interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'develop' into features/NULL-name-requests

This commit is contained in:
Willem Toorop 2017-08-30 15:22:42 +02:00
parent 654005e4e7 fe6d2c9749
commit 54aba0a963
40 changed files with 714 additions and 471 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -39,7 +39,7 @@ src/test/check_getdns_ev
src/test/scratchpad
src/test/scratchpad.c
src/tools/getdns_query
src/tools/stubby
src/stubby
doc/*.3
src/getdns/getdns.h
*.log

4
.gitmodules vendored
View File

@ -2,3 +2,7 @@
path = src/jsmn
url = https://github.com/getdnsapi/jsmn.git
branch = getdns
[submodule "stubby"]
path = stubby
url = https://github.com/getdnsapi/stubby.git
branch = develop

29
ChangeLog
View File

@ -1,3 +1,32 @@
* 2017-0?-??: Version 1.1.3
* No annotations with the output of getdns_query anymore,
unless -V option is given to increase verbosity
Thanks Ollivier Robert
* getdns_query will now exit with failure status if replies are BOGUS
* Bugfix: dnssec_return_validation_chain now also works when fallback
to full recursion was needed with dnssec_roadblock_avoidance
* More clear build instructions from Paul Hoffman. Thanks.
* Bugfix #320.1: Eliminate multiple closing of file descriptors
Thanks Neil Cook
* Bugfix #320.2: Array bounds bug in upstream_select
Thanks Neil Cook
* Bugfix #318: getdnsapi/getdns/README.md links to nonexistent wiki
pages. Thanks James Raftery
* Bugfix #322: MacOS 10.10 (Yosemite) provides TCP fastopen interface
but does not have it implemented. Thanks Joel Purra
* Compile without Stubby by default. Stubby now has a git repository
of its own. The new Stubby repository is added as a submodule.
Stubby will still be build alongside getdns with the --with-stubby
configure option.
* 2017-07-03: Version 1.1.2
* Bugfix for parallel make install
* Bugfix to trigger event callbacks on socket errors
* A getdns_context_set_logfunc() function with which one may
register a callback log function for certain library subsystems
at certain levels. Currently this can only be used for
upstream stastistics subsystem.
* 2017-06-15: Version 1.1.1
* Bugfix #306 hanging/segfaulting on certain (IPv6) upstream failures
* Spelling fix s/receive/receive. Thanks Andreas Schulze.

37
Makefile.in
View File

@ -44,7 +44,7 @@ libdir = @libdir@
srcdir = @srcdir@
INSTALL = @INSTALL@
all : default @GETDNS_QUERY@ @STUBBY@
all : default @GETDNS_QUERY@
everything: default
cd src/test && $(MAKE)
@ -52,7 +52,10 @@ everything: default
default:
cd src && $(MAKE) $@
install: default getdns.pc getdns_ext_event.pc @INSTALL_GETDNS_QUERY@ @INSTALL_STUBBY@
install-lib:
cd src && $(MAKE) install
install: getdns.pc getdns_ext_event.pc install-lib @INSTALL_GETDNS_QUERY@
$(INSTALL) -m 755 -d $(DESTDIR)$(docdir)
$(INSTALL) -m 644 $(srcdir)/AUTHORS $(DESTDIR)$(docdir)
$(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(docdir)
@ -66,8 +69,7 @@ install: default getdns.pc getdns_ext_event.pc @INSTALL_GETDNS_QUERY@ @INSTALL_S
$(INSTALL) -m 644 getdns_ext_event.pc $(DESTDIR)$(libdir)/pkgconfig
$(INSTALL) -m 755 -d $(DESTDIR)$(docdir)/spec
$(INSTALL) -m 644 $(srcdir)/spec/index.html $(DESTDIR)$(docdir)/spec
cd src && $(MAKE) $@
cd doc && $(MAKE) $@
cd doc && $(MAKE) install
@echo "***"
@echo "*** !!! IMPORTANT !!!! libgetdns needs a DNSSEC trust anchor!"
@echo "***"
@ -86,7 +88,7 @@ install: default getdns.pc getdns_ext_event.pc @INSTALL_GETDNS_QUERY@ @INSTALL_S
@echo "*** at package installation time from the post-install script."
@echo "***"
uninstall: @UNINSTALL_GETDNS_QUERY@ @UNINSTALL_STUBBY@
uninstall: @UNINSTALL_GETDNS_QUERY@
rm -rf $(DESTDIR)$(docdir)
cd doc && $(MAKE) $@
cd src && $(MAKE) $@
@ -103,8 +105,8 @@ test: default
getdns_query: default
cd src/tools && $(MAKE) $@
stubby: getdns_query
cd src/tools && $(MAKE) $@
stubby:
cd src && $(MAKE) $@
scratchpad: default
cd src/test && $(MAKE) $@
@ -112,17 +114,17 @@ scratchpad: default
pad: scratchpad
src/test/scratchpad || ./libtool exec gdb src/test/scratchpad
install-getdns_query: getdns_query
install-getdns_query: install-lib
cd src/tools && $(MAKE) $@
uninstall-getdns_query:
cd src/tools && $(MAKE) $@
install-stubby: getdns_query
cd src/tools && $(MAKE) $@
install-stubby:
cd src && $(MAKE) $@
uninstall-stubby:
cd src/tools && $(MAKE) $@
cd src && $(MAKE) $@
clean:
cd src && $(MAKE) $@
@ -190,7 +192,6 @@ $(distdir):
mkdir -p $(distdir)/src
mkdir -p $(distdir)/src/getdns
mkdir -p $(distdir)/src/test
mkdir -p $(distdir)/src/test/jsmn
mkdir -p $(distdir)/src/extension
mkdir -p $(distdir)/src/compat
mkdir -p $(distdir)/src/util
@ -198,9 +199,10 @@ $(distdir):
mkdir -p $(distdir)/src/tools
mkdir -p $(distdir)/src/jsmn
mkdir -p $(distdir)/doc
mkdir -p $(distdir)/systemd
mkdir -p $(distdir)/spec
mkdir -p $(distdir)/spec/example
mkdir -p $(distdir)/stubby
mkdir -p $(distdir)/stubby/src
cp $(srcdir)/configure.ac $(distdir)
cp $(srcdir)/configure $(distdir)
cp $(srcdir)/AUTHORS $(distdir)
@ -241,12 +243,13 @@ $(distdir):
cp $(srcdir)/spec/*.html $(distdir)/spec
cp $(srcdir)/spec/example/Makefile.in $(distdir)/spec/example
cp $(srcdir)/spec/example/*.[ch] $(distdir)/spec/example
cp $(srcdir)/systemd/README.md $(distdir)/systemd
cp $(srcdir)/systemd/stubby.* $(distdir)/systemd
cp $(srcdir)/src/tools/Makefile.in $(distdir)/src/tools
cp $(srcdir)/src/tools/*.[ch] $(distdir)/src/tools
cp $(srcdir)/src/tools/stubby.conf $(distdir)/src/tools
cp $(srcdir)/src/tools/stubby-setdns-macos.sh $(distdir)/src/tools
cp $(srcdir)/stubby/stubby.conf.example $(distdir)/stubby
cp $(srcdir)/stubby/stubby-setdns-macos.sh $(distdir)/stubby
cp $(srcdir)/stubby/src/stubby.c $(distdir)/stubby/src
cp $(srcdir)/stubby/COPYING $(distdir)/stubby
cp $(srcdir)/stubby/README.md $(distdir)/stubby
cp $(srcdir)/src/jsmn/*.[ch] $(distdir)/src/jsmn
cp $(srcdir)/src/jsmn/LICENSE $(distdir)/src/jsmn
cp $(srcdir)/src/jsmn/README.md $(distdir)/src/jsmn

26
README.md
View File

@ -65,6 +65,8 @@ The following requirements were met as conditions for the present release:
# Building and External Dependencies
If you are installing from packages, you have to install the library and also the library-devel (or -dev) for your package management system to get the the necessary compile time files.
External dependencies are linked outside the getdns API build tree (we rely on configure to find them). We would like to keep the dependency tree short. Please refer to section for building on Windows for separate dependency and build instructions for that platform.
* [libunbound from NLnet Labs](https://unbound.net/) version 1.4.16 or later.
@ -72,23 +74,25 @@ External dependencies are linked outside the getdns API build tree (we rely on c
* [libssl and libcrypto from the OpenSSL Project](https://www.openssl.org/) version 0.9.7 or later. (Note: version 1.0.1 or later is required for TLS support, version 1.0.2 or later is required for TLS hostname authentication)
* Doxygen is used to generate documentation; while this is not technically necessary for the build it makes things a lot more pleasant.
If you are installing from packages, you have to install the library and also the library-devel (or -dev) for your package management system to get the the necessary compile time files. If you checked out from git you need to copy the libtool helper scripts and rebuild configure thus:
For example, to build on a recent version of Ubuntu, you would need the following packages:
# libtoolize -ci (use glibtoolize for OS X, libtool is installed as glibtool to avoid name conflict on OS X)
# autoreconf -fi
# apt install build-essential libunbound-dev libidn11-dev libssl-dev libtool m4 autoconf
If you are building from git, you need to do the following before building:
If you want to make use of the configuration files that utilise a JSON-like format, you must do
# git submodule update --init
before building.
# libtoolize -ci # (use glibtoolize for OS X, libtool is installed as glibtool to avoid name conflict on OS X)
# autoreconf -fi
As well as building the getdns library 2 other tools are installed by default by the above process:
* getdns_query: a command line test script wrapper for getdns
* stubby: an experimental DNS Privacy enabled client
Note: If you only want to build stubby, then use the `--enable-stub-only` and `--without-libidn` options when running 'configure'.
Note: If you only want to build stubby, then use the `--with-stubby` option when running 'configure'.
## Minimizing dependencies
@ -99,7 +103,7 @@ Note: If you only want to build stubby, then use the `--enable-stub-only` and `-
## Extensions and Event loop dependencies
The implementation works with a variety of event loops, each built as a separate shared library. See [the wiki](https://github.com/getdnsapi/getdns/wiki/Asynchronous-Support#wiki-included-event-loop-integrations) for more details.
The implementation works with a variety of event loops, each built as a separate shared library. See [this Doxygen page](https://getdnsapi.net/doxygen/group__eventloops.html) and [this man page](https://getdnsapi.net/documentation/manpages/#ASYNCHRONOUS USE) for more details.
* [libevent](http://libevent.org). Note: the examples *require* this and should work with either libevent 1.x or 2.x. 2.x is preferred.
* [libuv](https://github.com/joyent/libuv)
@ -170,8 +174,8 @@ Non-goals (things we will not be doing at least initially) include:
## Language Bindings
In parallel, the team is actively developing bindings for various languages.
For more information, visit the
[wiki](https://github.com/getdnsapi/getdns/wiki/Language-Bindings).
For more information, visit this
[webpage](https://getdnsapi.net/bindings/).
## Unsupported getDNS Features
@ -187,10 +191,10 @@ The following minor implementation omissions are noted:
Recursive mode does not support:
* TLS as a transport
* Non-zero connection idle timeouts or query pipelining
* Anything other than query_type and resolution_type in the return_call_reporting extension
Stub mode does not support:
* Non zero idle timeouts for synchronous calls
* Limit on number of outstanding queries
# Known Issues
@ -264,7 +268,7 @@ build the packages; this is simply the one we chose to use.
If you're using [Homebrew](http://brew.sh/), you may run `brew install getdns`. By default, this will only build the core library without any 3rd party event loop support.
To install the [event loop integration libraries](https://github.com/getdnsapi/getdns/wiki/Asynchronous-Support) that enable support for libevent, libuv, and libev, run: `brew install getdns --with-libevent --with-libuv --with-libev`. All switches are optional.
To install the [event loop integration libraries](https://getdnsapi.net/doxygen/group__eventloops.html) that enable support for libevent, libuv, and libev, run: `brew install getdns --with-libevent --with-libuv --with-libev`. All switches are optional.
Note that in order to compile the examples, the `--with-libevent` switch is required.

