Initial import of DNS over CoAP

[miri64]

This is based on the work by Philipp Herold (@powerbuilder1).

I cleaned up most of the code during the IETF 122 hackathon and the IETF week. There are definitely some things that still need cleaning (see checklist below) but I wanted to open a PR before the end of IETF week (and before my vacation until the 31st) to gather your opinions.

Things still to do:

• Make OSCORE credentials non-constant and configurable
• Make CoAP resource path non-constant and configurable
• Reuse TLS-PKI for DTLS
• Find out why libcoap sends no piggybacked ACK-messages but only empty ACKs

[miri64]

Rebased to current master to resolve merge conflict.

[miri64]

2/4 TODOs done. I see if I can manage the rest during the hackathon or if this is something I leave over for Montreal (or before if I find the time during the last bouts of my PhD).

[miri64]

Rebased to current master.

[miri64]

Added support for the PKI and tests for those. I still have to look into the piggy-backed ACK issue, but I suspect this is a libcoap bug.

[miri64]

Added support for the PKI and tests for those. I still have to look into the piggy-backed ACK issue, but I suspect this is a libcoap bug.

Confirmed that this is an issue with the usage of libcoap. I asked @obgm for help, so we hopefully can resolve this today or this week. In the meantime, I think this PR is ready to review!

[wcawijngaards]

Code looks good! Thank you for the contribution.

[wcawijngaards]

In addition, the code compiles for me, but the test did not succeed.

The compilation needs a couple of changes still. They in the diff; I could also commit that if you want.

It adds callback signatures and libraries for shell-parse, so that the link succeeds. The config.h.in definitions are put in configure.ac, so that it works with autoconf. Otherwise the changes in config.h.in would be overwritten by autoheader. The change in testbound.c makes testbound compile. The make test checks succeed.

The file testdata/doc_downstream.tdir/doc_downstream.oscore_server_creds is missing, and the test complains Unable to open OSCORE configuration file..

diff --git a/Makefile.in b/Makefile.in
index db0620f0..bb5691ec 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -240,7 +240,7 @@ STREAMTCP_OBJ_LINK=$(STREAMTCP_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \
 $(SLDNS_OBJ)
 SHELL_PARSE_SRC=testcode/shell-parse.c
 SHELL_PARSE_OBJ=shell-parse.lo
-SHELL_PARSE_OBJ_LINK=$(SHELL_PARSE_OBJ) $(COMMON_OBJ) $(COMPAT_OBJ) \
+SHELL_PARSE_OBJ_LINK=$(SHELL_PARSE_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \
 $(SLDNS_OBJ)
 DOHCLIENT_SRC=testcode/dohclient.c
 DOHCLIENT_OBJ=dohclient.lo
@@ -422,7 +422,7 @@ streamtcp$(EXEEXT):	$(STREAMTCP_OBJ_LINK)
 	$(LINK) -o $@ $(STREAMTCP_OBJ_LINK) $(SSLLIB) $(LIBS)
 
 shell-parse$(EXEEXT):	$(SHELL_PARSE_OBJ_LINK)
-	$(LINK) -o $@ $(SHELL_PARSE_OBJ_LINK)
+	$(LINK) -o $@ $(SHELL_PARSE_OBJ_LINK) $(SSLLIB) $(LIBS)
 
 dohclient$(EXEEXT):	$(DOHCLIENT_OBJ_LINK)
 	$(LINK) -o $@ $(DOHCLIENT_OBJ_LINK) $(SSLLIB) $(LIBS)
diff --git a/configure.ac b/configure.ac
index a652fa8a..256f7909 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2500,6 +2500,10 @@ char *unbound_stat_strdup_log(const char *s, const char* file, int line,
 #define UNBOUND_DNS_OVER_HTTPS_PORT 443
 /** default port for DNS over QUIC traffic. */
 #define UNBOUND_DNS_OVER_QUIC_PORT 853
+/** default port for DNS over COAP over UDP traffic. */
+#define UNBOUND_DNS_OVER_COAP_PORT 5683
+/** default port for DNS over COAP over DTLS over UDP traffic. */
+#define UNBOUND_DNS_OVER_COAPS_PORT 5684
 /** default port for unbound control traffic, registered port with IANA,
     ub-dns-control  8953/tcp    unbound dns nameserver control */
 #define UNBOUND_CONTROL_PORT 8953
diff --git a/testcode/testbound.c b/testcode/testbound.c
index 063037df..bd18e3f2 100644
--- a/testcode/testbound.c
+++ b/testcode/testbound.c
@@ -786,3 +786,9 @@ size_t doq_table_quic_size_get(struct doq_table* ATTR_UNUSED(table))
 	return 0;
 }
 #endif
+
+void comm_point_doc_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(event),
+	void* ATTR_UNUSED(arg))
+{
+	/* nothing */
+}

[miri64]

Thanks for the review. Sadly, I was otherwise per-occupied the past few weeks, but I will look into it ASAP.

[miri64]

Addressed most of your review + one change to the doc_handle_fetch request handler, so that hopefully the empty ACK issue is resolved (was not able to test this yet fully, but it also adds capability for block-wise responses, so that large responses are segmented properly, so I thought it should be in in any case).

Regarding the tests: Since I just copied most of that from doh_downstream, I did not yet change them.

[miri64]

So far, I ran the doc_downstream tests isolated, to save time. However, now I see that there is a Segfault already in 09-unbound-control (and more later on). So am I still missing something? Or just ignore the fault and let the tests continue to run?

[miri64]

My bad! The segfault came from unconfigured (and unchecked) config values. Will fix.