From: Remi Gacogne Date: Mon, 28 Jun 2021 13:34:02 +0000 (+0200) Subject: dnsdist: Carry the exact protocol (Do53, DNSCrypt, DoT, DoH) in DQ X-Git-Tag: dnsdist-1.7.0-alpha1~100^2~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d84ea5be191a1bbf4ad414c418d0db93ad1f056e;p=thirdparty%2Fpdns.git dnsdist: Carry the exact protocol (Do53, DNSCrypt, DoT, DoH) in DQ --- diff --git a/pdns/dnsdist-cache.cc b/pdns/dnsdist-cache.cc index afe679ea5e..8ae1595cff 100644 --- a/pdns/dnsdist-cache.cc +++ b/pdns/dnsdist-cache.cc @@ -79,9 +79,9 @@ bool DNSDistPacketCache::getClientSubnet(const PacketBuffer& packet, size_t qnam return false; } -bool DNSDistPacketCache::cachedValueMatches(const CacheValue& cachedValue, uint16_t queryFlags, const DNSName& qname, uint16_t qtype, uint16_t qclass, bool tcp, bool dnssecOK, const boost::optional& subnet) const +bool DNSDistPacketCache::cachedValueMatches(const CacheValue& cachedValue, uint16_t queryFlags, const DNSName& qname, uint16_t qtype, uint16_t qclass, bool receivedOverUDP, bool dnssecOK, const boost::optional& subnet) const { - if (cachedValue.queryFlags != queryFlags || cachedValue.dnssecOK != dnssecOK || cachedValue.tcp != tcp || cachedValue.qtype != qtype || cachedValue.qclass != qclass || cachedValue.qname != qname) { + if (cachedValue.queryFlags != queryFlags || cachedValue.dnssecOK != dnssecOK || cachedValue.receivedOverUDP != receivedOverUDP || cachedValue.qtype != qtype || cachedValue.qclass != qclass || cachedValue.qname != qname) { return false; } @@ -114,7 +114,7 @@ void DNSDistPacketCache::insertLocked(CacheShard& shard, uint32_t key, CacheValu CacheValue& value = it->second; bool wasExpired = value.validity <= newValue.added; - if (!wasExpired && !cachedValueMatches(value, newValue.queryFlags, newValue.qname, newValue.qtype, newValue.qclass, newValue.tcp, newValue.dnssecOK, newValue.subnet)) { + if (!wasExpired && !cachedValueMatches(value, newValue.queryFlags, newValue.qname, newValue.qtype, newValue.qclass, newValue.receivedOverUDP, newValue.dnssecOK, newValue.subnet)) { d_insertCollisions++; return; } @@ -127,7 +127,7 @@ void DNSDistPacketCache::insertLocked(CacheShard& shard, uint32_t key, CacheValu value = newValue; } -void DNSDistPacketCache::insert(uint32_t key, const boost::optional& subnet, uint16_t queryFlags, bool dnssecOK, const DNSName& qname, uint16_t qtype, uint16_t qclass, const PacketBuffer& response, bool tcp, uint8_t rcode, boost::optional tempFailureTTL) +void DNSDistPacketCache::insert(uint32_t key, const boost::optional& subnet, uint16_t queryFlags, bool dnssecOK, const DNSName& qname, uint16_t qtype, uint16_t qclass, const PacketBuffer& response, bool receivedOverUDP, uint8_t rcode, boost::optional tempFailureTTL) { if (response.size() < sizeof(dnsheader)) { return; @@ -179,7 +179,7 @@ void DNSDistPacketCache::insert(uint32_t key, const boost::optional& su newValue.len = response.size(); newValue.validity = newValidity; newValue.added = now; - newValue.tcp = tcp; + newValue.receivedOverUDP = receivedOverUDP; newValue.dnssecOK = dnssecOK; newValue.value = std::string(response.begin(), response.end()); newValue.subnet = subnet; @@ -202,10 +202,10 @@ void DNSDistPacketCache::insert(uint32_t key, const boost::optional& su } } -bool DNSDistPacketCache::get(DNSQuestion& dq, uint16_t queryId, uint32_t* keyOut, boost::optional& subnet, bool dnssecOK, uint32_t allowExpired, bool skipAging) +bool DNSDistPacketCache::get(DNSQuestion& dq, uint16_t