mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-04 00:25:29 +00:00
Code Issues Releases Wiki Activity

Remove TLS DNS transport (and parts common with TCP DNS)

Browse Source 
This commit removes TLS DNS transport superseded by Stream DNS.
This commit is contained in:
Artem Boldariev
2022-11-22 21:03:02 +02:00
parent e5649710d3
commit 4277eeeb9c
5 changed files with 4 additions and 2502 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/isc/Makefile.am
View File

@@ -118,7 +118,6 @@ libisc_la_SOURCES = \
netmgr/streamdns.c \ netmgr/streamdns.c \
netmgr/tcp.c \ netmgr/tcp.c \
netmgr/timer.c \ netmgr/timer.c \
netmgr/tlsdns.c \
netmgr/tlsstream.c \ netmgr/tlsstream.c \
netmgr/udp.c \ netmgr/udp.c \
aes.c \ aes.c \

6
lib/isc/include/isc/types.h
View File

@@ -107,15 +107,13 @@ typedef enum isc_nmsocket_type {
isc_nm_udpsocket = 1 << 1, isc_nm_udpsocket = 1 << 1,
isc_nm_tcpsocket = 1 << 2, isc_nm_tcpsocket = 1 << 2,
isc_nm_tlssocket = 1 << 3, isc_nm_tlssocket = 1 << 3,
isc_nm_tlsdnssocket = 1 << 4, isc_nm_httpsocket = 1 << 4,
isc_nm_httpsocket = 1 << 5, isc_nm_streamdnssocket = 1 << 5,
isc_nm_streamdnssocket = 1 << 6,
isc_nm_maxsocket, isc_nm_maxsocket,
isc_nm_udplistener, /* Aggregate of nm_udpsocks */ isc_nm_udplistener, /* Aggregate of nm_udpsocks */
isc_nm_tcplistener, isc_nm_tcplistener,
isc_nm_tlslistener, isc_nm_tlslistener,
isc_nm_tlsdnslistener,
isc_nm_httplistener, isc_nm_httplistener,
isc_nm_streamdnslistener isc_nm_streamdnslistener
} isc_nmsocket_type; } isc_nmsocket_type;

59
lib/isc/netmgr/netmgr-int.h
View File

@@ -262,15 +262,6 @@ typedef enum isc__netievent_type {
netievent_tlsconnect, netievent_tlsconnect,
netievent_tlsdobio, netievent_tlsdobio,
netievent_tlsdnsaccept,
netievent_tlsdnsconnect,
netievent_tlsdnsclose,
netievent_tlsdnssend,
netievent_tlsdnsread,
netievent_tlsdnscancel,
netievent_tlsdnscycle,
netievent_tlsdnsshutdown,
netievent_httpclose, netievent_httpclose,
netievent_httpsend, netievent_httpsend,
netievent_httpendpoints, netievent_httpendpoints,
@@ -292,8 +283,6 @@ typedef enum isc__netievent_type {
netievent_tcplisten, netievent_tcplisten,
netievent_tcpstop, netievent_tcpstop,
netievent_tlsdnslisten,
netievent_tlsdnsstop,
netievent_detach, netievent_detach,
} isc__netievent_type; } isc__netievent_type;
@@ -866,33 +855,6 @@ struct isc_nmsocket {
/*% Self socket */ /*% Self socket */
isc_nmsocket_t *self; isc_nmsocket_t *self;
/*% TLS stuff */
struct tls {
isc_tls_t *tls;
isc_tlsctx_t *ctx;
isc_tlsctx_client_session_cache_t *client_sess_cache;
bool client_session_saved;
BIO *app_rbio;
BIO *app_wbio;
BIO *ssl_rbio;
BIO *ssl_wbio;
enum {
TLS_STATE_NONE,
TLS_STATE_HANDSHAKE,
TLS_STATE_IO,
TLS_STATE_ERROR,
TLS_STATE_CLOSING
} state;
isc_region_t senddata;
ISC_LIST(isc__nm_uvreq_t) sendreqs;
bool cycle;
isc_result_t pending_error;
/* List of active send requests. */
isc__nm_uvreq_t *pending_req;
bool alpn_negotiated;
const char *tls_verify_errmsg;
} tls;
/*% TLS stuff */ /*% TLS stuff */
struct tlsstream { struct tlsstream {
bool server; bool server;
@@ -1046,11 +1008,6 @@ struct isc_nmsocket {
*/ */
atomic_int_fast32_t ah; atomic_int_fast32_t ah;
/*% Buffer for TCPDNS processing */
size_t buf_size;
size_t buf_len;
unsigned char *buf;
/*% /*%
* This function will be called with handle->sock * This function will be called with handle->sock
* as the argument whenever a handle's references drop * as the argument whenever a handle's references drop
@@ -1470,9 +1427,6 @@ isc__nm_tlsdns_xfr_allowed(isc_nmsocket_t *sock);
* \li 'sock' is a valid TLSDNS socket. * \li 'sock' is a valid TLSDNS socket.
