Merge pull request #17000 from poettering/network-fixlets

network: a bunch of unimportant cleanups across the board

man/sd_bus_message_open_container.xml

@@ -80,7 +80,7 @@
     <parameter>m</parameter> itself if there is no parent container.</para>
 
     <para><function>sd_bus_message_enter_container()</function> enters the next container of the message
-    <parameter>m</parameter>. It behaves mostly the same as
+    <parameter>m</parameter> for reading. It behaves mostly the same as
     <function>sd_bus_message_open_container()</function>. Entering a container allows reading its contents
     with
     <citerefentry><refentrytitle>sd_bus_message_read</refentrytitle><manvolnum>3</manvolnum></citerefentry>
@@ -89,7 +89,12 @@
 
     <para><function>sd_bus_message_exit_container()</function> exits the scope of the last container entered
     with <function>sd_bus_message_enter_container()</function>. It behaves mostly the same as
-    <function>sd_bus_message_close_container()</function>.</para>
+    <function>sd_bus_message_close_container()</function>. Note that
+    <function>sd_bus_message_exit_container()</function> may only be called after iterating through all
+    members of the container, i.e. reading or skipping them. Use
+    <citerefentry><refentrytitle>sd_bus_message_skip</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+    to skip over felds of a container in order to be able to exit the container with
+    <function>sd_bus_message_exit_container()</function> without reading all members.</para>
   </refsect1>
 
   <refsect1>
@@ -128,6 +133,13 @@
 
           <listitem><para>Memory allocation failed.</para></listitem>
         </varlistentry>
+
+        <varlistentry>
+          <term><constant>-EBUSY</constant></term>
+
+          <listitem><para><function>sd_bus_message_exit_container()</function> was called but there are
+          unread members left in the container.</para></listitem>
+        </varlistentry>
       </variablelist>
     </refsect2>
   </refsect1>
@@ -158,6 +170,7 @@
       <citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
       <citerefentry><refentrytitle>sd_bus_message_append</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
       <citerefentry><refentrytitle>sd_bus_message_read</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>sd_bus_message_skip</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
       <ulink url="https://dbus.freedesktop.org/doc/dbus-specification.html">The D-Bus specification</ulink>
     </para>
   </refsect1>

src/core/socket.c

@@ -1064,7 +1064,7 @@ static void socket_apply_socket_options(Socket *s, int fd) {
         }
 
         if (s->send_buffer > 0) {
-                r = fd_set_sndbuf(fd, s->receive_buffer, false);
+                r = fd_set_sndbuf(fd, s->send_buffer, false);
                 if (r < 0)
                         log_unit_warning_errno(UNIT(s), r, "SO_SNDBUF/SO_SNDBUFFORCE failed: %m");
         }

src/libsystemd-network/arp-util.c

@@ -76,7 +76,7 @@ int arp_network_bind_raw_socket(int ifindex, be32_t address, const struct ether_
 
         assert(ifindex > 0);
 
-        s = socket(PF_PACKET, SOCK_DGRAM | SOCK_CLOEXEC | SOCK_NONBLOCK, 0);
+        s = socket(AF_PACKET, SOCK_DGRAM | SOCK_CLOEXEC | SOCK_NONBLOCK, 0);
         if (s < 0)
                 return -errno;
 

src/libsystemd-network/lldp-network.c

@@ -47,7 +47,7 @@ int lldp_network_bind_raw_socket(int ifindex) {
 
         assert(ifindex > 0);
 
-        fd = socket(PF_PACKET, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK,
+        fd = socket(AF_PACKET, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK,
                     htobe16(ETHERTYPE_LLDP));
         if (fd < 0)
                 return -errno;

src/libsystemd/sd-login/sd-login.c

@@ -916,14 +916,14 @@ _public_ int sd_machine_get_ifindices(const char *machine, int **ret_ifindices)
         if (!tt)
                 return -ENOMEM;
 
-        size_t n = 0;
-        int *ifindices;
+        _cleanup_free_ int *ifindices = NULL;
         if (ret_ifindices) {
                 ifindices = new(int, strv_length(tt));
                 if (!ifindices)
                         return -ENOMEM;
         }
 
+        size_t n = 0;
         for (size_t i = 0; tt[i]; i++) {
                 int ind;
 
@@ -938,7 +938,8 @@ _public_ int sd_machine_get_ifindices(const char *machine, int **ret_ifindices)
         }
 
         if (ret_ifindices)
-                *ret_ifindices = ifindices;
+                *ret_ifindices = TAKE_PTR(ifindices);
+
         return n;
 }
 

src/libsystemd/sd-netlink/rtnl-message.c

@@ -436,7 +436,7 @@ int sd_rtnl_message_new_neigh(sd_netlink *rtnl, sd_netlink_message **ret, uint16
         int r;
 
         assert_return(rtnl_message_type_is_neigh(nlmsg_type), -EINVAL);
-        assert_return(IN_SET(ndm_family, AF_UNSPEC, AF_INET, AF_INET6, PF_BRIDGE), -EINVAL);
+        assert_return(IN_SET(ndm_family, AF_UNSPEC, AF_INET, AF_INET6, AF_BRIDGE), -EINVAL);
         assert_return(ret, -EINVAL);
 
         r = message_new(rtnl, ret, nlmsg_type);

src/libsystemd/sd-netlink/test-netlink.c

@@ -21,7 +21,7 @@ static void test_message_link_bridge(sd_netlink *rtnl) {
         uint32_t cost;
 
