"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "pdns/lwres.cc" between
pdns-auth-4.1.13.tar.gz and pdns-auth-4.2.0.tar.gz

About: PowerDNS Authoritative Nameserver is a versatile nameserver which supports a large number of backends (that can either be plain zone files or be more dynamic in nature).

lwres.cc  (pdns-auth-4.1.13):lwres.cc  (pdns-auth-4.2.0)
skipping to change at line 53 skipping to change at line 53
#include "dnsparser.hh" #include "dnsparser.hh"
#include "logger.hh" #include "logger.hh"
#include "dns_random.hh" #include "dns_random.hh"
#include <boost/scoped_array.hpp> #include <boost/scoped_array.hpp>
#include <boost/algorithm/string.hpp> #include <boost/algorithm/string.hpp>
#include "validate-recursor.hh" #include "validate-recursor.hh"
#include "ednssubnet.hh" #include "ednssubnet.hh"
#ifdef HAVE_PROTOBUF #ifdef HAVE_PROTOBUF
static void logOutgoingQuery(std::shared_ptr<RemoteLogger> outgoingLogger, boost #include "uuid-utils.hh"
::optional<const boost::uuids::uuid&> initialRequestId, const boost::uuids::uuid
& uuid, const ComboAddress& ip, const DNSName& domain, int type, uint16_t qid, b #ifdef HAVE_FSTRM
ool doTCP, size_t bytes) #include "rec-dnstap.hh"
#include "fstrm_logger.hh"
bool g_syslog;
static bool isEnabledForQueries(const std::shared_ptr<std::vector<std::unique_pt
r<FrameStreamLogger>>>& fstreamLoggers)
{
if (fstreamLoggers == nullptr) {
return false;
}
for (auto& logger : *fstreamLoggers) {
if (logger->logQueries()) {
return true;
}
}
return false;
}
static void logFstreamQuery(const std::shared_ptr<std::vector<std::unique_ptr<Fr
ameStreamLogger>>>& fstreamLoggers, const struct timeval &queryTime, const Combo
Address& ip, bool doTCP, const vector<uint8_t>& packet)
{
if (fstreamLoggers == nullptr)
return;
struct timespec ts;
TIMEVAL_TO_TIMESPEC(&queryTime, &ts);
RecDnstapMessage message(SyncRes::s_serverID, nullptr, &ip, doTCP, reinterpret
_cast<const char*>(&*packet.begin()), packet.size(), &ts, nullptr);
std::string str;
message.serialize(str);
for (auto& logger : *fstreamLoggers) {
logger->queueData(str);
}
}
static bool isEnabledForResponses(const std::shared_ptr<std::vector<std::unique_
ptr<FrameStreamLogger>>>& fstreamLoggers)
{
if (fstreamLoggers == nullptr) {
return false;
}
for (auto& logger : *fstreamLoggers) {
if (logger->logResponses()) {
return true;
}
}
return false;
}
static void logFstreamResponse(const std::shared_ptr<std::vector<std::unique_ptr
<FrameStreamLogger>>>& fstreamLoggers, const ComboAddress& ip, bool doTCP, const
std::string& packet, const struct timeval& queryTime, const struct timeval& rep
lyTime)
{
if (fstreamLoggers == nullptr)
return;
struct timespec ts1, ts2;
TIMEVAL_TO_TIMESPEC(&queryTime, &ts1);
TIMEVAL_TO_TIMESPEC(&replyTime, &ts2);
RecDnstapMessage message(SyncRes::s_serverID, nullptr, &ip, doTCP, static_cast
<const char*>(&*packet.begin()), packet.size(), &ts1, &ts2);
std::string str;
message.serialize(str);
for (auto& logger : *fstreamLoggers) {
logger->queueData(str);
}
}
#endif // HAVE_FSTRM
static void logOutgoingQuery(const std::shared_ptr<std::vector<std::unique_ptr<R
emoteLogger>>>& outgoingLoggers, boost::optional<const boost::uuids::uuid&> init
ialRequestId, const boost::uuids::uuid& uuid, const ComboAddress& ip, const DNSN
