mdnshosts experiment

[kristapsdz]

This is an ongoing project with only a few hours of work in it, but I thought I'd put it out there as soon as possible for comment. mdnshosts is basically a channel between mdsnctl browse -r and /etc/hosts. It's essentially a revamped mdnsctl.

The daemon starts up, creates worker children, then the main process continues to listen on the mdnsd socket. When entries come online or go offline, this main process sends this information to a writer process. The writer process maintains a database of entry name to host to IP mappings. When the database changes, it flushes the text to a file in hosts(5) format and notifies the replacer child. The replacer child swaps the temporary file into the real /etc/hosts file atomically.

All of the processes have pledge(2) and chroot(2). However, the security can be greatly increased.

On my list of things to do:

1. Tighten down pledges in the writer, possibly splitting this into another process.
2. Increase sanity checks on the hosts database.
3. Logging to syslog, not stderr.
4. Pruning out mdnsl.c (copied over from mdnsctl).
5. And so much more---I just wrote this today.

I wrote this because I was so frustrated with our network changing IP addresses all the time and needing to run mdnsctl lookup -r every time I used SSH or printed.

[haesbaert]

I like the idea, didn't have time to read it in detail, I've noticed you copied mdnsl.c, in the future I agree, it should be a library. But for the meantime you could just refer to the same .c file, like ../mdnsctl/mdnsl.c, better than having a copy.

[elad]

@kristapsdz could you please elaborate on why this functionality has to be part of mdnsd instead of simply piping its output somewhere else that might manage more than just /etc/hosts?

[kristapsdz]

@elad, what do you mean by part of mdnsd? It's not part of mdnsd. It, like mdnsctl, talks with mdnsd over the socket. As for whether it should be part of the suite of tools, that's simply because there's no library for it, so I had to put it as a subdirectory of mdnsd.

(Added later.) I'd actually like a lot more for it to be separate, and it can be---it literally uses mdnsl.c that mdnsctl uses.

[haesbaert]

I think the point is that this is not part of mdnsd/mdnsd, it's an application using mdnsl.c.

That was the initial idea, to have a mdns library and many applications that use it as they see fit, I'll quit slacking and turn mdnsl into a shared object.

[elad]

@kristapsdz okay, the no library part makes sense I guess.

[haesbaert]

@kristapsdz Let me know when you think this is ready enough for merging/review.

[kristapsdz]

I use it constantly, but I only have a few hosts here on my network, so I'm not sure how well it responds to scale. There are also many optimisations that can be made---but again, I'm more concerned with the basic functionality. Another thing I wish I could implement is "pinning" a host somehow so that a spoofer can't come online and pretend to be the requested host. I'd guess that adding a TXT entry, public key, blah blah, but that's a different story.

The only issue is that sometimes the database of available machines gets out of state. It uses reference counting by service: when a new service is announced for a particular host, it's referenced. This seems to happen when name resolution fails within mdnsd, though I haven't found where exactly this happens. So basically, a service is announced, but the mdnsd fails to look up the host. Edit: when this does happen, restarting mdnshosts isn't enough: I need to completely restart mdnsd.

But like I said, I use this all of the time, so it Works For Me (tm).

[haesbaert]

That's good enough to pull in for me. I just want to turn mdnsl into a shared object first, then we squash all commits into one and I merge, sounds like a plan ?

[kristapsdz]

Ja. I haven't touched mdnsl.c at all. The only thing about it that bothers me isn't in mdnsl, it's in imsg_read, which internally ignores being interrupted. So one feature I can think to add is a heartbeat from mdnsd just to allow readers spinning on the socket to extract themselves after they've been signalled. (But, as in mdnshosts, between their own signal checks and invoking imsg_read.)