interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,411 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

88 Commits

Author SHA1 Message Date
Willem Toorop d67949d1e7 iterators go over const wireformat data 2015-12-07 16:43:41 +01:00
Daniel Kahn Gillmor b3128652f4 add tls_query_padding_blocksize property for getdns_context 
This is a parameter to the getdns_context that tells the context how
much to pad queries that go out over TLS.

It is not yet functional in this commit, but the idea is to pad each
outbound query over TLS to a multiple of the requested blocksize.

Because we only have a set amount of pre-allocated space for dynamic
options (MAXIMUM_UPSTREAM_OPTION_SPACE), we limit the maximum
padding blocksize.

This is a simplistic padding policy.  Suggestions for improved padding
policies are welcome!
 2015-11-01 15:49:56 +09:00
Daniel Kahn Gillmor df3725e635 added edns_client_subnet_private to getdns_context 
https://tools.ietf.org/html/draft-ietf-dnsop-edns-client-subnet-04

Using the above spec, an intermediate resolver may forward a chunk of
the client's IP address to the authoritative resolver.

Setting edns_client_subnet_private to a getdns_context in stub mode
will indicate to the next-hop recursive resolver that the client
wishes to keep their address information private.
 2015-11-01 15:49:50 +09:00
Sara Dickinson 28ffb2fdf6 Add ls_authentication to API 2015-10-16 17:00:14 +01:00
Sara Dickinson 6b4ee4ed31 Block authenticated requests on unauthenticated connection 2015-10-16 17:00:14 +01:00
Sara Dickinson af617e92a7 Implement authenticaiton fallback on a given upstream (needs more work). Also need API option to set auth requirement. 2015-10-16 17:00:14 +01:00
Willem Toorop 53e23f1358 Revert "Revert "Merge pull request #112 from saradickinson/features/tls_auth"" 
This reverts commit 6d29e6044e.
 2015-09-04 10:56:30 +02:00
Willem Toorop 6d29e6044e Revert "Merge pull request #112 from saradickinson/features/tls_auth" 
This reverts commit d436165a88, reversing
changes made to 7c902bf73c.
 2015-08-27 13:31:22 +02:00
Willem Toorop 015e387ea5 Final internal symbols rename to _getdns prefix 2015-08-19 16:33:19 +02:00
Willem Toorop b9e8455e27 Internal symbols always prefixed with _getdns 2015-08-19 16:30:15 +02:00
Willem Toorop 1f638ccd0b Internal getdns_mini_event to _getdns_mini_event 2015-08-19 16:26:39 +02:00
Willem Toorop fcd595298a Rename all priv_getdns internal symbols to _getdns 2015-08-19 16:22:38 +02:00
Willem Toorop 450aabefcc Make util symbols private (i.e. prefix _getdns) 2015-08-19 16:07:01 +02:00
Willem Toorop 6350b4fad4 --without-libunbound option to configure 2015-08-19 10:47:46 +02:00
saradickinson cb1dff1ac7 Add ability to verify server certificate using hostname for TLS/STARTTLS 
NOTE: This implementation will only work for OpenSSL v1.0.2 and later.
Doing it for earlier versions is totally insane:

  https://wiki.openssl.org/index.php/Hostname_validation
 2015-08-15 14:40:15 +01:00
Daniel Kahn Gillmor 319a20a66c improve documentation 
improve the documentation of the getdns_upstream objects.
 2015-07-19 12:22:10 +02:00
Willem Toorop 2884abe870 Allow alternative trust anchors + ... 
Switch freely between stub and recursive resolving
 2015-07-10 00:05:26 +02:00
Willem Toorop f066d5ef73 Merge branch 'features/native-stub-dnssec' into develop 
Conflicts:
	configure.ac
	src/stub.c
 2015-07-02 10:27:27 +02:00
Willem Toorop 41cf772fb3 Trust anchors in wireformat in context 2015-06-30 14:43:52 +02:00
Sara Dickinson e20d679bc8 Improve TCP close handling and sync connection closing 2015-06-29 09:09:13 +01:00
Sara Dickinson 8819d29535 Implement TCP fallback and hack for lack of sync idle timeout. 2015-06-24 18:49:34 +01:00
Sara Dickinson 635cf9e182 Re-factor of internal handing of transport list. 2015-06-19 18:28:29 +01:00
Sara Dickinson 68dfb15706 Add context idle timeout 2015-06-18 17:11:11 +01:00
Sara Dickinson 8dd8d90e74 Commit addition of transport list to the API. 
- set and get functions are added.
- Existing transport functions retained for backwards compatibility.
- Basic combinations work as before, but underlying functional changes and cleanup are not complete yet...
- Context level options for timeouts and max_transactions_per_tcp_connection coming soon...
 2015-06-17 17:18:09 +01:00
Sara Dickinson 7905eda8b7 Some clean up of connection handling. Still a problem with STARTTLS fallback that needs fixing. 2015-04-30 12:24:13 +01:00
Sara Dickinson 79b3412fbf Add another transport option as proof of concept for STARTTLS. 2015-04-29 19:20:25 +01:00
Sara Dickinson 3de15ad782 Change internal transport handling to use a list, not a fixed type 2015-04-24 16:29:08 +01:00
Sara Dickinson f2ae55858f First pass at making handshake async. Lots of issues with this code still 
- timeouts are not being rescheduled on fallback
- several error cases are not being handled correctly (e.g. 8.8.8.8) and a user callback is not always called
- the fallback mechanism is not generic (specific to tls to tcp)
 2015-04-23 17:46:31 +01:00
Willem Toorop 0ba6af3523 upstreams_cleanup from upstreams_dereference 2015-04-18 22:17:28 +02:00
Sara Dickinson 6c7ffc4e4e 1) Fix enum mapping error. 
2) Also add detection of TLS 1.2 in openssl during configure and warn that it if not available then TLS will not be available. Using TLS_ONLY in stub mode will then error with BAD_CONTEXT. TLS/TCP will fallback to TCP.

