interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,978 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

2189 Commits

Author SHA1 Message Date
Willem Toorop 7af885396f Merge branch 'release/1.4.0' into release/1.4.0-merge-PR-377 2018-02-08 11:46:28 +01:00
Willem Toorop 87fec7f9b4 Merge branch 'feature/monitor-tool' into release/1.4.0 2018-02-07 17:11:28 +01:00
Willem Toorop a72359e058 Comply to new style transport logging 2018-02-07 17:08:55 +01:00
Willem Toorop 7d4ccabc7f Merge branch 'bugfix/opportunistic_fallabck' into release/1.4.0-merge-PR-377 2018-02-07 17:00:25 +01:00
Willem Toorop 0eba73a945 LibreSSL like OpenSSL < 1.0.2 2018-02-07 16:42:11 +01:00
Willem Toorop c28a293c9f "Pinset validation failure" error when it occurred 2018-02-07 14:38:31 +01:00
Willem Toorop 9c5a93bbdf Merge branch 'develop' into devel/spki_pinset_via_tlsa_checking 2018-02-07 14:12:24 +01:00
Willem Toorop e944203e55 Merge branch 'develop' of github.com:getdnsapi/getdns into develop 2018-02-07 13:50:53 +01:00
Willem Toorop 82c00eb0a5 version.bind CH TXT for getdns_query 2018-02-07 13:50:29 +01:00
Jim Hague 13d7a730ee Further mitigate cache effects for OOOR by adding random label to delay lookup. 
It turns out that delay.getdnsapi.net only pays attention to the left-most label.
 2018-02-07 12:41:24 +00:00
Jim Hague a25f832d8a Remove timeout argument from keepalive test. 
The client doesn't send a timeout value to the server, so there's no point having this argument.
 2018-02-01 16:04:22 +00:00
Willem Toorop ec8b8ba903 One more fixing the fixes fix that slipped through 2018-01-31 14:41:13 +01:00
Willem Toorop 9bc98272a1 Fixing the fixes 2018-01-31 14:33:31 +01:00
Willem Toorop 97b056c355 Prevent erred TCP connection to be rescheduled ... 
for reading (or writing) when an reply comes in.

Thanks Maddie!
 2018-01-30 15:21:46 +01:00
Willem Toorop 1f401f7253 Do not return freed netreqs! 2018-01-30 12:40:47 +01:00
Willem Toorop 2e03d3799c Memory leak on some TLS creation error cases 2018-01-30 12:23:23 +01:00
Jim Hague 3b5657e580 Reduce delay on OOOR delayed lookup. 
A delay of 1000ms was causing frequent lookup timeouts e.g. on 9.9.9.9. We hypothesise that the delay causes an internal timeout in the server to fire. So reduce the delay to a smaller value that seems to leave the test working but reduces the incidence of timeouts.

We observe this still leaves timeouts on TLS connections to 9.9.9.9. These seem to occur only on TLS connections, and reducing the delay much further does not alter the observed behaviour. We guess there is something else going on there.
 2018-01-29 10:17:54 +00:00
Sara Dickinson 7e3439efbc Improve handling of opportunistic back-off. If other transports are working, don’t forcibly promote failed upstreams just wait for the re-try timer. 
Clean up logs.
 2018-01-24 13:13:14 +00:00
Willem Toorop 4f37d2b933 No wildcard expansions allowed for RRs used in DNSSEC proofs 
Signatures of DNSKEYs, DSs, NSECs and NSEC3s can not be wildcard expansions when used with DNSSEC proofs.
Only direct queries for those types are allowed to be wildcard expansions.

This in response to https://unbound.net/downloads/CVE-2017-15105.txt, although getdns was not vulnerable for this specific issue.
 2018-01-23 16:50:05 +01:00
Jim Hague 037f6039c8 Improve AsciiDoc table formatting. 2018-01-23 13:53:08 +00:00
Jim Hague 01ea1d6a22 Note TLS 1.3 is experimental. At least until we find a stable test server. 2018-01-23 13:47:31 +00:00
Jim Hague b0661b9d9f Add a tool README. 
Use AsciiDoc for this, as the GitHub table support in Markdown is woeful. But AsciiDoc is always better than Markdown anyway.
 2018-01-23 13:45:55 +00:00
Jim Hague 8ba53f10b6 Correct RTT warning and critical default thresholds. 2018-01-23 13:45:09 +00:00
Jim Hague fcaa4f9845 Reflow usage message entry. 2018-01-23 12:37:14 +00:00
Jim Hague f3b2f83879 More output tittivating. Make verbose by default in non-monitoring mode. 2018-01-23 12:14:40 +00:00
Jim Hague a4f17760ab Revise rcode_text() to get text from getdns, and add rrtype_text(). 2018-01-23 12:13:59 +00:00
Jim Hague 7e884e2cd0 Rename concurrent to OOOR (Out Of Order Responses). 2018-01-23 11:30:12 +00:00
Jim Hague bedd3a02cf Revise concurrency test to use <n>.delay.getdnsapi.net. 
This gives more secure results than the previous method.
 2018-01-22 17:39:25 +00:00
Jim Hague 1e774a95f5 Don't rely on GCC extensions. 2018-01-22 16:49:53 +00:00
Jim Hague 8c3047dbe0 Add 'concurrent' test 
The concurrent test works by sending a known good query synchronously,
and then sending asynchronous queries for three random TLDs followed by
the known good query. The latter should be answerable from cache, and so
give a result before at least one of the random TLDs.
 2018-01-22 16:49:53 +00:00
Willem Toorop d38f233a80 Track readbuf free's 
As tcp_connection_destroy() might be called more than once per connection (depending on outstanding work)
 2018-01-22 16:56:48 +01:00
Jim Hague f9e4c9f853 Revise output. 
If in monitoring mode, make output conform to Nagios norms. This starts with the probe type and result, so we need to save output generated during the operation and print it at the end.

