## Core library
- * Add DNSSEC validation information
- - what about non-DNS protocols?
- - what about any, localhost or numeric addresses
* Improve path ordering
- use rules from http://tools.ietf.org/html/rfc6724
- use /etc/gai.conf
netresolve_backend_add_path(query, AF_INET, &inaddr_any, 0, 0, 0, 0, 0, 0, 0);
netresolve_backend_add_path(query, AF_INET6, &in6addr_any, 0, 0, 0, 0, 0, 0, 0);
+ netresolve_backend_set_secure(query);
netresolve_backend_finished(query);
}
+
void
setup_reverse(netresolve_query_t query, char **settings)
{
}
netresolve_backend_add_name_info(query, "", NULL);
+ netresolve_backend_set_secure(query);
netresolve_backend_finished(query);
}
count++;
}
- if (count)
+ if (count) {
+ netresolve_backend_set_secure(query);
netresolve_backend_finished(query);
- else
+ } else
netresolve_backend_failed(query);
free(list.items);
netresolve_backend_add_name_info(query, item->name, NULL);
}
- if (count)
+ if (count) {
+ netresolve_backend_set_secure(query);
netresolve_backend_finished(query);
- else
+ } else
netresolve_backend_failed(query);
free(list.items);
if (ipv6)
netresolve_backend_add_path(query, AF_INET6, &in6addr_loopback, 0, 0, 0, 0, 0, 0, 0);
+ netresolve_backend_set_secure(query);
netresolve_backend_finished(query);
}
}
netresolve_backend_add_name_info(query, "localhost", NULL);
+ netresolve_backend_set_secure(query);
netresolve_backend_finished(query);
}
return;
}
- if (ifindex != -1)
+ if (ifindex >= 0) {
netresolve_backend_add_path(query, family, &address, ifindex, 0, 0, 0, 0, 0, 0);
- netresolve_backend_finished(query);
+ netresolve_backend_set_canonical_name(query, node);
+ netresolve_backend_set_secure(query);
+ netresolve_backend_finished(query);
+ } else
+ netresolve_backend_failed(query);
}
}
netresolve_backend_add_path(query, AF_UNIX, node, 0, socktype, 0, 0, 0, 0, 0);
+ netresolve_backend_set_secure(query);
netresolve_backend_finished(query);
}
void netresolve_backend_add_name_info(netresolve_query_t query, const char *nodename, const char *servname);
void netresolve_backend_set_canonical_name(netresolve_query_t query, const char *canonical_name);
void netresolve_backend_set_dns_answer(netresolve_query_t query, const void *answer, size_t length);
+void netresolve_backend_set_secure(netresolve_query_t query);
/* Convenience output */
void netresolve_backend_apply_addrinfo(netresolve_query_t query,
_NETRSOLVE_REQUEST_TYPES
};
+enum netresolve_security {
+ NETRESOLVE_SECURITY_INSECURE,
+ NETRESOLVE_SECURITY_SECURE
+};
+
struct netresolve_backend {
bool mandatory;
char **settings;
void *answer;
size_t length;
} dns;
+ enum netresolve_security security;
} response;
struct netresolve_service_list *services;
size_t netresolve_query_get_count(const netresolve_query_t query);
const char *netresolve_query_get_node_name(const netresolve_query_t query);
const char *netresolve_query_get_service_name(const netresolve_query_t query);
+bool netresolve_query_get_secure(const netresolve_query_t query);
/* Query result getters (forward queries) */
void netresolve_query_get_node_info(const netresolve_query_t query, size_t idx,
service_callback, query);
}
}
+void
+netresolve_backend_set_secure(netresolve_query_t query)
+{
+ query->response.security = NETRESOLVE_SECURITY_SECURE;
+}
void
netresolve_backend_set_dns_answer(netresolve_query_t query, const void *answer, size_t length)
return &query->response.dns.answer;
}
+
+bool
+netresolve_query_get_secure(const netresolve_query_t query)
+{
+ return query->response.security == NETRESOLVE_SECURITY_SECURE;
+}
size_t i;
size_t length;
const char *answer = netresolve_query_get_dns_answer(query, &length);
+ bool secure = netresolve_query_get_secure(query);
bprintf(&start, end, "response %s %s\n", PACKAGE_NAME, VERSION);
if (length) {
add_path(&start, end, query, i);
bprintf(&start, end, "\n");
}
+ if (secure)
+ bprintf(&start, end, "secure\n");
bprintf(&start, end, "\n");
return query->buffer;
name localhost
ip :: any any 0 0 0 0
ip 0.0.0.0 any any 0 0 0 0
+secure
response netresolve 0.0.1
-name info.nix.cz.
