interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,535 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

273 Commits

Author SHA1 Message Date
Sara Dickinson 6f7bad5d73 Add new configuration parameters for TLS back off time and connection retries 2017-03-17 17:26:18 +00:00
Sara Dickinson dd76132a92 Implement round robin for UDP. Not sure this is the best option though. Noticed it results in more timeouts if one resolver isn't responding because it is retried more frequently. Willem - please review. 2017-03-17 17:16:14 +00:00
Sara Dickinson 1d4e3dd790 Update the name of the new option to 'round_robin_upstreams' 2017-03-17 16:53:03 +00:00
Sara Dickinson 6734a00d59 Improve the logging 2017-03-17 11:25:47 +00:00
Sara Dickinson f0f3c43552 - Add a new mode where for TLS (and infact TCP too) the upstream selection simply cycles over all the upstreams rather than treating them as an ordered list and always using the first open one. 
- Make IP field in debug output fixed width
- Collect all the one line config options at the top of the stubby.conf file to make it easier to read
 2017-03-16 14:51:46 +00:00
Willem Toorop 14c9f3aafc Track netreqs "in flight" 2017-03-14 17:17:56 +01:00
Willem Toorop 639239f45c Schedule dnsreqs with absolute timeout/expiry time 2017-03-13 14:20:47 +01:00
Willem Toorop bbd2fb8cf0 Although safe, a bit scary 2017-02-27 14:30:44 -08:00
Sara Dickinson ebdf657fd7 Change pins for IPv6 addresses for Sinodun privacy servers! 
Improve logging of auth failure
 2017-02-23 16:48:16 +00:00
Sara Dickinson ff4ecd5b39 Couple of extra output messages so Stubby users in strict mode know why the authentication failed 2017-02-23 15:38:45 +00:00
Sara Dickinson 1b7aef5a88 Add a new GETDNS_RETURN code for the case where no upstream is considered valid and hence a query cannot even be scheduled. Only applies when using purely stateful transports. This can happen when using Stubby if there are problems with connections to upstreams. 2017-02-23 14:49:17 +00:00
Willem Toorop ba7dfbeec0 Misplaced event clear in stub.c 2017-02-18 15:56:06 +01:00
Willem Toorop 74b1f77357 Cancel get validation chain getdns_dns_reqs 
And miscellaneous little other scheduling fixes and optimizations
 2017-02-18 13:16:25 +01:00
Willem Toorop 7bf953b2bd Merge branch 'huitema-develop' into develop 2017-01-18 12:00:33 +01:00
Christian Huitema f1b8b25afa Implementation of basic MDNS support 2016-12-22 15:51:47 -08:00
Willem Toorop 80219a4195 Merge branch 'bugfix/replace__FUNCTION__' into bugfix/1.1.0-alpha3/replace__FUNCTION__ 2016-12-12 14:20:31 +01:00
Willem Toorop 5f6b93f7f2 Use __func__ var when supported 
And let debugging messages compile with -Wpedantic -Werror too
 2016-12-12 13:55:10 +01:00
Sara Dickinson 83a0b944b5 Fix another stupid error.... 2016-12-11 17:10:44 +00:00
Sara Dickinson cfc7d18c85 Ug. Fix stupid mistake with string array. 2016-12-11 16:57:52 +00:00
Sara Dickinson ef12b0e764 Fix some compiler warnings on OS X 2016-12-09 17:15:28 +00:00
Sara Dickinson 7b58dc25a6 - Fix bug where a self signed cert + only a pinset would not authenticate 
- Add OARC servers with pinset only to stubby.conf
- Move Authentication strings to types_internal for use in call_debugging
- Add connection counts to call_debugging
-
 2016-12-09 17:03:41 +00:00
Willem Toorop 37cced78fc Merge branch 'develop' into release/1.1.0-alpha3 2016-12-09 13:27:55 +01:00
