interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,929 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

500 Commits

Author SHA1 Message Date
Willem Toorop 8235250fb6 Rename SYSTEM_DAEMON in LOG_UPSTREAM_STATS 2017-06-28 20:57:53 +02:00
Willem Toorop fb267938c3 Start with fetching root-anchors remotely 
Also lays the foundation for looking up upstreams by name and DANE authentication of upstreams.
 2017-06-28 20:35:30 +02:00
Sara Dickinson 55acf6662c Fix for outputting the address string in the DAEMON log 2017-06-28 17:58:38 +01:00
Willem Toorop 04e554086a A configurable log function 
Currently used only for DAEMON_DEBUG
 2017-06-27 00:23:22 +02:00
Willem Toorop 7ea3beaa6a Equip context with xml read trust anchors 2017-06-22 12:27:20 +02:00
Willem Toorop e496d13777 Start with getting files from user area 2017-06-20 15:38:32 +02:00
Willem Toorop b0af051809 Initialize in correct order 2017-06-20 12:20:11 +02:00
Willem Toorop 67d787d74a Merge branch 'develop' into hackathon/zeroconf-dnssec 2017-05-12 15:39:02 +02:00
Willem Toorop d5dcdac58c Validate tls_auth_name 
Deals with issue #270
 2017-04-13 11:19:22 +02:00
Hoda Rohani 6c4af3af93 unintiallized array 2017-04-13 09:44:08 +02:00
Willem Toorop 0da79ae77a Fix to compile with libressl. Thanks phicoh. 2017-04-12 23:05:17 +02:00
Willem Toorop c9b3e3cf7b Allow cleanup of naked idle timeouts 2017-04-06 20:50:34 +02:00
Willem Toorop 2d011e3d19 Merge branch 'features/unset_max_udp_payload_sz' into release/1.1.0 2017-04-06 19:40:35 +02:00
Willem Toorop e08d3592a0 Schedule timeout when collecting for dnssec chain 2017-04-06 11:20:08 +02:00
Willem Toorop f8c7d8b5d5 Network request submission and callback reporting 2017-04-05 22:43:27 +02:00
Willem Toorop 67baa1d651 getdns_context_unset_edns_maximum_udp_payload_size 2017-04-05 12:37:48 +02:00
Willem Toorop edecca8b63 smime verification of root-anchors.xml in ~/.getdns 2017-03-27 09:21:29 -05:00
Daniel Kahn Gillmor 9de4d6537b Implement sensible default padding policy. 
This commit changes the semantics of tls_query_padding_blocksize()
slightly.  Where previously both 0 and 1 meant "no padding", this
commit changes 1 to mean "pad using a sensible policy".

At NDSS 2017's DNS privacy workshop, I presented an empirical study of
DNS padding policies:

https://www.internetsociety.org/events/ndss-symposium/ndss-symposium-2017/dns-privacy-workshop-2017-programme#session3

The slide deck is here:
https://dns.cmrg.net/ndss2017-dprive-empirical-DNS-traffic-size.pdf

The resulting recommendation from the research is that a simple
padding policy is relatively cheap and still protective of metadata
when DNS traffic is encrypted:

 * queries should be padded to a multiple of 128 octets
 * responses should be padded to a multiple of 468 octets

