{
if (state->d_querySize < sizeof(dnsheader)) {
++g_stats.nonCompliantQueries;
+ ++state->d_ci.cs->nonCompliantQueries;
state->terminateClientConnection();
return;
}
{
/* this pointer will be invalidated the second the buffer is resized, don't hold onto it! */
auto* dh = reinterpret_cast<dnsheader*>(state->d_buffer.data());
- if (!checkQueryHeaders(dh)) {
+ if (!checkQueryHeaders(dh, *state->d_ci.cs)) {
state->terminateClientConnection();
return;
}
const string frontsbase = "dnsdist_frontend_";
output << "# HELP " << frontsbase << "queries " << "Amount of queries received by this frontend" << "\n";
output << "# TYPE " << frontsbase << "queries " << "counter" << "\n";
+ output << "# HELP " << frontsbase << "noncompliantqueries " << "Amount of non-compliant queries received by this frontend" << "\n";
+ output << "# TYPE " << frontsbase << "noncompliantqueries " << "counter" << "\n";
output << "# HELP " << frontsbase << "responses " << "Amount of responses sent by this frontend" << "\n";
output << "# TYPE " << frontsbase << "responses " << "counter" << "\n";
output << "# HELP " << frontsbase << "tcpdiedreadingquery " << "Amount of TCP connections terminated while reading the query from the client" << "\n";
% frontName % proto % threadNumber);
output << frontsbase << "queries" << label << front->queries.load() << "\n";
+ output << frontsbase << "noncompliantqueries" << label << front->nonCompliantQueries.load() << "\n";
output << frontsbase << "responses" << label << front->responses.load() << "\n";
if (front->isTCP()) {
output << frontsbase << "tcpdiedreadingquery" << label << front->tcpDiedReadingQuery.load() << "\n";
{ "tcp", front->tcpFD >= 0 },
{ "type", front->getType() },
{ "queries", (double) front->queries.load() },
+ { "nonCompliantQueries", (double) front->nonCompliantQueries.load() },
{ "responses", (double) front->responses.load() },
{ "tcpDiedReadingQuery", (double) front->tcpDiedReadingQuery.load() },
{ "tcpDiedSendingResponse", (double) front->tcpDiedSendingResponse.load() },
if (msgh->msg_flags & MSG_TRUNC) {
/* message was too large for our buffer */
vinfolog("Dropping message too large for our buffer");
+ ++cs.nonCompliantQueries;
++g_stats.nonCompliantQueries;
return false;
}
return false;
}
-bool checkQueryHeaders(const struct dnsheader* dh)
+bool checkQueryHeaders(const struct dnsheader* dh, ClientState& cs)
{
if (dh->qr) { // don't respond to responses
++g_stats.nonCompliantQueries;
+ ++cs.nonCompliantQueries;
return false;
}
struct dnsheader* dh = reinterpret_cast<struct dnsheader*>(query.data());
queryId = ntohs(dh->id);
- if (!checkQueryHeaders(dh)) {
+ if (!checkQueryHeaders(dh, cs)) {
return;
}
if (static_cast<size_t>(got) < sizeof(struct dnsheader)) {
++g_stats.nonCompliantQueries;
+ ++cs->nonCompliantQueries;
continue;
}
if (got < 0 || static_cast<size_t>(got) < sizeof(struct dnsheader)) {
++g_stats.nonCompliantQueries;
+ ++cs->nonCompliantQueries;
continue;
}
}
stat_t queries{0};
+ stat_t nonCompliantQueries{0};
mutable stat_t responses{0};
mutable stat_t tcpDiedReadingQuery{0};
mutable stat_t tcpDiedSendingResponse{0};
bool processResponse(PacketBuffer& response, LocalStateHolder<vector<DNSDistResponseRuleAction> >& localRespRuleActions, DNSResponse& dr, bool muted, bool receivedOverUDP);
bool processRulesResult(const DNSAction::Action& action, DNSQuestion& dq, std::string& ruleresult, bool& drop);
-bool checkQueryHeaders(const struct dnsheader* dh);
+bool checkQueryHeaders(const struct dnsheader* dh, ClientState& cs);
extern std::vector<std::shared_ptr<DNSCryptContext>> g_dnsCryptLocals;
int handleDNSCryptQuery(PacketBuffer& packet, DNSCryptQuery& query, bool tcp, time_t now, PacketBuffer& response);
if (du->query.size() < sizeof(dnsheader)) {
++g_stats.nonCompliantQueries;
+ ++cs.nonCompliantQueries;
du->status_code = 400;
sendDoHUnitToTheMainThread(std::move(du), "DoH non-compliant query");
return;
/* don't keep that pointer around, it will be invalidated if the buffer is ever resized */
struct dnsheader* dh = reinterpret_cast<struct dnsheader*>(du->query.data());
- if (!checkQueryHeaders(dh)) {
+ if (!checkQueryHeaders(dh, cs)) {
du->status_code = 400;
sendDoHUnitToTheMainThread(std::move(du), "DoH invalid headers");
return;
return false;
}
-bool checkQueryHeaders(const struct dnsheader* dh)
+bool checkQueryHeaders(const struct dnsheader* dh, ClientState&)
{
return true;
}
self.assertTrue(server['state'] in ['up', 'down', 'UP', 'DOWN'])
for frontend in content['frontends']:
- for key in ['id', 'address', 'udp', 'tcp', 'type', 'queries']:
+ for key in ['id', 'address', 'udp', 'tcp', 'type', 'queries', 'nonCompliantQueries']:
self.assertIn(key, frontend)
- for key in ['id', 'queries']:
+ for key in ['id', 'queries', 'nonCompliantQueries']:
self.assertTrue(frontend[key] >= 0)
for pool in content['pools']:
projects / thirdparty / pdns.git / commitdiff