ame& domain, int type, uint16_t qid, bool doTCP, size_t bytes, boost::optional<N
etmask>& srcmask)
{ {
if(!outgoingLogger) if(!outgoingLoggers)
return; return;
RecProtoBufMessage message(DNSProtoBufMessage::OutgoingQuery, uuid, nullptr, & ip, domain, type, QClass::IN, qid, doTCP, bytes); RecProtoBufMessage message(DNSProtoBufMessage::OutgoingQuery, uuid, nullptr, & ip, domain, type, QClass::IN, qid, doTCP, bytes);
message.setServerIdentity(SyncRes::s_serverID);
if (initialRequestId) { if (initialRequestId) {
message.setInitialRequestID(*initialRequestId); message.setInitialRequestID(*initialRequestId);
} }
if (srcmask) {
message.setEDNSSubnet(*srcmask);
}
// cerr <<message.toDebugString()<<endl; // cerr <<message.toDebugString()<<endl;
std::string str; std::string str;
message.serialize(str); message.serialize(str);
outgoingLogger->queueData(str);
for (auto& logger : *outgoingLoggers) {
logger->queueData(str);
}
} }
static void logIncomingResponse(std::shared_ptr<RemoteLogger> outgoingLogger, bo ost::optional<const boost::uuids::uuid&> initialRequestId, const boost::uuids::u uid& uuid, const ComboAddress& ip, const DNSName& domain, int type, uint16_t qid , bool doTCP, size_t bytes, int rcode, const std::vector<DNSRecord>& records, co nst struct timeval& queryTime) static void logIncomingResponse(const std::shared_ptr<std::vector<std::unique_pt r<RemoteLogger>>>& outgoingLoggers, boost::optional<const boost::uuids::uuid&> i nitialRequestId, const boost::uuids::uuid& uuid, const ComboAddress& ip, const D NSName& domain, int type, uint16_t qid, bool doTCP, size_t bytes, int rcode, con st std::vector<DNSRecord>& records, const struct timeval& queryTime, const std:: set<uint16_t>& exportTypes)
{ {
if(!outgoingLogger) if(!outgoingLoggers)
return; return;
RecProtoBufMessage message(DNSProtoBufMessage::IncomingResponse, uuid, nullptr , &ip, domain, type, QClass::IN, qid, doTCP, bytes); RecProtoBufMessage message(DNSProtoBufMessage::IncomingResponse, uuid, nullptr , &ip, domain, type, QClass::IN, qid, doTCP, bytes);
message.setServerIdentity(SyncRes::s_serverID);
if (initialRequestId) { if (initialRequestId) {
message.setInitialRequestID(*initialRequestId); message.setInitialRequestID(*initialRequestId);
} }
message.setQueryTime(queryTime.tv_sec, queryTime.tv_usec); message.setQueryTime(queryTime.tv_sec, queryTime.tv_usec);
message.setResponseCode(rcode); message.setResponseCode(rcode);
message.addRRs(records); message.addRRs(records, exportTypes);
// cerr <<message.toDebugString()<<endl; // cerr <<message.toDebugString()<<endl;
std::string str; std::string str;
message.serialize(str); message.serialize(str);
outgoingLogger->queueData(str);
for (auto& logger : *outgoingLoggers) {
logger->queueData(str);
}
} }
#endif /* HAVE_PROTOBUF */ #endif /* HAVE_PROTOBUF */
//! returns -2 for OS limits error, -1 for permanent error that has to do with r emote **transport**, 0 for timeout, 1 for success //! returns -2 for OS limits error, -1 for permanent error that has to do with r emote **transport**, 0 for timeout, 1 for success
/** lwr is only filled out in case 1 was returned, and even when returning 1 for 'success', lwr might contain DNS errors /** lwr is only filled out in case 1 was returned, and even when returning 1 for 'success', lwr might contain DNS errors
Never throws! Never throws!
