picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #9770 from keszybz/etc-resolved-no-address 

Slightly more efficient handling of /etc/hosts blacklist entries
This commit is contained in:
Yu Watanabe 2018-08-02 12:54:50 +09:00 committed by GitHub
parent 5a8b164092 be19cdf31c
commit 5e5420d1a1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 249 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/resolve/meson.build
View File

@ -194,6 +194,16 @@ tests += [
libm],
'ENABLE_RESOLVE'],
[['src/resolve/test-resolved-etc-hosts.c',
'src/resolve/resolved-etc-hosts.c',
'src/resolve/resolved-etc-hosts.h'],
[libsystemd_resolve_core,
libshared],
[libgcrypt,
libgpg_error,
libm],
'ENABLE_RESOLVE'],
[['src/resolve/test-resolved-packet.c',
dns_type_headers],
[libsystemd_resolve_core,

237
src/resolve/resolved-etc-hosts.c
View File

@ -12,48 +12,36 @@
/* Recheck /etc/hosts at most once every 2s */
#define ETC_HOSTS_RECHECK_USEC (2*USEC_PER_SEC)
typedef struct EtcHostsItem {
struct in_addr_data address;
static inline void etc_hosts_item_free(EtcHostsItem *item) {
strv_free(item->names);
free(item);
}
char **names;
} EtcHostsItem;
static inline void etc_hosts_item_by_name_free(EtcHostsItemByName *item) {
free(item->name);
free(item->addresses);
free(item);
}
typedef struct EtcHostsItemByName {
char *name;
struct in_addr_data **addresses;
size_t n_addresses, n_allocated;
} EtcHostsItemByName;
void etc_hosts_free(EtcHosts *hosts) {
hosts->by_address = hashmap_free_with_destructor(hosts->by_address, etc_hosts_item_free);
hosts->by_name = hashmap_free_with_destructor(hosts->by_name, etc_hosts_item_by_name_free);
hosts->no_address = set_free_free(hosts->no_address);
}
void manager_etc_hosts_flush(Manager *m) {
EtcHostsItem *item;
EtcHostsItemByName *bn;
while ((item = hashmap_steal_first(m->etc_hosts_by_address))) {
strv_free(item->names);
free(item);
}
while ((bn = hashmap_steal_first(m->etc_hosts_by_name))) {
free(bn->name);
free(bn->addresses);
free(bn);
}
m->etc_hosts_by_address = hashmap_free(m->etc_hosts_by_address);
m->etc_hosts_by_name = hashmap_free(m->etc_hosts_by_name);
etc_hosts_free(&m->etc_hosts);
m->etc_hosts_mtime = USEC_INFINITY;
}
static int parse_line(Manager *m, unsigned nr, const char *line) {
static int parse_line(EtcHosts *hosts, unsigned nr, const char *line) {
_cleanup_free_ char *address_str = NULL;
struct in_addr_data address = {};
bool suppressed = false;
bool found = false;
EtcHostsItem *item;
int r;
assert(m);
assert(hosts);
assert(line);
r = extract_first_word(&line, &address_str, NULL, EXTRACT_RELAX);
@ -76,11 +64,11 @@ static int parse_line(Manager *m, unsigned nr, const char *line) {
* nothing. */
item = NULL;
else {
/* If this is a normal address, then, simply add entry mapping it to the specified names */
/* If this is a normal address, then simply add entry mapping it to the specified names */
item = hashmap_get(m->etc_hosts_by_address, &address);
item = hashmap_get(hosts->by_address, &address);
if (!item) {
r = hashmap_ensure_allocated(&m->etc_hosts_by_address, &in_addr_data_hash_ops);
r = hashmap_ensure_allocated(&hosts->by_address, &in_addr_data_hash_ops);
if (r < 0)
return log_oom();
@ -90,7 +78,7 @@ static int parse_line(Manager *m, unsigned nr, const char *line) {
item->address = address;
r = hashmap_put(m->etc_hosts_by_address, &item->address, item);
r = hashmap_put(hosts->by_address, &item->address, item);
if (r < 0) {
free(item);
return log_oom();
@ -112,21 +100,35 @@ static int parse_line(Manager *m, unsigned nr, const char *line) {
if (r <= 0)
return log_error_errno(r, "Hostname %s is not valid, ignoring, in line /etc/hosts:%u.", name, nr);
if (is_localhost(name)) {
found = true;
if (is_localhost(name))
/* Suppress the "localhost" line that is often seen */
suppressed = true;
continue;
if (!item) {
/* Optimize the case where we don't need to store any addresses, by storing
* only the name in a dedicated Set instead of the hashmap */
r = set_ensure_allocated(&hosts->no_address, &dns_name_hash_ops);
if (r < 0)
return log_oom();
r = set_put(hosts->no_address, name);
if (r < 0)
return r;
TAKE_PTR(name);
continue;
}
if (item) {
r = strv_extend(&item->names, name);
if (r < 0)
return log_oom();
}
r = strv_extend(&item->names, name);
if (r < 0)
return log_oom();
bn = hashmap_get(m->etc_hosts_by_name, name);
bn = hashmap_get(hosts->by_name, name);
if (!bn) {
r = hashmap_ensure_allocated(&m->etc_hosts_by_name, &dns_name_hash_ops);
r = hashmap_ensure_allocated(&hosts->by_name, &dns_name_hash_ops);
if (r < 0)
return log_oom();
@ -134,7 +136,7 @@ static int parse_line(Manager *m, unsigned nr, const char *line) {
if (!bn)
return log_oom();
r = hashmap_put(m->etc_hosts_by_name, name, bn);
r = hashmap_put(hosts->by_name, name, bn);
if (r < 0) {
free(bn);
return log_oom();
@ -143,17 +145,13 @@ static int parse_line(Manager *m, unsigned nr, const char *line) {
bn->name = TAKE_PTR(name);
}
if (item) {
if (!GREEDY_REALLOC(bn->addresses, bn->n_allocated, bn->n_addresses + 1))
return log_oom();
