Module: sip-router Branch: mariuszbihlei/dnssec Commit: 0d279eb512ac6740fe1da6e96f7580303f09c025 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=0d279eb5...
Author: Marius Zbihlei mariuszbi@gmai.com Committer: Marius Zbihlei mariuszbi@gmai.com Date: Sat Mar 30 10:44:39 2013 +0000
core: refactored DNS primitives and removed DNSSEC support from core
The library functions can now be easily overwritten by modules(dnssec) to allow enhanced resolving capabilities
---
Makefile.defs | 4 ---- dns_func.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ dns_func.h | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ resolve.c | 21 ++------------------- resolve.h | 26 ++++---------------------- 5 files changed, 112 insertions(+), 45 deletions(-)
diff --git a/Makefile.defs b/Makefile.defs index 2c7917e..25b30d1 100644 --- a/Makefile.defs +++ b/Makefile.defs @@ -1759,10 +1759,6 @@ ifeq ($(OS), linux) LIBS+=-lpthread endif endif - ifneq (,$(findstring -DUSE_DNSSEC, $(C_DEFS))) - LIBS+=-lval-threads -lcrypto -lsres -lpthread -$(info "using libval for DNSSEC validation") - endif # check for >= 2.5.44
ifeq ($(shell [ $(OSREL_N) -ge 2005044 ] && echo has_epoll), has_epoll) diff --git a/dns_func.c b/dns_func.c new file mode 100644 index 0000000..6eedf0d --- /dev/null +++ b/dns_func.c @@ -0,0 +1,51 @@ + +/* + * $Id$ + * + * Copyright (C) 2013 mariuszbi@gmail.com + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ +/* + * DNS wrappers + */ +/* + * History: + * -------- + * 2013-03 initial version (marius) +*/ + +#include "dns_func.h" + + +#include <resolv.h> +#include <sys/types.h> +#include <netdb.h> + +struct hostent; + +struct dns_func_t dns_func = { + res_init, + res_search, + gethostbyname, + gethostbyname2 +}; + + +void load_dnsfunc(struct dns_func_t *d) { + dns_func.sr_res_init = d->sr_res_init; + dns_func.sr_res_search = d->sr_res_search; + dns_func.sr_gethostbyname = d->sr_gethostbyname; + dns_func.sr_gethostbyname2 = d->sr_gethostbyname2; +} + diff --git a/dns_func.h b/dns_func.h new file mode 100644 index 0000000..623c3b8 --- /dev/null +++ b/dns_func.h @@ -0,0 +1,55 @@ +/* + * $Id$ + * + * Copyright (C) 2013 mariuszbi@gmail.com + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ +/* + * DNS Wrapper functions + */ +/* + * History: + * -------- + * 2013-03 initial version (marius) +*/ + +#ifndef DNS_FUNC_H +#define DNS_FUNC_H + +#include <sys/socket.h> + +struct hostent; + +typedef int (*res_init_t)(void); +typedef int (*res_search_t)(const char*, int, int, unsigned char*, int); +typedef struct hostent* (*gethostbyname_t)(const char*); +typedef struct hostent* (*gethostbyname2_t)(const char*, int); + +struct dns_func_t { + res_init_t sr_res_init; + res_search_t sr_res_search; + gethostbyname_t sr_gethostbyname; + gethostbyname2_t sr_gethostbyname2; +}; + +/* + * initiate structure with system values + */ +//extern struct dns_func_t dns_func; + +extern +void load_dnsfunc(struct dns_func_t *d); + + +#endif diff --git a/resolve.c b/resolve.c index 0a77ed7..c77a3a2 100644 --- a/resolve.c +++ b/resolve.c @@ -153,7 +153,7 @@ error: */ static int _resolv_init(void) { - res_init(); + dns_func.sr_res_init(); #ifdef HAVE_RESOLV_RES if (cfg_get(core, core_cfg, dns_retr_time)>0) _res.retrans=cfg_get(core, core_cfg, dns_retr_time); @@ -714,10 +714,6 @@ struct rdata* get_record(char* name, int type, int flags) struct rdata* fullname_rd; char c; -#ifdef USE_DNSSEC - val_status_t val_status; -#endif - name_len=strlen(name);
for (i = 0; i < name_len; i++) { @@ -738,20 +734,7 @@ struct rdata* get_record(char* name, int type, int flags) } fullname_rd=0;
-#ifndef USE_DNSSEC - size=res_search(name, C_IN, type, buff.buff, sizeof(buff)); -#else - size=val_res_query((val_context_t *) NULL, - (char *) name, - (int) C_IN, - (int) type, - (unsigned char *) buff.buff, - (int) sizeof(buff), - &val_status); - if(!val_istrusted(val_status)){ - LOG(L_INFO, "INFO: got not trusted record when resolving %s\n",name); - } -#endif + size=dns_func.sr_res_search(name, C_IN, type, buff.buff, sizeof(buff));
if (unlikely(size<0)) { DBG("get_record: lookup(%s, %d) failed\n", name, type); diff --git a/resolve.h b/resolve.h index 3ff5e23..96db053 100644 --- a/resolve.h +++ b/resolve.h @@ -48,6 +48,7 @@ #include <arpa/nameser.h> #include <resolv.h> #include "counters.h" +#include "dns_func.h"
#ifdef __OS_darwin #include <arpa/nameser_compat.h> @@ -58,9 +59,6 @@ #include "dns_wrappers.h" #endif
-#ifdef USE_DNSSEC -#include <validator/validator.h> -#endif
/* define RESOLVE_DBG for debugging info (very noisy) */ #define RESOLVE_DBG @@ -90,6 +88,7 @@ struct dns_counters_h { };
extern struct dns_counters_h dns_cnts_h; +extern struct dns_func_t dns_func;
/* query union*/ union dns_query{ @@ -404,9 +403,6 @@ static inline struct hostent* _resolvehost(char* name) #endif #endif #ifdef DNS_IP_HACK -#ifdef USE_DNSSEC - val_status_t val_status; -#endif struct ip_addr* ip; str s;
@@ -437,14 +433,7 @@ static inline struct hostent* _resolvehost(char* name) #endif #endif /* ipv4 */ -#ifndef USE_DNSSEC - he=gethostbyname(name); -#else - he=val_gethostbyname( (val_context_t *) 0, name, &val_status); - if(!val_istrusted(val_status)){ - LOG(L_INFO, "INFO: got not trusted record when resolving %s\n",name); - } -#endif + he=dns_func.sr_gethostbyname(name);
#ifdef USE_IPV6 if(he==0 && cfg_get(core, core_cfg, dns_try_ipv6)){ @@ -453,14 +442,7 @@ skip_ipv4: #endif /*try ipv6*/ #ifdef HAVE_GETHOSTBYNAME2 - #ifndef USE_DNSSEC - he=gethostbyname2(name, AF_INET6); - #else - he=val_gethostbyname2((val_context_t*)0, name, AF_INET6, &val_status); - if(!val_istrusted(val_status)){ - LOG(L_INFO, "INFO: got not trusted record when resolving %s\n",name); - } - #endif //!USE_DNSSEC + he=dns_func.sr_gethostbyname2(name, AF_INET6); #elif defined HAVE_GETIPNODEBYNAME /* on solaris 8 getipnodebyname has a memory leak, * after some time calls to it will fail with err=3