28
configure.ac
View File

@ -36,12 +36,12 @@ sinclude(./m4/acx_getaddrinfo.m4)
sinclude(./m4/ax_check_compile_flag.m4)
sinclude(./m4/pkg.m4)
AC_INIT([getdns], [1.1.1], [users@getdnsapi.net], [], [https://getdnsapi.net])
AC_INIT([getdns], [1.1.3], [users@getdnsapi.net], [], [https://getdnsapi.net])
# Dont forget to put a dash in front of the release candidate!!!
# That is how it is done with semantic versioning!
#
AC_SUBST(RELEASE_CANDIDATE, [])
AC_SUBST(RELEASE_CANDIDATE, [-rc1])
# Set current date from system if not set
AC_ARG_WITH([current-date],
@ -51,7 +51,7 @@ AC_ARG_WITH([current-date],
[CURRENT_DATE="`date -u +%Y-%m-%dT%H:%M:%SZ`"])
AC_SUBST(GETDNS_VERSION, ["AC_PACKAGE_VERSION$RELEASE_CANDIDATE"])
AC_SUBST(GETDNS_NUMERIC_VERSION, [0x01010100])
AC_SUBST(GETDNS_NUMERIC_VERSION, [0x010102c1])
AC_SUBST(API_VERSION, ["December 2015"])
AC_SUBST(API_NUMERIC_VERSION, [0x07df0c00])
GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRENT_DATE for the $API_VERSION version of the API"
@ -83,9 +83,11 @@ GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRE
# getdns-0.9.0 had libversion 5:0:4
# getdns-1.0.0 had libversion 5:1:4
# getdns-1.1.0 had libversion 6:0:0
# getdns-1.1.1 has libversion 6:1:0
# getdns-1.1.1 had libversion 6:1:0
# getdns-1.1.2 has libversion 7:0:1
# getdns-1.1.3 will have libversion 7:1:1
#
GETDNS_LIBVERSION=6:1:0
GETDNS_LIBVERSION=7:1:1
AC_SUBST(GETDNS_COMPILATION_COMMENT)
AC_SUBST(GETDNS_LIBVERSION)
@ -1008,17 +1010,17 @@ AC_SUBST(GETDNS_QUERY)
AC_SUBST(INSTALL_GETDNS_QUERY)
AC_SUBST(UNINSTALL_GETDNS_QUERY)
AC_ARG_WITH(stubby, AS_HELP_STRING([--without-stubby],
[Do not compile and install stubby, the (stub) resolver daemon]),
[], [withval="yes"])
if test x_$withval = x_no; then
STUBBY=""
INSTALL_STUBBY=""
UNINSTALL_STUBBY=""
else
AC_ARG_WITH(stubby, AS_HELP_STRING([--with-stubby],
[Compile and install stubby, the (stub) resolver daemon]),
[], [withval="no"])
if test x_$withval = x_yes; then
STUBBY="stubby"
INSTALL_STUBBY="install-stubby"
UNINSTALL_STUBBY="uninstall-stubby"
else
STUBBY=""
INSTALL_STUBBY=""
UNINSTALL_STUBBY=""
fi
AC_SUBST(STUBBY)
AC_SUBST(INSTALL_STUBBY)

2
spec/index.html
View File

@ -875,7 +875,7 @@ names:</p>
<li><code>query_name</code> (a bindata) is the name that was sent</li>
<li><code>query_type</code> (an int) is the type that was queried for</li>
<li><code>query_to</code> (a bindata) is the address to which the query was sent</li>
<li><code>run_time</code> (a bindata) is the difference between the time the successful
<li><code>run_time/ms</code> (a bindata) is the difference between the time the successful
query started and ended in milliseconds, represented
as a uint32_t (this does not include time taken for connection set up
or transport fallback)</li>

57
src/Makefile.in
View File

@ -35,16 +35,23 @@ libversion = @GETDNS_LIBVERSION@
prefix = @prefix@
exec_prefix = @exec_prefix@
bindir = @bindir@
sbindir = @sbindir@
libdir = @libdir@
includedir = @includedir@
sysconfdir = @sysconfdir@
localstatedir = @localstatedir@
runstatedir = @runstatedir@
stubbyconfdir = $(sysconfdir)/stubby
have_libevent = @have_libevent@
have_libuv = @have_libuv@
have_libev = @have_libev@
# datarootdir is here to please some checkers
datarootdir=@datarootdir@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
srcdir = @srcdir@
stubbysrcdir = $(srcdir)/../stubby
LIBTOOL = ../libtool
CC=@CC@
@ -75,6 +82,8 @@ GETDNS_OBJ=const-info.lo convert.lo dict.lo dnssec.lo general.lo \
GLDNS_OBJ=keyraw.lo gbuffer.lo wire2str.lo parse.lo parseutil.lo rrdef.lo \
str2wire.lo
PROGRAMS=@STUBBY@
LIBOBJDIR=
LIBOBJS=@LIBOBJS@
COMPAT_OBJ=$(LIBOBJS:.o=.lo)
@ -97,7 +106,7 @@ NON_C99_OBJS=context.lo libuv.lo
default: all
all: libgetdns.la $(EXTENSION_LIBEVENT_LIB) $(EXTENSION_LIBUV_LIB) $(EXTENSION_LIBEV_LIB)
all: libgetdns.la $(EXTENSION_LIBEVENT_LIB) $(EXTENSION_LIBUV_LIB) $(EXTENSION_LIBEV_LIB) $(PROGRAMS)
$(GETDNS_OBJ):
$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -c $(srcdir)/$(@:.lo=.c) -o $@
@ -123,25 +132,35 @@ context.lo:
libuv.lo:
$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) $(C99COMPATFLAGS) -c $(srcdir)/extension/libuv.c -o libuv.lo
install: libgetdns.la
install-headers: getdns/getdns.h getdns/getdns_extra.h
$(INSTALL) -m 755 -d $(DESTDIR)$(includedir)
$(INSTALL) -m 755 -d $(DESTDIR)$(includedir)/getdns
$(INSTALL) -m 644 getdns/getdns.h $(DESTDIR)$(includedir)/getdns/getdns.h
$(INSTALL) -m 644 getdns/getdns_extra.h $(DESTDIR)$(includedir)/getdns/getdns_extra.h
if test $(have_libevent) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libevent.h $(DESTDIR)$(includedir)/getdns/ ; fi
if test $(have_libuv) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libuv.h $(DESTDIR)$(includedir)/getdns/ ; fi
if test $(have_libev) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libev.h $(DESTDIR)$(includedir)/getdns/ ; fi
uninstall-headers:
rm -rf $(DESTDIR)$(includedir)/getdns
install-libs: libgetdns.la
$(INSTALL) -m 755 -d $(DESTDIR)$(libdir)
$(LIBTOOL) --mode=install cp libgetdns.la $(DESTDIR)$(libdir)
if test $(have_libevent) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libevent.h $(DESTDIR)$(includedir)/getdns/ ; $(LIBTOOL) --mode=install cp $(EXTENSION_LIBEVENT_LIB) $(DESTDIR)$(libdir) ; fi
if test $(have_libuv) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libuv.h $(DESTDIR)$(includedir)/getdns/ ; $(LIBTOOL) --mode=install cp $(EXTENSION_LIBUV_LIB) $(DESTDIR)$(libdir) ; fi
if test $(have_libev) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libev.h $(DESTDIR)$(includedir)/getdns/ ; $(LIBTOOL) --mode=install cp $(EXTENSION_LIBEV_LIB) $(DESTDIR)$(libdir) ; fi
if test $(have_libevent) = 1 ; then $(LIBTOOL) --mode=install cp $(EXTENSION_LIBEVENT_LIB) $(DESTDIR)$(libdir) ; fi
if test $(have_libuv) = 1 ; then $(LIBTOOL) --mode=install cp $(EXTENSION_LIBUV_LIB) $(DESTDIR)$(libdir) ; fi
if test $(have_libev) = 1 ; then $(LIBTOOL) --mode=install cp $(EXTENSION_LIBEV_LIB) $(DESTDIR)$(libdir) ; fi
$(LIBTOOL) --mode=finish $(DESTDIR)$(libdir)
uninstall:
rm -rf $(DESTDIR)$(includedir)/getdns
$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/libgetdns.la
uninstall-libs:
if test $(have_libevent) = 1; then $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$(EXTENSION_LIBEVENT_LIB) ; fi
if test $(have_libuv) = 1; then $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$(EXTENSION_LIBUV_LIB) ; fi
if test $(have_libev) = 1; then $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$(EXTENSION_LIBEV_LIB) ; fi
$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/libgetdns.la
install: install-libs install-headers @INSTALL_STUBBY@
uninstall: @UNINSTALL_STUBBY@ uninstall-headers uninstall-libs
libgetdns_ext_event.la: libgetdns.la libevent.lo
$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ libevent.lo libgetdns.la $(LDFLAGS) $(EXTENSION_LIBEVENT_LDFLAGS) $(EXTENSION_LIBEVENT_EXT_LIBS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/extension/libevent.symbols
@ -163,8 +182,24 @@ test: default
getdns_query: default
cd tools && $(MAKE) $@
stubby: getdns_query
cd tools && $(MAKE) $@
stubby.lo: $(stubbysrcdir)/src/stubby.c
$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -DSTUBBYCONFDIR=\"$(sysconfdir)/stubby\" -DRUNSTATEDIR=\"$(runstatedir)\" -c $< -o $@
stubby: stubby.lo libgetdns.la
$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ stubby.lo $(LDFLAGS) libgetdns.la
install-stubby: stubby $(stubbysrcdir)/stubby.conf.example $(stubbysrcdir)/stubby-setdns-macos.sh
$(INSTALL) -m 755 -d $(DESTDIR)$(bindir)
$(LIBTOOL) --mode=install cp stubby $(DESTDIR)$(bindir)
$(INSTALL) -m 755 -d $(DESTDIR)$(sbindir)
$(INSTALL) -m 755 $(stubbysrcdir)/stubby-setdns-macos.sh $(DESTDIR)$(sbindir)
$(INSTALL) -m 755 -d $(DESTDIR)$(stubbyconfdir)
test -f $(DESTDIR)$(stubbyconfdir)/stubby.conf || \
$(INSTALL_DATA) $(stubbysrcdir)/stubby.conf.example $(DESTDIR)$(stubbyconfdir)/stubby.conf
uninstall-stubby:
$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(bindir)/stubby
rm -f $(DESTDIR)$(sbindir)/stubby-setdns-macos.sh
scratchpad: default
cd test && $(MAKE) $@

