dnsdist: Define empty DNSCrypt-related objects when not enabled

author Remi Gacogne <remi.gacogne@powerdns.com>

Wed, 27 Feb 2019 13:12:42 +0000 (14:12 +0100)

committer Remi Gacogne <remi.gacogne@powerdns.com>

Thu, 4 Apr 2019 09:46:26 +0000 (11:46 +0200)
author Remi Gacogne <remi.gacogne@powerdns.com>
Wed, 27 Feb 2019 13:12:42 +0000 (14:12 +0100)
committer Remi Gacogne <remi.gacogne@powerdns.com>
Thu, 4 Apr 2019 09:46:26 +0000 (11:46 +0200)
diff --git a/pdns/dnscrypt.hh b/pdns/dnscrypt.hh

index 40876017cd5527f2b30227c0ce09d420f0332fb6..307784cb8092ee5fcaa3ca3c42d003cbba0cb382 100644 (file)
--- a/pdns/dnscrypt.hh
+++ b/pdns/dnscrypt.hh
@@ -24,11 +24,24 @@
  
  #ifndef HAVE_DNSCRYPT
  
+/* let's just define a few types and values so that the rest of
+   the code can ignore whether DNSCrypt support is available */
+#define DNSCRYPT_MAX_RESPONSE_PADDING_AND_MAC_SIZE (0)
+
+class DNSCryptContext
+{
+};
+
  class DNSCryptQuery
  {
+  DNSCryptQuery(const std::shared_ptr<DNSCryptContext>& ctx): d_ctx(ctx)
+  {
+  }
+private:
+  std::shared_ptr<DNSCryptContext> d_ctx{nullptr};
  };
  
-#else
+#else /* HAVE_DNSCRYPT */
  
  #include <memory>
  #include <string>
diff --git a/pdns/dnsdist-tcp.cc b/pdns/dnsdist-tcp.cc

index 26608a4356c027109b647d6569c0a6ee49423367..bf66072fff965425ed492e24bf444722f041820c 100644 (file)
--- a/pdns/dnsdist-tcp.cc
+++ b/pdns/dnsdist-tcp.cc
@@ -355,13 +355,11 @@ void tcpClientThread(int pipefd)
          gettime(&queryRealTime, true);
  
          std::shared_ptr<DNSCryptQuery> dnsCryptQuery = nullptr;
-#ifdef HAVE_DNSCRYPT
          auto dnsCryptResponse = checkDNSCryptQuery(*ci.cs, query, qlen, dnsCryptQuery, queryRealTime.tv_sec, true);
          if (dnsCryptResponse) {
            handler.writeSizeAndMsg(reinterpret_cast<char*>(dnsCryptResponse->data()), static_cast<uint16_t>(dnsCryptResponse->size()), g_tcpSendTimeout);
            continue;
          }
-#endif
  
          struct dnsheader* dh = reinterpret_cast<struct dnsheader*>(query);
          if (!checkQueryHeaders(dh)) {
@@ -473,11 +471,10 @@ void tcpClientThread(int pipefd)
  
          size_t responseSize = rlen;
          uint16_t addRoom = 0;
-#ifdef HAVE_DNSCRYPT
          if (dq.dnsCryptQuery && (UINT16_MAX - rlen) > static_cast<uint16_t>(DNSCRYPT_MAX_RESPONSE_PADDING_AND_MAC_SIZE)) {
            addRoom = DNSCRYPT_MAX_RESPONSE_PADDING_AND_MAC_SIZE;
          }
-#endif
+
          responseSize += addRoom;
          answerBuffer.resize(responseSize);
          char* response = answerBuffer.data();
@@ -517,11 +514,9 @@ void tcpClientThread(int pipefd)
  #ifdef HAVE_PROTOBUF
          dr.uniqueId = std::move(dq.uniqueId);
  #endif
-#ifdef HAVE_DNSCRYPT
          if (dq.dnsCryptQuery) {
            dr.dnsCryptQuery = std::move(dq.dnsCryptQuery);
          }
-#endif
  
          memcpy(&cleartextDH, dr.dh, sizeof(cleartextDH));
          if (!processResponse(&response, &responseLen, &responseSize, localRespRulactions, dr, addRoom, rewrittenResponse, false)) {
diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc

index 1e02ceb85f1a8d83781f1aabc4c2cefa00e96729..0252b95debdf59d543e91b24f4f65ac2482d0e0c 100644 (file)
--- a/pdns/dnsdist.cc
+++ b/pdns/dnsdist.cc
@@ -94,9 +94,7 @@ string g_outputBuffer;
  