-service 0
+name info.nix.cz
response netresolve 0.0.1
name localhost
+secure
name localhost
ip ::1 any any 0 0 0 0
ip 127.0.0.1 any any 0 0 0 0
+secure
ip ::1 dgram udp 80 0 0 0
ip 127.0.0.1 stream tcp 80 0 0 0
ip 127.0.0.1 dgram udp 80 0 0 0
+secure
response netresolve 0.0.1
name localhost
ip 127.0.0.1 any any 0 0 0 0
+secure
name localhost
ip 127.0.0.1 stream tcp 80 0 0 0
ip 127.0.0.1 dgram udp 80 0 0 0
+secure
response netresolve 0.0.1
name localhost
ip ::1 any any 0 0 0 0
+secure
response netresolve 0.0.1
ip ::1 stream tcp 80 0 0 0
ip ::1 dgram udp 80 0 0 0
+secure
response netresolve 0.0.1
name 1.2.3.4
ip 1.2.3.4 any any 0 0 0 0
+secure
+++ /dev/null
-response netresolve 0.0.1
-name 1.2.3.4%999999x
-
response netresolve 0.0.1
name 1.2.3.4%lo
ip 1.2.3.4%lo any any 0 0 0 0
+secure
response netresolve 0.0.1
name 1.2.3.4%999999
ip 1.2.3.4%999999 any any 0 0 0 0
+secure
response netresolve 0.0.1
name 1:2:3:4:5:6:7:8
ip 1:2:3:4:5:6:7:8 any any 0 0 0 0
+secure
+++ /dev/null
-response netresolve 0.0.1
-name 1:2:3:4:5:6:7:8%999999x
-
response netresolve 0.0.1
ip 1:2:3:4:5:6:7:8%lo any any 0 0 0 0
+secure
response netresolve 0.0.1
name 1:2:3:4:5:6:7:8%lo
ip 1:2:3:4:5:6:7:8%lo any any 0 0 0 0
+secure
response netresolve 0.0.1
name 1:2:3:4:5:6:7:8%999999
ip 1:2:3:4:5:6:7:8%999999 any any 0 0 0 0
+secure
ip :: dgram udp 80 0 0 0
ip 0.0.0.0 stream tcp 80 0 0 0
ip 0.0.0.0 dgram udp 80 0 0 0
+secure
name /path/to/socket
unix /path/to/socket stream
unix /path/to/socket dgram
+secure
response netresolve 0.0.1
name /path/to/socket
unix /path/to/socket dgram
+secure
response netresolve 0.0.1
name /path/to/socket
unix /path/to/socket stream
+secure
$DIFF <($NR --backends getaddrinfo) $DATA/failed
$DIFF <($NR --backends nss:files) $DATA/failed
$DIFF <($NR --backends nss:bogusbogus) $DATA/failed
-$DIFF <($NR --backends nss:./.libs/libnss_netresolve.so) $DATA/any
-$DIFF <($NR --backends nss:./.libs/libnss_netresolve.so:getaddrinfo) $DATA/any
+$DIFF <($NR --backends nss:./.libs/libnss_netresolve.so) <(grep -v '^secure$' $DATA/any)
+$DIFF <($NR --backends nss:./.libs/libnss_netresolve.so:getaddrinfo) <(grep -v '^secure$' $DATA/any)
$DIFF <($NR --backends nss:./.libs/libnss_netresolve.so:gethostbyname4) $DATA/failed
$DIFF <($NR --backends nss:./.libs/libnss_netresolve.so:gethostbyname3) $DATA/failed
$DIFF <($NR --backends nss:./.libs/libnss_netresolve.so:gethostbyname2) $DATA/failed
# empty/http
$DIFF <($NR --service http) $DATA/services
-$DIFF <($NR --backend getaddrinfo --service http) $DATA/services
+$DIFF <($NR --backend getaddrinfo --service http) <(grep -v '^secure$' $DATA/services)
# numeric
$DIFF <($NR --node 1.2.3.4) $DATA/numeric4
$DIFF <($NR --node 1.2.3.4%lo) $DATA/numeric4lo
$DIFF <($NR --node 1.2.3.4%999999) $DATA/numeric4nines
-$DIFF <($NR --node 1.2.3.4%999999x) $DATA/numeric4failed
+$DIFF <($NR --node 1.2.3.4%999999x) $DATA/failed
$DIFF <($NR --node 1:2:3:4:5:6:7:8) $DATA/numeric6
$DIFF <($NR --node 1:2:3:4:5:6:7:8%lo) $DATA/numeric6lo
$DIFF <($NR --node 1:2:3:4:5:6:7:8%999999) $DATA/numeric6nines