If not in monitoring mode, make the formatting more expansive.
 2018-01-22 14:36:54 +00:00
Jim Hague 0291e205fd Add TLS 1.3 test. 
Add a new item tls_version to call_reporting, containing the OpenSSL version string for the name of the protocol used for the connection.

The test does a normal lookup, but first sets the cipher list to TLS1.3 only ciphers. This will cause a Bad Context error at search time, so we can tell if the underlying OpenSSL library lacks TLS 1.3. The check the call reporting for a TLS version of "TLSv1.3".
 2018-01-19 15:56:40 +00:00
Jim Hague 62ad159f15 Update dnssec-validate. Check we can retrieve info for bogus domain, and remove must use TCP flag. 
Run a second query with the CD bit set and check that succeeds.
 2018-01-19 14:51:46 +00:00
Jim Hague 3fd4f7f240 Add 'dnssec-validate' test. 
This test checks whether the server does DNSSEC validation. If it manages to find an A record for dnssec-failed.org, it doesn't.
 2018-01-19 14:51:46 +00:00
Jim Hague 1a3025a405 If server does not return expected TXT in qname-min, return UNKNOWN not WARNING. 2018-01-18 17:17:16 +00:00
Jim Hague ea035fa82e Correct some code formatting. 2018-01-18 17:16:28 +00:00
Jim Hague add818fea2 Remove dependency on timegm() when using OpenSSL < 1.0.2. 
Convert dates to Julian and diff. This is basically what ASN1_TIME_diff() does internally.

And that's quite enough near-pointless polishing here.
 2018-01-18 10:55:44 +00:00
Jim Hague 00c17dca14 Add to certificate time conversion to cope with pre-1.0.2 OpenSSL. Also tag printed time with UTC. 
The time parse with pre-1.0.2 is a best effort, and relies on timegm() to convert struct tm in UTC to time_t. There being attractive alternative. Isn't C time handling grotty?
 2018-01-17 18:38:28 +00:00
Willem Toorop 155b035cd8 Forgot to surround surround yaml include with defines 2018-01-17 17:07:36 +01:00
Jim Hague 760269acbd Make internal types POSIX-compliant by not naming them *_t. 
See: http://pubs.opengroup.org/onlinepubs/9699919799/xrat/V4_xsh_chap02.html#tag_22_02_12_01

