interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,283 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

244 Commits

Author SHA1 Message Date
Willem Toorop 04e554086a A configurable log function 
Currently used only for DAEMON_DEBUG
 2017-06-27 00:23:22 +02:00
Willem Toorop 9a273cf144 Get rid of superfluous struct member query_id 2017-06-15 21:24:40 +02:00
Willem Toorop 1d87437854 ERROR all outstanding netreqs whith a failed statefull upstream 
Remove the currently processed netreq first, so it can be retries with another upstream/transport.
We MUST add netreq to the netreqs_by_query_id map even before we write to it, to have a reliable store of taken query ids.
 2017-06-15 21:15:00 +02:00
Willem Toorop d9158e639b Clear netreq_by_query_id on upstream failure 
But don't error the specific netreq then!
 2017-06-15 17:21:05 +02:00
Willem Toorop e2be41d352 Don't segfault on IPv6 unavailability 
Resolved issue #306?  Review needed!
Shoud upstream_failed cancel all the netreqs?
 2017-06-14 15:36:53 +02:00
Willem Toorop e00100b388 s/recieve/receive/ 2017-06-09 11:24:51 +02:00
Willem Toorop 708e520989 Spelling fixes from Andreas Schulze 2017-04-11 23:33:24 +02:00
Willem Toorop c9b3e3cf7b Allow cleanup of naked idle timeouts 2017-04-06 20:50:34 +02:00
Willem Toorop 4ceec33d08 Do something about TLS renegotiation. 2017-04-06 11:46:10 +02:00
Willem Toorop e08d3592a0 Schedule timeout when collecting for dnssec chain 2017-04-06 11:20:08 +02:00
Daniel Kahn Gillmor 9de4d6537b Implement sensible default padding policy. 
This commit changes the semantics of tls_query_padding_blocksize()
slightly.  Where previously both 0 and 1 meant "no padding", this
commit changes 1 to mean "pad using a sensible policy".

At NDSS 2017's DNS privacy workshop, I presented an empirical study of
DNS padding policies:

https://www.internetsociety.org/events/ndss-symposium/ndss-symposium-2017/dns-privacy-workshop-2017-programme#session3

The slide deck is here:
https://dns.cmrg.net/ndss2017-dprive-empirical-DNS-traffic-size.pdf

The resulting recommendation from the research is that a simple
padding policy is relatively cheap and still protective of metadata
when DNS traffic is encrypted:

 * queries should be padded to a multiple of 128 octets
 * responses should be padded to a multiple of 468 octets

