diff options
author | Robert James Kaes <rjkaes@users.sourceforge.net> | 2001-12-15 05:57:13 +0000 |
---|---|---|
committer | Robert James Kaes <rjkaes@users.sourceforge.net> | 2001-12-15 05:57:13 +0000 |
commit | bf18ec5adce44bece72498c04dcd1acedd2548f0 (patch) | |
tree | 94ffeca994701f961cdf709c4f9d54168fa8d058 /src/dnscache.c | |
parent | e0694a8f6eaadaac6196afbee0982a266f4e2927 (diff) | |
download | tinyproxy-bf18ec5adce44bece72498c04dcd1acedd2548f0.tar.gz tinyproxy-bf18ec5adce44bece72498c04dcd1acedd2548f0.zip |
Removed the DNS caching system because tinyproxy did not determine the TTL
of the host names being resolved, which is not recommended by RFC2616.
Basically, if a HTTP client doesn't respect the TTL is should not be
caching the address since it leaves itself open to DNS spoofing attacks.
Also, having a DNS caching system is an administater decision, and so
should not be included in the tinyproxy source.
Diffstat (limited to '')
-rw-r--r-- | src/dnscache.c | 147 |
1 files changed, 0 insertions, 147 deletions
diff --git a/src/dnscache.c b/src/dnscache.c deleted file mode 100644 index a711c91..0000000 --- a/src/dnscache.c +++ /dev/null @@ -1,147 +0,0 @@ -/* $Id: dnscache.c,v 1.18 2001-11-22 00:31:10 rjkaes Exp $ - * - * This is a caching DNS system. When a host name is needed we look it up here - * and see if there is already an answer for it. The domains are placed in a - * hashed linked list. If the name is not here, then we need to look it up and - * add it to the system. This really speeds up the connection to servers since - * the DNS name does not need to be looked up each time. It's kind of cool. :) - * - * Copyright (C) 1999 Robert James Kaes (rjkaes@flarenet.com) - * Copyright (C) 2000 Chris Lightfoot (chris@ex-parrot.com) - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2, or (at your option) any - * later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - */ - -#include "tinyproxy.h" - -#include "dnscache.h" -#include "log.h" -#include "ternary.h" -#include "utils.h" - -/* - * The mutex is used for locking around accesses to the ternary tree. - */ -static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; - -#define LOCK() pthread_mutex_lock(&mutex); -#define UNLOCK() pthread_mutex_unlock(&mutex); - -#define DNSEXPIRE (5 * 60) -#define DNS_INSERT_LIMIT 10000 /* free the memory after inserts */ - -struct dnscache_s { - struct in_addr ipaddr; - time_t expire; -}; - -static TERNARY dns_tree = -1; -static unsigned int dns_insertions; - -static int -dns_lookup(struct in_addr *addr, char *domain) -{ - int ret; - struct dnscache_s *ptr; - - assert(addr != NULL); - assert(domain != NULL); - - ret = ternary_search(dns_tree, domain, (void *) &ptr); - - if (TE_ISERROR(ret) - || difftime(time(NULL), ptr->expire) > DNSEXPIRE) { - return -1; - } - - memcpy(addr, &ptr->ipaddr, sizeof(struct in_addr)); - - return 0; -} - -static int -dns_insert(struct in_addr *addr, char *domain) -{ - struct dnscache_s *newptr; - - assert(addr != NULL); - assert(domain != NULL); - - if (!(newptr = safemalloc(sizeof(struct dnscache_s)))) { - return -1; - } - - memcpy(&newptr->ipaddr, addr, sizeof(struct in_addr)); - newptr->expire = time(NULL); - - DEBUG2("Inserting [%s] into DNS cache", domain); - - if (TE_ISERROR(ternary_replace(dns_tree, domain, newptr))) { - safefree(newptr); - return -1; - } - - DEBUG2("Finished inserting [%s] into DNS cache", domain); - - return 0; -} - -int -dnscache(struct in_addr *addr, char *domain) -{ - struct hostent *resolv; - - assert(addr != NULL); - assert(domain != NULL); - - LOCK(); - - /* If the DNS tree doesn't exist, build a new one */ - if (dns_tree < 0) { - dns_tree = ternary_new(); - dns_insertions = 0; - } - - if (inet_aton(domain, (struct in_addr *) addr) != 0) { - UNLOCK(); - return 0; - } - - /* Well, we're not dotted-decimal so we need to look it up */ - if (dns_lookup(addr, domain) == 0) { - UNLOCK(); - return 0; - } - - /* Okay, so not in the list... need to actually look it up. */ - if (!(resolv = gethostbyname(domain))) { - UNLOCK(); - return -1; - } - - memcpy(addr, resolv->h_addr_list[0], resolv->h_length); - - dns_insert(addr, domain); - - dns_insertions++; - if (dns_insertions > DNS_INSERT_LIMIT) { - log_message(LOG_INFO, - "DNS Insertion limit reached (%u). Rebuilding cache.", - dns_insertions); - ternary_destroy(dns_tree, free); - dns_tree = ternary_new(); - dns_insertions = 0; - } - - UNLOCK(); - - return 0; -} |