Since getdns is only currently doing queries over tls, we only have to
implement the first part of this policy :)
 2017-03-26 14:37:28 -05:00
Willem Toorop 6316c558bc typo 2017-03-25 21:45:08 +01:00
Willem Toorop 15b451d71b Recommit parts of "Minor fixes in MDNS code to make sure it does work after the recent loop tightening." 2017-03-23 13:09:34 +01:00
Willem Toorop b2ac3849b7 Fxies for two NetBSD compiler warnings 
ubkey-pinning.c -o pubkey-pinning.lo
./pubkey-pinning.c: In function '_getdns_verify_pinset_match':
./pubkey-pinning.c:385: warning: 'prev' may be used uninitialized in this function
IX_C_SOURCE=200112L -D_XOPEN_SOURCE=600 -c ./context.c -o context.lo
./context.c: In function '_getdns_upstream_shutdown':
./context.c:760: warning: comparison between signed and unsigned
 2017-03-22 13:50:11 +01:00
Willem Toorop 5d12545391 Bugfix in handling UDP backing off 2017-03-22 10:52:55 +01:00
wtoorop 52e3d2e1b0 Merge pull request #265 from saradickinson/feature/new_settings 
Feature/new settings
 2017-03-20 22:25:52 +01:00
Willem Toorop ed0d4d044c Merge remote-tracking branch 'upstream/develop' into features/mdns-client 2017-03-20 16:42:24 +01:00
Sara Dickinson 68eadedc10 Fix rogue bracket 2017-03-17 17:35:47 +00:00
Sara Dickinson 6f7bad5d73 Add new configuration parameters for TLS back off time and connection retries 2017-03-17 17:26:18 +00:00
Sara Dickinson 1d4e3dd790 Update the name of the new option to 'round_robin_upstreams' 2017-03-17 16:53:03 +00:00
Sara Dickinson f0f3c43552 - Add a new mode where for TLS (and infact TCP too) the upstream selection simply cycles over all the upstreams rather than treating them as an ordered list and always using the first open one. 
- Make IP field in debug output fixed width
- Collect all the one line config options at the top of the stubby.conf file to make it easier to read
 2017-03-16 14:51:46 +00:00
Willem Toorop 5ea181172a Reschedule pending netreqs 2017-03-15 15:16:42 +01:00
Willem Toorop 14c9f3aafc Track netreqs "in flight" 2017-03-14 17:17:56 +01:00
Willem Toorop f1968d1e2c Merge branch 'devel/ub-symbol-mapping' into features/mdns-client 2017-03-09 13:09:56 +01:00
Willem Toorop 5b5123a79d HAVE_PTHREAD instead of HAVE_PTHREADS like unbound 2017-03-09 11:46:15 +01:00
Willem Toorop de1ab4c8a4 Merge branch 'develop' into huitema-develop 2017-03-06 16:07:12 +01:00
Willem Toorop 8fccd66813 cancel_outstanding_requests by transaction_id 
to prevent double frees as side effect of getdns_dns_req being canceled by user callbacks.
 2017-02-19 09:39:10 +01:00
Willem Toorop 74b1f77357 Cancel get validation chain getdns_dns_reqs 
And miscellaneous little other scheduling fixes and optimizations
 2017-02-18 13:16:25 +01:00
Willem Toorop 7e9956b19e Call cancel callbacks only when callback exists 2017-02-17 23:39:35 +01:00
Willem Toorop 6ed3d77523 Cancel child validation chain dns_reqs on ... 
parent dns_req cancelation.
 2017-02-17 23:35:50 +01:00
Willem Toorop 91dd991348 Cancel requests without callback 2017-02-16 22:55:15 +01:00
wtoorop 17a5a5db92 Merge pull request #258 from wtoorop/devel/_vfixed_gbuffers 
A special bit for the snprintf style modus operandi of fixed gldns gbuffer's
 2017-02-16 10:51:20 +01:00
Willem Toorop 445470d831 Rename a gldns function 2017-02-16 10:32:17 +01:00
Willem Toorop 7484b8c37b Initialize default eventloop with custom mem funcs 2017-02-15 10:22:41 +01:00
Willem Toorop 2b9987014d Special _vfixed gbuffer property 
For snprintf style buffers which position can go beyond capacity
 2017-02-08 13:51:25 +01:00
Christian Huitema 93d6f2b18f Intermediate commit, after definition of the MDNS context 2017-02-06 18:23:35 -10:00
Christian Huitema 4c71d6239f Fixing potential bug for comparision function net_req_query_id_cmp on 64 bits architectures. 2017-01-21 14:49:58 -08:00
Christian Huitema 4ccfa2a781 Preparing fix for 64 bit warning in net_req_query_id_cmp 2017-01-21 14:46:38 -08:00
Christian Huitema 83ec9b74e9 Merge branch 'develop' of https://github.com/huitema/getdns into develop 
Conflicts:
	src/jsmn
 2017-01-20 19:57:11 -08:00
Christian Huitema abd0244aba Fixing a potential bug in the RB tree for netreq_by_id 2017-01-20 19:33:12 -08:00
Willem Toorop 7bf953b2bd Merge branch 'huitema-develop' into develop 2017-01-18 12:00:33 +01:00
Willem Toorop 9c9c52aacc Merge branch 'develop' into release/1.1.0-alpha3 2017-01-13 22:08:59 +01:00
Christian Huitema 99fb7100ea Placing all MDNS code under ifdef HAVE MDNS SUPPORT to minimize risk in main branch. 2016-12-22 20:30:14 -08:00
Christian Huitema f1b8b25afa Implementation of basic MDNS support 2016-12-22 15:51:47 -08:00
wtoorop d3b7a30651 Merge pull request #218 from neilcook/openssl_init 
call SSL_library_init() just once and lock with mutexes
 2016-12-15 08:29:58 +01:00
