Merge pull request systemd#4692 from poettering/networkd-dhcp

Various networkd/DHCP fixes.

Author: keszybz

man/nss-resolve.xml

@@ -63,16 +63,13 @@
     hostnames via DNS.</para>
 
     <para>To activate the NSS module, add <literal>resolve</literal> to the line starting with
-    <literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>
-
-    <para>It is recommended to place <literal>resolve</literal> early in <filename>/etc/nsswitch.conf</filename>'
-    <literal>hosts:</literal> line (but after the <literal>files</literal> or <literal>mymachines</literal> entries),
-    replacing the <literal>dns</literal> entry if it exists, to ensure DNS queries are always routed via
-    <citerefentry><refentrytitle>systemd-resolved</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
-
-    <para>Note that <command>nss-resolve</command> will chain-load <command>nss-dns</command> if
-    <filename>systemd-resolved.service</filename> is not running, ensuring that basic DNS resolution continues to work
-    if the service is down.</para>
+    <literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>. Specifcally, it is recommended to place
+    <literal>resolve</literal> early in <filename>/etc/nsswitch.conf</filename>' <literal>hosts:</literal> line (but
+    after the <literal>files</literal> or <literal>mymachines</literal> entries), right before the
+    <literal>dns</literal> entry if it exists, followed by <literal>[!UNAVAIL=return]</literal>, to ensure DNS queries
+    are always routed via
+    <citerefentry><refentrytitle>systemd-resolved</refentrytitle><manvolnum>8</manvolnum></citerefentry> if it is
+    running, but are routed to <command>nss-dns</command> if this service is not available.</para>
   </refsect1>
 
   <refsect1>
@@ -94,9 +91,6 @@ ethers:         db files
 rpc:            db files
 
 netgroup:       nis</programlisting>
-
-    <para>This keeps the <command>dns</command> module as a fallback for cases where the <command>nss-resolve</command>
-    module is not installed.</para>
   </refsect1>
 
   <refsect1>

src/basic/in-addr-util.c

@@ -31,15 +31,9 @@
 #include "util.h"
 
 bool in4_addr_is_null(const struct in_addr *a) {
-        return a->s_addr == 0;
-}
+        assert(a);
 
-bool in6_addr_is_null(const struct in6_addr *a) {
-        return
-                a->s6_addr32[0] == 0 &&
-                a->s6_addr32[1] == 0 &&
-                a->s6_addr32[2] == 0 &&
-                a->s6_addr32[3] == 0;
+        return a->s_addr == 0;
 }
 
 int in_addr_is_null(int family, const union in_addr_union *u) {
@@ -49,29 +43,41 @@ int in_addr_is_null(int family, const union in_addr_union *u) {
                 return in4_addr_is_null(&u->in);
 
         if (family == AF_INET6)
-                return in6_addr_is_null(&u->in6);
+                return IN6_IS_ADDR_UNSPECIFIED(&u->in6);
 
         return -EAFNOSUPPORT;
 }
 
+bool in4_addr_is_link_local(const struct in_addr *a) {
+        assert(a);
+
+        return (be32toh(a->s_addr) & UINT32_C(0xFFFF0000)) == (UINT32_C(169) << 24 | UINT32_C(254) << 16);
+}
+
 int in_addr_is_link_local(int family, const union in_addr_union *u) {
         assert(u);
 
         if (family == AF_INET)
-                return (be32toh(u->in.s_addr) & UINT32_C(0xFFFF0000)) == (UINT32_C(169) << 24 | UINT32_C(254) << 16);
+                return in4_addr_is_link_local(&u->in);
 
         if (family == AF_INET6)
                 return IN6_IS_ADDR_LINKLOCAL(&u->in6);
 
         return -EAFNOSUPPORT;
 }
 
+bool in4_addr_is_localhost(const struct in_addr *a) {
+        assert(a);
+
+        /* All of 127.x.x.x is localhost. */
+        return (be32toh(a->s_addr) & UINT32_C(0xFF000000)) == UINT32_C(127) << 24;
+}
+
 int in_addr_is_localhost(int family, const union in_addr_union *u) {
         assert(u);
 