16
src/const-info.c
View File

@ -11,6 +11,12 @@ static struct const_info consts_info[] = {
{ -1, NULL, "/* <unknown getdns value> */" },
{ 0, "GETDNS_RETURN_GOOD", GETDNS_RETURN_GOOD_TEXT },
{ 1, "GETDNS_RETURN_GENERIC_ERROR", GETDNS_RETURN_GENERIC_ERROR_TEXT },
{ 2, "GETDNS_LOG_CRIT", GETDNS_LOG_CRIT_TEXT },
{ 3, "GETDNS_LOG_ERR", GETDNS_LOG_ERR_TEXT },
{ 4, "GETDNS_LOG_WARNING", GETDNS_LOG_WARNING_TEXT },
{ 5, "GETDNS_LOG_NOTICE", GETDNS_LOG_NOTICE_TEXT },
{ 6, "GETDNS_LOG_INFO", GETDNS_LOG_INFO_TEXT },
{ 7, "GETDNS_LOG_DEBUG", GETDNS_LOG_DEBUG_TEXT },
{ 300, "GETDNS_RETURN_BAD_DOMAIN_NAME", GETDNS_RETURN_BAD_DOMAIN_NAME_TEXT },
{ 301, "GETDNS_RETURN_BAD_CONTEXT", GETDNS_RETURN_BAD_CONTEXT_TEXT },
{ 302, "GETDNS_RETURN_CONTEXT_UPDATE_FAIL", GETDNS_RETURN_CONTEXT_UPDATE_FAIL_TEXT },
@ -97,6 +103,7 @@ static struct const_info consts_info[] = {
{ 1202, "GETDNS_TRANSPORT_TLS", GETDNS_TRANSPORT_TLS_TEXT },
{ 1300, "GETDNS_AUTHENTICATION_NONE", GETDNS_AUTHENTICATION_NONE_TEXT },
{ 1301, "GETDNS_AUTHENTICATION_REQUIRED", GETDNS_AUTHENTICATION_REQUIRED_TEXT },
{ 4096, "GETDNS_LOG_UPSTREAM_STATS", GETDNS_LOG_UPSTREAM_STATS_TEXT },
};
static int const_info_cmp(const void *a, const void *b)
@ -175,6 +182,15 @@ static struct const_name_info consts_name_info[] = {
{ "GETDNS_DNSSEC_SECURE", 400 },
{ "GETDNS_EXTENSION_FALSE", 1001 },
{ "GETDNS_EXTENSION_TRUE", 1000 },
{ "GETDNS_LOG_ALERT", 1 },
{ "GETDNS_LOG_CRIT", 2 },
{ "GETDNS_LOG_DEBUG", 7 },
{ "GETDNS_LOG_EMERG", 0 },
{ "GETDNS_LOG_ERR", 3 },
{ "GETDNS_LOG_INFO", 6 },
{ "GETDNS_LOG_NOTICE", 5 },
{ "GETDNS_LOG_UPSTREAM_STATS", 4096 },
{ "GETDNS_LOG_WARNING", 4 },
{ "GETDNS_NAMESPACE_DNS", 500 },
{ "GETDNS_NAMESPACE_LOCALNAMES", 501 },
{ "GETDNS_NAMESPACE_MDNS", 503 },

84
src/context.c
View File

@ -61,6 +61,7 @@ typedef unsigned short in_port_t;
#include <assert.h>
#include <ctype.h>
#include <stdarg.h>
#ifdef HAVE_PTHREAD
#include <pthread.h>
@ -241,7 +242,6 @@ add_WIN_cacerts_to_openssl_store(SSL_CTX* tls_ctx)
}
#endif
#if !defined(STUB_NATIVE_DNSSEC) || (defined(DAEMON_DEBUG) && DAEMON_DEBUG)
static uint8_t*
upstream_addr(getdns_upstream *upstream)
{
@ -249,8 +249,6 @@ upstream_addr(getdns_upstream *upstream)
? (void *)&((struct sockaddr_in*)&upstream->addr)->sin_addr
: (void *)&((struct sockaddr_in6*)&upstream->addr)->sin6_addr;
}
#endif
static in_port_t
upstream_port(getdns_upstream *upstream)
@ -655,6 +653,7 @@ upstreams_create(getdns_context *context, size_t size)
r->current_stateful = 0;
r->tls_backoff_time = context->tls_backoff_time;
r->tls_connection_retries = context->tls_connection_retries;
r->log = context->log;
return r;
}
@ -719,6 +718,22 @@ _getdns_upstreams_dereference(getdns_upstreams *upstreams)
GETDNS_FREE(upstreams->mf, upstreams);
}
void _getdns_upstream_log(getdns_upstream *upstream, uint64_t system,
getdns_loglevel_type level, const char *fmt, ...)
{
va_list args;
if (!upstream || !upstream->upstreams || !upstream->upstreams->log.func
|| !(upstream->upstreams->log.system & system)
|| level > upstream->upstreams->log.level)
return;
va_start(args, fmt);
upstream->upstreams->log.func(
upstream->upstreams->log.userarg, system, level, fmt, args);
va_end(args);
}
void
_getdns_upstream_shutdown(getdns_upstream *upstream)
{
@ -732,23 +747,24 @@ _getdns_upstream_shutdown(getdns_upstream *upstream)
/* Keep track of the best auth state this upstream has had*/
if (upstream->tls_auth_state > upstream->best_tls_auth_state)
upstream->best_tls_auth_state = upstream->tls_auth_state;
#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
DEBUG_DAEMON("%s %-40s : Conn closed : Transport=%s - Resp=%d,Timeouts=%d,Auth=%s,Keepalive(ms)=%d\n",
STUB_DEBUG_DAEMON, upstream->addr_str,
_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
"%-40s : Conn closed : Transport=%s - Resp=%d,Timeouts=%d,Auth=%s,Keepalive(ms)=%d\n",
upstream->addr_str,
(upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"),
(int)upstream->responses_received, (int)upstream->responses_timeouts,
_getdns_auth_str(upstream->tls_auth_state), (int)upstream->keepalive_timeout);
DEBUG_DAEMON("%s %-40s : Upstream stats: Transport=%s - Resp=%d,Timeouts=%d,Best_auth=%s\n",
STUB_DEBUG_DAEMON, upstream->addr_str,
_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
"%-40s : Upstream stats: Transport=%s - Resp=%d,Timeouts=%d,Best_auth=%s\n",
upstream->addr_str,
(upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"),
(int)upstream->total_responses, (int)upstream->total_timeouts,
_getdns_auth_str(upstream->best_tls_auth_state));
DEBUG_DAEMON("%s %-40s : Upstream stats: Transport=%s - Conns=%d,Conn_fails=%d,Conn_shutdowns=%d,Backoffs=%d\n",
STUB_DEBUG_DAEMON, upstream->addr_str,
_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
"%-40s : Upstream stats: Transport=%s - Conns=%d,Conn_fails=%d,Conn_shutdowns=%d,Backoffs=%d\n",
upstream->addr_str,
(upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"),
(int)upstream->conn_completed, (int)upstream->conn_setup_failed,
(int)upstream->conn_shutdowns, (int)upstream->conn_backoffs);
#endif
/* Back off connections that never got up service at all (probably no
TCP service or incompatible TLS version/cipher).
@ -771,11 +787,11 @@ _getdns_upstream_shutdown(getdns_upstream *upstream)
upstream->conn_setup_failed = 0;
upstream->conn_shutdowns = 0;
upstream->conn_backoffs++;
#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
DEBUG_DAEMON("%s %-40s : !Backing off this upstream - Will retry as new upstream at %s",
STUB_DEBUG_DAEMON, upstream->addr_str,
_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
"%-40s : !Backing off this upstream - Will retry as new upstream at %s",
upstream->addr_str,
asctime(gmtime(&upstream->conn_retry_time)));
#endif
}
// Reset per connection counters
upstream->queries_sent = 0;
@ -920,10 +936,8 @@ upstream_init(getdns_upstream *upstream,
upstream->addr_len = ai->ai_addrlen;
(void) memcpy(&upstream->addr, ai->ai_addr, ai->ai_addrlen);
#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
inet_ntop(upstream->addr.ss_family, upstream_addr(upstream),
upstream->addr_str, INET6_ADDRSTRLEN);
#endif
/* How is this upstream doing on connections? */
upstream->conn_completed = 0;
@ -1366,6 +1380,11 @@ getdns_context_create_with_extended_memory_functions(
result->update_callback2 = NULL_update_callback;
result->update_userarg = NULL;
result->log.func = NULL;
result->log.userarg = NULL;
result->log.system = 0;
result->log.level = GETDNS_LOG_ERR;
result->mf.mf_arg = userarg;
result->mf.mf.ext.malloc = malloc;
result->mf.mf.ext.realloc = realloc;
@ -1689,6 +1708,37 @@ getdns_context_get_update_callback(getdns_context *context, void **userarg,
return GETDNS_RETURN_GOOD;
}
getdns_return_t
getdns_context_set_logfunc(getdns_context *context, void *userarg,
uint64_t system, getdns_loglevel_type level, getdns_logfunc_type log)
{
if (!context)
return GETDNS_RETURN_INVALID_PARAMETER;
context->log.func = log;
context->log.userarg = userarg;
context->log.system = system;
context->log.level = level;
if (context->upstreams) {
context->upstreams->log = context->log;
}
return GETDNS_RETURN_GOOD;
}
void _getdns_context_log(getdns_context *context, uint64_t system,
getdns_loglevel_type level, const char *fmt, ...)
{
va_list args;
if (!context || !context->log.func || !(context->log.system & system)
|| level > context->log.level)
return;
va_start(args, fmt);
context->log.func(context->log.userarg, system, level, fmt, args);
va_end(args);
}
#ifdef HAVE_LIBUNBOUND
/*
* Helpers to set options on the unbound ctx

19
src/context.h
View File

@ -127,9 +127,7 @@ typedef struct getdns_upstream {
socklen_t addr_len;
struct sockaddr_storage addr;
#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
char addr_str[INET6_ADDRSTRLEN];
#endif
/**
* How is this upstream doing over UDP?
@ -238,6 +236,13 @@ typedef struct getdns_upstream {
} getdns_upstream;
typedef struct getdns_log_config {
getdns_logfunc_type func;
void *userarg;
uint64_t system;
getdns_loglevel_type level;
} getdns_log_config;
typedef struct getdns_upstreams {
struct mem_funcs mf;
size_t referenced;
@ -246,6 +251,7 @@ typedef struct getdns_upstreams {
size_t current_stateful;
uint16_t tls_backoff_time;
uint16_t tls_connection_retries;
getdns_log_config log;
getdns_upstream upstreams[];
} getdns_upstreams;
@ -296,6 +302,8 @@ struct getdns_context {
getdns_update_callback2 update_callback2;
void *update_userarg;
getdns_log_config log;
int processing;
int destroying;
@ -395,6 +403,13 @@ struct getdns_context {
#endif /* HAVE_MDNS_SUPPORT */
}; /* getdns_context */
void _getdns_upstream_log(getdns_upstream *upstream, uint64_t system,
getdns_loglevel_type level, const char *fmt, ...);
void _getdns_context_log(getdns_context *context, uint64_t system,
getdns_loglevel_type level, const char *fmt, ...);
/** internal functions **/
/**
* Sets up the unbound contexts with stub or recursive behavior