Willem Toorop 5cc67ff554 Merge branch 'develop' into merge-develops 2016-12-09 12:05:42 +01:00
Willem Toorop 6e9b1b5f53 One more unused when no TCP_FASTOPEN 2016-12-08 23:25:53 +01:00
Willem Toorop f31b2fa233 Merge branch 'develop' into release/1.1.0-alpha3 2016-12-08 15:06:25 +01:00
Willem Toorop 473da8966b Library fixed for CFLAGS=-Wextra 2016-12-08 14:05:58 +01:00
Christian Huitema 50b064a292 Fixing potential clipping of idle_timeout value in call to upstream_reschedule_events 2016-12-07 15:40:24 -08:00
Sara Dickinson 691d32cf80 Improve README entry on stubby. Add a link to dnsprivacy.org (Willem - is this set up yet?) 
Add sample Strict config file into the source with a pointer from the README. Not sure about installing this yet as opportunistic seems a better default...?
 2016-12-06 15:59:40 +00:00
Sara Dickinson 471e8725e2 Change the default profile for Stubby to use TLS then UDP/TCP 
- this will only try over TLS a few times before backing off to clear text
  - but makes the default  for Stubby opportunistic privacy (Willem - WDYT?)
Also use padding and ECS privacy by default for Stubby.
More debugging to help users when there are failures or fallbacks.
Also remove a few help options from Stubby that don't apply
Add -v to output version on getdns_query/stubby
 2016-12-06 14:44:40 +00:00
Christian Huitema dee33f53b6 Reminder of changes required by the Windows port. This solves the issues 228, 229, 230 and 232. 2016-12-05 11:38:59 -08:00
Sara Dickinson 576e38977f More logging changes to stubby to correctly report profile, transport and stats for TCP and UDP when used as fallbacks. 
Reporting UDP stats every 100 responses or timeouts to give user some indication UDP is being used.
 2016-12-05 18:05:04 +00:00
Sara Dickinson b0e5f87984 Minor logging updates 2016-11-13 13:14:03 +09:00
Sara Dickinson 1593129b85 Fix mishandling of auth state for name mismatch 2016-11-09 16:41:40 +00:00
Sara Dickinson a0ae9130cc Fix issue with session re-use making authentication appear to fail 2016-10-21 14:18:24 +01:00
Sara Dickinson f156f2f24a Had to change some preprocessor checks to get all the options to compile 2016-08-08 17:07:46 +01:00
Sara Dickinson 6f9bfffe9f Catch another error path for failed connections 2016-08-08 16:12:33 +01:00
Sara Dickinson fdbefa17ec Add timer for back off on upstream (use 1 hr). Reset as new upstream when re-instated. 2016-08-05 17:25:27 +01:00
Sara Dickinson a1461d51ec Add abbreviated logging mode for daemon 2016-08-05 14:10:55 +01:00
Sara Dickinson 0432fe37c4 Tinker with upstream keepalive 2016-08-04 16:10:23 +01:00
Willem Toorop 470fb7a5fb !0 is not necessarily 1 2016-07-14 11:42:21 +02:00
Willem Toorop fed4818c27 Fix idle_timeout without keepalive for TLS 2016-07-14 11:03:33 +02:00
Sara Dickinson 6c73144b50 Minor logging updates 2016-07-13 17:39:26 +01:00
Sara Dickinson 105d7acfa9 Just re-read RFC7858 and realised that TLS does support idle connections without keepalive. It is just TCP that doesn't. 2016-07-04 17:02:18 +01:00
Sara Dickinson 5e1575dabc Correct the logic for upstream back off 2016-07-04 17:02:18 +01:00
Sara Dickinson 8fa84c836a Initial re-work of stateful transport selection and timeout/error handling. Also update transport test to avoid timeout. 2016-07-04 17:02:14 +01:00
wtoorop a435932b04 Features/call reporting timeout (#1) 
* Timed out and canceled netreqs are finished too