The change tacitly ignores the colossal number of coach and horses the entire world, including getdns, has stampeded through this POSIX hope for decades, but simply hopes for some small recognition when the Recording Angel tots up the damages.
 2018-01-17 15:35:56 +00:00
Jim Hague 6bd0f8b980 Encode exit status words in () to make it clear that it's not part of the sentence. 
'Server validates OK' -> 'Server validates (OK)'
 2018-01-17 15:24:17 +00:00
Jim Hague 3666d994a7 Add 'keepalive' test and supporting changes to getdns library. 
Checking for server support for keepalive means we need to know if the server did send a keepalive option to the client. This information is not currently exposed in getdns, so add a flag 'server_keepalive_received' to call_reporting. This is 0 if not received, 1 if received. If received, the actual timeout is in 'idle timeout in ms', though watch out for the overflow alternative.
 2018-01-17 15:17:20 +00:00
Jim Hague a4ff6de985 Add 'tls-padding' test. 2018-01-16 12:59:03 +00:00
Jim Hague fdafb458ef Decide we don't want return_both_v4_and_v6 on queries. 2018-01-16 12:19:33 +00:00
Jim Hague b8424e494d Fix up some small usage typos, and don't report result if issuing test usage message. 2018-01-16 11:05:16 +00:00
Jim Hague 5ea0edf262 Update usage. 2018-01-15 17:42:57 +00:00
Jim Hague 8dc3a84735 Add options specifying transport. 2018-01-15 17:42:43 +00:00
Jim Hague 3438c68591 Prefix TLS-only options with 'tls-'. 2018-01-15 13:26:09 +00:00
Jim Hague 08b5976f9c Decouple from getdns config. This is now a pure getdns client. 2018-01-15 13:19:48 +00:00
Jim Hague 3298b5cd50 Extract common processing into search_check() and parse_search_check(). 2018-01-15 12:37:57 +00:00
Jim Hague cb7af33488 Some tests imply TLS. Explicitly make sure these always go over TLS. 2018-01-15 11:28:11 +00:00
Jim Hague 77a5a15cdf Minor output corrections. 2018-01-15 11:02:14 +00:00
Jim Hague 22996bf07d If TLS auth name given, lookup is to go over TLS. 2018-01-15 11:00:12 +00:00
Jim Hague c0d7d2c279 Print exit status at end of main output line. 2018-01-15 10:27:10 +00:00
Jim Hague 5d4bc8bc96 Add rtt test. 2018-01-15 10:16:26 +00:00
Jim Hague b9312e790f Correct certificate expiry custom threshold handling. 2018-01-15 10:01:01 +00:00
Jim Hague 3258fdfd5a Tabs? Spaces? Currently both, switch to spaces only. 2018-01-14 23:28:55 +00:00
Jim Hague 379662a3f3 Add plain lookup test. 2018-01-14 13:41:44 +00:00
Jim Hague 60118e9241 Improve cert-valid argument order to most likely first. 2018-01-13 14:56:55 +00:00
Jim Hague e7618321ce Add cert-valid test. 2018-01-12 18:21:38 +00:00
Jim Hague e597daa4c0 Add 'auth' test. 2018-01-12 17:23:42 +00:00
Jim Hague 305daab9aa Add first version of getdns_server_mon. 
Currently only QNAME minimisation check is working.
 2018-01-12 16:11:48 +00:00
Norbert Copones 0fa6d1fe2d src/stub.c: LibreSSL has hostname verification turned on by default 2018-01-12 05:44:27 +08:00
Willem Toorop d44237554d No warnings from danessl allowed 2018-01-11 12:40:01 +01:00
Willem Toorop dd433ede68 Merge branch 'develop' into devel/spki_pinset_via_tlsa_checking 2018-01-10 14:36:43 +01:00
Willem Toorop a746ea5e08 Dependencies 2018-01-10 14:36:33 +01:00
Willem Toorop 6b4446c7cd Suppress compiler warnings in danessl library 2018-01-10 14:34:25 +01:00
Willem Toorop 712617e568 Dead assignment (without stub debugging) 2018-01-10 13:54:18 +01:00
Willem Toorop 7c5bdd5431 Use danessl submodule when OpenSSL version between 1.0.0 and 1.1.0 2018-01-10 12:47:14 +01:00
Willem Toorop 9e34588f19 logic error 2018-01-08 16:04:40 +01:00
Willem Toorop 546b75a9b1 libidn2 support. Thanks Paul Wouters 2018-01-08 12:54:48 +01:00
Willem Toorop a1e5cc44a0 Add https://github.com/vdukhovni/ssl_dane submodule 2018-01-08 10:33:25 +01:00
Willem Toorop 608189710c Log printing in getdns_query 2018-01-04 16:35:22 +01:00
Willem Toorop 2471f43dea Less logging with successful authenticated upstreams 2018-01-04 16:15:50 +01:00
Willem Toorop 540735a956 Check pins with DANE functions when available 2018-01-04 15:58:09 +01:00
Willem Toorop 03d4950470 We need to set transport list before first query 
(this needs to be reviewed...)
 2017-12-21 16:49:19 +01:00
Willem Toorop 9aa1d067d2 Detect dnsmasq and skip the unit test that fails with it 
This actually resolves issue #300
Thanks Tim Rühsen and Konomi Kitten
 2017-12-21 16:21:10 +01:00
Willem Toorop aa419a88d0 Skip some more truncation issues with dnsmasq 2017-12-21 16:01:48 +01:00
Willem Toorop 81ffa2f48d Skip test that breaks with dnsmasq 
when SKIP_DNSMASQ_ISSUE variable is test.
Helps out a little with issue #300
 2017-12-21 15:45:58 +01:00
Willem Toorop 0ef910b9ee read_buf's may remain on canceled tcp requests 2017-12-21 14:53:54 +01:00
Willem Toorop 97cc67d026 s/CApath/tls_ca_path/g s/CAfile/tls_ca_file/g 2017-12-21 13:08:01 +01:00
Willem Toorop ae38a29a50 Upstream specific tls_cipher_list's 2017-12-21 12:30:15 +01:00
Willem Toorop 8f88981efe rename set_cipher_list() to set_tls_cipher_list() 2017-12-21 11:35:05 +01:00
Willem Toorop 7fe3bd6a1f getdns_context_set_ciphers_list() 2017-12-20 13:13:02 +01:00
Willem Toorop 274bc9bc4a Merge branch 'develop' into release/1.2.2 2017-12-20 09:37:56 +01:00
Pascal Ernster 65c7a738eb
Add support for TLS 1.3 and Chacha20-Poly1305 
Add support for TLS 1.3 (requires OpenSSL 1.1.1) and Chacha20-Poly1305 (requires OpenSSL 1.1).

