summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorRobert James Kaes <rjkaes@users.sourceforge.net>2001-12-15 05:57:13 +0000
committerRobert James Kaes <rjkaes@users.sourceforge.net>2001-12-15 05:57:13 +0000
commitbf18ec5adce44bece72498c04dcd1acedd2548f0 (patch)
tree94ffeca994701f961cdf709c4f9d54168fa8d058 /src
parente0694a8f6eaadaac6196afbee0982a266f4e2927 (diff)
downloadtinyproxy-bf18ec5adce44bece72498c04dcd1acedd2548f0.tar.gz
tinyproxy-bf18ec5adce44bece72498c04dcd1acedd2548f0.zip
Removed the DNS caching system because tinyproxy did not determine the TTL
of the host names being resolved, which is not recommended by RFC2616. Basically, if a HTTP client doesn't respect the TTL is should not be caching the address since it leaves itself open to DNS spoofing attacks. Also, having a DNS caching system is an administater decision, and so should not be included in the tinyproxy source.
Diffstat (limited to '')
-rw-r--r--src/dnscache.c147
-rw-r--r--src/dnscache.h25
2 files changed, 0 insertions, 172 deletions
diff --git a/src/dnscache.c b/src/dnscache.c
deleted file mode 100644
index a711c91..0000000
--- a/src/dnscache.c
+++ /dev/null
@@ -1,147 +0,0 @@
-/* $Id: dnscache.c,v 1.18 2001-11-22 00:31:10 rjkaes Exp $
- *
- * This is a caching DNS system. When a host name is needed we look it up here
- * and see if there is already an answer for it. The domains are placed in a
- * hashed linked list. If the name is not here, then we need to look it up and
- * add it to the system. This really speeds up the connection to servers since
- * the DNS name does not need to be looked up each time. It's kind of cool. :)
- *
- * Copyright (C) 1999 Robert James Kaes (rjkaes@flarenet.com)
- * Copyright (C) 2000 Chris Lightfoot (chris@ex-parrot.com)
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2, or (at your option) any
- * later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- */
-
-#include "tinyproxy.h"
-
-#include "dnscache.h"
-#include "log.h"
-#include "ternary.h"
-#include "utils.h"
-
-/*
- * The mutex is used for locking around accesses to the ternary tree.
- */
-static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
-
-#define LOCK() pthread_mutex_lock(&mutex);
-#define UNLOCK() pthread_mutex_unlock(&mutex);
-
-#define DNSEXPIRE (5 * 60)
-#define DNS_INSERT_LIMIT 10000 /* free the memory after inserts */
-
-struct dnscache_s {
- struct in_addr ipaddr;
- time_t expire;
-};
-
-static TERNARY dns_tree = -1;
-static unsigned int dns_insertions;
-
-static int
-dns_lookup(struct in_addr *addr, char *domain)
-{
- int ret;
- struct dnscache_s *ptr;
-
- assert(addr != NULL);
- assert(domain != NULL);
-
- ret = ternary_search(dns_tree, domain, (void *) &ptr);
-
- if (TE_ISERROR(ret)
- || difftime(time(NULL), ptr->expire) > DNSEXPIRE) {
- return -1;
- }
-
- memcpy(addr, &ptr->ipaddr, sizeof(struct in_addr));
-
- return 0;
-}
-
-static int
-dns_insert(struct in_addr *addr, char *domain)
-{
- struct dnscache_s *newptr;
-
- assert(addr != NULL);
- assert(domain != NULL);
-
- if (!(newptr = safemalloc(sizeof(struct dnscache_s)))) {
- return -1;
- }
-
- memcpy(&newptr->ipaddr, addr, sizeof(struct in_addr));
- newptr->expire = time(NULL);
-
- DEBUG2("Inserting [%s] into DNS cache", domain);
-
- if (TE_ISERROR(ternary_replace(dns_tree, domain, newptr))) {
- safefree(newptr);
- return -1;
- }
-
- DEBUG2("Finished inserting [%s] into DNS cache", domain);
-
- return 0;
-}
-
-int
-dnscache(struct in_addr *addr, char *domain)
-{
- struct hostent *resolv;
-
- assert(addr != NULL);
- assert(domain != NULL);
-
- LOCK();
-
- /* If the DNS tree doesn't exist, build a new one */
- if (dns_tree < 0) {
- dns_tree = ternary_new();
- dns_insertions = 0;
- }
-
- if (inet_aton(domain, (struct in_addr *) addr) != 0) {
- UNLOCK();
- return 0;
- }
-
- /* Well, we're not dotted-decimal so we need to look it up */
- if (dns_lookup(addr, domain) == 0) {
- UNLOCK();
- return 0;
- }
-
- /* Okay, so not in the list... need to actually look it up. */
- if (!(resolv = gethostbyname(domain))) {
- UNLOCK();
- return -1;
- }
-
- memcpy(addr, resolv->h_addr_list[0], resolv->h_length);
-
- dns_insert(addr, domain);
-
- dns_insertions++;
- if (dns_insertions > DNS_INSERT_LIMIT) {
- log_message(LOG_INFO,
- "DNS Insertion limit reached (%u). Rebuilding cache.",
- dns_insertions);
- ternary_destroy(dns_tree, free);
- dns_tree = ternary_new();
- dns_insertions = 0;
- }
-
- UNLOCK();
-
- return 0;
-}
diff --git a/src/dnscache.h b/src/dnscache.h
deleted file mode 100644
index 046052d..0000000
--- a/src/dnscache.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/* $Id: dnscache.h,v 1.7 2001-10-25 17:02:50 rjkaes Exp $
- *
- * See 'dnscache.c' for a detailed description.
- *
- * Copyright (C) 1999 Robert James Kaes (rjkaes@flarenet.com)
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2, or (at your option) any
- * later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- */
-
-#ifndef _TINYPROXY_DNSCACHE_H_
-#define _TINYPROXY_DNSCACHE_H_
-
-#include "tinyproxy.h"
-
-extern int dnscache(struct in_addr *addr, char *domain);
-
-#endif