* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks [not found] ` <20180714170809.C3A3920456@vcs0.savannah.gnu.org> @ 2018-07-15 11:46 ` Robert Pluim 2018-07-15 15:34 ` Jimmy Yuen Ho Wong 0 siblings, 1 reply; 26+ messages in thread From: Robert Pluim @ 2018-07-15 11:46 UTC (permalink / raw) To: emacs-devel; +Cc: Jimmy Yuen Ho Wong wyuenho@gmail.com (Jimmy Yuen Ho Wong) writes: > branch: netsec > commit 682578fcf74d4598e39eca81e09d81810d3fc28d > Author: Jimmy Yuen Ho Wong <wyuenho@gmail.com> > Commit: Jimmy Yuen Ho Wong <wyuenho@gmail.com> > > Add option to bypass NSM TLS checks on local networks > > * lisp/net/net-utils.el (nslookup-host-ipv4, nslookup-host-ipv6, > ipv6-expand): New functions to lookup IPv4 and IPv6 addresses from > DNS. So this only works for people who have nslookup installed? Emacs already uses getaddrinfo internally, would it help you if there was a lisp-level interface to it? Regards Robert ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks 2018-07-15 11:46 ` netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks Robert Pluim @ 2018-07-15 15:34 ` Jimmy Yuen Ho Wong 2018-07-16 13:34 ` Robert Pluim 0 siblings, 1 reply; 26+ messages in thread From: Jimmy Yuen Ho Wong @ 2018-07-15 15:34 UTC (permalink / raw) To: Robert Pluim; +Cc: emacs-devel > On 15 Jul 2018, at 12:46 pm, Robert Pluim <rpluim@gmail.com> wrote: > > wyuenho@gmail.com (Jimmy Yuen Ho Wong) writes: > >> branch: netsec >> commit 682578fcf74d4598e39eca81e09d81810d3fc28d >> Author: Jimmy Yuen Ho Wong <wyuenho@gmail.com> >> Commit: Jimmy Yuen Ho Wong <wyuenho@gmail.com> >> >> Add option to bypass NSM TLS checks on local networks >> >> * lisp/net/net-utils.el (nslookup-host-ipv4, nslookup-host-ipv6, >> ipv6-expand): New functions to lookup IPv4 and IPv6 addresses from >> DNS. > > So this only works for people who have nslookup installed? Emacs > already uses getaddrinfo internally, would it help you if there was a > lisp-level interface to it? > Yes it would. I was asking for that exact same thing :) lend me a hand on this? > Regards > > Robert ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks 2018-07-15 15:34 ` Jimmy Yuen Ho Wong @ 2018-07-16 13:34 ` Robert Pluim 2018-07-16 15:00 ` Eli Zaretskii ` (3 more replies) 0 siblings, 4 replies; 26+ messages in thread From: Robert Pluim @ 2018-07-16 13:34 UTC (permalink / raw) To: Jimmy Yuen Ho Wong; +Cc: emacs-devel Jimmy Yuen Ho Wong <wyuenho@gmail.com> writes: >> On 15 Jul 2018, at 12:46 pm, Robert Pluim <rpluim@gmail.com> wrote: >> >> wyuenho@gmail.com (Jimmy Yuen Ho Wong) writes: >> >>> branch: netsec >>> commit 682578fcf74d4598e39eca81e09d81810d3fc28d >>> Author: Jimmy Yuen Ho Wong <wyuenho@gmail.com> >>> Commit: Jimmy Yuen Ho Wong <wyuenho@gmail.com> >>> >>> Add option to bypass NSM TLS checks on local networks >>> >>> * lisp/net/net-utils.el (nslookup-host-ipv4, nslookup-host-ipv6, >>> ipv6-expand): New functions to lookup IPv4 and IPv6 addresses from >>> DNS. >> >> So this only works for people who have nslookup installed? Emacs >> already uses getaddrinfo internally, would it help you if there was a >> lisp-level interface to it? >> > > Yes it would. I was asking for that exact same thing :) lend me a hand on this? Iʼm terrible at choosing names, please suggest better ones (hostname-lookup, gethostbyname,....?). Output currently looks like this, including a port number, but thatʼs easily changed: (get-address-info "www.slashdot.org" 'ipv4) ([216 105 38 15 0] [216 105 38 15 0] [216 105 38 15 0]) (get-address-info "google.com") ([172 217 19 238 0] [172 217 19 238 0] [172 217 19 238 0] [10752 5200 16391 2060 0 0 0 8206 0] [10752 5200 16391 2060 0 0 0 8206 0] [10752 5200 16391 2060 0 0 0 8206 0]) Eli, I see thereʼs a sys_getaddrinfo in w32.c, is something needed to get emacs to use that on MS-Windows? diff --git i/src/process.c w/src/process.c index 279b74bc66..7d0bf74cbe 100644 --- i/src/process.c +++ w/src/process.c @@ -4531,6 +4531,55 @@ Data that is unavailable is returned as nil. */) #endif } +DEFUN ("get-address-info", Fget_address_info, Sget_address_info, 1, 2, 0, + doc: /* Look up ip address info of NAME. +Optional