         assert_se(sd_rtnl_message_new_link(rtnl, &message, RTM_NEWLINK, 1) >= 0);
-        assert_se(sd_rtnl_message_link_set_family(message, PF_BRIDGE) >= 0);
+        assert_se(sd_rtnl_message_link_set_family(message, AF_BRIDGE) >= 0);
         assert_se(sd_netlink_message_open_container(message, IFLA_PROTINFO) >= 0);
         assert_se(sd_netlink_message_append_u32(message, IFLA_BRPORT_COST, 10) >= 0);
         assert_se(sd_netlink_message_close_container(message) >= 0);

src/libsystemd/sd-resolve/sd-resolve.c

@@ -496,10 +496,10 @@ _public_ int sd_resolve_new(sd_resolve **ret) {
         for (i = 0; i < _FD_MAX; i++)
                 resolve->fds[i] = -1;
 
-        if (socketpair(PF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, resolve->fds + REQUEST_RECV_FD) < 0)
+        if (socketpair(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, resolve->fds + REQUEST_RECV_FD) < 0)
                 return -errno;
 
-        if (socketpair(PF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, resolve->fds + RESPONSE_RECV_FD) < 0)
+        if (socketpair(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, resolve->fds + RESPONSE_RECV_FD) < 0)
                 return -errno;
 
         for (i = 0; i < _FD_MAX; i++)

src/libsystemd/sd-resolve/test-resolve.c

@@ -56,7 +56,7 @@ int main(int argc, char *argv[]) {
         int r;
 
         struct addrinfo hints = {
-                .ai_family = PF_UNSPEC,
+                .ai_family = AF_UNSPEC,
                 .ai_socktype = SOCK_STREAM,
                 .ai_flags = AI_CANONNAME
         };

src/network/netdev/bridge.c

@@ -192,7 +192,7 @@ int link_set_bridge(Link *link) {
         if (r < 0)
                 return log_link_error_errno(link, r, "Could not allocate RTM_SETLINK message: %m");
 
-        r = sd_rtnl_message_link_set_family(req, PF_BRIDGE);
+        r = sd_rtnl_message_link_set_family(req, AF_BRIDGE);
         if (r < 0)
                 return log_link_error_errno(link, r, "Could not set message family: %m");
 

src/network/netdev/macsec.c

@@ -851,10 +851,12 @@ int config_parse_macsec_key_id(
                 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse KeyId \"%s\": %m", rvalue);
                 return 0;
         }
-        if (l > MACSEC_KEYID_LEN)
-                return log_syntax(unit, LOG_WARNING, filename, line, 0,
+        if (l > MACSEC_KEYID_LEN) {
+                log_syntax(unit, LOG_WARNING, filename, line, 0,
                            "Specified KeyId is larger then the allowed maximum (%zu > %u), ignoring: %s",
                            l, MACSEC_KEYID_LEN, rvalue);
+                return 0;
+        }
 
         dest = a ? a->sa.key_id : b->sa.key_id;
         memcpy_safe(dest, p, l);

src/network/netdev/wireguard.c

@@ -492,13 +492,17 @@ static int wireguard_decode_key_and_warn(
                 (void) warn_file_is_world_accessible(filename, NULL, unit, line);
 
         r = unbase64mem_full(rvalue, strlen(rvalue), true, &key, &len);
-        if (r < 0)
-                return log_syntax(unit, LOG_WARNING, filename, line, r,
+        if (r < 0) {
+                log_syntax(unit, LOG_WARNING, filename, line, r,
                            "Failed to decode wireguard key provided by %s=, ignoring assignment: %m", lvalue);
-        if (len != WG_KEY_LEN)
-                return log_syntax(unit, LOG_WARNING, filename, line, SYNTHETIC_ERRNO(EINVAL),
+                return 0;
+        }
+        if (len != WG_KEY_LEN) {
+                log_syntax(unit, LOG_WARNING, filename, line, 0,
                            "Wireguard key provided by %s= has invalid length (%zu bytes), ignoring assignment.",
                            lvalue, len);
+                return 0;
+        }
 
         memcpy(ret, key, WG_KEY_LEN);
         return 0;

src/network/networkd-brvlan.c

@@ -169,7 +169,7 @@ int br_vlan_configure(Link *link, uint16_t pvid, uint32_t *br_vid_bitmap, uint32
         if (r < 0)
                 return log_link_error_errno(link, r, "Could not allocate RTM_SETLINK message: %m");
 
-        r = sd_rtnl_message_link_set_family(req, PF_BRIDGE);
+        r = sd_rtnl_message_link_set_family(req, AF_BRIDGE);
         if (r < 0)
                 return log_link_error_errno(link, r, "Could not set message family: %m");
 

src/network/networkd-fdb.c

@@ -124,7 +124,7 @@ int fdb_entry_configure(Link *link, FdbEntry *fdb_entry) {
         assert(fdb_entry);
 
         /* create new RTM message */
-        r = sd_rtnl_message_new_neigh(link->manager->rtnl, &req, RTM_NEWNEIGH, link->ifindex, PF_BRIDGE);
+        r = sd_rtnl_message_new_neigh(link->manager->rtnl, &req, RTM_NEWNEIGH, link->ifindex, AF_BRIDGE);
         if (r < 0)
                 return log_link_error_errno(link, r, "Could not create RTM_NEWNEIGH message: %m");
 