Older OpenSSL versions will simply ignore ciphersuite specifications they don't understand and use the subset which they do unterstand.

Note that "EECDH" does *not* select anonymous cipher suites (as opposed to "kECDHE").
 2017-12-15 20:01:30 +00:00
Sara Dickinson 00d3232ba4 Fix windows build 2017-12-15 16:53:23 +00:00
Willem Toorop ac17d4ebed We need a specific install location for tests builds ... 
to not load default library
 2017-12-14 11:53:15 +01:00
wtoorop 9c35fa1643
Merge pull request #364 from saradickinson/move_macos_script 
Update makefile because a file in Stubby was moved
 2017-12-13 16:35:32 +01:00
Willem Toorop 0615457dfa Resolve constant conflict 2017-12-13 15:43:36 +01:00
Sara Dickinson d232353f93 Update makefile because a file in Stubby was moved 2017-12-13 14:22:52 +00:00
Willem Toorop 2c66487635 Merge branch 'devel/dnssec_meta_queries' into release/1.2.2 2017-12-13 14:52:00 +01:00
Willem Toorop 5f1a2f8659 Merge branch 'features/CA_verify_locations' into release/1.2.2 2017-12-13 14:49:42 +01:00
Willem Toorop a63e5edb86 trust-anchor meta queries need to be done opportunistic too 
In anticipation of DANE authenticated upstreams
 2017-12-13 12:58:24 +01:00
Willem Toorop e691312a3f Schedule DNSSEC meta queries against existing context 2017-12-13 12:50:03 +01:00
Willem Toorop 362d168380 no_dnssec_checking_disabled extension for internal use only 2017-12-13 12:36:02 +01:00
Willem Toorop d5518bad67 Return which extensions are set 
(for programs (Stubby) to know whether a context will do native dnssec validation or not)
 2017-12-13 11:12:49 +01:00
Willem Toorop da3f023d8f set_CApath() and set_CAfile() for alt verify locs 2017-12-12 15:10:37 +01:00
Willem Toorop 96ed06c6a9 Initialize context with given resolv.conf and hosts files 
- getdns_context_create with set_from_os set will simply call these
  functions with the defaults

+ filechg_check is simplified somewhat (reducting memory management)
+ get OpenSSL version version via get_api_information()
 2017-12-12 12:24:31 +01:00
Willem Toorop 01197f10ff Merge branch 'develop' into features/resolvconf 2017-11-29 15:25:50 +01:00
wtoorop b105faad7d
Merge pull request #360 from getdnsapi/bugfix/private_ecs_with_family 
Bugfix #359: edns_client_subnet_private should set family
 2017-11-28 16:59:37 +01:00
Willem Toorop 8c87028d77 Only get root-anchors.xml when BOGUS root dnskey... 
did have signatures which did not validate
 2017-11-28 16:58:12 +01:00
Willem Toorop 2a39b6e2e8 Handle the uninitialized memory error the brutal way 
Because clang (or valgrind with clang) is just wrong here
 2017-11-28 16:51:28 +01:00
Willem Toorop 72eb8628d0 Report on single unit tests too 2017-11-28 16:44:08 +01:00
Willem Toorop 543435d89d Clang bitfield issue 2017-11-28 16:40:17 +01:00
Willem Toorop 025f1cdff3 set_from_os last to initialize ... 
... because it is initialized with values from context itself!
I.e. context->tls_backoff_time, context->tls_connection_retries and context->log are used to initialize upstreams in upstreams_create() called from set_from_os
 2017-11-28 16:04:23 +01:00
Willem Toorop 30e440d35c Access of freed memory in stub DNSSEC cleanup code 
Should fix the latest core dump reported in getdnsapi/stubby#34
 2017-11-27 15:26:45 +01:00
Willem Toorop 323239be58 Scan valgrind logs for errors too 2017-11-27 15:02:32 +01:00
Willem Toorop 27847b9a0a Initialize context->sys_ctxt! 2017-11-23 13:23:00 +01:00
Willem Toorop 6afb02b2f1 Bugfix #359: edns_client_subnet_private should set family 
Thanks Daniel Areiza
 2017-11-23 13:20:42 +01:00
Willem Toorop c3cdf496e3 Meta queries to upstreams from resolvconf setting 2017-11-23 12:48:48 +01:00
Willem Toorop c0a3babe0a Separate sys_ctxt for meta queries 2017-11-23 12:44:40 +01:00
Willem Toorop 3e16075563 Test getdns_context_create2 with getdns_query 2017-11-23 12:26:40 +01:00
Willem Toorop ed6c7a6b58 getdns_context_create2 and family that set an ... 
... alternative resolvconf file
 2017-11-22 15:49:30 +01:00
Willem Toorop a7a6240202 Set default resolvconf and hosts during configure 2017-11-22 15:01:38 +01:00
Willem Toorop 3a1cb30c28 BOGUS answer because unable to fetch root DNSKEY... 
... should not cause segfault
 2017-11-21 15:38:49 +01:00
Willem Toorop 8821c1c8cf Merge branch 'release/1.2.1' into develop 2017-11-11 10:24:25 +08:00
Willem Toorop 260416a859 Ignore SIGPIPE signal (for not suddenly stopping) 2017-11-10 10:42:17 +01:00
Willem Toorop 6f20016889 default_trust_anchor_location in api_information 
instead of trust_anchor_file
 2017-11-10 10:35:41 +01:00
Sara Dickinson 26eb5b8969 Add DESTDIR to runstatedir creation path 2017-11-08 11:38:52 +00:00
wtoorop 168d83ac19
Merge pull request #353 from getdnsapi/devel/errno_handling 
Handle more harmless I/O error cases +
 2017-11-03 20:00:40 +01:00
Willem Toorop 439f41149b Last rename + explicit EMFILE check replacement 2017-11-03 16:42:38 +01:00
Willem Toorop 9b019b8c6e Check errno is not 0 before testing errors 2017-11-03 16:29:43 +01:00
Willem Toorop 4508ec77fb Few more renames 2017-11-03 16:26:19 +01:00
Willem Toorop 3b7b83e309 Review comments from Jim 2017-11-03 15:41:31 +01:00
Willem Toorop a8fac29a66 Handle more harmless I/O error cases + 
- never exit on I/O errors
- never stop listening on I/O errors
- extended platfrom.[ch] with _getdns_strerror()
 2017-11-03 13:50:13 +01:00
wtoorop b683cc4870
Merge pull request #352 from saradickinson/bugfix/make_runstatedir 
Make sure the runstatedir exists
 2017-11-03 13:42:52 +01:00
Sara Dickinson 4b8ea64140 Make sure the runstatedir exists 2017-11-02 16:55:25 +00:00
Willem Toorop 2434336ead Include all RRSIGs in validation chain 
Because we don't know algorithm support of other validators.