queryId, uint32_t* keyOut, boost::optional& subnet, bool dnssecOK, bool receivedOverUDP, uint32_t allowExpired, bool skipAging) { const auto& dnsQName = dq.qname->getStorage(); - uint32_t key = getKey(dnsQName, dq.qname->wirelength(), dq.getData(), dq.tcp); + uint32_t key = getKey(dnsQName, dq.qname->wirelength(), dq.getData(), receivedOverUDP); if (keyOut) { *keyOut = key; @@ -251,7 +251,7 @@ bool DNSDistPacketCache::get(DNSQuestion& dq, uint16_t queryId, uint32_t* keyOut } /* check for collision */ - if (!cachedValueMatches(value, *(getFlagsFromDNSHeader(dq.getHeader())), *dq.qname, dq.qtype, dq.qclass, dq.tcp, dnssecOK, subnet)) { + if (!cachedValueMatches(value, *(getFlagsFromDNSHeader(dq.getHeader())), *dq.qname, dq.qtype, dq.qclass, receivedOverUDP, dnssecOK, subnet)) { d_lookupCollisions++; return false; } @@ -420,7 +420,7 @@ uint32_t DNSDistPacketCache::getMinTTL(const char* packet, uint16_t length, bool return getDNSPacketMinTTL(packet, length, seenNoDataSOA); } -uint32_t DNSDistPacketCache::getKey(const DNSName::string_t& qname, size_t qnameWireLength, const PacketBuffer& packet, bool tcp) +uint32_t DNSDistPacketCache::getKey(const DNSName::string_t& qname, size_t qnameWireLength, const PacketBuffer& packet, bool receivedOverUDP) { uint32_t result = 0; /* skip the query ID */ @@ -442,7 +442,7 @@ uint32_t DNSDistPacketCache::getKey(const DNSName::string_t& qname, size_t qname result = burtle(&packet.at(sizeof(dnsheader) + qnameWireLength), packet.size() - (sizeof(dnsheader) + qnameWireLength), result); } } - result = burtle((const unsigned char*) &tcp, sizeof(tcp), result); + result = burtle((const unsigned char*) &receivedOverUDP, sizeof(receivedOverUDP), result); return result; } @@ -488,7 +488,7 @@ uint64_t DNSDistPacketCache::dump(int fd) rcode = dh.rcode; } - fprintf(fp.get(), "%s %" PRId64 " %s ; rcode %" PRIu8 ", key %" PRIu32 ", length %" PRIu16 ", tcp %d, added %" PRId64 "\n", value.qname.toString().c_str(), static_cast(value.validity - now), QType(value.qtype).toString().c_str(), rcode, entry.first, value.len, value.tcp, static_cast(value.added)); + fprintf(fp.get(), "%s %" PRId64 " %s ; rcode %" PRIu8 ", key %" PRIu32 ", length %" PRIu16 ", received over UDP %d, added %" PRId64 "\n", value.qname.toString().c_str(), static_cast(value.validity - now), QType(value.qtype).toString().c_str(), rcode, entry.first, value.len, value.receivedOverUDP, static_cast(value.added)); } catch(...) { fprintf(fp.get(), "; error printing '%s'\n", value.qname.empty() ? "EMPTY" : value.qname.toString().c_str()); diff --git a/pdns/dnsdist-cache.hh b/pdns/dnsdist-cache.hh index 25b1a0dd42..9fda635a40 100644 --- a/pdns/dnsdist-cache.hh +++ b/pdns/dnsdist-cache.hh @@ -37,8 +37,8 @@ public: DNSDistPacketCache(size_t maxEntries, uint32_t maxTTL=86400, uint32_t minTTL=0, uint32_t tempFailureTTL=60, uint32_t maxNegativeTTL=3600, uint32_t staleTTL=60, bool dontAge=false, uint32_t shards=1, bool deferrableInsertLock=true, bool parseECS=false); ~DNSDistPacketCache(); - void insert(uint32_t key, const boost::optional& subnet, uint16_t queryFlags, bool dnssecOK, const DNSName& qname, uint16_t qtype, uint16_t qclass, const PacketBuffer& response, bool tcp, uint8_t rcode, boost::optional tempFailureTTL); - bool get(DNSQuestion& dq, uint16_t queryId, uint32_t* keyOut, boost::optional& subnet, bool dnssecOK, uint32_t allowExpired = 0, bool skipAging = false); + void insert(uint32_t key, const boost::optional& subnet, uint16_t queryFlags, bool dnssecOK, const DNSName& qname, uint16_t