*/ */
int asyncresolve(const ComboAddress& ip, const DNSName& domain, int type, bool d oTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Net mask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr< RemoteLogger> outgoingLogger, LWResult *lwr) int asyncresolve(const ComboAddress& ip, const DNSName& domain, int type, bool d oTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Net mask>& srcmask, boost::optional<const ResolveContext&> context, const std::share d_ptr<std::vector<std::unique_ptr<RemoteLogger>>>& outgoingLoggers, const std::s hared_ptr<std::vector<std::unique_ptr<FrameStreamLogger>>>& fstrmLoggers, const std::set<uint16_t>& exportTypes, LWResult *lwr, bool* chained)
{ {
size_t len; size_t len;
size_t bufsize=g_outgoingEDNSBufsize; size_t bufsize=g_outgoingEDNSBufsize;
scoped_array<unsigned char> buf(new unsigned char[bufsize]); std::string buf;
buf.resize(bufsize);
vector<uint8_t> vpacket; vector<uint8_t> vpacket;
// string mapped0x20=dns0x20(domain); // string mapped0x20=dns0x20(domain);
uint16_t qid = dns_random(0xffff); uint16_t qid = dns_random(0xffff);
DNSPacketWriter pw(vpacket, domain, type); DNSPacketWriter pw(vpacket, domain, type);
pw.getHeader()->rd=sendRDQuery; pw.getHeader()->rd=sendRDQuery;
pw.getHeader()->id=qid; pw.getHeader()->id=qid;
/* RFC 6840 section 5.9: /* RFC 6840 section 5.9:
* This document further specifies that validating resolvers SHOULD set * This document further specifies that validating resolvers SHOULD set
* the CD bit on every upstream query. This is regardless of whether * the CD bit on every upstream query. This is regardless of whether
skipping to change at line 119 skipping to change at line 201
* *
* sendRDQuery is only true if the qname is part of a forward-zone-recurse (or * sendRDQuery is only true if the qname is part of a forward-zone-recurse (or
* set in the forward-zone-file), so we use this as an indicator for it being * set in the forward-zone-file), so we use this as an indicator for it being
* an "upstream query". To stay true to "dnssec=off means 3.X behaviour", we * an "upstream query". To stay true to "dnssec=off means 3.X behaviour", we
* only set +CD on forwarded query in any mode other than dnssec=off. * only set +CD on forwarded query in any mode other than dnssec=off.
*/ */
pw.getHeader()->cd=(sendRDQuery && g_dnssecmode != DNSSECMode::Off); pw.getHeader()->cd=(sendRDQuery && g_dnssecmode != DNSSECMode::Off);
string ping; string ping;
bool weWantEDNSSubnet=false; bool weWantEDNSSubnet=false;
uint8_t outgoingECSBits = 0;
ComboAddress outgoingECSAddr;
if(EDNS0Level > 0) { if(EDNS0Level > 0) {
DNSPacketWriter::optvect_t opts; DNSPacketWriter::optvect_t opts;
if(srcmask) { if(srcmask) {
EDNSSubnetOpts eo; EDNSSubnetOpts eo;
eo.source = *srcmask; eo.source = *srcmask;
outgoingECSBits = srcmask->getBits();
outgoingECSAddr = srcmask->getNetwork();
// cout<<"Adding request mask: "<<eo.source.toString()<<endl; // cout<<"Adding request mask: "<<eo.source.toString()<<endl;
opts.push_back(make_pair(8, makeEDNSSubnetOptsString(eo))); opts.push_back(make_pair(EDNSOptionCode::ECS, makeEDNSSubnetOptsString(eo) ));
weWantEDNSSubnet=true; weWantEDNSSubnet=true;
} }
