From: Daniel Salzman Date: Mon, 15 Dec 2025 14:45:36 +0000 (+0100) Subject: kdig: remove TCP Fast Open support X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=HEAD;p=thirdparty%2Fknot-dns.git kdig: remove TCP Fast Open support --- diff --git a/doc/man_kdig.rst b/doc/man_kdig.rst index 198bbe43bb..f21e2871c3 100644 --- a/doc/man_kdig.rst +++ b/doc/man_kdig.rst @@ -226,9 +226,6 @@ Options **+**\ [\ **no**\ ]\ **tcp** Use the TCP protocol (default is UDP for standard query and TCP for AXFR/IXFR). -**+**\ [\ **no**\ ]\ **fastopen** - Use TCP Fast Open. - **+**\ [\ **no**\ ]\ **ignore** Don't use TCP automatically if a truncated reply is received. @@ -401,7 +398,7 @@ Examples $ kdig @1.1.1.1 +https example.com. $ kdig @193.17.47.1 +https=/doh example.com. $ kdig @8.8.4.4 +https +https-get example.com. - $ kdig @8.8.8.8 +https +tls-hostname=dns.google +fastopen example.com. + $ kdig @8.8.8.8 +https +tls-hostname=dns.google example.com. 6. More queries share one DoT connection:: diff --git a/src/utils/common/https.c b/src/utils/common/https.c index 3a58203f3b..a68457dbad 100644 --- a/src/utils/common/https.c +++ b/src/utils/common/https.c @@ -309,15 +309,14 @@ static int sockaddr_to_authority(char *buf, const size_t buf_len, const struct s return KNOT_EOK; } -int https_ctx_connect(https_ctx_t *ctx, int sockfd, bool fastopen, - struct sockaddr_storage *addr) +int https_ctx_connect(https_ctx_t *ctx, int sockfd, struct sockaddr_storage *addr) { if (ctx == NULL || addr == NULL) { return KNOT_EINVAL; } // Create TLS connection - int ret = tls_ctx_connect(ctx->tls, sockfd, fastopen, addr); + int ret = tls_ctx_connect(ctx->tls, sockfd, addr); if (ret != KNOT_EOK) { return ret; } diff --git a/src/utils/common/https.h b/src/utils/common/https.h index 63cee9421d..d8281962ed 100644 --- a/src/utils/common/https.h +++ b/src/utils/common/https.h @@ -85,7 +85,6 @@ int https_ctx_init(https_ctx_t *ctx, tls_ctx_t *tls_ctx, const https_params_t *p * * \param ctx HTTPS context. * \param sockfd Socket descriptor. - * \param fastopen Use TCP Fast Open indication. * \param addr Socket address storage with address to server side. * * \retval KNOT_EOK When successfully connected. @@ -94,8 +93,7 @@ int https_ctx_init(https_ctx_t *ctx, tls_ctx_t *tls_ctx, const https_params_t *p * \retval KNOT_NET_ETIMEOUT When server respond takes too long. * \retval KNOT_NET_ECONNECT When unnable to connect to the server. */ -int https_ctx_connect(https_ctx_t *ctx, int sockfd, bool fastopen, - struct sockaddr_storage *addr); +int https_ctx_connect(https_ctx_t *ctx, int sockfd, struct sockaddr_storage *addr); /*! * \brief Send buffer as DNS message over HTTPS. diff --git a/src/utils/common/netio.c b/src/utils/common/netio.c index 94f1181868..ef7b08ff1d 100644 --- a/src/utils/common/netio.c +++ b/src/utils/common/netio.c @@ -10,7 +10,6 @@ #include #include #include // OpenBSD -#include // TCP_FASTOPEN #include #ifdef HAVE_SYS_UIO_H @@ -210,7 +209,6 @@ int net_init(const srv_info_t *local, const int iptype, const int socktype, const int wait, - const net_flags_t flags, const struct sockaddr *proxy_src, const struct sockaddr *proxy_dst, net_t *net) @@ -265,7 +263,6 @@ int net_init(const srv_info_t *local, net->wait = wait; net->local = local; net->remote = remote; - net->flags = flags; net->proxy.src = proxy_src; net->proxy.dst = proxy_dst; @@ -339,59 +336,6 @@ int net_init_crypto(net_t *net, return KNOT_EOK; } -/*! - * Connect with TCP Fast Open. - */ -static int fastopen_connect(int sockfd, const struct addrinfo *srv) -{ -#if defined( __FreeBSD__) - const int enable = 1; - return setsockopt(sockfd, IPPROTO_TCP, TCP_FASTOPEN, &enable, sizeof(enable)); -#elif defined(__APPLE__) - // connection is performed lazily when first