But still canonicalize the RRset with the one used to validate just because we can.
 2017-11-02 12:42:26 +01:00
Willem Toorop 7e103217c6 unsigned RRs in authority section with BIND 
when +CD flag is used
 2017-11-01 16:47:28 +01:00
Willem Toorop 270c3d654f Support DNSSEC validation without support records 2017-11-01 15:28:46 +01:00
Willem Toorop b4ae4b7121 Cannot fetch DNSKEY when in DNSKEY callback ... 
for the same name in full recursion
 2017-11-01 15:01:58 +01:00
Willem Toorop 4669956391 retry full recursion bogus answers only when... 
dnssec validation was requested in the first place
 2017-11-01 10:59:55 +01:00
Willem Toorop 09b4f6d57d One more _getdns_perror 2017-10-31 16:22:09 +01:00
Willem Toorop 12272dda36 Merge branch 'develop' into devel/robustness 2017-10-20 16:10:35 +02:00
Willem Toorop 971d876c70 Dependencies 2017-10-20 15:59:42 +02:00
Willem Toorop b2d32430f6 Merge branch 'develop' into features/mingw-win10-perror 2017-10-20 15:57:50 +02:00
Willem Toorop fc073267f1 Dead assignment 2017-10-19 14:14:37 +02:00
Willem Toorop f8e1ed78b8 Make upstream_reset static (and not shared between .c files) 2017-10-19 12:48:58 +02:00
Willem Toorop 5ce764ab70 Merge branch 'devel/robustness' into devel/robustness_bugfix 2017-10-19 12:37:53 +02:00
Willem Toorop 272d0cf0ef Allow clearing of upstreams 2017-10-19 12:35:10 +02:00
Sara Dickinson ddade192a3 Merge branch 'devel/robustness' of https://github.com/getdnsapi/getdns into devel/robustness_bugfix 2017-10-19 10:37:08 +01:00
Sara Dickinson 8886c5317d Fix 2 bugs: 
- backoff time was not incrementing correctly
- best authentication information state was not being kept for shutdowns during setup (needed if e.g. hostname authentication failed during handshake).
 2017-10-19 10:36:46 +01:00
Willem Toorop 87879783ec Postpone dealing with upstream derenferencing issue 2017-10-18 14:33:59 +02:00
Willem Toorop eedd1a1448 Eat incoming garbage on statefull transports 
Can deal with timed out queries that are answered anyway.
+ reset the upstream on failure always
  (since requests are rescheduled for fallback by upstream_failed now anyway)
 2017-10-17 16:58:01 +02:00
Willem Toorop dc5a78b154 Printing something which is not on stack 
(causing segfault in some cases)
 2017-10-17 14:19:59 +02:00
Willem Toorop f83c8e217e Decrease assumptions based on network_by_query_id 2017-10-17 13:47:29 +02:00
Willem Toorop ee4feb0cc6 Clean parallel builds too 2017-10-17 13:32:56 +02:00
Willem Toorop 11e4635f2b Dependencies 2017-10-17 13:32:41 +02:00
Willem Toorop ce4c44830d Unused variables 2017-10-16 15:26:00 +02:00
Willem Toorop 968d94d2be atomic netreq removal from write_queue in upstream_write_cb 2017-10-16 14:17:49 +02:00
Jim Hague 4ca8ee008b Add _getdns_perror(). On Windows this reports Winsock errors. 2017-10-06 18:15:18 +01:00
Jim Hague 34f4e13833 Have separate Windows DEBUG_NL() similar to DEBUG_ON(). 
This removes a build warning.
 2017-10-06 16:24:56 +01:00
Jim Hague 4b5303e6fb Merge branch 'features/mingw-win10' into features/mingw-win10-warnings 2017-10-06 15:28:10 +01:00
Jim Hague 5e415b60b6 Add missing platform.h include. 2017-10-06 15:04:49 +01:00
Jim Hague 74eaf4b03e Previous commit omitted platform.h. 2017-10-06 14:38:59 +01:00
Jim Hague eb6da94e25 Convert one more poll() to _getdns_poll(). 2017-10-06 12:07:47 +01:00
Jim Hague dc7daede40 Move Windows/Unix functions into new platform.h. 2017-10-06 12:07:15 +01:00
Jim Hague 0874a0a472 Use PRI format strings in wire2str.c and remove ARG_LL. 2017-10-05 19:17:12 +01:00
Jim Hague ff7c85ab20 Fix build errors introduced by a0c3134. 2017-10-05 12:43:35 +01:00
Jim Hague 0895522734 Merge branch 'develop' into features/mingw-win10 2017-10-05 10:52:06 +01:00
Jim Hague 1eae1ad96b Fix problem where Stubby stops listening to UDP on Win10. 
Winsock can return ECONNRESET when receiving UDP via recvfrom() if an ICMP Port Unreachable has been received. Rather than treat the socket as being in error and closing it, just ignore the error.
 2017-10-04 17:42:06 +01:00
Jim Hague 757becc812 write() on a socket is equivalent to send() with flag value of 0. 2017-10-04 17:32:52 +01:00
Jim Hague a0c313412d Adjust Unix socket/Winsock handling. 
Centralise it into util-internal.h, remove duplicate definitions from mdns, and add new pseudo-functions _getdns_closesocket(), _getdns_poll() and _getdns_socketerror(). Convert error values to simple values and convert error checking to use _getdns_socketerror() and the simple values. The simple values can also be used with the result from getsockopt() with SO_ERROR in stub.c.
