interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'develop' into features/zeroconf-dnssec

This commit is contained in:
Willem Toorop 2017-08-30 15:09:39 +02:00
parent 44065bead8 fe6d2c9749
commit 2ed2871549
32 changed files with 382 additions and 314 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -39,7 +39,7 @@ src/test/check_getdns_ev
src/test/scratchpad
src/test/scratchpad.c
src/tools/getdns_query
src/tools/stubby
src/stubby
doc/*.3
src/getdns/getdns.h
*.log

4
.gitmodules vendored
View File

@ -5,3 +5,7 @@
[submodule "src/yxml"]
path = src/yxml
url = git://g.blicky.net/yxml.git
[submodule "stubby"]
path = stubby
url = https://github.com/getdnsapi/stubby.git
branch = develop

21
ChangeLog
View File

@ -1,3 +1,24 @@
* 2017-0?-??: Version 1.1.3
* No annotations with the output of getdns_query anymore,
unless -V option is given to increase verbosity
Thanks Ollivier Robert
* getdns_query will now exit with failure status if replies are BOGUS
* Bugfix: dnssec_return_validation_chain now also works when fallback
to full recursion was needed with dnssec_roadblock_avoidance
* More clear build instructions from Paul Hoffman. Thanks.
* Bugfix #320.1: Eliminate multiple closing of file descriptors
Thanks Neil Cook
* Bugfix #320.2: Array bounds bug in upstream_select
Thanks Neil Cook
* Bugfix #318: getdnsapi/getdns/README.md links to nonexistent wiki
pages. Thanks James Raftery
* Bugfix #322: MacOS 10.10 (Yosemite) provides TCP fastopen interface
but does not have it implemented. Thanks Joel Purra
* Compile without Stubby by default. Stubby now has a git repository
of its own. The new Stubby repository is added as a submodule.
Stubby will still be build alongside getdns with the --with-stubby
configure option.
* 2017-07-03: Version 1.1.2
* Bugfix for parallel make install
* Bugfix to trigger event callbacks on socket errors

36
Makefile.in
View File

@ -44,7 +44,7 @@ libdir = @libdir@
srcdir = @srcdir@
INSTALL = @INSTALL@
all : default @GETDNS_QUERY@ @STUBBY@
all : default @GETDNS_QUERY@
everything: default
cd src/test && $(MAKE)
@ -52,7 +52,10 @@ everything: default
default:
cd src && $(MAKE) $@
install: default getdns.pc getdns_ext_event.pc @INSTALL_GETDNS_QUERY@ @INSTALL_STUBBY@
install-lib:
cd src && $(MAKE) install
install: getdns.pc getdns_ext_event.pc install-lib @INSTALL_GETDNS_QUERY@
$(INSTALL) -m 755 -d $(DESTDIR)$(docdir)
$(INSTALL) -m 644 $(srcdir)/AUTHORS $(DESTDIR)$(docdir)
$(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(docdir)
@ -66,8 +69,7 @@ install: default getdns.pc getdns_ext_event.pc @INSTALL_GETDNS_QUERY@ @INSTALL_S
$(INSTALL) -m 644 getdns_ext_event.pc $(DESTDIR)$(libdir)/pkgconfig
$(INSTALL) -m 755 -d $(DESTDIR)$(docdir)/spec
$(INSTALL) -m 644 $(srcdir)/spec/index.html $(DESTDIR)$(docdir)/spec
cd src && $(MAKE) $@
cd doc && $(MAKE) $@
cd doc && $(MAKE) install
@echo "***"
@echo "*** !!! IMPORTANT !!!! libgetdns needs a DNSSEC trust anchor!"
@echo "***"
@ -86,7 +88,7 @@ install: default getdns.pc getdns_ext_event.pc @INSTALL_GETDNS_QUERY@ @INSTALL_S
@echo "*** at package installation time from the post-install script."
@echo "***"
uninstall: @UNINSTALL_GETDNS_QUERY@ @UNINSTALL_STUBBY@
uninstall: @UNINSTALL_GETDNS_QUERY@
rm -rf $(DESTDIR)$(docdir)
cd doc && $(MAKE) $@
cd src && $(MAKE) $@
@ -103,8 +105,8 @@ test: default
getdns_query: default
cd src/tools && $(MAKE) $@
stubby: getdns_query
cd src/tools && $(MAKE) $@
stubby:
cd src && $(MAKE) $@
scratchpad: default
cd src/test && $(MAKE) $@
@ -112,17 +114,17 @@ scratchpad: default
pad: scratchpad
src/test/scratchpad || ./libtool exec gdb src/test/scratchpad
install-getdns_query: getdns_query
install-getdns_query: install-lib
cd src/tools && $(MAKE) $@
uninstall-getdns_query:
cd src/tools && $(MAKE) $@
install-stubby: getdns_query
cd src/tools && $(MAKE) $@
install-stubby:
cd src && $(MAKE) $@
uninstall-stubby:
cd src/tools && $(MAKE) $@
cd src && $(MAKE) $@
clean:
cd src && $(MAKE) $@
@ -198,9 +200,10 @@ $(distdir):
mkdir -p $(distdir)/src/jsmn
mkdir -p $(distdir)/src/yxml
mkdir -p $(distdir)/doc
mkdir -p $(distdir)/systemd
mkdir -p $(distdir)/spec
mkdir -p $(distdir)/spec/example
mkdir -p $(distdir)/stubby
mkdir -p $(distdir)/stubby/src
cp $(srcdir)/configure.ac $(distdir)
cp $(srcdir)/configure $(distdir)
cp $(srcdir)/AUTHORS $(distdir)
@ -241,12 +244,13 @@ $(distdir):
cp $(srcdir)/spec/*.html $(distdir)/spec
cp $(srcdir)/spec/example/Makefile.in $(distdir)/spec/example
cp $(srcdir)/spec/example/*.[ch] $(distdir)/spec/example
cp $(srcdir)/systemd/README.md $(distdir)/systemd
cp $(srcdir)/systemd/stubby.* $(distdir)/systemd
cp $(srcdir)/src/tools/Makefile.in $(distdir)/src/tools
cp $(srcdir)/src/tools/*.[ch] $(distdir)/src/tools
cp $(srcdir)/src/tools/stubby.conf $(distdir)/src/tools
cp $(srcdir)/src/tools/stubby-setdns-macos.sh $(distdir)/src/tools
cp $(srcdir)/stubby/stubby.conf.example $(distdir)/stubby
cp $(srcdir)/stubby/stubby-setdns-macos.sh $(distdir)/stubby
cp $(srcdir)/stubby/src/stubby.c $(distdir)/stubby/src
cp $(srcdir)/stubby/COPYING $(distdir)/stubby
cp $(srcdir)/stubby/README.md $(distdir)/stubby
cp $(srcdir)/src/jsmn/*.[ch] $(distdir)/src/jsmn
cp $(srcdir)/src/jsmn/LICENSE $(distdir)/src/jsmn
cp $(srcdir)/src/jsmn/README.md $(distdir)/src/jsmn