Willem Toorop 80219a4195 Merge branch 'bugfix/replace__FUNCTION__' into bugfix/1.1.0-alpha3/replace__FUNCTION__ 2016-12-12 14:20:31 +01:00
Willem Toorop 5f6b93f7f2 Use __func__ var when supported 
And let debugging messages compile with -Wpedantic -Werror too
 2016-12-12 13:55:10 +01:00
Sara Dickinson cfc7d18c85 Ug. Fix stupid mistake with string array. 2016-12-11 16:57:52 +00:00
Sara Dickinson 7b58dc25a6 - Fix bug where a self signed cert + only a pinset would not authenticate 
- Add OARC servers with pinset only to stubby.conf
- Move Authentication strings to types_internal for use in call_debugging
- Add connection counts to call_debugging
-
 2016-12-09 17:03:41 +00:00
Willem Toorop 37cced78fc Merge branch 'develop' into release/1.1.0-alpha3 2016-12-09 13:27:55 +01:00
Willem Toorop 4345905a81 Address things that came out of VS static analysis 
Except for the stack usage cases
 2016-12-09 12:57:47 +01:00
Willem Toorop 3428412629 Some more minor merge fixes 2016-12-09 12:13:36 +01:00
Willem Toorop 5cc67ff554 Merge branch 'develop' into merge-develops 2016-12-09 12:05:42 +01:00
Willem Toorop 26db6202a5 -Werror fixes for clang 2016-12-08 23:15:56 +01:00
Willem Toorop 8de9976a2b Some more unused variables in stub only mode 2016-12-08 22:56:02 +01:00
Christian Huitema 26eaf255c5 Fixing the bulk of the compilation warnings in the GetDNS code 2016-12-08 12:37:35 -08:00
Willem Toorop f31b2fa233 Merge branch 'develop' into release/1.1.0-alpha3 2016-12-08 15:06:25 +01:00
Willem Toorop 473da8966b Library fixed for CFLAGS=-Wextra 2016-12-08 14:05:58 +01:00
Sara Dickinson 471e8725e2 Change the default profile for Stubby to use TLS then UDP/TCP 
- this will only try over TLS a few times before backing off to clear text
  - but makes the default  for Stubby opportunistic privacy (Willem - WDYT?)
Also use padding and ECS privacy by default for Stubby.
More debugging to help users when there are failures or fallbacks.
Also remove a few help options from Stubby that don't apply
Add -v to output version on getdns_query/stubby
 2016-12-06 14:44:40 +00:00
Sara Dickinson 576e38977f More logging changes to stubby to correctly report profile, transport and stats for TCP and UDP when used as fallbacks. 
Reporting UDP stats every 100 responses or timeouts to give user some indication UDP is being used.
 2016-12-05 18:05:04 +00:00
Christian Huitema 0d13ae6d72 Fixing several issues in function set_os_defaults_windows that prevent working on Windows. 2016-12-04 17:26:38 -08:00
Sara Dickinson 1ba2e5bf4d Add stubby to readme. 
Add transport to stubby log.
 2016-11-20 11:19:08 +00:00
Sara Dickinson b0e5f87984 Minor logging updates 2016-11-13 13:14:03 +09:00
Neil Cook b857e3d7f1 call SSL_library_init() just once and lock with mutexes 2016-11-08 11:51:27 +00:00
Willem Toorop 4bf93de12b More conventional function prototypes for servers 2016-11-02 13:40:02 +01:00
Willem Toorop c0f20a9023 Merge branch 'develop' into release/1.1.0-alpha3 2016-10-31 11:12:26 +01:00
Willem Toorop bb3d741f7a OpenSSL 1.1 support 2016-10-31 10:24:07 +01:00
Willem Toorop 4ea4f68467 Get_suffix, no '\0' in returned strings 
Resolves issue #203
 2016-10-26 15:29:07 +02:00
Sara Dickinson a0ae9130cc Fix issue with session re-use making authentication appear to fail 2016-10-21 14:18:24 +01:00
Willem Toorop 47e718eeb8 OpenSSL 1.1 support 2016-10-13 23:04:50 +02:00
Sara Dickinson f156f2f24a Had to change some preprocessor checks to get all the options to compile 2016-08-08 17:07:46 +01:00
Sara Dickinson fdbefa17ec Add timer for back off on upstream (use 1 hr). Reset as new upstream when re-instated. 2016-08-05 17:25:27 +01:00
Sara Dickinson a1461d51ec Add abbreviated logging mode for daemon 2016-08-05 14:10:55 +01:00
Sara Dickinson 0432fe37c4 Tinker with upstream keepalive 2016-08-04 16:10:23 +01:00
Willem Toorop 94292f5bc7 Merge branch 'release/v1.0.0b2' into release/v1.1.0a1 2016-07-14 16:22:53 +02:00
Willem Toorop 255cc9ab36 First bit of set_from_os loads OS defaults 2016-07-14 15:42:49 +02:00
Willem Toorop ebba1d4cce Merge branch 'release/v1.0.0b2' into release/v1.1.0a1 2016-07-14 14:45:16 +02:00
Willem Toorop af70671641 parentheses around comparison in operand of ‘&’ 2016-07-14 13:46:12 +02:00
wtoorop 79f92cedd2 Merge pull request #197 from saradickinson/feature/upstream_handling 
Feature/upstream handling
 2016-07-14 10:58:32 +02:00
Sara Dickinson 6c73144b50 Minor logging updates 2016-07-13 17:39:26 +01:00
Willem Toorop 31f1375b8e Merge branch 'release/v1.0.0b2' into release/v1.1.0a1 2016-07-13 15:30:28 +02:00
Willem Toorop 9f7ceeded3 Don't SSL_library_init() on every context create 
It will not be called when the second bit from the set_from_os parameter is set.
This deals with issue #117
 2016-07-13 15:28:08 +02:00
Willem Toorop be97bd1d71 Mv getdns_context_set_listen_addresses in the lib 
Also, check for request_id +
