Make sure we cleanup only those DNS servers that belong to
certain network interface when the interface goes down.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Allow user to specify which network interfaces to bind the
server to when reconfiguring the DNS system.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Drop this redundant check that was likely meant to be checking that Z
field is zero but in the case of reception the RFC says it MUST be
ignored anyway.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Allow network shell DNS module to verify that the DNS SD
record is a valid one. Currently this is not exposed to
applications.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Validate that the file descriptor is not a negative number before
writing to the `dispatch_table` `ctx` field. Setting file descriptors
to `-1` is the standard "not in use" value, and in fact the entire array
of `fds` is set to this value in `dns_resolve_init_locked`. This
resolves memory corruption of whichever variable is unfortunate to exist
just before `dispatch_table` in memory.
Signed-off-by: Jordan Yates <jordan@embeint.com>
Allow only 0xc (0b11) as two highest bit to mark the compression
when parsing the CNAME response. See RFC 9267 ch. 2 for details.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Make sure that the CNAME handling checks recursive name pointers
and fails the response if recursion is detected.
See RFC 9267 ch. 2 for details.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
If socket call fails when mdns_responder creates listeners, then
print the return value to make it easier to figure out what is
wrong. Typically one needs to increase the size of
CONFIG_ZVFS_OPEN_MAX if errno is ENFILE.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Following warning is printed if using strncpy(), so use memcpy()
instead. Note that this is false positive as there is no error here but
in order to avoid the warning, change the copy function.
subsys/net/lib/dns/mdns_responder.c:1371:25: warning:
'strncpy' output may be truncated copying 7 bytes from a string
of length 8 [-Wstringop-truncation]
1468 | strncpy(if_req.ifr_name, name, sizeof(if_req.ifr_name) - 1);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
subsys/net/lib/dns/mdns_responder.c:1468:25: warning:
'strncpy' output may be truncated copying 7 bytes from a string
of length 8 [-Wstringop-truncation]
1468 | strncpy(if_req.ifr_name, name, sizeof(if_req.ifr_name) - 1);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Conform rfc6762 a mDNS responder should answer clients
which are not using the mDNS port in the source address
with unicast UDP to the same port as described in chapter 6.7
Fixes: #81657
Signed-off-by: Vincent van der Locht <vincent@synchronicit.nl>
If mDNS resolver is enabled but mDNS responder is not, then
mDNS multicast address group is not joined. This would prevent
the mDNS resolver to receive the responses. Fix this by
joining the mDNS multicast group if mDNS responder is not
enabled (because the responder will join the group itself).
Fixes#86477
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
This condition can happen if there is MDNS activity on the network that is
either not according to specifications or not supported by Zephyr.
Lowering the log level from ERR to DBG, since this does not indicate an
error in the Zephyr application.
Signed-off-by: Helge Juul <helge@fastmail.com>
The mDNS probing is described in RFC 6762 chapter 8.1.
The code will send an unsolicited mDNS query to network and
will check if there are existing hosts with the same name.
If there are, then the mDNS responder will not respond to
queries it is configured to use.
Fixes#84333
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Allow user to specify the network interface where the query should
be sent, but only if the user has supplied the DNS servers in sockaddr
list. If user has specified a DNS servers in a string list, then the
possible network interface is taken from the string.
The reason for this is that it is not possible to add network interface
to the sockaddr list so an extra parameter is needed.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Allow user to specify socket service struct and port number so
that DNS servers specified in Kconfig etc are not used. This way
we can send a DNS query to arbitrary address without it affecting
the system configuration.
This is used in mDNS probing so that that mDNS responder can send
probe message and not change / configure system global DNS config.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Introduce dns_resolve_name_internal() that allows resolving a name
and not use DNS cache if caching is enabled.
This is needed in mDNS probing (RFC 6762 chapter 8.1) which needs
to send a mDNS query and not get any results from cache.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Just ignore any EALREADY error returned when trying to register a
DNS dispatcher. This could happen if trying to init things when the
interface comes up and we have already initialized the dispatcher.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The DNS_EAI_SYSTEM error value tells that the errno value
contains the actual system error value. So set the errno
properly when there is a system error.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Feed the dispatcher context to dispatcher callbacks instead of
resolver or responder context. The callback can then use the
proper context because the dispatcher context contains those
two context. This allows dispatcher callback to utilize all the
information (like interface etc) stored in dispatcher context.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Print the socket descriptor and interface after bounding it
successfully in order to help to figure out what sockets are
bind to one specific interface.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The current DNS caching logic is not aware of the IP address version.