*/ */
void
isc__nm_tlsdns_cleanup_data(isc_nmsocket_t *sock);
void void
isc__nm_tls_send(isc_nmhandle_t *handle, const isc_region_t *region, isc__nm_tls_send(isc_nmhandle_t *handle, const isc_region_t *region,
isc_nm_cb_t cb, void *cbarg); isc_nm_cb_t cb, void *cbarg);
@@ -1944,12 +1898,6 @@ void
isc__nm_tcp_failed_read_cb(isc_nmsocket_t *sock, isc_result_t result, isc__nm_tcp_failed_read_cb(isc_nmsocket_t *sock, isc_result_t result,
bool async); bool async);
isc__nm_tlsdns_failed_read_cb(isc_nmsocket_t *sock, isc_result_t result,
bool async);
isc_result_t
isc__nm_tlsdns_processbuffer(isc_nmsocket_t *sock);
isc__nm_uvreq_t * isc__nm_uvreq_t *
isc__nm_get_read_req(isc_nmsocket_t *sock, isc_sockaddr_t *sockaddr); isc__nm_get_read_req(isc_nmsocket_t *sock, isc_sockaddr_t *sockaddr);
@@ -1968,18 +1916,11 @@ isc_result_t
isc__nm_start_reading(isc_nmsocket_t *sock); isc__nm_start_reading(isc_nmsocket_t *sock);
void void
isc__nm_stop_reading(isc_nmsocket_t *sock); isc__nm_stop_reading(isc_nmsocket_t *sock);
isc_result_t
isc__nm_process_sock_buffer(isc_nmsocket_t *sock);
void
isc__nm_resume_processing(void *arg);
bool bool
isc__nmsocket_closing(isc_nmsocket_t *sock); isc__nmsocket_closing(isc_nmsocket_t *sock);
bool bool
isc__nm_closing(isc__networker_t *worker); isc__nm_closing(isc__networker_t *worker);
void
isc__nm_alloc_dnsbuf(isc_nmsocket_t *sock, size_t len);
void void
isc__nm_failed_send_cb(isc_nmsocket_t *sock, isc__nm_uvreq_t *req, isc__nm_failed_send_cb(isc_nmsocket_t *sock, isc__nm_uvreq_t *req,
isc_result_t eresult, bool async); isc_result_t eresult, bool async);

193
lib/isc/netmgr/netmgr.c
View File

@@ -345,7 +345,6 @@ isc_nmhandle_setwritetimeout(isc_nmhandle_t *handle, uint64_t write_timeout) {
switch (handle->sock->type) { switch (handle->sock->type) {
case isc_nm_tcpsocket: case isc_nm_tcpsocket:
case isc_nm_udpsocket: case isc_nm_udpsocket:
case isc_nm_tlsdnssocket:
handle->sock->write_timeout = write_timeout; handle->sock->write_timeout = write_timeout;
break; break;
case isc_nm_tlssocket: case isc_nm_tlssocket:
@@ -451,17 +450,6 @@ process_netievent(void *arg) {
NETIEVENT_CASE(tcplisten); NETIEVENT_CASE(tcplisten);
NETIEVENT_CASE(tcpstop); NETIEVENT_CASE(tcpstop);
NETIEVENT_CASE(tlsdnscycle);
NETIEVENT_CASE(tlsdnsaccept);
NETIEVENT_CASE(tlsdnslisten);
NETIEVENT_CASE(tlsdnsconnect);
NETIEVENT_CASE(tlsdnssend);
NETIEVENT_CASE(tlsdnscancel);
NETIEVENT_CASE(tlsdnsclose);
NETIEVENT_CASE(tlsdnsread);
NETIEVENT_CASE(tlsdnsstop);
NETIEVENT_CASE(tlsdnsshutdown);
NETIEVENT_CASE(tlssend); NETIEVENT_CASE(tlssend);
NETIEVENT_CASE(tlsclose); NETIEVENT_CASE(tlsclose);
