[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnunet] branch master updated (edc238be6 -> 3ec6a0f2b)
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnunet] branch master updated (edc238be6 -> 3ec6a0f2b) |
|
Date: |
Thu, 07 Jun 2018 16:17:16 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a change to branch master
in repository gnunet.
from edc238be6 rps profiler: summarize statistics
new 50e9c6195 add option to disable v6, do not pass chunked encoding
along, enable bypass of cert validation
new 3ec6a0f2b add LEHO records to DNS record sets if we know them from
GNS2DNS
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
src/gns/gnunet-gns-proxy.c | 59 ++++++++++++++++++++++++++++-------
src/gns/gnunet-service-gns_resolver.c | 32 +++++++++++++++++--
2 files changed, 76 insertions(+), 15 deletions(-)
diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c
index cf1901de1..486911ec8 100644
--- a/src/gns/gnunet-gns-proxy.c
+++ b/src/gns/gnunet-gns-proxy.c
@@ -44,6 +44,15 @@
/**
+ * FIXME: GnuTLS right now sometimes rejects valid certs, so as a
+ * VERY temporary workaround we just WARN the user instead of
+ * dropping the page. THIS SHOULD NOT BE USED IN PRODUCTION,
+ * set to 1 in production!!! FIXME!!!
+ */
+#define FIXED_CERT_VALIDATION_BUG 0
+
+
+/**
* Default Socks5 listen port.
*/
#define GNUNET_GNS_PROXY_PORT 7777
@@ -685,6 +694,11 @@ static CURLM *curl_multi;
static struct GNUNET_GNS_Handle *gns_handle;
/**
+ * Disable IPv6.
+ */
+static int disable_v6;
+
+/**
* DLL for http/https daemons
*/
static struct MhdHttpList *mhd_httpd_head;
@@ -890,7 +904,7 @@ mhd_content_cb (void *cls,
return MHD_CONTENT_READER_END_OF_STREAM;
}
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Writing %llu/%llu bytes for %s%s\n",
+ "Writing %llu/%llu bytes to %s%s\n",
(unsigned long long) bytes_to_copy,
(unsigned long long) s5r->io_len,
s5r->domain,
@@ -952,8 +966,10 @@ check_ssl_certificate (struct Socks5Request *s5r)
tlsinfo->backend);
return GNUNET_SYSERR;
}
- chainp = gnutls_certificate_get_peers (tlsinfo->internals, &cert_list_size);
- if ( (! chainp) || (0 == cert_list_size) )
+ chainp = gnutls_certificate_get_peers (tlsinfo->internals,
+ &cert_list_size);
+ if ( (! chainp) ||
+ (0 == cert_list_size) )
return GNUNET_SYSERR;
size = sizeof (certdn);
@@ -1056,11 +1072,14 @@ check_ssl_certificate (struct Socks5Request *s5r)
name)))
{
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
- _("TLS certificate subject name (%s) does not match
`%s'\n"),
+ _("TLS certificate subject name (%s) does not match `%s':
%d\n"),
certdn,
- name);
+ name,
+ rc);
+#if FIXED_CERT_VALIDATION_BUG
gnutls_x509_crt_deinit (x509_cert);
return GNUNET_SYSERR;
+#endif
}
}
else
@@ -1116,15 +1135,17 @@ curl_check_hdr (void *buffer,
if (GNUNET_OK != check_ssl_certificate (s5r))
return 0;
}
-
- ndup = GNUNET_strndup (buffer, bytes);
- hdr_type = strtok (ndup, ":");
+ ndup = GNUNET_strndup (buffer,
+ bytes);
+ hdr_type = strtok (ndup,
+ ":");
if (NULL == hdr_type)
{
GNUNET_free (ndup);
return bytes;
}
- hdr_val = strtok (NULL, "");
+ hdr_val = strtok (NULL,
+ "");
if (NULL == hdr_val)
{
GNUNET_free (ndup);
@@ -1187,6 +1208,12 @@ curl_check_hdr (void *buffer,
}
new_location = NULL;
+ if (0 == strcasecmp (MHD_HTTP_HEADER_TRANSFER_ENCODING,
+ hdr_type))
+ {
+ /* Ignore transfer encoding, set automatically by MHD if required */
+ goto cleanup;
+ }
if (0 == strcasecmp (MHD_HTTP_HEADER_LOCATION,
hdr_type))
{
@@ -1232,6 +1259,7 @@ curl_check_hdr (void *buffer,
s5r->header_tail,
header);
}
+ cleanup:
GNUNET_free (ndup);
GNUNET_free_non_null (new_cookie_hdr);
GNUNET_free_non_null (new_location);
@@ -1761,7 +1789,7 @@ create_response (void *cls,
return MHD_NO;
}
s5r->con = con;
- //Fresh connection.