@@ -292,10 +292,12 @@ int config_parse_fdb_destination(
                 return log_oom();
 
         r = in_addr_from_string_auto(rvalue, &fdb_entry->family, &fdb_entry->destination_addr);
-        if (r < 0)
-                return log_syntax(unit, LOG_WARNING, filename, line, r,
+        if (r < 0) {
+                log_syntax(unit, LOG_WARNING, filename, line, r,
                            "FDB destination IP address is invalid, ignoring assignment: %s",
                            rvalue);
+                return 0;
+        }
 
         fdb_entry = NULL;
 

src/network/networkd-lldp-tx.c

@@ -267,7 +267,7 @@ static int lldp_send_packet(
 
         memcpy(sa.ll.sll_addr, address, ETH_ALEN);
 
-        fd = socket(PF_PACKET, SOCK_RAW|SOCK_CLOEXEC, IPPROTO_RAW);
+        fd = socket(AF_PACKET, SOCK_RAW|SOCK_CLOEXEC, IPPROTO_RAW);
         if (fd < 0)
                 return -errno;
 

src/resolve/resolved-conf.c

@@ -21,51 +21,6 @@
 
 DEFINE_CONFIG_PARSE_ENUM(config_parse_dns_stub_listener_mode, dns_stub_listener_mode, DnsStubListenerMode, "Failed to parse DNS stub listener mode setting");
 
-static const char* const dns_stub_listener_mode_table[_DNS_STUB_LISTENER_MODE_MAX] = {
-        [DNS_STUB_LISTENER_NO] = "no",
-        [DNS_STUB_LISTENER_UDP] = "udp",
-        [DNS_STUB_LISTENER_TCP] = "tcp",
-        [DNS_STUB_LISTENER_YES] = "yes",
-};
-DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(dns_stub_listener_mode, DnsStubListenerMode, DNS_STUB_LISTENER_YES);
-
-static void dns_stub_listener_extra_hash_func(const DNSStubListenerExtra *a, struct siphash *state) {
-        assert(a);
-
-        siphash24_compress(&a->mode, sizeof(a->mode), state);
-        siphash24_compress(&a->family, sizeof(a->family), state);
-        siphash24_compress(&a->address, FAMILY_ADDRESS_SIZE(a->family), state);
-        siphash24_compress(&a->port, sizeof(a->port), state);
-}
-
-static int dns_stub_listener_extra_compare_func(const DNSStubListenerExtra *a, const DNSStubListenerExtra *b) {
-        int r;
-
-        assert(a);
-        assert(b);
-
-        r = CMP(a->mode, b->mode);
-        if (r != 0)
-                return r;
-
-        r = CMP(a->family, b->family);
-        if (r != 0)
-                return r;
-
-        r = memcmp(&a->address, &b->address, FAMILY_ADDRESS_SIZE(a->family));
-        if (r != 0)
-                return r;
-
-        return CMP(a->port, b->port);
-}
-
-DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
-                dns_stub_listener_extra_hash_ops,
-                DNSStubListenerExtra,
-                dns_stub_listener_extra_hash_func,
-                dns_stub_listener_extra_compare_func,
-                dns_stub_listener_extra_free);
-
 static int manager_add_dns_server_by_string(Manager *m, DnsServerType type, const char *word) {
         _cleanup_free_ char *server_name = NULL;
         union in_addr_union address;
@@ -436,7 +391,7 @@ int config_parse_dns_stub_listener_extra(
                 void *data,
                 void *userdata) {
 
-        _cleanup_free_ DNSStubListenerExtra *stub = NULL;
+        _cleanup_free_ DnsStubListenerExtra *stub = NULL;
         Manager *m = userdata;
         const char *p;
         int r;
@@ -451,7 +406,7 @@ int config_parse_dns_stub_listener_extra(
                 return 0;
         }
 
-        r = dns_stub_listener_extra_new(&stub);
+        r = dns_stub_listener_extra_new(m, &stub);
         if (r < 0)
                 return log_oom();
 

src/resolve/resolved-conf.h

@@ -3,17 +3,6 @@
 
 #include "conf-parser.h"
 
-typedef enum DnsStubListenerMode DnsStubListenerMode;
-
-enum DnsStubListenerMode {
-        DNS_STUB_LISTENER_NO,
-        DNS_STUB_LISTENER_UDP = 1 << 0,
-        DNS_STUB_LISTENER_TCP = 1 << 1,
-        DNS_STUB_LISTENER_YES = DNS_STUB_LISTENER_UDP | DNS_STUB_LISTENER_TCP,
-        _DNS_STUB_LISTENER_MODE_MAX,
-        _DNS_STUB_LISTENER_MODE_INVALID = -1
-};
-
 #include "resolved-dns-server.h"
 
 int manager_parse_config_file(Manager *m);
@@ -31,6 +20,3 @@ CONFIG_PARSER_PROTOTYPE(config_parse_dnssd_service_name);
 CONFIG_PARSER_PROTOTYPE(config_parse_dnssd_service_type);
 CONFIG_PARSER_PROTOTYPE(config_parse_dnssd_txt);
 CONFIG_PARSER_PROTOTYPE(config_parse_dns_stub_listener_extra);
-
-const char* dns_stub_listener_mode_to_string(DnsStubListenerMode p) _const_;
-DnsStubListenerMode dns_stub_listener_mode_from_string(const char *s) _pure_;

src/resolve/resolved-dns-packet.h

@@ -66,7 +66,6 @@ struct DnsPacket {
         DnsResourceRecord *opt;
 
