Tom Gundersen [Sun, 3 Jan 2016 08:49:58 +0000 (09:49 +0100)]
resolved: dnssec - factor out hashed domain generation
Tom Gundersen [Fri, 1 Jan 2016 22:07:34 +0000 (23:07 +0100)]
resolved: don't conclude NODATA if CNAME exists
Instead introduce the new return-code DNSSEC_NSEC_CNAME to indicate
this condition. See RFC 6840, Section 4.3.
Tom Gundersen [Fri, 1 Jan 2016 15:48:35 +0000 (16:48 +0100)]
resolved: dnssec - add reference to the algorithm we implement
Tom Gundersen [Fri, 1 Jan 2016 21:18:24 +0000 (22:18 +0100)]
resolved: dnssec - prepend hashed labels to zone name
All hashed names consist of the hashed label prepended to the zone name, not to the
closest enclosure.
Tom Gundersen [Fri, 1 Jan 2016 21:10:55 +0000 (22:10 +0100)]
resolved: dnssec - rename some variables
Makes the NSEC3 proof somewhat simpler to follow.
Tom Gundersen [Mon, 28 Dec 2015 18:05:59 +0000 (19:05 +0100)]
resoled: dnssec - don't refuse to verify answer due to too many unrelated RRs
Let VERIFY_RRS_MAX be about the max number of RRs in an RRSet that we
actually try to verify, not about the total number of RRs in the RRSet.
Tom Gundersen [Mon, 28 Dec 2015 17:03:34 +0000 (18:03 +0100)]
resolved: dnssec - fix off-by-one in RSA key parsing
If the first byte of the key is zero, the key-length is stored in
the second and third byte (not first and second).
Tom Gundersen [Fri, 1 Jan 2016 10:19:19 +0000 (11:19 +0100)]
Merge pull request #2241 from poettering/dnssec9
Ninth DNSSEC patch set
Martin Pitt [Wed, 30 Dec 2015 10:27:52 +0000 (11:27 +0100)]
Merge pull request #2229 from cjmayo/m500
hwdb: move Logitech M-U0007 [M500] to 1000dpi
Lennart Poettering [Tue, 29 Dec 2015 20:27:11 +0000 (21:27 +0100)]
resolved: add a list of DNS-related RFCs and their implementation status in resolved
Lennart Poettering [Tue, 29 Dec 2015 19:52:27 +0000 (20:52 +0100)]
resolved: append RFC6975 algorithm data to EDNS OPT RR
Lennart Poettering [Tue, 29 Dec 2015 19:50:03 +0000 (20:50 +0100)]
resolved: NSEC3 hash algorithms are distinct from DS digest algorithms
Previously, we'd use the same set of identifiers for both, but that's
actually incorrect. It didn't matter much since the only NSEC3 hash
algorithm defined (SHA-1) is mapped to code 1 which is also what it is
encoded as in DS digests, but we really should make sure to use two
distinct enumerations.
Lennart Poettering [Tue, 29 Dec 2015 18:27:55 +0000 (19:27 +0100)]
update DNSSEC TODO
Lennart Poettering [Tue, 29 Dec 2015 18:27:09 +0000 (19:27 +0100)]
resolved: add comments referencing various RFCs to various places
Lennart Poettering [Tue, 29 Dec 2015 18:09:14 +0000 (19:09 +0100)]
resolved: include GOST in list of DNSSEC algorithms
We don't implement it, and we have no intention to, but at least mention
that it exists.
(This also adds a couple of other algorithms to the algorithm string
list, where these strings were missing previously.)
Lennart Poettering [Tue, 29 Dec 2015 18:08:22 +0000 (19:08 +0100)]
resolved: use CLAMP() intsead of MIN(MAX())
Lennart Poettering [Tue, 29 Dec 2015 18:06:12 +0000 (19:06 +0100)]
resolved: don't allow RRs with TTL=0 and TTL!=0 in the same RRset
Lennart Poettering [Tue, 29 Dec 2015 18:04:35 +0000 (19:04 +0100)]
resolved: parse EDNS0 rcode extension bits
Lennart Poettering [Tue, 29 Dec 2015 18:00:53 +0000 (19:00 +0100)]
resolved: reset RR TTL to 0, if MSB is set
RFC 2181, Section 8 suggests to treat an RR TTL with the MSB set as 0.