         if (family == AF_INET)
-                /* All of 127.x.x.x is localhost. */
-                return (be32toh(u->in.s_addr) & UINT32_C(0xFF000000)) == UINT32_C(127) << 24;
+                return in4_addr_is_localhost(&u->in);
 
         if (family == AF_INET6)
                 return IN6_IS_ADDR_LOOPBACK(&u->in6);
@@ -277,15 +283,14 @@ int in_addr_ifindex_to_string(int family, const union in_addr_union *u, int ifin
 }
 
 int in_addr_from_string(int family, const char *s, union in_addr_union *ret) {
-
+        union in_addr_union buffer;
         assert(s);
-        assert(ret);
 
         if (!IN_SET(family, AF_INET, AF_INET6))
                 return -EAFNOSUPPORT;
 
         errno = 0;
-        if (inet_pton(family, s, ret) <= 0)
+        if (inet_pton(family, s, ret ?: &buffer) <= 0)
                 return errno > 0 ? -errno : -EINVAL;
 
         return 0;
@@ -295,18 +300,18 @@ int in_addr_from_string_auto(const char *s, int *family, union in_addr_union *re
         int r;
 
         assert(s);
-        assert(family);
-        assert(ret);
 
         r = in_addr_from_string(AF_INET, s, ret);
         if (r >= 0) {
-                *family = AF_INET;
+                if (family)
+                        *family = AF_INET;
                 return 0;
         }
 
         r = in_addr_from_string(AF_INET6, s, ret);
         if (r >= 0) {
-                *family = AF_INET6;
+                if (family)
+                        *family = AF_INET6;
                 return 0;
         }
 

src/basic/in-addr-util.h

@@ -37,11 +37,14 @@ struct in_addr_data {
 };
 
 bool in4_addr_is_null(const struct in_addr *a);
-bool in6_addr_is_null(const struct in6_addr *a);
-
 int in_addr_is_null(int family, const union in_addr_union *u);
+
+bool in4_addr_is_link_local(const struct in_addr *a);
 int in_addr_is_link_local(int family, const union in_addr_union *u);
+
+bool in4_addr_is_localhost(const struct in_addr *a);
 int in_addr_is_localhost(int family, const union in_addr_union *u);
+
 int in_addr_equal(int family, const union in_addr_union *a, const union in_addr_union *b);
 int in_addr_prefix_intersect(int family, const union in_addr_union *a, unsigned aprefixlen, const union in_addr_union *b, unsigned bprefixlen);
 int in_addr_prefix_next(int family, union in_addr_union *u, unsigned prefixlen);

src/libsystemd-network/ndisc-router.c

@@ -91,7 +91,7 @@ _public_ int sd_ndisc_router_get_address(sd_ndisc_router *rt, struct in6_addr *r
         assert_return(rt, -EINVAL);
         assert_return(ret_addr, -EINVAL);
 
-        if (in6_addr_is_null(&rt->address))
+        if (IN6_IS_ADDR_UNSPECIFIED(&rt->address))
                 return -ENODATA;
 
         *ret_addr = rt->address;

src/libsystemd-network/sd-dhcp-client.c

@@ -386,45 +386,23 @@ int sd_dhcp_client_set_hostname(
                 sd_dhcp_client *client,
                 const char *hostname) {
 
-        char *new_hostname = NULL;
-
         assert_return(client, -EINVAL);
 
-        if (!hostname_is_valid(hostname, false) && !dns_name_is_valid(hostname))
+        /* Refuse hostnames that neither qualify as DNS nor as Linux hosntames */
+        if (hostname &&
+            !(hostname_is_valid(hostname, false) || dns_name_is_valid(hostname) > 0))
                 return -EINVAL;
 