pw.addOpt(g_outgoingEDNSBufsize, 0, g_dnssecmode == DNSSECMode::Off ? 0 : ED NSOpts::DNSSECOK, opts); pw.addOpt(g_outgoingEDNSBufsize, 0, g_dnssecmode == DNSSECMode::Off ? 0 : ED NSOpts::DNSSECOK, opts);
pw.commit(); pw.commit();
} }
srcmask = boost::none; // this is also our return value, even if EDNS0Level == 0
lwr->d_rcode = 0; lwr->d_rcode = 0;
lwr->d_haveEDNS = false; lwr->d_haveEDNS = false;
int ret; int ret;
DTime dt; DTime dt;
dt.set(); dt.set();
*now=dt.getTimeval(); *now=dt.getTimeval();
#ifdef HAVE_PROTOBUF #ifdef HAVE_PROTOBUF
boost::uuids::uuid uuid; boost::uuids::uuid uuid;
const struct timeval queryTime = *now; const struct timeval queryTime = *now;
if (outgoingLogger) { if (outgoingLoggers) {
uuid = (*t_uuidGenerator)(); uuid = getUniqueID();
logOutgoingQuery(outgoingLogger, context ? context->d_initialRequestId : boo logOutgoingQuery(outgoingLoggers, context ? context->d_initialRequestId : bo
st::none, uuid, ip, domain, type, qid, doTCP, vpacket.size()); ost::none, uuid, ip, domain, type, qid, doTCP, vpacket.size(), srcmask);
} }
#endif #endif /* HAVE_PROTOBUF */
#ifdef HAVE_FSTRM
if (isEnabledForQueries(fstrmLoggers)) {
logFstreamQuery(fstrmLoggers, queryTime, ip, doTCP, vpacket);
}
#endif /* HAVE_FSTRM */
srcmask = boost::none; // this is also our return value, even if EDNS0Level ==
0
errno=0;
if(!doTCP) { if(!doTCP) {
int queryfd; int queryfd;
if(ip.sin4.sin_family==AF_INET6) if(ip.sin4.sin_family==AF_INET6)
g_stats.ipv6queries++; g_stats.ipv6queries++;
if((ret=asendto((const char*)&*vpacket.begin(), vpacket.size(), 0, ip, qid, if((ret=asendto((const char*)&*vpacket.begin(), vpacket.size(), 0, ip, qid,
domain, type, &queryfd)) < 0) { domain, type, &queryfd)) < 0) {
return ret; // passes back the -2 EMFILE return ret; // passes back the -2 EMFILE
} }
if (queryfd == -1) {
*chained = true;
}
// sleep until we see an answer to this, interface to mtasker // sleep until we see an answer to this, interface to mtasker
ret=arecvfrom(reinterpret_cast<char *>(buf.get()), bufsize-1,0, ip, &len, qi d, ret=arecvfrom(buf, 0, ip, &len, qid,
domain, type, queryfd, now); domain, type, queryfd, now);
} }
else { else {
try { try {
Socket s(ip.sin4.sin_family, SOCK_STREAM); Socket s(ip.sin4.sin_family, SOCK_STREAM);
s.setNonBlocking(); s.setNonBlocking();
ComboAddress local = getQueryLocalAddress(ip.sin4.sin_family, 0); ComboAddress local = getQueryLocalAddress(ip.sin4.sin_family, 0);
s.bind(local); s.bind(local);
skipping to change at line 199 skipping to change at line 294
if(!(ret > 0)) if(!(ret > 0))
return ret; return ret;
memcpy(&tlen, packet.c_str(), sizeof(tlen)); memcpy(&tlen, packet.c_str(), sizeof(tlen));
len=ntohs(tlen); // switch to the 'len' shared with the rest of the functi on len=ntohs(tlen); // switch to the 'len' shared with the rest of the functi on
ret=arecvtcp(packet, len, &s, false); ret=arecvtcp(packet, len, &s, false);
if(!(ret > 0)) if(!(ret > 0))
return ret; return ret;
if(len > bufsize) { buf.resize(len);
bufsize=len; memcpy(const_cast<char*>(buf.data()), packet.c_str(), len);
scoped_array<unsigned char> narray(new unsigned char[bufsize]);
buf.swap(narray);
}
memcpy(buf.get(), packet.c_str(), len);
ret=1; ret=1;
} }