qtype, uint16_t qclass, const PacketBuffer& response, bool receivedOverUDP, uint8_t rcode, boost::optional tempFailureTTL); + bool get(DNSQuestion& dq, uint16_t queryId, uint32_t* keyOut, boost::optional& subnet, bool dnssecOK, bool receivedOverUDP, uint32_t allowExpired = 0, bool skipAging = false); size_t purgeExpired(size_t upTo, const time_t now); size_t expunge(size_t upTo=0); size_t expungeByName(const DNSName& name, uint16_t qtype=QType::ANY, bool suffixMatch=false); @@ -78,7 +78,7 @@ public: d_parseECS = enabled; } - uint32_t getKey(const DNSName::string_t& qname, size_t qnameWireLength, const PacketBuffer& packet, bool tcp); + uint32_t getKey(const DNSName::string_t& qname, size_t qnameWireLength, const PacketBuffer& packet, bool receivedOverUDP); static uint32_t getMinTTL(const char* packet, uint16_t length, bool* seenNoDataSOA); static bool getClientSubnet(const PacketBuffer& packet, size_t qnameWireLength, boost::optional& subnet); @@ -97,7 +97,7 @@ private: time_t added{0}; time_t validity{0}; uint16_t len{0}; - bool tcp{false}; + bool receivedOverUDP{false}; bool dnssecOK{false}; }; @@ -121,7 +121,7 @@ private: std::atomic d_entriesCount{0}; }; - bool cachedValueMatches(const CacheValue& cachedValue, uint16_t queryFlags, const DNSName& qname, uint16_t qtype, uint16_t qclass, bool tcp, bool dnssecOK, const boost::optional& subnet) const; + bool cachedValueMatches(const CacheValue& cachedValue, uint16_t queryFlags, const DNSName& qname, uint16_t qtype, uint16_t qclass, bool receivedOverUDP, bool dnssecOK, const boost::optional& subnet) const; uint32_t getShardIndex(uint32_t key) const; void insertLocked(CacheShard& shard, uint32_t key, CacheValue& newValue); diff --git a/pdns/dnsdist-lua-actions.cc b/pdns/dnsdist-lua-actions.cc index ce1e714be3..3d4d213c4b 100644 --- a/pdns/dnsdist-lua-actions.cc +++ b/pdns/dnsdist-lua-actions.cc @@ -181,7 +181,7 @@ TeeAction::~TeeAction() DNSAction::Action TeeAction::operator()(DNSQuestion* dq, std::string* ruleresult) const { - if (dq->tcp) { + if (dq->overTCP()) { d_tcpdrops++; } else { @@ -1056,7 +1056,7 @@ public: static thread_local std::string data; data.clear(); - DnstapMessage message(data, !dq->getHeader()->qr ? DnstapMessage::MessageType::client_query : DnstapMessage::MessageType::client_response, d_identity, dq->remote, dq->local, dq->tcp, reinterpret_cast(dq->getData().data()), dq->getData().size(), dq->queryTime, nullptr); + DnstapMessage message(data, !dq->getHeader()->qr ? DnstapMessage::MessageType::client_query : DnstapMessage::MessageType::client_response, d_identity, dq->remote, dq->local, dq->overTCP(), reinterpret_cast(dq->getData().data()), dq->getData().size(), dq->queryTime, nullptr); { if (d_alterFunc) { std::lock_guard lock(g_luamutex); @@ -1189,7 +1189,7 @@ public: gettime(&now, true); data.clear(); - DnstapMessage message(data, DnstapMessage::MessageType::client_response, d_identity, dr->remote, dr->local, dr->tcp, reinterpret_cast(dr->getData().data()), dr->getData().size(), dr->queryTime, &now); + DnstapMessage message(data, DnstapMessage::MessageType::client_response, d_identity, dr->remote, dr->local, dr->overTCP(), reinterpret_cast(dr->getData().data()), dr->getData().size(), dr->queryTime, &now); { if (d_alterFunc) { std::lock_guard lock(g_luamutex); diff --git a/pdns/dnsdist-lua-bindings-dnsquestion.cc b/pdns/dnsdist-lua-bindings-dnsquestion.cc index 0c1bf156d0..94e84350b8 100644 --- a/pdns/dnsdist-lua-bindings-dnsquestion.cc +++ b/pdns/dnsdist-lua-bindings-dnsquestion.cc @@ -38,7 +38,7 @@ void setupLuaBindingsDNSQuestion(LuaContext& luaCtx) luaCtx.registerMember("dh", [](const DNSQuestion& dq) -> dnsheader* { return const_cast(dq).getHeader(); }, [](DNSQuestion& dq, const dnsheader* dh) { *(dq.getHeader()) = *dh; }); luaCtx.registerMember("len", [](const DNSQuestion& dq) -> uint16_t { return dq.getData().size(); }, [](DNSQuestion& dq, uint16_t newlen) { dq.getMutableData().resize(newlen); }); luaCtx.registerMember("opcode", [](const DNSQuestion& dq) -> uint8_t { return dq.getHeader()->opcode; }, [](DNSQuestion& dq, uint8_t newOpcode) { (void) newOpcode; }); - luaCtx.registerMember("tcp", [](const DNSQuestion& dq) -> bool { return dq.tcp; }, [](DNSQuestion& dq, bool newTcp) { (void) newTcp; }); + luaCtx.registerMember("tcp", [](const DNSQuestion& dq) -> bool { return dq.overTCP(); }, [](DNSQuestion& dq, bool newTcp) { (void) newTcp; }); luaCtx.registerMember("skipCache", [](const DNSQuestion& dq) -> bool { return dq.skipCache; }, [](DNSQuestion& dq, bool newSkipCache) { dq.skipCache = newSkipCache; }); luaCtx.registerMember("useECS", [](const DNSQuestion& dq) -> bool { return dq.useECS; }, [](DNSQuestion& dq, bool useECS) { dq.useECS = useECS; }); luaCtx.registerMember("ecsOverride", [](const DNSQuestion& dq) -> bool { return dq.ecsOverride; }, [](DNSQuestion& dq, bool ecsOverride) { dq.ecsOverride = ecsOverride; }); @@ -188,7 +188,7 @@ void setupLuaBindingsDNSQuestion(LuaContext& luaCtx) luaCtx.registerMember("dh", [](const DNSResponse& dr) -> dnsheader* { return const_cast(dr).getHeader(); }, [](DNSResponse& dr, const dnsheader* dh) { *(dr.getHeader()) = *dh; }); luaCtx.registerMember("len", [](const DNSResponse& dq) -> uint16_t { return dq.getData().size(); }, [](DNSResponse& dq, uint16_t newlen) { dq.getMutableData().resize(newlen); }); luaCtx.registerMember("opcode", [](const DNSResponse& dq) -> uint8_t { return dq.getHeader()->opcode; }, [](DNSResponse& dq, uint8_t newOpcode) { (void) newOpcode; }); - luaCtx.registerMember("tcp", [](const DNSResponse& dq) -> bool { return dq.tcp; }, [](DNSResponse& dq, bool newTcp) { (void) newTcp; }); + luaCtx.registerMember("tcp", [](const DNSResponse& dq) -> bool { return dq.overTCP(); }, [](DNSResponse& dq, bool newTcp) { (void) newTcp; }); luaCtx.registerMember("skipCache", [](const DNSResponse& dq) -> bool { return dq.skipCache; }, [](DNSResponse& dq, bool newSkipCache) { dq.skipCache = newSkipCache; }); luaCtx.registerFunction editFunc)>("editTTLs", [](DNSResponse& dr, std::function editFunc) { editDNSPacketTTL(reinterpret_cast(dr.getMutableData().data()), dr.getData().size(), editFunc); diff --git a/pdns/dnsdist-lua-rules.cc b/pdns/dnsdist-lua-rules.cc index 7fc73b84f3..fca4ef67d7 100644 --- a/pdns/dnsdist-lua-rules.cc +++ b/pdns/dnsdist-lua-rules.cc @@ -444,7 +444,7 @@ void setupLuaRules(LuaContext& luaCtx) sw.start(); for(int n=0; n < times; ++n) { item& i = items[n % items.size()]; - DNSQuestion dq(&i.qname, i.qtype, i.qclass, &i.rem, &i.rem, i.packet, false, &sw.d_start); + DNSQuestion dq(&i.qname, i.qtype, i.qclass, &i.rem, &i.rem, i.packet, DNSQuestion::Protocol::DoUDP, &sw.d_start); if (rule->matches(&dq)) { matches++; } diff --git a/pdns/dnsdist-protobuf.cc b/pdns/dnsdist-protobuf.cc index 1ceb86af72..deac0bdf3e 100644 --- a/pdns/dnsdist-protobuf.cc +++ b/pdns/dnsdist-protobuf.cc @@ -124,7 +124,7 @@ void DNSDistProtoBufMessage::serialize(std::string& data) const m.setTime(ts.tv_sec, ts.tv_nsec / 