From: Otto Moerbeek Date: Fri, 6 May 2022 15:54:41 +0000 (+0200) Subject: Smarter hashing of header and query X-Git-Tag: auth-4.8.0-alpha0~57^2~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b2c3da472a8153bf4b0caa115296c11d8026b94f;p=thirdparty%2Fpdns.git Smarter hashing of header and query --- diff --git a/pdns/Makefile.am b/pdns/Makefile.am index 8eb5afde64..2ef1f85b02 100644 --- a/pdns/Makefile.am +++ b/pdns/Makefile.am @@ -196,10 +196,10 @@ pdns_server_SOURCES = \ backends/gsql/ssql.hh \ base32.cc base32.hh \ base64.cc base64.hh \ - burtle.hh \ bind-dnssec.schema.sqlite3.sql.h \ bindlexer.l \ bindparser.cc \ + burtle.hh \ cachecleaner.hh \ circular_buffer.hh \ comment.hh \ diff --git a/pdns/packetcache.hh b/pdns/packetcache.hh index eba68221f6..08c3546fb1 100644 --- a/pdns/packetcache.hh +++ b/pdns/packetcache.hh @@ -105,27 +105,19 @@ public: static uint32_t hashHeaderAndQName(const std::string& packet, size_t& pos) { - uint32_t currentHash = 0; const size_t packetSize = packet.size(); assert(packetSize >= sizeof(dnsheader)); - currentHash = burtle(reinterpret_cast(&packet.at(2)), sizeof(dnsheader) - 2, currentHash); // rest of dnsheader, skip id - pos = sizeof(dnsheader); + uint32_t currentHash = burtle(reinterpret_cast(&packet.at(2)), sizeof(dnsheader) - 2, 0); // rest of dnsheader, skip id - for (; pos < packetSize; ) { + for (pos = sizeof(dnsheader); pos < packetSize; ) { const unsigned char labelLen = static_cast(packet.at(pos)); - currentHash = burtle(&labelLen, 1, currentHash); ++pos; if (labelLen == 0) { break; } - - for (size_t idx = 0; idx < labelLen && pos < packetSize; ++idx, ++pos) { - const unsigned char l = dns_tolower(packet.at(pos)); - currentHash = burtle(&l, 1, currentHash); - } + pos = std::min(pos + labelLen, packetSize); } - - return currentHash; + return burtleCI(reinterpret_cast(&packet.at(sizeof(dnsheader))), pos - sizeof(dnsheader), currentHash); } /* hash the packet from the beginning, including the qname. This skips: diff --git a/pdns/test-packetcache_hh.cc b/pdns/test-packetcache_hh.cc index 1e361a7fa6..e43627310c 100644 --- a/pdns/test-packetcache_hh.cc +++ b/pdns/test-packetcache_hh.cc @@ -53,7 +53,7 @@ BOOST_AUTO_TEST_CASE(test_PacketCacheAuthCollision) { pw1.getHeader()->rd = true; pw1.getHeader()->qr = false; pw1.getHeader()->id = 0x42; - opt.source = Netmask("10.0.152.74/32"); + opt.source = Netmask("10.0.59.220/32"); ednsOptions.clear(); ednsOptions.emplace_back(EDNSOptionCode::ECS, makeEDNSSubnetOptsString(opt)); pw1.addOpt(512, 0, 0, ednsOptions); @@ -67,7 +67,7 @@ BOOST_AUTO_TEST_CASE(test_PacketCacheAuthCollision) { pw2.getHeader()->rd = true; pw2.getHeader()->qr = false; pw2.getHeader()->id = 0x84; - opt.source = Netmask("10.2.70.250/32"); + opt.source = Netmask("10.0.167.48/32"); ednsOptions.clear(); ednsOptions.emplace_back(EDNSOptionCode::ECS, makeEDNSSubnetOptsString(opt)); pw2.addOpt(512, 0, 0, ednsOptions); @@ -125,7 +125,7 @@ BOOST_AUTO_TEST_CASE(test_PacketCacheAuthCollision) { pw1.getHeader()->rd = true; pw1.getHeader()->qr = false; pw1.getHeader()->id = 0x42; - opt.source = Netmask("10.0.34.159/32"); + opt.source = Netmask("10.0.41.6/32"); ednsOptions.clear(); ednsOptions.emplace_back(EDNSOptionCode::ECS, makeEDNSSubnetOptsString(opt)); pw1.addOpt(512, 0, EDNSOpts::DNSSECOK, ednsOptions); @@ -139,7 +139,7 @@ BOOST_AUTO_TEST_CASE(test_PacketCacheAuthCollision) { pw2.getHeader()->rd = true; pw2.getHeader()->qr = false; pw2.getHeader()->id = 0x84; - opt.source = Netmask("10.0.179.58/32"); + opt.source = Netmask("10.0.119.79/32"); ednsOptions.clear(); ednsOptions.emplace_back(EDNSOptionCode::ECS, makeEDNSSubnetOptsString(opt)); /* no EDNSOpts::DNSSECOK !! */