1
src/debug.h
View File

@ -44,7 +44,6 @@
#define STUB_DEBUG_READ "------- READ: "
#define STUB_DEBUG_WRITE "------- WRITE: "
#define STUB_DEBUG_CLEANUP "--- CLEANUP: "
#define STUB_DEBUG_DAEMON "GETDNS_DAEMON: "
#ifdef GETDNS_ON_WINDOWS
#define DEBUG_ON(...) do { \

75
src/dnssec.c
View File

@ -550,11 +550,26 @@ static chain_head *add_rrset2val_chain(struct mem_funcs *mf,
/* Also, try to prevent adding double rrsets */
if ( rrset->rr_class == head->rrset.rr_class
&& rrset->rr_type == head->rrset.rr_type
&& rrset->pkt == head->rrset.pkt
&& rrset->pkt_len == head->rrset.pkt_len
&& _dname_equal(rrset->name, head->rrset.name))
return NULL;
&& _dname_equal(rrset->name, head->rrset.name)) {
if (rrset->pkt == head->rrset.pkt &&
rrset->pkt_len == head->rrset.pkt_len)
return NULL;
else {
/* Anticipate resubmissions due to
* roadblock avoidance */
head->rrset.pkt = rrset->pkt;
head->rrset.pkt_len = rrset->pkt_len;
return head;
}
}
if ( rrset->rr_class == head->rrset.rr_class
&& rrset->rr_type == head->rrset.rr_type
&& rrset->pkt != head->rrset.pkt
&& _dname_equal(rrset->name, head->rrset.name)) {
return NULL;
}
for (label = labels; label < last_label; label++) {
if (! _dname_is_parent(*label, head->rrset.name))
break;
@ -1050,6 +1065,7 @@ static void val_chain_node_cb(getdns_dns_req *dnsreq)
break;
case GETDNS_RRTYPE_DNSKEY: node->dnskey.pkt = netreq->response;
node->dnskey.pkt_len = netreq->response_len;
/* fallthrough */
default : check_chain_complete(node->chains);
return;
}
@ -2416,6 +2432,7 @@ static int key_proves_nonexistance(
* ========================+
* First find the closest encloser.
*/
if (*rrset->name)
for ( nc_name = rrset->name, ce_name = rrset->name + *rrset->name + 1
; *ce_name ; nc_name = ce_name, ce_name += *ce_name + 1) {
@ -2678,6 +2695,7 @@ static int chain_head_validate(struct mem_funcs *mf, time_t now, uint32_t skew,
if (_getdns_rrset_has_rrs(&ds_ta)) {
switch (chain_head_validate_with_ta(mf,now,skew,head,&ds_ta)) {
case GETDNS_DNSSEC_SECURE : s = GETDNS_DNSSEC_SECURE;
/* fallthrough */
case GETDNS_DNSSEC_INSECURE: if (s != GETDNS_DNSSEC_SECURE)
s = GETDNS_DNSSEC_INSECURE;
break;
@ -3029,19 +3047,50 @@ static void check_chain_complete(chain_head *chain)
&& !dnsreq->avoid_dnssec_roadblocks
&& dnsreq->netreqs[0]->dnssec_status == GETDNS_DNSSEC_BOGUS) {
int r = GETDNS_RETURN_GOOD;
getdns_network_req **netreq_p, *netreq;
uint64_t now_ms = 0;
dnsreq->avoid_dnssec_roadblocks = 1;
dnsreq->chain->lock += 1;
for ( netreq_p = dnsreq->netreqs
; !r && (netreq = *netreq_p)
; (netreq = *netreq_p)
; netreq_p++) {
_getdns_netreq_change_state(netreq, NET_REQ_NOT_SENT);
netreq->dnssec_status =
GETDNS_DNSSEC_INDETERMINATE;
netreq->owner = dnsreq;
r = _getdns_submit_netreq(netreq, &now_ms);
(void) _getdns_submit_netreq(netreq, &now_ms);
}
if (!dnsreq->dnssec_return_validation_chain)
return;
for ( head = chain; head ; head = next ) {
next = head->next;
for ( node_count = head->node_count
, node = head->parent
; node_count
; node_count--, node = node->parent ) {
if (node->dnskey_req) {
_getdns_netreq_change_state(
node->dnskey_req,
NET_REQ_NOT_SENT);
node->dnskey_req->owner->
avoid_dnssec_roadblocks = 1;
(void) _getdns_submit_netreq(
node->dnskey_req, &now_ms);
}
if (node->ds_req) {
_getdns_netreq_change_state(
node->ds_req, NET_REQ_NOT_SENT);
node->ds_req->owner->
avoid_dnssec_roadblocks = 1;
(void) _getdns_submit_netreq(
node->ds_req, &now_ms);
}
}
}
return;
}
@ -3185,11 +3234,16 @@ void _getdns_get_validation_chain(getdns_dns_req *dnsreq)
getdns_network_req *netreq, **netreq_p;
chain_head *chain = NULL, *chain_p;
if (dnsreq->validating)
if (dnsreq->avoid_dnssec_roadblocks) {
chain = dnsreq->chain;
} else if (dnsreq->validating)
return;
dnsreq->validating = 1;
for (netreq_p = dnsreq->netreqs; (netreq = *netreq_p) ; netreq_p++) {
if (dnsreq->avoid_dnssec_roadblocks && chain->lock == 0)
; /* pass */
else for (netreq_p = dnsreq->netreqs; (netreq = *netreq_p) ; netreq_p++) {
if (! netreq->response
|| netreq->response_len < GLDNS_HEADER_SIZE
|| ( GLDNS_RCODE_WIRE(netreq->response)
@ -3217,6 +3271,9 @@ void _getdns_get_validation_chain(getdns_dns_req *dnsreq)
if (chain_p->lock) chain_p->lock--;
}
dnsreq->chain = chain;
if (dnsreq->avoid_dnssec_roadblocks && chain->lock)
chain->lock -= 1;
check_chain_complete(chain);
} else {
dnsreq->validating = 0;

4
src/extension/poll_eventloop.c
View File

@ -435,13 +435,13 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
poll_loop->pfds[i].fd = -1;
}
if (poll_loop->fd_events[j].event->write_cb &&
poll_loop->pfds[j].revents & POLLOUT)
poll_loop->pfds[j].revents & (POLLOUT|POLLERR|POLLHUP|POLLNVAL))
poll_write_cb( poll_loop->pfds[j].fd
, poll_loop->fd_events[j].event);
if (poll_loop->fd_events[j].event &&
poll_loop->fd_events[j].event->read_cb &&
poll_loop->pfds[j].revents & POLLIN)
poll_loop->pfds[j].revents & (POLLIN|POLLERR|POLLHUP|POLLNVAL))
poll_read_cb( poll_loop->pfds[j].fd
, poll_loop->fd_events[j].event);
}

7
src/general.c
View File

@ -59,6 +59,9 @@ void _getdns_call_user_callback(getdns_dns_req *dnsreq, getdns_dict *response)
{
_getdns_context_clear_outbound_request(dnsreq);
#if defined(REQ_DEBUG) && REQ_DEBUG
debug_req(__FUNC__, *dnsreq->netreqs);
#endif
if (dnsreq->user_callback) {
dnsreq->context->processing = 1;
dnsreq->user_callback(dnsreq->context,
@ -211,6 +214,7 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
#ifdef STUB_NATIVE_DNSSEC
|| (dns_req->context->resolution_type == GETDNS_RESOLUTION_STUB
&& !dns_req->avoid_dnssec_roadblocks
&& (dns_req->dnssec_return_status ||
dns_req->dnssec_return_only_secure ||
dns_req->dnssec_return_all_statuses
@ -228,6 +232,9 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
NULL, NULL, (getdns_eventloop_callback)
_getdns_validation_chain_timeout));
#if defined(REQ_DEBUG) && REQ_DEBUG
debug_req("getting validation chain for ", *dns_req->netreqs);
#endif
_getdns_get_validation_chain(dns_req);
} else
_getdns_call_user_callback(

3
src/getdns/getdns.h.in
View File

@ -1101,7 +1101,6 @@ getdns_service(getdns_context *context,
* (e.g. CRYPTO_THREADID_set_call) depending on the library version used.
* @param context context that can be used immediately with other API calls
* @param set_from_os set to 1 to initialize the context with os defaults
* the second bit set (2) prevents OpenSSL library initialization.
* @return GETDNS_RETURN_GOOD on success
*/
getdns_return_t
@ -1114,7 +1113,6 @@ getdns_context_create(getdns_context ** context, int set_from_os);
* (e.g. CRYPTO_THREADID_set_call) depending on the library version used.
* @param context context that can be used immediately with other API calls
* @param set_from_os set to 1 to initialize the context with os defaults
* the second bit set (2) prevents OpenSSL library initialization.
* @param malloc custom malloc function
* @param realloc custom realloc function
* @param free custom free function
@ -1136,7 +1134,6 @@ getdns_context_create_with_memory_functions(
* (e.g. CRYPTO_THREADID_set_call) depending on the library version used.
* @param context context that can be used immediately with other API calls
* @param set_from_os set to 1 to initialize the context with os defaults
* the second bit set (2) prevents OpenSSL library initialization.
* @param userarg parameter passed to the custom malloc, realloc and free functions
* @param malloc custom malloc function
* @param realloc custom realloc function

38
src/getdns/getdns_extra.h.in
View File

@ -39,6 +39,7 @@
#include <sys/time.h>
#include <stdio.h>
#include <time.h>
#include <stdarg.h>
#ifdef __cplusplus
extern "C" {
@ -501,13 +502,40 @@ getdns_context_set_tls_query_padding_blocksize(getdns_context *context, uint16_t
*/
getdns_return_t
getdns_context_unset_edns_maximum_udp_payload_size(getdns_context *context);
/** @}
*/
/**
* \addtogroup getdns_context
* @{
typedef enum getdns_loglevel_type {
GETDNS_LOG_EMERG = 0,
GETDNS_LOG_ALERT = 1,
GETDNS_LOG_CRIT = 2,
GETDNS_LOG_ERR = 3,
GETDNS_LOG_WARNING = 4,
GETDNS_LOG_NOTICE = 5,
GETDNS_LOG_INFO = 6,
GETDNS_LOG_DEBUG = 7
} getdns_loglevel_type;
#define GETDNS_LOG_EMERG_TEXT "System is unusable"
#define GETDNS_LOG_ALERT_TEXT "Action must be taken immediately"
#define GETDNS_LOG_CRIT_TEXT "Critical conditions"
#define GETDNS_LOG_ERR_TEXT "Error conditions"
#define GETDNS_LOG_WARNING_TEXT "Warning conditions"
#define GETDNS_LOG_NOTICE_TEXT "normal, but significant, condition"
#define GETDNS_LOG_INFO_TEXT "Informational message"
#define GETDNS_LOG_DEBUG_TEXT "Debug-level message"
#define GETDNS_LOG_UPSTREAM_STATS 4096
#define GETDNS_LOG_UPSTREAM_STATS_TEXT "Log messages about upstream statistics"
typedef void (*getdns_logfunc_type) (void *userarg, uint64_t log_systems,
getdns_loglevel_type, const char *, va_list ap);
/**
*
*/
getdns_return_t
getdns_context_set_logfunc(getdns_context *context, void *userarg,
uint64_t system, getdns_loglevel_type level, getdns_logfunc_type func);
/**
* Get the current resolution type setting from this context.

