Browse code

core: refactored DNS primitives and removed DNSSEC support from core

The library functions can now be easily overwritten by modules(dnssec) to allow enhanced resolving capabilities

Marius Zbihlei authored on 30/03/2013 10:44:39
Showing 5 changed files
... ...
@@ -1759,10 +1759,6 @@ ifeq ($(OS), linux)
1759 1759
 			LIBS+=-lpthread
1760 1760
 		endif
1761 1761
 	endif
1762
-	ifneq (,$(findstring -DUSE_DNSSEC, $(C_DEFS)))
1763
-		LIBS+=-lval-threads -lcrypto -lsres -lpthread
1764
-$(info "using libval for DNSSEC validation")
1765
-	endif
1766 1762
         # check for >= 2.5.44
1767 1763
 
1768 1764
 	ifeq ($(shell [ $(OSREL_N) -ge 2005044 ] && echo has_epoll), has_epoll)
1769 1765
new file mode 100644
... ...
@@ -0,0 +1,51 @@
0
+
1
+/* 
2
+ * $Id$
3
+ * 
4
+ * Copyright (C) 2013  mariuszbi@gmail.com
5
+ *
6
+ * Permission to use, copy, modify, and distribute this software for any
7
+ * purpose with or without fee is hereby granted, provided that the above
8
+ * copyright notice and this permission notice appear in all copies.
9
+ *
10
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
+ */
18
+/*
19
+ * DNS wrappers
20
+ */
21
+/*
22
+ * History:
23
+ * --------
24
+ *  2013-03 initial version (marius)
25
+*/
26
+
27
+#include "dns_func.h"
28
+
29
+
30
+#include <resolv.h>
31
+#include <sys/types.h>
32
+#include <netdb.h>
33
+
34
+struct hostent;
35
+
36
+struct dns_func_t dns_func = {
37
+	res_init,
38
+	res_search,
39
+	gethostbyname,
40
+	gethostbyname2
41
+};
42
+
43
+ 
44
+void load_dnsfunc(struct dns_func_t *d) {
45
+	dns_func.sr_res_init = d->sr_res_init;
46
+	dns_func.sr_res_search = d->sr_res_search;
47
+	dns_func.sr_gethostbyname = d->sr_gethostbyname;
48
+	dns_func.sr_gethostbyname2 = d->sr_gethostbyname2;
49
+} 
50
+
0 51
new file mode 100644
... ...
@@ -0,0 +1,55 @@
0
+/* 
1
+ * $Id$
2
+ * 
3
+ * Copyright (C) 2013 mariuszbi@gmail.com
4
+ *
5
+ * Permission to use, copy, modify, and distribute this software for any
6
+ * purpose with or without fee is hereby granted, provided that the above
7
+ * copyright notice and this permission notice appear in all copies.
8
+ *
9
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16
+ */
17
+/*
18
+ * DNS Wrapper functions 
19
+ */
20
+/*
21
+ * History:
22
+ * --------
23
+ *  2013-03  initial version (marius)
24
+*/
25
+
26
+#ifndef DNS_FUNC_H
27
+#define DNS_FUNC_H
28
+
29
+#include <sys/socket.h>
30
+
31
+struct hostent;
32
+
33
+typedef int (*res_init_t)(void);
34
+typedef int (*res_search_t)(const char*, int, int, unsigned char*, int);
35
+typedef struct hostent* (*gethostbyname_t)(const char*);
36
+typedef struct hostent* (*gethostbyname2_t)(const char*, int);
37
+
38
+struct dns_func_t {
39
+	res_init_t sr_res_init;
40
+	res_search_t sr_res_search;
41
+	gethostbyname_t sr_gethostbyname;
42
+	gethostbyname2_t sr_gethostbyname2;
43
+};
44
+
45
+/* 
46
+ * initiate structure with system values
47
+ */
48
+//extern struct dns_func_t dns_func;
49
+
50
+extern 
51
+void load_dnsfunc(struct dns_func_t *d);
52
+
53
+
54
+#endif
... ...
@@ -153,7 +153,7 @@ error:
153 153
  */
154 154
 static int _resolv_init(void)
155 155
 {
156
-	res_init();
156
+	dns_func.sr_res_init();
157 157
 #ifdef HAVE_RESOLV_RES
158 158
 	if (cfg_get(core, core_cfg, dns_retr_time)>0)
159 159
 		_res.retrans=cfg_get(core, core_cfg, dns_retr_time);
... ...
@@ -714,10 +714,6 @@ struct rdata* get_record(char* name, int type, int flags)
714 714
 	struct rdata* fullname_rd;
715 715
 	char c;
716 716
 	