if (!GREEDY_REALLOC(bn->addresses, bn->n_allocated, bn->n_addresses + 1))
return log_oom();
bn->addresses[bn->n_addresses++] = &item->address;
}
suppressed = true;
bn->addresses[bn->n_addresses++] = &item->address;
}
if (!suppressed) {
if (!found) {
log_error("Line is missing any host names, in line /etc/hosts:%u.", nr);
return -EINVAL;
}
@ -161,55 +159,12 @@ static int parse_line(Manager *m, unsigned nr, const char *line) {
return 0;
}
static int manager_etc_hosts_read(Manager *m) {
_cleanup_fclose_ FILE *f = NULL;
int etc_hosts_parse(EtcHosts *hosts, FILE *f) {
_cleanup_(etc_hosts_free) EtcHosts t = {};
char line[LINE_MAX];
struct stat st;
usec_t ts;
unsigned nr = 0;
int r;
assert_se(sd_event_now(m->event, clock_boottime_or_monotonic(), &ts) >= 0);
/* See if we checked /etc/hosts recently already */
if (m->etc_hosts_last != USEC_INFINITY && m->etc_hosts_last + ETC_HOSTS_RECHECK_USEC > ts)
return 0;
m->etc_hosts_last = ts;
if (m->etc_hosts_mtime != USEC_INFINITY) {
if (stat("/etc/hosts", &st) < 0) {
if (errno == ENOENT) {
r = 0;
goto clear;
}
return log_error_errno(errno, "Failed to stat /etc/hosts: %m");
}
/* Did the mtime change? If not, there's no point in re-reading the file. */
if (timespec_load(&st.st_mtim) == m->etc_hosts_mtime)
return 0;
}
f = fopen("/etc/hosts", "re");
if (!f) {
if (errno == ENOENT) {
r = 0;
goto clear;
}
return log_error_errno(errno, "Failed to open /etc/hosts: %m");
}
/* Take the timestamp at the beginning of processing, so that any changes made later are read on the next
* invocation */
r = fstat(fileno(f), &st);
if (r < 0)
return log_error_errno(errno, "Failed to fstat() /etc/hosts: %m");
manager_etc_hosts_flush(m);
FOREACH_LINE(line, f, return log_error_errno(errno, "Failed to read /etc/hosts: %m")) {
char *l;
@ -221,19 +176,68 @@ static int manager_etc_hosts_read(Manager *m) {
if (l[0] == '#')
continue;
r = parse_line(m, nr, l);
if (r == -ENOMEM) /* On OOM we abandon the half-built-up structure. All other errors we ignore and proceed */
goto clear;
r = parse_line(&t, nr, l);
if (r < 0)
return r;
}
etc_hosts_free(hosts);
*hosts = t;
t = (EtcHosts) {}; /* prevent cleanup */
return 0;
}
static int manager_etc_hosts_read(Manager *m) {
_cleanup_fclose_ FILE *f = NULL;
struct stat st;
usec_t ts;
int r;
assert_se(sd_event_now(m->event, clock_boottime_or_monotonic(), &ts) >= 0);
/* See if we checked /etc/hosts recently already */
if (m->etc_hosts_last != USEC_INFINITY && m->etc_hosts_last + ETC_HOSTS_RECHECK_USEC > ts)
return 0;
m->etc_hosts_last = ts;
if (m->etc_hosts_mtime != USEC_INFINITY) {
if (stat("/etc/hosts", &st) < 0) {
if (errno != ENOENT)
return log_error_errno(errno, "Failed to stat /etc/hosts: %m");
manager_etc_hosts_flush(m);
return 0;
}
/* Did the mtime change? If not, there's no point in re-reading the file. */
if (timespec_load(&st.st_mtim) == m->etc_hosts_mtime)
return 0;
}
f = fopen("/etc/hosts", "re");
if (!f) {
if (errno != ENOENT)
return log_error_errno(errno, "Failed to open /etc/hosts: %m");
manager_etc_hosts_flush(m);
return 0;
}
/* Take the timestamp at the beginning of processing, so that any changes made later are read on the next
* invocation */
r = fstat(fileno(f), &st);
if (r < 0)
return log_error_errno(errno, "Failed to fstat() /etc/hosts: %m");
r = etc_hosts_parse(&m->etc_hosts, f);
if (r < 0)
return r;
m->etc_hosts_mtime = timespec_load(&st.st_mtim);
m->etc_hosts_last = ts;
return 1;
clear:
manager_etc_hosts_flush(m);
return r;
}
int manager_etc_hosts_lookup(Manager *m, DnsQuestion* q, DnsAnswer **answer) {
@ -252,9 +256,7 @@ int manager_etc_hosts_lookup(Manager *m, DnsQuestion* q, DnsAnswer **answer) {
if (!m->read_etc_hosts)
return 0;
r = manager_etc_hosts_read(m);
if (r < 0)
return r;
(void) manager_etc_hosts_read(m);
name = dns_question_first_name(q);
if (!name)
@ -265,7 +267,7 @@ int manager_etc_hosts_lookup(Manager *m, DnsQuestion* q, DnsAnswer **answer) {
EtcHostsItem *item;
DnsResourceKey *found_ptr = NULL;
item = hashmap_get(m->etc_hosts_by_address, &k);
item = hashmap_get(m->etc_hosts.by_address, &k);
if (!item)
return 0;
@ -314,13 +316,16 @@ int manager_etc_hosts_lookup(Manager *m, DnsQuestion* q, DnsAnswer **answer) {
return 1;
}
bn = hashmap_get(m->etc_hosts_by_name, name);
if (!bn)
return 0;
r = dns_answer_reserve(answer, bn->n_addresses);
if (r < 0)
return r;
bn = hashmap_get(m->etc_hosts.by_name, name);
if (bn) {
r = dns_answer_reserve(answer, bn->n_addresses);
if (r < 0)
return r;
} else {
/* Check if name was listed with no address. If yes, continue to return an answer. */
if (!set_contains(m->etc_hosts.no_address, name))
return 0;
}
DNS_QUESTION_FOREACH(t, q) {
if (!IN_SET(t->type, DNS_TYPE_A, DNS_TYPE_AAAA, DNS_TYPE_ANY))
@ -343,7 +348,7 @@ int manager_etc_hosts_lookup(Manager *m, DnsQuestion* q, DnsAnswer **answer) {
break;
}
for (i = 0; i < bn->n_addresses; i++) {
for (i = 0; bn && i < bn->n_addresses; i++) {
_cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
if ((!found_a && bn->addresses[i]->family == AF_INET) ||