  vector<std::tuple<ComboAddress, bool, bool, int, string, std::set<int>>> g_locals;
  std::vector<std::shared_ptr<TLSFrontend>> g_tlslocals;
-#ifdef HAVE_DNSCRYPT
  std::vector<std::tuple<ComboAddress,std::shared_ptr<DNSCryptContext>,bool, int, string, std::set<int> >> g_dnsCryptLocals;
-#endif
  #ifdef HAVE_EBPF
  shared_ptr<BPFFilter> g_defaultBPFFilter;
  std::vector<std::shared_ptr<DynBPFFilter> > g_dynBPFFilters;
@@ -389,7 +387,7 @@ static bool encryptResponse(char* response, uint16_t* responseLen, size_t respon
    }
    return true;
  }
-#endif
+#endif /* HAVE_DNSCRYPT */
  
  static bool applyRulesToResponse(LocalStateHolder<vector<DNSDistResponseRuleAction> >& localRespRulactions, DNSResponse& dr)
  {
@@ -459,7 +457,7 @@ bool processResponse(char** response, uint16_t* responseLen, size_t* responseSiz
        return false;
      }
    }
-#endif
+#endif /* HAVE_DNSCRYPT */
  
    return true;
  }
@@ -513,11 +511,7 @@ void responderThread(std::shared_ptr<DownstreamState> dss)
  try {
    setThreadName("dnsdist/respond");
    auto localRespRulactions = g_resprulactions.getLocal();
-#ifdef HAVE_DNSCRYPT
    char packet[4096 + DNSCRYPT_MAX_RESPONSE_PADDING_AND_MAC_SIZE];
-#else
-  char packet[4096];
-#endif
    static_assert(sizeof(packet) <= UINT16_MAX, "Packet size should fit in a uint16_t");
    /* when the answer is encrypted in place, we need to get a copy
       of the original header before encryption to fill the ring buffer */
@@ -597,12 +591,10 @@ try {
  #ifdef HAVE_PROTOBUF
          dr.uniqueId = std::move(ids->uniqueId);
  #endif
-#ifdef HAVE_DNSCRYPT
          if (ids->dnsCryptQuery) {
            addRoom = DNSCRYPT_MAX_RESPONSE_PADDING_AND_MAC_SIZE;
            dr.dnsCryptQuery = std::move(ids->dnsCryptQuery);
          }
-#endif
  
          memcpy(&cleartextDH, dr.dh, sizeof(cleartextDH));
          if (!processResponse(&response, &responseLen, &responseSize, localRespRulactions, dr, addRoom, rewrittenResponse, ids->cs && ids->cs->muted)) {
@@ -1286,10 +1278,10 @@ static bool isUDPQueryAcceptable(ClientState& cs, LocalHolders& holders, const s
    return true;
  }
  
-#ifdef HAVE_DNSCRYPT
  boost::optional<std::vector<uint8_t>> checkDNSCryptQuery(const ClientState& cs, const char* query, uint16_t& len, std::shared_ptr<DNSCryptQuery>& dnsCryptQuery, time_t now, bool tcp)
  {
    if (cs.dnscryptCtx) {
+#ifdef HAVE_DNSCRYPT
      vector<uint8_t> response;
      uint16_t decryptedQueryLen = 0;
  
@@ -1305,10 +1297,10 @@ boost::optional<std::vector<uint8_t>> checkDNSCryptQuery(const ClientState& cs,
      }
  
      len = decryptedQueryLen;
+#endif /* HAVE_DNSCRYPT */
    }
    return boost::none;
  }
-#endif /* HAVE_DNSCRYPT */
  
  bool checkQueryHeaders(const struct dnsheader* dh)
  {
@@ -1362,13 +1354,13 @@ static bool prepareOutgoingResponse(LocalHolders& holders, ClientState& cs, DNSQ
    /* in case a rule changed it */
    dq.delayMsec = dr.delayMsec;
  
