From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 11 May 2026 16:50:03 +0000 (+0000)
Subject: main: Configure the TLS transport
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3fb86dd1bc4f9260509e4ef79e23d9255927a090;p=zone-sync.git

main: Configure the TLS transport

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/main.c b/main.c
index dc274e4..e9aa4d4 100644
--- a/main.c
+++ b/main.c
@@ -56,7 +56,9 @@ typedef struct ctx {
 	isc_sockaddr_t source_address;
 
 	// Transport
-	dns_transport_type_t transport;
+	dns_transport_type_t transport_type;
+	dns_transport_list_t* transports;
+	dns_transport_t* transport;
 	uint32_t port;
 
 	// Zones
@@ -269,7 +271,7 @@ static int do_transfer(dns_zone_t* zone, uint32_t serial) {
 	dns_zone_setminxfrratein(zone, 10240, 300);
 
 	dns_xfrin_create(zone, xfrtype, &ctx.primary_address, &ctx.source_address, NULL,
-		ctx.transport, NULL, ctx.tlsctx_cache, ctx.memctx, &xfrin);
+		ctx.transport_type, ctx.transport, ctx.tlsctx_cache, ctx.memctx, &xfrin);
 
 	// Start the transfer
 	return dns_xfrin_start(xfrin, transfer_done);
@@ -381,6 +383,38 @@ ERROR:
 	zone_done(zone);
 }
 
+static int configure_transports(void) {
+	dns_name_t* name = NULL;
+	int r;
+
+	// Use the name of the primary
+	r = dns_name_from_string(&name, ctx.primary);
+	if (r) {
+		ERROR("Failed to parse the transport name %s: %s\n",
+			ctx.primary, isc_result_totext(r));
+		return r;
+	}
+
+	// Allocate a new transport list
+	ctx.transports = dns_transport_list_new(ctx.memctx);
+
+	// Allocate a new transport
+	ctx.transport = dns_transport_new(name, ctx.transport_type, ctx.transports);
+
+	// Set the remote hostname (for TLS SNI)
+	switch (ctx.transport_type) {
+		case DNS_TRANSPORT_TLS:
+			dns_transport_set_remote_hostname(ctx.transport, ctx.primary);
+			dns_transport_set_tlsname(ctx.transport, ctx.primary);
+			break;
+
+		default:
+			break;
+	}
+
+	return 0;
+}
+
 static void run_loop(void* data) {
 	struct in_addr any = {
 		.s_addr = INADDR_ANY,
@@ -398,6 +432,11 @@ static void run_loop(void* data) {
 	// Create the source address
 	isc_sockaddr_fromin(&ctx.source_address, &any, 0);
 
+	// Configure transports
+	r = configure_transports();
+	if (r)
+		goto ERROR;
+
 	// Create a view
 	r = dns_view_create(ctx.memctx, ctx.loopmgr, ctx.dispatchmgr,
 			dns_rdataclass_in, "default", &ctx.view);
@@ -425,6 +464,14 @@ static void destroy_loop(void* data) {
 	if (ctx.view)
 		dns_view_detach(&ctx.view);
 
+	// Destroy the transport
+	if (ctx.transport)
+		dns_transport_detach(&ctx.transport);
+
+	// Destroy the transport list
+	if (ctx.transports)
+		dns_transport_list_detach(&ctx.transports);
+
 	// Destroy the zone manager
 	if (ctx.zonemgr) {
 		dns_zonemgr_shutdown(ctx.zonemgr);
@@ -512,12 +559,12 @@ static error_t parse(int key, char* arg, struct argp_state* state) {
 		case OPT_TRANSPORT:
 			// TCP
 			if (strcmp(arg, "TCP") == 0) {
-				ctx.transport = DNS_TRANSPORT_TCP;
+				ctx.transport_type = DNS_TRANSPORT_TCP;
 				ctx.port = 53;
 
 			// TLS
 			} else if (strcmp(arg, "TLS") == 0) {
-				ctx.transport = DNS_TRANSPORT_TLS;
+				ctx.transport_type = DNS_TRANSPORT_TLS;
 				ctx.port = 853;
 
 			// Fail on unknown transport