data are sent - struct sa_endpoints ep = {0}; - ep.sae_dstaddr = srv->ai_addr; - ep.sae_dstaddrlen = srv->ai_addrlen; - int flags = CONNECT_DATA_IDEMPOTENT|CONNECT_RESUME_ON_READ_WRITE; - - return connectx(sockfd, &ep, SAE_ASSOCID_ANY, flags, NULL, 0, NULL, NULL); -#elif defined(__linux__) - // connect() will be called implicitly with sendto(), sendmsg() - return 0; -#else - errno = ENOTSUP; - return -1; -#endif -} - -/*! - * Sends data with TCP Fast Open. - */ -static int fastopen_send(int sockfd, const struct msghdr *msg, int timeout) -{ -#if defined(__FreeBSD__) || defined(__APPLE__) - return sendmsg(sockfd, msg, 0); -#elif defined(__linux__) - int ret = sendmsg(sockfd, msg, MSG_FASTOPEN); - if (ret == -1 && errno == EINPROGRESS) { - struct pollfd pfd = { - .fd = sockfd, - .events = POLLOUT, - .revents = 0, - }; - if (poll(&pfd, 1, 1000 * timeout) != 1) { - errno = ETIMEDOUT; - return -1; - } - ret = sendmsg(sockfd, msg, 0); - } - return ret; -#else - errno = ENOTSUP; - return -1; -#endif -} - static char *net_get_remote(const net_t *net) { if (net->tls.params->sni != NULL) { @@ -456,39 +400,32 @@ int net_connect(net_t *net) if (net->socktype == SOCK_STREAM) { int cs = 1, err; socklen_t err_len = sizeof(err); - bool fastopen = net->flags & NET_FLAGS_FASTOPEN; #ifdef TCP_NODELAY (void)setsockopt(sockfd, IPPROTO_TCP, TCP_NODELAY, &cs, sizeof(cs)); #endif // Establish a connection. - if (net->tls.params == NULL || !fastopen) { - if (fastopen) { - ret = fastopen_connect(sockfd, net->srv); - } else { - ret = connect(sockfd, net->srv->ai_addr, net->srv->ai_addrlen); - } - if (ret != 0 && errno != EINPROGRESS) { - WARN("can't connect to %s", net->remote_str); - net_close(net); - return KNOT_NET_ECONNECT; - } + ret = connect(sockfd, net->srv->ai_addr, net->srv->ai_addrlen); + if (ret != 0 && errno != EINPROGRESS) { + WARN("can't connect to %s", net->remote_str); + net_close(net); + return KNOT_NET_ECONNECT; + } - // Check for connection timeout. - if (!fastopen && poll(&pfd, 1, 1000 * net->wait) != 1) { - WARN("connection timeout for %s", net->remote_str); - net_close(net); - return KNOT_NET_ECONNECT; - } + // Check for connection timeout. + if (poll(&pfd, 1, 1000 * net->wait) != 1) { + WARN("connection timeout for %s", net->remote_str); + net_close(net); + return KNOT_NET_ECONNECT; + } - // Check if NB socket is writeable. - cs = getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &err, &err_len); - if (cs < 0 || err != 0) { - WARN("can't connect to %s", net->remote_str); - net_close(net); - return KNOT_NET_ECONNECT; - } + // Check if NB socket is writeable. + cs = getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &err, &err_len); + if (cs < 0 || err != 0) { + WARN("can't connect to %s", net->remote_str); + net_close(net); + return KNOT_NET_ECONNECT; } if (net->tls.params != NULL) { @@ -505,7 +442,7 @@ int net_connect(net_t *net) if (remote && net->https.authority == NULL) { net->https.authority = strdup(remote); } - ret = https_ctx_connect(&net->https, sockfd, fastopen, + ret = https_ctx_connect(&net->https, sockfd, (struct sockaddr_storage *)net->srv->ai_addr); } else #endif //LIBNGHTTP2 @@ -517,7 +454,7 @@ int net_connect(net_t *net) net_close(net); return ret; } - ret = tls_ctx_connect(&net->tls, sockfd, fastopen, + ret = tls_ctx_connect(&net->tls, sockfd, (struct sockaddr_storage *)net->srv->ai_addr); } if (ret != KNOT_EOK) { @@ -669,8 +606,6 @@ int net_send(const net_t *net, const uint8_t *buf, const size_t buf_len) } // Send data over TCP. } else { - bool fastopen = net->flags & NET_FLAGS_FASTOPEN; - char proxy_buf[PROXYV2_HEADER_MAXLEN]; uint16_t pktsize = htons(buf_len); // Leading packet length bytes. struct iovec iov[3] = { @@ -705,12 +640,7 @@ int net_send(const