16
src/resolve/resolved-etc-hosts.h
View File

@ -5,5 +5,21 @@
#include "resolved-dns-question.h"
#include "resolved-dns-answer.h"
typedef struct EtcHostsItem {
struct in_addr_data address;
char **names;
} EtcHostsItem;
typedef struct EtcHostsItemByName {
char *name;
struct in_addr_data **addresses;
size_t n_addresses, n_allocated;
} EtcHostsItemByName;
int etc_hosts_parse(EtcHosts *hosts, FILE *f);
void etc_hosts_free(EtcHosts *hosts);
void manager_etc_hosts_flush(Manager *m);
int manager_etc_hosts_lookup(Manager *m, DnsQuestion* q, DnsAnswer **answer);

9
src/resolve/resolved-manager.h
View File

@ -23,6 +23,12 @@ typedef struct Manager Manager;
#define MANAGER_SEARCH_DOMAINS_MAX 32
#define MANAGER_DNS_SERVERS_MAX 32
typedef struct EtcHosts {
Hashmap *by_address;
Hashmap *by_name;
Set *no_address;
} EtcHosts;
struct Manager {
sd_event *event;
@ -114,8 +120,7 @@ struct Manager {
unsigned n_dnssec_verdict[_DNSSEC_VERDICT_MAX];
/* Data from /etc/hosts */
Hashmap* etc_hosts_by_address;
Hashmap* etc_hosts_by_name;
EtcHosts etc_hosts;
usec_t etc_hosts_last, etc_hosts_mtime;
bool read_etc_hosts;