26
README.md
View File

@ -65,6 +65,8 @@ The following requirements were met as conditions for the present release:
# Building and External Dependencies
If you are installing from packages, you have to install the library and also the library-devel (or -dev) for your package management system to get the the necessary compile time files.
External dependencies are linked outside the getdns API build tree (we rely on configure to find them). We would like to keep the dependency tree short. Please refer to section for building on Windows for separate dependency and build instructions for that platform.
* [libunbound from NLnet Labs](https://unbound.net/) version 1.4.16 or later.
@ -72,23 +74,25 @@ External dependencies are linked outside the getdns API build tree (we rely on c
* [libssl and libcrypto from the OpenSSL Project](https://www.openssl.org/) version 0.9.7 or later. (Note: version 1.0.1 or later is required for TLS support, version 1.0.2 or later is required for TLS hostname authentication)
* Doxygen is used to generate documentation; while this is not technically necessary for the build it makes things a lot more pleasant.
If you are installing from packages, you have to install the library and also the library-devel (or -dev) for your package management system to get the the necessary compile time files. If you checked out from git you need to copy the libtool helper scripts and rebuild configure thus:
For example, to build on a recent version of Ubuntu, you would need the following packages:
# libtoolize -ci (use glibtoolize for OS X, libtool is installed as glibtool to avoid name conflict on OS X)
# autoreconf -fi
# apt install build-essential libunbound-dev libidn11-dev libssl-dev libtool m4 autoconf
If you are building from git, you need to do the following before building:
If you want to make use of the configuration files that utilise a JSON-like format, you must do
# git submodule update --init
before building.
# libtoolize -ci # (use glibtoolize for OS X, libtool is installed as glibtool to avoid name conflict on OS X)
# autoreconf -fi
As well as building the getdns library 2 other tools are installed by default by the above process:
* getdns_query: a command line test script wrapper for getdns
* stubby: an experimental DNS Privacy enabled client
Note: If you only want to build stubby, then use the `--enable-stub-only` and `--without-libidn` options when running 'configure'.
Note: If you only want to build stubby, then use the `--with-stubby` option when running 'configure'.
## Minimizing dependencies
@ -99,7 +103,7 @@ Note: If you only want to build stubby, then use the `--enable-stub-only` and `-
## Extensions and Event loop dependencies
The implementation works with a variety of event loops, each built as a separate shared library. See [the wiki](https://github.com/getdnsapi/getdns/wiki/Asynchronous-Support#wiki-included-event-loop-integrations) for more details.
The implementation works with a variety of event loops, each built as a separate shared library. See [this Doxygen page](https://getdnsapi.net/doxygen/group__eventloops.html) and [this man page](https://getdnsapi.net/documentation/manpages/#ASYNCHRONOUS USE) for more details.
* [libevent](http://libevent.org). Note: the examples *require* this and should work with either libevent 1.x or 2.x. 2.x is preferred.
* [libuv](https://github.com/joyent/libuv)
@ -170,8 +174,8 @@ Non-goals (things we will not be doing at least initially) include:
## Language Bindings
In parallel, the team is actively developing bindings for various languages.
For more information, visit the
[wiki](https://github.com/getdnsapi/getdns/wiki/Language-Bindings).
For more information, visit this
[webpage](https://getdnsapi.net/bindings/).
## Unsupported getDNS Features
@ -187,10 +191,10 @@ The following minor implementation omissions are noted:
Recursive mode does not support:
* TLS as a transport
* Non-zero connection idle timeouts or query pipelining
* Anything other than query_type and resolution_type in the return_call_reporting extension
Stub mode does not support:
* Non zero idle timeouts for synchronous calls
* Limit on number of outstanding queries
# Known Issues
@ -264,7 +268,7 @@ build the packages; this is simply the one we chose to use.
If you're using [Homebrew](http://brew.sh/), you may run `brew install getdns`. By default, this will only build the core library without any 3rd party event loop support.
To install the [event loop integration libraries](https://github.com/getdnsapi/getdns/wiki/Asynchronous-Support) that enable support for libevent, libuv, and libev, run: `brew install getdns --with-libevent --with-libuv --with-libev`. All switches are optional.
To install the [event loop integration libraries](https://getdnsapi.net/doxygen/group__eventloops.html) that enable support for libevent, libuv, and libev, run: `brew install getdns --with-libevent --with-libuv --with-libev`. All switches are optional.
Note that in order to compile the examples, the `--with-libevent` switch is required.

25
configure.ac
View File

@ -36,12 +36,12 @@ sinclude(./m4/acx_getaddrinfo.m4)
sinclude(./m4/ax_check_compile_flag.m4)
sinclude(./m4/pkg.m4)
AC_INIT([getdns], [1.1.2], [users@getdnsapi.net], [], [https://getdnsapi.net])
AC_INIT([getdns], [1.1.3], [users@getdnsapi.net], [], [https://getdnsapi.net])
# Dont forget to put a dash in front of the release candidate!!!
# That is how it is done with semantic versioning!
#
AC_SUBST(RELEASE_CANDIDATE, [])
AC_SUBST(RELEASE_CANDIDATE, [-rc1])
# Set current date from system if not set
AC_ARG_WITH([current-date],
@ -51,7 +51,7 @@ AC_ARG_WITH([current-date],
[CURRENT_DATE="`date -u +%Y-%m-%dT%H:%M:%SZ`"])
AC_SUBST(GETDNS_VERSION, ["AC_PACKAGE_VERSION$RELEASE_CANDIDATE"])
AC_SUBST(GETDNS_NUMERIC_VERSION, [0x01010200])
AC_SUBST(GETDNS_NUMERIC_VERSION, [0x010102c1])
AC_SUBST(API_VERSION, ["December 2015"])
AC_SUBST(API_NUMERIC_VERSION, [0x07df0c00])
GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRENT_DATE for the $API_VERSION version of the API"
@ -85,8 +85,9 @@ GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRE
# getdns-1.1.0 had libversion 6:0:0
# getdns-1.1.1 had libversion 6:1:0
# getdns-1.1.2 has libversion 7:0:1
# getdns-1.1.3 will have libversion 7:1:1
#
GETDNS_LIBVERSION=7:0:1
GETDNS_LIBVERSION=7:1:1
AC_SUBST(GETDNS_COMPILATION_COMMENT)
AC_SUBST(GETDNS_LIBVERSION)
@ -1045,17 +1046,17 @@ AC_SUBST(GETDNS_QUERY)
AC_SUBST(INSTALL_GETDNS_QUERY)
AC_SUBST(UNINSTALL_GETDNS_QUERY)
AC_ARG_WITH(stubby, AS_HELP_STRING([--without-stubby],
[Do not compile and install stubby, the (stub) resolver daemon]),
[], [withval="yes"])
if test x_$withval = x_no; then
STUBBY=""
INSTALL_STUBBY=""
UNINSTALL_STUBBY=""
else
AC_ARG_WITH(stubby, AS_HELP_STRING([--with-stubby],
[Compile and install stubby, the (stub) resolver daemon]),
[], [withval="no"])
if test x_$withval = x_yes; then
STUBBY="stubby"
INSTALL_STUBBY="install-stubby"
UNINSTALL_STUBBY="uninstall-stubby"
else
STUBBY=""
INSTALL_STUBBY=""
UNINSTALL_STUBBY=""
fi
AC_SUBST(STUBBY)
AC_SUBST(INSTALL_STUBBY)

2
spec/index.html
View File

@ -875,7 +875,7 @@ names:</p>
<li><code>query_name</code> (a bindata) is the name that was sent</li>
<li><code>query_type</code> (an int) is the type that was queried for</li>
<li><code>query_to</code> (a bindata) is the address to which the query was sent</li>
<li><code>run_time</code> (a bindata) is the difference between the time the successful
<li><code>run_time/ms</code> (a bindata) is the difference between the time the successful
query started and ended in milliseconds, represented
as a uint32_t (this does not include time taken for connection set up
or transport fallback)</li>