cancel a reply by specifying NULL as response to getdns_reply
 2016-07-13 14:50:44 +02:00
Willem Toorop 69b607176c Move getdns_context_config into the library 2016-07-11 20:42:50 +02:00
Willem Toorop d0f01b6bc4 Default values for extensions in context 2016-07-07 14:47:38 +02:00
Sara Dickinson 5e1575dabc Correct the logic for upstream back off 2016-07-04 17:02:18 +01:00
Sara Dickinson 8fa84c836a Initial re-work of stateful transport selection and timeout/error handling. Also update transport test to avoid timeout. 2016-07-04 17:02:14 +01:00
Willem Toorop 2873645068 get current (pluggable) eventloop from context 
So applications can schedule events against it...
 2016-06-17 16:50:47 +02:00
Willem Toorop e25e697970 Merge remote-tracking branch 'upstream/develop' into features/create_dict_with_json 2016-05-25 15:12:48 +02:00
Willem Toorop 5b832e457c Allow dns_root_servers to be given by bindata too 2016-05-23 15:53:36 +02:00
Willem Toorop 14a950bc29 getdns_query -C for settings via config file 2016-05-22 15:35:32 +02:00
Sara Dickinson 84d6da8ef6 Fix ups after Willems review 2016-05-20 16:01:23 +01:00
Willem Toorop e8db20a722 Merge branch 'develop' into features/create_dict_with_json 2016-05-20 15:04:08 +02:00
Sara Dickinson 98d636b99d Updates to unit tests and tpkg 2016-05-16 17:56:48 +01:00
Sara Dickinson 5f225d6be3 Add TLS session resumption 2016-05-16 17:41:55 +01:00
Willem Toorop 5085af0d28 Abit more leniency in what to accept for upstreams 
address_type no longer necessary
instead of address dicts, just bindata is now also ok
 2016-05-03 14:52:30 +02:00
Willem Toorop a8dbb3dd51 Static checking fixes 2016-04-29 12:00:17 +02:00
Willem Toorop c53b15bd9a target-fetch-policy only with unbound-event-api 2016-03-31 07:49:40 -03:00
Willem Toorop c9fab8c242 target-fetch-policy for more resilient recursion 2016-03-30 10:56:46 -03:00
wtoorop 4e0073ae6f Merge pull request #157 from gmadkat/develop 
Added code to read the domain from the registry and use it if search …
 2016-03-29 16:13:04 +02:00
gmadkat af7f384cf3 Added code to read the domain from the registry and use it if search suffixes are missing 2016-03-27 22:37:54 -07:00
Melinda Shore 1f45bf7e43 Merge pull request #154 from wtoorop/devel/no-sync-side-effects 
No more side effects with synchronous calls
 2016-03-24 10:53:05 -08:00
Melinda Shore 4b033c766b Merge pull request #156 from wtoorop/devel/std-suffix-handling 
Devel/std suffix handling
 2016-03-24 10:52:36 -08:00
Willem Toorop fdd3992f65 openssl 1.1 support 2016-03-24 14:02:18 +01:00
Willem Toorop e7c77290cc GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST 2016-03-23 23:27:27 +01:00
Willem Toorop b0ecda5d2e No more side effects with synchronous calls 
(and upstreams that keep connections open)
 2016-03-23 22:13:31 +01:00
Willem Toorop e934c100a2 Merge branch 'develop' into devel/codebase-maintenance 2016-03-22 13:22:13 +01:00
gmadkat 5d2a05f5e0 Added search suffix for Windows from registry 2016-03-21 21:10:57 -07:00
Willem Toorop 90beaaff1d Use non-copying list_append_this_dict 2016-03-21 14:56:09 +01:00
Willem Toorop 4551f0850b Use non-copying dict_set_list 2016-03-21 12:50:43 +01:00
Willem Toorop 6f157854ce Use non-copying dict_set_dict 2016-03-21 11:55:21 +01:00
Sara Dickinson c1f15fc0ac Minor tweaks 2016-03-18 12:02:40 +00:00
Sara Dickinson c08371ebb0 First pass at updating DEBUG_STUB output 2016-03-18 11:34:51 +00:00
Willem Toorop ab742b34b6 Miscelaneous scheduling fixes and improvements 2016-03-17 16:49:05 +01:00
Melinda Shore cf451d2b2b Merge pull request #146 from wtoorop/devel/direct_root_servers 
Devel/direct root servers
 2016-03-14 20:06:07 -08:00
Melinda Shore 4b5c61145a Merge pull request #144 from wtoorop/devel/default_eventloop 
Devel/default eventloop
 2016-03-14 20:02:57 -08:00
Willem Toorop d938c433ab Set root servers without temporary file 2016-03-14 11:33:06 +01:00
Willem Toorop a83c54387d Reuse sync eventloop per context 
So recursive resolution can depend on and continue with outstanding queries it depends on
 2016-03-09 11:16:19 +01:00
Willem Toorop 70cc65f786 Replace default append_name setting 
to GETDNS_APPEND_NAME_ONLY_TO_SINGLE_LABEL_AFTER_FAILURE
 2016-03-09 10:37:05 +01:00
Willem Toorop 4230961e9f Basic usage of unbound pluggable event loop 2016-03-01 16:29:37 +01:00
Willem Toorop 6fd05675aa Fix memory leak with getdns_get_api_information() 
Thanks Robert Groenenberg.
 2016-02-26 12:24:45 +01:00
Willem Toorop e6f5cdb45b Merge branch 'develop' into devel/default_eventloop 2016-02-04 15:17:25 +01:00
wtoorop 60be402062 Merge pull request #139 from ln5/parsing-resolvconf 
Don't treat "domain" or "search" as a nameserver.
Thank you Linus
 2016-02-04 10:06:40 +01:00
Linus Nordberg 466302131e Don't treat "domain" or "search" as a nameserver. 
Continue the while fgets() loop as soon as we're done with "domain" or
"search".

