diff -Nru systemd-237/debian/changelog systemd-237/debian/changelog --- systemd-237/debian/changelog 2019-06-24 12:50:38.000000000 +0000 +++ systemd-237/debian/changelog 2019-07-22 16:45:02.000000000 +0000 @@ -1,3 +1,18 @@ +systemd (237-3ubuntu10.25) bionic; urgency=medium + + [ Dan Streetman ] + * d/p/lp1835581-src-network-networkd-dhcp4.c-set-prefsrc-for-classle.patch: + - set src address for dhcp 'classless' routes (LP: #1835581) + * d/p/lp1833671-networkd-keep-bond-slave-up-if-already-attached.patch: + - keep bond slave up if already attached (LP: #1833671) + + [ Jorge Niedbalski ] + * d/p/lp1668771-resolved-switch-cache-option-to-a-tri-state-option-s.patch: + Allows cache=no-negative option to be set, ignoring negative + answers to be cached (LP: #1668771). + + -- Dan Streetman Mon, 22 Jul 2019 12:45:02 -0400 + systemd (237-3ubuntu10.24) bionic; urgency=medium [Dimitri John Ledkov 🌈] diff -Nru systemd-237/debian/patches/lp1668771-resolved-switch-cache-option-to-a-tri-state-option-s.patch systemd-237/debian/patches/lp1668771-resolved-switch-cache-option-to-a-tri-state-option-s.patch --- systemd-237/debian/patches/lp1668771-resolved-switch-cache-option-to-a-tri-state-option-s.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/lp1668771-resolved-switch-cache-option-to-a-tri-state-option-s.patch 2019-07-22 16:45:02.000000000 +0000 @@ -0,0 +1,229 @@ +From b13ee6b829193bc9e58de7d56f3aeb9a57d0abf8 Mon Sep 17 00:00:00 2001 +From: Jorge Niedbalski +Bug: https://github.com/systemd/systemd/issues/5552 +Origin: upstream, https://github.com/systemd/systemd/pull/13047 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1668771 +Date: Fri, 12 Jul 2019 15:34:24 -0400 +Subject: [PATCH] resolved: switch cache option to a tri-state option + (systemd#5552). + +Change the resolved.conf Cache option to a tri-state "no, no-negative, yes" values. + +If a lookup returns SERVFAIL systemd-resolved will cache the result for 30s (See 201d995), +however, there are several use cases on which this condition is not acceptable (See systemd#5552 comments) +and the only workaround would be to disable cache entirely or flush it , which isn't optimal. + +This change adds the 'no-negative' option when set it avoids putting in cache +negative answers but still works the same heuristics for positive answers. + +Signed-off-by: Jorge Niedbalski +--- + man/resolved.conf.xml | 9 +++++---- + src/resolve/resolved-dns-cache.c | 8 ++++++++ + src/resolve/resolved-dns-cache.h | 3 ++- + src/resolve/resolved-dns-transaction.c | 3 ++- + src/resolve/resolved-gperf.gperf | 2 +- + src/resolve/resolved-manager.c | 2 +- + src/resolve/resolved-manager.h | 2 +- + src/resolve/resolved-mdns.c | 2 +- + src/shared/resolve-util.c | 9 +++++++++ + src/shared/resolve-util.h | 18 ++++++++++++++++++ + 10 files changed, 48 insertions(+), 10 deletions(-) + +diff --git a/man/resolved.conf.xml b/man/resolved.conf.xml +index bf88c0e950..84e31616ed 100644 +--- a/man/resolved.conf.xml ++++ b/man/resolved.conf.xml +@@ -221,10 +221,11 @@ + + + Cache= +- Takes a boolean argument. If "yes" (the default), resolving a domain name which already got +- queried earlier will return the previous result as long as it is still valid, and thus does not result in a new +- network request. Be aware that turning