Implement this.
Lennart Poettering [Tue, 29 Dec 2015 17:58:05 +0000 (18:58 +0100)]
resolved: properly handle SRV RRs with the DNS root as hostname
Lennart Poettering [Tue, 29 Dec 2015 17:55:58 +0000 (18:55 +0100)]
resolved: add errno mapping for BUS_ERROR_CONNECTION_FAILURE
This was missing when the error type was added in
ac720200b7e5b80cc4985087e38f3452e5b3b080.
Lennart Poettering [Tue, 29 Dec 2015 17:55:17 +0000 (18:55 +0100)]
resolved: change mapping of BUS_ERROR_NO_NAME_SERVERS to ESRCH
EIO is really too generic, and indicates transmission problems.
Lennart Poettering [Tue, 29 Dec 2015 20:35:24 +0000 (21:35 +0100)]
Merge pull request #2237 from evverx/fix-valgrind-tests
build-sys: fix valgrind-tests
Lennart Poettering [Tue, 29 Dec 2015 20:31:29 +0000 (21:31 +0100)]
Merge pull request #2239 from evverx/fix-memory-leak-in-test-bus-marshal
tests: fix memory leak in test-bus-marshal
Evgeny Vereshchagin [Tue, 29 Dec 2015 12:41:36 +0000 (12:41 +0000)]
tests: fix memory leak in test-bus-marshal
Fixes:
```
$ ./configure ... --enable-dbus
$ make
$ make valgrind-tests TESTS=test-bus-marshal
...
==25301== 51 bytes in 1 blocks are definitely lost in loss record 7 of 18
==25301== at 0x4C2DD9F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==25301== by 0x5496B8C: ??? (in /lib/x86_64-linux-gnu/libdbus-1.so.3.14.3)
==25301== by 0x54973E3: _dbus_string_append_printf_valist (in /lib/x86_64-linux-gnu/libdbus-1.so.3.14.3)
==25301== by 0x547E5C2: _dbus_set_error_valist (in /lib/x86_64-linux-gnu/libdbus-1.so.3.14.3)
==25301== by 0x547E73E: dbus_set_error (in /lib/x86_64-linux-gnu/libdbus-1.so.3.14.3)
==25301== by 0x548969A: dbus_message_demarshal (in /lib/x86_64-linux-gnu/libdbus-1.so.3.14.3)
==25301== by 0x115C1A: main (test-bus-marshal.c:244)
==25301==
```
Lennart Poettering [Tue, 29 Dec 2015 11:39:25 +0000 (12:39 +0100)]
Merge pull request #2233 from kinvolk/alban/cgroup2-userns
nspawn: userns and unified cgroup: chown cgroup.events
Evgeny Vereshchagin [Tue, 29 Dec 2015 07:11:53 +0000 (07:11 +0000)]
build-sys: fix valgrind-tests
Fixes:
```
$ make valgrind-tests TESTS=test-acl-util
GEN valgrind-tests
Running test-acl-util
/bin/bash: line 4: libtool: command not found
```
Tom Gundersen [Mon, 28 Dec 2015 16:27:42 +0000 (17:27 +0100)]
Merge pull request #2231 from phomes/resolve-misc2
Resolve misc2
Zbigniew Jędrzejewski-Szmek [Mon, 28 Dec 2015 16:07:54 +0000 (11:07 -0500)]
Merge pull request #2226 from jwilk/spelling
man: fix typos
Tom Gundersen [Mon, 28 Dec 2015 14:05:50 +0000 (15:05 +0100)]
Merge pull request #2232 from poettering/dnssec8
Eigth DNSSEC patch set
Lennart Poettering [Mon, 28 Dec 2015 00:18:40 +0000 (01:18 +0100)]
resolved: update DNSSEC TODO
Lennart Poettering [Mon, 28 Dec 2015 00:16:28 +0000 (01:16 +0100)]
resolved: also use RRSIG expiry for negative caching
This makes sure that we also honour the RRSIG expiry for negative
caching.