NETIEVENT_CASE(tlsdobio); NETIEVENT_CASE(tlsdobio);
@@ -516,17 +504,6 @@ NETIEVENT_SOCKET_DEF(udplisten);
NETIEVENT_SOCKET_DEF(udpstop); NETIEVENT_SOCKET_DEF(udpstop);
NETIEVENT_SOCKET_HANDLE_DEF(udpcancel); NETIEVENT_SOCKET_HANDLE_DEF(udpcancel);
NETIEVENT_SOCKET_DEF(tlsdnsclose);
NETIEVENT_SOCKET_DEF(tlsdnsread);
NETIEVENT_SOCKET_DEF(tlsdnsstop);
NETIEVENT_SOCKET_DEF(tlsdnslisten);
NETIEVENT_SOCKET_REQ_DEF(tlsdnsconnect);
NETIEVENT_SOCKET_REQ_DEF(tlsdnssend);
NETIEVENT_SOCKET_HANDLE_DEF(tlsdnscancel);
NETIEVENT_SOCKET_QUOTA_DEF(tlsdnsaccept);
NETIEVENT_SOCKET_DEF(tlsdnscycle);
NETIEVENT_SOCKET_DEF(tlsdnsshutdown);
#ifdef HAVE_LIBNGHTTP2 #ifdef HAVE_LIBNGHTTP2
NETIEVENT_SOCKET_REQ_DEF(httpsend); NETIEVENT_SOCKET_REQ_DEF(httpsend);
NETIEVENT_SOCKET_DEF(httpclose); NETIEVENT_SOCKET_DEF(httpclose);
@@ -683,10 +660,6 @@ nmsocket_cleanup(isc_nmsocket_t *sock, bool dofree FLARG) {
nmhandle_free(sock, handle); nmhandle_free(sock, handle);
} }
if (sock->buf != NULL) {
isc_mem_put(sock->worker->mctx, sock->buf, sock->buf_size);
}
if (sock->quota != NULL) { if (sock->quota != NULL) {
isc_quota_detach(&sock->quota); isc_quota_detach(&sock->quota);
} }
@@ -701,7 +674,6 @@ nmsocket_cleanup(isc_nmsocket_t *sock, bool dofree FLARG) {
isc_astack_destroy(sock->inactivereqs); isc_astack_destroy(sock->inactivereqs);
isc__nm_tlsdns_cleanup_data(sock);
isc__nm_tls_cleanup_data(sock); isc__nm_tls_cleanup_data(sock);
#if HAVE_LIBNGHTTP2 #if HAVE_LIBNGHTTP2
isc__nm_http_cleanup_data(sock); isc__nm_http_cleanup_data(sock);
@@ -830,9 +802,6 @@ isc___nmsocket_prep_destroy(isc_nmsocket_t *sock FLARG) {
case isc_nm_tcpsocket: case isc_nm_tcpsocket:
isc__nm_tcp_close(sock); isc__nm_tcp_close(sock);
return; return;
case isc_nm_tlsdnssocket:
isc__nm_tlsdns_close(sock);
return;
case isc_nm_streamdnssocket: case isc_nm_streamdnssocket:
isc__nm_streamdns_close(sock); isc__nm_streamdns_close(sock);
return; return;
@@ -886,7 +855,6 @@ isc_nmsocket_close(isc_nmsocket_t **sockp) {
REQUIRE(VALID_NMSOCK(*sockp)); REQUIRE(VALID_NMSOCK(*sockp));
REQUIRE((*sockp)->type == isc_nm_udplistener || REQUIRE((*sockp)->type == isc_nm_udplistener ||
(*sockp)->type == isc_nm_tcplistener || (*sockp)->type == isc_nm_tcplistener ||
(*sockp)->type == isc_nm_tlsdnslistener ||
(*sockp)->type == isc_nm_streamdnslistener || (*sockp)->type == isc_nm_streamdnslistener ||
(*sockp)->type == isc_nm_tlslistener || (*sockp)->type == isc_nm_tlslistener ||
(*sockp)->type == isc_nm_httplistener); (*sockp)->type == isc_nm_httplistener);
@@ -913,7 +881,6 @@ isc___nmsocket_init(isc_nmsocket_t *sock, isc__networker_t *worker,
