mirror of
https://github.com/systemd/systemd
synced 2025-10-01 17:54:45 +02:00
Compare commits
7 Commits
26c59e4e95
...
8c9c68b593
| Author | SHA1 | Date | |
|---|---|---|---|
|
8c9c68b593 | ||
|
|
acc8890a8a | ||
|
|
4468d44a99 | ||
|
|
3f0a7b3a32 | ||
|
|
48662847ec | ||
|
|
5b2d8ffb5a | ||
|
|
5464c96186 |
@ -702,6 +702,14 @@ sensor:modalias:acpi:BOSC0200*:dmi:bvnINSYDECorp.:bvrMx.WT107.KUBNGEA*svnInsyde:
|
||||
sensor:modalias:acpi:SMO8500*:dmi:*:svnProwise:pnPT301:*
|
||||
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
|
||||
|
||||
#########################################
|
||||
# Reeder
|
||||
#########################################
|
||||
|
||||
# A8iW-Rev.A
|
||||
sensor:modalias:acpi:SMO8500*:dmi:*:rvnReeder:rnA8iW-Rev.A:*
|
||||
ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1
|
||||
|
||||
#########################################
|
||||
# Schneider
|
||||
#########################################
|
||||
|
||||
@ -494,3 +494,22 @@ int random_write_entropy(int fd, const void *seed, size_t size, bool credit) {
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
int random_u64_range(uint64_t m) {
|
||||
uint64_t x, remainder;
|
||||
|
||||
/* Generates a random number in the range 0…m-1, unbiased. (Java's algorithm) */
|
||||
|
||||
if (m == 0) /* Let's take m == 0 as special case to return an integer from the full range */
|
||||
return random_u64();
|
||||
if (m == 1)
|
||||
return 0;
|
||||
|
||||
remainder = UINT64_MAX % m;
|
||||
|
||||
do {
|
||||
x = random_u64();
|
||||
} while (x >= UINT64_MAX - remainder);
|
||||
|
||||
return x % m;
|
||||
}
|
||||
|
||||
@ -40,3 +40,5 @@ int rdrand(unsigned long *ret);
|
||||
size_t random_pool_size(void);
|
||||
|
||||
int random_write_entropy(int fd, const void *seed, size_t size, bool credit);
|
||||
|
||||
int random_u64_range(uint64_t max);
|
||||
|
||||
@ -4,6 +4,7 @@
|
||||
|
||||
#include "alloc-util.h"
|
||||
#include "dns-domain.h"
|
||||
#include "random-util.h"
|
||||
#include "resolved-dns-answer.h"
|
||||
#include "resolved-dns-dnssec.h"
|
||||
#include "string-util.h"
|
||||
@ -712,10 +713,7 @@ void dns_answer_order_by_scope(DnsAnswer *a, bool prefer_link_local) {
|
||||
|
||||
items = newa(DnsAnswerItem, a->n_rrs);
|
||||
for (i = 0; i < a->n_rrs; i++) {
|
||||
|
||||
if (a->items[i].rr->key->class == DNS_CLASS_IN &&
|
||||
((a->items[i].rr->key->type == DNS_TYPE_A && in_addr_is_link_local(AF_INET, (union in_addr_union*) &a->items[i].rr->a.in_addr) != prefer_link_local) ||
|
||||
(a->items[i].rr->key->type == DNS_TYPE_AAAA && in_addr_is_link_local(AF_INET6, (union in_addr_union*) &a->items[i].rr->aaaa.in6_addr) != prefer_link_local)))
|
||||
if (dns_resource_record_is_link_local_address(a->items[i].rr) != prefer_link_local)
|
||||
/* Order address records that are not preferred to the end of the array */
|
||||
items[end--] = a->items[i];
|
||||
else
|
||||
@ -898,3 +896,23 @@ int dns_answer_has_dname_for_cname(DnsAnswer *a, DnsResourceRecord *cname) {
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
void dns_answer_randomize(DnsAnswer *a) {
|
||||
size_t n;
|
||||
|
||||
/* Permutes the answer list randomly (Knuth shuffle) */
|
||||
|
||||
n = dns_answer_size(a);
|
||||
if (n <= 1)
|
||||
return;
|
||||
|
||||
for (size_t i = 0; i < n; i++) {
|
||||
size_t k;
|
||||
|
||||
k = random_u64_range(n);
|
||||
if (k == i)
|
||||
continue;
|
||||
|
||||
SWAP_TWO(a->items[i], a->items[k]);
|
||||
}
|
||||
}
|
||||
|
||||
@ -80,6 +80,8 @@ static inline bool dns_answer_isempty(DnsAnswer *a) {
|
||||
|
||||
void dns_answer_dump(DnsAnswer *answer, FILE *f);
|
||||
|
||||
void dns_answer_randomize(DnsAnswer *a);
|
||||
|
||||
DEFINE_TRIVIAL_CLEANUP_FUNC(DnsAnswer*, dns_answer_unref);
|
||||
|
||||
#define _DNS_ANSWER_FOREACH(q, kk, a) \
|
||||
|
||||
@ -1721,6 +1721,20 @@ int dns_resource_record_clamp_ttl(DnsResourceRecord **rr, uint32_t max_ttl) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