-$DIFF <($NR --node 1:2:3:4:5:6:7:8%999999x) $DATA/numeric6failed
+$DIFF <($NR --node 1:2:3:4:5:6:7:8%999999x) $DATA/failed
# localhost
$DIFF <($NR --node localhost) $DATA/localhost
$DIFF <($NR --backends hosts --node localhost) $DATA/localhost
-$DIFF <($NR --backends nss:files --node localhost) $DATA/localhost
-$DIFF <($NR --backends nss:files:gethostbyname4 --node localhost) $DATA/localhost
-$DIFF <($NR --backends nss:files:gethostbyname3 --node localhost) $DATA/localhost
-$DIFF <($NR --backends nss:files:gethostbyname2 --node localhost) $DATA/localhost
-$DIFF <($NR --backends nss:files:gethostbyname --node localhost) $DATA/localhost4
-$DIFF <($NR --backends nss:./.libs/libnss_netresolve.so --node localhost) $DATA/localhost
-$DIFF <($NR --backends nss:./.libs/libnss_netresolve.so:getaddrinfo --node localhost) $DATA/localhost
-$DIFF <($NR --backends nss:./.libs/libnss_netresolve.so:gethostbyname4 --node localhost) $DATA/localhost
-$DIFF <($NR --backends nss:./.libs/libnss_netresolve.so:gethostbyname3 --node localhost) $DATA/localhost
-$DIFF <($NR --backends nss:./.libs/libnss_netresolve.so:gethostbyname2 --node localhost) $DATA/localhost
-$DIFF <($NR --backends nss:./.libs/libnss_netresolve.so:gethostbyname --node localhost) $DATA/localhost4
+$DIFF <($NR --backends nss:files --node localhost) <(grep -v '^secure$' $DATA/localhost)
+$DIFF <($NR --backends nss:files:gethostbyname4 --node localhost) <(grep -v '^secure$' $DATA/localhost)
+$DIFF <($NR --backends nss:files:gethostbyname3 --node localhost) <(grep -v '^secure$' $DATA/localhost)
+$DIFF <($NR --backends nss:files:gethostbyname2 --node localhost) <(grep -v '^secure$' $DATA/localhost)
+$DIFF <($NR --backends nss:files:gethostbyname --node localhost) <(grep -v '^secure$' $DATA/localhost4)
+$DIFF <($NR --backends nss:./.libs/libnss_netresolve.so --node localhost) <(grep -v '^secure$' $DATA/localhost)
+$DIFF <($NR --backends nss:./.libs/libnss_netresolve.so:getaddrinfo --node localhost) <(grep -v '^secure$' $DATA/localhost)
+$DIFF <($NR --backends nss:./.libs/libnss_netresolve.so:gethostbyname4 --node localhost) <(grep -v '^secure$' $DATA/localhost)
+$DIFF <($NR --backends nss:./.libs/libnss_netresolve.so:gethostbyname3 --node localhost) <(grep -v '^secure$' $DATA/localhost)
+$DIFF <($NR --backends nss:./.libs/libnss_netresolve.so:gethostbyname2 --node localhost) <(grep -v '^secure$' $DATA/localhost)
+$DIFF <($NR --backends nss:./.libs/libnss_netresolve.so:gethostbyname --node localhost) <(grep -v '^secure$' $DATA/localhost4)
# localhost/http
$DIFF <($NR --node localhost) $DATA/localhost
-$DIFF <($NR --backends getaddrinfo --node localhost --service http) $DATA/localhost-http
-$DIFF <($NR --backends nss:files --node localhost --service http) $DATA/localhost-http
-$DIFF <($NR --backends nss:files:gethostbyname4 --node localhost --service http) $DATA/localhost-http
-$DIFF <($NR --backends nss:files:gethostbyname3 --node localhost --service http) $DATA/localhost-http
-$DIFF <($NR --backends nss:files:gethostbyname2 --node localhost --service http) $DATA/localhost-http
