From 9837850d80731ee9c1754feaff21db535cecd9da Mon Sep 17 00:00:00 2001 From: bert hubert Date: Fri, 5 Oct 2018 16:53:36 +0200 Subject: [PATCH] also make dnsdist use this --- pdns/dnsdist.cc | 34 ++++++++++++++++++++++++++-------- pdns/dnsdist.hh | 5 +++-- pdns/pdns_recursor.cc | 1 + 3 files changed, 30 insertions(+), 10 deletions(-) diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc index 845a326159..5fa2557982 100644 --- a/pdns/dnsdist.cc +++ b/pdns/dnsdist.cc @@ -271,7 +271,7 @@ bool fixUpQueryTurnedResponse(DNSQuestion& dq, const uint16_t origFlags) return addEDNSToQueryTurnedResponse(dq); } -bool fixUpResponse(char** response, uint16_t* responseLen, size_t* responseSize, const DNSName& qname, uint16_t origFlags, bool ednsAdded, bool ecsAdded, std::vector& rewrittenResponse, uint16_t addRoom) +bool fixUpResponse(char** response, uint16_t* responseLen, size_t* responseSize, const DNSName& qname, uint16_t origFlags, bool ednsAdded, bool ecsAdded, std::vector& rewrittenResponse, uint16_t addRoom, bool* zeroScope) { struct dnsheader* dh = (struct dnsheader*) *response; @@ -301,6 +301,9 @@ bool fixUpResponse(char** response, uint16_t* responseLen, size_t* responseSize, int res = locateEDNSOptRR(responseStr, &optStart, &optLen, &last); if (res == 0) { + if(zeroScope) + *zeroScope = optLen > 18 && !responseStr.at(optStart + 18); + if (ednsAdded) { /* we added the entire OPT RR, therefore we need to remove it entirely */ @@ -513,12 +516,13 @@ try { addRoom = DNSCRYPT_MAX_RESPONSE_PADDING_AND_MAC_SIZE; } #endif - if (!fixUpResponse(&response, &responseLen, &responseSize, ids->qname, ids->origFlags, ids->ednsAdded, ids->ecsAdded, rewrittenResponse, addRoom)) { + bool zeroScope=false; + if (!fixUpResponse(&response, &responseLen, &responseSize, ids->qname, ids->origFlags, ids->ednsAdded, ids->ecsAdded, rewrittenResponse, addRoom, &zeroScope)) { continue; } if (ids->packetCache && !ids->skipCache) { - ids->packetCache->insert(ids->cacheKey, ids->subnet, ids->origFlags, ids->dnssecOK, ids->qname, ids->qtype, ids->qclass, response, responseLen, false, dh->rcode, ids->tempFailureTTL); + ids->packetCache->insert(zeroScope ? ids->cacheKeyNoECS : ids->cacheKey, ids->subnet, ids->origFlags, ids->dnssecOK, ids->qname, ids->qtype, ids->qclass, response, responseLen, false, dh->rcode, ids->tempFailureTTL); } if (ids->cs && !ids->cs->muted) { @@ -1402,20 +1406,33 @@ static void processUDPQuery(ClientState& cs, LocalHolders& holders, const struct bool ednsAdded = false; bool ecsAdded = false; + uint32_t cacheKeyNoECS = 0; + uint32_t cacheKey = 0; + boost::optional subnet; + uint16_t cachedResponseSize = dq.size; + uint32_t allowExpired = ss ? 0 : g_staleCacheEntriesTTL; + if (dq.useECS && ((ss && ss->useECS) || (!ss && serverPool->getECS()))) { + if (packetCache && !dq.skipCache) { + dnssecOK = (getEDNSZ(dq) & EDNS_HEADER_FLAG_DO); + } + + uint16_t cachedResponseSize = dq.size; + uint32_t allowExpired = ss ? 