DNS: Add basic support for asynchronous DNS resolving

This patch is a simple implementation for the proposal discussed in https://mail.openvswitch.org/pipermail/ovs-dev/2017-August/337038.html and https://mail.openvswitch.org/pipermail/ovs-dev/2017-October/340013.html. It enables ovs-vswitchd and other utilities to use DNS names when specifying OpenFlow and OVSDB remotes. Below are some of the features and limitations of this patch: - Resolving is asynchornous in daemon context, avoiding blocking main loop; - Resolving is synchronous in general utility context; - Both IPv4 and IPv6 are supported; - The resolving API is thread-safe; - Depends on the unbound library; - When multiple ip addresses are returned, only the first one is used; - /etc/nsswitch.conf isn't respected as unbound library doesn't look at it; - For async-resolving, caller need to retry later; there is no callback. Signed-off-by: Yifeng Sun <[email protected]> Signed-off-by: Ben Pfaff <[email protected]>
blp · Jul 6, 2018 · 771680d · 771680d
1 parent def5b36
commit 771680d
Show file tree

Hide file tree

Showing 25 changed files with 604 additions and 165 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -19,6 +19,8 @@ addons:
       - python-sphinx
       - libelf-dev
       - selinux-policy-dev
+      - libunbound-dev
+      - libunbound-dev:i386
 
 before_install: ./.travis/${TRAVIS_OS_NAME}-prepare.sh
 

diff --git a/Documentation/intro/install/general.rst b/Documentation/intro/install/general.rst
@@ -93,6 +93,10 @@ need the following software:
 - Python 2.7. You must also have the Python ``six`` library version 1.4.0
   or later.
 
+- Unbound library, from http://www.unbound.net, is optional but recommended if
+  you want to enable ovs-vswitchd and other utilities to use DNS names when
+  specifying OpenFlow and OVSDB remotes. If unbound library is already
+  installed, then Open vSwitch will automatically build with support for it.
 
 On Linux, you may choose to compile the kernel module that comes with the Open
 vSwitch distribution or to use the kernel module built into the Linux kernel

diff --git a/Documentation/ref/ovsdb.7.rst b/Documentation/ref/ovsdb.7.rst
@@ -379,11 +379,11 @@ the opposite arrangement as well.
 
 OVSDB supports the following active connection methods:
 
-ssl:<ip>:<port>
-    The specified SSL or TLS <port> on the host at the given <ip>.
+ssl:<host>:<port>
+    The specified SSL or TLS <port> on the given <host>.
 
-tcp:<ip>:<port>
-    The specified TCP <port> on the host at the given <ip>.
+tcp:<host>:<port>
+    The specified TCP <port> on the given <host>.
 
 unix:<file>
     On Unix-like systems, connect to the Unix domain server socket named
@@ -427,9 +427,9 @@ All IP-based connection methods accept IPv4 and IPv6 addresses.  To specify an
 IPv6 address, wrap it in square brackets, e.g.  ``ssl:[::1]:6640``.  Passive
 IP-based connection methods by default listen for IPv4 connections only; use
 ``[::]`` as the address to accept both IPv4 and IPv6 connections,
-e.g. ``pssl:6640:[::]``.  DNS names are not accepted.  On Linux, use
-``%<device>`` to designate a scope for IPv6 link-level addresses,
-e.g. ``ssl:[fe80::1234%eth0]:6653``.
+e.g. ``pssl:6640:[::]``.  DNS names are also accepted if built with unbound
+library.  On Linux, use ``%<device>`` to designate a scope for IPv6 link-level
+addresses, e.g. ``ssl:[fe80::1234%eth0]:6653``.
 
 The <port> may be omitted from connection methods that use a port number.  The
 default <port> for TCP-based connection methods is 6640, e.g. ``pssl:`` is

diff --git a/NEWS b/NEWS
@@ -1,5 +1,7 @@
 Post-v2.9.0
 --------------------
+   - ovs-vswitchd and utilities now support DNS names in OpenFlow and
+     OVSDB remotes.
    - ovs-vswitchd:
      * New options --l7 and --l7-len to "ofproto/trace" command.
      * Previous versions gave OpenFlow tables default names of the form

diff --git a/configure.ac b/configure.ac
@@ -135,6 +135,7 @@ OVS_CHECK_LINUX_HOST
 OVS_LIBTOOL_VERSIONS
 OVS_CHECK_CXX
 AX_FUNC_POSIX_MEMALIGN
+OVS_CHECK_UNBOUND
 
 OVS_CHECK_INCLUDE_NEXT([stdio.h string.h])
 AC_CONFIG_FILES([

diff --git a/debian/control b/debian/control
@@ -16,7 +16,8 @@ Build-Depends: graphviz,
                python-all (>= 2.7),
                python-twisted-conch,
                python-zopeinterface,
-               python-six
+               python-six,
+               libunbound-dev
 Standards-Version: 3.9.3
 Homepage: http://openvswitch.org/
 
@@ -307,6 +308,7 @@ Multi-Arch: same
 Depends:
  libopenvswitch (>= ${binary:Version}),
  libssl-dev,
+ libunbound-dev,
  ${misc:Depends}
 Conflicts: openvswitch-dev
 Replaces: openvswitch-dev

diff --git a/lib/automake.mk b/lib/automake.mk
@@ -465,6 +465,13 @@ else
 lib_libopenvswitch_la_SOURCES += lib/stream-nossl.c
 endif
 
+lib_libopenvswitch_la_SOURCES += lib/dns-resolve.h
+if HAVE_UNBOUND
+lib_libopenvswitch_la_SOURCES += lib/dns-resolve.c
+else
+lib_libopenvswitch_la_SOURCES += lib/dns-resolve-stub.c
+endif
+
 pkgconfig_DATA += \
 	lib/libopenvswitch.pc \
 	lib/libsflow.pc

diff --git a/lib/dns-resolve-stub.c b/lib/dns-resolve-stub.c
@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2017, 2018 Nicira, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <config.h>
+#include "dns-resolve.h"
+#include "compiler.h"
+
+void
+dns_resolve_init(void)
+{
+}
+
+bool
+dns_resolve(const char *name OVS_UNUSED, char **addr)
+{
+    *addr = NULL;
+    return false;
+}
+
+void
+dns_resolve_destroy(void)
+{
+}