++++++++++++++++++++
1 file changed, 37 insertions(+)
diff --git a/src/resolve/resolvectl.c b/src/resolve/resolvectl.c
index 2a7347ca27..c52773508f 100644
--- a/src/resolve/resolvectl.c
+++ b/src/resolve/resolvectl.c
@@ -32,6 +32,7 @@
#include "pretty-print.h"
#include "process-util.h"
#include "resolvconf-compat.h"
+#include "resolve-util.h"
#include "resolvectl.h"
#include "resolved-def.h"
#include "resolved-dns-packet.h"
@@ -2280,6 +2281,8 @@ static int verb_default_route(int argc, char **argv, void *userdata) {
static int verb_llmnr(int argc, char **argv, void *userdata) {
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+ _cleanup_free_ char *global_llmnr_support_str = NULL;
+ ResolveSupport global_llmnr_support, llmnr_support;
sd_bus *bus = ASSERT_PTR(userdata);
int r;
@@ -2295,6 +2298,22 @@ static int verb_llmnr(int argc, char **argv, void *userdata) {
if (argc < 3)
return status_ifindex(bus, arg_ifindex, NULL, STATUS_LLMNR, NULL);
+ llmnr_support = resolve_support_from_string(argv[2]);
+ if (llmnr_support < 0)
+ return log_error_errno(llmnr_support, "Invalid LLMNR setting: %s", argv[2]);
+
+ r = bus_get_property_string(bus, bus_resolve_mgr, "LLMNR", &error, &global_llmnr_support_str);
+ if (r < 0)
+ return log_error_errno(r, "Failed to get the global LLMNR support state: %s", bus_error_message(&error, r));
+
+ global_llmnr_support = resolve_support_from_string(global_llmnr_support_str);
+ if (global_llmnr_support < 0)
+ return log_error_errno(global_llmnr_support, "Received invalid global LLMNR setting: %s", global_llmnr_support_str);
+
+ if (global_llmnr_support < llmnr_support)
+ log_warning("Setting LLMNR support level \"%s\" for \"%s\", but the global support level is \"%s\".",
+ argv[2], arg_ifname, global_llmnr_support_str);
+
r = bus_call_method(bus, bus_resolve_mgr, "SetLinkLLMNR", &error, NULL, "is", arg_ifindex, argv[2]);
if (r < 0 && sd_bus_error_has_name(&error, BUS_ERROR_LINK_BUSY)) {
sd_bus_error_free(&error);
@@ -2314,6 +2333,8 @@ static int verb_llmnr(int argc, char **argv, void *userdata) {
static int verb_mdns(int argc, char **argv, void *userdata) {
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+ _cleanup_free_ char *global_mdns_support_str = NULL;
+ ResolveSupport global_mdns_support, mdns_support;
sd_bus *bus = ASSERT_PTR(userdata);
int r;
@@ -2329,6 +2350,22 @@ static int verb_mdns(int argc, char **argv, void *userdata) {
if (argc < 3)
return status_ifindex(bus, arg_ifindex, NULL, STATUS_MDNS, NULL);
+ mdns_support = resolve_support_from_string(argv[2]);
+ if (mdns_support < 0)
+ return log_error_errno(mdns_support, "Invalid mDNS setting: %s", argv[2]);
+
+ r = bus_get_property_string(bus, bus_resolve_mgr, "MulticastDNS", &error, &global_mdns_support_str);
+ if (r < 0)
+ return log_error_errno(r, "Failed to get the global mDNS support state: %s", bus_error_message(&error, r));
+
+ global_mdns_support = resolve_support_from_string(global_mdns_support_str);
+ if (global_mdns_support < 0)
+ return log_error_errno(global_mdns_support, "Received invalid global mDNS setting: %s", global_mdns_support_str);
+
+ if (global_mdns_support < mdns_support)
+ log_warning("Setting mDNS support level \"%s\" for \"%s\", but the global support level is \"%s\".",
+ argv[2], arg_ifname, global_mdns_support_str);
+
r = bus_call_method(bus, bus_resolve_mgr, "SetLinkMulticastDNS", &error, NULL, "is", arg_ifindex, argv[2]);
if (r < 0 && sd_bus_error_has_name(&error, BUS_ERROR_LINK_BUSY)) {
sd_bus_error_free(&error);

View File

@ -0,0 +1,71 @@
From 11132a6c20b64eb14a3386ff480086b5bae72146 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 4 Nov 2022 12:06:21 +0900
Subject: [PATCH] resolve: enable per-link mDNS setting by default
Otherwise, if the link is not managed by systemd-networkd, mDNS cannot
be enabled without calling `resolvectl` explicitly.
