Compare commits
5 Commits
7ebdd7dca7
...
383f289c68
Author | SHA1 | Date |
---|---|---|
Yu Watanabe | 383f289c68 | |
Yu Watanabe | ff7ff2d008 | |
Yu Watanabe | 5cc7af539c | |
Yu Watanabe | f0cabbe292 | |
Yu Watanabe | 3093ace2ff |
|
@ -963,9 +963,9 @@ int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) {
|
||||||
p->ifindex = manager_find_ifindex(m, p->family, &p->destination);
|
p->ifindex = manager_find_ifindex(m, p->family, &p->destination);
|
||||||
}
|
}
|
||||||
|
|
||||||
log_debug("Received %s UDP packet of size %zu, ifindex=%i, ttl=%u, fragsize=%zu, sender=%s, destination=%s",
|
log_debug("Received %s UDP packet of size %zu, ifindex=%i, ttl=%u, fragsize=%zu, sender=%s, sender_port=%u, destination=%s",
|
||||||
dns_protocol_to_string(protocol), p->size, p->ifindex, p->ttl, p->fragsize,
|
dns_protocol_to_string(protocol), p->size, p->ifindex, p->ttl, p->fragsize,
|
||||||
IN_ADDR_TO_STRING(p->family, &p->sender),
|
IN_ADDR_TO_STRING(p->family, &p->sender), p->sender_port,
|
||||||
IN_ADDR_TO_STRING(p->family, &p->destination));
|
IN_ADDR_TO_STRING(p->family, &p->destination));
|
||||||
|
|
||||||
*ret = TAKE_PTR(p);
|
*ret = TAKE_PTR(p);
|
||||||
|
|
|
@ -385,10 +385,7 @@ static int on_mdns_packet(sd_event_source *s, int fd, uint32_t revents, void *us
|
||||||
if (r <= 0)
|
if (r <= 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
/* Refuse traffic from the local host, to avoid query loops. However, allow legacy mDNS
|
if (manager_packet_from_local_address(m, p))
|
||||||
* unicast queries through anyway (we never send those ourselves, hence no risk).
|
|
||||||
* i.e. check for the source port nr. */
|
|
||||||
if (p->sender_port == MDNS_PORT && manager_packet_from_local_address(m, p))
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
scope = manager_find_scope(m, p);
|
scope = manager_find_scope(m, p);
|
||||||
|
@ -400,6 +397,15 @@ static int on_mdns_packet(sd_event_source *s, int fd, uint32_t revents, void *us
|
||||||
if (dns_packet_validate_reply(p) > 0) {
|
if (dns_packet_validate_reply(p) > 0) {
|
||||||
DnsResourceRecord *rr;
|
DnsResourceRecord *rr;
|
||||||
|
|
||||||
|
/* RFC 6762 section 6:
|
||||||
|
* The source UDP port in all Multicast DNS responses MUST be 5353 (the well-known port
|
||||||
|
* assigned to mDNS). Multicast DNS implementations MUST silently ignore any Multicast DNS
|
||||||
|
* responses they receive where the source UDP port is not 5353. */
|
||||||
|
if (p->sender_port != MDNS_PORT) {
|
||||||
|
log_debug("Received mDNS reply packet from port %u (not %i), ignoring.", p->sender_port, MDNS_PORT);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
log_debug("Got mDNS reply packet");
|
log_debug("Got mDNS reply packet");
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -996,6 +996,87 @@ testcase_12_resolvectl2() {
|
||||||
restart_resolved
|
restart_resolved
|
||||||
}
|
}
|
||||||
|
|
||||||
|
testcase_mdns() {
|
||||||
|
# For issue #32990 and #33806
|
||||||
|
|
||||||
|
# Cleanup
|
||||||
|
# shellcheck disable=SC2317
|
||||||
|
cleanup() {
|
||||||
|
rm -f /run/systemd/resolved.conf.d/enable-mdns.conf
|
||||||
|
rm -rf /run/systemd/dnssd
|
||||||
|
ip link del veth99 || :
|
||||||
|
ip netns del ns99 || :
|
||||||
|
}
|
||||||
|
|
||||||
|
trap cleanup RETURN
|
||||||
|
|
||||||
|
mkdir -p /run/systemd/resolved.conf.d
|
||||||
|
cat >/run/systemd/resolved.conf.d/enable-mdns.conf <<EOF
|
||||||
|
[Resolve]
|
||||||
|
MulticastDNS=yes
|
||||||
|
EOF
|
||||||
|
|
||||||
|
mkdir -p /run/systemd/dnssd
|
||||||
|
cat >/run/systemd/dnssd/ssh.dnssd <<EOF
|
||||||
|
[Service]
|
||||||
|
Name=%H
|
||||||
|
Type=_ssh._tcp
|
||||||
|
Port=22
|
||||||
|
TxtText=hogehogehoge
|
||||||
|
Priority=42
|
||||||
|
Weight=13
|
||||||
|
EOF
|
||||||
|
|
||||||
|
ip netns add ns99
|
||||||
|
ip link add veth99 type veth peer name veth-peer
|
||||||
|
ip link set veth-peer netns ns99
|
||||||
|
ip link set veth99 up
|
||||||
|
ip netns exec ns99 ip link set veth-peer up
|
||||||
|
ip link set veth99 multicast on
|
||||||
|
ip address add 192.168.0.12/24 dev veth99
|
||||||
|
ip netns exec ns99 ip address add 192.168.0.10/24 dev veth-peer
|
||||||
|
assert_in '192.168.0.12/24' "$(ip address show dev veth99)"
|
||||||
|
assert_in '192.168.0.10/24' "$(ip netns exec ns99 ip address show dev veth-peer)"