         /* Packet reception metadata */
-        int fd; /* Used by UDP extra DNS stub listners */
         int ifindex;
         int family, ipproto;
         union in_addr_union sender, destination;

src/resolve/resolved-dns-query.h

@@ -8,6 +8,7 @@
 
 typedef struct DnsQueryCandidate DnsQueryCandidate;
 typedef struct DnsQuery DnsQuery;
+typedef struct DnsStubListenerExtra DnsStubListenerExtra;
 
 #include "resolved-dns-answer.h"
 #include "resolved-dns-question.h"
@@ -82,6 +83,7 @@ struct DnsQuery {
         DnsPacket *request_dns_packet;
         DnsStream *request_dns_stream;
         DnsPacket *reply_dns_packet;
+        DnsStubListenerExtra *stub_listener_extra;
 
         /* Completion callback */
         void (*complete)(DnsQuery* q);

src/resolve/resolved-dns-stream.h

@@ -10,6 +10,7 @@ typedef struct DnsServer DnsServer;
 typedef struct DnsStream DnsStream;
 typedef struct DnsTransaction DnsTransaction;
 typedef struct Manager Manager;
+typedef struct DnsStubListenerExtra DnsStubListenerExtra;
 
 #include "resolved-dns-packet.h"
 #include "resolved-dnstls.h"
@@ -75,6 +76,8 @@ struct DnsStream {
         /* used when DNS-over-TLS is enabled */
         bool encrypted:1;
 
+        DnsStubListenerExtra *stub_listener_extra;
+
         LIST_FIELDS(DnsStream, streams);
 };
 

src/resolve/resolved-dns-stub.c

@@ -9,24 +9,70 @@
 #include "resolved-dns-stub.h"
 #include "socket-netlink.h"
 #include "socket-util.h"
+#include "string-table.h"
 
 /* The MTU of the loopback device is 64K on Linux, advertise that as maximum datagram size, but subtract the Ethernet,
  * IP and UDP header sizes */
 #define ADVERTISE_DATAGRAM_SIZE_MAX (65536U-14U-20U-8U)
 
-int dns_stub_listener_extra_new(DNSStubListenerExtra **ret) {
-        DNSStubListenerExtra *l;
+static int manager_dns_stub_udp_fd_extra(Manager *m, DnsStubListenerExtra *l);
 
-        l = new0(DNSStubListenerExtra, 1);
+static void dns_stub_listener_extra_hash_func(const DnsStubListenerExtra *a, struct siphash *state) {
+        assert(a);
+
+        siphash24_compress(&a->mode, sizeof(a->mode), state);
+        siphash24_compress(&a->family, sizeof(a->family), state);
+        siphash24_compress(&a->address, FAMILY_ADDRESS_SIZE(a->family), state);
+        siphash24_compress(&a->port, sizeof(a->port), state);
+}
+
+static int dns_stub_listener_extra_compare_func(const DnsStubListenerExtra *a, const DnsStubListenerExtra *b) {
+        int r;
+
+        assert(a);
+        assert(b);
+
+        r = CMP(a->mode, b->mode);
+        if (r != 0)
+                return r;
+
+        r = CMP(a->family, b->family);
+        if (r != 0)
+                return r;
+
+        r = memcmp(&a->address, &b->address, FAMILY_ADDRESS_SIZE(a->family));
+        if (r != 0)
+                return r;
+
+        return CMP(a->port, b->port);
+}
+
+DEFINE_HASH_OPS_WITH_KEY_DESTRUCTOR(
+                dns_stub_listener_extra_hash_ops,
+                DnsStubListenerExtra,
+                dns_stub_listener_extra_hash_func,
+                dns_stub_listener_extra_compare_func,
+                dns_stub_listener_extra_free);
+
+int dns_stub_listener_extra_new(
+                Manager *m,
+                DnsStubListenerExtra **ret) {
+
+        DnsStubListenerExtra *l;
+
+        l = new(DnsStubListenerExtra, 1);
         if (!l)
                 return -ENOMEM;
 
-        *ret = TAKE_PTR(l);
+        *l = (DnsStubListenerExtra) {
+                .manager = m,
+        };
 
+        *ret = TAKE_PTR(l);
         return 0;
 }
 
-DNSStubListenerExtra *dns_stub_listener_extra_free(DNSStubListenerExtra *p) {
+DnsStubListenerExtra *dns_stub_listener_extra_free(DnsStubListenerExtra *p) {
         if (!p)
                 return NULL;
 
@@ -151,7 +197,13 @@ static int dns_stub_finish_reply_packet(
         return 0;
 }
 
