gcoap_dns: initial import of a DNS over CoAP (DoC) client#16705
gcoap_dns: initial import of a DNS over CoAP (DoC) client#16705miri64 merged 2 commits intoRIOT-OS:masterfrom
Conversation
miri64
added
State: WIP
github-actions
bot
added
Area: build system
miri64
force-pushed
the
gcoap_dns/feat/initial
branch
2 times, most recently
from
b3150a7 to
e8ae2d6
Compare
miri64
added
the
State: waiting for other PR
miri64
force-pushed
the
gcoap_dns/feat/initial
branch
2 times, most recently
from
fbc59c5 to
1a09ec0
Compare
miri64
force-pushed
the
gcoap_dns/feat/initial
branch
from
ddc08da to
484306f
Compare
miri64
force-pushed
the
gcoap_dns/feat/initial
branch
from
35b3c13 to
d71474e
Compare
miri64
force-pushed
the
gcoap_dns/feat/initial
branch
from
d71474e to
f25f272
Compare
|
Rebased since #16702 got merged. No longer waiting for other PRs (for the moment ;-)) |
miri64
added
State: WIP
miri64
force-pushed
the
gcoap_dns/feat/initial
branch
from
f25f272 to
292cc4c
Compare
miri64
force-pushed
the
gcoap_dns/feat/initial
branch
from
20caff0 to
a14dea1
Compare
|
This is ready for review now. |
|
Also addressed #16705 (comment) now. |
|
Anyone interested in my experimental OSCORE support may go here: https://github.com/miri64/RIOT/tree/gcoap_dns/enh/oscore :-) |
|
Squashed by offline request. |
chrysn
left a comment
chrysn
left a comment
There was a problem hiding this comment.
(Flushing out a round of initial comments while going through the code to encourage interactive handling.)
|
|
||
| if ((remote->port != _remote.port) || | ||
| (remote->family != _remote.family) || | ||
| (!ipv6_addr_is_unspecified((ipv6_addr_t *)_remote.addr.ipv6) && |
There was a problem hiding this comment.
Is there any test case you can put in a report, to have a good issue number to go both in the PR notes and into the code (so that when the issue is finally resolved, we can remove the check)?
chrysn
left a comment
chrysn
left a comment
There was a problem hiding this comment.
Looks good over-all, see comments (for many of which anything more than "because." can be a good answer).
I didn't check the credentials part too carefully, but it looks plausible enough. (It can probably be simplified if the credman API becomes easier to use; iterating through an array to find an empty slot is what I'd expect credman to do).
I didn't do a detailed check on the tests, but they look good from cursory reading, and do pass on native.
I'm running a few more practical tests, and expect to be done with them by the time the rest of the comments is through.
|
I also did some testing now, both on native and microbit-v2 via 6lowpan. after applying roughly diff --git a/examples/gcoap/Makefile b/examples/gcoap/Makefile
index bcb3c4731e..648dbd4ca9 100644
--- a/examples/gcoap/Makefile
+++ b/examples/gcoap/Makefile
@@ -40,0 +41,2 @@ USEMODULE += ps
+USEMODULE += gcoap_dns
+
diff --git a/examples/gcoap/client.c b/examples/gcoap/client.c
index d22c62eac0..b483acfb58 100644
--- a/examples/gcoap/client.c
+++ b/examples/gcoap/client.c
@@ -30,0 +31 @@
+#include "net/gcoap/dns.h"
@@ -148,0 +150,2 @@ static bool _parse_endpoint(sock_udp_ep_t *remote,
+ gcoap_dns_server_uri_set("coap://[2a02:b18:c13b:8010::907]/dns");
+
@@ -151,2 +154,3 @@ static bool _parse_endpoint(sock_udp_ep_t *remote,
- puts("gcoap_cli: unable to parse destination address");
- return false;
+ if (gcoap_dns_query(addr_str, &remote->addr, AF_INET6) < 0 ) {
+ return false;
+ }and running aiodnsprox locally. |
chrysn
left a comment
chrysn
left a comment
There was a problem hiding this comment.
There is only one unresolved comment left, in #16705 (comment), but that's really more about a to-be-opened unrelated issue, so it can stay unresolved.
I consider this ready. Thanks for adding this, please finalize.
|
Squashed. |
|
Mphff again needing to account for Python 3.5 (or outdated python libs) oddities: |
|
With Python 3.10, using |
|
(also confirmed with python 3.7, older versions I am too lazy to test :P) |
|
The Python change looks good (why was there a
|
|
That older scapy version seems to be in-consistent in itself... I pass a string as rdata, but it complains that it is not a string when handed to |
|
Pre-encoded the |
|
Can reproduce the remaining test error. Will check. |
|
Oops, that actually spotted an off-by-one error in the test application. Fixed with the latest force push. Curious that that only was an issue on ESP32... probably because its |
|
Thanks for the review! |
2 participants
Contribution description
This provides a DNS-over-CoAPS (DoC) client prototype implementation using
gcoap. The protocol design itself is heavily inspired by DoH, but has some additional features (such as FETCH support) that I got after a short brainstorming session with @chrysn. The main use case is encrypted DNS communication, so onlycoaps://resources are allowed as a target for now. Long-term plans to add OSCORE support exist as well.This PR serves merely to show an implementation prototype of said protocol. For discussions on protocol design, please refer to the repository for the DoC draft.
TODO:
Testing procedure
Just run
for any board you like.
If you want to test CoAPS behavior or more complex setups (e.g. with proxies), install https://github.com/anr-bmbf-pivot/aiodnsprox/
Run e.g.
sudo dist/tools/tapsetup/tapsetup sudo ip addr add 2001:db8::1 dev tapbr0 sudo ip route add 2001:db8::/64 via "<native link-local>" dev tapbr0 ./aiodns-proxy -c 2001:db8::1 -U 8.8.8.8 --dtls-credentials client_identity secretPSKand in a different shell
(for non-native/non-Ethernet boards you also will need a border router)
One should also be able to run the tests without CoAPS support by setting
COAPS=0in the environment variables at compile time.Issues/PRs references
Depends on PRs
#16669, #16695(merged),#16702, #16709, #16712(merged).