<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, 2 May 2021 at 15:55, Paul Wouters <<a href="mailto:paul@nohats.ca">paul@nohats.ca</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Sun, 2 May 2021, D. Hugh Redelmeier wrote:<br>
<br>
> Subject: [Swan-dev] get rid of getnetbyname() /etc/networks?<br>
> <br>
> Comments I added recently:<br>
><br>
> +     /*<br>
> +      * try a name from /etc/networks<br>
> +      *<br>
> +      * Seems pretty obsolete:<br>
> +      * - latest RFC, 1101, dated April 1989<br>
> +      * - IPv4 only<br>
> +      * - doesn't support classless networks<br>
> +      * - Window has it<br>
> +      */<br>
><br>
> We are using this as a fallback when DNS doesn't resolve a name.<br>
> We are not even using it to find a network, only an IP address.<br>
<br>
kill it :)<br>
<br>
Related, there are still a few places that end up calling<br>
gethostbyname2() which is also obsolete and does not work for IPv6:<br>
<br>
lib/libswan/ttoaddress.c:       struct hostent *h = gethostbyname2(p, af);<br>
<br>
programs/showhostkey/showhostkey.c:     gethostname(qname, sizeof(qname));<br>
<br>
The case in ttoaddress.c is the main one. Since it is used by<br>
ttoaddress_dns() which is used in many places, we cannot replace it<br>
with an async libunbound call. And to do a sync unbound call, last I<br>
looked at this years ago, we would have to start another libunbound<br>
context which gets its own cachce. Also, it would mean people can no<br>
longer compile without libunbound. I guess the best fix would be to<br>
rewrite it to use getaddrinfo() or res_ functions?<br><br></blockquote><div><br></div><div>Not as many as you might think.  Must are in the command line utilities.</div><div><br></div><div>For pluto, we've now got a pretty good handle on keeping whack attached, going through the event loop may be less pain than expected.  Any way, these are the calls:</div><div><br></div>$ find * -type f -name '*.c' -print | xargs grep -B2 -A2 'ttoaddress_dns('</div><div class="gmail_quote"><br>connections.c-     case KH_IPHOSTNAME:<br>connections.c-     {<br>connections.c:               err_t er = ttoaddress_dns(shunk1(dst->host_addr_name),<br>connections.c-                                            address_type(&dst->host_addr),<br>connections.c-                                         &dst->host_addr);</div><div class="gmail_quote"><br></div><div class="gmail_quote">this is extract_end().</div><div class="gmail_quote"><br>--</div><div class="gmail_quote"><br>host_pair.c-<br>host_pair.c-     if (d->dnshostname == NULL ||<br>host_pair.c:      ttoaddress_dns(shunk1(d->dnshostname),<br>host_pair.c-                         address_type(&d->spd.that.host_addr), &new_addr) != NULL ||<br>host_pair.c-       sameaddr(&new_addr, &hp->remote))</div><div class="gmail_quote"><br></div><div class="gmail_quote">This is update_host_pairs(), it's called from restart_connections_by_peer() and connection_check_ddns1() so the code is already event loop aware.</div><div class="gmail_quote"><br>--</div><div class="gmail_quote"><br>ikev2_redirect.c-          }<br>ikev2_redirect.c-<br>ikev2_redirect.c:         err_t ugh = ttoaddress_dns(shunk2(gw_str, gw_info.gw_identity_len),<br>ikev2_redirect.c-                                     NULL/*UNSPEC*/, redirect_ip);<br>ikev2_redirect.c-            if (ugh != NULL)</div><div class="gmail_quote"><br></div><div class="gmail_quote">in parse_redirect_payload(), so knee deep in event loop goop.</div><div class="gmail_quote"><br>--</div><div class="gmail_quote"><br>initiate.c-   }<br>initiate.c-<br>initiate.c:     e = ttoaddress_dns(shunk1(c->dnshostname), NULL/*UNSPEC*/, &new_addr);<br>initiate.c-      if (e != NULL) {<br>initiate.c-           connection_buf cib;</div><div class="gmail_quote"><br></div><div class="gmail_quote">Hmm, connection_check_ddns1(), connection_check_ddns1(), now where have I heard that name before?</div><div class="gmail_quote">Oh, look, further down the code calls update_host_pair() which calls, wait for it, ttoaddress_dns().</div><div class="gmail_quote"><br>--</div><div class="gmail_quote"><br>plutomain.c-           {<br>plutomain.c-                 ip_address rip;<br>plutomain.c:                   check_err(ttoaddress_dns(shunk1(optarg), NULL/*UNSPEC*/, &rip),<br>plutomain.c-                                 longindex, logger);<br>plutomain.c-                    set_global_redirect_dests(optarg);</div><div class="gmail_quote"><br></div><div class="gmail_quote">It is parsing --global-redirect-to.  It is also probably the one case where a call to ttoaddress_dns() is valid.</div><div class="gmail_quote">OTOH,  having no calls to ttoaddress_dns() in pluto would be nice.</div><div class="gmail_quote"><br>--</div><div class="gmail_quote"><br>rcv_whack.c-<br>rcv_whack.c-                      if (m->remote_host != NULL) {<br>rcv_whack.c:                          oops = ttoaddress_dns(shunk1(m->remote_host), NULL/*UNSPEC*/, &testip);<br>rcv_whack.c-<br>rcv_whack.c-                              if (oops != NULL) {</div><div class="gmail_quote"><br></div><div class="gmail_quote">This is weird.  It is pre-checking that the host is valid before calling initiate_connections_by_name().</div><div class="gmail_quote">Why bother?<br></div><div class="gmail_quote"><div> </div><div><br></div><div> </div></div></div>