Simplify the logic of the function by removing the if else constructs.
 2016-02-03 14:57:09 +01:00
unknown db4207f60d More review changes and made comments C style, req Willem. 2016-02-01 11:02:24 -05:00
unknown 170795ad06 More review changes and made comments C style, req Willem. 2016-02-01 10:56:45 -05:00
unknown f5290b6a68 add change from Sara to return if a cert conversion or add to store fails 2016-01-31 00:13:09 -05:00
unknown 504881fc6f Minor fixes to compile and run the CA trust store adapter from Windows to openopenSSL 2016-01-27 16:30:50 -05:00
Sara Dickinson 111794158c Improve Windows CA handling code 2016-01-27 12:50:16 +00:00
unknown 7e9563faed Added a wincrypt adapter to read CA trust certs from Windows CA store and feed them into openssl for TLS hostname authentication 2016-01-23 18:47:03 -05:00
Willem Toorop ca36c879a0 Set unbound target fetch policy to on demand only 2016-01-20 10:21:05 +01:00
Willem Toorop ae2b16665b Setup getdns eventloop in libunbound 
When unbound supports this
 2016-01-19 16:52:11 +01:00
Willem Toorop 2a6318afd2 Disable scheduling ub_fd() 2016-01-12 16:38:10 +01:00
Willem Toorop 4fd8d3dddd Replace mini_event extension by default_eventloop 
* default_eventloop was prototyped in getdns_query and is still in there as my_eventloop
  * It interfaces directly with the scheduling primitives of getdns.
  * It can operate entirely from stack and does not have to do
    any memory allocations or deallocations.