.result = ISC_R_UNSET, .result = ISC_R_UNSET,
}; };
ISC_LIST_INIT(sock->tls.sendreqs);
isc_mutex_init(&sock->lock); isc_mutex_init(&sock->lock);
if (iface != NULL) { if (iface != NULL) {
@@ -960,8 +927,6 @@ isc___nmsocket_init(isc_nmsocket_t *sock, isc__networker_t *worker,
break; break;
case isc_nm_tcpsocket: case isc_nm_tcpsocket:
case isc_nm_tcplistener: case isc_nm_tcplistener:
case isc_nm_tlsdnssocket:
case isc_nm_tlsdnslistener:
case isc_nm_httpsocket: case isc_nm_httpsocket:
case isc_nm_httplistener: case isc_nm_httplistener:
switch (family) { switch (family) {
@@ -1094,7 +1059,6 @@ isc___nmhandle_get(isc_nmsocket_t *sock, isc_sockaddr_t *peer,
switch (sock->type) { switch (sock->type) {
case isc_nm_udpsocket: case isc_nm_udpsocket:
case isc_nm_tlsdnssocket:
if (!atomic_load(&sock->client)) { if (!atomic_load(&sock->client)) {
break; break;
} }
@@ -1144,7 +1108,6 @@ isc_nmhandle_is_stream(isc_nmhandle_t *handle) {
return (handle->sock->type == isc_nm_tcpsocket || return (handle->sock->type == isc_nm_tcpsocket ||
handle->sock->type == isc_nm_tlssocket || handle->sock->type == isc_nm_tlssocket ||
handle->sock->type == isc_nm_tlsdnssocket ||
handle->sock->type == isc_nm_httpsocket || handle->sock->type == isc_nm_httpsocket ||
handle->sock->type == isc_nm_streamdnssocket); handle->sock->type == isc_nm_streamdnssocket);
} }
@@ -1291,23 +1254,6 @@ isc_nmhandle_setdata(isc_nmhandle_t *handle, void *arg,
handle->dofree = dofree; handle->dofree = dofree;
} }
void
isc__nm_alloc_dnsbuf(isc_nmsocket_t *sock, size_t len) {
REQUIRE(len <= NM_BIG_BUF);
if (sock->buf == NULL) {
/* We don't have the buffer at all */
size_t alloc_len = len < NM_REG_BUF ? NM_REG_BUF : NM_BIG_BUF;
sock->buf = isc_mem_get(sock->worker->mctx, alloc_len);
sock->buf_size = alloc_len;
} else {
/* We have the buffer but it's too small */
sock->buf = isc_mem_reget(sock->worker->mctx, sock->buf,
sock->buf_size, NM_BIG_BUF);
sock->buf_size = NM_BIG_BUF;
}
}
void void
isc__nm_failed_send_cb(isc_nmsocket_t *sock, isc__nm_uvreq_t *req, isc__nm_failed_send_cb(isc_nmsocket_t *sock, isc__nm_uvreq_t *req,
isc_result_t eresult, bool async) { isc_result_t eresult, bool async) {
@@ -1375,6 +1321,7 @@ isc__nm_failed_connect_cb(isc_nmsocket_t *sock, isc__nm_uvreq_t *req,
void void
isc__nm_failed_read_cb(isc_nmsocket_t *sock, isc_result_t result, bool async) { isc__nm_failed_read_cb(isc_nmsocket_t *sock, isc_result_t result, bool async) {
REQUIRE(VALID_NMSOCK(sock)); REQUIRE(VALID_NMSOCK(sock));
UNUSED(async);
switch (sock->type) { switch (sock->type) {
case isc_nm_udpsocket: case isc_nm_udpsocket:
