[systemd-devel] IPv6AcceptRA: RDNSS Lifetime is not expiring

2023-07-11 Thread Muggeridge, Matt 
Hello there!

In our IPv6 network, the address of a Recursive DNS Server (RDNSS) is supplied 
in a Router Advertisement (RA), with a lifetime of 60 seconds.

It appears that RDNSS lifetime is not being honoured (RFC 8106, section 
5.1).  I reviewed the code 
and can see where the RDNSS lifetime is being 
saved,
 though I was unable to determine how it was being handled upon expiry.

How do I configure networkd so that the RA's RDNSS lifetime is honoured?

Here is a summary of the simple protocol exchange:


  1.  Router:  Send RA [RDNSS address of "nameserver60s", lifetime: "60"]
  2.  Host: "resolvectl" shows the link's DNS server now lists the RDNSS 
address of "nameserver60s"
  3.  ** Wait for more than 60 seconds - the RDNSS entry should expire **
  4.  Host:
 *   "resolvectl" continues to list the address of "nameserver60s" on the 
link.
 *   Using tcpdump to trace "ping test.example.com", the "nameserver60s" is 
still being used.  It never timed out.

Here is my network configuration, showing UseDNS and UseDomains both set to 
"yes":


$ cat /etc/systemd/network/10-eno0.network
[Match]
KernelCommandLine=!nfsroot
Name=eno0

[DHCP]
ClientIdentifier=mac
RouteMetric=10
UseDomains=yes
UseHostname=yes
UseMTU=yes

[Network]
#DHCP=ipv6
Address=10.1.1.1/24
#DNS=1.2.3.6
Gateway=1.1.1.2
IPv6AcceptRA=yes

[IPv6AcceptRA]
UseDNS=yes
UseDomains=yes


Grateful for any suggestions.

Kind regards,
Matt.
PS: We're on systemd 250.  I've searched later versions of the release 
notes and it seems there have been 
no changes in this area.

[systemd-devel] Using systemd-creds for sharing secrets between services

2023-07-11 Thread Orit Kashany 
Hi,

I have one service that securely receives a user password. I need to send this 
password to another service without transmitting it as plaintext over D-Bus, 
considering security aspects.
I came across systemd-creds. I managed to enable openssl in systemd compilation 
and to encrypt/decrypt a file from the terminal. However, I haven’t found any 
examples of how to use system-creds in a C++ program. Are there any relevant 
APIs in system-devel? If so, what is the exact API I should use to encrypt data 
in one service and decrypt it in another?

Any suggestions or insights on this matter would be most welcome.

Regards,
Orit