core: refactored DNS primitives and removed DNSSEC support from core

The library functions can now be easily overwritten by modules(dnssec) to allow enhanced resolving capabilities

Makefile.defs

@@ -1759,10 +1759,6 @@ ifeq ($(OS), linux)
 			LIBS+=-lpthread
 		endif
 	endif
-	ifneq (,$(findstring -DUSE_DNSSEC, $(C_DEFS)))
-		LIBS+=-lval-threads -lcrypto -lsres -lpthread
-$(info "using libval for DNSSEC validation")
-	endif
         # check for >= 2.5.44
 
 	ifeq ($(shell [ $(OSREL_N) -ge 2005044 ] && echo has_epoll), has_epoll)

dns_func.c

@@ -0,0 +1,51 @@
+
+/* 
+ * $Id$
+ * 
+ * Copyright (C) 2013  [email protected]
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+/*
+ * DNS wrappers
+ */
+/*
+ * History:
+ * --------
+ *  2013-03 initial version (marius)
+*/
+
+#include "dns_func.h"
+
+
+#include <resolv.h>
+#include <sys/types.h>
+#include <netdb.h>
+
+struct hostent;
+
+struct dns_func_t dns_func = {
+	res_init,
+	res_search,
+	gethostbyname,
+	gethostbyname2
+};
+
+ 
+void load_dnsfunc(struct dns_func_t *d) {
+	dns_func.sr_res_init = d->sr_res_init;
+	dns_func.sr_res_search = d->sr_res_search;
+	dns_func.sr_gethostbyname = d->sr_gethostbyname;
+	dns_func.sr_gethostbyname2 = d->sr_gethostbyname2;
+} 
+

dns_func.h

@@ -0,0 +1,55 @@
+/* 
+ * $Id$
+ * 
+ * Copyright (C) 2013 [email protected]
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+/*
+ * DNS Wrapper functions 
+ */
+/*
+ * History:
+ * --------
+ *  2013-03  initial version (marius)
+*/
+
+#ifndef DNS_FUNC_H
+#define DNS_FUNC_H
+
+#include <sys/socket.h>
+
+struct hostent;
+
+typedef int (*res_init_t)(void);
+typedef int (*res_search_t)(const char*, int, int, unsigned char*, int);
+typedef struct hostent* (*gethostbyname_t)(const char*);
+typedef struct hostent* (*gethostbyname2_t)(const char*, int);
+
+struct dns_func_t {
+	res_init_t sr_res_init;
+	res_search_t sr_res_search;
+	gethostbyname_t sr_gethostbyname;
+	gethostbyname2_t sr_gethostbyname2;
+};
+
+/* 
+ * initiate structure with system values
+ */
+//extern struct dns_func_t dns_func;
+
+extern 
+void load_dnsfunc(struct dns_func_t *d);
+
+
+#endif

resolve.c

@@ -153,7 +153,7 @@ error:
  */
 static int _resolv_init(void)
 {
-	res_init();
+	dns_func.sr_res_init();
 #ifdef HAVE_RESOLV_RES
 	if (cfg_get(core, core_cfg, dns_retr_time)>0)
 		_res.retrans=cfg_get(core, core_cfg, dns_retr_time);
@@ -714,10 +714,6 @@ struct rdata* get_record(char* name, int type, int flags)
 	struct rdata* fullname_rd;
 	char c;
 	
-#ifdef USE_DNSSEC
-	val_status_t val_status;
-#endif
-
 	name_len=strlen(name);
 
 	for (i = 0; i < name_len; i++) {
@@ -738,20 +734,7 @@ struct rdata* get_record(char* name, int type, int flags)
 	}
 	fullname_rd=0;
 
-#ifndef USE_DNSSEC
-	size=res_search(name, C_IN, type, buff.buff, sizeof(buff));
-#else
-	size=val_res_query((val_context_t *) NULL,
-                      (char *) name, 
-                      (int) C_IN,
-		      (int) type, 
-                      (unsigned char *) buff.buff, 
-		      (int) sizeof(buff),
-                      &val_status);	
-	if(!val_istrusted(val_status)){
-		LOG(L_INFO, "INFO: got not trusted record when resolving %s\n",name);
-	}
-#endif
+	size=dns_func.sr_res_search(name, C_IN, type, buff.buff, sizeof(buff));
 
 	if (unlikely(size<0)) {
 		DBG("get_record: lookup(%s, %d) failed\n", name, type);

resolve.h

@@ -48,6 +48,7 @@
 #include <arpa/nameser.h>
 #include <resolv.h>
 #include "counters.h"
+#include "dns_func.h"
 
 #ifdef __OS_darwin
 #include <arpa/nameser_compat.h>
@@ -58,9 +59,6 @@
 #include "dns_wrappers.h"
 #endif
 
-#ifdef USE_DNSSEC
-#include <validator/validator.h>
-#endif
 
 /* define RESOLVE_DBG for debugging info (very noisy) */
 #define RESOLVE_DBG
@@ -90,6 +88,7 @@ struct dns_counters_h {
 };
 
 extern struct dns_counters_h dns_cnts_h;
+extern struct dns_func_t dns_func;
 
 /* query union*/
 union dns_query{
@@ -404,9 +403,6 @@ static inline struct hostent* _resolvehost(char* name)
 #endif
 #endif
 #ifdef DNS_IP_HACK
-#ifdef USE_DNSSEC
-	val_status_t val_status;
-#endif
 	struct ip_addr* ip;
 	str s;
 
@@ -437,14 +433,7 @@ static inline struct hostent* _resolvehost(char* name)
 #endif
 #endif
 	/* ipv4 */
-#ifndef USE_DNSSEC
-	he=gethostbyname(name);
-#else
-	he=val_gethostbyname( (val_context_t *) 0, name, &val_status);
-	if(!val_istrusted(val_status)){
-		LOG(L_INFO, "INFO: got not trusted record when resolving %s\n",name);
-	}
-#endif
+	he=dns_func.sr_gethostbyname(name);
 
 #ifdef USE_IPV6
 	if(he==0 && cfg_get(core, core_cfg, dns_try_ipv6)){
@@ -453,14 +442,7 @@ skip_ipv4:
 #endif
 		/*try ipv6*/
 	#ifdef HAVE_GETHOSTBYNAME2
-		#ifndef USE_DNSSEC
-		he=gethostbyname2(name, AF_INET6);
-		#else
-		he=val_gethostbyname2((val_context_t*)0, name, AF_INET6, &val_status);
-		if(!val_istrusted(val_status)){
-			LOG(L_INFO, "INFO: got not trusted record when resolving %s\n",name);
-		}
-		#endif //!USE_DNSSEC
+		he=dns_func.sr_gethostbyname2(name, AF_INET6);
 	#elif defined HAVE_GETIPNODEBYNAME
 		/* on solaris 8 getipnodebyname has a memory leak,
 		 * after some time calls to it will fail with err=3