Instead of just notifying about the fact that something changed in the
database, actually inform the callback what precisely changed. This is useful,
so that the LLDP tx logic can be put into "fast" mode as soon as a previously
unknown peer appears, as suggested by the LLDP spec.
Let's add some minimalistic LLDP sender support. The idea is that this is
either on or off, and all fields determined automatically rather than
configured explicitly.
Being on the link-layer LLDP is nothing we should turn on only when there's a
link beat. Instead, turn it on, whenever the iface is UP regardless if there's
a link beat or not. This closes the race between a link beat being available
and us subscribing to LLDP as a result.
Let's always use the same calls to acquire interface data. Specifically port
"networkctl status" to use acquire_link_info_strv() and acquire_link_info_all()
like the other calls.
This reworks the sd-lldp substantially, simplifying things on one hand, and
extending the logic a bit on the other.
Specifically:
- Besides the sd_lldp object only one other object is maintained now,
sd_lldp_neighbor. It's used both as storage for literal LLDP packets, and for
maintainging info about peers in the database. Separation between packet, TLV
and chassis data is not maintained anymore. This should be a major
simplification.
- The sd-lldp API has been extended so that a couple of per-neighbor fields may
be queried directly, without iterating through the object. Other fields that
may appear multiple times, OTOH have to be iterated through.
- The maximum number of entries in the neighbor database is now configurable
during runtime.
- The generation of callbacks from sd_lldp objects is more restricted:
callbacks are only invoked when actual data changed.
- The TTL information is now hooked with a timer event, so that removals from
the neighbor database due to TTLs now result in a callback event.
- Querying LLDP neighbor database will now return a strictly ordered array, to
guarantee stability.
- A "capabilities" mask may now be configured, that selects what type of LLDP
neighbor data is collected. This may be used to restrict collection of LLDP
info about routers instead of all neighbors. This is now exposed via
networkd's LLDP= setting.
- sd-lldp's API to serialize the collected data to text files has been removed.
Instead, there's now an API to extract the raw binary data from LLDP neighbor
objects, as well as one to convert this raw binary data back to an LLDP
neighbor object. networkd will save this raw binary data to /run now, and the
client side can simply parse the information.
- support for parsing the more exotic TLVs has been removed, since we are not
using that. Instead there are now APIs to extract the raw data from TLVs.
Given how easy it is to parse the TLVs clients should do so now directly
instead of relying on our APIs for that.
- A lot of the APIs that parse out LLDP strings have been simplified so that
they actually return strings, instead of char arrays with a length. To deal
with possibly dangerous characters the strings are escaped if needed.
- APIs to extract and format the chassis and port IDs as strings has been
added.
- lldp.h has been simplified a lot. The enums are anonymous now, since they
were never used as enums, but simply as constants. Most definitions we don't
actually use ourselves have eben removed.
tree-wide: place #pragma once at the same place everywhere
Usually, we place the #pragma once before the copyright blurb in header files,
but in a few cases we didn't. Move those around, so that we do the same thing
everywhere.
There's really no point in maintaining a state, the state machine is trivial,
and we actually never look at the state anyway, we just keep updating it.
test-hashmap: fix undefined behaviour on string constants
The test was failing at -O2+ with gcc 5.3 and 6.0.
"val1" == "val1" and "val1" != "val1" are both valid.
http://stackoverflow.com/questions/4843640/why-is-a-a-in-c
Various buffers were lost because finish_item() either consumed
the buffer or allocated a new one (if an entry with the same key existed).
The caller would simply forget the buffer in either case.
Also add a check for the case when a valid identifier is followed by
an empty body. We should not allow this.
Also be more consistent in error handling and always print an error
message.
This patch contains a set of little cleanups for alloc-util.h:
1. The malloc_multiply(), realloc_multiply() and memdup_multiply()
functions check allocation related parameters on overflow. Let's
move them to the separate size_multiply_overflow() function for
simplicity, code duplication prevention and possible reuse in future.
2. use SIZE_MAX from stdlib instead of ((size_t) - 1) to be more
clear.