parameter FAMILY controls whether to look up IPv4 or IPv6 +addresses. The default of nil means look up both, symbol `ipv4' means +IPv4 only, symbol `ipv6' mean IPv6 only. Returns a list of addresses, +or nil if none were found. */) + (Lisp_Object name, Lisp_Object family) +{ + Lisp_Object addresses = Qnil; + struct addrinfo *res, *lres; + int ret; + + struct addrinfo hints; + memset (&hints, 0, sizeof hints); + if (EQ (family, Qnil)) + hints.ai_family = AF_UNSPEC; + if (EQ (family, Qipv4)) + hints.ai_family = AF_INET; +#ifdef AF_INET6 + if (EQ (family, Qipv6)) + hints.ai_family = AF_INET6; +#endif + hints.ai_socktype = 0; + + ret = getaddrinfo (SSDATA (name), NULL, &hints, &res); + if (ret) +#ifdef HAVE_GAI_STRERROR + { + synchronize_system_messages_locale (); + char const *str = gai_strerror (ret); + if (! NILP (Vlocale_coding_system)) + str = SSDATA (code_convert_string_norecord + (build_string (str), Vlocale_coding_system, 0)); + message ("\"%s\" \"%s\"", SSDATA (name), str); + } +#else + message ("%s get-address-info error %d", SSDATA (name), ret); +#endif + else + { + for (lres = res; lres; lres = lres->ai_next) + addresses = Fcons (conv_sockaddr_to_lisp (lres->ai_addr, lres->ai_addrlen), addresses); + addresses = Fnreverse (addresses); + + freeaddrinfo (res); + } + return addresses; +} + /* Turn off input and output for process PROC. */ static void @@ -8274,6 +8323,7 @@ returns non-`nil'. */); defsubr (&Sset_network_process_option); defsubr (&Smake_network_process); defsubr (&Sformat_network_address); + defsubr (&Sget_address_info); defsubr (&Snetwork_interface_list); defsubr (&Snetwork_interface_info); #ifdef DATAGRAM_SOCKETS ^ permalink raw reply related [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks 2018-07-16 13:34 ` Robert Pluim @ 2018-07-16 15:00 ` Eli Zaretskii 2018-07-16 15:24 ` Jimmy Yuen Ho Wong 2018-07-16 16:23 ` Robert Pluim 2018-07-16 15:31 ` Jimmy Yuen Ho Wong ` (2 subsequent siblings) 3 siblings, 2 replies; 26+ messages in thread From: Eli Zaretskii @ 2018-07-16 15:00 UTC (permalink / raw) To: Robert Pluim; +Cc: emacs-devel > From: Robert Pluim <rpluim@gmail.com> > Date: Mon, 16 Jul 2018 15:34:35 +0200 > Cc: emacs-devel@gnu.org > > Eli, I see thereʼs a sys_getaddrinfo in w32.c, is something needed > to get emacs to use that on MS-Windows? No, you don't need anything special. nt/inc/socket.h redirects getaddrinfo into sys_getaddrinfo, and all our C sources see the redirection. > +DEFUN ("get-address-info", Fget_address_info, Sget_address_info, 1, 2, 0, > + doc: /* Look up ip address info of NAME. > +Optional parameter FAMILY controls whether to look up IPv4 or IPv6 > +addresses. The default of nil means look up both, symbol `ipv4' means > +IPv4 only, symbol `ipv6' mean IPv6 only. Returns a list of addresses, > +or nil if none were found. */) This doc string doesn't tell that each address is a vector or a string. > + if (EQ (family, Qipv4)) > + hints.ai_family = AF_INET; > +#ifdef AF_INET6 > + if (EQ (family, Qipv6)) > + hints.ai_family = AF_INET6; > +#endif Should we signal an error if 'ipv6' is requested on a system that doesn't support that? > + ret = getaddrinfo (SSDATA (name), NULL, &hints, &res); You should encode NAME (using ENCODE_SYSTEM), because it could include non-ASCII characters. In general, any Lisp string should be encoded before you can pass its data to a C library function. Thanks. P.S. This needs a NEWS entry, at the very least, and perhaps also an update for the ELisp manual. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks 2018-07-16 15:00 ` Eli Zaretskii @ 2018-07-16 15:24 ` Jimmy Yuen Ho Wong 2018-07-16 17:59 ` Eli Zaretskii 2018-07-16 16:23 ` Robert Pluim 1 sibling, 1 reply; 26+ messages in thread From: Jimmy Yuen Ho Wong @ 2018-07-16 15:24 UTC (permalink / raw) To: Eli Zaretskii; +Cc: Robert Pluim, Emacs-Devel devel On Mon, Jul 16, 2018 at 4:00 PM Eli Zaretskii <eliz@gnu.org> wrote: > > > From: Robert Pluim <rpluim@gmail.com> > > Date: Mon, 16 Jul 2018 15:34:35 +0200 > > Cc: emacs-devel@gnu.org > > > > Eli, I see thereʼs a sys_getaddrinfo in w32.c, is something needed > > to get emacs to use that on