* Minor code duplication elemination

* Blah typo

* Embarrassing logic error
 2016-06-23 14:02:55 +02:00
Robert Groenenberg 60c6c8d8ca Fixed build 2016-06-21 13:19:11 +02:00
Robert Groenenberg 3634fff4dd Return call_reporting info in case of timeout, so that we can see 
which server did not respond.
 2016-06-20 18:39:15 +02:00
Sara Dickinson c0187a19ea Quick fix for TLS timeouts not re-using a connection. Better solution is needed. 
Also minor fixes in getdns_query:
 - spurious semicolon (caused build warning)
 - build warning for initialised variable
 - have getdns_query honour the CLASS in the incoming query
 2016-06-15 17:15:13 +01:00
Willem Toorop 490aac1b48 Merge branch 'develop' into features/getdns_service 2016-06-08 10:21:29 +02:00
Willem Toorop cf675a9284 Add srv_addresses when query was for SRV 
Moved _getdns_rrset iterators to rr-iter.[ch] in the process
 2016-06-07 16:52:10 +02:00
Willem Toorop e01211d6b4 Debug setting that keeps connections open 2016-05-25 15:57:37 +02:00
Sara Dickinson 5f225d6be3 Add TLS session resumption 2016-05-16 17:41:55 +01:00
Willem Toorop 516f211843 Fire idle timeouts immediately with sync requests 2016-04-13 12:06:51 +02:00
Willem Toorop 57954ad41e Small bugfix in checking complete requests async 2016-04-11 15:33:08 +02:00
Willem Toorop da577a463d set upstream loop to the sync loop for sync reqs 
And reset to the async loop when sync request was finished, rescheduling the upstream->event.
Note that finished_event is scheduled against the async loop always.
 2016-04-11 14:49:44 +02:00
Willem Toorop e4b0d08fad Minor bugfix for use with openssl 1.1.0 2016-04-05 13:15:59 -03:00
Willem Toorop b0ecda5d2e No more side effects with synchronous calls 
(and upstreams that keep connections open)
 2016-03-23 22:13:31 +01:00
Willem Toorop e934c100a2 Merge branch 'develop' into devel/codebase-maintenance 2016-03-22 13:22:13 +01:00
Willem Toorop e4e3dde61f Don't breakup the sync vs async schedule 
to accentuate changes.
 2016-03-18 13:30:49 +01:00
Sara Dickinson c1f15fc0ac Minor tweaks 2016-03-18 12:02:40 +00:00
Sara Dickinson c08371ebb0 First pass at updating DEBUG_STUB output 2016-03-18 11:34:51 +00:00
Willem Toorop ab742b34b6 Miscelaneous scheduling fixes and improvements 2016-03-17 16:49:05 +01:00
Willem Toorop 0c0868517c Remove leftover debugging printfs 2016-01-12 16:57:17 +01:00
Willem Toorop fed8cc51ed Initial TCP support for Windows 2016-01-12 16:54:42 +01:00
Willem Toorop 4fd8d3dddd Replace mini_event extension by default_eventloop 
* default_eventloop was prototyped in getdns_query and is still in there as my_eventloop
  * It interfaces directly with the scheduling primitives of getdns.
  * It can operate entirely from stack and does not have to do
    any memory allocations or deallocations.

* Adapted configure.ac to allow libunbound to be linked with Windows
  (with the removal of winsock_event.c we have no symbol clashed anymore)

* Added STUB_TCP_WOULDBLOCK return code in stub_resolving helper functions,
  to anticipate dealing with edge triggered event loops (versus level triggered). (i.e. Windows)
 2016-01-12 15:52:14 +01:00
Willem Toorop 6b2d9a2d70 Unused var compile warning in certain conditions 2015-12-31 11:26:29 +01:00
Willem Toorop a2bdfb2f22 Merge branch 'features/windows-support' into develop 2015-12-24 14:44:18 +01:00
Willem Toorop 9d3905459e Miscellaneous fixes to compile on windows 
Also without warnings.
 2015-12-24 14:41:50 +01:00
Willem Toorop caba5f19d5 Merge branch 'develop' into features/windows-support 2015-12-24 11:01:26 +01:00
Daniel Kahn Gillmor 2a50f4d2ac Set tls_auth_failed when any present authentication mechanism fails 
We used to only have hostnames available.  now we have pubkey_pinsets
available as well.

We want upstream->tls_auth_failed to be 1 when any authentication
mechanism we've been asked for fails (and also when we haven't been
given any authentication mechanism at all).
 2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor 57a04f61db Allow AUTHENTICATION_REQUIRED w/o hostname when pubkey pinset is available 2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor 77802808ce rename GETDNS_AUTHENTICATION_HOSTNAME with GETDNS_AUTHENTICATION_REQUIRED 2015-12-23 18:00:43 +00:00
Sara Dickinson 2ce806c05b Tinker with debug statements/comments. 2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor a9eb9ccca9 Check that the pinset matches if it is configured 
if the upstream is configured to allow fallback, this will not be a
fatal error, but it will still be checked.