 2017-10-04 17:31:33 +01:00
Willem Toorop ffc72ff253 Rearrange includes for finding inet_ntop on Windows 
+ make sure stubby is linked with initial LDFLAGS (i.e. static) as well
 2017-10-03 17:09:33 +02:00
Willem Toorop 3e221ebed5 Fix parallel make install's 2017-10-02 16:36:07 +02:00
Willem Toorop d1aebd3c24 Don't test hostname auth without support in libssl 2017-09-29 11:07:43 +02:00
Willem Toorop 23daf9aac3 Fix TLS authentication 2017-09-28 22:17:36 +02:00
Willem Toorop a9ba50dff1 Fail transport test on failures 2017-09-28 22:17:06 +02:00
Willem Toorop e75cf0b7a3 A missing symbol fails on macos 2017-09-28 20:21:10 +02:00
Willem Toorop c3df13b27c PATH_MAX can be in sys/limits.h too.. 
and must have a fallback value
 2017-09-28 19:45:16 +02:00
Willem Toorop 52a4500792 Signedness error 2017-09-28 15:13:57 +02:00
Willem Toorop 15eec724a5 Portable CR to CRLF conversion 2017-09-28 15:09:55 +02:00
Willem Toorop 078c50f1b2 fread with mingw32 compiled can return < file sz, 
because it automatically converts \r\n into \n
 2017-09-28 15:09:16 +02:00
Willem Toorop b9260f8fca Install Windows format stubby.yml on Windows 2017-09-27 16:24:32 +02:00
Willem Toorop 3ab01cf45d Dont do yaml tpkg test 2017-09-27 13:27:24 +02:00
Willem Toorop cefeed2b47 PRIsz usage like PRIu64 etc. 2017-09-27 13:15:12 +02:00
Willem Toorop 7ac289f726 dependencies 2017-09-27 13:07:11 +02:00
Willem Toorop a7fc760141 Dependencies 2017-09-27 12:47:01 +02:00
Willem Toorop bf2e08e2df Move yaml config handling to Stubby 2017-09-27 12:45:13 +02:00
Willem Toorop 114b5785f7 Doxygen documentation for Zero configuration DNSSEC 
+ rename of getdns_context_(get|set)_trust_anchor_*()
         to getdns_context_(get|set)_trust_anchors_*()
 2017-09-22 12:25:56 +02:00
Willem Toorop a3bfee7d0a Issues from unit tests 2017-09-22 11:12:27 +02:00
Willem Toorop da2aa634d3 Make appdata_dir configurable + 
settings via getdns_context_config()
 2017-09-21 17:06:29 +02:00
Willem Toorop 1b47ce4d10 Slightly different function prototypes 2017-09-21 12:38:49 +02:00
Willem Toorop 712f62a4c1 Things that came out of compiling on Windows 2017-09-21 11:03:38 +02:00
Willem Toorop 8897bdf18f dependencies 2017-09-20 15:55:24 +02:00
Willem Toorop 7c229c40cd Merge branch 'features/zeroconf-dnssec' into release/v1.2.0 2017-09-20 15:45:27 +02:00
Willem Toorop fbc1526f47 Merge branch 'devel/compile-on-windows' into release/v1.2.0 2017-09-20 15:40:31 +02:00
Willem Toorop e6536bb2ef Typo 2017-09-20 15:18:43 +02:00
Willem Toorop 36943a4380 A dnsreq is bogus if any of its netreqs is 2017-09-20 14:42:35 +02:00
Willem Toorop 17d7ee79f2 Fix NULL pointer dereference 2017-09-20 12:44:14 +02:00
Willem Toorop f0f2afbca7 Fetch TA before resolve for full recursion too 2017-09-20 12:40:59 +02:00
Willem Toorop e2abb8aff4 Fetch TA when ZONE or APP TASRC and bogus answer 2017-09-20 11:44:21 +02:00
Willem Toorop 34d35f9e79 Track updating TA's with root DNSKEY rrset 2017-09-20 10:30:13 +02:00
Willem Toorop e2ffaf3e07 Less activity to detect XML verify failure 2017-09-18 11:49:43 +02:00
Willem Toorop 737f49d2cc Setup libunbound ta's after processing XML 2017-09-18 09:59:22 +02:00
Willem Toorop 463855d274 Writability test for application data 2017-09-16 18:16:21 +02:00
Willem Toorop aa74c0a3d5 One more pleasing travis fix 2017-09-14 16:43:10 +02:00
Willem Toorop e6051976dd travis specific fixed 2017-09-14 16:32:53 +02:00
Willem Toorop 57e6487d76 Some more fixes specific to travis 2017-09-14 16:02:37 +02:00
Willem Toorop 6d29f7fb65 Fix issues accumulated when tpkg didn't work 2017-09-14 15:14:00 +02:00
Willem Toorop 8c4ed6294e Merge branch 'develop' into features/zeroconf-dnssec 2017-09-14 12:27:47 +02:00
Willem Toorop 836c651539 Initial fixes from John to compile getdns on Windows 2017-09-14 12:25:25 +02:00
Willem Toorop f31eb517e0 Lazy TA and time checking 2017-09-14 11:47:02 +02:00
Jim Hague dcc6cd36c6 Merge pull request #2 from saradickinson/features/yaml 
Change extension from .yaml to .yml
 2017-09-13 17:56:47 +01:00
Jim Hague 80b2eacc26 Merge branch 'develop' into features/yaml 2017-09-13 16:55:11 +00:00
Jim Hague b20aedd182 Update the getdns_yaml2*() Doxygen comments. 2017-09-13 17:42:24 +01:00
Sara Dickinson 8618e4b731 Change extension from .yaml to .yml 2017-09-13 17:41:16 +01:00
Jim Hague 8139201f12 Allow YAML input to be just a list or scalar as well as a map. 
This allows getdns_yaml2list(), getdns_yaml2bindata() and getdns_yaml2int() to work as expected.