* Adapted configure.ac to allow libunbound to be linked with Windows
  (with the removal of winsock_event.c we have no symbol clashed anymore)

* Added STUB_TCP_WOULDBLOCK return code in stub_resolving helper functions,
  to anticipate dealing with edge triggered event loops (versus level triggered). (i.e. Windows)
 2016-01-12 15:52:14 +01:00
Willem Toorop 39f7e87f1a Get rid of unkown format specifiers on windows 2016-01-11 12:11:17 +01:00
Willem Toorop 16a82eede2 Deal with roadblock avoid. + stub-only at run time 
And make the single usage function validate_extension static
 2016-01-05 12:38:35 +01:00
Sara Dickinson 1f9424ccf2 Fix output of get_api_settings functions 2016-01-05 09:25:49 +00:00
Willem Toorop 08c0c4d6e4 Fixes from testing on different platforms 2015-12-30 14:39:11 +01:00
Willem Toorop 8c46e969d6 Notify for not implemented namespaces and ... 
follow_redirects.
 2015-12-30 13:55:45 +01:00
Willem Toorop 11b0346ded Miscelaneous TSIG bugfixes 2015-12-30 12:25:58 +01:00
Willem Toorop 875ef3f9d4 Successive suffix append retries 2015-12-29 23:06:02 +01:00
Willem Toorop 89b6c04d4f First query append 2015-12-29 17:34:14 +01:00
Willem Toorop 54498cd556 Distinct between suffix and suffixes more clearly 2015-12-29 16:23:04 +01:00