Future work:

 * verify any certs higher in the chain than the end-entity cert
 * deal with raw public keys
 * in the fallback case, report to the user whether the pinset match failed
 2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor d09675539e Provide access to the pinsets during the TLS verification callback 
We do this by associating a getdns_upstream object with the SSL object
handled by that upstream.

This allows us to collapse the verification callback code to a single
function.

Note that if we've agreed that fallback is ok, we are now willing to
accept *any* cert verification error, not just HOSTNAME_MISMATCH.
This is fine, because the alternative is falling back to cleartext,
which would be worse.

We also always set SSL_VERIFY_PEER, since we might as well try to do
so; we'll drop the verification error ourselves if we know we're OK
with falling back.
 2015-12-23 18:00:43 +00:00
Willem Toorop fe7a1e89e3 Constify new work 2015-12-22 11:32:15 +01:00
Willem Toorop 5bbcbb97a1 Merge branch 'develop' into features/conversion_functions 2015-12-22 11:28:27 +01:00
Willem Toorop 0a809cb7d8 Allow truncated answers to be returned 2015-12-22 10:56:20 +01:00
Willem Toorop ee2a1fbfe6 Merge branch 'features/tsig' into develop 2015-12-22 01:08:25 +01:00
Willem Toorop 6c1e00fc3f Send TSIG 2015-12-21 22:11:16 +01:00
Sara Dickinson 746a827baa Implement client side edns-tcp-keepalive 2015-12-21 17:05:56 +00:00
Sara Dickinson 91a73ab3d0 cleanup 2015-12-18 16:22:09 +00:00
Sara Dickinson 4165e874de Fix tests 2015-12-18 16:14:54 +00:00
Sara Dickinson c5b839bda8 remove STARTTLS 2015-12-18 16:14:54 +00:00
Willem Toorop 5663f914fb Mode debug marco's to own header 
To reduce dependency location fixes in test directory.
 2015-12-18 13:40:52 +01:00
Willem Toorop 5a65d2b693 Look further then you nose Willem! 2015-12-17 15:46:31 +01:00
Willem Toorop b839b97ac2 Oops... reverted syntax/style to agressively 2015-12-17 13:07:39 +01:00
Willem Toorop a2e15a169d Revert syntactic/style changes 
So actual changes aren't obfuscated
 2015-12-17 12:37:33 +01:00
Willem Toorop 16b62f43eb Merge branch 'develop' into features/conversion_functions 2015-12-16 13:53:25 +01:00
wtoorop 69b54be99c Merge pull request #126 from saradickinson/feature/mac_tfo 
Enable TFO by default if possible, add MAC OSX TFO support
Looks good, thanks.
 2015-12-16 13:45:14 +01:00
Sara Dickinson 736d9f20bf Enable TCP FastOpen by default and add support for OSX implementation of TFO. 2015-12-13 17:44:31 +00:00
Willem Toorop d67949d1e7 iterators go over const wireformat data 2015-12-07 16:43:41 +01:00
unknown 22a8550caa Bug fix in get_os_defaults, clean up code in winsock_event, add code to handle event handling differences in Winsock2 2015-12-04 16:12:43 -05:00
unknown 2d58ed465c Changes for Windows, Fix configure.ac to take in a winsock option to configure and generafigure, add ifdef's to stub out windows code for other platforms. 2015-11-22 22:38:13 -05:00
Willem Toorop 08bf613cde Prevent segfault with failed TLS handshake? 
Need proper review for this patch!  Sara?
 2015-11-15 12:46:21 -05:00
Sara Dickinson d75ba83013 Fix bug with call_debugging reporting of UDP and add a getter for tls_authentication 2015-11-13 13:28:43 +00:00
saradickinson 1a72454b88 Remove debug 2015-11-05 14:41:23 +09:00
saradickinson 5f60683f57 Fix seg fault on timeout 2015-11-05 14:41:23 +09:00
Willem Toorop 26566a3b00 Merge branch 'develop' of github.com:getdnsapi/getdns into develop 2015-11-04 23:25:49 +01:00