-$DIFF <($NR --backends nss:files:gethostbyname --node localhost --service http) $DATA/localhost4-http
+$DIFF <($NR --backends getaddrinfo --node localhost --service http) <(grep -v '^secure$' $DATA/localhost-http)
+$DIFF <($NR --backends nss:files --node localhost --service http) <(grep -v '^secure$' $DATA/localhost-http)
+$DIFF <($NR --backends nss:files:gethostbyname4 --node localhost --service http) <(grep -v '^secure$' $DATA/localhost-http)
+$DIFF <($NR --backends nss:files:gethostbyname3 --node localhost --service http) <(grep -v '^secure$' $DATA/localhost-http)
+$DIFF <($NR --backends nss:files:gethostbyname2 --node localhost --service http) <(grep -v '^secure$' $DATA/localhost-http)
+$DIFF <($NR --backends nss:files:gethostbyname --node localhost --service http) <(grep -v '^secure$' $DATA/localhost4-http)
# localhost (ip4)
$DIFF <($NR --node localhost --family ip4) $DATA/localhost4
-$DIFF <($NR --backends nss:files --node localhost --family ip4) $DATA/localhost4
+$DIFF <($NR --backends nss:files --node localhost --family ip4) <(grep -v '^secure$' $DATA/localhost4)
$DIFF <($NR --backends nss:files:gethostbyname4 --node localhost --family ip4) $DATA/failed
-$DIFF <($NR --backends nss:files:gethostbyname3 --node localhost --family ip4) $DATA/localhost4
-$DIFF <($NR --backends nss:files:gethostbyname2 --node localhost --family ip4) $DATA/localhost4
-$DIFF <($NR --backends nss:files:gethostbyname --node localhost --family ip4) $DATA/localhost4
+$DIFF <($NR --backends nss:files:gethostbyname3 --node localhost --family ip4) <(grep -v '^secure$' $DATA/localhost4)
+$DIFF <($NR --backends nss:files:gethostbyname2 --node localhost --family ip4) <(grep -v '^secure$' $DATA/localhost4)
+$DIFF <($NR --backends nss:files:gethostbyname --node localhost --family ip4) <(grep -v '^secure$' $DATA/localhost4)
# localhost (ip6)
$DIFF <($NR --node localhost --family ip6) $DATA/localhost6
-$DIFF <($NR --backends nss:files --node localhost --family ip6) $DATA/localhost6
-$DIFF <($NR --backends nss:files:gethostbyname4 --node localhost --family ip6) $DATA/failed
-$DIFF <($NR --backends nss:files:gethostbyname3 --node localhost --family ip6) $DATA/localhost6
-$DIFF <($NR --backends nss:files:gethostbyname2 --node localhost --family ip6) $DATA/localhost6
-$DIFF <($NR --backends nss:files:gethostbyname --node localhost --family ip6) $DATA/empty
+$DIFF <($NR --backends nss:files --node localhost --family ip6) <(grep -v '^secure$' $DATA/localhost6)
+$DIFF <($NR --backends nss:files:gethostbyname4 --node localhost --family ip6) <(grep -v '^secure$' $DATA/failed)
+$DIFF <($NR --backends nss:files:gethostbyname3 --node localhost --family ip6) <(grep -v '^secure$' $DATA/localhost6)
+$DIFF <($NR --backends nss:files:gethostbyname2 --node localhost --family ip6) <(grep -v '^secure$' $DATA/localhost6)
+$DIFF <($NR --backends nss:files:gethostbyname --node localhost --family ip6) <(grep -v '^secure$' $DATA/empty)
# localhost4
$DIFF <($NR --node localhost4) $DATA/localhost4
projects / netresolve.git / commitdiff