If there is a cached address for a query, the caller of
dns_get_addr_info() will receive that address, even if it is not the
same version as the caller requested. For example:
- dns_get_addr_info() is called to resolve an IPv4 address
- the DNS client caches the IPv4 address that was received
- dns_get_addr_info() is called to resolve an IPv6 address
- the DNS client sees that there is a cached IPv4 address for the
given query
- the DNS client does not check that the cached address is of the
requested version (IPv6)
- the cached IPv4 address is returned from dns_get_addr_info()
This changes the DNS client to check IP address version when searching
cached addresses.
Signed-off-by: Noah Olson <noah@wavelynx.com>
The dns_unpack_answer() did not check the length of the message
properly which can cause out of bounds read.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
If the packet parsing fails in dns_unpack_response_query(), then
do not continue further but bail out early.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The network interface name that is copied to if_req struct might
be missing terminating null for IPv4.
This is fixing the IPv4 issue which was missed in previous fix attempt.
Fixes#74795
Coverity-CID: 368797
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
This addresses the following warning building with `CONFIG_64BIT=y`:
error: field precision specifier '.*' expects argument of type 'int',
but argument X has type 'size_t' {aka 'long unsigned int'}
Signed-off-by: Chen Xingyu <hi@xingrz.me>
Allow user to specify a network interface in the DNS server
list. User can append "%" and network interface name to the
DNS server to use this. If the network interface is mentioned
in the server list, then the DNS queries are sent via this network
interface.
For example setting the interfaces like this:
192.0.2.2%eth1
[2001:db8::2]:5353%ppp0
would cause the DNS queries to sent to 192.0.2.1 via eth1 in the first
example, and to 2001:db8::2 via ppp0 in the second example.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Because we might get answers in capital letters, convert the answer
to small case letters and also make sure we send query in small case
latters. This makes sure that our query_hash is properly calculated
regardless of how the resolver gets the data.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
remove k_work related code and change
the argument of the callback to `struct net_socket_service_event`.
Signed-off-by: Fin Maaß <f.maass@vogl-electronic.com>
Seen when having multiple network interfaces that the sock_error
was 0 even if the socket was serviced properly. So if SO_ERROR
returns 0, just ignore it.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
We must register all listening sockets under one file descriptor
array when calling dns_dispatcher_register() which then calls
net_socket_service_register(). The socket services expects all
the registered sockets under one service context to be in one
array. If this is not done, the latest socket array wins and
the earlier registrations are forgotten.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
As the DNS might listen to multicast addresses (like in mDNS) in
different network interfaces, make sure to check the network
interface index when registering the dispatcher context. This
allows two mDNS registrations to more than one network interface.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Remove the `work_q` parameter from `NET_SOCKET_SERVICE_SYNC_DEFINE` and
`NET_SOCKET_SERVICE_SYNC_DEFINE_STATIC` as this feature was dropped
during review but the removal was not 100% complete.
Signed-off-by: Jordan Yates <jordan@embeint.com>
IPv6 MLD API was so far defined in an internal header. This does not
seem correct though, as application code should be able to join/leave
multicast groups, hence the API should be exposed in a public header,
just as it is done for its IPv4 countepart - IGMP.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In case CONFIG_DNS_RESOLVER_MAX_SERVERS is larger than the actual number
of DNS servers configured, some server entries may be left
uninitialized. The dispatcher needs to take this into account, otherwise
it may cause memory corruptions.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The size of the output array for the find call in resolver
is invalid: expected array size while overall memory size
provided. As the latter is bigger there is a high probability
of memory overwrite occurring on the stack.
Signed-off-by: Krzysztof Bartnicki <krzysztof.bartnicki@embevity.com>
The dispatcher table needs to be large enough to have support
for all file descriptor values.
Fixes#79042
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
If DNS statistics is enabled in Kconfig, then start to collect it.
This is useful in order to see how many DNS requests/responses
received or sent, and also see the amount of dropped DNS packets.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
In order to reduce confusion regarding interface count
the respective warning was adjusted to better reflect
the actual state of the system.
Signed-off-by: Carlo Kirchmeier <carlo.kirchmeier@zuehlke.com>
