Windows socket error numbers are not reported using errno, but with
WSAGetLastError(). _getdns_errnostr() and friends as implemented on
Windows don't work for errors resulting from file open/close/read/write
etc.
So add a parallel set of functions specifically for file errors.
When using Stubby as a system DNS over TLS resolver with a Internet
connection that disconnects and reconnects from time to time there is often
a long waiting time (~20 minutes) after the connection reconnects before
DNS queries start to work again.
This is because in this particular case all the upstream TLS TCP
connections in Stubby are stuck waiting for upstream server response.
Which will never arrive since the host external IP address might have
changed and / or NAT router connection tracking entries for these TCP
connections might have been removed when the Internet connection
reconnected.
By default Linux tries to retransmit data on a TCP connection 15 times
before finally terminating it.
This takes 16 - 20 minutes, which is obviously a very long time to wait for
system DNS resolving to work again.
This is a real problem on weak mobile connections.
Thankfully, there is a "TCP_USER_TIMEOUT" per-socket option that allows
explicitly setting how long the network stack will wait in such cases.
Let's add a matching "tcp_send_timeout" option to getdns that allows
setting this option on outgoing TCP sockets.
For backward compatibility the code won't try to set it by default.
With this option set to, for example, 15 seconds Stubby recovers pretty
much instantly in such cases.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
On the first call to tls_create_object (stub.c), tls_fallback_ok is read
before being initialized. This patch initializes tls_fallback_ok to 0 in
upsteam_init (context.c)
Valgrind complains about the uninitialized value:
==14774== Conditional jump or move depends on uninitialised value(s)
==14774== at 0x1528C3: tls_create_object (stub.c:900)
==14774== by 0x1556AD: upstream_connect (stub.c:2065)
==14774== by 0x15582E: upstream_find_for_transport (stub.c:2109)
==14774== by 0x1558B7: upstream_find_for_netreq (stub.c:2130)
==14774== by 0x156027: _getdns_submit_stub_request (stub.c:2296)
==14774== by 0x1421C8: _getdns_submit_netreq (general.c:478)
==14774== by 0x14261D: getdns_general_ns (general.c:636)
==14774== by 0x142905: _getdns_general_loop (general.c:731)
==14774== by 0x1432FB: getdns_general (general.c:888)
==14774== by 0x118B94: incoming_request_handler (stubby.c:692)
==14774== by 0x14F46B: udp_read_cb (server.c:762)
==14774== by 0x15C86B: poll_read_cb (poll_eventloop.c:295)
==14774== Uninitialised value was created by a heap allocation
==14774== at 0x483877F: malloc (vg_replace_malloc.c:309)
==14774== by 0x123CCF: upstreams_create (context.c:581)
==14774== by 0x128B24: getdns_context_set_upstream_recursive_servers (context.c:2760)
==14774== by 0x12DBFE: _getdns_context_config_setting (context.c:4646)
==14774== by 0x12FF47: getdns_context_config (context.c:4769)
==14774== by 0x1178C2: parse_config (stubby.c:297)
==14774== by 0x117B24: parse_config_file (stubby.c:343)
==14774== by 0x11919F: main (stubby.c:833)
The change mostly consists of removing or replacing non-standard (usually POSIX) header includes.
Guards for replacements for inet_ntop(), inet_pton() and gettimeofday() are updated; the first two are macros on Windows, so the guards are changed to HAVE_DECL. gettimeofday() is present on MinGW builds but not Visual Studio, so that has a function check.
uClibc 0.9.30rc1 - 0.9.32rc5 has bug - getaddrinfo() does not accept numeric
service without any hints. As the related side effect, hint struct with
ai_socktype == 0 (unspec) and ai_protocol == 0 (unpsec) gives the same
EAI_SERVICE error instead of same address with different proto enumebration.
For more details please refer https://bugs.busybox.net/show_bug.cgi?id=3841 and
https://git.uclibc.org/uClibc/commit/?id=bc3be18145e4d57e7268506f123c0f0f373a15e2
Since 0.9.3x uClibc versions are still not somewhat unique in embedded (issue
https://github.com/getdnsapi/stubby/issues/124 as example) and non-zero
ai_socktype allows to avoid address dups for each supported UDP/TCP/etc proto,
seems worth to have it specified, as a minor memory allocation optimization at
least.
SOCK_DGRAM vs SOCK_STREAM choice doesn't really matter here, both are actually
used for DNS and both are non-zero, no difference is expected on *nix. So
SOCK_DGRAM selected due original comment only.
The isxxxx() and toxxxx() functions have a limited well-defined
input value range, namely that of "unsigned char" plus EOF. Cast
args accordingly.
Bring strncasecmp() into scope by including <strings.h>.
Set the priority string to a concatenation of the connection cipher and curve strings, falling back to the context ones if the connection value isn't specified. Also get context.c to specify NULL for default context list and the opportunistic list for the connection, moving these library-specific quantities into the specific implementation.
tls_min_version & tls_max_version settings must cause
failure when not supported by the TLS library. Not during
configure time, but during connection setup so it doesn't
hamper alternative transports.
Willem Toorop
Philip Homburg
Jim Hague
Maciej S. Szmigiero
Zane Zakraisek
Vladislav Grishenko
Havard Eidnes
Bruno Pagani