+ /* Fresh connection. */
if (SOCKS5_SOCKET_WITH_MHD == s5r->state)
{
/* first time here, initialize curl handle */
@@ -2984,8 +3012,10 @@ handle_gns_result (void *cls,
}
if (GNUNET_YES == got_ip)
break;
+ if (GNUNET_YES == disable_v6)
+ break;
if (GNUNET_OK !=
- GNUNET_NETWORK_test_pf (PF_INET))
+ GNUNET_NETWORK_test_pf (PF_INET6))
break;
/* FIXME: allow user to disable IPv6 per configuration option... */
got_ip = GNUNET_YES;
@@ -3213,7 +3243,8 @@ do_s5r_read (void *cls)
s5r->domain = GNUNET_strndup (dom_name,
*dom_len);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Requested connection is to %s:%d\n",
+ "Requested connection is to http%s://%s:%d\n",
+ (HTTPS_PORT == s5r->port) ? "s" : "",
s5r->domain,
ntohs (*port));
s5r->state = SOCKS5_RESOLVING;
@@ -3653,6 +3684,10 @@ main (int argc,
NULL,
gettext_noop ("pem file to use as CA"),
&cafile_opt),
+ GNUNET_GETOPT_option_flag ('6',
+ "disable-ivp6",
+ gettext_noop ("disable use of IPv6"),
+ &disable_v6),
GNUNET_GETOPT_OPTION_END
};
diff --git a/src/gns/gnunet-service-gns_resolver.c
b/src/gns/gnunet-service-gns_resolver.c
index c915c616a..809bde8f9 100644
--- a/src/gns/gnunet-service-gns_resolver.c
+++ b/src/gns/gnunet-service-gns_resolver.c
@@ -368,6 +368,12 @@ struct GNS_ResolverHandle
char *name;
/**
+ * Legacy Hostname to use if we encountered GNS2DNS record
+ * and thus can deduct the LEHO from that transition.
+ */
+ char *leho;
+
+ /**
* DLL of results we got from DNS.
*/
struct DnsResult *dns_result_head;
@@ -960,6 +966,12 @@ dns_result_parser (void *cls,
af = AF_UNSPEC;
break;
}
+ if (NULL != rh->leho)
+ add_dns_result (rh,
+ GNUNET_TIME_UNIT_HOURS.rel_value_us,
+ GNUNET_GNSRECORD_TYPE_LEHO,
+ strlen (rh->leho),
+ rh->leho);
rh->std_resolve = GNUNET_RESOLVER_ip_get (rh->name,
af,
DNS_LOOKUP_TIMEOUT,
@@ -974,8 +986,8 @@ dns_result_parser (void *cls,
/* convert from (parsed) DNS to (binary) GNS format! */
rd_count = p->num_answers + p->num_authority_records +
p->num_additional_records;
{
- struct GNUNET_GNSRECORD_Data rd[rd_count];
- unsigned int skip;
+ struct GNUNET_GNSRECORD_Data rd[rd_count + 1]; /* +1 for LEHO */
+ int skip;
char buf[UINT16_MAX];
size_t buf_off;
size_t buf_start;
@@ -1099,11 +1111,23 @@ dns_result_parser (void *cls,
skip++;
continue;
}
+ } /* end of for all records in answer */
+ if (NULL != rh->leho)
+ {
+ rd[rd_count - skip].record_type = GNUNET_GNSRECORD_TYPE_LEHO;
+ rd[rd_count - skip].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
+ rd[rd_count - skip].expiration_time =
GNUNET_TIME_UNIT_HOURS.rel_value_us;
+ rd[rd_count - skip].data = rh->leho;
+ rd[rd_count - skip].data_size = strlen (rh->leho);
+ skip--; /* skip one LESS */
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Adding LEHO %s\n",
+ rh->leho);
}
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Returning DNS response for `%s' with %u answers\n",
rh->ac_tail->label,
- (unsigned int) p->num_answers);
+ (unsigned int) (rd_count - skip));
rh->proc (rh->proc_cls,
rd_count - skip,
rd);
@@ -1172,6 +1196,7 @@ recursive_dns_resolution (struct GNS_ResolverHandle *rh)
rh->original_dns_id = p->id;
GNUNET_assert (NULL != ac->authority_info.dns_authority.dns_handle);
GNUNET_assert (NULL == rh->dns_request);
+ rh->leho = GNUNET_strdup (ac->label);
rh->dns_request = GNUNET_DNSSTUB_resolve
(ac->authority_info.dns_authority.dns_handle,
dns_request,
dns_request_length,
@@ -2830,6 +2855,7 @@ GNS_resolver_lookup_cancel (struct GNS_ResolverHandle *rh)
dr);
GNUNET_free (dr);
}
+ GNUNET_free_non_null (rh->leho);
GNUNET_free (rh->name);
GNUNET_free (rh);
}
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnunet] branch master updated (edc238be6 -> 3ec6a0f2b),
gnunet <=