catch(NetworkError& ne) { catch(NetworkError& ne) {
ret = -2; // OS limits error ret = -2; // OS limits error
} }
} }
lwr->d_usec=dt.udiff(); lwr->d_usec=dt.udiff();
*now=dt.getTimeval(); *now=dt.getTimeval();
if(ret <= 0) // includes 'timeout' if(ret <= 0) // includes 'timeout'
return ret; return ret;
buf.resize(len);
#ifdef HAVE_FSTRM
if (isEnabledForResponses(fstrmLoggers)) {
logFstreamResponse(fstrmLoggers, ip, doTCP, buf, queryTime, *now);
}
#endif /* HAVE_FSTRM */
lwr->d_records.clear(); lwr->d_records.clear();
try { try {
lwr->d_tcbit=0; lwr->d_tcbit=0;
MOADNSParser mdp(false, (const char*)buf.get(), len); MOADNSParser mdp(false, buf);
lwr->d_aabit=mdp.d_header.aa; lwr->d_aabit=mdp.d_header.aa;
lwr->d_tcbit=mdp.d_header.tc; lwr->d_tcbit=mdp.d_header.tc;
lwr->d_rcode=mdp.d_header.rcode; lwr->d_rcode=mdp.d_header.rcode;
if(mdp.d_header.rcode == RCode::FormErr && mdp.d_qname.empty() && mdp.d_qtyp e == 0 && mdp.d_qclass == 0) { if(mdp.d_header.rcode == RCode::FormErr && mdp.d_qname.empty() && mdp.d_qtyp e == 0 && mdp.d_qclass == 0) {
#ifdef HAVE_PROTOBUF #ifdef HAVE_PROTOBUF
if(outgoingLogger) { if(outgoingLoggers) {
logIncomingResponse(outgoingLogger, context ? context->d_initialRequestI logIncomingResponse(outgoingLoggers, context ? context->d_initialRequest
d : boost::none, uuid, ip, domain, type, qid, doTCP, len, lwr->d_rcode, lwr->d_r Id : boost::none, uuid, ip, domain, type, qid, doTCP, len, lwr->d_rcode, lwr->d_
ecords, queryTime); records, queryTime, exportTypes);
} }
#endif #endif
lwr->d_validpacket=true;
return 1; // this is "success", the error is set in lwr->d_rcode return 1; // this is "success", the error is set in lwr->d_rcode
} }
if(domain != mdp.d_qname) { if(domain != mdp.d_qname) {
if(!mdp.d_qname.empty() && domain.toString().find((char)0) == string::npos /* ugly */) {// embedded nulls are too noisy, plus empty domains are too if(!mdp.d_qname.empty() && domain.toString().find((char)0) == string::npos /* ugly */) {// embedded nulls are too noisy, plus empty domains are too
L<<Logger::Notice<<"Packet purporting to come from remote server "<<ip.t oString()<<" contained wrong answer: '" << domain << "' != '" << mdp.d_qname << "'" << endl; g_log<<Logger::Notice<<"Packet purporting to come from remote server "<< ip.toString()<<" contained wrong answer: '" << domain << "' != '" << mdp.d_qname << "'" << endl;
} }
// unexpected count has already been done @ pdns_recursor.cc // unexpected count has already been done @ pdns_recursor.cc
goto out; goto out;
} }
lwr->d_records.reserve(mdp.d_answers.size());
for(const auto& a : mdp.d_answers) for(const auto& a : mdp.d_answers)
lwr->d_records.push_back(a.first); lwr->d_records.push_back(a.first);
EDNSOpts edo; EDNSOpts edo;
if(EDNS0Level > 0 && getEDNSOpts(mdp, &edo)) { if(EDNS0Level > 0 && getEDNSOpts(mdp, &edo)) {
lwr->d_haveEDNS = true; lwr->d_haveEDNS = true;
if(weWantEDNSSubnet) { if(weWantEDNSSubnet) {
for(const auto& opt : edo.d_options) { for(const auto& opt : edo.d_options) {
if(opt.first==8) { if(opt.first==EDNSOptionCode::ECS) {
EDNSSubnetOpts reso; EDNSSubnetOpts reso;
if(getEDNSSubnetOptsFromString(opt.second, &reso)) { if(getEDNSSubnetOptsFromString(opt.second, &reso)) {