off caching comes at a performance penalty, which is particularly +- high when DNSSEC is used. ++ Takes a boolean or no-negative as argument. If yes (the default), resolving a domain name ++ which already got queried earlier will return the previous result as long as it is still valid, and thus does ++ not result in a new network request. Be aware that turning off caching comes at a performance penalty, which ++ is particularly high when DNSSEC is used. ++ If no-negative, only positive answers are cached. + + Note that caching is turned off implicitly if the configured DNS server is on a host-local IP address + (such as 127.0.0.1 or ::1), in order to avoid duplicate local caching. +diff --git a/src/resolve/resolved-dns-cache.c b/src/resolve/resolved-dns-cache.c +index b653a20b6e..bd809fa5b1 100644 +--- a/src/resolve/resolved-dns-cache.c ++++ b/src/resolve/resolved-dns-cache.c +@@ -641,6 +641,7 @@ static bool rr_eligible(DnsResourceRecord *rr) { + + int dns_cache_put( + DnsCache *c, ++ DnsCacheMode cache_mode, + DnsResourceKey *key, + int rcode, + DnsAnswer *answer, +@@ -752,6 +753,13 @@ int dns_cache_put( + return 0; + } + ++ if (cache_mode == DNS_CACHE_MODE_NO_NEGATIVE) { ++ char key_str[DNS_RESOURCE_KEY_STRING_MAX]; ++ log_debug("Not caching negative entry for: %s, cache mode set to no-negative", ++ dns_resource_key_to_string(key, key_str, sizeof key_str)); ++ return 0; ++ } ++ + r = dns_cache_put_negative( + c, + key, +diff --git a/src/resolve/resolved-dns-cache.h b/src/resolve/resolved-dns-cache.h +index a5ace2c4c6..348bb62c50 100644 +--- a/src/resolve/resolved-dns-cache.h ++++ b/src/resolve/resolved-dns-cache.h +@@ -23,6 +23,7 @@ + #include "hashmap.h" + #include "list.h" + #include "prioq.h" ++#include "resolve-util.h" + #include "time-util.h" + + typedef struct DnsCache { +@@ -40,7 +41,7 @@ typedef struct DnsCache { + void dns_cache_flush(DnsCache *c); + void dns_cache_prune(DnsCache *c); + +-int dns_cache_put(DnsCache *c, DnsResourceKey *key, int rcode, DnsAnswer *answer, bool authenticated, uint32_t nsec_ttl, usec_t timestamp, int owner_family, const union in_addr_union *owner_address); ++int dns_cache_put(DnsCache *c, DnsCacheMode cache_mode, DnsResourceKey *key, int rcode, DnsAnswer *answer, bool authenticated, uint32_t nsec_ttl, usec_t timestamp, int owner_family, const union in_addr_union *owner_address); + int dns_cache_lookup(DnsCache *c, DnsResourceKey *key, bool clamp_ttl, int *rcode, DnsAnswer **answer, bool *authenticated); + + int dns_cache_check_conflicts(DnsCache *cache, DnsResourceRecord *rr, int owner_family, const union in_addr_union *owner_address); +diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c +index f500ec20a0..eb0c0c8ce1 100644 +--- a/src/resolve/resolved-dns-transaction.c ++++ b/src/resolve/resolved-dns-transaction.c +@@ -614,7 +614,7 @@ static void dns_transaction_cache_answer(DnsTransaction *t) { + return; + + /* Caching disabled? */ +- if (!t->scope->manager->enable_cache) ++ if (t->scope->manager->enable_cache == DNS_CACHE_MODE_NO) + return; + + /* We never cache if this packet is from the local host, under +@@ -625,6 +625,7 @@ static void dns_transaction_cache_answer(DnsTransaction *t) { + return; + + dns_cache_put(&t->scope->cache, ++ t->scope->manager->enable_cache, + t->key, + t->answer_rcode, + t->answer, +diff --git a/src/resolve/resolved-gperf.gperf b/src/resolve/resolved-gperf.gperf +index a5865ce6c2..a4a461823b 100644 +--- a/src/resolve/resolved-gperf.gperf ++++ b/src/resolve/resolved-gperf.gperf +@@ -23,5 +23,5 @@ Resolve.Domains, config_parse_search_domains, 0, + Resolve.LLMNR, config_parse_resolve_support, 0, offsetof(Manager, llmnr_support) + Resolve.MulticastDNS, config_parse_resolve_support, 0, offsetof(Manager, mdns_support) + Resolve.DNSSEC, config_parse_dnssec_mode, 0, offsetof(Manager, dnssec_mode) +-Resolve.Cache, config_parse_bool, 0, offsetof(Manager, enable_cache) ++Resolve.Cache, config_parse_dns_cache_mode, DNS_CACHE_MODE_YES, offsetof(Manager, enable_cache) + Resolve.DNSStubListener, config_parse_dns_stub_listener_mode, 0, offsetof(Manager, dns_stub_listener_mode) +diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c +index 12a9d17107..2c0dc707bb 100644 +--- a/src/resolve/resolved-manager.c ++++ b/src/resolve/resolved-manager.c +@@ -599,7 +599,7 @@ int manager_new(Manager **ret) { + m->llmnr_support = RESOLVE_SUPPORT_NO; + m->mdns_support = RESOLVE_SUPPORT_NO; + m->dnssec_mode = DEFAULT_DNSSEC_MODE; +- m->enable_cache = true; ++ m->enable_cache = DNS_CACHE_MODE_YES; + m->dns_stub_listener_mode = DNS_STUB_LISTENER_YES; + m->read_resolv_conf = true; + m->need_builtin_fallbacks = true; +diff --git a/src/resolve/resolved-manager.h b/src/resolve/resolved-manager.h +index 5c1a6670ef..072072d2e3 100644 +--- a/src/resolve/resolved-manager.h ++++ b/src/resolve/resolved-manager.h +@@ -48,7 +48,7 @@ struct Manager { + ResolveSupport llmnr_support; + ResolveSupport mdns_support; + DnssecMode dnssec_mode; +- bool enable_cache; ++ DnsCacheMode enable_cache; + DnsStubListenerMode dns_stub_listener_mode; + + /* Network */ +diff --git a/src/resolve/resolved-mdns.c b/src/resolve/resolved-mdns.c +index 38e2c54227..1d7d3602ad 100644 +--- a/src/resolve/resolved-mdns.c ++++ b/src/resolve/resolved-mdns.c +@@ -351,7 +351,7 @@ static int on_mdns_packet(sd_event_source *s, int fd, uint32_t revents, void *us + dns_transaction_process_reply(t, p); + } + +- dns_cache_put(&scope->cache, NULL, DNS_PACKET_RCODE(p), p->answer, false, (uint32_t) -1, 0, p->family, &p->sender); ++ dns_cache_put(&scope->cache, scope->manager->enable_cache, NULL, DNS_PACKET_RCODE(p), p->answer, false, (uint32_t) -1, 0, p->family, &p->sender); + + } else if (dns_packet_validate_query(p) > 0) { + log_debug("Got mDNS query packet for id %u", DNS_PACKET_ID(p)); +diff --git a/src/shared/resolve-util.c b/src/shared/resolve-util.c +index edcb8e05e7..90a4efcd1d 100644 +--- a/src/shared/resolve-util.c ++++ b/src/shared/resolve-util.c +@@ -38,3 +38,12 @@ static const char* const dnssec_mode_table[_DNSSEC_MODE_MAX] = { + [DNSSEC_YES] = "yes", + }; + DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(dnssec_mode, DnssecMode, DNSSEC_YES); ++DEFINE_CONFIG_PARSE_ENUM(config_parse_dns_cache_mode, dns_cache_mode, DnsCacheMode, "Failed to parse DNS cache mode setting") ++ ++static const char* const dns_cache_mode_table[_DNS_CACHE_MODE_MAX] = { ++ [DNS_CACHE_MODE_YES] = "yes", ++ [DNS_CACHE_MODE_NO] = "no", ++ [DNS_CACHE_MODE_NO_NEGATIVE] = "no-negative", ++}; ++ ++DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(dns_cache_mode, DnsCacheMode, DNS_CACHE_MODE_YES); +diff --git a/src/shared/resolve-util.h b/src/shared/resolve-util.h +index 975156ca96..b235b97332 100644 +--- a/src/shared/resolve-util.h ++++ b/src/shared/resolve-util.h +@@ -22,6 +22,16 @@ + + #include "macro.h" + ++typedef enum DnsCacheMode DnsCacheMode; ++ ++enum DnsCacheMode { ++ DNS_CACHE_MODE_NO, ++ DNS_CACHE_MODE_YES, ++ DNS_CACHE_MODE_NO_NEGATIVE, ++ _DNS_CACHE_MODE_MAX, ++ _DNS_CACHE_MODE_INVALID = 1 ++}; ++ + typedef enum ResolveSupport ResolveSupport; + typedef enum DnssecMode DnssecMode; + +@@ -53,9 +63,17 @@ enum DnssecMode { + + int config_parse_resolve_support(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata); + int config_parse_dnssec_mode(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata); ++int config_parse_dns_cache_mode(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata); ++ ++CONFIG_PARSER_PROTOTYPE(config_parse_resolve_support); ++CONFIG_PARSER_PROTOTYPE(config_parse_dnssec_mode); ++CONFIG_PARSER_PROTOTYPE(config_parse_dns_cache_mode); + + const char* resolve_support_to_string(ResolveSupport p) _const_; + ResolveSupport resolve_support_from_string(const char *s) _pure_; + + const char* dnssec_mode_to_string(DnssecMode p) _const_; + DnssecMode dnssec_mode_from_string(const char *s) _pure_; ++ ++const char* dns_cache_mode_to_string(DnsCacheMode p) _const_; ++DnsCacheMode dns_cache_mode_from_string(const char *s) _pure_; +-- +2.20.1 + diff -Nru systemd-237/debian/patches/lp1833671-networkd-keep-bond-slave-up-if-already-attached.patch systemd-237/debian/patches/lp1833671-networkd-keep-bond-slave-up-if-already-attached.patch --- systemd-237/debian/patches/lp1833671-networkd-keep-bond-slave-up-if-already-attached.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/lp1833671-networkd-keep-bond-slave-up-if-already-attached.patch 2019-07-22 16:45:02.000000000 +0000 @@ -0,0 +1,50 @@ +From cbff717048ad25b2fb47ea3df688f9df7e6af6c7 Mon Sep 17 00:00:00 2001 +From: Tobias Jungel +Origin: upstream, https://github.com/systemd/systemd/commit/cbff717048ad25b2fb47ea3df688f9df7e6af6c7 +Bug: https://github.com/systemd/systemd/issues/10118 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1833671 +Date: Fri, 19 Oct 2018 13:12:35 +0200 +Subject: [PATCH] networkd: keep bond slave up if already attached + +There is no need to disable an already correct enslaved interface. + +relates to #10118 +--- + src/network/networkd-link.c | 8 ++++++++ + src/network/networkd-link.h | 1 + + 2 files changed, 9 insertions(+) + +--- a/src/network/networkd-link.c ++++ b/src/network/networkd-link.c +@@ -483,6 +483,10 @@ + return -ENOMEM; + } + ++ r = sd_netlink_message_read_u32(message, IFLA_MASTER, (uint32_t *)&link->master_ifindex); ++ if (r < 0) ++ log_link_debug_errno(link, r, "New device has no master, continuing without"); ++ + r = sd_netlink_message_read_ether_addr(message, IFLA_ADDRESS, &link->mac); + if (r < 0) + log_link_debug_errno(link, r, "MAC address not found for new device, continuing without"); +@@ -2280,6 +2284,10 @@ + return link_joined(link); + + if (link->network->bond) { ++ if (link->network->bond->state == NETDEV_STATE_READY && ++ link->network->bond->ifindex == link->master_ifindex) ++ return link_joined(link); ++ + log_struct(LOG_DEBUG, + LOG_LINK_INTERFACE(link), + LOG_NETDEV_INTERFACE(link->network->bond), +--- a/src/network/networkd-link.h ++++ b/src/network/networkd-link.h +@@ -67,6 +67,7 @@ + int n_ref; + + int ifindex; ++ int master_ifindex; + char *ifname; + char *kind; + unsigned short iftype; diff -Nru systemd-237/debian/patches/lp1835581-src-network-networkd-dhcp4.c-set-prefsrc-for-classle.patch systemd-237/debian/patches/lp1835581-src-network-networkd-dhcp4.c-set-prefsrc-for-classle.patch --- systemd-237/debian/patches/lp1835581-src-network-networkd-dhcp4.c-set-prefsrc-for-classle.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/lp1835581-src-network-networkd-dhcp4.c-set-prefsrc-for-classle.patch 2019-07-22 16:45:02.000000000 +0000 @@ -0,0 +1,43 @@ +From ac2dce5f36bb8b1a877ff765e6a4dfde6bfb2d49 Mon Sep 17 00:00:00 2001 +From: Dan Streetman +Bug: https://github.com/systemd/systemd/issues/12969 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1835581 +Origin: upstream, https://github.com/systemd/systemd/commit/ac2dce5f36bb8b1a877ff765e6a4dfde6bfb2d49 +Date: Fri, 5 Jul 2019 16:42:38 -0400 +Subject: [PATCH] src/network/networkd-dhcp4.c: set prefsrc for classless or + static routes + +When a DHCP server provides only a gateway, the networkd-dhcp4 code adds a +default route using that gateway, and sets the just-provided address as +the route's prefsrc; this was added in commit +46b0c76e2c355c0d0cc4792abb98cde07b28bc53 + +However, if the DHCP server has also provided classless route(s), these +are used instead of a default route using the provided gateway; the +networkd-dhcp4 code sets up the classless routes, but does not use the +just-provided dhcp address as the prefsrc of the route(s). Note that +it also doesn't set the prefsrc for static routes, though it should. + +If the interface has only the dhcp-provided address, this is not usually +a problem, but if it has another address (e.g. a static address), then +traffic sent through the dhcp-provided gateway might not use the +dhcp-provided source address. If the gateway router only will route +traffic from the dhcp-provided address, then the dhcp client system's +networking through the router will not work. + +Fixes: #12969 +--- + src/network/networkd-dhcp4.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/src/network/networkd-dhcp4.c ++++ b/src/network/networkd-dhcp4.c +@@ -130,6 +130,8 @@ + route->priority = link->network->dhcp_route_metric; + route->table = table; + route->scope = route_scope_from_address(route, &address); ++ if (IN_SET(route->scope, RT_SCOPE_LINK, RT_SCOPE_UNIVERSE)) ++ route->prefsrc.in = address; + + r = route_configure(route, link, dhcp4_route_handler); + if (r < 0) diff -Nru systemd-237/debian/patches/series systemd-237/debian/patches/series --- systemd-237/debian/patches/series 2019-06-24 12:50:38.000000000 +0000 +++ systemd-237/debian/patches/series 2019-07-22 16:45:02.000000000 +0000 @@ -119,3 +119,6 @@ exec-util-in-execute_directories-support-initial-exec-env.patch core-execute-environment_generators-with-manager-s-enviro.patch core-execute-generators-with-manager-s-environmnet.patch +lp1835581-src-network-networkd-dhcp4.c-set-prefsrc-for-classle.patch +lp1668771-resolved-switch-cache-option-to-a-tri-state-option-s.patch +lp1833671-networkd-keep-bond-slave-up-if-already-attached.patch