0 : g_staleCacheEntriesTTL; + boost::optional subnet; + if (packetCache && !dq.skipCache && packetCache->get(dq, consumed, dh->id, query, &cachedResponseSize, &cacheKeyNoECS, subnet, dnssecOK, allowExpired)) { + goto sendIt; + } + if (!handleEDNSClientSubnet(dq, &(ednsAdded), &(ecsAdded), g_preserveTrailingData)) { vinfolog("Dropping query from %s because we couldn't insert the ECS value", remote.toStringWithPort()); return; } } - uint32_t cacheKey = 0; - boost::optional subnet; if (packetCache && !dq.skipCache) { - uint16_t cachedResponseSize = dq.size; - uint32_t allowExpired = ss ? 0 : g_staleCacheEntriesTTL; - dnssecOK = (getEDNSZ(dq) & EDNS_HEADER_FLAG_DO); if (packetCache->get(dq, consumed, dh->id, query, &cachedResponseSize, &cacheKey, subnet, dnssecOK, allowExpired)) { + sendIt:; DNSResponse dr(dq.qname, dq.qtype, dq.qclass, dq.consumed, dq.local, dq.remote, reinterpret_cast(query), dq.size, cachedResponseSize, false, &queryRealTime); #ifdef HAVE_PROTOBUF dr.uniqueId = dq.uniqueId; @@ -1526,6 +1543,7 @@ static void processUDPQuery(ClientState& cs, LocalHolders& holders, const struct ids->tempFailureTTL = dq.tempFailureTTL; ids->origFlags = origFlags; ids->cacheKey = cacheKey; + ids->cacheKeyNoECS = cacheKeyNoECS; ids->subnet = subnet; ids->skipCache = dq.skipCache; ids->packetCache = packetCache; diff --git a/pdns/dnsdist.hh b/pdns/dnsdist.hh index d2298b3e22..8f2e7a5379 100644 --- a/pdns/dnsdist.hh +++ b/pdns/dnsdist.hh @@ -528,7 +528,8 @@ struct IDState std::shared_ptr packetCache{nullptr}; std::shared_ptr qTag{nullptr}; const ClientState* cs{nullptr}; - uint32_t cacheKey; // 8 + uint32_t cacheKey; // 4 + uint32_t cacheKeyNoECS; // 4 uint16_t age; // 4 uint16_t qtype; // 2 uint16_t qclass; // 2 @@ -1019,7 +1020,7 @@ bool responseContentMatches(const char* response, const uint16_t responseLen, co bool processQuery(LocalHolders& holders, DNSQuestion& dq, string& poolname, int* delayMsec, const struct timespec& now); bool processResponse(LocalStateHolder >& localRespRulactions, DNSResponse& dr, int* delayMsec); bool fixUpQueryTurnedResponse(DNSQuestion& dq, const uint16_t origFlags); -bool fixUpResponse(char** response, uint16_t* responseLen, size_t* responseSize, const DNSName& qname, uint16_t origFlags, bool ednsAdded, bool ecsAdded, std::vector& rewrittenResponse, uint16_t addRoom); +bool fixUpResponse(char** response, uint16_t* responseLen, size_t* responseSize, const DNSName& qname, uint16_t origFlags, bool ednsAdded, bool ecsAdded, std::vector& rewrittenResponse, uint16_t addRoom, bool* zeroScope=0); void restoreFlags(struct dnsheader* dh, uint16_t origFlags); bool checkQueryHeaders(const struct dnsheader* dh); diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc index 67ea44375f..c41287bad6 100644 --- a/pdns/pdns_recursor.cc +++ b/pdns/pdns_recursor.cc @@ -1487,6 +1487,7 @@ static void startDoResolve(void *p) sendit:; if(g_useIncomingECS && haveEDNS && !sr.wasVariable()) { + // cerr<<"Stuffing in a 0 scope because answer is static"<d_ednssubnet.source; ComboAddress sa; -- 2.47.2