10 okt 2012 kl. 20:08 skrev Daniel-Constantin Mierla <[email protected]>:
> Hello, > > thanks for this addition. Few comments: > > 1) not really important -- I guess is "validator/validator.h" part of the > external library, but might be better to be included with square brackets, it > is more common when including from standard paths, rather from local folders. > Like: > > #include <validator/validator.h> > > 2) from past experiences, it very unlikely people will start using it if they > have to recompile with different flags. On the other hand, the core should > not be dependent on such specific library (which seems it is not that spread > across distros at this time anyhow). Looking at the patch, it is practically > about returning a struct hostent pointer and checking a status parameter. > > My proposal is to: > - make a module that will have some wrappers around the dnssec functions. > This wrappers should not have the dnssec specific parameters, returning the > hostent and setting an integer (given as pointer) status parameter, in case > the core needs to know more about the dnssec result > - core can still have the USE_DNSSEC define just in case one wants to disable > it completely > - core will have a structure with pointers to the wrapper functions for dnssec > - when loaded, the dnssec module will set the values of the function pointers > in the core > - core may get a new parameter use_dnnsec to enable/disable usage of dnssec > from config file (although this can be redundant, such decision could be by > loadind/not loading dnssec module) > > This does not look like big effort, considering the patch, and I think will > make dnssec easier to experiment with for a larger user base. Similar > mechanism is used more or less for tls and in other modules that needed to > act in the core, but had exotic dependencies or functionalities (e.g., msrp > module sets some callbacks in tcp receive code). > > What do you think? For me it seems like a good architecture proposal. We do need more DNSsec aware software in SIP and I believe it will mean a lot for SIP security soon. /O > > Cheers, > Daniel > > On 10/10/12 4:56 PM, Marius Zbihlei wrote: >> Module: sip-router >> Branch: master >> Commit: 73103df8fcffa0f92dfc4699c52d5dd9474084ea >> URL: >> http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=73103df8fcffa0f92dfc4699c52d5dd9474084ea >> >> Author: Marius Zbihlei <[email protected]> >> Committer: Marius Zbihlei <[email protected]> >> Date: Wed Oct 10 17:53:02 2012 +0300 >> >> Core: added DNSSEC support for DNS queries >> >> This is available by setting the USE_DNSSEC compile flag. It requires >> libval-threads and libres (part of dnssec-tools dnssec-tools.org) >> The custom resolvers were replaced by val_gethostbyname, val_gethostbyname >> and val_res_query (for SRV). >> >> [...] > > -- > Daniel-Constantin Mierla - http://www.asipto.com > http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda > Kamailio Advanced Training, Berlin, Nov 5-8, 2012 - http://asipto.com/u/kat > Kamailio Advanced Training, Miami, USA, Nov 12-14, 2012 - > http://asipto.com/u/katu > > > _______________________________________________ > sr-dev mailing list > [email protected] > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev _______________________________________________ sr-dev mailing list [email protected] http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