Fixes #25252.
(cherry picked from commit e31540196b8fb136a8f197c7a26d851bd0b93329)
Related: #2138081
---
src/resolve/resolved-link-bus.c | 2 +-
src/resolve/resolved-link.c | 8 ++++----
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/resolve/resolved-link-bus.c b/src/resolve/resolved-link-bus.c
index 1f7d092112..9b6d14f20c 100644
--- a/src/resolve/resolved-link-bus.c
+++ b/src/resolve/resolved-link-bus.c
@@ -562,7 +562,7 @@ int bus_link_method_set_mdns(sd_bus_message *message, void *userdata, sd_bus_err
return r;
if (isempty(mdns))
- mode = RESOLVE_SUPPORT_NO;
+ mode = RESOLVE_SUPPORT_YES;
else {
mode = resolve_support_from_string(mdns);
if (mode < 0)
diff --git a/src/resolve/resolved-link.c b/src/resolve/resolved-link.c
index 86112f3a3b..d41f6f3e54 100644
--- a/src/resolve/resolved-link.c
+++ b/src/resolve/resolved-link.c
@@ -37,7 +37,7 @@ int link_new(Manager *m, Link **ret, int ifindex) {
.ifindex = ifindex,
.default_route = -1,
.llmnr_support = RESOLVE_SUPPORT_YES,
- .mdns_support = RESOLVE_SUPPORT_NO,
+ .mdns_support = RESOLVE_SUPPORT_YES,
.dnssec_mode = _DNSSEC_MODE_INVALID,
.dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID,
.operstate = IF_OPER_UNKNOWN,
@@ -64,7 +64,7 @@ void link_flush_settings(Link *l) {
l->default_route = -1;
l->llmnr_support = RESOLVE_SUPPORT_YES;
- l->mdns_support = RESOLVE_SUPPORT_NO;
+ l->mdns_support = RESOLVE_SUPPORT_YES;
l->dnssec_mode = _DNSSEC_MODE_INVALID;
l->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID;
@@ -354,7 +354,7 @@ static int link_update_mdns_support(Link *l) {
assert(l);
- l->mdns_support = RESOLVE_SUPPORT_NO;
+ l->mdns_support = RESOLVE_SUPPORT_YES;
r = sd_network_link_get_mdns(l->ifindex, &b);
if (r == -ENODATA)
@@ -1156,7 +1156,7 @@ static bool link_needs_save(Link *l) {
return false;
if (l->llmnr_support != RESOLVE_SUPPORT_YES ||
- l->mdns_support != RESOLVE_SUPPORT_NO ||
+ l->mdns_support != RESOLVE_SUPPORT_YES ||
l->dnssec_mode != _DNSSEC_MODE_INVALID ||
l->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
return true;

View File

@ -21,7 +21,7 @@
Name: systemd
Url: https://www.freedesktop.org/wiki/Software/systemd
Version: 252
Release: 3%{?dist}
Release: 4%{?dist}
# For a breakdown of the licensing, see README
License: LGPLv2+ and MIT and GPLv2+
Summary: System and Service Manager
@ -257,6 +257,34 @@ Patch0176: 0176-core-unit-merge-unit-names-after-merging-deps.patch
Patch0177: 0177-core-unit-fix-log-message.patch
Patch0178: 0178-test-explicitly-create-the-etc-init.d-directory.patch
Patch0179: 0179-test-support-a-non-default-SysV-directory.patch
Patch0180: 0180-udev-make-get_virtfn_info-provide-physical-PCI-devic.patch
Patch0181: 0181-test-make-helper_check_device_units-log-unit-name.patch
Patch0182: 0182-test-add-a-testcase-for-lvextend.patch
Patch0183: 0183-pid1-fix-segv-triggered-by-status-query-26279.patch
Patch0184: 0184-test-create-config-under-run.patch
Patch0185: 0185-test-add-tests-for-mDNS-and-LLMNR-settings.patch
Patch0186: 0186-resolved-introduce-the-_localdnsstub-and-_localdnspr.patch
Patch0187: 0187-test-wait-for-the-monitoring-service-to-become-activ.patch
Patch0188: 0188-test-suppress-echo-in-monitor_check_rr.patch
Patch0189: 0189-Revert-test-wait-for-the-monitoring-service-to-becom.patch
Patch0190: 0190-test-show-and-check-almost-all-journal-entries-since.patch
Patch0191: 0191-test-cover-IPv6-in-the-resolved-test-suite.patch
