From: Remi Gacogne Date: Wed, 27 Feb 2019 13:12:42 +0000 (+0100) Subject: dnsdist: Define empty DNSCrypt-related objects when not enabled X-Git-Tag: dnsdist-1.4.0-alpha1~25^2~29 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7129b5c41cce7a1b3004995c8d05107014d1dc43;p=thirdparty%2Fpdns.git dnsdist: Define empty DNSCrypt-related objects when not enabled This way the rest of the code can mostly ignore whether DNSCrypt support is enabled. --- diff --git a/pdns/dnscrypt.hh b/pdns/dnscrypt.hh index 40876017cd..307784cb80 100644 --- a/pdns/dnscrypt.hh +++ b/pdns/dnscrypt.hh @@ -24,11 +24,24 @@ #ifndef HAVE_DNSCRYPT +/* let's just define a few types and values so that the rest of + the code can ignore whether DNSCrypt support is available */ +#define DNSCRYPT_MAX_RESPONSE_PADDING_AND_MAC_SIZE (0) + +class DNSCryptContext +{ +}; + class DNSCryptQuery { + DNSCryptQuery(const std::shared_ptr& ctx): d_ctx(ctx) + { + } +private: + std::shared_ptr d_ctx{nullptr}; }; -#else +#else /* HAVE_DNSCRYPT */ #include #include diff --git a/pdns/dnsdist-tcp.cc b/pdns/dnsdist-tcp.cc index 26608a4356..bf66072fff 100644 --- a/pdns/dnsdist-tcp.cc +++ b/pdns/dnsdist-tcp.cc @@ -355,13 +355,11 @@ void tcpClientThread(int pipefd) gettime(&queryRealTime, true); std::shared_ptr dnsCryptQuery = nullptr; -#ifdef HAVE_DNSCRYPT auto dnsCryptResponse = checkDNSCryptQuery(*ci.cs, query, qlen, dnsCryptQuery, queryRealTime.tv_sec, true); if (dnsCryptResponse) { handler.writeSizeAndMsg(reinterpret_cast(dnsCryptResponse->data()), static_cast(dnsCryptResponse->size()), g_tcpSendTimeout); continue; } -#endif struct dnsheader* dh = reinterpret_cast(query); if (!checkQueryHeaders(dh)) { @@ -473,11 +471,10 @@ void tcpClientThread(int pipefd) size_t responseSize = rlen; uint16_t addRoom = 0; -#ifdef HAVE_DNSCRYPT if (dq.dnsCryptQuery && (UINT16_MAX - rlen) > static_cast(DNSCRYPT_MAX_RESPONSE_PADDING_AND_MAC_SIZE)) { addRoom = DNSCRYPT_MAX_RESPONSE_PADDING_AND_MAC_SIZE; } -#endif + responseSize += addRoom; answerBuffer.resize(responseSize); char* response = answerBuffer.data(); @@ -517,11 +514,9 @@ void tcpClientThread(int pipefd) #ifdef HAVE_PROTOBUF dr.uniqueId = std::move(dq.uniqueId); #endif -#ifdef HAVE_DNSCRYPT if (dq.dnsCryptQuery) { dr.dnsCryptQuery = std::move(dq.dnsCryptQuery); } -#endif memcpy(&cleartextDH, dr.dh, sizeof(cleartextDH)); if (!processResponse(&response, &responseLen, &responseSize, localRespRulactions, dr, addRoom, rewrittenResponse, false)) { diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc index 1e02ceb85f..0252b95deb 100644 --- a/pdns/dnsdist.cc +++ b/pdns/dnsdist.cc @@ -94,9 +94,7 @@ string g_outputBuffer; vector>> g_locals; std::vector> g_tlslocals; -#ifdef HAVE_DNSCRYPT std::vector,bool, int, string, std::set >> g_dnsCryptLocals; -#endif #ifdef HAVE_EBPF shared_ptr g_defaultBPFFilter; std::vector > g_dynBPFFilters; @@ -389,7 +387,7 @@ static bool encryptResponse(char* response, uint16_t* responseLen, size_t respon } return true; } -#endif +#endif /* HAVE_DNSCRYPT */ static bool applyRulesToResponse(LocalStateHolder >& localRespRulactions, DNSResponse& dr) { @@ -459,7 +457,7 @@ bool processResponse(char** response, uint16_t* responseLen, size_t* responseSiz return false; } } -#endif +#endif /* HAVE_DNSCRYPT */ return true; } @@ -513,11 +511,7 @@ void responderThread(std::shared_ptr dss) try { setThreadName("dnsdist/respond"); auto localRespRulactions = g_resprulactions.getLocal(); -#ifdef HAVE_DNSCRYPT char packet[4096 + DNSCRYPT_MAX_RESPONSE_PADDING_AND_MAC_SIZE]; -#else - char packet[4096]; -#endif static_assert(sizeof(packet) <= UINT16_MAX, "Packet size should fit in a uint16_t"); /* when the answer is encrypted in place, we need to get a copy of the original header before encryption to fill the ring buffer */ @@ -597,12 +591,10 @@ try { #ifdef HAVE_PROTOBUF