-static int dns_stub_send(Manager *m, DnsStream *s, DnsPacket *p, DnsPacket *reply) {
+static int dns_stub_send(
+                Manager *m,
+                DnsStubListenerExtra *l,
+                DnsStream *s,
+                DnsPacket *p,
+                DnsPacket *reply) {
+
         int r;
 
         assert(m);
@@ -160,20 +212,29 @@ static int dns_stub_send(Manager *m, DnsStream *s, DnsPacket *p, DnsPacket *repl
 
         if (s)
                 r = dns_stream_write_packet(s, reply);
-        else {
+        else
                 /* Note that it is essential here that we explicitly choose the source IP address for this packet. This
                  * is because otherwise the kernel will choose it automatically based on the routing table and will
                  * thus pick 127.0.0.1 rather than 127.0.0.53. */
-
-                r = manager_send(m, p->fd, p->ifindex, p->family, &p->sender, p->sender_port, &p->destination, reply);
-        }
+                r = manager_send(m,
+                                 manager_dns_stub_udp_fd_extra(m, l),
+                                 l ? p->ifindex : LOOPBACK_IFINDEX, /* force loopback iface if this is the main listener stub */
+                                 p->family, &p->sender, p->sender_port, &p->destination,
+                                 reply);
         if (r < 0)
                 return log_debug_errno(r, "Failed to send reply packet: %m");
 
         return 0;
 }
 
-static int dns_stub_send_failure(Manager *m, DnsStream *s, DnsPacket *p, int rcode, bool authenticated) {
+static int dns_stub_send_failure(
+                Manager *m,
+                DnsStubListenerExtra *l,
+                DnsStream *s,
+                DnsPacket *p,
+                int rcode,
+                bool authenticated) {
+
         _cleanup_(dns_packet_unrefp) DnsPacket *reply = NULL;
         int r;
 
@@ -188,7 +249,7 @@ static int dns_stub_send_failure(Manager *m, DnsStream *s, DnsPacket *p, int rco
         if (r < 0)
                 return log_debug_errno(r, "Failed to build failure packet: %m");
 
-        return dns_stub_send(m, s, p, reply);
+        return dns_stub_send(m, l, s, p, reply);
 }
 
 static void dns_stub_query_complete(DnsQuery *q) {
@@ -211,7 +272,7 @@ static void dns_stub_query_complete(DnsQuery *q) {
                 if (!truncated) {
                         r = dns_query_process_cname(q);
                         if (r == -ELOOP) {
-                                (void) dns_stub_send_failure(q->manager, q->request_dns_stream, q->request_dns_packet, DNS_RCODE_SERVFAIL, false);
+                                (void) dns_stub_send_failure(q->manager, q->stub_listener_extra, q->request_dns_stream, q->request_dns_packet, DNS_RCODE_SERVFAIL, false);
                                 break;
                         }
                         if (r < 0) {
@@ -235,16 +296,16 @@ static void dns_stub_query_complete(DnsQuery *q) {
                         break;
                 }
 
-                (void) dns_stub_send(q->manager, q->request_dns_stream, q->request_dns_packet, q->reply_dns_packet);
+                (void) dns_stub_send(q->manager, q->stub_listener_extra, q->request_dns_stream, q->request_dns_packet, q->reply_dns_packet);
                 break;
         }
 
         case DNS_TRANSACTION_RCODE_FAILURE:
-                (void) dns_stub_send_failure(q->manager, q->request_dns_stream, q->request_dns_packet, q->answer_rcode, dns_query_fully_authenticated(q));
+                (void) dns_stub_send_failure(q->manager, q->stub_listener_extra, q->request_dns_stream, q->request_dns_packet, q->answer_rcode, dns_query_fully_authenticated(q));
                 break;
 
         case DNS_TRANSACTION_NOT_FOUND:
-                (void) dns_stub_send_failure(q->manager, q->request_dns_stream, q->request_dns_packet, DNS_RCODE_NXDOMAIN, dns_query_fully_authenticated(q));
+                (void) dns_stub_send_failure(q->manager, q->stub_listener_extra, q->request_dns_stream, q->request_dns_packet, DNS_RCODE_NXDOMAIN, dns_query_fully_authenticated(q));
                 break;
 
         case DNS_TRANSACTION_TIMEOUT:
@@ -260,7 +321,7 @@ static void dns_stub_query_complete(DnsQuery *q) {
         case DNS_TRANSACTION_NO_TRUST_ANCHOR:
         case DNS_TRANSACTION_RR_TYPE_UNSUPPORTED:
         case DNS_TRANSACTION_NETWORK_DOWN:
-                (void) dns_stub_send_failure(q->manager, q->request_dns_stream, q->request_dns_packet, DNS_RCODE_SERVFAIL, false);
+                (void) dns_stub_send_failure(q->manager, q->stub_listener_extra, q->request_dns_stream, q->request_dns_packet, DNS_RCODE_SERVFAIL, false);
                 break;
 
         case DNS_TRANSACTION_NULL:
@@ -294,7 +355,7 @@ static int dns_stub_stream_complete(DnsStream *s, int error) {
         return 0;
 }
 
-static void dns_stub_process_query(Manager *m, DnsStream *s, DnsPacket *p, bool is_extra) {
+static void dns_stub_process_query(Manager *m, DnsStubListenerExtra *l, DnsStream *s, DnsPacket *p) {
         _cleanup_(dns_query_freep) DnsQuery *q = NULL;
         int r;
 
@@ -302,56 +363,56 @@ static void dns_stub_process_query(Manager *m, DnsStream *s, DnsPacket *p, bool
         assert(p);
         assert(p->protocol == DNS_PROTOCOL_DNS);
 