MS-Windows? > > No, you don't need anything special. nt/inc/socket.h redirects > getaddrinfo into sys_getaddrinfo, and all our C sources see the > redirection. > > > +DEFUN ("get-address-info", Fget_address_info, Sget_address_info, 1, 2, 0, > > + doc: /* Look up ip address info of NAME. > > +Optional parameter FAMILY controls whether to look up IPv4 or IPv6 > > +addresses. The default of nil means look up both, symbol `ipv4' means > > +IPv4 only, symbol `ipv6' mean IPv6 only. Returns a list of addresses, > > +or nil if none were found. */) > > This doc string doesn't tell that each address is a vector or a > string. > > > + if (EQ (family, Qipv4)) > > + hints.ai_family = AF_INET; > > +#ifdef AF_INET6 > > + if (EQ (family, Qipv6)) > > + hints.ai_family = AF_INET6; > > +#endif > > Should we signal an error if 'ipv6' is requested on a system that > doesn't support that? > > > + ret = getaddrinfo (SSDATA (name), NULL, &hints, &res); > > You should encode NAME (using ENCODE_SYSTEM), because it could include > non-ASCII characters. In general, any Lisp string should be encoded > before you can pass its data to a C library function. > Does getaddrinfo accept unicode hostnames? If not I think we can just make sure NAME is all ASCII as per Punycode for i18nized host names. > Thanks. > > P.S. This needs a NEWS entry, at the very least, and perhaps also an > update for the ELisp manual. > ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks 2018-07-16 15:24 ` Jimmy Yuen Ho Wong @ 2018-07-16 17:59 ` Eli Zaretskii 0 siblings, 0 replies; 26+ messages in thread From: Eli Zaretskii @ 2018-07-16 17:59 UTC (permalink / raw) To: Jimmy Yuen Ho Wong; +Cc: rpluim, emacs-devel > From: Jimmy Yuen Ho Wong <wyuenho@gmail.com> > Date: Mon, 16 Jul 2018 16:24:45 +0100 > Cc: Robert Pluim <rpluim@gmail.com>, Emacs-Devel devel <emacs-devel@gnu.org> > > > > + ret = getaddrinfo (SSDATA (name), NULL, &hints, &res); > > > > You should encode NAME (using ENCODE_SYSTEM), because it could include > > non-ASCII characters. In general, any Lisp string should be encoded > > before you can pass its data to a C library function. > > > > Does getaddrinfo accept unicode hostnames? If not I think we can just > make sure NAME is all ASCII as per Punycode for i18nized host names. That's fine with me, but my point is that simply plugging the string data into a libc function is usually not OK. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks 2018-07-16 15:00 ` Eli Zaretskii 2018-07-16 15:24 ` Jimmy Yuen Ho Wong @ 2018-07-16 16:23 ` Robert Pluim 2018-07-16 17:16 ` Jimmy Yuen Ho Wong 2018-07-16 18:09 ` Eli Zaretskii 1 sibling, 2 replies; 26+ messages in thread From: Robert Pluim @ 2018-07-16 16:23 UTC (permalink / raw) To: Eli Zaretskii; +Cc: emacs-devel Eli Zaretskii <eliz@gnu.org> writes: >> From: Robert Pluim <rpluim@gmail.com> >> Date: Mon, 16 Jul 2018 15:34:35 +0200 >> Cc: emacs-devel@gnu.org >> >> Eli, I see thereʼs a sys_getaddrinfo in w32.c, is something needed >> to get emacs to use that on MS-Windows? > > No, you don't need anything special. nt/inc/socket.h redirects > getaddrinfo into sys_getaddrinfo, and all our C sources see the > redirection. Thanks. I always forget how the nt stuff works. >> +DEFUN ("get-address-info", Fget_address_info, Sget_address_info, 1, 2, 0, >> + doc: /* Look up ip address info of NAME. >> +Optional parameter FAMILY controls whether to look up IPv4 or IPv6 >> +addresses. The default of nil means look up both, symbol `ipv4' means >> +IPv4 only, symbol `ipv6' mean IPv6 only. Returns a list of addresses, >> +or nil if none were found. */) > > This doc string doesn't tell that each address is a vector or a > string. Yes. Iʼm waiting for Jimmy to tell me if the format works for him, then Iʼll document whatever we end up with (and it can currently only return a vector, and includes a port, which is probably not needed). >> + if (EQ (family, Qipv4)) >> + hints.ai_family = AF_INET; >> +#ifdef AF_INET6 >> + if (EQ (family, Qipv6)) >> + hints.ai_family = AF_INET6; >> +#endif > > Should we signal an error if 'ipv6' is requested on a system that > doesn't support that? Iʼd be more inclined