1000); } - m.setRequest(d_dq.uniqueId ? *d_dq.uniqueId : getUniqueID(), d_requestor ? *d_requestor : *d_dq.remote, d_responder ? *d_responder : *d_dq.local, d_question ? d_question->d_name : *d_dq.qname, d_question ? d_question->d_type : d_dq.qtype, d_question ? d_question->d_class : d_dq.qclass, d_dq.getHeader()->id, d_dq.tcp, d_bytes ? *d_bytes : d_dq.getData().size()); + m.setRequest(d_dq.uniqueId ? *d_dq.uniqueId : getUniqueID(), d_requestor ? *d_requestor : *d_dq.remote, d_responder ? *d_responder : *d_dq.local, d_question ? d_question->d_name : *d_dq.qname, d_question ? d_question->d_type : d_dq.qtype, d_question ? d_question->d_class : d_dq.qclass, d_dq.getHeader()->id, d_dq.overTCP(), d_bytes ? *d_bytes : d_dq.getData().size()); if (d_serverIdentity) { m.setServerIdentity(*d_serverIdentity); diff --git a/pdns/dnsdist-snmp.cc b/pdns/dnsdist-snmp.cc index d4f4937d6d..0456f0c5f7 100644 --- a/pdns/dnsdist-snmp.cc +++ b/pdns/dnsdist-snmp.cc @@ -448,7 +448,7 @@ bool DNSDistSNMPAgent::sendDNSTrap(const DNSQuestion& dq, const std::string& rea std::string remote = dq.remote->toString(); std::string qname = dq.qname->toStringNoDot(); const uint32_t socketFamily = dq.remote->isIPv4() ? 1 : 2; - const uint32_t socketProtocol = dq.tcp ? 2 : 1; + const uint32_t socketProtocol = dq.overTCP() ? 2 : 1; const uint32_t queryType = dq.getHeader()->qr ? 2 : 1; const uint32_t querySize = (uint32_t) dq.getData().size(); const uint32_t queryID = (uint32_t) ntohs(dq.getHeader()->id); diff --git a/pdns/dnsdist-tcp.cc b/pdns/dnsdist-tcp.cc index 76e0231478..9dceeb559c 100644 --- a/pdns/dnsdist-tcp.cc +++ b/pdns/dnsdist-tcp.cc @@ -383,7 +383,7 @@ static void handleResponseSent(std::shared_ptr& stat const auto& ids = currentResponse.d_idstate; double udiff = ids.sentTime.udiff(); g_rings.insertResponse(answertime, state->d_ci.remote, ids.qname, ids.qtype, static_cast(udiff), static_cast(currentResponse.d_buffer.size()), currentResponse.d_cleartextDH, ds->remote); - vinfolog("Got answer from %s, relayed to %s (%s, %d bytes), took %f usec", ds->remote.toStringWithPort(), ids.origRemote.toStringWithPort(), (state->d_ci.cs->tlsFrontend ? "DoT" : "TCP"), currentResponse.d_buffer.size(), udiff); + vinfolog("Got answer from %s, relayed to %s (%s, %d bytes), took %f usec", ds->remote.toStringWithPort(), ids.origRemote.toStringWithPort(), (state->d_handler.isTLS() ? "DoT" : "TCP"), currentResponse.d_buffer.size(), udiff); } switch (currentResponse.d_cleartextDH.rcode) { @@ -585,11 +585,11 @@ void IncomingTCPConnectionState::handleResponse(std::shared_ptrd_handler.isTLS() ? DNSQuestion::Protocol::DoT : DNSQuestion::Protocol::DoTCP); memcpy(&response.d_cleartextDH, dr.getHeader(), sizeof(response.d_cleartextDH)); - if (!processResponse(response.d_buffer, state->d_threadData.localRespRuleActions, dr, false)) { + if (!processResponse(response.d_buffer, state->d_threadData.localRespRuleActions, dr, false, false)) { state->terminateClientConnection(); return; } @@ -681,7 +681,15 @@ static void handleQuery(std::shared_ptr& state, cons uint16_t qtype, qclass; unsigned int qnameWireLength = 0; DNSName qname(reinterpret_cast(state->d_buffer.data()), state->d_buffer.size(), sizeof(dnsheader), false, &qtype, &qclass, &qnameWireLength); - DNSQuestion dq(&qname, qtype, qclass, &state->d_proxiedDestination, &state->d_proxiedRemote, state->d_buffer, true, &queryRealTime); + DNSQuestion::Protocol protocol = DNSQuestion::Protocol::DoTCP; + if (dnsCryptQuery) { + protocol = DNSQuestion::Protocol::DNSCryptTCP; + } + else