Patch0192: 0192-test-add-a-couple-of-SRV-records-to-check-service-re.patch
Patch0193: 0193-test-add-a-test-for-the-OPENPGPKEY-RR.patch
Patch0194: 0194-test-don-t-hang-indefinitely-on-no-match.patch
Patch0195: 0195-test-ndisc-fix-memleak-and-fd-leak.patch
Patch0196: 0196-test-unit-name-fix-fd-leak.patch
Patch0197: 0197-test-bump-D-Bus-service-start-timeout-if-we-run-with.patch
Patch0198: 0198-test-bump-the-client-side-timeout-in-sd-bus-as-well.patch
Patch0199: 0199-test-bump-the-container-spawn-timeout-to-60s.patch
Patch0200: 0200-network-fix-memleak.patch
Patch0201: 0201-busctl-fix-introspecting-DBus-properties.patch
Patch0202: 0202-busctl-simplify-peeking-the-type.patch
Patch0203: 0203-resolve-drop-redundant-call-of-socket_ipv6_is_suppor.patch
Patch0204: 0204-resolve-introduce-link_get_llmnr_support-and-link_ge.patch
Patch0205: 0205-resolve-provide-effective-supporting-levels-of-mDNS-.patch
Patch0206: 0206-resolvectl-warn-if-the-global-mDNS-or-LLMNR-support-.patch
Patch0207: 0207-resolve-enable-per-link-mDNS-setting-by-default.patch
# Downstream-only patches (90009999)
@ -1048,6 +1076,36 @@ getent passwd systemd-oom &>/dev/null || useradd -r -l -g systemd-oom -d / -s /s
%files standalone-sysusers -f .file-list-standalone-sysusers
%changelog
* Mon Feb 06 2023 systemd maintenance team <systemd-maint@redhat.com> - 252-4
- udev: make get_virtfn_info() provide physical PCI device (#2159448)
- test: make helper_check_device_units() log unit name (#2138081)
- test: add a testcase for lvextend (#2138081)
- pid1: fix segv triggered by status query (#26279) (#2138081)
- test: create config under /run (#2138081)
- test: add tests for mDNS and LLMNR settings (#2138081)
- resolved: introduce the _localdnsstub and _localdnsproxy special hostnames for 127.0.0.54 + 127.0.0.53 (#2138081)
- test: wait for the monitoring service to become active (#2138081)
- test: suppress echo in monitor_check_rr() (#2138081)
- Revert "test: wait for the monitoring service to become active" (#2138081)
- test: show and check almost all journal entries since the relevant command being invoked (#2138081)
- test: cover IPv6 in the resolved test suite (#2138081)
- test: add a couple of SRV records to check service resolution (#2138081)
- test: add a test for the OPENPGPKEY RR (#2138081)
- test: don't hang indefinitely on no match (#2138081)
- test-ndisc: fix memleak and fd leak (#2138081)
- test-unit-name: fix fd leak (#2138081)
- test: bump D-Bus service start timeout if we run without accel (#2138081)
- test: bump the client-side timeout in sd-bus as well (#2138081)
- test: bump the container spawn timeout to 60s (#2138081)
- network: fix memleak (#2138081)
- busctl: fix introspecting DBus properties (#2138081)
- busctl: simplify peeking the type (#2138081)
- resolve: drop redundant call of socket_ipv6_is_supported() (#2138081)
- resolve: introduce link_get_llmnr_support() and link_get_mdns_support() (#2138081)
- resolve: provide effective supporting levels of mDNS and LLMNR (#2138081)
- resolvectl: warn if the global mDNS or LLMNR support level is lower than the requested one (#2138081)
- resolve: enable per-link mDNS setting by default (#2138081)
* Mon Jan 16 2023 systemd maintenance team <systemd-maint@redhat.com> - 252-3
- swap: tell swapon to reinitialize swap if needed (#2151993)
- coredump: adjust whitespace (#2155517)