-        if (streq_ptr(client->hostname, hostname))
-                return 0;
-
-        if (hostname) {
-                new_hostname = strdup(hostname);
-                if (!new_hostname)
-                        return -ENOMEM;
-        }
-
-        free(client->hostname);
-        client->hostname = new_hostname;
-
-        return 0;
+        return free_and_strdup(&client->hostname, hostname);
 }
 
 int sd_dhcp_client_set_vendor_class_identifier(
                 sd_dhcp_client *client,
                 const char *vci) {
 
-        char *new_vci = NULL;
-
         assert_return(client, -EINVAL);
 
-        new_vci = strdup(vci);
-        if (!new_vci)
-                return -ENOMEM;
-
-        free(client->vendor_class_identifier);
-
-        client->vendor_class_identifier = new_vci;
-
-        return 0;
+        return free_and_strdup(&client->vendor_class_identifier, vci);
 }
 
 int sd_dhcp_client_set_client_port(

src/libsystemd-network/sd-dhcp-lease.c

@@ -383,6 +383,23 @@ static int lease_parse_domain(const uint8_t *option, size_t len, char **ret) {
         return 0;
 }
 
+static void filter_bogus_addresses(struct in_addr *addresses, size_t *n) {
+        size_t i, j;
+
+        /* Silently filter DNS/NTP servers supplied to us that do not make outside of the local scope. */
+
+        for (i = 0, j = 0; i < *n; i ++) {
+
+                if (in4_addr_is_null(addresses+i) ||
+                    in4_addr_is_localhost(addresses+i))
+                        continue;
+
+                addresses[j++] = addresses[i];
+        }
+
+        *n = j;
+}
+
 static int lease_parse_in_addrs(const uint8_t *option, size_t len, struct in_addr **ret, size_t *n_ret) {
         assert(option);
         assert(ret);
@@ -404,6 +421,8 @@ static int lease_parse_in_addrs(const uint8_t *option, size_t len, struct in_add
                 if (!addresses)
                         return -ENOMEM;
 
+                filter_bogus_addresses(addresses, &n_addresses);
+
                 free(*ret);
                 *ret = addresses;
                 *n_ret = n_addresses;

src/network/networkd-dhcp4.c

@@ -536,6 +536,28 @@ static void dhcp4_handler(sd_dhcp_client *client, int event, void *userdata) {
         return;
 }
 
+static int dhcp4_set_hostname(Link *link) {
+        _cleanup_free_ char *hostname = NULL;
+        const char *hn;
+        int r;
+
+        assert(link);
+
+        if (!link->network->dhcp_send_hostname)
+                hn = NULL;
+        else if (link->network->dhcp_hostname)
+                hn = link->network->dhcp_hostname;
+        else {
+                r = gethostname_strict(&hostname);
+                if (r < 0 && r != -ENXIO) /* ENXIO: no hostname set or hostname is "localhost" */
+                        return r;
+
+                hn = hostname;
+        }
+
+        return sd_dhcp_client_set_hostname(link->dhcp_client, hn);
+}
+
 int dhcp4_configure(Link *link) {
         int r;
 
@@ -605,25 +627,9 @@ int dhcp4_configure(Link *link) {
         if (r < 0)
                 return r;
 
-        if (link->network->dhcp_send_hostname) {
-                _cleanup_free_ char *hostname = NULL;
-                const char *hn = NULL;
-
-                if (!link->network->dhcp_hostname) {
-                        hostname = gethostname_malloc();
-                        if (!hostname)
-                                return -ENOMEM;
-
-                        hn = hostname;
-                } else
-                        hn = link->network->dhcp_hostname;
-
-                if (!is_localhost(hn)) {
-                        r = sd_dhcp_client_set_hostname(link->dhcp_client, hn);
-                        if (r < 0)
-                                return r;
-                }
-        }
+        r = dhcp4_set_hostname(link);
+        if (r < 0)
+                return r;
 
         if (link->network->dhcp_vendor_class_identifier) {
                 r = sd_dhcp_client_set_vendor_class_identifier(link->dhcp_client,