-        if (!is_extra &&
+        if (!l && /* l == NULL if this is the main stub */
             (in_addr_is_localhost(p->family, &p->sender) <= 0 ||
              in_addr_is_localhost(p->family, &p->destination) <= 0)) {
                 log_error("Got packet on unexpected IP range, refusing.");
-                dns_stub_send_failure(m, s, p, DNS_RCODE_SERVFAIL, false);
+                dns_stub_send_failure(m, l, s, p, DNS_RCODE_SERVFAIL, false);
                 return;
         }
 
         r = dns_packet_extract(p);
         if (r < 0) {
                 log_debug_errno(r, "Failed to extract resources from incoming packet, ignoring packet: %m");
-                dns_stub_send_failure(m, s, p, DNS_RCODE_FORMERR, false);
+                dns_stub_send_failure(m, l, s, p, DNS_RCODE_FORMERR, false);
                 return;
         }
 
         if (!DNS_PACKET_VERSION_SUPPORTED(p)) {
                 log_debug("Got EDNS OPT field with unsupported version number.");
-                dns_stub_send_failure(m, s, p, DNS_RCODE_BADVERS, false);
+                dns_stub_send_failure(m, l, s, p, DNS_RCODE_BADVERS, false);
                 return;
         }
 
         if (dns_type_is_obsolete(p->question->keys[0]->type)) {
                 log_debug("Got message with obsolete key type, refusing.");
-                dns_stub_send_failure(m, s, p, DNS_RCODE_NOTIMP, false);
+                dns_stub_send_failure(m, l, s, p, DNS_RCODE_NOTIMP, false);
                 return;
         }
 
         if (dns_type_is_zone_transer(p->question->keys[0]->type)) {
                 log_debug("Got request for zone transfer, refusing.");
-                dns_stub_send_failure(m, s, p, DNS_RCODE_NOTIMP, false);
+                dns_stub_send_failure(m, l, s, p, DNS_RCODE_NOTIMP, false);
                 return;
         }
 
         if (!DNS_PACKET_RD(p))  {
                 /* If the "rd" bit is off (i.e. recursion was not requested), then refuse operation */
                 log_debug("Got request with recursion disabled, refusing.");
-                dns_stub_send_failure(m, s, p, DNS_RCODE_REFUSED, false);
+                dns_stub_send_failure(m, l, s, p, DNS_RCODE_REFUSED, false);
                 return;
         }
 
         if (DNS_PACKET_DO(p) && DNS_PACKET_CD(p)) {
                 log_debug("Got request with DNSSEC CD bit set, refusing.");
-                dns_stub_send_failure(m, s, p, DNS_RCODE_NOTIMP, false);
+                dns_stub_send_failure(m, l, s, p, DNS_RCODE_NOTIMP, false);
                 return;
         }
 
         r = dns_query_new(m, &q, p->question, p->question, 0, SD_RESOLVED_PROTOCOLS_ALL|SD_RESOLVED_NO_SEARCH);
         if (r < 0) {
                 log_error_errno(r, "Failed to generate query object: %m");
-                dns_stub_send_failure(m, s, p, DNS_RCODE_SERVFAIL, false);
+                dns_stub_send_failure(m, l, s, p, DNS_RCODE_SERVFAIL, false);
                 return;
         }
 
@@ -360,6 +421,7 @@ static void dns_stub_process_query(Manager *m, DnsStream *s, DnsPacket *p, bool
 
         q->request_dns_packet = dns_packet_ref(p);
         q->request_dns_stream = dns_stream_ref(s); /* make sure the stream stays around until we can send a reply through it */
+        q->stub_listener_extra = l;
         q->complete = dns_stub_query_complete;
 
         if (s) {
@@ -377,7 +439,7 @@ static void dns_stub_process_query(Manager *m, DnsStream *s, DnsPacket *p, bool
         r = dns_query_go(q);
         if (r < 0) {
                 log_error_errno(r, "Failed to start query: %m");
-                dns_stub_send_failure(m, s, p, DNS_RCODE_SERVFAIL, false);
+                dns_stub_send_failure(m, l, s, p, DNS_RCODE_SERVFAIL, false);
                 return;
         }
 
@@ -385,7 +447,7 @@ static void dns_stub_process_query(Manager *m, DnsStream *s, DnsPacket *p, bool
         TAKE_PTR(q);
 }
 
-static int on_dns_stub_packet_internal(sd_event_source *s, int fd, uint32_t revents, Manager *m, bool is_extra) {
+static int on_dns_stub_packet_internal(sd_event_source *s, int fd, uint32_t revents, Manager *m, DnsStubListenerExtra *l) {
         _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
         int r;
 
@@ -396,7 +458,7 @@ static int on_dns_stub_packet_internal(sd_event_source *s, int fd, uint32_t reve
         if (dns_packet_validate_query(p) > 0) {
                 log_debug("Got DNS stub UDP query packet for id %u", DNS_PACKET_ID(p));
 
-                dns_stub_process_query(m, NULL, p, is_extra);
+                dns_stub_process_query(m, l, NULL, p);
         } else
                 log_debug("Invalid DNS stub UDP packet, ignoring.");
 
@@ -404,11 +466,15 @@ static int on_dns_stub_packet_internal(sd_event_source *s, int fd, uint32_t reve
 }
 
 static int on_dns_stub_packet(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-        return on_dns_stub_packet_internal(s, fd, revents, userdata, false);
+        return on_dns_stub_packet_internal(s, fd, revents, userdata, NULL);
 }
 
 static int on_dns_stub_packet_extra(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-        return on_dns_stub_packet_internal(s, fd, revents, userdata, true);
+        DnsStubListenerExtra *l = userdata;
+
+        assert(l);
+
+        return on_dns_stub_packet_internal(s, fd, revents, l->manager, l);
 }
 
 static int set_dns_stub_common_socket_options(int fd, int family) {
@@ -483,12 +549,17 @@ static int manager_dns_stub_udp_fd(Manager *m) {
         return TAKE_FD(fd);
 }
 
