interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,687 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

291 Commits

Author SHA1 Message Date
Willem Toorop 7af885396f Merge branch 'release/1.4.0' into release/1.4.0-merge-PR-377 2018-02-08 11:46:28 +01:00
Willem Toorop 87fec7f9b4 Merge branch 'feature/monitor-tool' into release/1.4.0 2018-02-07 17:11:28 +01:00
Willem Toorop a72359e058 Comply to new style transport logging 2018-02-07 17:08:55 +01:00
Willem Toorop 7d4ccabc7f Merge branch 'bugfix/opportunistic_fallabck' into release/1.4.0-merge-PR-377 2018-02-07 17:00:25 +01:00
Willem Toorop 0eba73a945 LibreSSL like OpenSSL < 1.0.2 2018-02-07 16:42:11 +01:00
Willem Toorop c28a293c9f "Pinset validation failure" error when it occurred 2018-02-07 14:38:31 +01:00
Willem Toorop 9c5a93bbdf Merge branch 'develop' into devel/spki_pinset_via_tlsa_checking 2018-02-07 14:12:24 +01:00
Willem Toorop 2e03d3799c Memory leak on some TLS creation error cases 2018-01-30 12:23:23 +01:00
Sara Dickinson 7e3439efbc Improve handling of opportunistic back-off. If other transports are working, don’t forcibly promote failed upstreams just wait for the re-try timer. 
Clean up logs.
 2018-01-24 13:13:14 +00:00
Jim Hague 0291e205fd Add TLS 1.3 test. 
Add a new item tls_version to call_reporting, containing the OpenSSL version string for the name of the protocol used for the connection.