dr.uniqueId = std::move(ids->uniqueId); #endif -#ifdef HAVE_DNSCRYPT if (ids->dnsCryptQuery) { addRoom = DNSCRYPT_MAX_RESPONSE_PADDING_AND_MAC_SIZE; dr.dnsCryptQuery = std::move(ids->dnsCryptQuery); } -#endif memcpy(&cleartextDH, dr.dh, sizeof(cleartextDH)); if (!processResponse(&response, &responseLen, &responseSize, localRespRulactions, dr, addRoom, rewrittenResponse, ids->cs && ids->cs->muted)) { @@ -1286,10 +1278,10 @@ static bool isUDPQueryAcceptable(ClientState& cs, LocalHolders& holders, const s return true; } -#ifdef HAVE_DNSCRYPT boost::optional> checkDNSCryptQuery(const ClientState& cs, const char* query, uint16_t& len, std::shared_ptr& dnsCryptQuery, time_t now, bool tcp) { if (cs.dnscryptCtx) { +#ifdef HAVE_DNSCRYPT vector response; uint16_t decryptedQueryLen = 0; @@ -1305,10 +1297,10 @@ boost::optional> checkDNSCryptQuery(const ClientState& cs, } len = decryptedQueryLen; +#endif /* HAVE_DNSCRYPT */ } return boost::none; } -#endif /* HAVE_DNSCRYPT */ bool checkQueryHeaders(const struct dnsheader* dh) { @@ -1362,13 +1354,13 @@ static bool prepareOutgoingResponse(LocalHolders& holders, ClientState& cs, DNSQ /* in case a rule changed it */ dq.delayMsec = dr.delayMsec; - if (!cs.muted) { #ifdef HAVE_DNSCRYPT + if (!cs.muted) { if (!encryptResponse(reinterpret_cast(dq.dh), &dq.len, dq.size, dq.tcp, dq.dnsCryptQuery, nullptr, nullptr)) { return false; } -#endif } +#endif /* HAVE_DNSCRYPT */ if (cacheHit) { ++g_stats.cacheHits; @@ -1528,13 +1520,11 @@ static void processUDPQuery(ClientState& cs, LocalHolders& holders, const struct gettime(&queryRealTime, true); std::shared_ptr dnsCryptQuery = nullptr; -#ifdef HAVE_DNSCRYPT auto dnsCryptResponse = checkDNSCryptQuery(cs, query, len, dnsCryptQuery, queryRealTime.tv_sec, false); if (dnsCryptResponse) { sendUDPResponse(cs.udpFD, reinterpret_cast(dnsCryptResponse->data()), static_cast(dnsCryptResponse->size()), 0, dest, remote); return; } -#endif struct dnsheader* dh = reinterpret_cast(query); queryId = ntohs(dh->id); @@ -1620,9 +1610,9 @@ static void processUDPQuery(ClientState& cs, LocalHolders& holders, const struct ids->origDest = cs.local; ids->destHarvested = false; } -#ifdef HAVE_DNSCRYPT + ids->dnsCryptQuery = std::move(dq.dnsCryptQuery); -#endif + #ifdef HAVE_PROTOBUF ids->uniqueId = std::move(dq.uniqueId); #endif @@ -2628,7 +2618,6 @@ try tcpBindsCount++; } -#ifdef HAVE_DNSCRYPT for(auto& dcLocal : g_dnsCryptLocals) { ClientState* cs = new ClientState; cs->local = std::get<0>(dcLocal); @@ -2730,7 +2719,6 @@ try g_frontends.push_back(cs); tcpBindsCount++; } -#endif for(auto& frontend : g_tlslocals) { ClientState* cs = new ClientState; diff --git a/pdns/dnsdist.hh b/pdns/dnsdist.hh index 513cd95955..6ed7faeab6 100644 --- a/pdns/dnsdist.hh +++ b/pdns/dnsdist.hh @@ -539,9 +539,7 @@ struct IDState ComboAddress origDest; // 28 StopWatch sentTime; // 16 DNSName qname; // 80 -#ifdef HAVE_DNSCRYPT std::shared_ptr dnsCryptQuery{nullptr}; -#endif #ifdef HAVE_PROTOBUF boost::optional uniqueId; #endif @@ -585,9 +583,7 @@ struct ClientState { std::set cpus; ComboAddress local; -#ifdef HAVE_DNSCRYPT std::shared_ptr dnscryptCtx{nullptr}; -#endif shared_ptr tlsFrontend; std::atomic queries{0}; int udpFD{-1}; @@ -1050,13 +1046,9 @@ bool processResponse(char** response, uint16_t* responseLen, size_t* responseSiz bool checkQueryHeaders(const struct dnsheader* dh); -#ifdef HAVE_DNSCRYPT extern std::vector, bool, int, std::string, std::set > > g_dnsCryptLocals; - int handleDNSCryptQuery(char* packet, uint16_t len, std::shared_ptr query, uint16_t* decryptedQueryLen, bool tcp, time_t now, std::vector& response); - boost::optional> checkDNSCryptQuery(const ClientState& cs, const char* query, uint16_t& len, std::shared_ptr& dnsCryptQuery, time_t now, bool tcp); -#endif bool addXPF(DNSQuestion& dq, uint16_t optionCode);