57
src/Makefile.in
View File

@ -35,16 +35,23 @@ libversion = @GETDNS_LIBVERSION@
prefix = @prefix@
exec_prefix = @exec_prefix@
bindir = @bindir@
sbindir = @sbindir@
libdir = @libdir@
includedir = @includedir@
sysconfdir = @sysconfdir@
localstatedir = @localstatedir@
runstatedir = @runstatedir@
stubbyconfdir = $(sysconfdir)/stubby
have_libevent = @have_libevent@
have_libuv = @have_libuv@
have_libev = @have_libev@
# datarootdir is here to please some checkers
datarootdir=@datarootdir@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
srcdir = @srcdir@
stubbysrcdir = $(srcdir)/../stubby
LIBTOOL = ../libtool
CC=@CC@
@ -75,6 +82,8 @@ GETDNS_OBJ=const-info.lo convert.lo dict.lo dnssec.lo general.lo \
GLDNS_OBJ=keyraw.lo gbuffer.lo wire2str.lo parse.lo parseutil.lo rrdef.lo \
str2wire.lo
PROGRAMS=@STUBBY@
LIBOBJDIR=
LIBOBJS=@LIBOBJS@
COMPAT_OBJ=$(LIBOBJS:.o=.lo)
@ -98,7 +107,7 @@ NON_C99_OBJS=libuv.lo context.lo anchor.lo
default: all
all: libgetdns.la $(EXTENSION_LIBEVENT_LIB) $(EXTENSION_LIBUV_LIB) $(EXTENSION_LIBEV_LIB)
all: libgetdns.la $(EXTENSION_LIBEVENT_LIB) $(EXTENSION_LIBUV_LIB) $(EXTENSION_LIBEV_LIB) $(PROGRAMS)
$(GETDNS_OBJ):
$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -c $(srcdir)/$(@:.lo=.c) -o $@
@ -130,25 +139,35 @@ context.lo:
libuv.lo:
$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) $(C99COMPATFLAGS) -c $(srcdir)/extension/libuv.c -o libuv.lo
install: libgetdns.la
install-headers: getdns/getdns.h getdns/getdns_extra.h
$(INSTALL) -m 755 -d $(DESTDIR)$(includedir)
$(INSTALL) -m 755 -d $(DESTDIR)$(includedir)/getdns
$(INSTALL) -m 644 getdns/getdns.h $(DESTDIR)$(includedir)/getdns/getdns.h
$(INSTALL) -m 644 getdns/getdns_extra.h $(DESTDIR)$(includedir)/getdns/getdns_extra.h
if test $(have_libevent) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libevent.h $(DESTDIR)$(includedir)/getdns/ ; fi
if test $(have_libuv) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libuv.h $(DESTDIR)$(includedir)/getdns/ ; fi
if test $(have_libev) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libev.h $(DESTDIR)$(includedir)/getdns/ ; fi
uninstall-headers:
rm -rf $(DESTDIR)$(includedir)/getdns
install-libs: libgetdns.la
$(INSTALL) -m 755 -d $(DESTDIR)$(libdir)
$(LIBTOOL) --mode=install cp libgetdns.la $(DESTDIR)$(libdir)
if test $(have_libevent) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libevent.h $(DESTDIR)$(includedir)/getdns/ ; $(LIBTOOL) --mode=install cp $(EXTENSION_LIBEVENT_LIB) $(DESTDIR)$(libdir) ; fi
if test $(have_libuv) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libuv.h $(DESTDIR)$(includedir)/getdns/ ; $(LIBTOOL) --mode=install cp $(EXTENSION_LIBUV_LIB) $(DESTDIR)$(libdir) ; fi
if test $(have_libev) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libev.h $(DESTDIR)$(includedir)/getdns/ ; $(LIBTOOL) --mode=install cp $(EXTENSION_LIBEV_LIB) $(DESTDIR)$(libdir) ; fi
if test $(have_libevent) = 1 ; then $(LIBTOOL) --mode=install cp $(EXTENSION_LIBEVENT_LIB) $(DESTDIR)$(libdir) ; fi
if test $(have_libuv) = 1 ; then $(LIBTOOL) --mode=install cp $(EXTENSION_LIBUV_LIB) $(DESTDIR)$(libdir) ; fi
if test $(have_libev) = 1 ; then $(LIBTOOL) --mode=install cp $(EXTENSION_LIBEV_LIB) $(DESTDIR)$(libdir) ; fi
$(LIBTOOL) --mode=finish $(DESTDIR)$(libdir)
uninstall:
rm -rf $(DESTDIR)$(includedir)/getdns
$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/libgetdns.la
uninstall-libs:
if test $(have_libevent) = 1; then $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$(EXTENSION_LIBEVENT_LIB) ; fi
if test $(have_libuv) = 1; then $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$(EXTENSION_LIBUV_LIB) ; fi
if test $(have_libev) = 1; then $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$(EXTENSION_LIBEV_LIB) ; fi
$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/libgetdns.la
install: install-libs install-headers @INSTALL_STUBBY@
uninstall: @UNINSTALL_STUBBY@ uninstall-headers uninstall-libs
libgetdns_ext_event.la: libgetdns.la libevent.lo
$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ libevent.lo libgetdns.la $(LDFLAGS) $(EXTENSION_LIBEVENT_LDFLAGS) $(EXTENSION_LIBEVENT_EXT_LIBS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/extension/libevent.symbols
@ -170,8 +189,24 @@ test: default
getdns_query: default
cd tools && $(MAKE) $@
stubby: getdns_query
cd tools && $(MAKE) $@
stubby.lo: $(stubbysrcdir)/src/stubby.c
$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -DSTUBBYCONFDIR=\"$(sysconfdir)/stubby\" -DRUNSTATEDIR=\"$(runstatedir)\" -c $< -o $@
stubby: stubby.lo libgetdns.la
$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ stubby.lo $(LDFLAGS) libgetdns.la
install-stubby: stubby $(stubbysrcdir)/stubby.conf.example $(stubbysrcdir)/stubby-setdns-macos.sh
$(INSTALL) -m 755 -d $(DESTDIR)$(bindir)
$(LIBTOOL) --mode=install cp stubby $(DESTDIR)$(bindir)
$(INSTALL) -m 755 -d $(DESTDIR)$(sbindir)
$(INSTALL) -m 755 $(stubbysrcdir)/stubby-setdns-macos.sh $(DESTDIR)$(sbindir)
$(INSTALL) -m 755 -d $(DESTDIR)$(stubbyconfdir)
test -f $(DESTDIR)$(stubbyconfdir)/stubby.conf || \
$(INSTALL_DATA) $(stubbysrcdir)/stubby.conf.example $(DESTDIR)$(stubbyconfdir)/stubby.conf
uninstall-stubby:
$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(bindir)/stubby
rm -f $(DESTDIR)$(sbindir)/stubby-setdns-macos.sh
scratchpad: default
cd test && $(MAKE) $@