net_t *net, const uint8_t *buf, const size_t buf_len) ssize_t total = iov[0].iov_len + iov[1].iov_len + iov[2].iov_len; - int ret = 0; - if (fastopen) { - ret = fastopen_send(net->sockfd, &msg, net->wait); - } else { - ret = sendmsg(net->sockfd, &msg, 0); - } + int ret = sendmsg(net->sockfd, &msg, 0); if (ret != total) { WARN("can't send query to %s", net->remote_str); return KNOT_NET_ESEND; diff --git a/src/utils/common/netio.h b/src/utils/common/netio.h index 48f77692fd..627ffd0805 100644 --- a/src/utils/common/netio.h +++ b/src/utils/common/netio.h @@ -25,11 +25,6 @@ typedef struct { char *service; } srv_info_t; -typedef enum { - NET_FLAGS_NONE = 0, - NET_FLAGS_FASTOPEN = 1 << 0, -} net_flags_t; - typedef struct { /*! Socket descriptor. */ int sockfd; @@ -40,8 +35,6 @@ typedef struct { int socktype; /*! Timeout for all network operations. */ int wait; - /*! Connection flags. */ - net_flags_t flags; /*! Local interface parameters. */ const srv_info_t *local; @@ -148,7 +141,6 @@ void get_addr_str(const struct sockaddr_storage *ss, * \param iptype IP version. * \param socktype Socket type. * \param wait Network timeout interval. - * \param flags Connection flags. * \param proxy_src Proxy source address. * \param proxy_dst Proxy destination address. * \param net Network structure to initialize. @@ -161,7 +153,6 @@ int net_init(const srv_info_t *local, const int iptype, const int socktype, const int wait, - const net_flags_t flags, const struct sockaddr *proxy_src, const struct sockaddr *proxy_dst, net_t *net); diff --git a/src/utils/common/tls.c b/src/utils/common/tls.c index 972a820445..1c8fd2dda7 100644 --- a/src/utils/common/tls.c +++ b/src/utils/common/tls.c @@ -13,10 +13,6 @@ #include #include #include -#define GNUTLS_VERSION_FASTOPEN_READY 0x030503 -#if GNUTLS_VERSION_NUMBER >= GNUTLS_VERSION_FASTOPEN_READY -#include -#endif #include "utils/common/tls.h" #include "utils/common/msg.h" @@ -554,8 +550,7 @@ int tls_ctx_setup_remote_endpoint(tls_ctx_t *ctx, const gnutls_datum_t *alpn, return KNOT_EOK; } -int tls_ctx_connect(tls_ctx_t *ctx, int sockfd, bool fastopen, - struct sockaddr_storage *addr) +int tls_ctx_connect(tls_ctx_t *ctx, int sockfd, struct sockaddr_storage *addr) { if (ctx == NULL) { return KNOT_EINVAL; @@ -564,16 +559,7 @@ int tls_ctx_connect(tls_ctx_t *ctx, int sockfd, bool fastopen, int ret = 0; gnutls_session_set_ptr(ctx->session, ctx); - if (fastopen) { -#if GNUTLS_VERSION_NUMBER >= GNUTLS_VERSION_FASTOPEN_READY - gnutls_transport_set_fastopen(ctx->session, sockfd, (struct sockaddr *)addr, - sockaddr_len(addr), 0); -#else - return KNOT_ENOTSUP; -#endif - } else { - gnutls_transport_set_int(ctx->session, sockfd); - } + gnutls_transport_set_int(ctx->session, sockfd); gnutls_handshake_set_timeout(ctx->session, 1000 * ctx->wait); diff --git a/src/utils/common/tls.h b/src/utils/common/tls.h index 4d9f1ce317..45a381f1ee 100644 --- a/src/utils/common/tls.h +++ b/src/utils/common/tls.h @@ -62,8 +62,7 @@ int tls_ctx_init(tls_ctx_t *ctx, const tls_params_t *params, unsigned int flags, int wait); int tls_ctx_setup_remote_endpoint(tls_ctx_t *ctx, const gnutls_datum_t *alpn, size_t alpn_size, const char *priority, const char *remote); -int tls_ctx_connect(tls_ctx_t *ctx, int sockfd, - bool fastopen, struct sockaddr_storage *addr); +int tls_ctx_connect(tls_ctx_t *ctx, int sockfd, struct sockaddr_storage *addr); int tls_ctx_send(tls_ctx_t *ctx, const uint8_t *buf, const size_t buf_len); int tls_ctx_receive(tls_ctx_t *ctx, uint8_t *buf, const size_t buf_len); diff --git a/src/utils/kdig/kdig_exec.c b/src/utils/kdig/kdig_exec.c index ab14acbffd..d4090bfe79 100644 --- a/src/utils/kdig/kdig_exec.c +++ b/src/utils/kdig/kdig_exec.c @@ -854,7 +854,6 @@ static int process_query(const