pdns/dnsdist-dnscrypt.cc

   1 /*
   2  * This file is part of PowerDNS or dnsdist.
   3  * Copyright -- PowerDNS.COM B.V. and its contributors
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of version 2 of the GNU General Public License as
   7  * published by the Free Software Foundation.
   8  *
   9  * In addition, for the avoidance of any doubt, permission is granted to
  10  * link this program with OpenSSL and to (re)distribute the binaries
  11  * produced as the result of such linking.
  12  *
  13  * This program is distributed in the hope that it will be useful,
  14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  * GNU General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License
  19  * along with this program; if not, write to the Free Software
  20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  21  */
  22 #include "dolog.hh"
  23 #include "dnsdist.hh"
  24 #include "dnscrypt.hh"
  25
  26 #ifdef HAVE_DNSCRYPT
  27 int handleDnsCryptQuery(DnsCryptContext* ctx, char* packet, uint16_t len, std::shared_ptr<DnsCryptQuery>& query, uint16_t* decryptedQueryLen, bool tcp, std::vector<uint8_t>& response)
  28 {
  29   query->ctx = ctx;
  30
  31   ctx->parsePacket(packet, len, query, tcp, decryptedQueryLen);
  32
  33   if (query->valid == false) {
  34     vinfolog("Dropping DNSCrypt invalid query");
  35     return false;
  36   }
  37
  38   if (query->encrypted == false) {
  39     ctx->getCertificateResponse(query, response);
  40
  41     return false;
  42   }
  43
  44   if(*decryptedQueryLen < (int)sizeof(struct dnsheader)) {
  45     g_stats.nonCompliantQueries++;
  46     return false;
  47   }
  48
  49   return true;
  50 }
  51 #endif