75
src/dnssec.c
View File

@ -551,11 +551,26 @@ static chain_head *add_rrset2val_chain(struct mem_funcs *mf,
/* Also, try to prevent adding double rrsets */
if ( rrset->rr_class == head->rrset.rr_class
&& rrset->rr_type == head->rrset.rr_type
&& rrset->pkt == head->rrset.pkt
&& rrset->pkt_len == head->rrset.pkt_len
&& _dname_equal(rrset->name, head->rrset.name))
return NULL;
&& _dname_equal(rrset->name, head->rrset.name)) {
if (rrset->pkt == head->rrset.pkt &&
rrset->pkt_len == head->rrset.pkt_len)
return NULL;
else {
/* Anticipate resubmissions due to
* roadblock avoidance */
head->rrset.pkt = rrset->pkt;
head->rrset.pkt_len = rrset->pkt_len;
return head;
}
}
if ( rrset->rr_class == head->rrset.rr_class
&& rrset->rr_type == head->rrset.rr_type
&& rrset->pkt != head->rrset.pkt
&& _dname_equal(rrset->name, head->rrset.name)) {
return NULL;
}
for (label = labels; label < last_label; label++) {
if (! _dname_is_parent(*label, head->rrset.name))
break;
@ -1051,6 +1066,7 @@ static void val_chain_node_cb(getdns_dns_req *dnsreq)
break;
case GETDNS_RRTYPE_DNSKEY: node->dnskey.pkt = netreq->response;
node->dnskey.pkt_len = netreq->response_len;
/* fallthrough */
default : check_chain_complete(node->chains);
return;
}
@ -2417,6 +2433,7 @@ static int key_proves_nonexistance(
* ========================+
* First find the closest encloser.
*/
if (*rrset->name)
for ( nc_name = rrset->name, ce_name = rrset->name + *rrset->name + 1
; *ce_name ; nc_name = ce_name, ce_name += *ce_name + 1) {
@ -2679,6 +2696,7 @@ static int chain_head_validate(struct mem_funcs *mf, time_t now, uint32_t skew,
if (_getdns_rrset_has_rrs(&ds_ta)) {
switch (chain_head_validate_with_ta(mf,now,skew,head,&ds_ta)) {
case GETDNS_DNSSEC_SECURE : s = GETDNS_DNSSEC_SECURE;
/* fallthrough */
case GETDNS_DNSSEC_INSECURE: if (s != GETDNS_DNSSEC_SECURE)
s = GETDNS_DNSSEC_INSECURE;
break;
@ -3053,19 +3071,50 @@ static void check_chain_complete(chain_head *chain)
&& !dnsreq->avoid_dnssec_roadblocks
&& dnsreq->netreqs[0]->dnssec_status == GETDNS_DNSSEC_BOGUS) {
int r = GETDNS_RETURN_GOOD;
getdns_network_req **netreq_p, *netreq;
uint64_t now_ms = 0;
dnsreq->avoid_dnssec_roadblocks = 1;
dnsreq->chain->lock += 1;
for ( netreq_p = dnsreq->netreqs
; !r && (netreq = *netreq_p)
; (netreq = *netreq_p)
; netreq_p++) {
_getdns_netreq_change_state(netreq, NET_REQ_NOT_SENT);
netreq->dnssec_status =
GETDNS_DNSSEC_INDETERMINATE;
netreq->owner = dnsreq;
r = _getdns_submit_netreq(netreq, &now_ms);
(void) _getdns_submit_netreq(netreq, &now_ms);
}
if (!dnsreq->dnssec_return_validation_chain)
return;
for ( head = chain; head ; head = next ) {
next = head->next;
for ( node_count = head->node_count
, node = head->parent
; node_count
; node_count--, node = node->parent ) {
if (node->dnskey_req) {
_getdns_netreq_change_state(
node->dnskey_req,
NET_REQ_NOT_SENT);
node->dnskey_req->owner->
avoid_dnssec_roadblocks = 1;
(void) _getdns_submit_netreq(
node->dnskey_req, &now_ms);
}
if (node->ds_req) {
_getdns_netreq_change_state(
node->ds_req, NET_REQ_NOT_SENT);
node->ds_req->owner->
avoid_dnssec_roadblocks = 1;
(void) _getdns_submit_netreq(
node->ds_req, &now_ms);
}
}
}
return;
}
@ -3232,11 +3281,16 @@ void _getdns_get_validation_chain(getdns_dns_req *dnsreq)
getdns_network_req *netreq, **netreq_p;
chain_head *chain = NULL, *chain_p;
if (dnsreq->validating)
if (dnsreq->avoid_dnssec_roadblocks) {
chain = dnsreq->chain;
} else if (dnsreq->validating)
return;
dnsreq->validating = 1;
for (netreq_p = dnsreq->netreqs; (netreq = *netreq_p) ; netreq_p++) {
if (dnsreq->avoid_dnssec_roadblocks && chain->lock == 0)
; /* pass */
else for (netreq_p = dnsreq->netreqs; (netreq = *netreq_p) ; netreq_p++) {
if (! netreq->response
|| netreq->response_len < GLDNS_HEADER_SIZE
|| ( GLDNS_RCODE_WIRE(netreq->response)
@ -3264,6 +3318,9 @@ void _getdns_get_validation_chain(getdns_dns_req *dnsreq)
if (chain_p->lock) chain_p->lock--;
}
dnsreq->chain = chain;
if (dnsreq->avoid_dnssec_roadblocks && chain->lock)
chain->lock -= 1;
check_chain_complete(chain);
} else {
dnsreq->validating = 0;

7
src/general.c
View File

@ -60,6 +60,9 @@ void _getdns_call_user_callback(getdns_dns_req *dnsreq, getdns_dict *response)
{
_getdns_context_clear_outbound_request(dnsreq);
#if defined(REQ_DEBUG) && REQ_DEBUG
debug_req(__FUNC__, *dnsreq->netreqs);
#endif
if (dnsreq->user_callback) {
dnsreq->context->processing = 1;
dnsreq->user_callback(dnsreq->context,
@ -212,6 +215,7 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
#ifdef STUB_NATIVE_DNSSEC
|| (dns_req->context->resolution_type == GETDNS_RESOLUTION_STUB
&& !dns_req->avoid_dnssec_roadblocks
&& (dns_req->dnssec_return_status ||
dns_req->dnssec_return_only_secure ||
dns_req->dnssec_return_all_statuses
@ -229,6 +233,9 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
NULL, NULL, (getdns_eventloop_callback)
_getdns_validation_chain_timeout));
#if defined(REQ_DEBUG) && REQ_DEBUG
debug_req("getting validation chain for ", *dns_req->netreqs);
#endif
_getdns_get_validation_chain(dns_req);
} else
_getdns_call_user_callback(

3
src/getdns/getdns.h.in
View File

@ -1101,7 +1101,6 @@ getdns_service(getdns_context *context,
* (e.g. CRYPTO_THREADID_set_call) depending on the library version used.
* @param context context that can be used immediately with other API calls
* @param set_from_os set to 1 to initialize the context with os defaults
* the second bit set (2) prevents OpenSSL library initialization.
* @return GETDNS_RETURN_GOOD on success
*/
getdns_return_t
@ -1114,7 +1113,6 @@ getdns_context_create(getdns_context ** context, int set_from_os);
* (e.g. CRYPTO_THREADID_set_call) depending on the library version used.
* @param context context that can be used immediately with other API calls
* @param set_from_os set to 1 to initialize the context with os defaults
* the second bit set (2) prevents OpenSSL library initialization.
* @param malloc custom malloc function
* @param realloc custom realloc function
* @param free custom free function
@ -1136,7 +1134,6 @@ getdns_context_create_with_memory_functions(
* (e.g. CRYPTO_THREADID_set_call) depending on the library version used.
* @param context context that can be used immediately with other API calls
* @param set_from_os set to 1 to initialize the context with os defaults
* the second bit set (2) prevents OpenSSL library initialization.
* @param userarg parameter passed to the custom malloc, realloc and free functions
* @param malloc custom malloc function
* @param realloc custom realloc function

2
src/gldns/gbuffer.c
View File

@ -50,6 +50,8 @@ gldns_buffer_new_frm_data(gldns_buffer *buffer, void *data, size_t size)
buffer->_limit = buffer->_capacity = size;
buffer->_fixed = 0;
buffer->_vfixed = 0;
if (!buffer->_fixed && buffer->_data)
free(buffer->_data);
buffer->_data = malloc(size);
if(!buffer->_data) {
buffer->_status_err = 1;