bool dns_resource_record_is_link_local_address(DnsResourceRecord *rr) {
|
||||
|
||||
if (rr->key->class != DNS_CLASS_IN)
|
||||
return false;
|
||||
|
||||
if (rr->key->type == DNS_TYPE_A)
|
||||
return in4_addr_is_link_local(&rr->a.in_addr);
|
||||
|
||||
if (rr->key->type == DNS_TYPE_AAAA)
|
||||
return IN6_IS_ADDR_LINKLOCAL(&rr->aaaa.in6_addr);
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
DnsTxtItem *dns_txt_item_free_all(DnsTxtItem *i) {
|
||||
DnsTxtItem *n;
|
||||
|
||||
|
||||
@ -324,6 +324,8 @@ int dns_resource_record_is_synthetic(DnsResourceRecord *rr);
|
||||
|
||||
int dns_resource_record_clamp_ttl(DnsResourceRecord **rr, uint32_t max_ttl);
|
||||
|
||||
bool dns_resource_record_is_link_local_address(DnsResourceRecord *rr);
|
||||
|
||||
DnsTxtItem *dns_txt_item_free_all(DnsTxtItem *i);
|
||||
bool dns_txt_item_equal(DnsTxtItem *a, DnsTxtItem *b);
|
||||
DnsTxtItem *dns_txt_item_copy(DnsTxtItem *i);
|
||||
|
||||
@ -371,12 +371,12 @@ static int dns_stub_finish_reply_packet(
|
||||
rcode = DNS_RCODE_SERVFAIL;
|
||||
}
|
||||
|
||||
/* Don't set the AD or CD bit unless DO is on, too */
|
||||
if (!edns0_do) {
|
||||
ad = false;
|
||||
/* Don't set the CD bit unless DO is on, too */
|
||||
if (!edns0_do)
|
||||
cd = false;
|
||||
|
||||
}
|
||||
/* Note that we allow the AD bit to be set even if client didn't signal DO, as per RFC 6840, section
|
||||
* 5.7 */
|
||||
|
||||
DNS_PACKET_HEADER(p)->id = id;
|
||||
|
||||
@ -475,7 +475,7 @@ static int dns_stub_send_reply(
|
||||
truncated,
|
||||
!!q->request_packet->opt,
|
||||
edns0_do,
|
||||
dns_query_fully_authenticated(q),
|
||||
DNS_PACKET_AD(q->request_packet) && dns_query_fully_authenticated(q),
|
||||
DNS_PACKET_CD(q->request_packet),
|
||||
q->stub_listener_extra ? ADVERTISE_EXTRA_DATAGRAM_SIZE_MAX : ADVERTISE_DATAGRAM_SIZE_MAX);
|
||||
if (r < 0)
|
||||
@ -514,7 +514,7 @@ static int dns_stub_send_failure(
|
||||
truncated,
|
||||
!!p->opt,
|
||||
DNS_PACKET_DO(p),
|
||||
authenticated,
|
||||
DNS_PACKET_AD(p) && authenticated,
|
||||
DNS_PACKET_CD(p),
|
||||
l ? ADVERTISE_EXTRA_DATAGRAM_SIZE_MAX : ADVERTISE_DATAGRAM_SIZE_MAX);
|
||||
if (r < 0)
|
||||
|
||||
@ -1410,6 +1410,30 @@ static usec_t transaction_get_resend_timeout(DnsTransaction *t) {
|
||||
}
|
||||
}
|
||||
|
||||
static void dns_transaction_randomize_answer(DnsTransaction *t) {
|
||||
int r;
|
||||
|
||||
assert(t);
|
||||
|
||||
/* Randomizes the order of the answer array. This is done for all cached responses, so that we return
|
||||
* a different order each time. We do this only for DNS traffic, in order to do some minimal, crappy
|
||||
* load balancing. We don't do this for LLMNR or mDNS, since the order (preferring link-local
|
||||
* addresses, and such like) might have meaning there, and load balancing is pointless. */
|
||||
|
||||
if (t->scope->protocol != DNS_PROTOCOL_DNS)
|
||||
return;
|
||||
|
||||
/* No point in randomizing, if there's just one RR */
|
||||
if (dns_answer_size(t->answer) <= 1)
|
||||
return;
|
||||
|
||||
r = dns_answer_reserve_or_clone(&t->answer, 0);
|
||||
if (r < 0) /* If this fails, just don't randomize, this is non-essential stuff after all */
|
||||
return (void) log_debug_errno(r, "Failed to clone answer record, not randomizing RR order of answer: %m");
|
||||
|
||||
dns_answer_randomize(t->answer);
|
||||
}
|
||||
|
||||
static int dns_transaction_prepare(DnsTransaction *t, usec_t ts) {
|
||||
int r;
|
||||
|
||||
@ -1530,6 +1554,8 @@ static int dns_transaction_prepare(DnsTransaction *t, usec_t ts) {
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r > 0) {
|
||||
dns_transaction_randomize_answer(t);
|
||||
|
||||
if (t->bypass && t->scope->protocol == DNS_PROTOCOL_DNS && !t->received)
|
||||
/* When bypass mode is on, do not use cached data unless it came with a full
|
||||
* packet. */
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user