[Swan-dev] get rid of getnetbyname() /etc/networks?
Andrew Cagney
andrew.cagney at gmail.com
Tue May 4 01:15:47 UTC 2021
On Sun, 2 May 2021 at 15:55, Paul Wouters <paul at nohats.ca> wrote:
> On Sun, 2 May 2021, D. Hugh Redelmeier wrote:
>
> > Subject: [Swan-dev] get rid of getnetbyname() /etc/networks?
> >
> > Comments I added recently:
> >
> > + /*
> > + * try a name from /etc/networks
> > + *
> > + * Seems pretty obsolete:
> > + * - latest RFC, 1101, dated April 1989
> > + * - IPv4 only
> > + * - doesn't support classless networks
> > + * - Window has it
> > + */
> >
> > We are using this as a fallback when DNS doesn't resolve a name.
> > We are not even using it to find a network, only an IP address.
>
> kill it :)
>
> Related, there are still a few places that end up calling
> gethostbyname2() which is also obsolete and does not work for IPv6:
>
> lib/libswan/ttoaddress.c: struct hostent *h = gethostbyname2(p, af);
>
> programs/showhostkey/showhostkey.c: gethostname(qname, sizeof(qname));
>
> The case in ttoaddress.c is the main one. Since it is used by
> ttoaddress_dns() which is used in many places, we cannot replace it
> with an async libunbound call. And to do a sync unbound call, last I
> looked at this years ago, we would have to start another libunbound
> context which gets its own cachce. Also, it would mean people can no
> longer compile without libunbound. I guess the best fix would be to
> rewrite it to use getaddrinfo() or res_ functions?
>
>
Not as many as you might think. Must are in the command line utilities.
For pluto, we've now got a pretty good handle on keeping whack attached,
going through the event loop may be less pain than expected. Any way,
these are the calls:
$ find * -type f -name '*.c' -print | xargs grep -B2 -A2 'ttoaddress_dns('
connections.c- case KH_IPHOSTNAME:
connections.c- {
connections.c: err_t er = ttoaddress_dns(shunk1(dst->host_addr_name),
connections.c- address_type(&dst->host_addr),
connections.c- &dst->host_addr);
this is extract_end().
--
host_pair.c-
host_pair.c- if (d->dnshostname == NULL ||
host_pair.c: ttoaddress_dns(shunk1(d->dnshostname),
host_pair.c- address_type(&d->spd.that.host_addr), &new_addr) != NULL
||
host_pair.c- sameaddr(&new_addr, &hp->remote))
This is update_host_pairs(), it's called from restart_connections_by_peer()
and connection_check_ddns1() so the code is already event loop aware.
--
ikev2_redirect.c- }
ikev2_redirect.c-
ikev2_redirect.c: err_t ugh = ttoaddress_dns(shunk2(gw_str,
gw_info.gw_identity_len),
ikev2_redirect.c- NULL/*UNSPEC*/, redirect_ip);
ikev2_redirect.c- if (ugh != NULL)
in parse_redirect_payload(), so knee deep in event loop goop.
--
initiate.c- }
initiate.c-
initiate.c: e = ttoaddress_dns(shunk1(c->dnshostname), NULL/*UNSPEC*/,
&new_addr);
initiate.c- if (e != NULL) {
initiate.c- connection_buf cib;
Hmm, connection_check_ddns1(), connection_check_ddns1(), now where have I
heard that name before?
Oh, look, further down the code calls update_host_pair() which calls, wait
for it, ttoaddress_dns().
--
plutomain.c- {
plutomain.c- ip_address rip;
plutomain.c: check_err(ttoaddress_dns(shunk1(optarg), NULL/*UNSPEC*/, &rip),
plutomain.c- longindex, logger);
plutomain.c- set_global_redirect_dests(optarg);
It is parsing --global-redirect-to. It is also probably the one case where
a call to ttoaddress_dns() is valid.
OTOH, having no calls to ttoaddress_dns() in pluto would be nice.
--
rcv_whack.c-
rcv_whack.c- if (m->remote_host != NULL) {
rcv_whack.c: oops = ttoaddress_dns(shunk1(m->remote_host), NULL/*UNSPEC*/,
&testip);
rcv_whack.c-
rcv_whack.c- if (oops != NULL) {
This is weird. It is pre-checking that the host is valid before calling
initiate_connections_by_name().
Why bother?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20210503/adb43df8/attachment.html>
More information about the Swan-dev
mailing list