9
src/gldns/parseutil.c
View File

@ -402,10 +402,12 @@ gldns_b32_ntop_base(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz,
/* ........ ........ ....4444 4....... ........ */
c = src[3] >> 7 ;
/* fallthrough */
case 3: dst[4] = b32[(src[2] & 0x0f) << 1 | c];
/* ........ .......3 3333.... ........ ........ */
c = src[2] >> 4 ;
/* fallthrough */
case 2: dst[3] = b32[(src[1] & 0x01) << 4 | c];
/* ........ ..22222. ........ ........ ........ */
@ -413,6 +415,7 @@ gldns_b32_ntop_base(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz,
/* .....111 11...... ........ ........ ........ */
c = src[1] >> 6 ;
/* fallthrough */
case 1: dst[1] = b32[(src[0] & 0x07) << 2 | c];
/* 00000... ........ ........ ........ ........ */
@ -423,9 +426,12 @@ gldns_b32_ntop_base(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz,
switch (src_sz) {
case 1: dst[2] = '=';
dst[3] = '=';
/* fallthrough */
case 2: dst[4] = '=';
/* fallthrough */
case 3: dst[5] = '=';
dst[6] = '=';
/* fallthrough */
case 4: dst[7] = '=';
}
}
@ -537,15 +543,18 @@ gldns_b32_pton_base(const char* src, size_t src_sz, uint8_t* dst, size_t dst_sz,
/* ........ ........ ........ .55555.. ........ */
/* ........ ........ ....4444 4....... ........ */
dst[3] = buf[4] << 7 | buf[5] << 2 | buf[6] >> 3;
/* fallthrough */
case 5: /* ........ ........ ....4444 4....... ........ */
/* ........ .......3 3333.... ........ ........ */
dst[2] = buf[3] << 4 | buf[4] >> 1;
/* fallthrough */
case 4: /* ........ .......3 3333.... ........ ........ */
/* ........ ..22222. ........ ........ ........ */
/* .....111 11...... ........ ........ ........ */
dst[1] = buf[1] << 6 | buf[2] << 1 | buf[3] >> 4;
/* fallthrough */
case 2: /* .....111 11...... ........ ........ ........ */
/* 00000... ........ ........ ........ ........ */

8
src/gldns/str2wire.c
View File

@ -1190,6 +1190,10 @@ int gldns_str2wire_b64_buf(const char* str, uint8_t* rd, size_t* len)
{
size_t sz = gldns_b64_pton_calculate_size(strlen(str));
int n;
if(strcmp(str, "0") == 0) {
*len = 0;
return GLDNS_WIREPARSE_ERR_OK;
}
if(*len < sz)
return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
n = gldns_b64_pton(str, rd, *len);
@ -1223,6 +1227,10 @@ int gldns_str2wire_hex_buf(const char* str, uint8_t* rd, size_t* len)
s++;
continue;
}
if(dlen == 0 && *s == '0' && *(s+1) == 0) {
*len = 0;
return GLDNS_WIREPARSE_ERR_OK;
}
if(!isxdigit((unsigned char)*s))
return RET_ERR(GLDNS_WIREPARSE_ERR_SYNTAX_HEX, s-str);
if(*len < dlen/2 + 1)

6
src/gldns/wire2str.c
View File

@ -1220,11 +1220,17 @@ static int gldns_wire2str_b64_scan_num(uint8_t** d, size_t* dl, char** s,
int gldns_wire2str_b64_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
{
if(*dl == 0) {
return gldns_str_print(s, sl, "0");
}
return gldns_wire2str_b64_scan_num(d, dl, s, sl, *dl);
}
int gldns_wire2str_hex_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
{
if(*dl == 0) {
return gldns_str_print(s, sl, "0");
}
return print_remainder_hex("", d, dl, s, sl);
}

2
src/jsmn

@ -1 +1 @@
Subproject commit 868c22e35ec223fc26ddefdb9ca83901dc6e2534
Subproject commit c831c3869f56a571a79a3cbf58e0a366e588e256

21
src/stub.c
View File

@ -413,15 +413,14 @@ tcp_connect(getdns_upstream *upstream, getdns_transport_list_t transport)
endpoints.sae_srcaddrlen = 0;
endpoints.sae_dstaddr = (struct sockaddr *)&upstream->addr;
endpoints.sae_dstaddrlen = upstream->addr_len;
if (connectx(fd, &endpoints, SAE_ASSOCID_ANY,
if (connectx(fd, &endpoints, SAE_ASSOCID_ANY,
CONNECT_DATA_IDEMPOTENT | CONNECT_RESUME_ON_READ_WRITE,
NULL, 0, NULL, NULL) == -1) {
if (errno != EINPROGRESS) {
close(fd);
return -1;
}
NULL, 0, NULL, NULL) == 0) {
return fd;
}
if (errno == EINPROGRESS) {
return fd;
}
return fd;
#else
(void)transport;
#endif
@ -576,6 +575,7 @@ _getdns_cancel_stub_request(getdns_network_req *netreq)
#else
close(netreq->fd);
#endif
netreq->fd = -1;
}
}
@ -594,6 +594,7 @@ stub_timeout_cb(void *userarg)
#else
close(netreq->fd);
#endif
netreq->fd = -1;
netreq->upstream->udp_timeouts++;
if (netreq->upstream->udp_timeouts % 100 == 0)
_getdns_upstream_log(netreq->upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
@ -1401,6 +1402,7 @@ stub_udp_read_cb(void *userarg)
#else
close(netreq->fd);
#endif
netreq->fd = -1;
stub_next_upstream(netreq);
}
netreq->debug_end_time = _getdns_get_time_as_uintt64();
@ -1423,8 +1425,8 @@ stub_udp_read_cb(void *userarg)
closesocket(netreq->fd);
#else
close(netreq->fd);
netreq->fd = -1;
#endif
netreq->fd = -1;
while (GLDNS_TC_WIRE(netreq->response)) {
DEBUG_STUB("%s %-35s: MSG: %p TC bit set in response \n", STUB_DEBUG_READ,
__FUNC__, (void*)netreq);
@ -1521,6 +1523,7 @@ stub_udp_write_cb(void *userarg)
#else
close(netreq->fd);
#endif
netreq->fd = -1;
stub_next_upstream(netreq);
}
netreq->debug_end_time = _getdns_get_time_as_uintt64();
@ -1946,7 +1949,7 @@ upstream_select(getdns_network_req *netreq)
return &upstreams->upstreams[i];
}
i+=GETDNS_UPSTREAM_TRANSPORTS;
if (i > upstreams->count)
if (i >= upstreams->count)
i = 0;
} while (i != upstreams->current_udp);

6
src/test/tests_transports.sh
View File

@ -174,21 +174,21 @@ for (( i = 0; i < 2; i+=1 )); do
echo "*Success cases:"
for (( j = 0; j < $NUM_GOOD_QUERIES; j+=1 )); do
check_good "`$DIR/getdns_query +return_call_reporting $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]} 2>/dev/null`" ${GOOD_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_QUERIES[$((j*NUM_ARGS))+2]}
check_good "`$DIR/getdns_query -V +return_call_reporting $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]} 2>/dev/null`" ${GOOD_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_QUERIES[$((j*NUM_ARGS))+2]}
echo "getdns_query $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]}"
(( COUNT++ ))
done
echo "*Success fallback cases:"
for (( j = 0; j < $NUM_GOOD_FB_QUERIES; j+=1 )); do
check_good "`$DIR/getdns_query +return_call_reporting $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]} 2>/dev/null`" ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}
check_good "`$DIR/getdns_query -V +return_call_reporting $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]} 2>/dev/null`" ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}
echo "getdns_query $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]} TESTS: ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}"
(( COUNT++ ))
done
echo "*Transport not available cases:"
for (( j = 0; j < ${#NOT_AVAILABLE_QUERIES[@]}; j+=1 )); do
check_bad "`$DIR/getdns_query $SYNC_MODE ${NOT_AVAILABLE_QUERIES[${j}]} 2>&1`"
check_bad "`$DIR/getdns_query -V $SYNC_MODE ${NOT_AVAILABLE_QUERIES[${j}]} 2>&1`"
echo "getdns_query $SYNC_MODE ${NOT_AVAILABLE_QUERIES[${j}]}"
(( COUNT++ ))
done