3. The 'a'/'b' variables are renamed to 'size' and 'need' to be
more clear.'
https://tools.ietf.org/html/rfc6698#section-2.2 says:
> The certificate association data field MUST be represented as a string
> of hexadecimal characters. Whitespace is allowed within the string of
> hexadecimal characters
build-sys: Do not build tests that depend on resolved when it has been disabled
If ./configure --disable-resolved has been used, do not try to build
test-dns-packet and test-resolve-tables which depend on it.
Previously, the SOURCES, LIBS and LDADDs for these tests were made conditional
while the main rules for them weren't, causing build failures trying to build a
binary with no sources.
This was uncovered when trying to build udeb for systemd in CI, which uses
--disable-resolved for a minimal build, which uncovered the issue.
When the buffer is allocated on the stack we do not have to check for
failure everywhere. This is especially useful in debug statements, because
we can put dns_resource_key_to_string() call in the debug statement, and
we do not need a seperate if (log_level >= LOG_DEBUG) for the conversion.
dns_resource_key_to_string() is changed not to provide any whitespace
padding. Most callers were stripping the whitespace with strstrip(),
and it did not look to well anyway. systemd-resolve output is not column
aligned anymore.
The result of the conversion is not stored in DnsTransaction object
anymore. It is used only for debugging, so it seems fine to generate it
when needed.
Various debug statements are extended to provide more information.
The output didn't specify if the default for --cname/--search/--legend and
other options was yes or no. Change the description to be explicit about that.
man: show output in example systemd-resolve commands
I think example output allows the reader of the man page to
see what functionlity is provided without running the commands
themselves. Specific values in the examples are bound to get out
of date but this is not a problem.
resolved: make sure to normalize all domain names returned via the bus
Most domain names we deal with are normalized anyway (since we read them that
way from DNS packets), but some might not (because they are synthesized from
unnormalized configuration or so), hence make sure to normalize all names
before passing them out to clients, to be fully deterministic.
Note that internally we are process normalized and non-normalized names the
same way, and while comparing them ignore the differences due to unnormalized
names. However, that internal implementation detail really shouldn't spill out
the clients, hence make sure to clean it all up.
This patch makes networkd stay around as long as there is more than just a
loopback interface around, or the loopback device isn't fully probed yet, or
the loopback device has a .network file attached.
In essence, this means networkd stays around now continously as it should,
unless it is running in some (container?) environment that really has no
interface except a loopback device.
Before this patch existence of char16_t, char32_t, key_serial_t was checked
with AC_CHECK_DECLS() which doesn't actually work for types. Correct this to
use AC_CHECK_TYPES() instead.
Also, while we are at it, change the check for memfd_create() to use
AC_CHECK_DECLS() instead of AC_CHECK_FUNCS(). This is a better choice, since a
couple of syscalls are defined by glibc but not exported in the header files
(pivot_root() for example), and we hence should probably be more picky with
memfd_create() too, which glibc might decide to expose one day, but not
necessarily in the headers too.
resolved: turn on DNSSEC by default, unless configured otherwise
Let's make sure DNSSEC gets more testing, by defaulting DNSSEC to
"allow-downgrade" mode. Since distros should probably not ship DNSSEC enabled
by default add a configure switch to disable this again.
DNSSEC in "allow-downgrade" mode should mostly work without affecting user
experience. There's one exception: some captive portal systems rewrite DNS in
order to redirect HTTP traffic to the captive portal. If these systems
implement DNS servers that are otherwise DNSSEC-capable (which in fact is
pretty unlikely, but still...), then this will result in the captive portal
being inaccessible. To fix this support in NetworkManager (or any other network
management solution that does captive portal detection) is required, which
simply turns off DNSSEC during the captive portal detection, and resets it back
to the default (i.e. on) after captive portal authentication is complete.
If we are not PID 1 and started as init, we executing systemctl
with execv(). Here no need to set errno manually, because in a
failure case, because the execv() anyway will set errno depends
on a error.
Benjamin Robin [Mon, 15 Feb 2016 22:26:34 +0000 (23:26 +0100)]
time-util: Rename and fix call of deserialize_timestamp_value()
The deserialize_timestamp_value() is renamed timestamp_deserialize() to be more
consistent with dual_timestamp_deserialize()
And add the NULL check back on realtime and monotonic