// cerr<<"EDNS Subnet response: "<<reso.source.toString( )<<", scope: "<<reso.scope.toString()<<", family = "<<reso.scope.getNetwork().si n4.sin_family<<endl; // cerr<<"EDNS Subnet response: "<<reso.source.toString( )<<", scope: "<<reso.scope.toString()<<", family = "<<reso.scope.getNetwork().si n4.sin_family<<endl;
/* rfc7871 states that 0 "indicate[s] that the answer is suitable for all addresses in FAMILY", /* rfc7871 states that 0 "indicate[s] that the answer is suitable for all addresses in FAMILY",
so we might want to still pass the information along to be able to differentiate between so we might want to still pass the information along to be able to differentiate between
IPv4 and IPv6. Still I'm pretty sure it doesn't matter in real life, so let's not duplicate IPv4 and IPv6. Still I'm pretty sure it doesn't matter in real life, so let's not duplicate
entries in our cache. */ entries in our cache. */
if(reso.scope.getBits()) if(reso.scope.getBits()) {
srcmask = reso.scope; uint8_t bits = std::min(reso.scope.getBits(), outgoingECSBits);
outgoingECSAddr.truncate(bits);
srcmask = Netmask(outgoingECSAddr, bits);
}
} }
} }
} }
} }
} }
#ifdef HAVE_PROTOBUF #ifdef HAVE_PROTOBUF
if(outgoingLogger) { if(outgoingLoggers) {
logIncomingResponse(outgoingLogger, context ? context->d_initialRequestId logIncomingResponse(outgoingLoggers, context ? context->d_initialRequestId
: boost::none, uuid, ip, domain, type, qid, doTCP, len, lwr->d_rcode, lwr->d_rec : boost::none, uuid, ip, domain, type, qid, doTCP, len, lwr->d_rcode, lwr->d_re
ords, queryTime); cords, queryTime, exportTypes);
} }
#endif #endif
lwr->d_validpacket=true;
return 1; return 1;
} }
catch(std::exception &mde) { catch(std::exception &mde) {
if(::arg().mustDo("log-common-errors")) if(::arg().mustDo("log-common-errors"))
L<<Logger::Notice<<"Unable to parse packet from remote server "<<ip.toStri ng()<<": "<<mde.what()<<endl; g_log<<Logger::Notice<<"Unable to parse packet from remote server "<<ip.to String()<<": "<<mde.what()<<endl;
lwr->d_rcode = RCode::FormErr; lwr->d_rcode = RCode::FormErr;
g_stats.serverParseError++; g_stats.serverParseError++;
#ifdef HAVE_PROTOBUF #ifdef HAVE_PROTOBUF
if(outgoingLogger) { if(outgoingLoggers) {
logIncomingResponse(outgoingLogger, context ? context->d_initialRequestId logIncomingResponse(outgoingLoggers, context ? context->d_initialRequestId
: boost::none, uuid, ip, domain, type, qid, doTCP, len, lwr->d_rcode, lwr->d_rec : boost::none, uuid, ip, domain, type, qid, doTCP, len, lwr->d_rcode, lwr->d_re
ords, queryTime); cords, queryTime, exportTypes);
} }
#endif #endif
lwr->d_validpacket=false;
return 1; // success - oddly enough return 1; // success - oddly enough
} }
catch(...) { catch(...) {
L<<Logger::Notice<<"Unknown error parsing packet from remote server"<<endl; g_log<<Logger::Notice<<"Unknown error parsing packet from remote server"<<en dl;
} }
g_stats.serverParseError++; g_stats.serverParseError++;
out: out:
if(!lwr->d_rcode) if(!lwr->d_rcode)
lwr->d_rcode=RCode::ServFail; lwr->d_rcode=RCode::ServFail;
return -1; return -1;
} }
 End of changes. 36 change blocks. 
46 lines changed or deleted 163 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)