6
src/test/tpkg/290-transports.tpkg/290-transports.test
View File

@ -173,21 +173,21 @@ for (( ii = 0; ii < 1; ii++)); do
fi
echo "*Success cases:"
for (( j = 0; j < $NUM_GOOD_QUERIES; j+=1 )); do
check_good "`"${GETDNS_QUERY}" +return_call_reporting $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]} `" ${GOOD_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_QUERIES[$((j*NUM_ARGS))+2]}
check_good "`"${GETDNS_QUERY}" -V +return_call_reporting $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]} `" ${GOOD_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_QUERIES[$((j*NUM_ARGS))+2]}
echo "getdns_query $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]}"
(( COUNT++ ))
done
echo "*Success fallback cases:"
for (( j = 0; j < $NUM_GOOD_FB_QUERIES; j+=1 )); do
check_good "`"${GETDNS_QUERY}" +return_call_reporting $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]} 2>/dev/null`" ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}
check_good "`"${GETDNS_QUERY}" -V +return_call_reporting $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]} 2>/dev/null`" ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}
echo "getdns_query $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]} TESTS: ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}"
(( COUNT++ ))
done
echo "*Transport not available cases:"
for (( j = 0; j < ${#NOT_AVAILABLE_QUERIES[@]}; j+=1 )); do
check_bad "`"${GETDNS_QUERY}" $SYNC_MODE ${NOT_AVAILABLE_QUERIES[${j}]} 2>&1`"
check_bad "`"${GETDNS_QUERY}" -V $SYNC_MODE ${NOT_AVAILABLE_QUERIES[${j}]} 2>&1`"
echo "getdns_query $SYNC_MODE ${NOT_AVAILABLE_QUERIES[${j}]}"
(( COUNT++ ))
done

14
src/test/tpkg/300-event-loops-configure.tpkg/300-event-loops-configure.test
View File

@ -7,10 +7,10 @@
rm -fr "${BUILDDIR}/build-event-loops"
mkdir "${BUILDDIR}/build-event-loops"
cd "${BUILDDIR}/build-event-loops"
"${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libev --with-libuv \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libev \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libuv \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libev --with-libuv \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libev \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libuv
"${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libevent --with-libev --with-libuv \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libevent --with-libev \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libevent --with-libuv \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libev --with-libuv \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libevent \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libev \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libuv

14
src/test/tpkg/400-static-analysis.tpkg/400-static-analysis.pre
View File

@ -25,11 +25,11 @@ done
rm -fr "${BUILDDIR}/build-static-analysis"
mkdir "${BUILDDIR}/build-static-analysis"
cd "${BUILDDIR}/build-static-analysis"
"${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libev --with-libuv \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libev \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libuv \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libev --with-libuv \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libev \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libuv
"${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libevent --with-libev --with-libuv \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libevent --with-libev \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libevent --with-libuv \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libev --with-libuv \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libevent \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libev \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libuv

4
src/tools/Dockerfile
View File

@ -24,7 +24,7 @@ RUN set -ex \
&& cd /usr/src \
&& git clone https://github.com/getdnsapi/getdns.git \
&& cd /usr/src/getdns \
&& git checkout release/1.1.1 \
&& git checkout master \
&& git submodule update --init \
&& libtoolize -ci \
&& autoreconf -fi \
@ -35,7 +35,7 @@ RUN set -ex \
&& cp src/tools/stubby.conf /etc \
&& mkdir -p /etc/unbound \
&& cd /etc/unbound \
&& wget http://www.nomountain.net/getdns-root.key
&& unbound-anchor -a /etc/unbound/getdns-root.key || :
EXPOSE 53

13
src/tools/Makefile.in
View File

@ -68,8 +68,8 @@ $(ALL_OBJS):
getdns_query: getdns_query.lo
$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) -o $@ getdns_query.lo $(LDFLAGS) $(LDLIBS)
stubby: getdns_query.lo
$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) -o $@ getdns_query.lo $(LDFLAGS) $(LDLIBS)
stubby:
cd .. && $(MAKE) $@
install-getdns_query: getdns_query
$(INSTALL) -m 755 -d $(DESTDIR)$(bindir)
@ -78,15 +78,14 @@ install-getdns_query: getdns_query
uninstall-getdns_query:
$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(bindir)/getdns_query
install-stubby: getdns_query
$(INSTALL) -m 755 -d $(DESTDIR)$(bindir)
$(LIBTOOL) --mode=install cp getdns_query $(DESTDIR)$(bindir)/stubby
install-stubby:
cd .. && $(MAKE) $@
uninstall-stubby:
$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(bindir)/stubby
cd .. && $(MAKE) $@
clean:
rm -f *.o *.lo $(PROGRAMS) stubby
rm -f *.o *.lo $(PROGRAMS)
rm -rf .libs
distclean : clean

