-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dns: add TLSA record query support #52983
base: main
Are you sure you want to change the base?
Conversation
I've updated to fix linting and formatting, but not sure about the Tried reproducing it locally with tools/test.py but could not, all tests always run without issues. And it seems to be complaining about |
might be useful to define the known values for the TLSA records like we do in c-ares with ares_tlsa_match_t, ares_tlsa_selector_t, and ares_tlsa_usage_t |
Fixed the mem leak and confirmed the asan test passes (on a different branch, not in this PR: https://github.com/rithvikvibhu/node/actions/runs/9137751681/job/25128086198) I think it's ready for review (assuming all checks pass). @bradh352 I searched but couldn't find constants defined in dns for any other type, they are all stored and returned as regular objects. For ex, ParseMxReply: Lines 301 to 311 in 559212e
|
@lpinca can you approve the workflow again? I believe all check errors are fixed now. Also, any idea if someone or a group must be tagged for reviewing? (I don't mind if it takes time, just making sure I understand the process) |
@nodejs/dns |
The only failing test is benchmark/test-benchmark-crypto, which this PR does not touch. There is an issue with the same error and a PR to mark it as flaky: I think we just wait till #52955 is merged, then I rebase? |
This needs someone to review it. I already pinged @nodejs/dns 2 weeks ago, so now I'm going to try current collaborators who show up a lot in |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not really a C++ expert but it looks fine to me.
size_t data_len; | ||
const unsigned char* data = | ||
ares_dns_rr_get_bin(rr, ARES_RR_TLSA_DATA, &data_len); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd probably recommend checking this return value to not be NULL before attempting to memcpy it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm looking at the possible codes and ARES_ENODATA seems to be the closest match status code to return in this case.
Or do you think we should just skip this record (if null data) without any errors?
This PR adds
resolveTlsa
so that the resolver can query TLSA records.c-ares added the parser in c-ares/c-ares#600 and @bradh352 (thanks!) provided some code to get started with: #39569 (comment)
Refs: #39569
P.S. I'm new to both node core as well as C++ so the code may be unideal, am open to any changes to be made.
Also, I'm not sure about the YAML markup in docs, what should the "Added in" say?
And is this considered a Notable Change?