to return nil in that case. The effect is the same, and the caller doesnʼt need to do redundant error handling. >> + ret = getaddrinfo (SSDATA (name), NULL, &hints, &res); > > You should encode NAME (using ENCODE_SYSTEM), because it could include > non-ASCII characters. In general, any Lisp string should be encoded > before you can pass its data to a C library function. > My understanding is that this API only supports ASCII anyway. For internationalized domain names you'd need to use puny-code (and we donʼt currently use ENCODE_SYSTEM when calling getaddrinfo elsewhere). > Thanks. > > P.S. This needs a NEWS entry, at the very least, and perhaps also an > update for the ELisp manual. Both, for sure. Robert ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks 2018-07-16 16:23 ` Robert Pluim @ 2018-07-16 17:16 ` Jimmy Yuen Ho Wong 2018-07-16 17:46 ` Robert Pluim 2018-07-16 18:09 ` Eli Zaretskii 1 sibling, 1 reply; 26+ messages in thread From: Jimmy Yuen Ho Wong @ 2018-07-16 17:16 UTC (permalink / raw) To: Emacs-Devel devel; +Cc: Eli Zaretskii > > Yes. Iʼm waiting for Jimmy to tell me if the format works for him, > then Iʼll document whatever we end up with (and it can currently only > return a vector, and includes a port, which is probably not needed). > Oh you are waiting for me, you can just push to my branch or master and I'll test it out. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks 2018-07-16 17:16 ` Jimmy Yuen Ho Wong @ 2018-07-16 17:46 ` Robert Pluim 0 siblings, 0 replies; 26+ messages in thread From: Robert Pluim @ 2018-07-16 17:46 UTC (permalink / raw) To: Jimmy Yuen Ho Wong; +Cc: Eli Zaretskii, Emacs-Devel devel Jimmy Yuen Ho Wong <wyuenho@gmail.com> writes: >> >> Yes. Iʼm waiting for Jimmy to tell me if the format works for him, >> then Iʼll document whatever we end up with (and it can currently only >> return a vector, and includes a port, which is probably not needed). >> > > Oh you are waiting for me, you can just push to my branch or master > and I'll test it out. Iʼve pushed to the netsec branch. Regards Robert ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks 2018-07-16 16:23 ` Robert Pluim 2018-07-16 17:16 ` Jimmy Yuen Ho Wong @ 2018-07-16 18:09 ` Eli Zaretskii 2018-07-17 10:09 ` Robert Pluim 1 sibling, 1 reply; 26+ messages in thread From: Eli Zaretskii @ 2018-07-16 18:09 UTC (permalink / raw) To: Robert Pluim; +Cc: emacs-devel > From: Robert Pluim <rpluim@gmail.com> > Cc: emacs-devel@gnu.org > Date: Mon, 16 Jul 2018 18:23:21 +0200 > > > No, you don't need anything special. nt/inc/socket.h redirects > > getaddrinfo into sys_getaddrinfo, and all our C sources see the > > redirection. > > Thanks. I always forget how the nt stuff works. In general, all the sys_* stuff is invisible everywhere except in w32.c. > >> + ret = getaddrinfo (SSDATA (name), NULL, &hints, &res); > > > > You should encode NAME (using ENCODE_SYSTEM), because it could include > > non-ASCII characters. In general, any Lisp string should be encoded > > before you can pass its data to a C library function. > > > > My understanding is that this API only supports ASCII anyway. Then I think we should test that it's either a unibyte string or a string whose size in bytes is equal to its size in characters, and signal an error if that doesn't hold. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks 2018-07-16 18:09 ` Eli Zaretskii @ 2018-07-17 10:09 ` Robert Pluim 2018-07-17 15:50 ` Eli Zaretskii 0 siblings, 1 reply; 26+ messages in thread From: Robert Pluim @ 2018-07-17 10:09 UTC (permalink / raw) To: Eli Zaretskii; +Cc: emacs-devel Eli Zaretskii <eliz@gnu.org> writes: > > Then I think we should test that it's either a unibyte string or a > string whose size in bytes is equal to its size in characters, and > signal an error if that doesn't hold. So I tried using STRING_MULTIBYTE, but of course eww uses puny-encode-domain on unicode hostnames, and that returns a multibyte string that only contains ASCII characters. Rather than opening that can of worms, I settled on checking SBYTES (host) != SCHARS (host) I couldn't find an "is this a pure-ASCII string" function. Regards