88
src/tools/getdns_query.c
View File

@ -48,6 +48,7 @@ typedef unsigned short in_port_t;
#define EXAMPLE_PIN "pin-sha256=\"E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=\""
static int verbosity = 0;
static int i_am_stubby = 0;
static const char *default_stubby_config =
"{ resolution_type: GETDNS_RESOLUTION_STUB"
@ -80,6 +81,8 @@ static uint16_t request_type = GETDNS_RRTYPE_NS;
static int timeout, edns0_size, padding_blocksize;
static int async = 0, interactive = 0;
static enum { GENERAL, ADDRESS, HOSTNAME, SERVICE } calltype = GENERAL;
static int bogus_answers = 0;
static int check_dnssec = 0;
static int get_rrtype(const char *t)
{
@ -255,6 +258,7 @@ print_usage(FILE *out, const char *progname)
fprintf(out, "\t-S\tservice lookup (<type> is ignored)\n");
fprintf(out, "\t-t <timeout>\tSet timeout in milliseconds\n");
fprintf(out, "\t-v\tPrint getdns release version\n");
fprintf(out, "\t-V\tIncrease verbosity (may be used more than once)\n");
fprintf(out, "\t-x\tDo not follow redirects\n");
fprintf(out, "\t-X\tFollow redirects (default)\n");
@ -306,27 +310,28 @@ static getdns_return_t validate_chain(getdns_dict *response)
response, "replies_tree", &replies_tree)))
goto error;
fprintf(stdout, "replies_tree dnssec_status: ");
if (verbosity) fprintf(stdout, "replies_tree dnssec_status: ");
switch ((s = getdns_validate_dnssec(
replies_tree, validation_chain, trust_anchor))) {
case GETDNS_DNSSEC_SECURE:
fprintf(stdout, "GETDNS_DNSSEC_SECURE\n");
if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_SECURE\n");
break;
case GETDNS_DNSSEC_BOGUS:
fprintf(stdout, "GETDNS_DNSSEC_BOGUS\n");
if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_BOGUS\n");
bogus_answers += 1;
break;
case GETDNS_DNSSEC_INDETERMINATE:
fprintf(stdout, "GETDNS_DNSSEC_INDETERMINATE\n");
if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_INDETERMINATE\n");
break;
case GETDNS_DNSSEC_INSECURE:
fprintf(stdout, "GETDNS_DNSSEC_INSECURE\n");
if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_INSECURE\n");
break;
case GETDNS_DNSSEC_NOT_PERFORMED:
fprintf(stdout, "GETDNS_DNSSEC_NOT_PERFORMED\n");
if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_NOT_PERFORMED\n");
break;
default:
fprintf(stdout, "%d\n", (int)s);
if (verbosity) fprintf(stdout, "%d\n", (int)s);
}
i = 0;
@ -335,27 +340,28 @@ static getdns_return_t validate_chain(getdns_dict *response)
if ((r = getdns_list_set_dict(to_validate, 0, reply)))
goto error;
printf("reply "PRIsz", dnssec_status: ", i);
if (verbosity) printf("reply "PRIsz", dnssec_status: ", i);
switch ((s = getdns_validate_dnssec(
to_validate, validation_chain, trust_anchor))) {
case GETDNS_DNSSEC_SECURE:
fprintf(stdout, "GETDNS_DNSSEC_SECURE\n");
if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_SECURE\n");
break;
case GETDNS_DNSSEC_BOGUS:
fprintf(stdout, "GETDNS_DNSSEC_BOGUS\n");
if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_BOGUS\n");
bogus_answers += 1;
break;
case GETDNS_DNSSEC_INDETERMINATE:
fprintf(stdout, "GETDNS_DNSSEC_INDETERMINATE\n");
if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_INDETERMINATE\n");
break;
case GETDNS_DNSSEC_INSECURE:
fprintf(stdout, "GETDNS_DNSSEC_INSECURE\n");
if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_INSECURE\n");
break;
case GETDNS_DNSSEC_NOT_PERFORMED:
fprintf(stdout, "GETDNS_DNSSEC_NOT_PERFORMED\n");
if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_NOT_PERFORMED\n");
break;
default:
fprintf(stdout, "%d\n", (int)s);
if (verbosity) fprintf(stdout, "%d\n", (int)s);
}
}
if (r == GETDNS_RETURN_NO_SUCH_LIST_ITEM)
@ -378,14 +384,23 @@ void callback(getdns_context *context, getdns_callback_type_t callback_type,
getdns_print_json_dict(response, json == 1)
: getdns_pretty_print_dict(response))) {
fprintf(stdout, "ASYNC response:\n%s\n", response_str);
fprintf(stdout, "%s\n", response_str);
if (verbosity) fprintf(stdout, "ASYNC call completed.\n");
validate_chain(response);
free(response_str);
}
if (callback_type == GETDNS_CALLBACK_COMPLETE) {
printf("Response code was: GOOD. Status was: Callback with ID %"PRIu64" was successful.\n",
if (verbosity) printf("Response code was: GOOD. Status was: Callback with ID %"PRIu64" was successful.\n",
trans_id);
if (check_dnssec) {
uint32_t dnssec_status = GETDNS_DNSSEC_SECURE;
(void )getdns_dict_get_int(response,
"/replies_tree/0/dnssec_status", &dnssec_status);
if (dnssec_status == GETDNS_DNSSEC_BOGUS)
bogus_answers += 1;
}
} else if (callback_type == GETDNS_CALLBACK_CANCEL)
fprintf(stderr,
@ -400,7 +415,6 @@ void callback(getdns_context *context, getdns_callback_type_t callback_type,
getdns_get_errorstr_by_id(callback_type));
}
getdns_dict_destroy(response);
response = NULL;
}
#define CONTINUE ((getdns_return_t)-2)
@ -575,6 +589,9 @@ getdns_return_t parse_args(int argc, char **argv)
continue;
} else if (arg[0] == '+') {
if (strncmp(arg+1, "dnssec_", 7) == 0)
check_dnssec = 1;
if (arg[1] == 's' && arg[2] == 'i' && arg[3] == 't' &&
(arg[4] == '=' || arg[4] == '\0')) {
if ((r = set_cookie(extensions, arg+4))) {
@ -802,6 +819,7 @@ getdns_return_t parse_args(int argc, char **argv)
goto next;
case 'p':
json = 0;
break;
case 'q':
quiet = 1;
break;
@ -970,6 +988,9 @@ getdns_return_t parse_args(int argc, char **argv)
case 'B':
batch_mode = 1;
break;
case 'V':
verbosity += 1;
break;
case 'z':
if (c[1] != 0 || ++i >= argc || !*argv[i]) {
@ -1188,8 +1209,9 @@ getdns_return_t do_the_call(void)
getdns_print_json_dict(response, json == 1)
: getdns_pretty_print_dict(response))) {
fprintf( stdout, "SYNC response:\n%s\n"
, response_str);
fprintf( stdout, "%s\n", response_str);
if (verbosity) fprintf( stdout, "SYNC call completed.\n");
validate_chain(response);
free(response_str);
} else {
@ -1199,10 +1221,21 @@ getdns_return_t do_the_call(void)
}
}
getdns_dict_get_int(response, "status", &status);
fprintf(stdout, "Response code was: GOOD. Status was: %s\n",
if (verbosity)
fprintf(stdout, "Response code was: GOOD. Status was: %s\n",
getdns_get_errorstr_by_id(status));
if (response)
if (response) {
if (check_dnssec) {
uint32_t dnssec_status = GETDNS_DNSSEC_SECURE;
(void )getdns_dict_get_int(response,
"/replies_tree/0/dnssec_status",
&dnssec_status);
if (dnssec_status == GETDNS_DNSSEC_BOGUS)
bogus_answers += 1;
}
getdns_dict_destroy(response);
}
}
getdns_dict_destroy(address);
return r;
@ -1224,7 +1257,7 @@ void read_line_cb(void *userarg)
int linec;
if (!fgets(line, 1024, fp) || !*line) {
if (query_file)
if (query_file && verbosity)
fprintf(stdout,"End of file.");
loop->vmt->clear(loop, read_line_ev);
if (listen_count)
@ -1233,7 +1266,7 @@ void read_line_cb(void *userarg)
(void) getdns_context_set_idle_timeout(context, 0);
return;
}
if (query_file)
if (query_file && verbosity)
fprintf(stdout,"Found query: %s", line);
linev[0] = __FILE__;
@ -1246,7 +1279,8 @@ void read_line_cb(void *userarg)
return;
}
if (*token == '#') {
fprintf(stdout,"Result: Skipping comment\n");
if (verbosity)
fprintf(stdout,"Result: Skipping comment\n");
if (! query_file) {
printf("> ");
fflush(stdout);
@ -1779,8 +1813,10 @@ done_destroy_context:
else if (r == CONTINUE_ERROR)
return 1;
if (!i_am_stubby)
if (!i_am_stubby && verbosity)
fprintf(stdout, "\nAll done.\n");
return r;
return r ? r
: bogus_answers ? GETDNS_DNSSEC_BOGUS
: GETDNS_RETURN_GOOD;
}

96
src/tools/stubby-setdns-macos.sh
View File

@ -1,96 +0,0 @@
#!/bin/bash
#
# Copyright (c) 2017, Verisign, Inc., NLnet Labs
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# * Neither the names of the copyright holders nor the
# names of its contributors may be used to endorse or promote products
# derived from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Stubby helper file to set DNS servers on macOS.
# Note - this script doesn't detect or handle network events, simply changes the
# current resolvers
# Must run as root.
usage () {
echo
echo "Update the system DNS resolvers so that Stubby is used for all DNS"
echo "queries on macOS. (Stubby must already be running)"
echo "This must be run as root."
echo
echo "Usage: $0 options"
echo
echo "Supported options:"
echo " -r Reset DNS resolvers to the default ones (e.g. from DHCP)"
echo " -l List the current DNS settings for all interfaces"
echo " -h Show this help."
}
RESET=0
LIST=0
SERVERS="127.0.0.1 ::1"
OS_X=`uname -a | grep -c 'Darwin'`
while getopts ":rlh" opt; do
case $opt in
r ) RESET=1 ;;
l ) LIST=1 ;;
h ) usage
exit 1 ;;
\? ) usage
exit 1 ;;
esac
done
if [[ $OS_X -eq 0 ]]; then
echo "Sorry - This script only works on macOS and you are on a different OS."
exit 1
fi
if [[ $LIST -eq 1 ]]; then
echo "** Current DNS settings **"
networksetup -listallnetworkservices 2>/dev/null | grep -v '*' | while read x ; do
RESULT=`networksetup -getdnsservers "$x"`
RESULT=`echo $RESULT`
printf '%-30s %s\n' "$x:" "$RESULT"
done
exit 1
fi
if [ "$USER" != "root" ]; then
echo "Must be root to update system resolvers. Retry using 'sudo stubby-setdns'"
exit 1
fi
if [[ $RESET -eq 1 ]]; then
SERVERS="empty"
echo "Setting DNS servers to '"$SERVERS"' - the system will use default DNS service."
else
echo "Setting DNS servers to '"$SERVERS"' - the system will use Stubby if it is running."
fi
### Set the DNS settings via networksetup ###
networksetup -listallnetworkservices 2>/dev/null | grep -v '*' | while read x ; do
networksetup -setdnsservers "$x" $SERVERS
done