Lennart Poettering [Sun, 27 Dec 2015 23:30:56 +0000 (00:30 +0100)]
resolved: use RRSIG expiry and original TTL for cache management
When we verified a signature, fix up the RR's TTL to the original TTL
mentioned in the signature, and store the signature expiry information
in the RR, too. Then, use that when adding RRs to the cache.
Lennart Poettering [Sun, 27 Dec 2015 21:58:17 +0000 (22:58 +0100)]
resolved: clean up dns_transaction_stop()
This renames dns_transaction_stop() to dns_transaction_stop_timeout()
and makes it only about stopping the transaction timeout. This is safe,
as in most occasions we call dns_transaction_stop() at the same time as
dns_transaction_close_connection() anyway, which does the rest of what
dns_transaction_stop() used to do. And in the one where we don't call
it, it's implicitly called by the UDP emission or TCP connection code.
This also closes the connections as we enter the validation phase of a
transaction, so that no further messages may be received then.
Lennart Poettering [Sun, 27 Dec 2015 21:56:08 +0000 (22:56 +0100)]
resolved: only keep a single list of supported signature algorithms
This removes dnssec_algorithm_supported() and simply uses the
algorithm_to_gcrypt() result as indication whether a DNSSEC algorithm is
supported.
The patch also renames "algorithm" to "md_algorithm", in a few cases, in
order to avoid confusion between DNSSEC signature algorithms and gcrypt
message digest algorithms.
Lennart Poettering [Sun, 27 Dec 2015 21:22:39 +0000 (22:22 +0100)]
resolve-host: log RR parsing errors
Lennart Poettering [Sun, 27 Dec 2015 20:35:00 +0000 (21:35 +0100)]
resolved: add ECDSA signature support
Lennart Poettering [Sun, 27 Dec 2015 20:14:29 +0000 (21:14 +0100)]
shared: relax restrictions on valid domain name characters a bit
Previously, we'd not allow control characters to be embedded in domain
names, even when escaped. Since cloudflare uses \000 however to
implement its synthethic minimally covering NSEC RRs, we should allow
them, as long as they are properly escaped.
Alban Crequy [Tue, 8 Dec 2015 00:16:07 +0000 (01:16 +0100)]
nspawn: userns and unified cgroup: chown cgroup.events
When starting a container in a new user namespace, systemd-nspawn chowns
the cgroup knob files so they are usable by the container. But the
cgroup knob file "cgroup.events" was missing. This file exists when the
unified hierarchy is used.
Lennart Poettering [Sun, 27 Dec 2015 13:05:45 +0000 (14:05 +0100)]
resolved: split out RSA-specific code from dnssec_verify_rrset()
In preparation for ECDSA support.
Lennart Poettering [Sun, 27 Dec 2015 12:07:36 +0000 (13:07 +0100)]
resolved: simplify MD algorithm initialization a bit
Lennart Poettering [Sun, 27 Dec 2015 11:58:37 +0000 (12:58 +0100)]
resolved: add SHA384 digest support
Thomas Hindoe Paaboel Andersen [Sun, 27 Dec 2015 22:57:58 +0000 (23:57 +0100)]
resolve-host: add error checking
Thomas Hindoe Paaboel Andersen [Sun, 27 Dec 2015 22:23:16 +0000 (23:23 +0100)]
resolve: remove unused variables
Marcel Holtmann [Sun, 27 Dec 2015 22:07:05 +0000 (23:07 +0100)]
hwdb: Update database of Bluetooth company identifiers
Tom Gundersen [Sun, 27 Dec 2015 20:19:28 +0000 (21:19 +0100)]
Merge pull request #2225 from poettering/dnssec7
Seventh DNSSEC patchset
Chris Mayo [Sun, 27 Dec 2015 11:48:53 +0000 (11:48 +0000)]
hwdb: move Logitech M-U0007 [M500] to 1000dpi
http://www.logitech.com/en-gb/product/corded-mouse-m500
Lennart Poettering [Sun, 27 Dec 2015 00:35:00 +0000 (01:35 +0100)]
resolved: rename "features" variables to "feature_level"
The name "features" suggests an orthogonal bitmap or suchlike, but the
variables really encode only a linear set of feature levels. The type
used is already called DnsServerFeatureLevel, hence fix up the variables
accordingly, too.