717
-#ifdef USE_DNSSEC
718
-	val_status_t val_status;
719
-#endif
720
-
721 717
 	name_len=strlen(name);
722 718
 
723 719
 	for (i = 0; i < name_len; i++) {
... ...
@@ -738,20 +734,7 @@ struct rdata* get_record(char* name, int type, int flags)
738 738
 	}
739 739
 	fullname_rd=0;
740 740
 
741
-#ifndef USE_DNSSEC
742
-	size=res_search(name, C_IN, type, buff.buff, sizeof(buff));
743
-#else
744
-	size=val_res_query((val_context_t *) NULL,
745
-                      (char *) name, 
746
-                      (int) C_IN,
747
-		      (int) type, 
748
-                      (unsigned char *) buff.buff, 
749
-		      (int) sizeof(buff),
750
-                      &val_status);	
751
-	if(!val_istrusted(val_status)){
752
-		LOG(L_INFO, "INFO: got not trusted record when resolving %s\n",name);
753
-	}
754
-#endif
741
+	size=dns_func.sr_res_search(name, C_IN, type, buff.buff, sizeof(buff));
755 742
 
756 743
 	if (unlikely(size<0)) {
757 744
 		DBG("get_record: lookup(%s, %d) failed\n", name, type);
... ...
@@ -48,6 +48,7 @@
48 48
 #include <arpa/nameser.h>
49 49
 #include <resolv.h>
50 50
 #include "counters.h"
51
+#include "dns_func.h"
51 52
 
52 53
 #ifdef __OS_darwin
53 54
 #include <arpa/nameser_compat.h>
... ...
@@ -58,9 +59,6 @@
58 58
 #include "dns_wrappers.h"
59 59
 #endif
60 60
 
61
-#ifdef USE_DNSSEC
62
-#include <validator/validator.h>
63
-#endif
64 61
 
65 62
 /* define RESOLVE_DBG for debugging info (very noisy) */
66 63
 #define RESOLVE_DBG
... ...
@@ -90,6 +88,7 @@ struct dns_counters_h {
90 90
 };
91 91
 
92 92
 extern struct dns_counters_h dns_cnts_h;
93
+extern struct dns_func_t dns_func;
93 94
 
94 95
 /* query union*/
95 96
 union dns_query{
... ...
@@ -404,9 +403,6 @@ static inline struct hostent* _resolvehost(char* name)
404 404
 #endif
405 405
 #endif
406 406
 #ifdef DNS_IP_HACK
407
-#ifdef USE_DNSSEC
408
-	val_status_t val_status;
409
-#endif
410 407
 	struct ip_addr* ip;
411 408
 	str s;
412 409
 
... ...
@@ -437,14 +433,7 @@ static inline struct hostent* _resolvehost(char* name)
437 437
 #endif
438 438
 #endif
439 439
 	/* ipv4 */
440
-#ifndef USE_DNSSEC
441
-	he=gethostbyname(name);
442
-#else
443
-	he=val_gethostbyname( (val_context_t *) 0, name, &val_status);
444
-	if(!val_istrusted(val_status)){
445
-		LOG(L_INFO, "INFO: got not trusted record when resolving %s\n",name);
446
-	}
447
-#endif
440
+	he=dns_func.sr_gethostbyname(name);
448 441
 
449 442
 #ifdef USE_IPV6
450 443
 	if(he==0 && cfg_get(core, core_cfg, dns_try_ipv6)){
... ...
@@ -453,14 +442,7 @@ skip_ipv4:
453 453
 #endif
454 454
 		/*try ipv6*/
455 455
 	#ifdef HAVE_GETHOSTBYNAME2
456
-		#ifndef USE_DNSSEC
457
-		he=gethostbyname2(name, AF_INET6);
458
-		#else
459
-		he=val_gethostbyname2((val_context_t*)0, name, AF_INET6, &val_status);
460
-		if(!val_istrusted(val_status)){
461
-			LOG(L_INFO, "INFO: got not trusted record when resolving %s\n",name);
462
-		}
463
-		#endif //!USE_DNSSEC
456
+		he=dns_func.sr_gethostbyname2(name, AF_INET6);
464 457
 	#elif defined HAVE_GETIPNODEBYNAME
465 458
 		/* on solaris 8 getipnodebyname has a memory leak,
466 459
 		 * after some time calls to it will fail with err=3