-static int manager_dns_stub_udp_fd_extra(Manager *m, DNSStubListenerExtra *l) {
+static int manager_dns_stub_udp_fd_extra(Manager *m, DnsStubListenerExtra *l) {
         _cleanup_free_ char *pretty = NULL;
         _cleanup_close_ int fd = -1;
         union sockaddr_union sa;
         int r;
 
+        assert(m);
+
+        if (!l)
+                return manager_dns_stub_udp_fd(m);
+
         if (l->udp_event_source)
                 return 0;
 
@@ -526,7 +597,7 @@ static int manager_dns_stub_udp_fd_extra(Manager *m, DNSStubListenerExtra *l) {
                 goto fail;
         }
 
-        r = sd_event_add_io(m->event, &l->udp_event_source, fd, EPOLLIN, on_dns_stub_packet_extra, m);
+        r = sd_event_add_io(m->event, &l->udp_event_source, fd, EPOLLIN, on_dns_stub_packet_extra, l);
         if (r < 0)
                 goto fail;
 
@@ -551,7 +622,7 @@ fail:
         return log_warning_errno(r, "Failed to listen on UDP socket %s: %m", strnull(pretty));
 }
 
-static int on_dns_stub_stream_packet_internal(DnsStream *s, bool is_extra) {
+static int on_dns_stub_stream_packet(DnsStream *s) {
         _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
 
         assert(s);
@@ -562,22 +633,14 @@ static int on_dns_stub_stream_packet_internal(DnsStream *s, bool is_extra) {
         if (dns_packet_validate_query(p) > 0) {
                 log_debug("Got DNS stub TCP query packet for id %u", DNS_PACKET_ID(p));
 
-                dns_stub_process_query(s->manager, s, p, is_extra);
+                dns_stub_process_query(s->manager, s->stub_listener_extra, s, p);
         } else
                 log_debug("Invalid DNS stub TCP packet, ignoring.");
 
         return 0;
 }
 
-static int on_dns_stub_stream_packet(DnsStream *s) {
-        return on_dns_stub_stream_packet_internal(s, false);
-}
-
-static int on_dns_stub_stream_packet_extra(DnsStream *s) {
-        return on_dns_stub_stream_packet_internal(s, true);
-}
-
-static int on_dns_stub_stream_internal(sd_event_source *s, int fd, uint32_t revents, Manager *m, bool is_extra) {
+static int on_dns_stub_stream_internal(sd_event_source *s, int fd, uint32_t revents, Manager *m, DnsStubListenerExtra *l) {
         DnsStream *stream;
         int cfd, r;
 
@@ -595,7 +658,8 @@ static int on_dns_stub_stream_internal(sd_event_source *s, int fd, uint32_t reve
                 return r;
         }
 
-        stream->on_packet = is_extra ? on_dns_stub_stream_packet_extra : on_dns_stub_stream_packet;
+        stream->stub_listener_extra = l;
+        stream->on_packet = on_dns_stub_stream_packet;
         stream->complete = dns_stub_stream_complete;
 
         /* We let the reference to the stream dangle here, it will be dropped later by the complete callback. */
@@ -604,11 +668,14 @@ static int on_dns_stub_stream_internal(sd_event_source *s, int fd, uint32_t reve
 }
 
 static int on_dns_stub_stream(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-        return on_dns_stub_stream_internal(s, fd, revents, userdata, false);
+        return on_dns_stub_stream_internal(s, fd, revents, userdata, NULL);
 }
 
 static int on_dns_stub_stream_extra(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-        return on_dns_stub_stream_internal(s, fd, revents, userdata, true);
+        DnsStubListenerExtra *l = userdata;
+
+        assert(l);
+        return on_dns_stub_stream_internal(s, fd, revents, l->manager, l);
 }
 
 static int manager_dns_stub_tcp_fd(Manager *m) {
@@ -659,7 +726,7 @@ static int manager_dns_stub_tcp_fd(Manager *m) {
         return TAKE_FD(fd);
 }
 
-static int manager_dns_stub_tcp_fd_extra(Manager *m, DNSStubListenerExtra *l) {
+static int manager_dns_stub_tcp_fd_extra(Manager *m, DnsStubListenerExtra *l) {
         _cleanup_free_ char *pretty = NULL;
         _cleanup_close_ int fd = -1;
         union sockaddr_union sa;
@@ -711,7 +778,7 @@ static int manager_dns_stub_tcp_fd_extra(Manager *m, DNSStubListenerExtra *l) {
                 goto fail;
         }
 
-        r = sd_event_add_io(m->event, &l->tcp_event_source, fd, EPOLLIN, on_dns_stub_stream_extra, m);
+        r = sd_event_add_io(m->event, &l->tcp_event_source, fd, EPOLLIN, on_dns_stub_stream_extra, l);
         if (r < 0)
                 goto fail;
 
@@ -773,7 +840,7 @@ int manager_dns_stub_start(Manager *m) {
                 return log_error_errno(r, "Failed to listen on %s socket 127.0.0.53:53: %m", t);
 
         if (!ordered_set_isempty(m->dns_extra_stub_listeners)) {
-                DNSStubListenerExtra *l;
+                DnsStubListenerExtra *l;
 
                 log_debug("Creating extra stub listeners.");
 
