From: Baptiste Assmann <bedis9@gmail.com>
Date: Wed, 30 Oct 2019 15:06:53 +0000 (+0100)
Subject: BUG/MINOR: action: do-resolve now use cached response
X-Git-Tag: v2.1-dev5~30
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7264dfe9495a7bfd784b8964508e4204b7e077af;p=thirdparty%2Fhaproxy.git

BUG/MINOR: action: do-resolve now use cached response

As reported by David Birdsong on the ML, the HTTP action do-resolve does
not use the DNS cache.
Actually, the action is "registred" to the resolution for said name to
be resolved and wait until an other requester triggers the it. Once the
resolution is finished, then the action is updated with the result.
To trigger this, you must have a server with runtime DNS resolution
enabled and run a do-resolve action with the same fqdn AND they use the
same resolvers section.

This patch fixes this behavior by ensuring the resolution associated to
the action has a valid answer which is not considered as expired. If
those conditions are valid, then we can use it (it's the "cache").

Backport status: 2.0
---

diff --git a/src/dns.c b/src/dns.c
index 15d40a13a2..0001289606 100644
--- a/src/dns.c
+++ b/src/dns.c
@@ -2150,8 +2150,13 @@ enum act_return dns_action_do_resolve(struct act_rule *rule, struct proxy *px,
 	struct dns_resolution *resolution;
 	struct sample *smp;
 	char *fqdn;
+	struct dns_requester *req;
+	struct dns_resolvers  *resolvers;
+	struct dns_resolution *res;
+	int exp;
 
 	/* we have a response to our DNS resolution */
+ use_cache:
 	if (s->dns_ctx.dns_requester && s->dns_ctx.dns_requester->resolution != NULL) {
 		resolution = s->dns_ctx.dns_requester->resolution;
 		if (resolution->step == RSLV_STEP_RUNNING) {
@@ -2211,6 +2216,22 @@ enum act_return dns_action_do_resolve(struct act_rule *rule, struct proxy *px,
 
 	s->dns_ctx.parent = rule;
 	dns_link_resolution(s, OBJ_TYPE_STREAM, 0);
+
+	/* Check if there is a fresh enough response in the cache of our associated resolution */
+	req = s->dns_ctx.dns_requester;
+	if (!req || !req->resolution) {
+		dns_trigger_resolution(s->dns_ctx.dns_requester);
+		return ACT_RET_YIELD;
+	}
+	res       = req->resolution;
+	resolvers = res->resolvers;
+
+	exp = tick_add(res->last_resolution, resolvers->hold.valid);
+	if (resolvers->t && res->status == RSLV_STATUS_VALID && tick_isset(res->last_resolution)
+		       && !tick_is_expired(exp, now_ms)) {
+		goto use_cache;
+	}
+
 	dns_trigger_resolution(s->dns_ctx.dns_requester);
 	return ACT_RET_YIELD;
 }