isc__nm_udp_failed_read_cb(sock, result, async); isc__nm_udp_failed_read_cb(sock, result, async);
@@ -1382,9 +1329,6 @@ isc__nm_failed_read_cb(isc_nmsocket_t *sock, isc_result_t result, bool async) {
case isc_nm_tcpsocket: case isc_nm_tcpsocket:
isc__nm_tcp_failed_read_cb(sock, result, async); isc__nm_tcp_failed_read_cb(sock, result, async);
return; return;
case isc_nm_tlsdnssocket:
isc__nm_tlsdns_failed_read_cb(sock, result, async);
return;
case isc_nm_tlssocket: case isc_nm_tlssocket:
isc__nm_tls_failed_read_cb(sock, result, async); isc__nm_tls_failed_read_cb(sock, result, async);
return; return;
@@ -1410,11 +1354,6 @@ isc__nmsocket_connecttimeout_cb(uv_timer_t *timer) {
isc__nmsocket_timer_stop(sock); isc__nmsocket_timer_stop(sock);
if (sock->tls.pending_req != NULL) {
REQUIRE(req == sock->tls.pending_req);
sock->tls.pending_req = NULL;
}
/* /*
* Mark the connection as timed out and shutdown the socket. * Mark the connection as timed out and shutdown the socket.
*/ */
@@ -1643,7 +1582,6 @@ isc__nm_alloc_cb(uv_handle_t *handle, size_t size, uv_buf_t *buf) {
buf->len = ISC_NETMGR_UDP_RECVBUF_SIZE; buf->len = ISC_NETMGR_UDP_RECVBUF_SIZE;
break; break;
case isc_nm_tcpsocket: case isc_nm_tcpsocket:
case isc_nm_tlsdnssocket:
buf->len = ISC_NETMGR_TCP_RECVBUF_SIZE; buf->len = ISC_NETMGR_TCP_RECVBUF_SIZE;
break; break;
default: default:
@@ -1674,10 +1612,6 @@ isc__nm_start_reading(isc_nmsocket_t *sock) {
r = uv_read_start(&sock->uv_handle.stream, isc__nm_alloc_cb, r = uv_read_start(&sock->uv_handle.stream, isc__nm_alloc_cb,
isc__nm_tcp_read_cb); isc__nm_tcp_read_cb);
break; break;
case isc_nm_tlsdnssocket:
r = uv_read_start(&sock->uv_handle.stream, isc__nm_alloc_cb,
isc__nm_tlsdns_read_cb);
break;
default: default:
UNREACHABLE(); UNREACHABLE();
} }
@@ -1704,7 +1638,6 @@ isc__nm_stop_reading(isc_nmsocket_t *sock) {
UV_RUNTIME_CHECK(uv_udp_recv_stop, r); UV_RUNTIME_CHECK(uv_udp_recv_stop, r);
break; break;
case isc_nm_tcpsocket: case isc_nm_tcpsocket:
case isc_nm_tlsdnssocket:
r = uv_read_stop(&sock->uv_handle.stream); r = uv_read_stop(&sock->uv_handle.stream);
UV_RUNTIME_CHECK(uv_read_stop, r); UV_RUNTIME_CHECK(uv_read_stop, r);
break; break;
@@ -1726,90 +1659,6 @@ isc__nmsocket_closing(isc_nmsocket_t *sock) {
(sock->server != NULL && !isc__nmsocket_active(sock->server))); (sock->server != NULL && !isc__nmsocket_active(sock->server)));
} }
static isc_result_t
processbuffer(isc_nmsocket_t *sock) {
switch (sock->type) {
case isc_nm_tlsdnssocket:
return (isc__nm_tlsdns_processbuffer(sock));
default:
UNREACHABLE();
}
}
/*
* Process a DNS message.