91
src/resolve/test-resolved-etc-hosts.c Normal file
View File

@ -0,0 +1,91 @@
/* SPDX-License-Identifier: LGPL-2.1+ */
#include "fd-util.h"
#include "fileio.h"
#include "fs-util.h"
#include "log.h"
#include "resolved-etc-hosts.h"
static void test_parse_etc_hosts_system(void) {
_cleanup_fclose_ FILE *f = NULL;
f = fopen("/etc/hosts", "r");
if (!f) {
assert_se(errno == -ENOENT);
return;
}
_cleanup_(etc_hosts_free) EtcHosts hosts = {};
assert_se(etc_hosts_parse(&hosts, f) == 0);
}
static void test_parse_etc_hosts(const char *fname) {
_cleanup_(unlink_tempfilep) char
t[] = "/tmp/test-resolved-etc-hosts.XXXXXX";
int fd;
_cleanup_fclose_ FILE *f;
if (fname) {
f = fopen(fname, "r");
assert_se(f);
} else {
fd = mkostemp_safe(t);
assert_se(fd >= 0);
f = fdopen(fd, "r+");
fputs("1.2.3.4 some.where\n", f);
fputs("1.2.3.5 some.where\n", f);
fputs("::0 some.where some.other\n", f);
fputs("0.0.0.0 black.listed\n", f);
fputs("::5 some.where some.other foobar.foo.foo\n", f);
fputs(" \n", f);
fflush(f);
rewind(f);
}
_cleanup_(etc_hosts_free) EtcHosts hosts = {};
assert_se(etc_hosts_parse(&hosts, f) == 0);
if (fname)
return;
EtcHostsItemByName *bn;
assert_se(bn = hashmap_get(hosts.by_name, "some.where"));
assert_se(bn->n_addresses == 3);
assert_se(bn->n_allocated >= 3);
assert_se(bn->addresses[0]->family == AF_INET);
assert_se(memcmp(&bn->addresses[0]->address.in,
&(struct in_addr) { .s_addr = htobe32(0x01020304) }, 4) == 0);
assert_se(bn->addresses[1]->family == AF_INET);
assert_se(memcmp(&bn->addresses[1]->address.in,
&(struct in_addr) { .s_addr = htobe32(0x01020305) }, 4) == 0);
assert_se(bn->addresses[2]->family == AF_INET6);
assert_se(memcmp(&bn->addresses[2]->address.in6,
&(struct in6_addr) { .s6_addr = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5} }, 16 ) == 0);
assert_se(bn = hashmap_get(hosts.by_name, "some.other"));
assert_se(bn->n_addresses == 1);
assert_se(bn->n_allocated >= 1);
assert_se(bn->addresses[0]->family == AF_INET6);
assert_se(memcmp(&bn->addresses[0]->address.in6,
&(struct in6_addr) { .s6_addr = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5} }, 16 ) == 0);
assert_se( set_contains(hosts.no_address, "some.where"));
assert_se( set_contains(hosts.no_address, "some.other"));
assert_se( set_contains(hosts.no_address, "black.listed"));
assert_se(!set_contains(hosts.no_address, "foobar.foo.foo"));
}
int main(int argc, char **argv) {
log_set_max_level(LOG_DEBUG);
log_parse_environment();
log_open();
if (argc == 1)
test_parse_etc_hosts_system();
test_parse_etc_hosts(argv[1]);
return 0;
}

12
src/test/test-nss.c
View File

@ -51,14 +51,12 @@ static const char* af_to_string(int family, char *buf, size_t buf_len) {
}
static void* open_handle(const char* dir, const char* module, int flags) {
const char *path;
const char *path = NULL;
void *handle;
if (dir) {
if (dir)
path = strjoina(dir, "/libnss_", module, ".so.2");
if (access(path, F_OK) < 0)
path = strjoina(dir, "/.libs/libnss_", module, ".so.2");
} else
if (!path || access(path, F_OK) < 0)
path = strjoina("libnss_", module, ".so.2");
handle = dlopen(path, flags);
@ -397,9 +395,7 @@ static int test_one_module(const char* dir,
log_info("======== %s ========", module);
handle = open_handle(streq(module, "dns") ? NULL : dir,
module,
RTLD_LAZY|RTLD_NODELETE);
handle = open_handle(dir, module, RTLD_LAZY|RTLD_NODELETE);
if (!handle)
return -EINVAL;