-  if (!cs.muted) {
  #ifdef HAVE_DNSCRYPT
+  if (!cs.muted) {
      if (!encryptResponse(reinterpret_cast<char*>(dq.dh), &dq.len, dq.size, dq.tcp, dq.dnsCryptQuery, nullptr, nullptr)) {
        return false;
      }
-#endif
    }
+#endif /* HAVE_DNSCRYPT */
  
    if (cacheHit) {
      ++g_stats.cacheHits;
@@ -1528,13 +1520,11 @@ static void processUDPQuery(ClientState& cs, LocalHolders& holders, const struct
      gettime(&queryRealTime, true);
  
      std::shared_ptr<DNSCryptQuery> dnsCryptQuery = nullptr;
-#ifdef HAVE_DNSCRYPT
      auto dnsCryptResponse = checkDNSCryptQuery(cs, query, len, dnsCryptQuery, queryRealTime.tv_sec, false);
      if (dnsCryptResponse) {
        sendUDPResponse(cs.udpFD, reinterpret_cast<char*>(dnsCryptResponse->data()), static_cast<uint16_t>(dnsCryptResponse->size()), 0, dest, remote);
        return;
      }
-#endif
  
      struct dnsheader* dh = reinterpret_cast<struct dnsheader*>(query);
      queryId = ntohs(dh->id);
@@ -1620,9 +1610,9 @@ static void processUDPQuery(ClientState& cs, LocalHolders& holders, const struct
        ids->origDest = cs.local;
        ids->destHarvested = false;
      }
-#ifdef HAVE_DNSCRYPT
+
      ids->dnsCryptQuery = std::move(dq.dnsCryptQuery);
-#endif
+
  #ifdef HAVE_PROTOBUF
      ids->uniqueId = std::move(dq.uniqueId);
  #endif
@@ -2628,7 +2618,6 @@ try
      tcpBindsCount++;
    }
  
-#ifdef HAVE_DNSCRYPT
    for(auto& dcLocal : g_dnsCryptLocals) {
      ClientState* cs = new ClientState;
      cs->local = std::get<0>(dcLocal);
@@ -2730,7 +2719,6 @@ try
      g_frontends.push_back(cs);
      tcpBindsCount++;
    }
-#endif
  
    for(auto& frontend : g_tlslocals) {
      ClientState* cs = new ClientState;
diff --git a/pdns/dnsdist.hh b/pdns/dnsdist.hh

index 513cd95955ee6b3f3b4552da2211e61012ccd900..6ed7faeab63d498086fc9ec0f32855ea800a82fc 100644 (file)
--- a/pdns/dnsdist.hh
+++ b/pdns/dnsdist.hh
@@ -539,9 +539,7 @@ struct IDState
    ComboAddress origDest;                                      // 28
    StopWatch sentTime;                                         // 16
    DNSName qname;                                              // 80
-#ifdef HAVE_DNSCRYPT
    std::shared_ptr<DNSCryptQuery> dnsCryptQuery{nullptr};
-#endif
  #ifdef HAVE_PROTOBUF
    boost::optional<boost::uuids::uuid> uniqueId;
  #endif
@@ -585,9 +583,7 @@ struct ClientState
  {
    std::set<int> cpus;
    ComboAddress local;
-#ifdef HAVE_DNSCRYPT
    std::shared_ptr<DNSCryptContext> dnscryptCtx{nullptr};
-#endif
    shared_ptr<TLSFrontend> tlsFrontend;
    std::atomic<uint64_t> queries{0};
    int udpFD{-1};
@@ -1050,13 +1046,9 @@ bool processResponse(char** response, uint16_t* responseLen, size_t* responseSiz
  
  bool checkQueryHeaders(const struct dnsheader* dh);
  
-#ifdef HAVE_DNSCRYPT
  extern std::vector<std::tuple<ComboAddress, std::shared_ptr<DNSCryptContext>, bool, int, std::string, std::set<int> > > g_dnsCryptLocals;
-
  int handleDNSCryptQuery(char* packet, uint16_t len, std::shared_ptr<DNSCryptQuery> query, uint16_t* decryptedQueryLen, bool tcp, time_t now, std::vector<uint8_t>& response);
-
  boost::optional<std::vector<uint8_t>> checkDNSCryptQuery(const ClientState& cs, const char* query, uint16_t& len, std::shared_ptr<DNSCryptQuery>& dnsCryptQuery, time_t now, bool tcp);
-#endif
  
  bool addXPF(DNSQuestion& dq, uint16_t optionCode);
author	Remi Gacogne <remi.gacogne@powerdns.com>
	Wed, 27 Feb 2019 13:12:42 +0000 (14:12 +0100)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Thu, 4 Apr 2019 09:46:26 +0000 (11:46 +0200)
pdns/dnscrypt.hh		patch \| blob \| blame \| history
pdns/dnsdist-tcp.cc		patch \| blob \| blame \| history
pdns/dnsdist.cc		patch \| blob \| blame \| history
pdns/dnsdist.hh		patch \| blob \| blame \| history