*
* If we only have an incomplete DNS message, we don't touch any
* timers. If we do have a full message, reset the timer.
*
* Stop reading if this is a client socket. In this case we'll be
* called again later by isc__nm_resume_processing().
*/
isc_result_t
isc__nm_process_sock_buffer(isc_nmsocket_t *sock) {
for (;;) {
int_fast32_t ah = atomic_load(&sock->ah);
isc_result_t result = processbuffer(sock);
switch (result) {
case ISC_R_NOMORE:
/*
* Don't reset the timer until we have a
* full DNS message.
*/
result = isc__nm_start_reading(sock);
if (result != ISC_R_SUCCESS) {
return (result);
}
/*
* Start the timer only if there are no externally used
* active handles, there's always one active handle
* attached internally to sock->recv_handle in
* accept_connection()
*/
if (ah == 1) {
isc__nmsocket_timer_start(sock);
}
goto done;
case ISC_R_CANCELED:
isc__nmsocket_timer_stop(sock);
isc__nm_stop_reading(sock);
goto done;
case ISC_R_SUCCESS:
/*
* Stop the timer on the successful message read, this
* also allows to restart the timer when we have no more
* data.
*/
isc__nmsocket_timer_stop(sock);
if (atomic_load(&sock->client)) {
isc__nm_stop_reading(sock);
goto done;
}
break;
default:
UNREACHABLE();
}
}
done:
return (ISC_R_SUCCESS);
}
void
isc__nm_resume_processing(void *arg) {
isc_nmsocket_t *sock = (isc_nmsocket_t *)arg;
REQUIRE(VALID_NMSOCK(sock));
REQUIRE(sock->tid == isc_tid());
REQUIRE(!atomic_load(&sock->client));
if (isc__nmsocket_closing(sock)) {
return;
}
isc__nm_process_sock_buffer(sock);
}
void void
isc_nmhandle_cleartimeout(isc_nmhandle_t *handle) { isc_nmhandle_cleartimeout(isc_nmhandle_t *handle) {
REQUIRE(VALID_NMHANDLE(handle)); REQUIRE(VALID_NMHANDLE(handle));
@@ -1872,7 +1721,6 @@ isc_nmhandle_keepalive(isc_nmhandle_t *handle, bool value) {
switch (sock->type) { switch (sock->type) {
case isc_nm_tcpsocket: case isc_nm_tcpsocket:
case isc_nm_tlsdnssocket:
atomic_store(&sock->keepalive, value); atomic_store(&sock->keepalive, value);
sock->read_timeout = value ? atomic_load(&netmgr->keepalive) sock->read_timeout = value ? atomic_load(&netmgr->keepalive)
: atomic_load(&netmgr->idle); : atomic_load(&netmgr->idle);
@@ -2009,9 +1857,6 @@ isc_nm_send(isc_nmhandle_t *handle, isc_region_t *region, isc_nm_cb_t cb,
case isc_nm_tcpsocket: case isc_nm_tcpsocket:
isc__nm_tcp_send(handle, region, cb, cbarg); isc__nm_tcp_send(handle, region, cb, cbarg);
break; break;
case isc_nm_tlsdnssocket:
isc__nm_tlsdns_send(handle, region, cb, cbarg);
break;
case isc_nm_streamdnssocket: case isc_nm_streamdnssocket:
isc__nm_streamdns_send(handle, region, cb, cbarg); isc__nm_streamdns_send(handle, region, cb, cbarg);
break; break;
@@ -2039,9 +1884,6 @@ isc_nm_read(isc_nmhandle_t *handle, isc_nm_recv_cb_t cb, void *cbarg) {
case isc_nm_tcpsocket: case isc_nm_tcpsocket:
isc__nm_tcp_read(handle, cb, cbarg); isc__nm_tcp_read(handle, cb, cbarg);