The test does a normal lookup, but first sets the cipher list to TLS1.3 only ciphers. This will cause a Bad Context error at search time, so we can tell if the underlying OpenSSL library lacks TLS 1.3. The check the call reporting for a TLS version of "TLSv1.3".
 2018-01-19 15:56:40 +00:00
Jim Hague 3666d994a7 Add 'keepalive' test and supporting changes to getdns library. 
Checking for server support for keepalive means we need to know if the server did send a keepalive option to the client. This information is not currently exposed in getdns, so add a flag 'server_keepalive_received' to call_reporting. This is 0 if not received, 1 if received. If received, the actual timeout is in 'idle timeout in ms', though watch out for the overflow alternative.
 2018-01-17 15:17:20 +00:00
Willem Toorop 712617e568 Dead assignment (without stub debugging) 2018-01-10 13:54:18 +01:00
Willem Toorop 7c5bdd5431 Use danessl submodule when OpenSSL version between 1.0.0 and 1.1.0 2018-01-10 12:47:14 +01:00
Willem Toorop 2471f43dea Less logging with successful authenticated upstreams 2018-01-04 16:15:50 +01:00
Willem Toorop 540735a956 Check pins with DANE functions when available 2018-01-04 15:58:09 +01:00
Willem Toorop ae38a29a50 Upstream specific tls_cipher_list's 2017-12-21 12:30:15 +01:00
Willem Toorop 6afb02b2f1 Bugfix #359: edns_client_subnet_private should set family 
Thanks Daniel Areiza
 2017-11-23 13:20:42 +01:00
Willem Toorop 439f41149b Last rename + explicit EMFILE check replacement 2017-11-03 16:42:38 +01:00
Willem Toorop 4508ec77fb Few more renames 2017-11-03 16:26:19 +01:00
Willem Toorop 3b7b83e309 Review comments from Jim 2017-11-03 15:41:31 +01:00
Willem Toorop a8fac29a66 Handle more harmless I/O error cases + 
- never exit on I/O errors
- never stop listening on I/O errors
- extended platfrom.[ch] with _getdns_strerror()
 2017-11-03 13:50:13 +01:00
Willem Toorop fc073267f1 Dead assignment 2017-10-19 14:14:37 +02:00
Sara Dickinson 8886c5317d Fix 2 bugs: 
- backoff time was not incrementing correctly
- best authentication information state was not being kept for shutdowns during setup (needed if e.g. hostname authentication failed during handshake).
 2017-10-19 10:36:46 +01:00
Willem Toorop eedd1a1448 Eat incoming garbage on statefull transports 
Can deal with timed out queries that are answered anyway.
+ reset the upstream on failure always
  (since requests are rescheduled for fallback by upstream_failed now anyway)
 2017-10-17 16:58:01 +02:00
Willem Toorop dc5a78b154 Printing something which is not on stack 
(causing segfault in some cases)
 2017-10-17 14:19:59 +02:00
Willem Toorop f83c8e217e Decrease assumptions based on network_by_query_id 2017-10-17 13:47:29 +02:00
Willem Toorop ce4c44830d Unused variables 2017-10-16 15:26:00 +02:00
Willem Toorop 968d94d2be atomic netreq removal from write_queue in upstream_write_cb 2017-10-16 14:17:49 +02:00
Jim Hague dc7daede40 Move Windows/Unix functions into new platform.h. 2017-10-06 12:07:15 +01:00
Jim Hague 757becc812 write() on a socket is equivalent to send() with flag value of 0. 2017-10-04 17:32:52 +01:00
Jim Hague a0c313412d Adjust Unix socket/Winsock handling. 
Centralise it into util-internal.h, remove duplicate definitions from mdns, and add new pseudo-functions _getdns_closesocket(), _getdns_poll() and _getdns_socketerror(). Convert error values to simple values and convert error checking to use _getdns_socketerror() and the simple values. The simple values can also be used with the result from getsockopt() with SO_ERROR in stub.c.
 2017-10-04 17:31:33 +01:00
Willem Toorop 712f62a4c1 Things that came out of compiling on Windows 2017-09-21 11:03:38 +02:00
Willem Toorop 8c4ed6294e Merge branch 'develop' into features/zeroconf-dnssec 2017-09-14 12:27:47 +02:00
Sara Dickinson f53e5645d9 Improve the comments about the new backoff handling. 
Remove unnecessary log.
 2017-09-13 10:00:56 +01:00
Sara Dickinson b760a2ced2 Refine the logging levels to match the errors given when backing off, etc. 2017-09-12 15:01:02 +01:00
Sara Dickinson 729af1d159 Allow backed-off upstreams to be re-instated if all our upstreams are unusable (e.g. if the network is down). 
But limit re-tries for a given netreq to the total number of upstreams before failing. This should (roughly) allow 2 retries per upstream of the correct transport before bailing out. Otherwise we are stuck in a loop retrying forever!
 2017-09-12 13:47:56 +01:00
Willem Toorop 8aa46b305d Merge branch 'develop' into features/zeroconf-dnssec 2017-09-11 11:09:58 +02:00
Sara Dickinson 2e4e3873e4 First pass at fixing problems when connections to servers are lost. 
Need to reset connection state if connections fail at setup and on read/write if there are no more messages queued.
This means we will back-off servers that fail, so we should think about using a shorter backoff default in stubby
because otherwise temporarily loss of the network connection will mean having to restart stubby.
Also some minor changes to logging.
 2017-09-06 11:05:08 +01:00
Willem Toorop c6d40d9adc Merge branch 'develop' into features/zeroconf-dnssec 2017-09-04 16:43:37 +02:00
Willem Toorop 5c8765fefe No variable initializations in for loops 2017-09-01 16:23:26 +02:00
Willem Toorop 2ed2871549 Merge branch 'develop' into features/zeroconf-dnssec 2017-08-30 15:09:39 +02:00
Sara Dickinson 33ff6a95ac Fix issue on macOX 10.10 where TCP fast open is detected but not implemented causing TCP to fail. The fix allows fallback to regular TCP in this case and is also more robust for cases where connectx() fails for some reason. 2017-08-18 17:59:49 +01:00
Neil Cook 1555c432f5 Fix array bounds bug in upstream_select 2017-07-31 22:51:24 +01:00
Neil Cook 2d7d6581b4 Ensure netreq->fd is set to -1 after close()/closesocket() 
If netreq->fd is not set to -1, then multiple functions close the
same socket. This causes major issues in multithread code where the
socket must not be closed multiple times as it may be owned by a
different thread.
 2017-07-31 22:48:09 +01:00
Willem Toorop 3e6c5775ff Fetch and equip context with trust-anchors 2017-06-30 10:18:07 +02:00
Willem Toorop 264135e799 Reintroduct timestamps and replace GETDNS_DAEMON: with STUBBY: 2017-06-28 21:09:40 +02:00
Willem Toorop 8235250fb6 Rename SYSTEM_DAEMON in LOG_UPSTREAM_STATS 2017-06-28 20:57:53 +02:00
Willem Toorop 04e554086a A configurable log function 
Currently used only for DAEMON_DEBUG
 2017-06-27 00:23:22 +02:00
Willem Toorop 9a273cf144 Get rid of superfluous struct member query_id 2017-06-15 21:24:40 +02:00
Willem Toorop 1d87437854 ERROR all outstanding netreqs whith a failed statefull upstream 
Remove the currently processed netreq first, so it can be retries with another upstream/transport.
We MUST add netreq to the netreqs_by_query_id map even before we write to it, to have a reliable store of taken query ids.
 2017-06-15 21:15:00 +02:00