Lennart Poettering [Sat, 26 Dec 2015 17:49:32 +0000 (18:49 +0100)]
resolved: rework OPT RR generation logic
This moves management of the OPT RR out of the scope management and into
the server and packet management. There are now explicit calls for
appending and truncating the OPT RR from a packet
(dns_packet_append_opt() and dns_packet_truncate_opt()) as well as a
call to do the right thing depending on a DnsServer's feature level
(dns_server_adjust_opt()).
This also unifies the code to pick a server between the TCP and UDP code
paths, and makes sure the feature level used for the transaction is
selected at the time the server is picked, and not changed until the
next time we pick a server. The server selction code is now unified in
dns_transaction_pick_server().
This all fixes problems when changing between UDP and TCP communication
for the same server, and makes sure the UDP and TCP codepaths are more
alike. It also makes sure we never keep the UDP port open when switchung
to TCP, so that we don't have to handle incoming datagrams on the latter
we don't expect.
As the new code picks the DNS server at the time we make a connection,
we don't need to invalidate the DNS server anymore when changing to the
next one, thus dns_transaction_next_dns_server() has been removed.
Lennart Poettering [Sat, 26 Dec 2015 17:48:37 +0000 (18:48 +0100)]
resolved: reuse dns_transaction_stop() when destructing transaction objects
Lennart Poettering [Sat, 26 Dec 2015 13:53:17 +0000 (14:53 +0100)]
resolved: add dns_transaction_close_connection()
This new call unifies how we shut down all connection resources, such as
UDP sockets, event sources, and TCP stream objects.
This patch just adds the basic hook-up, this function will be used more
in later commits.
Lennart Poettering [Sat, 26 Dec 2015 13:39:49 +0000 (14:39 +0100)]
resolved: make sure we reset the DNSSEC result when we accept a response packet
Lennart Poettering [Sat, 26 Dec 2015 13:38:37 +0000 (14:38 +0100)]
resolved: improve some log messages a bit
Indicate thar we ignore invalid messages
Lennart Poettering [Sat, 26 Dec 2015 13:37:07 +0000 (14:37 +0100)]
resolved: never proceed processing truncated packets
Make sure we don't end up processing packets that are truncated.
Instead, actually let the TCP connection do its thing.
Lennart Poettering [Sat, 26 Dec 2015 13:18:11 +0000 (14:18 +0100)]
resolved: remember explicitly whether we already tried a stream connection
On LLMNR we never want to retry stream connections (since local TCP
connections should work, and we don't want to unnecessarily delay
operation), explicitly remember whether we already tried one, instead of
deriving this from a still stored stream object. This way, we can free
the stream early, without forgetting that we tried it.
Lennart Poettering [Sat, 26 Dec 2015 13:15:51 +0000 (14:15 +0100)]
resolved: make sure we GC stream transactions properly
Make sure to GC a transaction after dealing with a reply, even if the
transaction is not complete yet.
Lennart Poettering [Sat, 26 Dec 2015 11:58:01 +0000 (12:58 +0100)]
resolved: ignore additional DNS responses we get while validating
No need to choke on them.
Lennart Poettering [Sat, 26 Dec 2015 11:53:08 +0000 (12:53 +0100)]
resolved: introduce dns_transaction_reset_answer()
Let's unify how we reset the answer data we collected, after all pretty
much every time we do it incompletely so far, let's fix it.