@@ -794,3 +861,11 @@ void manager_dns_stub_stop(Manager *m) {
         m->dns_stub_udp_event_source = sd_event_source_unref(m->dns_stub_udp_event_source);
         m->dns_stub_tcp_event_source = sd_event_source_unref(m->dns_stub_tcp_event_source);
 }
+
+static const char* const dns_stub_listener_mode_table[_DNS_STUB_LISTENER_MODE_MAX] = {
+        [DNS_STUB_LISTENER_NO] = "no",
+        [DNS_STUB_LISTENER_UDP] = "udp",
+        [DNS_STUB_LISTENER_TCP] = "tcp",
+        [DNS_STUB_LISTENER_YES] = "yes",
+};
+DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(dns_stub_listener_mode, DnsStubListenerMode, DNS_STUB_LISTENER_YES);

src/resolve/resolved-dns-stub.h

@@ -1,10 +1,41 @@
 /* SPDX-License-Identifier: LGPL-2.1+ */
 #pragma once
 
+#include "hash-funcs.h"
+
+typedef struct DnsStubListenerExtra DnsStubListenerExtra;
+
+typedef enum DnsStubListenerMode {
+        DNS_STUB_LISTENER_NO,
+        DNS_STUB_LISTENER_UDP = 1 << 0,
+        DNS_STUB_LISTENER_TCP = 1 << 1,
+        DNS_STUB_LISTENER_YES = DNS_STUB_LISTENER_UDP | DNS_STUB_LISTENER_TCP,
+        _DNS_STUB_LISTENER_MODE_MAX,
+        _DNS_STUB_LISTENER_MODE_INVALID = -1
+} DnsStubListenerMode;
+
 #include "resolved-manager.h"
 
-int dns_stub_listener_extra_new(DNSStubListenerExtra **ret);
-DNSStubListenerExtra *dns_stub_listener_extra_free(DNSStubListenerExtra *p);
+struct DnsStubListenerExtra {
+        Manager *manager;
+
+        DnsStubListenerMode mode;
+
+        int family;
+        union in_addr_union address;
+        uint16_t port;
+
+        sd_event_source *udp_event_source;
+        sd_event_source *tcp_event_source;
+};
+
+extern const struct hash_ops dns_stub_listener_extra_hash_ops;
+
+int dns_stub_listener_extra_new(Manager *m, DnsStubListenerExtra **ret);
+DnsStubListenerExtra *dns_stub_listener_extra_free(DnsStubListenerExtra *p);
 
 void manager_dns_stub_stop(Manager *m);
 int manager_dns_stub_start(Manager *m);
+
+const char* dns_stub_listener_mode_to_string(DnsStubListenerMode p) _const_;
+DnsStubListenerMode dns_stub_listener_mode_from_string(const char *s) _pure_;

src/resolve/resolved-dnssd.c

@@ -6,6 +6,7 @@
 #include "resolved-dnssd.h"
 #include "resolved-dns-rr.h"
 #include "resolved-manager.h"
+#include "resolved-conf.h"
 #include "specifier.h"
 #include "strv.h"
 

src/resolve/resolved-manager.c

@@ -789,7 +789,6 @@ int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) {
 
         p->size = (size_t) l;
 
-        p->fd = fd;
         p->family = sa.sa.sa_family;
         p->ipproto = IPPROTO_UDP;
         if (p->family == AF_INET) {

src/resolve/resolved-manager.h

@@ -15,10 +15,10 @@
 
 typedef struct Manager Manager;
 
-#include "resolved-conf.h"
 #include "resolved-dns-query.h"
 #include "resolved-dns-search-domain.h"
 #include "resolved-dns-stream.h"
+#include "resolved-dns-stub.h"
 #include "resolved-dns-trust-anchor.h"
 #include "resolved-link.h"
 
@@ -31,17 +31,6 @@ typedef struct EtcHosts {
         Set *no_address;
 } EtcHosts;
 
-typedef struct DNSStubListenerExtra {
-        DnsStubListenerMode mode;
-
-        int family;
-        union in_addr_union address;
-        uint16_t port;
-
-        sd_event_source *udp_event_source;
-        sd_event_source *tcp_event_source;
-} DNSStubListenerExtra;
-
 struct Manager {
         sd_event *event;
 

src/shared/ethtool-util.c

@@ -943,7 +943,7 @@ int config_parse_channel(const char *unit,
         }
 
         if (k < 1) {
-                log_syntax(unit, LOG_ERR, filename, line, -EINVAL, "Invalid %s value, ignoring: %s", lvalue, rvalue);
+                log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid %s value, ignoring: %s", lvalue, rvalue);
                 return 0;
         }
 

src/shared/pkcs11-util.c

@@ -212,12 +212,14 @@ int pkcs11_token_login(
                                                "Failed to log into security token '%s': %s", token_label, p11_kit_strerror(rv));
 
                 log_info("Successfully logged into security token '%s' via protected authentication path.", token_label);
+                if (ret_used_pin)
                         *ret_used_pin = NULL;
                 return 0;
         }
 
         if (!FLAGS_SET(token_info->flags, CKF_LOGIN_REQUIRED)) {
                 log_info("No login into security token '%s' required.", token_label);
+                if (ret_used_pin)
                         *ret_used_pin = NULL;
                 return 0;
         }