3) Explicitly disallow use of TLS_ONLY in RECURSIVE mode since it isn't supported yet. TLS/TCP will fallback to TCP.

4) Fix for MAC OS X build where openssl not linked correctly
 2015-04-17 18:38:13 +01:00
Sara Dickinson ab4fb8d9e9 Enable GETDNS_TRANSPORT_TLS_ONLY_KEEP_CONNECTIONS_OPEN for libunbound. Should only be used in stub mode. 
GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN still just does TCP.
Also some tidy up of new transport types.
 2015-04-17 15:50:08 +01:00
saradickinson 99aa79b48f First pass at TLS implementation - needs work! 2015-04-16 18:05:27 +01:00
Willem Toorop 56bb9dbbdc Pass along a userarg with context update callbacks 2015-04-02 14:42:26 +02:00
Willem Toorop 00f047816d EDNS cookies processing as stub 2015-03-22 10:50:48 -05:00
Willem Toorop 736f5ff157 No executable flags on source files 
Thanks Paul Wouters
 2015-01-20 12:16:49 +01:00
Willem Toorop 4a3d7fd8b2 Replace ldns_rbtree with getdns_rbtree 
As much as possible.
In dnssec ldns_rbtree is inderectly used via the dnssec_zone struct

This change forces use to embed the data in the nodes as getdns_rbtree does not have a data attribute. This is good because lesser allocs and free's and thus slightly faster and less likely to leak memory.
 2014-10-23 23:00:30 +02:00
Willem Toorop 6f6b8e65a2 Stub edns0 payload 1232 for IPv6 and 1432 for IPv4 2014-10-23 14:30:23 +02:00
Willem Toorop 484f98daf9 remove ldns_res from context 2014-10-23 14:14:55 +02:00
Willem Toorop fc6e583b4b Stub TCP pipelining 
TODO: Resolve issue with timeouts in async pipelining mode.
 2014-10-18 14:32:55 +02:00
Willem Toorop 181d8cd3f4 stub tcp lookups 
And the foundation for tcp keep connections open
 2014-10-18 00:25:41 +02:00
Willem Toorop 623c9b04a5 Retry stub with different upstream after timeout 
Backing off the broken upsteams so they are tried again (increasingly less)
 2014-10-16 14:24:13 +02:00
Willem Toorop b62e2bb84c Prepare datastructs for tcp stub resolving 2014-10-16 11:28:32 +02:00
Willem Toorop 8f254913f1 Sync functions use the async _loop functions too 
So async and sync functions now have the same code path
 2014-10-15 12:16:34 +02:00
Willem Toorop 768d8fbf4d _loop version for async funcs 
So they can be used by the sync functions with a libmini_event loop
 2014-10-14 00:14:25 +02:00
Willem Toorop 1f203485e2 eventloop separate from context & libmini_event 2014-10-08 15:42:33 +02:00
Willem Toorop 54e0b42dcd Timeouts via default mini_event extension 2014-10-06 23:04:12 +02:00
Willem Toorop 648153f98c Timeouts are 64 bits 2014-10-06 16:10:09 +02:00
Willem Toorop 2dcdfaba37 getdns_context_set_upstream_recursive_servers 2014-10-01 23:16:43 +02:00
Willem Toorop 1c6ce72f74 Parse /etc/resolv.conf ourselves 
At the ame time IPv6 local-link scope_id support
 2014-09-30 15:12:48 +02:00
saradickinson d9addba883 Second pass at implementing per query namespaces! 2014-09-25 15:59:05 +00:00