2
src/gldns/gbuffer.c
View File

@ -50,6 +50,8 @@ gldns_buffer_new_frm_data(gldns_buffer *buffer, void *data, size_t size)
buffer->_limit = buffer->_capacity = size;
buffer->_fixed = 0;
buffer->_vfixed = 0;
if (!buffer->_fixed && buffer->_data)
free(buffer->_data);
buffer->_data = malloc(size);
if(!buffer->_data) {
buffer->_status_err = 1;

9
src/gldns/parseutil.c
View File

@ -402,10 +402,12 @@ gldns_b32_ntop_base(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz,
/* ........ ........ ....4444 4....... ........ */
c = src[3] >> 7 ;
/* fallthrough */
case 3: dst[4] = b32[(src[2] & 0x0f) << 1 | c];
/* ........ .......3 3333.... ........ ........ */
c = src[2] >> 4 ;
/* fallthrough */
case 2: dst[3] = b32[(src[1] & 0x01) << 4 | c];
/* ........ ..22222. ........ ........ ........ */
@ -413,6 +415,7 @@ gldns_b32_ntop_base(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz,
/* .....111 11...... ........ ........ ........ */
c = src[1] >> 6 ;
/* fallthrough */
case 1: dst[1] = b32[(src[0] & 0x07) << 2 | c];
/* 00000... ........ ........ ........ ........ */
@ -423,9 +426,12 @@ gldns_b32_ntop_base(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz,
switch (src_sz) {
case 1: dst[2] = '=';
dst[3] = '=';
/* fallthrough */
case 2: dst[4] = '=';
/* fallthrough */
case 3: dst[5] = '=';
dst[6] = '=';
/* fallthrough */
case 4: dst[7] = '=';
}
}
@ -537,15 +543,18 @@ gldns_b32_pton_base(const char* src, size_t src_sz, uint8_t* dst, size_t dst_sz,
/* ........ ........ ........ .55555.. ........ */
/* ........ ........ ....4444 4....... ........ */
dst[3] = buf[4] << 7 | buf[5] << 2 | buf[6] >> 3;
/* fallthrough */
case 5: /* ........ ........ ....4444 4....... ........ */
/* ........ .......3 3333.... ........ ........ */
dst[2] = buf[3] << 4 | buf[4] >> 1;
/* fallthrough */
case 4: /* ........ .......3 3333.... ........ ........ */
/* ........ ..22222. ........ ........ ........ */
/* .....111 11...... ........ ........ ........ */
dst[1] = buf[1] << 6 | buf[2] << 1 | buf[3] >> 4;
/* fallthrough */
case 2: /* .....111 11...... ........ ........ ........ */
/* 00000... ........ ........ ........ ........ */

8
src/gldns/str2wire.c
View File

@ -1190,6 +1190,10 @@ int gldns_str2wire_b64_buf(const char* str, uint8_t* rd, size_t* len)
{
size_t sz = gldns_b64_pton_calculate_size(strlen(str));
int n;
if(strcmp(str, "0") == 0) {
*len = 0;
return GLDNS_WIREPARSE_ERR_OK;
}
if(*len < sz)
return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
n = gldns_b64_pton(str, rd, *len);
@ -1223,6 +1227,10 @@ int gldns_str2wire_hex_buf(const char* str, uint8_t* rd, size_t* len)
s++;
continue;
}
if(dlen == 0 && *s == '0' && *(s+1) == 0) {
*len = 0;
return GLDNS_WIREPARSE_ERR_OK;
}
if(!isxdigit((unsigned char)*s))
return RET_ERR(GLDNS_WIREPARSE_ERR_SYNTAX_HEX, s-str);
if(*len < dlen/2 + 1)

6
src/gldns/wire2str.c
View File

@ -1220,11 +1220,17 @@ static int gldns_wire2str_b64_scan_num(uint8_t** d, size_t* dl, char** s,
int gldns_wire2str_b64_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
{
if(*dl == 0) {
return gldns_str_print(s, sl, "0");
}
return gldns_wire2str_b64_scan_num(d, dl, s, sl, *dl);
}
int gldns_wire2str_hex_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
{
if(*dl == 0) {
return gldns_str_print(s, sl, "0");
}
return print_remainder_hex("", d, dl, s, sl);
}

2
src/jsmn

@ -1 +1 @@
Subproject commit 868c22e35ec223fc26ddefdb9ca83901dc6e2534
Subproject commit c831c3869f56a571a79a3cbf58e0a366e588e256

1
src/libgetdns.symbols
View File

@ -55,6 +55,7 @@ getdns_context_set_follow_redirects
getdns_context_set_idle_timeout
getdns_context_set_limit_outstanding_queries
getdns_context_set_listen_addresses
getdns_context_set_logfunc
getdns_context_set_memory_functions
getdns_context_set_namespaces
getdns_context_set_resolution_type

2
src/mk-const-info.c.sh
View File

@ -14,7 +14,7 @@ cat > const-info.c << END_OF_HEAD
static struct const_info consts_info[] = {
{ -1, NULL, "/* <unknown getdns value> */" },
END_OF_HEAD
gawk '/^[ ]+GETDNS_[A-Z_]+[ ]+=[ ]+[0-9]+/{ key = sprintf("%4d", $3); consts[key] = $1; }/^#define GETDNS_[A-Z_]+[ ]+[0-9]+/ && !/^#define GETDNS_RRTYPE/ && !/^#define GETDNS_RRCLASS/ && !/^#define GETDNS_OPCODE/ && !/^#define GETDNS_RCODE/ && !/_TEXT/{ key = sprintf("%4d", $3); consts[key] = $2; }/^#define GETDNS_[A-Z_]+[ ]+\(\(getdns_(return|append_name)_t) [0-9]+ \)/{ key = sprintf("%4d", $4); consts[key] = $2; }END{ n = asorti(consts, const_vals); for ( i = 1; i <= n; i++) { val = const_vals[i]; name = consts[val]; print "\t{ "val", \""name"\", "name"_TEXT },"}}' getdns/getdns.h.in getdns/getdns_extra.h.in | sed 's/,,/,/g' >> const-info.c
gawk '/^[ ]+GETDNS_[A-Z_]+[ ]+=[ ]+[0-9]+/{ key = sprintf("%7d", $3); consts[key] = $1; }/^#define GETDNS_[A-Z_]+[ ]+[0-9]+/ && !/^#define GETDNS_RRTYPE/ && !/^#define GETDNS_RRCLASS/ && !/^#define GETDNS_OPCODE/ && !/^#define GETDNS_RCODE/ && !/_TEXT/{ key = sprintf("%7d", $3); consts[key] = $2; }/^#define GETDNS_[A-Z_]+[ ]+\(\(getdns_(return|append_name)_t) [0-9]+ \)/{ key = sprintf("%7d", $4); consts[key] = $2; }END{ n = asorti(consts, const_vals); for ( i = 1; i <= n; i++) { val = const_vals[i]; name = consts[val]; print "\t{ "val", \""name"\", "name"_TEXT },"}}' getdns/getdns_extra.h.in getdns/getdns.h.in | sed 's/,,/,/g' >> const-info.c
cat >> const-info.c << END_OF_TAIL
};