Since getdns is only currently doing queries over tls, we only have to
implement the first part of this policy :)
 2017-03-26 14:37:28 -05:00
wtoorop 148dfabf88 Merge pull request #276 from huitema/develop 
Fixing the select and poll event loops for Windows
 2017-03-26 10:20:48 -05:00
huitema 6f0b08a400 Fixing the select event loop so it does not give up for naked timers in Windows. 
Making sure the poll event loop works on windows.
Fixing the poll event loop so it does not give up for naked timers in Windows.
 2017-03-26 10:07:44 -05:00
Willem Toorop b7d16e3c89 One more leak 2017-03-25 17:00:02 -05:00
Willem Toorop 3eb6ebf5e4 Fix memory leak 2017-03-25 21:33:30 +01:00
Willem Toorop 5f6e47d091 Only equip with peer cert when transport is TLS 2017-03-25 21:26:05 +01:00
Willem Toorop a2efd8f6c1 Report peer certificate in call_reporting 2017-03-25 19:36:20 +01:00
Willem Toorop 5d12545391 Bugfix in handling UDP backing off 2017-03-22 10:52:55 +01:00
Willem Toorop fe446a0d66 Minor fixes 2017-03-20 23:17:44 +01:00
wtoorop 52e3d2e1b0 Merge pull request #265 from saradickinson/feature/new_settings 
Feature/new settings
 2017-03-20 22:25:52 +01:00
Willem Toorop 0891e16147 Pend netreqs when out of filedescriptors 2017-03-20 15:20:17 +01:00
Sara Dickinson 6f7bad5d73 Add new configuration parameters for TLS back off time and connection retries 2017-03-17 17:26:18 +00:00
Sara Dickinson dd76132a92 Implement round robin for UDP. Not sure this is the best option though. Noticed it results in more timeouts if one resolver isn't responding because it is retried more frequently. Willem - please review. 2017-03-17 17:16:14 +00:00
Sara Dickinson 1d4e3dd790 Update the name of the new option to 'round_robin_upstreams' 2017-03-17 16:53:03 +00:00
Sara Dickinson 6734a00d59 Improve the logging 2017-03-17 11:25:47 +00:00
Sara Dickinson f0f3c43552 - Add a new mode where for TLS (and infact TCP too) the upstream selection simply cycles over all the upstreams rather than treating them as an ordered list and always using the first open one. 
- Make IP field in debug output fixed width
- Collect all the one line config options at the top of the stubby.conf file to make it easier to read
 2017-03-16 14:51:46 +00:00
Willem Toorop 14c9f3aafc Track netreqs "in flight" 2017-03-14 17:17:56 +01:00
Willem Toorop 639239f45c Schedule dnsreqs with absolute timeout/expiry time 2017-03-13 14:20:47 +01:00
Willem Toorop bbd2fb8cf0 Although safe, a bit scary 2017-02-27 14:30:44 -08:00
Sara Dickinson ebdf657fd7 Change pins for IPv6 addresses for Sinodun privacy servers! 
Improve logging of auth failure
 2017-02-23 16:48:16 +00:00
Sara Dickinson ff4ecd5b39 Couple of extra output messages so Stubby users in strict mode know why the authentication failed 2017-02-23 15:38:45 +00:00
Sara Dickinson 1b7aef5a88 Add a new GETDNS_RETURN code for the case where no upstream is considered valid and hence a query cannot even be scheduled. Only applies when using purely stateful transports. This can happen when using Stubby if there are problems with connections to upstreams. 2017-02-23 14:49:17 +00:00
Willem Toorop ba7dfbeec0 Misplaced event clear in stub.c 2017-02-18 15:56:06 +01:00
Willem Toorop 74b1f77357 Cancel get validation chain getdns_dns_reqs 
And miscellaneous little other scheduling fixes and optimizations
 2017-02-18 13:16:25 +01:00
Willem Toorop 7bf953b2bd Merge branch 'huitema-develop' into develop 2017-01-18 12:00:33 +01:00
Christian Huitema f1b8b25afa Implementation of basic MDNS support 2016-12-22 15:51:47 -08:00
Willem Toorop 80219a4195 Merge branch 'bugfix/replace__FUNCTION__' into bugfix/1.1.0-alpha3/replace__FUNCTION__ 2016-12-12 14:20:31 +01:00
Willem Toorop 5f6b93f7f2 Use __func__ var when supported 
And let debugging messages compile with -Wpedantic -Werror too
 2016-12-12 13:55:10 +01:00
Sara Dickinson 83a0b944b5 Fix another stupid error.... 2016-12-11 17:10:44 +00:00
Sara Dickinson cfc7d18c85 Ug. Fix stupid mistake with string array. 2016-12-11 16:57:52 +00:00
Sara Dickinson ef12b0e764 Fix some compiler warnings on OS X 2016-12-09 17:15:28 +00:00
Sara Dickinson 7b58dc25a6 - Fix bug where a self signed cert + only a pinset would not authenticate 
- Add OARC servers with pinset only to stubby.conf
- Move Authentication strings to types_internal for use in call_debugging
- Add connection counts to call_debugging
-
 2016-12-09 17:03:41 +00:00
Willem Toorop 37cced78fc Merge branch 'develop' into release/1.1.0-alpha3 2016-12-09 13:27:55 +01:00
Willem Toorop 5cc67ff554 Merge branch 'develop' into merge-develops 2016-12-09 12:05:42 +01:00
Willem Toorop 6e9b1b5f53 One more unused when no TCP_FASTOPEN 2016-12-08 23:25:53 +01:00
Willem Toorop f31b2fa233 Merge branch 'develop' into release/1.1.0-alpha3 2016-12-08 15:06:25 +01:00
Willem Toorop 473da8966b Library fixed for CFLAGS=-Wextra 2016-12-08 14:05:58 +01:00
Christian Huitema 50b064a292 Fixing potential clipping of idle_timeout value in call to upstream_reschedule_events 2016-12-07 15:40:24 -08:00
Sara Dickinson 691d32cf80 Improve README entry on stubby. Add a link to dnsprivacy.org (Willem - is this set up yet?) 
Add sample Strict config file into the source with a pointer from the README. Not sure about installing this yet as opportunistic seems a better default...?
 2016-12-06 15:59:40 +00:00
Sara Dickinson 471e8725e2 Change the default profile for Stubby to use TLS then UDP/TCP 
- this will only try over TLS a few times before backing off to clear text
  - but makes the default  for Stubby opportunistic privacy (Willem - WDYT?)
Also use padding and ECS privacy by default for Stubby.
More debugging to help users when there are failures or fallbacks.
Also remove a few help options from Stubby that don't apply
Add -v to output version on getdns_query/stubby
 2016-12-06 14:44:40 +00:00