Use ostringstream for constructing cookie displaystring, add a few comments why bindi...

diff --git a/pdns/ednscookies.cc b/pdns/ednscookies.cc
index 598d62ab871a62086d6303bc449808ae8bbe1b93..5be4a3d593ac485bb5a6a2f2ac68738b03852e1c 100644 (file)
--- a/pdns/ednscookies.cc
+++ b/pdns/ednscookies.cc
@@ -67,25 +67,26 @@ string EDNSCookiesOpt::makeOptString() const
 
 string EDNSCookiesOpt::toDisplayString() const
 {
-  std::string ret = makeHexDump(client, "");
+  std::ostringstream str;
+  str <<  makeHexDump(client, "");
   if (!server.empty()) {
-    ret += '|';
+    str << '|';
     if (server.length() != 16) {
       // It isn't a rfc9018 one
-      ret += makeHexDump(server, "");
+      str << makeHexDump(server, "");
     }
     else {
       // It very likely is a rfc9018 one
-      ret += makeHexDump(server.substr(0, 1), ""); // Version
-      ret += '|';
-      ret += makeHexDump(server.substr(1, 3), ""); // Reserved
-      ret += '|';
-      ret += makeHexDump(server.substr(4, 4), ""); // Timestamp
-      ret += '|';
-      ret += makeHexDump(server.substr(8, 8), ""); // Hash
+      str << makeHexDump(server.substr(0, 1), ""); // Version
+      str << '|';
+      str << makeHexDump(server.substr(1, 3), ""); // Reserved
+      str << '|';
+      str << makeHexDump(server.substr(4, 4), ""); // Timestamp
+      str << '|';
+      str << makeHexDump(server.substr(8, 8), ""); // Hash
     }
   }
-  return ret;
+  return str.str();
 }
 
 void EDNSCookiesOpt::getEDNSCookiesOptFromString(const char* option, unsigned int len)

diff --git a/pdns/recursordist/lwres.cc b/pdns/recursordist/lwres.cc
index 5781099c1d09148e4c38b8fa4c175e89ee825263..ebaa116295f2393f6a70dc4e388b6214e78cb9e4 100644 (file)
--- a/pdns/recursordist/lwres.cc
+++ b/pdns/recursordist/lwres.cc
@@ -337,6 +337,7 @@ static bool tcpconnect(const OptLog& log, const ComboAddress& remote, const std:
   Socket sock(remote.sin4.sin_family, SOCK_STREAM);
   sock.setNonBlocking();
   setTCPNoDelay(sock.getHandle());
+  // Bind to the same address the cookie is associated with (RFC 9018 section 3 last paragraph)
   ComboAddress localip = localBind ? *localBind : pdns::getQueryLocalAddress(remote.sin4.sin_family, 0);
   if (localBind) {
     VLOG(log, "Connecting TCP to " << remote.toString() << " with specific local address " << localip.toString() << endl);

diff --git a/pdns/recursordist/pdns_recursor.cc b/pdns/recursordist/pdns_recursor.cc
index 5896e3db7802a2bb95429692ab5cf5b54efc88dc..e03f9da7b715ec3be9e5ee61a7b91ac81a93ce98 100644 (file)
--- a/pdns/recursordist/pdns_recursor.cc
+++ b/pdns/recursordist/pdns_recursor.cc
@@ -179,6 +179,8 @@ int UDPClientSocks::makeClientSocket(int family, const std::optional<ComboAddres
       } while (g_avoidUdpSourcePorts.count(port) != 0);
     }
 
+    // localAddress is set if a cookie was involved, bind to the same address the cookie is
+    // associated with (RFC 9018 section 3 last paragraph)
     if (localAddress) {
       sin = *localAddress;
       sin.setPort(port);

diff --git a/pdns/recursordist/rec_channel_rec.cc b/pdns/recursordist/rec_channel_rec.cc
index 371f2e8b7f5d601b210e0a901badb24e22629ac4..d030f956c2bc673f4f5f2caa5caafaf1889a0ad9 100644 (file)
--- a/pdns/recursordist/rec_channel_rec.cc
+++ b/pdns/recursordist/rec_channel_rec.cc
@@ -1895,7 +1895,7 @@ static RecursorControlChannel::Answer help()
           "clear-nta [DOMAIN]...            Clear the Negative Trust Anchor for DOMAINs, if no DOMAIN is specified, remove all\n"
           "clear-ta [DOMAIN]...             Clear the Trust Anchor for DOMAINs\n"
           "dump-cache <filename> [type...]  dump cache contents to the named file, type is r, n, p or a\n"
-          "dump-cookies <filename>          dump the contents of the cookie data to the namewd file\n"
+          "dump-cookies <filename>          dump the contents of the cookie jar to the named file\n"
           "dump-dot-probe-map <filename>    dump the contents of the DoT probe map to the named file\n"
           "dump-edns [status] <filename>    dump EDNS status to the named file\n"
           "dump-failedservers <filename>    dump the failed servers to the named file\n"