Lennart Poettering [Sat, 26 Dec 2015 11:43:28 +0000 (12:43 +0100)]
shared: fix handling of suffix "." in dns_name_compare_func()
All our other domain name handling functions make no destinction between
domain names that end in a dot plus a NUL, or those just ending in a
NUL. Make sure dns_name_compare_func() and dns_label_unescape_suffix()
do the same.
Jakub Wilk [Sat, 26 Dec 2015 17:25:49 +0000 (18:25 +0100)]
man: fix typos
Lennart Poettering [Sat, 26 Dec 2015 11:43:03 +0000 (12:43 +0100)]
shared: fix error propagation in dns_name_compare_func()
Lennart Poettering [Sat, 26 Dec 2015 11:36:24 +0000 (12:36 +0100)]
resolved: don't unnecessarily allocate memory in dns_packet_append_name()
When compression support is off, there's no point in duplicating the
name string. Hence, don't do it.
Lennart Poettering [Fri, 25 Dec 2015 14:57:49 +0000 (15:57 +0100)]
resolved: name TCP and UDP socket calls uniformly
Previously the calls for emitting DNS UDP packets were just called
dns_{transacion|scope}_emit(), but the one to establish a DNS TCP
connection was called dns_transaction_open_tcp(). Clean this up, and
rename them dns_{transaction|scope}_emit_udp() and
dns_transaction_open_tcp().
Lennart Poettering [Fri, 25 Dec 2015 14:05:46 +0000 (15:05 +0100)]
resolved: add an automatic downgrade to non-DNSSEC mode
This adds a mode that makes resolved automatically downgrade from DNSSEC
support to classic non-DNSSEC resolving if the configured DNS server is
not capable of DNSSEC. Enabling this mode increases compatibility with
crappy network equipment, but of course opens up the system to
downgrading attacks.
The new mode can be enabled by setting DNSSEC=downgrade-ok in
resolved.conf. DNSSEC=yes otoh remains a "strict" mode, where DNS
resolving rather fails then allow downgrading.
Downgrading is done:
- when the server does not support EDNS0+DO
- or when the server supports it but does not augment returned RRs with
RRSIGs. The latter is detected when requesting DS or SOA RRs for the
root domain (which is necessary to do proofs for unsigned data)
Lennart Poettering [Fri, 25 Dec 2015 14:01:37 +0000 (15:01 +0100)]
resolved: no need to store return value of dns_server_possible_features()
The call already updates possible_features, it's pointless doing this in
the caller a second time.
Lennart Poettering [Fri, 25 Dec 2015 11:58:07 +0000 (12:58 +0100)]
resolved: don't set TCP_NODELAY twice for TCP sockets
We previously set it once in the scope code and once in the stream code.
Remove it from the latter, as all other socket options are set in the
former.
Lennart Poettering [Fri, 25 Dec 2015 11:54:27 +0000 (12:54 +0100)]
resolved: generate an explicit transaction error when we cannot reach server via TCP
Previously, if we couldn't reach a server via UDP we'd generate an
MAX_ATTEMPTS transaction result, but if we couldn't reach it via TCP
we'd generate a RESOURCES transaction result. While it is OK to generate
two different errors I think, "RESOURCES" is certainly a misnomer.
Introduce a new transaction result "CONNECTION_FAILURE" instead.
Lennart Poettering [Thu, 24 Dec 2015 13:08:22 +0000 (14:08 +0100)]
resolved: deal with unsigned DS/NSEC/NSEC3 properly
Previously, we'd insist on an RRSIG for all DS/NSEC/NSEC3 RRs. With this
change we don't do that anymore, but also allow unsigned DS/NSEC/NSEC3
if we can prove that the zone they are located in is unsigned.