Robert ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks 2018-07-17 10:09 ` Robert Pluim @ 2018-07-17 15:50 ` Eli Zaretskii 2018-07-17 15:53 ` Robert Pluim 0 siblings, 1 reply; 26+ messages in thread From: Eli Zaretskii @ 2018-07-17 15:50 UTC (permalink / raw) To: Robert Pluim; +Cc: emacs-devel > From: Robert Pluim <rpluim@gmail.com> > Cc: emacs-devel@gnu.org > Date: Tue, 17 Jul 2018 12:09:10 +0200 > > Eli Zaretskii <eliz@gnu.org> writes: > > > > Then I think we should test that it's either a unibyte string or a > > string whose size in bytes is equal to its size in characters, and > > signal an error if that doesn't hold. > > So I tried using STRING_MULTIBYTE, but of course eww uses > puny-encode-domain on unicode hostnames, and that returns a multibyte > string that only contains ASCII characters. Rather than opening that > can of worms, I settled on checking > > SBYTES (host) != SCHARS (host) This will signal an error for unibyte strings, because there SBYTES is always -1. So I think you should do this instead: STRING_MULTIBYTE (host) && SBYTES (host) != SCHARS (host) > I couldn't find an "is this a pure-ASCII string" function. It is rarely needed, IME. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks 2018-07-17 15:50 ` Eli Zaretskii @ 2018-07-17 15:53 ` Robert Pluim 2018-07-17 16:17 ` Robert Pluim 0 siblings, 1 reply; 26+ messages in thread From: Robert Pluim @ 2018-07-17 15:53 UTC (permalink / raw) To: Eli Zaretskii; +Cc: emacs-devel Eli Zaretskii <eliz@gnu.org> writes: >> From: Robert Pluim <rpluim@gmail.com> >> Cc: emacs-devel@gnu.org >> Date: Tue, 17 Jul 2018 12:09:10 +0200 >> >> Eli Zaretskii <eliz@gnu.org> writes: >> > >> > Then I think we should test that it's either a unibyte string or a >> > string whose size in bytes is equal to its size in characters, and >> > signal an error if that doesn't hold. >> >> So I tried using STRING_MULTIBYTE, but of course eww uses >> puny-encode-domain on unicode hostnames, and that returns a multibyte >> string that only contains ASCII characters. Rather than opening that >> can of worms, I settled on checking >> >> SBYTES (host) != SCHARS (host) > > This will signal an error for unibyte strings, because there SBYTES is > always -1. So I think you should do this instead: > Ah, I was assuming they'd always be in sync. > STRING_MULTIBYTE (host) && SBYTES (host) != SCHARS (host) OK, that works. Thanks Robert ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks 2018-07-17 15:53 ` Robert Pluim @ 2018-07-17 16:17 ` Robert Pluim 2018-07-17 17:15 ` Eli Zaretskii 0 siblings, 1 reply; 26+ messages in thread From: Robert Pluim @ 2018-07-17 16:17 UTC (permalink / raw) To: emacs-devel Robert Pluim <rpluim@gmail.com> writes: > Eli Zaretskii <eliz@gnu.org> writes: > >>> From: Robert Pluim <rpluim@gmail.com> >>> Cc: emacs-devel@gnu.org >>> Date: Tue, 17 Jul 2018 12:09:10 +0200 >>> >>> Eli Zaretskii <eliz@gnu.org> writes: >>> > >>> > Then I think we should test that it's either a unibyte string or a >>> > string whose size in bytes is equal to its size in characters, and >>> > signal an error if that doesn't hold. >>> >>> So I tried using STRING_MULTIBYTE, but of course eww uses >>> puny-encode-domain on unicode hostnames, and that returns a multibyte >>> string that only contains ASCII characters. Rather than opening that >>> can of worms, I settled on checking >>> >>> SBYTES (host) != SCHARS (host) >> >> This will signal an error for unibyte strings, because there SBYTES is >> always -1. So I think you should do this instead: >> > > Ah, I was assuming they'd always be in sync. > >> STRING_MULTIBYTE (host) && SBYTES (host) != SCHARS (host) > > OK, that works. I couldn't get my original to fail with a unibyte string. Turns out that even though size_byte is indeed -1 for unibyte strings, in that case SBYTES returns the size field: ptrdiff_t nbytes = s->u.s.size_byte < 0 ? s->u.s.size : s->u.s.size_byte; Having said that, testing for STRING_MULTIBYTE is harmless. Robert ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks 2018-07-17 16:17 ` Robert Pluim @ 2018-07-17 17:15 ` Eli Zaretskii 2018-07-17 18:00 ` Robert