|
||||||
|
|
||||||
|
# make sure networkd is not running.
|
||||||
|
systemctl stop systemd-networkd.socket
|
||||||
|
systemctl stop systemd-networkd.service
|
||||||
|
|
||||||
|
# restart resolved and enable mdns on interface veth99
|
||||||
|
restart_resolved
|
||||||
|
resolvectl mdns veth99 yes
|
||||||
|
resolvectl domain veth99 local
|
||||||
|
assert_in 'Global: yes' "$(resolvectl mdns)"
|
||||||
|
assert_in 'yes' "$(resolvectl mdns veth99)"
|
||||||
|
assert_in 'local' "$(resolvectl domain veth99)"
|
||||||
|
|
||||||
|
run ip netns exec ns99 dig -p 5353 "ns1.local" @192.168.0.12
|
||||||
|
grep -qE "ns1\.local\.\s+[0-9]+\s+IN\s+A\s+192\.168\.0\.12" "$RUN_OUT"
|
||||||
|
|
||||||
|
run ip netns exec ns99 dig -p 5353 -t SRV "ns1._ssh._tcp.local" @192.168.0.12
|
||||||
|
grep -qE "ns1\._ssh\._tcp\.local\.\s+[0-9]+\s+IN\s+SRV\s+42\s+13\s+22\s+ns1\.local\." "$RUN_OUT"
|
||||||
|
|
||||||
|
run ip netns exec ns99 dig -p 5353 -t TXT "ns1._ssh._tcp.local" @192.168.0.12
|
||||||
|
grep -qE "ns1\._ssh\._tcp\.local\.\s+[0-9]+\s+IN\s+TXT\s+\"hogehogehoge\"" "$RUN_OUT"
|
||||||
|
|
||||||
|
run resolvectl query "ns1.local" || :
|
||||||
|
grep -qE "ns1.local: " "$RUN_OUT"
|
||||||
|
grep -qE ".*192\.168\.0\.12\s+-- link: veth99" "$RUN_OUT"
|
||||||
|
|
||||||
|
run resolvectl query -t SRV "ns1._ssh._tcp.local" || :
|
||||||
|
grep -qE "ns1\._ssh\._tcp\.local IN SRV 42 13 22 ns1\.local\s+-- link: veth99" "$RUN_OUT"
|
||||||
|
|
||||||
|
run resolvectl query -t TXT "ns1._ssh._tcp.local" || :
|
||||||
|
grep -qE "ns1\._ssh\._tcp\.local IN TXT \"hogehogehoge\"\s+-- link: veth99" "$RUN_OUT"
|
||||||
|
|
||||||
|
run resolvectl service "ns1._ssh._tcp.local" || :
|
||||||
|
grep -qE "ns1\._ssh\._tcp\.local: ns1\.local:22 \[priority=42, weight=13\]" "$RUN_OUT"
|
||||||
|
|
||||||
|
# refuse queries from a local address. See issue #32990 and the comment:
|
||||||
|
# https://github.com/systemd/systemd/pull/34141#discussion_r1736318656
|
||||||
|
(! dig -p 5353 "ns1.local" @192.168.0.12)
|
||||||
|
}
|
||||||
|
|
||||||
# PRE-SETUP
|
# PRE-SETUP
|
||||||
systemctl unmask systemd-resolved.service
|
systemctl unmask systemd-resolved.service
|
||||||
systemctl enable --now systemd-resolved.service
|
systemctl enable --now systemd-resolved.service
|
||||||
|
|
Loading…
Reference in New Issue