Lennart Poettering [Wed, 23 Dec 2015 23:24:10 +0000 (00:24 +0100)]
resolved: log each dnssec failure, in a recognizable way
Lennart Poettering [Wed, 23 Dec 2015 18:06:36 +0000 (19:06 +0100)]
resolved: gather statistics about resolved names
This collects statistical data about transactions, dnssec verifications
and the cache, and exposes it over the bus. The systemd-resolve-host
tool learns new options to query these statistics and reset them.
Lennart Poettering [Tue, 22 Dec 2015 17:22:19 +0000 (18:22 +0100)]
resolved: if we accepted unauthenticated NSEC/NSEC3 RRs, use them for proofs
But keep track that the proof is not authenticated.
Lennart Poettering [Tue, 22 Dec 2015 17:21:25 +0000 (18:21 +0100)]
resolved: don't insist on finding DNSKEYs for RRsets of zones with DNSSEC off
Lennart Poettering [Tue, 22 Dec 2015 17:20:09 +0000 (18:20 +0100)]
resolved: be stricter when searching for a DS RR for a DNSKEY RR
Lennart Poettering [Tue, 22 Dec 2015 17:19:48 +0000 (18:19 +0100)]
resolved: make use of dns_type_may_redirect() where possible
Lennart Poettering [Mon, 21 Dec 2015 21:07:41 +0000 (22:07 +0100)]
update DNSSEC TODO
Lennart Poettering [Mon, 21 Dec 2015 20:06:29 +0000 (21:06 +0100)]
resolved: tighten search for NSEC3 RRs a bit
Be stricter when searching suitable NSEC3 RRs for proof: generalize the
check we use to find suitable NSEC3 RRs, in nsec3_is_good(), and add
additional checks, such as checking whether all NSEC3 RRs use the same
parameters, have the same suffix and so on.
Lennart Poettering [Mon, 21 Dec 2015 19:00:34 +0000 (20:00 +0100)]
resolved: when doing NSEC3 proof, first find right NSEC3 suffix
When doing an NSEC3 proof, before detrmining whether a name is the
closest encloser we first need to figure out the longest common suffix
we have with any NSEC3 RR in the reply.
Lennart Poettering [Mon, 21 Dec 2015 18:57:34 +0000 (19:57 +0100)]
resolved: properly implement RRSIG validation of wildcarded RRsets
Note that this is still not complete, one additional step is still
missing: when we verified that a wildcard RRset is properly signed, we
still need to do an NSEC/NSEC3 proof that no more specific RRset exists.
Lennart Poettering [Mon, 21 Dec 2015 18:56:05 +0000 (19:56 +0100)]
resolved: never use data from failed transactions
Otherwise if we have an A lookup that failed DNSSEC validation, but an
AAAA lookup that succeeded, we might end up using the A data, but we
really should not.
Lennart Poettering [Mon, 21 Dec 2015 18:54:54 +0000 (19:54 +0100)]
resolved: don't choke on NSEC/NSEC3 RRs with no bitmap
This might happen in some cases (empty non-terminals...) and we should
not choke on it.
Lennart Poettering [Mon, 21 Dec 2015 18:53:41 +0000 (19:53 +0100)]
bitmap: don't do bitwise XOR on booleans
It's weird doing bitwise operations on booleans. Let's use the boolean
XOR (i.e. "!=") instead of the bitweise XOR (i.e. "^") on them.
Lennart Poettering [Mon, 21 Dec 2015 18:53:15 +0000 (19:53 +0100)]
util-lib: make sure more bitmap calls can deal with NULL objects fine
Lennart Poettering [Mon, 21 Dec 2015 15:31:29 +0000 (16:31 +0100)]
resolved: internalize string buffer of dns_resource_record_to_string()
Let's simplify usage and memory management of DnsResourceRecord's
dns_resource_record_to_string() call: cache the formatted string as
part of the object, and return it on subsequent calls, freeing it when
the DnsResourceRecord itself is freed.