79
src/stub.c
View File

@ -427,13 +427,12 @@ tcp_connect(getdns_upstream *upstream, getdns_transport_list_t transport)
endpoints.sae_dstaddrlen = upstream->addr_len;
if (connectx(fd, &endpoints, SAE_ASSOCID_ANY,
CONNECT_DATA_IDEMPOTENT | CONNECT_RESUME_ON_READ_WRITE,
NULL, 0, NULL, NULL) == -1) {
if (errno != EINPROGRESS) {
close(fd);
return -1;
}
}
NULL, 0, NULL, NULL) == 0) {
return fd;
}
if (errno == EINPROGRESS) {
return fd;
}
#else
(void)transport;
#endif
@ -588,6 +587,7 @@ _getdns_cancel_stub_request(getdns_network_req *netreq)
#else
close(netreq->fd);
#endif
netreq->fd = -1;
}
}
@ -606,13 +606,13 @@ stub_timeout_cb(void *userarg)
#else
close(netreq->fd);
#endif
netreq->fd = -1;
netreq->upstream->udp_timeouts++;
#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
if (netreq->upstream->udp_timeouts % 100 == 0)
DEBUG_DAEMON("%s %-40s : Upstream stats: Transport=UDP - Resp=%d,Timeouts=%d\n",
STUB_DEBUG_DAEMON, netreq->upstream->addr_str,
_getdns_upstream_log(netreq->upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
"%-40s : Upstream stats: Transport=UDP - Resp=%d,Timeouts=%d\n",
netreq->upstream->addr_str,
(int)netreq->upstream->udp_responses, (int)netreq->upstream->udp_timeouts);
#endif
stub_next_upstream(netreq);
} else {
netreq->upstream->responses_timeouts++;
@ -908,12 +908,11 @@ tls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
STUB_DEBUG_SETUP_TLS, __FUNC__, upstream->fd, err,
X509_verify_cert_error_string(err));
#endif
#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
if (!preverify_ok && !upstream->tls_fallback_ok)
DEBUG_DAEMON("%s %-40s : Verify failed : Transport=TLS - *Failure* - (%d) \"%s\"\n",
STUB_DEBUG_DAEMON, upstream->addr_str, err,
_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
"%-40s : Verify failed : Transport=TLS - *Failure* - (%d) \"%s\"\n",
upstream->addr_str, err,
X509_verify_cert_error_string(err));
#endif
/* First deal with the hostname authentication done by OpenSSL. */
#ifdef X509_V_ERR_HOSTNAME_MISMATCH
@ -945,11 +944,10 @@ tls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
if (upstream->tls_fallback_ok)
DEBUG_STUB("%s %-35s: FD: %d, WARNING: Proceeding even though pinset validation failed!\n",
STUB_DEBUG_SETUP_TLS, __FUNC__, upstream->fd);
#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
else
DEBUG_DAEMON("%s %-40s : Conn failed : Transport=TLS - *Failure* - Pinset validation failure\n",
STUB_DEBUG_DAEMON, upstream->addr_str);
#endif
_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
"%-40s : Conn failed : Transport=TLS - *Failure* - Pinset validation failure\n",
upstream->addr_str);
} else {
/* If we _only_ had a pinset and it is good then force succesful
authentication when the cert self-signed
@ -960,10 +958,9 @@ tls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
preverify_ok = 1;
DEBUG_STUB("%s %-35s: FD: %d, Allowing self-signed (%d) cert since pins match\n",
STUB_DEBUG_SETUP_TLS, __FUNC__, upstream->fd, err);
#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
DEBUG_DAEMON("%s %-40s : Verify passed : Transport=TLS - Allowing self-signed cert since pins match\n",
STUB_DEBUG_DAEMON, upstream->addr_str);
#endif
_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
"%-40s : Verify passed : Transport=TLS - Allowing self-signed cert since pins match\n",
upstream->addr_str);
}
}
@ -1417,6 +1414,7 @@ stub_udp_read_cb(void *userarg)
#else
close(netreq->fd);
#endif
netreq->fd = -1;
stub_next_upstream(netreq);
}
netreq->debug_end_time = _getdns_get_time_as_uintt64();
@ -1439,8 +1437,8 @@ stub_udp_read_cb(void *userarg)
closesocket(netreq->fd);
#else
close(netreq->fd);
netreq->fd = -1;
#endif
netreq->fd = -1;
while (GLDNS_TC_WIRE(netreq->response)) {
DEBUG_STUB("%s %-35s: MSG: %p TC bit set in response \n", STUB_DEBUG_READ,
__FUNC__, (void*)netreq);
@ -1474,13 +1472,12 @@ stub_udp_read_cb(void *userarg)
netreq->debug_end_time = _getdns_get_time_as_uintt64();
_getdns_netreq_change_state(netreq, NET_REQ_FINISHED);
upstream->udp_responses++;
#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
if (upstream->udp_responses == 1 ||
upstream->udp_responses % 100 == 0)
DEBUG_DAEMON("%s %-40s : Upstream stats: Transport=UDP - Resp=%d,Timeouts=%d\n",
STUB_DEBUG_DAEMON, upstream->addr_str,
_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
"%-40s : Upstream stats: Transport=UDP - Resp=%d,Timeouts=%d\n",
upstream->addr_str,
(int)upstream->udp_responses, (int)upstream->udp_timeouts);
#endif
_getdns_check_dns_req_complete(dnsreq);
}
@ -1538,6 +1535,7 @@ stub_udp_write_cb(void *userarg)
#else
close(netreq->fd);
#endif
netreq->fd = -1;
stub_next_upstream(netreq);
}
netreq->debug_end_time = _getdns_get_time_as_uintt64();
@ -1734,11 +1732,10 @@ upstream_write_cb(void *userarg)
case STUB_NO_AUTH:
/* Cleaning up after connection or auth check failure. Need to fallback. */
stub_cleanup(netreq);
#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
DEBUG_DAEMON("%s %-40s : Conn closed : Transport=%s - *Failure*\n",
STUB_DEBUG_DAEMON, upstream->addr_str,
_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
"%-40s : Conn closed : Transport=%s - *Failure*\n",
upstream->addr_str,
(upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"));
#endif
if (fallback_on_write(netreq) == STUB_TCP_ERROR) {
/* TODO: Need new state to report transport unavailable*/
_getdns_netreq_change_state(netreq, NET_REQ_ERRORED);
@ -1890,10 +1887,9 @@ upstream_select_stateful(getdns_network_req *netreq, getdns_transport_list_t tra
if (upstreams->upstreams[i].conn_state == GETDNS_CONN_BACKOFF &&
upstreams->upstreams[i].conn_retry_time < now) {
upstreams->upstreams[i].conn_state = GETDNS_CONN_CLOSED;
#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
DEBUG_DAEMON("%s %-40s : Re-instating upstream\n",
STUB_DEBUG_DAEMON, upstreams->upstreams[i].addr_str);
#endif
_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
"%-40s : Re-instating upstream\n",
upstreams->upstreams[i].addr_str);
}
}
@ -1965,7 +1961,7 @@ upstream_select(getdns_network_req *netreq)
return &upstreams->upstreams[i];
}
i+=GETDNS_UPSTREAM_TRANSPORTS;
if (i > upstreams->count)
if (i >= upstreams->count)
i = 0;
} while (i != upstreams->current_udp);
@ -2024,11 +2020,10 @@ upstream_connect(getdns_upstream *upstream, getdns_transport_list_t transport,
upstream->tls_hs_state = GETDNS_HS_WRITE;
}
upstream->conn_state = GETDNS_CONN_SETUP;
#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
DEBUG_DAEMON("%s %-40s : Conn init : Transport=%s - Profile=%s\n", STUB_DEBUG_DAEMON,
_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
"%-40s : Conn init : Transport=%s - Profile=%s\n",
upstream->addr_str, transport == GETDNS_TRANSPORT_TLS ? "TLS":"TCP",
dnsreq->context->tls_auth_min == GETDNS_AUTHENTICATION_NONE ? "Opportunistic":"Strict");
#endif
break;
default:
return -1;
@ -2094,10 +2089,8 @@ upstream_find_for_netreq(getdns_network_req *netreq)
}
/* Handle better, will give generic error*/
DEBUG_STUB("%s %-35s: MSG: %p No valid upstream! \n", STUB_DEBUG_SCHEDULE, __FUNC__, (void*)netreq);
#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
DEBUG_DAEMON("%s *FAILURE* no valid transports or upstreams available!\n",
STUB_DEBUG_DAEMON);
#endif
_getdns_context_log(netreq->owner->context, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
"*FAILURE* no valid transports or upstreams available!\n");
return -1;
}

6
src/test/tests_transports.sh
View File

@ -174,21 +174,21 @@ for (( i = 0; i < 2; i+=1 )); do
echo "*Success cases:"
for (( j = 0; j < $NUM_GOOD_QUERIES; j+=1 )); do
check_good "`$DIR/getdns_query +return_call_reporting $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]} 2>/dev/null`" ${GOOD_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_QUERIES[$((j*NUM_ARGS))+2]}
check_good "`$DIR/getdns_query -V +return_call_reporting $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]} 2>/dev/null`" ${GOOD_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_QUERIES[$((j*NUM_ARGS))+2]}
echo "getdns_query $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]}"
(( COUNT++ ))
done
echo "*Success fallback cases:"
for (( j = 0; j < $NUM_GOOD_FB_QUERIES; j+=1 )); do
check_good "`$DIR/getdns_query +return_call_reporting $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]} 2>/dev/null`" ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}
check_good "`$DIR/getdns_query -V +return_call_reporting $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]} 2>/dev/null`" ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}
echo "getdns_query $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]} TESTS: ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}"
(( COUNT++ ))
done
echo "*Transport not available cases:"
for (( j = 0; j < ${#NOT_AVAILABLE_QUERIES[@]}; j+=1 )); do
check_bad "`$DIR/getdns_query $SYNC_MODE ${NOT_AVAILABLE_QUERIES[${j}]} 2>&1`"
check_bad "`$DIR/getdns_query -V $SYNC_MODE ${NOT_AVAILABLE_QUERIES[${j}]} 2>&1`"
echo "getdns_query $SYNC_MODE ${NOT_AVAILABLE_QUERIES[${j}]}"
(( COUNT++ ))
done

6
src/test/tpkg/290-transports.tpkg/290-transports.test
View File

@ -173,21 +173,21 @@ for (( ii = 0; ii < 1; ii++)); do
fi
echo "*Success cases:"
for (( j = 0; j < $NUM_GOOD_QUERIES; j+=1 )); do
check_good "`"${GETDNS_QUERY}" +return_call_reporting $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]} `" ${GOOD_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_QUERIES[$((j*NUM_ARGS))+2]}
check_good "`"${GETDNS_QUERY}" -V +return_call_reporting $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]} `" ${GOOD_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_QUERIES[$((j*NUM_ARGS))+2]}
echo "getdns_query $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]}"
(( COUNT++ ))
done
echo "*Success fallback cases:"
for (( j = 0; j < $NUM_GOOD_FB_QUERIES; j+=1 )); do
check_good "`"${GETDNS_QUERY}" +return_call_reporting $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]} 2>/dev/null`" ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}
check_good "`"${GETDNS_QUERY}" -V +return_call_reporting $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]} 2>/dev/null`" ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}
echo "getdns_query $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]} TESTS: ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}"
(( COUNT++ ))
done
echo "*Transport not available cases:"
for (( j = 0; j < ${#NOT_AVAILABLE_QUERIES[@]}; j+=1 )); do
check_bad "`"${GETDNS_QUERY}" $SYNC_MODE ${NOT_AVAILABLE_QUERIES[${j}]} 2>&1`"
check_bad "`"${GETDNS_QUERY}" -V $SYNC_MODE ${NOT_AVAILABLE_QUERIES[${j}]} 2>&1`"
echo "getdns_query $SYNC_MODE ${NOT_AVAILABLE_QUERIES[${j}]}"
(( COUNT++ ))
done

14
src/test/tpkg/300-event-loops-configure.tpkg/300-event-loops-configure.test
View File

@ -7,10 +7,10 @@
rm -fr "${BUILDDIR}/build-event-loops"
mkdir "${BUILDDIR}/build-event-loops"
cd "${BUILDDIR}/build-event-loops"
"${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libev --with-libuv \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libev \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libuv \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libev --with-libuv \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libev \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libuv
"${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libevent --with-libev --with-libuv \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libevent --with-libev \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libevent --with-libuv \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libev --with-libuv \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libevent \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libev \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libuv

14
src/test/tpkg/400-static-analysis.tpkg/400-static-analysis.pre
View File

@ -25,11 +25,11 @@ done
rm -fr "${BUILDDIR}/build-static-analysis"
mkdir "${BUILDDIR}/build-static-analysis"
cd "${BUILDDIR}/build-static-analysis"
"${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libev --with-libuv \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libev \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libuv \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libev --with-libuv \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libev \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libuv
"${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libevent --with-libev --with-libuv \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libevent --with-libev \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libevent --with-libuv \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libev --with-libuv \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libevent \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libev \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-stubby --with-libuv

42
src/tools/Dockerfile Normal file
View File

@ -0,0 +1,42 @@
FROM ubuntu:16.04
MAINTAINER Melinda Shore <melinda.shore@nomountain.net>
RUN set -ex \
&& apt-get update \
&& apt-get install -y curl \
&& apt-get install -y git \
&& apt-get install -y wget \
&& apt-get install -y libssl-dev \
&& curl -fOSL "https://unbound.net/downloads/unbound-1.6.3.tar.gz" \
&& mkdir -p /usr/src/unbound \
&& tar -xzC /usr/src/unbound --strip-components=1 -f unbound-1.6.3.tar.gz \
&& rm unbound-1.6.3.tar.gz \
&& apt-get -y install libidn11-dev \
&& apt-get -y install python-dev \
&& apt-get -y install make \
&& apt-get install -y automake autoconf libtool \
&& apt-get install -y shtool \
&& cd /usr/src/unbound \
&& ./configure \
&& make \
&& make install \
&& ldconfig \
&& cd /usr/src \
&& git clone https://github.com/getdnsapi/getdns.git \
&& cd /usr/src/getdns \
&& git checkout master \
&& git submodule update --init \
&& libtoolize -ci \
&& autoreconf -fi \
&& ./configure --enable-debug-daemon \
&& make \
&& make install \
&& ldconfig \
&& cp src/tools/stubby.conf /etc \
&& mkdir -p /etc/unbound \
&& cd /etc/unbound \
&& unbound-anchor -a /etc/unbound/getdns-root.key || :
EXPOSE 53
CMD ["/usr/local/bin/stubby"]