59
src/tools/stubby.conf
View File

@ -1,59 +0,0 @@
{ resolution_type: GETDNS_RESOLUTION_STUB
, dns_transport_list: [ GETDNS_TRANSPORT_TLS ]
, tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
, tls_query_padding_blocksize: 256
, edns_client_subnet_private : 1
, listen_addresses: [ 127.0.0.1, 0::1 ]
, idle_timeout: 10000
, round_robin_upstreams: 1
, upstream_recursive_servers:
[ { address_data: 145.100.185.15
, tls_auth_name: "dnsovertls.sinodun.com"
, tls_pubkey_pinset:
[ { digest: "sha256"
, value: 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4=
} ]
},
{ address_data: 145.100.185.16
, tls_auth_name: "dnsovertls1.sinodun.com"
, tls_pubkey_pinset:
[ { digest: "sha256"
, value: cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA=
} ]
},
{ address_data: 185.49.141.37
, tls_auth_name: "getdnsapi.net"
, tls_pubkey_pinset:
[ { digest: "sha256"
, value: foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q=
} ]
},
{ address_data: 2001:610:1:40ba:145:100:185:15
, tls_auth_name: "dnsovertls.sinodun.com"
, tls_pubkey_pinset:
[ { digest: "sha256"
, value: 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4=
} ]
},
{ address_data: 2001:610:1:40ba:145:100:185:16
, tls_auth_name: "dnsovertls1.sinodun.com"
, tls_pubkey_pinset:
[ { digest: "sha256"
, value: cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA=
} ]
},
{ address_data: 2a04:b900:0:100::37
, tls_auth_name: "getdnsapi.net"
, tls_pubkey_pinset:
[ { digest: "sha256"
, value: foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q=
} ]
},
{ address_data: 89.233.43.71
, tls_auth_name: "unicast.censurfridns.dk"
},
{ address_data: 2a01:3a0:53:53::
, tls_auth_name: "unicast.censurfridns.dk"
}
]
}

14
src/util/lookup3.c
View File

@ -5,6 +5,7 @@
added #ifdef VALGRIND to remove 298,384,660 'unused variable k8' warnings.
added include of lookup3.h to check definitions match declarations.
removed include of stdint - config.h takes care of platform independence.
added fallthrough comments for new gcc warning suppression.
url http://burtleburtle.net/bob/hash/index.html.
*/
/*
@ -235,7 +236,9 @@ uint32_t initval) /* the previous hash, or an arbitrary value */
switch(length) /* all the case statements fall through */
{
case 3 : c+=k[2];
/* fallthrough */
case 2 : b+=k[1];
/* fallthrough */
case 1 : a+=k[0];
final(a,b,c);
case 0: /* case 0: nothing left to add */
@ -473,16 +476,27 @@ uint32_t hashlittle( const void *key, size_t length, uint32_t initval)
switch(length) /* all the case statements fall through */
{
case 12: c+=((uint32_t)k[11])<<24;
/* fallthrough */
case 11: c+=((uint32_t)k[10])<<16;
/* fallthrough */
case 10: c+=((uint32_t)k[9])<<8;
/* fallthrough */
case 9 : c+=k[8];
/* fallthrough */
case 8 : b+=((uint32_t)k[7])<<24;
/* fallthrough */
case 7 : b+=((uint32_t)k[6])<<16;
/* fallthrough */
case 6 : b+=((uint32_t)k[5])<<8;
/* fallthrough */
case 5 : b+=k[4];
/* fallthrough */
case 4 : a+=((uint32_t)k[3])<<24;
/* fallthrough */
case 3 : a+=((uint32_t)k[2])<<16;
/* fallthrough */
case 2 : a+=((uint32_t)k[1])<<8;
/* fallthrough */
case 1 : a+=k[0];
break;
case 0 : return c;

45
src/util/val_secalgo.c
View File

@ -1320,6 +1320,9 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
#include "ecdsa.h"
#include "ecc-curve.h"
#endif
#ifdef HAVE_NETTLE_EDDSA_H
#include "eddsa.h"
#endif
static int
_digest_nettle(int algo, uint8_t* buf, size_t len,
@ -1477,6 +1480,10 @@ dnskey_algo_id_is_supported(int id)
case LDNS_ECDSAP384SHA384:
#endif
return 1;
#ifdef USE_ED25519
case LDNS_ED25519:
return 1;
#endif
case LDNS_RSAMD5: /* RFC 6725 deprecates RSAMD5 */
case LDNS_ECC_GOST:
default:
@ -1718,6 +1725,30 @@ _verify_nettle_ecdsa(sldns_buffer* buf, unsigned int digest_size, unsigned char*
}
#endif
#ifdef USE_ED25519
static char *
_verify_nettle_ed25519(sldns_buffer* buf, unsigned char* sigblock,
unsigned int sigblock_len, unsigned char* key, unsigned int keylen)
{
int res = 0;
if(sigblock_len != ED25519_SIGNATURE_SIZE) {
return "wrong ED25519 signature length";
}
if(keylen != ED25519_KEY_SIZE) {
return "wrong ED25519 key length";
}
res = ed25519_sha512_verify((uint8_t*)key, sldns_buffer_limit(buf),
sldns_buffer_begin(buf), (uint8_t*)sigblock);
if (!res)
return "ED25519 signature verification failed";
else
return NULL;
}
#endif
/**
* Check a canonical sig+rrset and signature against a dnskey
* @param buf: buffer with data to verify, the first rrsig part and the
@ -1759,9 +1790,13 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
case LDNS_RSASHA1_NSEC3:
digest_size = (digest_size ? digest_size : SHA1_DIGEST_SIZE);
#endif
/* double fallthrough annotation to please gcc parser */
/* fallthrough */
#ifdef USE_SHA2
/* fallthrough */
case LDNS_RSASHA256:
digest_size = (digest_size ? digest_size : SHA256_DIGEST_SIZE);
/* fallthrough */
case LDNS_RSASHA512:
digest_size = (digest_size ? digest_size : SHA512_DIGEST_SIZE);
@ -1776,6 +1811,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
#ifdef USE_ECDSA
case LDNS_ECDSAP256SHA256:
digest_size = (digest_size ? digest_size : SHA256_DIGEST_SIZE);
/* fallthrough */
case LDNS_ECDSAP384SHA384:
digest_size = (digest_size ? digest_size : SHA384_DIGEST_SIZE);
*reason = _verify_nettle_ecdsa(buf, digest_size, sigblock,
@ -1784,6 +1820,15 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
return sec_status_bogus;
else
return sec_status_secure;
#endif
#ifdef USE_ED25519
case LDNS_ED25519:
*reason = _verify_nettle_ed25519(buf, sigblock, sigblock_len,
key, keylen);
if (*reason != NULL)
return sec_status_bogus;
else
return sec_status_secure;
#endif
case LDNS_RSAMD5:
case LDNS_ECC_GOST:

1
stubby Submodule

@ -0,0 +1 @@
Subproject commit 499a82f55579bbba754cd620f88b20da6a167929

16
systemd/README.md
View File

@ -1,16 +0,0 @@
Stubby integration with systemd
===============================
For GNU/Linux operating systems which use systemd as a process
manager, you might want to run stubby as a system service.
This directory provides recommended systemd unit files.
This setup assumes that there is a system-level user named "stubby"
which is in group "stubby", and try to limit the privileges of the
running daemon to that user as closely as possible.
Normally, a downstream distributor will install them as:
/usr/lib/tmpfiles.d/stubby.conf
/lib/systemd/system/stubby.service

2
systemd/stubby.conf
View File

@ -1,2 +0,0 @@
# tmpfiles.d (5) for use with stubby.service
d /run/stubby 0750 root stubby - -

12
systemd/stubby.service
View File

@ -1,12 +0,0 @@
[Unit]
Description=stubby DNS resolver
[Service]
WorkingDirectory=/run/stubby
ExecStart=/usr/bin/stubby
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
User=stubby
[Install]
WantedBy=multi-user.target