Lennart Poettering [Mon, 21 Dec 2015 15:29:13 +0000 (16:29 +0100)]
resolved: when matching SOA RRs, don't eat up errors
Lennart Poettering [Mon, 21 Dec 2015 15:28:35 +0000 (16:28 +0100)]
resolved: when matching SOA RRs, honour RR class
Lennart Poettering [Mon, 21 Dec 2015 15:27:13 +0000 (16:27 +0100)]
resolved: when looking for a SOA RR in a reply, pick the right one
If there are multiple SOA RRs, and we look for a suitable one covering
our request, then make sure to pick the one that is furthest away from
the root name, not just the first one we encounter.
Lennart Poettering [Mon, 21 Dec 2015 15:24:58 +0000 (16:24 +0100)]
resolved: when caching NXDOMAIN for an RR, make sure we flush out old ANY entries
We use ANY RR keys to store NXDOMAIN information, but we previously
didn't flush out old ANY RR items in the cache when adding new entries.
Fix that.
Lennart Poettering [Mon, 21 Dec 2015 15:23:48 +0000 (16:23 +0100)]
resolved: split out a new dns_type_may_redirect() call
Let's abstract which RRs shall honour CNAMEs, and which ones should not.
Lennart Poettering [Mon, 21 Dec 2015 15:20:49 +0000 (16:20 +0100)]
resolve-host: propagate error properly
Lennart Poettering [Sat, 26 Dec 2015 17:53:50 +0000 (18:53 +0100)]
Merge pull request #2224 from keszybz/analyze-verify-warning
manager: do not set up signals in test mode
Zbigniew Jędrzejewski-Szmek [Fri, 25 Dec 2015 16:16:18 +0000 (11:16 -0500)]
Merge pull request #2197 from mscherer/add_seal_config
Add Seal option in the configuration file for journald-remote
Zbigniew Jędrzejewski-Szmek [Fri, 25 Dec 2015 05:38:05 +0000 (00:38 -0500)]
Merge pull request #2223 from ssahani/lldp
Closes #2223.
Zbigniew Jędrzejewski-Szmek [Fri, 25 Dec 2015 05:24:16 +0000 (00:24 -0500)]
manager: do not set up signals in test mode
When we are running in test mode, we don't expect any signals.
In fact ^C should end the program. This also avoids permission
issues when running systemd-analyze verify.
Susant Sahani [Fri, 25 Dec 2015 05:18:23 +0000 (10:48 +0530)]
V3 LLDP: Add packet validation (system name and description)
LLDP type system name and system description should
be with in 255 characters and unique.
Let's add the validation to discard corrupt packets.
Susant Sahani [Fri, 25 Dec 2015 05:12:43 +0000 (10:42 +0530)]
lldp: improve logging
Zbigniew Jędrzejewski-Szmek [Fri, 25 Dec 2015 04:59:48 +0000 (23:59 -0500)]
Merge pull request #2153 from evverx/fix-verify-for-templates
analyze: verify verifies templates too
Lennart Poettering [Wed, 23 Dec 2015 23:46:19 +0000 (00:46 +0100)]
Merge pull request #2216 from zonque/nameownerchanged
core: re-sync bus name list after deserializing during daemon-reload
Daniel Mack [Tue, 22 Dec 2015 10:37:09 +0000 (11:37 +0100)]
core: re-sync bus name list after deserializing during daemon-reload
When the daemon reloads, it doesn not actually give up its DBus connection,
as wrongly stated in an earlier commit. However, even though the bus
connection stays open, the daemon flushes out all its internal state.
Hence, if there is a NameOwnerChanged signal after the flush and before the
deserialization, it cannot be matched against any pending unit.
To fix this, rename bus_list_names() to manager_sync_bus_names() and call
it explicitly at the end of the daemon reload operation.
Lennart Poettering [Wed, 23 Dec 2015 20:31:07 +0000 (21:31 +0100)]
Merge pull request #2158 from keszybz/journal-decompression
Journal decompression fixes
Lennart Poettering [Wed, 23 Dec 2015 20:07:07 +0000 (21:07 +0100)]
Merge pull request #2214 from zonque/leak
Core: plug a memory leak in socket.c, and some related cleanups