Update the YAML test to check these.
 2017-09-13 17:29:41 +01:00
wtoorop 22d1345491 Merge pull request #333 from saradickinson/variable_tls_backoff 
Variable tls backoff
 2017-09-13 17:00:56 +02:00
Willem Toorop 92a0db58da Merge remote-tracking branch 'upstream/develop' into features/zeroconf-dnssec 2017-09-13 16:56:33 +02:00
Sara Dickinson 8fab939d2c Merge branch 'features/yaml' of https://github.com/banburybill/getdns into features/yaml 2017-09-13 15:53:47 +01:00
Jim Hague 0c39696b64 Add '-f' to tpkg usage message. 2017-09-13 15:50:20 +01:00
Sara Dickinson 8f683ef3c9 Merge branch 'develop' of https://github.com/getdnsapi/getdns into variable_tls_backoff 2017-09-13 15:50:17 +01:00
Sara Dickinson 8c331d580a Improve usage of getdns to make file extension clearer 2017-09-13 15:48:42 +01:00
Jim Hague 9e47919f42 Merge commit 'a9029581bc18870e8a1b84f77e546500bad7ec0e' into features/yaml 2017-09-13 15:46:47 +01:00
Jim Hague 57c40b147d Fix capturing exit code of a test. 
tpkg was not capturing the exit code of the test, but the exit code of the write_result actions.
 2017-09-13 15:02:36 +01:00
Jim Hague 9683a64f73 Add test 255-yaml-config with basic test of getdns_yaml2dict. 2017-09-13 15:01:13 +01:00
Sara Dickinson f0190e4f03 Add 2 missing parameters from the config output 2017-09-13 13:02:01 +01:00
Willem Toorop 8f3ce9af35 Configurable zero configuration DNSSEC parameters 2017-09-13 14:00:54 +02:00
Jim Hague c74e8353a8 Move to clang-friendly way of marking unused function parameters as used. 2017-09-13 12:50:18 +01:00
Sara Dickinson 453b94269b Updates to makefiles for s/stubby.conf/stubby.yaml 2017-09-13 12:45:56 +01:00
Sara Dickinson f53e5645d9 Improve the comments about the new backoff handling. 
Remove unnecessary log.
 2017-09-13 10:00:56 +01:00
Jim Hague 6c95f4177d Add YAML configuration option. 
Add new extra functions getdns_yaml2(dict|list|bindata|value)(). These are like their getdns_str2() counterparts, but take YAML input rather than JSON.