Pluim 0 siblings, 1 reply; 26+ messages in thread From: Eli Zaretskii @ 2018-07-17 17:15 UTC (permalink / raw) To: Robert Pluim; +Cc: emacs-devel > From: Robert Pluim <rpluim@gmail.com> > Date: Tue, 17 Jul 2018 18:17:57 +0200 > > I couldn't get my original to fail with a unibyte string. Turns out > that even though size_byte is indeed -1 for unibyte strings, in that > case SBYTES returns the size field: > > ptrdiff_t nbytes = s->u.s.size_byte < 0 ? s->u.s.size : s->u.s.size_byte; Ah, yes. I keep forgetting that. Which is one more reason not to rely on that, if you ask me ;-) ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks 2018-07-17 17:15 ` Eli Zaretskii @ 2018-07-17 18:00 ` Robert Pluim 0 siblings, 0 replies; 26+ messages in thread From: Robert Pluim @ 2018-07-17 18:00 UTC (permalink / raw) To: Eli Zaretskii; +Cc: emacs-devel Eli Zaretskii <eliz@gnu.org> writes: >> From: Robert Pluim <rpluim@gmail.com> >> Date: Tue, 17 Jul 2018 18:17:57 +0200 >> >> I couldn't get my original to fail with a unibyte string. Turns out >> that even though size_byte is indeed -1 for unibyte strings, in that >> case SBYTES returns the size field: >> >> ptrdiff_t nbytes = s->u.s.size_byte < 0 ? s->u.s.size : s->u.s.size_byte; > > Ah, yes. I keep forgetting that. Which is one more reason not to > rely on that, if you ask me ;-) STRING_MULTIBYTE it is then. Robert ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks 2018-07-16 13:34 ` Robert Pluim 2018-07-16 15:00 ` Eli Zaretskii @ 2018-07-16 15:31 ` Jimmy Yuen Ho Wong 2018-07-16 16:14 ` Stefan Monnier 2018-07-16 17:06 ` Andy Moreton 2018-07-16 17:48 ` Paul Eggert 3 siblings, 1 reply; 26+ messages in thread From: Jimmy Yuen Ho Wong @ 2018-07-16 15:31 UTC (permalink / raw) To: Emacs-Devel devel On Mon, Jul 16, 2018 at 2:34 PM Robert Pluim <rpluim@gmail.com> wrote: > > Jimmy Yuen Ho Wong <wyuenho@gmail.com> writes: > > >> On 15 Jul 2018, at 12:46 pm, Robert Pluim <rpluim@gmail.com> wrote: > >> > >> wyuenho@gmail.com (Jimmy Yuen Ho Wong) writes: > >> > >>> branch: netsec > >>> commit 682578fcf74d4598e39eca81e09d81810d3fc28d > >>> Author: Jimmy Yuen Ho Wong <wyuenho@gmail.com> > >>> Commit: Jimmy Yuen Ho Wong <wyuenho@gmail.com> > >>> > >>> Add option to bypass NSM TLS checks on local networks > >>> > >>> * lisp/net/net-utils.el (nslookup-host-ipv4, nslookup-host-ipv6, > >>> ipv6-expand): New functions to lookup IPv4 and IPv6 addresses from > >>> DNS. > >> > >> So this only works for people who have nslookup installed? Emacs > >> already uses getaddrinfo internally, would it help you if there was a > >> lisp-level interface to it? > >> > > > > Yes it would. I was asking for that exact same thing :) lend me a hand on this? > > Iʼm terrible at choosing names, please suggest better ones > (hostname-lookup, gethostbyname,....?). Output currently looks like > this, including a port number, but thatʼs easily changed: > I wish I could think of a better name. All the good names are taken by terrible implementations LOL ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks 2018-07-16 15:31 ` Jimmy Yuen Ho Wong @ 2018-07-16 16:14 ` Stefan Monnier 2018-07-16 16:36 ` Robert Pluim 0 siblings, 1 reply; 26+ messages in thread From: Stefan Monnier @ 2018-07-16 16:14 UTC (permalink / raw) To: emacs-devel >> Iʼm terrible at choosing names, please suggest better ones >> (hostname-lookup, gethostbyname,....?). Output currently looks like >> this, including a port number, but thatʼs easily changed: > I wish I could think of a better name. All the good names are taken by > terrible implementations LOL All the C functions dealing with the network should use a common namespace prefix, I think. That could be "network-" or "inet-" or various others. Stefan "just helping paint the shed" ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks 2018-07-16 16:14 ` Stefan Monnier @ 2018-07-16 16:36 ` Robert Pluim 2018-07-16 18:11 ` Eli Zaretskii 2018-07-16 18:24 ` Stefan Monnier 0 siblings, 2 replies; 26+ messages in thread From: Robert Pluim @ 2018-07-16 16:36 UTC (permalink / raw) To: Stefan Monnier; +Cc: emacs-devel Stefan Monnier <monnier@iro.umontreal.ca> writes: >>> Iʼm terrible at choosing names, please suggest better ones >>> (hostname-lookup, gethostbyname,....?). Output currently looks like >>> this, including a port number, but thatʼs easily changed: >> I wish I could think of a better name. All the good names are taken by >> terrible implementations LOL > > All the C functions dealing with the network should use a common > namespace prefix, I think. That could be "network-" or "inet-" or > various others. > Emacs has a whole bunch of commands and variables starting with 'network-', that makes sense to me. > Stefan "just helping paint the shed" network-lookup-info? network-lookup-hostname-info? There are so many colours to choose from. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks 2018-07-16 16:36 ` Robert Pluim @ 2018-07-16 18:11 ` Eli Zaretskii 2018-07-16 18:24 ` Stefan Monnier 1 sibling, 0 replies; 26+ messages in thread From: Eli Zaretskii @ 2018-07-16 18:11 UTC (permalink / raw) To: Robert Pluim; +Cc: emacs-devel > From: Robert Pluim <rpluim@gmail.com> > Date: Mon, 16 Jul 2018 18:36:37 +0200 > Cc: emacs-devel@gnu.org > > Emacs has a whole bunch of commands and variables starting with > 'network-', that makes sense to me. > > > Stefan "just helping paint the shed" > > network-lookup-info? network-lookup-hostname-info? There are so many > colours to choose from. FWIW, I'm okay with get-address-info, for 2 reasons: . we don't other related names start with anything like that; . other languages use names very close to getaddrinfo, so why cannot we? But if you want to use some other name, feel free. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks 2018-07-16 16:36 ` Robert Pluim 2018-07-16 18:11 ` Eli Zaretskii @ 2018-07-16 18:24 ` Stefan Monnier 1 sibling, 0 replies; 26+ messages in thread From: Stefan Monnier @ 2018-07-16 18:24 UTC (permalink / raw) To: emacs-devel > network-lookup-info? network-lookup-hostname-info? There are so many > colours to choose from. I'll let you choose that part of the color (so long as it's black, of course). Stefan ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks 2018-07-16 13:34 ` Robert Pluim 2018-07-16 15:00 ` Eli Zaretskii 2018-07-16 15:31 ` Jimmy Yuen Ho Wong @ 2018-07-16 17:06 ` Andy Moreton 2018-07-16 17:15 ` Jimmy Yuen Ho Wong 2018-07-16 17:48 ` Paul Eggert 3 siblings, 1 reply; 26+ messages in thread From: Andy Moreton @ 2018-07-16 17:06 UTC (permalink / raw) To: emacs-devel On Mon 16 Jul 2018, Robert Pluim wrote: > Jimmy Yuen Ho Wong <wyuenho@gmail.com> writes: > >>> On 15 Jul 2018, at 12:46 pm, Robert Pluim <rpluim@gmail.com> wrote: >>> >>> wyuenho@gmail.com (Jimmy Yuen Ho Wong) writes: >>> >>>> branch: netsec >>>> commit 682578fcf74d4598e39eca81e09d81810d3fc28d >>>> Author: Jimmy Yuen Ho Wong <wyuenho@gmail.com> >>>> Commit: Jimmy Yuen Ho Wong <wyuenho@gmail.com> >>>> >>>> Add option to bypass NSM TLS checks on local networks >>>> >>>> * lisp/net/net-utils.el (nslookup-host-ipv4, nslookup-host-ipv6, >>>> ipv6-expand): New functions to lookup IPv4 and IPv6 addresses from >>>> DNS. >>> >>> So this only works for people who have nslookup installed? Emacs >>> already uses getaddrinfo internally, would it help you if there was a >>> lisp-level interface to it? >>> >> >> Yes it would. I was asking for that exact same thing :) lend me a hand on this? > > Iʼm terrible at choosing names, please suggest better ones > (hostname-lookup, gethostbyname,....?). Output currently looks like > this, including a port number, but thatʼs easily changed: Given that we already have `network-interface-list' and `network-interface-info' I think this should be named `network-address-info'. Your patch works on Windows 10 (64bit mingw64 MSYS2): ELISP> (get-address-info "www.slashdot.org" 'ipv4) ([216 105 38 15 0]) ELISP> (get-address-info "google.com") ([216 58 213 110 0]) ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks 2018-07-16 17:06 ` Andy Moreton @ 2018-07-16 17:15 ` Jimmy Yuen Ho Wong 0 siblings, 0 replies; 26+ messages in thread From: Jimmy Yuen Ho Wong @ 2018-07-16 17:15 UTC (permalink / raw) To: andrewjmoreton; +Cc: Emacs-Devel devel > > Given that we already have `network-interface-list' and > `network-interface-info' I think this should be named `network-address-info'. > Sounds good to me! ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks 2018-07-16 13:34 ` Robert Pluim ` (2 preceding siblings ...) 2018-07-16 17:06 ` Andy Moreton @ 2018-07-16 17:48 ` Paul Eggert 2018-07-17 5:56 ` Robert Pluim 3 siblings, 1 reply; 26+ messages in thread From: Paul Eggert @ 2018-07-16 17:48 UTC (permalink / raw) To: emacs-devel Robert Pluim wrote: > + ret = getaddrinfo (SSDATA (name), NULL, &hints, &res); Why does the Lisp API always pass NULL here? Shouldn't there be some way to specify the service at the Lisp level? More generally, there's a lot of code duplication between this new function and what's already in the implementation of make-network-process. Intead, make-network-process should call this new function (or some C variant of it). ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks 2018-07-16 17:48 ` Paul Eggert @ 2018-07-17 5:56 ` Robert Pluim 2018-07-17 18:07 ` Robert Pluim 0 siblings, 1 reply; 26+ messages in thread From: Robert Pluim @ 2018-07-17 5:56 UTC (permalink / raw) To: Paul Eggert; +Cc: emacs-devel Paul Eggert <eggert@cs.ucla.edu> writes: > Robert Pluim wrote: >> + ret = getaddrinfo (SSDATA (name), NULL, &hints, &res); > > Why does the Lisp API always pass NULL here? Shouldn't there be some > way to specify the service at the Lisp level? I donʼt think thatʼs currently needed at the lisp level, and I didnʼt want to overcomplicate the API. > More generally, there's a lot of code duplication between this new > function and what's already in the implementation of > make-network-process. Intead, make-network-process should call this > new function (or some C variant of it). I guess that would be possible. Iʼll look into it. Robert ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks 2018-07-17 5:56 ` Robert Pluim @ 2018-07-17 18:07 ` Robert Pluim 0 siblings, 0 replies; 26+ messages in thread From: Robert Pluim @ 2018-07-17 18:07 UTC (permalink / raw) To: emacs-devel; +Cc: eggert Robert Pluim <rpluim@gmail.com> writes: > Paul Eggert <eggert@cs.ucla.edu> writes: >> More generally, there's a lot of code duplication between this new >> function and what's already in the implementation of >> make-network-process. Intead, make-network-process should call this >> new function (or some C variant of it). So I split the common functionality into an internal function, and made the lisp function call that, and updated make-network-process to call it. Also a lispref entry and some tests (that uncovered a rather embarassing bug), all pushed to the netsec branch. Regards Robert ^ permalink raw reply [flat|nested] 26+ messages in thread
end of thread, other threads:[~2018-07-17 18:07 UTC | newest] Thread overview: 26+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- [not found] <20180714170806.8972.58581@vcs0.savannah.gnu.org> [not found] ` <20180714170809.C3A3920456@vcs0.savannah.gnu.org> 2018-07-15 11:46 ` netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks Robert Pluim 2018-07-15 15:34 ` Jimmy Yuen Ho Wong 2018-07-16 13:34 ` Robert Pluim 2018-07-16 15:00 ` Eli Zaretskii 2018-07-16 15:24 ` Jimmy Yuen Ho Wong 2018-07-16 17:59 ` Eli Zaretskii 2018-07-16 16:23 ` Robert Pluim 2018-07-16 17:16 ` Jimmy Yuen Ho Wong 2018-07-16 17:46 ` Robert Pluim 2018-07-16 18:09 ` Eli Zaretskii 2018-07-17 10:09 ` Robert Pluim 2018-07-17 15:50 ` Eli Zaretskii 2018-07-17 15:53 ` Robert Pluim 2018-07-17 16:17 ` Robert Pluim 2018-07-17 17:15 ` Eli Zaretskii 2018-07-17 18:00 ` Robert Pluim 2018-07-16 15:31 ` Jimmy Yuen Ho Wong 2018-07-16 16:14 ` Stefan Monnier 2018-07-16 16:36 ` Robert Pluim 2018-07-16 18:11 ` Eli Zaretskii 2018-07-16 18:24 ` Stefan Monnier 2018-07-16 17:06 ` Andy Moreton 2018-07-16 17:15 ` Jimmy Yuen Ho Wong 2018-07-16 17:48 ` Paul Eggert 2018-07-17 5:56 ` Robert Pluim 2018-07-17 18:07 ` Robert Pluim
Code repositories for project(s) associated with this external index https://git.savannah.gnu.org/cgit/emacs.git https://git.savannah.gnu.org/cgit/emacs/org-mode.git This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.