query_t *query, net_t *net) // Get connection parameters. int socktype = get_socktype(query->protocol, query->type_num); - int flags = query->fastopen ? NET_FLAGS_FASTOPEN : NET_FLAGS_NONE; // Loop over server list to process query. WALK_LIST(server, query->servers) { @@ -870,7 +869,7 @@ static int process_query(const query_t *query, net_t *net) for (size_t i = 0; i <= query->retries; i++) { // Initialize network structure for current server. ret = net_init(query->local, remote, iptype, socktype, - query->wait, flags, + query->wait, (struct sockaddr *)&query->proxy.src, (struct sockaddr *)&query->proxy.dst, net); @@ -1214,7 +1213,6 @@ static int process_xfr(const query_t *query, net_t *net) // Get connection parameters. int socktype = get_socktype(query->protocol, query->type_num); - int flags = query->fastopen ? NET_FLAGS_FASTOPEN : NET_FLAGS_NONE; // Use the first nameserver from the list. srv_info_t *remote = HEAD(query->servers); @@ -1226,7 +1224,7 @@ static int process_xfr(const query_t *query, net_t *net) get_sockname(socktype)); // Initialize network structure. - ret = net_init(query->local, remote, iptype, socktype, query->wait, flags, + ret = net_init(query->local, remote, iptype, socktype, query->wait, (struct sockaddr *)&query->proxy.src, (struct sockaddr *)&query->proxy.dst, net); diff --git a/src/utils/kdig/kdig_params.c b/src/utils/kdig/kdig_params.c index 004a490c4c..bdd99e8b4f 100644 --- a/src/utils/kdig/kdig_params.c +++ b/src/utils/kdig/kdig_params.c @@ -617,24 +617,6 @@ static int opt_notcp(const char *arg, void *query) return opt_ignore(arg, query); } -static int opt_fastopen(const char *arg, void *query) -{ - query_t *q = query; - - q->fastopen = true; - - return opt_tcp(arg, query); -} - -static int opt_nofastopen(const char *arg, void *query) -{ - query_t *q = query; - - q->fastopen = false; - - return KNOT_EOK; -} - static int opt_keepopen(const char *arg, void *query) { query_t *q = query; @@ -1619,9 +1601,6 @@ static const param_t kdig_opts2[] = { { "tcp", ARG_NONE, opt_tcp }, { "notcp", ARG_NONE, opt_notcp }, - { "fastopen", ARG_NONE, opt_fastopen }, - { "nofastopen", ARG_NONE, opt_nofastopen }, - { "ignore", ARG_NONE, opt_ignore }, { "noignore", ARG_NONE, opt_noignore }, @@ -1739,7 +1718,6 @@ query_t *query_create(const char *owner, const query_t *conf) query->operation = OPERATION_QUERY; query->ip = IP_ALL; query->protocol = PROTO_ALL; - query->fastopen = false; query->port = strdup(""); query->udp_size = -1; query->retries = DEFAULT_RETRIES_DIG; @@ -2416,7 +2394,6 @@ static void print_help(void) " +[no]ttl * Show TTL value.\n" " +[no]crypto * Show binary parts of RRSIGs and DNSKEYs.\n" " +[no]tcp Use TCP protocol.\n" - " +[no]fastopen Use TCP Fast Open.\n" " +[no]ignore Don't use TCP automatically if truncated.\n" " +[no]keepopen Don't close the TCP connection to be reused.\n" " +[no]tls Use TLS with Opportunistic privacy profile.\n" diff --git a/src/utils/kdig/kdig_params.h b/src/utils/kdig/kdig_params.h index 32d6a86cd0..869ae12e7d 100644 --- a/src/utils/kdig/kdig_params.h +++ b/src/utils/kdig/kdig_params.h @@ -69,8 +69,6 @@ struct query { ip_t ip; /*!< Protocol type (TCP, UDP) to use. */ protocol_t protocol; - /*!< Use TCP Fast Open. */ - bool fastopen; /*!< Keep TCP connection open. */ bool keepopen; /*!< Port/service to connect to. */ diff --git a/src/utils/knsupdate/knsupdate_exec.c b/src/utils/knsupdate/knsupdate_exec.c index 24b40f19d4..9e0360868d 100644 --- a/src/utils/knsupdate/knsupdate_exec.c +++ b/src/utils/knsupdate/knsupdate_exec.c @@ -434,7 +434,6 @@ static int pkt_sendrecv(knsupdate_params_t *params) get_iptype(params->ip, params->server), get_socktype(params->protocol, KNOT_RRTYPE_SOA), params->wait, - NET_FLAGS_NONE, NULL, NULL, &net);