YAML introduces a new dependency, on libyaml. YAML can be disabled at configuration time, in which case the dependency is removed.

Modify getdns_query such that if a configuration file name includes ".yaml" it will be processed as a YAML configuration, not a JSON configuration.

Internally, getdns_yaml2*() work by passing the YAML string through a simple translation to JSON. At present, this translation assumes that configuration is the only use case, and so will error if the outer layer of the YAML input is not a map. This in effect means that at present all getdns_yaml2*() functions apart from getdns_yaml2dict() will give an error on the YAML translation to JSON.
 2017-09-12 16:47:57 +01:00
Sara Dickinson b760a2ced2 Refine the logging levels to match the errors given when backing off, etc. 2017-09-12 15:01:02 +01:00
Sara Dickinson 729af1d159 Allow backed-off upstreams to be re-instated if all our upstreams are unusable (e.g. if the network is down). 
But limit re-tries for a given netreq to the total number of upstreams before failing. This should (roughly) allow 2 retries per upstream of the correct transport before bailing out. Otherwise we are stuck in a loop retrying forever!
 2017-09-12 13:47:56 +01:00
Willem Toorop 8aa46b305d Merge branch 'develop' into features/zeroconf-dnssec 2017-09-11 11:09:58 +02:00
Sara Dickinson 42945cfc08 Make the backoff time incrementally increase until the upstream starts working again 2017-09-08 17:28:37 +01:00
Sara Dickinson 2e4e3873e4 First pass at fixing problems when connections to servers are lost. 
Need to reset connection state if connections fail at setup and on read/write if there are no more messages queued.
This means we will back-off servers that fail, so we should think about using a shorter backoff default in stubby
because otherwise temporarily loss of the network connection will mean having to restart stubby.
Also some minor changes to logging.
 2017-09-06 11:05:08 +01:00
Willem Toorop c6d40d9adc Merge branch 'develop' into features/zeroconf-dnssec 2017-09-04 16:43:37 +02:00
Willem Toorop d2c258158f Flag for live logging 2017-09-04 10:04:17 +02:00
Willem Toorop 48209a038c Fix things that came out of static analysis 2017-09-02 12:47:04 +02:00
Willem Toorop 084286513f Fix permissions 2017-09-02 12:18:57 +02:00
Willem Toorop f25ae85030 Get keys from correct position 2017-09-02 12:10:50 +02:00
Willem Toorop d340305dcc Show tpkg execution live 2017-09-02 11:38:20 +02:00
Willem Toorop 2b07f221c4 And actually copy over results 2017-09-02 11:22:01 +02:00
Willem Toorop bf31b2f7db Collect report from static analysis 2017-09-02 11:20:21 +02:00
Willem Toorop 21f538f60c Forgot ; 2017-09-01 17:00:34 +02:00
Willem Toorop bf23968226 Final for loop initializations elimination 2017-09-01 16:50:31 +02:00
Willem Toorop 70ec5ea4d0 Some more for loop initializations 2017-09-01 16:34:06 +02:00
Willem Toorop 5c8765fefe No variable initializations in for loops 2017-09-01 16:23:26 +02:00
Willem Toorop 98379bbd38 Add RR type DOA 
Without rdata yet, just to pass unit tests
 2017-09-01 16:10:56 +02:00
Willem Toorop 2ed2871549 Merge branch 'develop' into features/zeroconf-dnssec 2017-08-30 15:09:39 +02:00
Willem Toorop fe6d2c9749 /* fallthrough */ must be first comment before case 2017-08-24 13:58:13 +02:00
Willem Toorop 5a94081634 Make switch/case fallthroughs explicit 
+1 fallthrough bugfix in getdns_query
 2017-08-24 13:51:58 +02:00
Sara Dickinson a6669482d8 Merge pull request #329 from getdnsapi/devel/without-stubby 
Devel/without stubby
 2017-08-23 15:25:27 +01:00
Willem Toorop f949f4a136 Sync with unbound 2017-08-22 12:42:52 +02:00
Willem Toorop 516570e1f8 Include stubby (building) in tpkg testing 2017-08-22 12:16:48 +02:00
Willem Toorop 6024f9d72e Merge branch 'develop' into devel/without-stubby 2017-08-22 11:27:11 +02:00