13
src/tools/Makefile.in
View File

@ -68,8 +68,8 @@ $(ALL_OBJS):
getdns_query: getdns_query.lo
$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) -o $@ getdns_query.lo $(LDFLAGS) $(LDLIBS)
stubby: getdns_query.lo
$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) -o $@ getdns_query.lo $(LDFLAGS) $(LDLIBS)
stubby:
cd .. && $(MAKE) $@
install-getdns_query: getdns_query
$(INSTALL) -m 755 -d $(DESTDIR)$(bindir)
@ -78,15 +78,14 @@ install-getdns_query: getdns_query
uninstall-getdns_query:
$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(bindir)/getdns_query
install-stubby: getdns_query
$(INSTALL) -m 755 -d $(DESTDIR)$(bindir)
$(LIBTOOL) --mode=install cp getdns_query $(DESTDIR)$(bindir)/stubby
install-stubby:
cd .. && $(MAKE) $@
uninstall-stubby:
$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(bindir)/stubby
cd .. && $(MAKE) $@
clean:
rm -f *.o *.lo $(PROGRAMS) stubby
rm -f *.o *.lo $(PROGRAMS)
rm -rf .libs
distclean : clean

110
src/tools/getdns_query.c
View File

@ -48,6 +48,7 @@ typedef unsigned short in_port_t;
#define EXAMPLE_PIN "pin-sha256=\"E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=\""
static int verbosity = 0;
static int i_am_stubby = 0;
static const char *default_stubby_config =
"{ resolution_type: GETDNS_RESOLUTION_STUB"
@ -80,6 +81,8 @@ static uint16_t request_type = GETDNS_RRTYPE_NS;
static int timeout, edns0_size, padding_blocksize;
static int async = 0, interactive = 0;
static enum { GENERAL, ADDRESS, HOSTNAME, SERVICE } calltype = GENERAL;
static int bogus_answers = 0;
static int check_dnssec = 0;
static int get_rrtype(const char *t)
{
@ -255,6 +258,7 @@ print_usage(FILE *out, const char *progname)
fprintf(out, "\t-S\tservice lookup (<type> is ignored)\n");
fprintf(out, "\t-t <timeout>\tSet timeout in milliseconds\n");
fprintf(out, "\t-v\tPrint getdns release version\n");
fprintf(out, "\t-V\tIncrease verbosity (may be used more than once)\n");
fprintf(out, "\t-x\tDo not follow redirects\n");
fprintf(out, "\t-X\tFollow redirects (default)\n");
@ -306,27 +310,28 @@ static getdns_return_t validate_chain(getdns_dict *response)
response, "replies_tree", &replies_tree)))
goto error;
fprintf(stdout, "replies_tree dnssec_status: ");
if (verbosity) fprintf(stdout, "replies_tree dnssec_status: ");
switch ((s = getdns_validate_dnssec(
replies_tree, validation_chain, trust_anchor))) {
case GETDNS_DNSSEC_SECURE:
fprintf(stdout, "GETDNS_DNSSEC_SECURE\n");
if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_SECURE\n");
break;
case GETDNS_DNSSEC_BOGUS:
fprintf(stdout, "GETDNS_DNSSEC_BOGUS\n");
if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_BOGUS\n");
bogus_answers += 1;
break;
case GETDNS_DNSSEC_INDETERMINATE:
fprintf(stdout, "GETDNS_DNSSEC_INDETERMINATE\n");
if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_INDETERMINATE\n");
break;
case GETDNS_DNSSEC_INSECURE:
fprintf(stdout, "GETDNS_DNSSEC_INSECURE\n");
if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_INSECURE\n");
break;
case GETDNS_DNSSEC_NOT_PERFORMED:
fprintf(stdout, "GETDNS_DNSSEC_NOT_PERFORMED\n");
if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_NOT_PERFORMED\n");
break;
default:
fprintf(stdout, "%d\n", (int)s);
if (verbosity) fprintf(stdout, "%d\n", (int)s);
}
i = 0;
@ -335,27 +340,28 @@ static getdns_return_t validate_chain(getdns_dict *response)
if ((r = getdns_list_set_dict(to_validate, 0, reply)))
goto error;
printf("reply "PRIsz", dnssec_status: ", i);
if (verbosity) printf("reply "PRIsz", dnssec_status: ", i);
switch ((s = getdns_validate_dnssec(
to_validate, validation_chain, trust_anchor))) {
case GETDNS_DNSSEC_SECURE:
fprintf(stdout, "GETDNS_DNSSEC_SECURE\n");
if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_SECURE\n");
break;
case GETDNS_DNSSEC_BOGUS:
fprintf(stdout, "GETDNS_DNSSEC_BOGUS\n");
if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_BOGUS\n");
bogus_answers += 1;
break;
case GETDNS_DNSSEC_INDETERMINATE:
fprintf(stdout, "GETDNS_DNSSEC_INDETERMINATE\n");
if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_INDETERMINATE\n");
break;
case GETDNS_DNSSEC_INSECURE:
fprintf(stdout, "GETDNS_DNSSEC_INSECURE\n");
if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_INSECURE\n");
break;
case GETDNS_DNSSEC_NOT_PERFORMED:
fprintf(stdout, "GETDNS_DNSSEC_NOT_PERFORMED\n");
if (verbosity) fprintf(stdout, "GETDNS_DNSSEC_NOT_PERFORMED\n");
break;
default:
fprintf(stdout, "%d\n", (int)s);
if (verbosity) fprintf(stdout, "%d\n", (int)s);
}
}
if (r == GETDNS_RETURN_NO_SUCH_LIST_ITEM)
@ -378,14 +384,23 @@ void callback(getdns_context *context, getdns_callback_type_t callback_type,
getdns_print_json_dict(response, json == 1)
: getdns_pretty_print_dict(response))) {
fprintf(stdout, "ASYNC response:\n%s\n", response_str);
fprintf(stdout, "%s\n", response_str);
if (verbosity) fprintf(stdout, "ASYNC call completed.\n");
validate_chain(response);
free(response_str);
}
if (callback_type == GETDNS_CALLBACK_COMPLETE) {
printf("Response code was: GOOD. Status was: Callback with ID %"PRIu64" was successful.\n",
if (verbosity) printf("Response code was: GOOD. Status was: Callback with ID %"PRIu64" was successful.\n",
trans_id);
if (check_dnssec) {
uint32_t dnssec_status = GETDNS_DNSSEC_SECURE;
(void )getdns_dict_get_int(response,
"/replies_tree/0/dnssec_status", &dnssec_status);
if (dnssec_status == GETDNS_DNSSEC_BOGUS)
bogus_answers += 1;
}
} else if (callback_type == GETDNS_CALLBACK_CANCEL)
fprintf(stderr,
@ -400,7 +415,6 @@ void callback(getdns_context *context, getdns_callback_type_t callback_type,
getdns_get_errorstr_by_id(callback_type));
}
getdns_dict_destroy(response);
response = NULL;
}
#define CONTINUE ((getdns_return_t)-2)
@ -575,6 +589,9 @@ getdns_return_t parse_args(int argc, char **argv)
continue;
} else if (arg[0] == '+') {
if (strncmp(arg+1, "dnssec_", 7) == 0)
check_dnssec = 1;
if (arg[1] == 's' && arg[2] == 'i' && arg[3] == 't' &&
(arg[4] == '=' || arg[4] == '\0')) {
if ((r = set_cookie(extensions, arg+4))) {
@ -802,6 +819,7 @@ getdns_return_t parse_args(int argc, char **argv)
goto next;
case 'p':
json = 0;
break;
case 'q':
quiet = 1;
break;
@ -970,6 +988,9 @@ getdns_return_t parse_args(int argc, char **argv)
case 'B':
batch_mode = 1;
break;
case 'V':
verbosity += 1;
break;
case 'z':
if (c[1] != 0 || ++i >= argc || !*argv[i]) {
@ -1188,8 +1209,9 @@ getdns_return_t do_the_call(void)
getdns_print_json_dict(response, json == 1)
: getdns_pretty_print_dict(response))) {
fprintf( stdout, "SYNC response:\n%s\n"
, response_str);
fprintf( stdout, "%s\n", response_str);
if (verbosity) fprintf( stdout, "SYNC call completed.\n");
validate_chain(response);
free(response_str);
} else {
@ -1199,11 +1221,22 @@ getdns_return_t do_the_call(void)
}
}
getdns_dict_get_int(response, "status", &status);
if (verbosity)
fprintf(stdout, "Response code was: GOOD. Status was: %s\n",
getdns_get_errorstr_by_id(status));
if (response)
if (response) {
if (check_dnssec) {
uint32_t dnssec_status = GETDNS_DNSSEC_SECURE;
(void )getdns_dict_get_int(response,
"/replies_tree/0/dnssec_status",
&dnssec_status);
if (dnssec_status == GETDNS_DNSSEC_BOGUS)
bogus_answers += 1;
}
getdns_dict_destroy(response);
}
}
getdns_dict_destroy(address);
return r;
}
@ -1224,7 +1257,7 @@ void read_line_cb(void *userarg)
int linec;
if (!fgets(line, 1024, fp) || !*line) {
if (query_file)
if (query_file && verbosity)
fprintf(stdout,"End of file.");
loop->vmt->clear(loop, read_line_ev);
if (listen_count)
@ -1233,7 +1266,7 @@ void read_line_cb(void *userarg)
(void) getdns_context_set_idle_timeout(context, 0);
return;
}
if (query_file)
if (query_file && verbosity)
fprintf(stdout,"Found query: %s", line);
linev[0] = __FILE__;
@ -1246,6 +1279,7 @@ void read_line_cb(void *userarg)
return;
}
if (*token == '#') {
if (verbosity)
fprintf(stdout,"Result: Skipping comment\n");
if (! query_file) {
printf("> ");
@ -1619,6 +1653,29 @@ error:
getdns_dict_destroy(response);
}
static void stubby_log(void *userarg, uint64_t system,
getdns_loglevel_type level, const char *fmt, va_list ap)
{
struct timeval tv;
struct tm tm;
char buf[10];
#ifdef GETDNS_ON_WINDOWS
time_t tsec;
gettimeofday(&tv, NULL);
tsec = (time_t) tv.tv_sec;
gmtime_s(&tm, (const time_t *) &tsec);
#else
gettimeofday(&tv, NULL);
gmtime_r(&tv.tv_sec, &tm);
#endif
strftime(buf, 10, "%H:%M:%S", &tm);
(void)userarg; (void)system; (void)level;
(void) fprintf(stderr, "[%s.%.6d] STUBBY: ", buf, (int)tv.tv_usec);
(void) vfprintf(stderr, fmt, ap);
}
/**
* \brief A wrapper script for command line testing of getdns
* getdns_query -h provides details of the available options (the syntax is
@ -1668,6 +1725,9 @@ main(int argc, char **argv)
(void) parse_config_file(home_stubby_conf_fn, 0);
}
clear_listen_list_on_arg = 1;
(void) getdns_context_set_logfunc(context, NULL,
GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG, stubby_log);
}
if ((r = parse_args(argc, argv)))
goto done_destroy_context;
@ -1753,8 +1813,10 @@ done_destroy_context:
else if (r == CONTINUE_ERROR)
return 1;
if (!i_am_stubby)
if (!i_am_stubby && verbosity)
fprintf(stdout, "\nAll done.\n");
return r;
return r ? r
: bogus_answers ? GETDNS_DNSSEC_BOGUS
: GETDNS_RETURN_GOOD;
}