break; break;
case isc_nm_tlsdnssocket:
isc__nm_tlsdns_read(handle, cb, cbarg);
break;
case isc_nm_streamdnssocket: case isc_nm_streamdnssocket:
isc__nm_streamdns_read(handle, cb, cbarg); isc__nm_streamdns_read(handle, cb, cbarg);
break; break;
@@ -2066,9 +1908,6 @@ isc_nm_cancelread(isc_nmhandle_t *handle) {
case isc_nm_udpsocket: case isc_nm_udpsocket:
isc__nm_udp_cancelread(handle); isc__nm_udp_cancelread(handle);
break; break;
case isc_nm_tlsdnssocket:
isc__nm_tlsdns_cancelread(handle);
break;
case isc_nm_streamdnssocket: case isc_nm_streamdnssocket:
isc__nm_streamdns_cancelread(handle); isc__nm_streamdns_cancelread(handle);
break; break;
@@ -2106,9 +1945,6 @@ isc_nm_stoplistening(isc_nmsocket_t *sock) {
case isc_nm_tcplistener: case isc_nm_tcplistener:
isc__nm_tcp_stoplistening(sock); isc__nm_tcp_stoplistening(sock);
break; break;
case isc_nm_tlsdnslistener:
isc__nm_tlsdns_stoplistening(sock);
break;
case isc_nm_streamdnslistener: case isc_nm_streamdnslistener:
isc__nm_streamdns_stoplistening(sock); isc__nm_streamdns_stoplistening(sock);
break; break;
@@ -2339,10 +2175,8 @@ isc__nmsocket_reset(isc_nmsocket_t *sock) {
switch (sock->type) { switch (sock->type) {
case isc_nm_tcpsocket: case isc_nm_tcpsocket:
case isc_nm_tlsdnssocket:
/* /*
* This can be called from the TCP write timeout, or * This can be called from the TCP write timeout.
* from the TCPDNS or TLSDNS branches of isc_nm_bad_request().
*/ */
REQUIRE(sock->parent == NULL); REQUIRE(sock->parent == NULL);
break; break;
@@ -2383,12 +2217,8 @@ isc__nmsocket_shutdown(isc_nmsocket_t *sock) {
case isc_nm_tcpsocket: case isc_nm_tcpsocket:
isc__nm_tcp_shutdown(sock); isc__nm_tcp_shutdown(sock);
break; break;
case isc_nm_tlsdnssocket:
isc__nm_tlsdns_shutdown(sock);
break;
case isc_nm_udplistener: case isc_nm_udplistener:
case isc_nm_tcplistener: case isc_nm_tcplistener:
case isc_nm_tlsdnslistener:
return; return;
default: default:
UNREACHABLE(); UNREACHABLE();
@@ -2413,7 +2243,6 @@ shutdown_walk_cb(uv_handle_t *handle, void *arg) {
case UV_TCP: case UV_TCP:
switch (sock->type) { switch (sock->type) {
case isc_nm_tcpsocket: case isc_nm_tcpsocket:
case isc_nm_tlsdnssocket:
if (sock->parent == NULL) { if (sock->parent == NULL) {
/* Reset the TCP connections on shutdown */ /* Reset the TCP connections on shutdown */
isc__nmsocket_reset(sock); isc__nmsocket_reset(sock);
@@ -2563,7 +2392,6 @@ isc_nm_bad_request(isc_nmhandle_t *handle) {
switch (sock->type) { switch (sock->type) {
case isc_nm_udpsocket: case isc_nm_udpsocket:
return; return;
case isc_nm_tlsdnssocket:
case isc_nm_tcpsocket: case isc_nm_tcpsocket:
case isc_nm_streamdnssocket: case isc_nm_streamdnssocket:
case isc_nm_tlssocket: case isc_nm_tlssocket:
@@ -2591,8 +2419,6 @@ isc_nm_xfr_allowed(isc_nmhandle_t *handle) {
sock = handle->sock; sock = handle->sock;
switch (sock->type) { switch (sock->type) {
case isc_nm_tlsdnssocket:
return (isc__nm_tlsdns_xfr_allowed(sock));
case isc_nm_streamdnssocket: case isc_nm_streamdnssocket:
return (isc__nm_streamdns_xfr_allowed(sock)); return (isc__nm_streamdns_xfr_allowed(sock));
default: default:
@@ -2632,7 +2458,6 @@ isc_nm_set_maxage(isc_nmhandle_t *handle, const uint32_t ttl) {
break; break;
#endif /* HAVE_LIBNGHTTP2 */ #endif /* HAVE_LIBNGHTTP2 */
case isc_nm_udpsocket: case isc_nm_udpsocket:
case isc_nm_tlsdnssocket:
case isc_nm_streamdnssocket: case isc_nm_streamdnssocket:
return; return;
break; break;
@@ -2658,7 +2483,6 @@ isc_nm_has_encryption(const isc_nmhandle_t *handle) {
REQUIRE(VALID_NMSOCK(handle->sock)); REQUIRE(VALID_NMSOCK(handle->sock));
switch (handle->sock->type) { switch (handle->sock->type) {
case isc_nm_tlsdnssocket:
case isc_nm_tlssocket: case isc_nm_tlssocket:
return (true); return (true);
#if HAVE_LIBNGHTTP2 #if HAVE_LIBNGHTTP2
@@ -2683,9 +2507,6 @@ isc_nm_verify_tls_peer_result_string(const isc_nmhandle_t *handle) {
sock = handle->sock; sock = handle->sock;
switch (sock->type) { switch (sock->type) {
case isc_nm_tlsdnssocket:
return (isc__nm_tlsdns_verify_tls_peer_result_string(handle));
break;
case isc_nm_tlssocket: case isc_nm_tlssocket:
return (isc__nm_tls_verify_tls_peer_result_string(handle)); return (isc__nm_tls_verify_tls_peer_result_string(handle));
break; break;
@@ -2715,9 +2536,6 @@ isc__nm_async_settlsctx(isc__networker_t *worker, isc__netievent_t *ev0) {
UNUSED(worker); UNUSED(worker);
switch (listener->type) { switch (listener->type) {
case isc_nm_tlsdnslistener:
isc__nm_async_tlsdns_set_tlsctx(listener, tlsctx, tid);
break;
case isc_nm_tlslistener: case isc_nm_tlslistener:
isc__nm_async_tls_set_tlsctx(listener, tlsctx, tid); isc__nm_async_tls_set_tlsctx(listener, tlsctx, tid);
break; break;
@@ -2762,9 +2580,6 @@ isc_nmsocket_set_tlsctx(isc_nmsocket_t *listener, isc_tlsctx_t *tlsctx) {
case isc_nm_tlslistener: case isc_nm_tlslistener:
set_tlsctx_workers(listener, tlsctx); set_tlsctx_workers(listener, tlsctx);
break; break;
case isc_nm_tlsdnslistener:
set_tlsctx_workers(listener, tlsctx);
break;
case isc_nm_streamdnslistener: case isc_nm_streamdnslistener:
isc__nm_streamdns_set_tlsctx(listener, tlsctx); isc__nm_streamdns_set_tlsctx(listener, tlsctx);
break; break;
@@ -2971,10 +2786,6 @@ nmsocket_type_totext(isc_nmsocket_type type) {
return ("isc_nm_tlssocket"); return ("isc_nm_tlssocket");
case isc_nm_tlslistener: case isc_nm_tlslistener:
return ("isc_nm_tlslistener"); return ("isc_nm_tlslistener");
case isc_nm_tlsdnslistener:
return ("isc_nm_tlsdnslistener");
case isc_nm_tlsdnssocket:
return ("isc_nm_tlsdnssocket");
case isc_nm_httplistener: case isc_nm_httplistener:
return ("isc_nm_httplistener"); return ("isc_nm_httplistener");
case isc_nm_httpsocket: case isc_nm_httpsocket:

2247
lib/isc/netmgr/tlsdns.c
View File

File diff suppressed because it is too large Load Diff