96
src/tools/stubby-setdns-macos.sh
View File

@ -1,96 +0,0 @@
#!/bin/bash
#
# Copyright (c) 2017, Verisign, Inc., NLnet Labs
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# * Neither the names of the copyright holders nor the
# names of its contributors may be used to endorse or promote products
# derived from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Stubby helper file to set DNS servers on macOS.
# Note - this script doesn't detect or handle network events, simply changes the
# current resolvers
# Must run as root.
usage () {
echo
echo "Update the system DNS resolvers so that Stubby is used for all DNS"
echo "queries on macOS. (Stubby must already be running)"
echo "This must be run as root."
echo
echo "Usage: $0 options"
echo
echo "Supported options:"
echo " -r Reset DNS resolvers to the default ones (e.g. from DHCP)"
echo " -l List the current DNS settings for all interfaces"
echo " -h Show this help."
}
RESET=0
LIST=0
SERVERS="127.0.0.1 ::1"
OS_X=`uname -a | grep -c 'Darwin'`
while getopts ":rlh" opt; do
case $opt in
r ) RESET=1 ;;
l ) LIST=1 ;;
h ) usage
exit 1 ;;
\? ) usage
exit 1 ;;
esac
done
if [[ $OS_X -eq 0 ]]; then
echo "Sorry - This script only works on macOS and you are on a different OS."
exit 1
fi
if [[ $LIST -eq 1 ]]; then
echo "** Current DNS settings **"
networksetup -listallnetworkservices 2>/dev/null | grep -v '*' | while read x ; do
RESULT=`networksetup -getdnsservers "$x"`
RESULT=`echo $RESULT`
printf '%-30s %s\n' "$x:" "$RESULT"
done
exit 1
fi
if [ "$USER" != "root" ]; then
echo "Must be root to update system resolvers. Retry using 'sudo stubby-setdns'"
exit 1
fi
if [[ $RESET -eq 1 ]]; then
SERVERS="empty"
echo "Setting DNS servers to '"$SERVERS"' - the system will use default DNS service."
else
echo "Setting DNS servers to '"$SERVERS"' - the system will use Stubby if it is running."
fi
### Set the DNS settings via networksetup ###
networksetup -listallnetworkservices 2>/dev/null | grep -v '*' | while read x ; do
networksetup -setdnsservers "$x" $SERVERS
done

59
src/tools/stubby.conf
View File

@ -1,59 +0,0 @@
{ resolution_type: GETDNS_RESOLUTION_STUB
, dns_transport_list: [ GETDNS_TRANSPORT_TLS ]
, tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
, tls_query_padding_blocksize: 256
, edns_client_subnet_private : 1
, listen_addresses: [ 127.0.0.1, 0::1 ]
, idle_timeout: 10000
, round_robin_upstreams: 1
, upstream_recursive_servers:
[ { address_data: 145.100.185.15
, tls_auth_name: "dnsovertls.sinodun.com"
, tls_pubkey_pinset:
[ { digest: "sha256"
, value: 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4=
} ]
},
{ address_data: 145.100.185.16
, tls_auth_name: "dnsovertls1.sinodun.com"
, tls_pubkey_pinset:
[ { digest: "sha256"
, value: cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA=
} ]
},
{ address_data: 185.49.141.37
, tls_auth_name: "getdnsapi.net"
, tls_pubkey_pinset:
[ { digest: "sha256"
, value: foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q=
} ]
},
{ address_data: 2001:610:1:40ba:145:100:185:15
, tls_auth_name: "dnsovertls.sinodun.com"
, tls_pubkey_pinset:
[ { digest: "sha256"
, value: 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4=
} ]
},
{ address_data: 2001:610:1:40ba:145:100:185:16
, tls_auth_name: "dnsovertls1.sinodun.com"
, tls_pubkey_pinset:
[ { digest: "sha256"
, value: cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA=
} ]
},
{ address_data: 2a04:b900:0:100::37
, tls_auth_name: "getdnsapi.net"
, tls_pubkey_pinset:
[ { digest: "sha256"
, value: foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q=
} ]
},
{ address_data: 89.233.43.71
, tls_auth_name: "unicast.censurfridns.dk"
},
{ address_data: 2a01:3a0:53:53::
, tls_auth_name: "unicast.censurfridns.dk"
}
]
}

14
src/util/lookup3.c
View File

@ -5,6 +5,7 @@
added #ifdef VALGRIND to remove 298,384,660 'unused variable k8' warnings.
added include of lookup3.h to check definitions match declarations.
removed include of stdint - config.h takes care of platform independence.
added fallthrough comments for new gcc warning suppression.
url http://burtleburtle.net/bob/hash/index.html.
*/
/*
@ -235,7 +236,9 @@ uint32_t initval) /* the previous hash, or an arbitrary value */
switch(length) /* all the case statements fall through */
{
case 3 : c+=k[2];
/* fallthrough */
case 2 : b+=k[1];
/* fallthrough */
case 1 : a+=k[0];
final(a,b,c);
case 0: /* case 0: nothing left to add */
@ -473,16 +476,27 @@ uint32_t hashlittle( const void *key, size_t length, uint32_t initval)
switch(length) /* all the case statements fall through */
{
case 12: c+=((uint32_t)k[11])<<24;
/* fallthrough */
case 11: c+=((uint32_t)k[10])<<16;
/* fallthrough */
case 10: c+=((uint32_t)k[9])<<8;
/* fallthrough */
case 9 : c+=k[8];
/* fallthrough */
case 8 : b+=((uint32_t)k[7])<<24;
/* fallthrough */
case 7 : b+=((uint32_t)k[6])<<16;
/* fallthrough */
case 6 : b+=((uint32_t)k[5])<<8;
/* fallthrough */
case 5 : b+=k[4];
/* fallthrough */
case 4 : a+=((uint32_t)k[3])<<24;
/* fallthrough */
case 3 : a+=((uint32_t)k[2])<<16;
/* fallthrough */
case 2 : a+=((uint32_t)k[1])<<8;
/* fallthrough */
case 1 : a+=k[0];
break;
case 0 : return c;

45
src/util/val_secalgo.c
View File

@ -1320,6 +1320,9 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
#include "ecdsa.h"
#include "ecc-curve.h"
#endif
#ifdef HAVE_NETTLE_EDDSA_H
#include "eddsa.h"
#endif
static int
_digest_nettle(int algo, uint8_t* buf, size_t len,
@ -1477,6 +1480,10 @@ dnskey_algo_id_is_supported(int id)
case LDNS_ECDSAP384SHA384:
#endif
return 1;
#ifdef USE_ED25519
case LDNS_ED25519:
return 1;
#endif
case LDNS_RSAMD5: /* RFC 6725 deprecates RSAMD5 */
case LDNS_ECC_GOST:
default:
@ -1718,6 +1725,30 @@ _verify_nettle_ecdsa(sldns_buffer* buf, unsigned int digest_size, unsigned char*
}
#endif
#ifdef USE_ED25519
static char *
_verify_nettle_ed25519(sldns_buffer* buf, unsigned char* sigblock,
unsigned int sigblock_len, unsigned char* key, unsigned int keylen)
{
int res = 0;
if(sigblock_len != ED25519_SIGNATURE_SIZE) {
return "wrong ED25519 signature length";
}
if(keylen != ED25519_KEY_SIZE) {
return "wrong ED25519 key length";
}
res = ed25519_sha512_verify((uint8_t*)key, sldns_buffer_limit(buf),
sldns_buffer_begin(buf), (uint8_t*)sigblock);
if (!res)
return "ED25519 signature verification failed";
else
return NULL;
}
#endif
/**
* Check a canonical sig+rrset and signature against a dnskey
* @param buf: buffer with data to verify, the first rrsig part and the
@ -1759,9 +1790,13 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
case LDNS_RSASHA1_NSEC3:
digest_size = (digest_size ? digest_size : SHA1_DIGEST_SIZE);
#endif
/* double fallthrough annotation to please gcc parser */
/* fallthrough */
#ifdef USE_SHA2
/* fallthrough */
case LDNS_RSASHA256:
digest_size = (digest_size ? digest_size : SHA256_DIGEST_SIZE);
/* fallthrough */
case LDNS_RSASHA512:
digest_size = (digest_size ? digest_size : SHA512_DIGEST_SIZE);
@ -1776,6 +1811,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
#ifdef USE_ECDSA
case LDNS_ECDSAP256SHA256:
digest_size = (digest_size ? digest_size : SHA256_DIGEST_SIZE);
/* fallthrough */
case LDNS_ECDSAP384SHA384:
digest_size = (digest_size ? digest_size : SHA384_DIGEST_SIZE);
*reason = _verify_nettle_ecdsa(buf, digest_size, sigblock,
@ -1784,6 +1820,15 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
return sec_status_bogus;
else
return sec_status_secure;
#endif
#ifdef USE_ED25519
case LDNS_ED25519:
*reason = _verify_nettle_ed25519(buf, sigblock, sigblock_len,
key, keylen);
if (*reason != NULL)
return sec_status_bogus;
else
return sec_status_secure;
#endif
case LDNS_RSAMD5:
case LDNS_ECC_GOST:

1
stubby Submodule

@ -0,0 +1 @@
Subproject commit 499a82f55579bbba754cd620f88b20da6a167929

16
systemd/README.md
View File

@ -1,16 +0,0 @@
Stubby integration with systemd
===============================
For GNU/Linux operating systems which use systemd as a process
manager, you might want to run stubby as a system service.
This directory provides recommended systemd unit files.
This setup assumes that there is a system-level user named "stubby"
which is in group "stubby", and try to limit the privileges of the
running daemon to that user as closely as possible.
Normally, a downstream distributor will install them as:
/usr/lib/tmpfiles.d/stubby.conf
/lib/systemd/system/stubby.service

2
systemd/stubby.conf
View File

@ -1,2 +0,0 @@
# tmpfiles.d (5) for use with stubby.service
d /run/stubby 0750 root stubby - -

12
systemd/stubby.service
View File

@ -1,12 +0,0 @@
[Unit]
Description=stubby DNS resolver
[Service]
WorkingDirectory=/run/stubby
ExecStart=/usr/bin/stubby
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
User=stubby
[Install]
WantedBy=multi-user.target