if (state->d_handler.isTLS()) { + protocol = DNSQuestion::Protocol::DoT; + } + + DNSQuestion dq(&qname, qtype, qclass, &state->d_proxiedDestination, &state->d_proxiedRemote, state->d_buffer, protocol, &queryRealTime); dq.dnsCryptQuery = std::move(dnsCryptQuery); dq.sni = state->d_handler.getServerNameIndication(); if (state->d_proxyProtocolValues) { @@ -764,7 +772,7 @@ static void handleQuery(std::shared_ptr& state, cons } ++state->d_currentQueriesCount; - vinfolog("Got query for %s|%s from %s (%s, %d bytes), relayed to %s", query.d_idstate.qname.toLogString(), QType(query.d_idstate.qtype).toString(), state->d_proxiedRemote.toStringWithPort(), (state->d_ci.cs->tlsFrontend ? "DoT" : "TCP"), query.d_buffer.size(), ds->getName()); + vinfolog("Got query for %s|%s from %s (%s, %d bytes), relayed to %s", query.d_idstate.qname.toLogString(), QType(query.d_idstate.qtype).toString(), state->d_proxiedRemote.toStringWithPort(), (state->d_handler.isTLS() ? "DoT" : "TCP"), query.d_buffer.size(), ds->getName()); downstreamConnection->queueQuery(std::move(query), downstreamConnection); } diff --git a/pdns/dnsdist-xpf.cc b/pdns/dnsdist-xpf.cc index 2b9f4fc4d1..b02ad62176 100644 --- a/pdns/dnsdist-xpf.cc +++ b/pdns/dnsdist-xpf.cc @@ -27,7 +27,7 @@ bool addXPF(DNSQuestion& dq, uint16_t optionCode) { - std::string payload = generateXPFPayload(dq.tcp, *dq.remote, *dq.local); + std::string payload = generateXPFPayload(dq.overTCP(), *dq.remote, *dq.local); uint8_t root = '\0'; dnsrecordheader drh; drh.d_type = htons(optionCode); diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc index 252b57b5ab..f1a2fb9403 100644 --- a/pdns/dnsdist.cc +++ b/pdns/dnsdist.cc @@ -437,7 +437,9 @@ static bool applyRulesToResponse(LocalStateHolder >& localRespRuleActions, DNSResponse& dr, bool muted) +// whether the query was received over TCP or not (for rules, dnstap, protobuf, ...) will be taken from the DNSResponse, but receivedOverUDP is used to insert into the cache, +// so that answers received over UDP for DoH are still cached with UDP answers. +bool processResponse(PacketBuffer& response, LocalStateHolder >& localRespRuleActions, DNSResponse& dr, bool muted, bool receivedOverUDP) { if (!applyRulesToResponse(localRespRuleActions, dr)) { return false; @@ -461,12 +463,12 @@ bool processResponse(PacketBuffer& response, LocalStateHolderinsert(zeroScope ? dr.cacheKeyNoECS : dr.cacheKey, zeroScope ? boost::none : dr.subnet, dr.origFlags, dr.dnssecOK, *dr.qname, dr.qtype, dr.qclass, response, dr.tcp, dr.getHeader()->rcode, dr.tempFailureTTL); + dr.packetCache->insert(zeroScope ? dr.cacheKeyNoECS : dr.cacheKey, zeroScope ? boost::none : dr.subnet, dr.origFlags, dr.dnssecOK, *dr.qname, dr.qtype, dr.qclass, response, receivedOverUDP, dr.getHeader()->rcode, dr.tempFailureTTL); } #ifdef HAVE_DNSCRYPT if (!muted) { - if (!encryptResponse(response, dr.getMaximumSize(), dr.tcp, dr.dnsCryptQuery)) { + if (!encryptResponse(response, dr.getMaximumSize(), dr.overTCP(), dr.dnsCryptQuery)) { return false; } } @@ -634,13 +636,13 @@ void responderThread(std::shared_ptr dss) dh->id = ids->origID; - DNSResponse dr = makeDNSResponseFromIDState(*ids, response, false); + DNSResponse dr = makeDNSResponseFromIDState(*ids, response, DNSQuestion::Protocol::DoUDP); if (dh->tc && g_truncateTC) { truncateTC(response, dr.getMaximumSize(), qnameWireLength); } memcpy(&cleartextDH, dr.getHeader(), sizeof(cleartextDH)); - if (!processResponse(response, localRespRuleActions, dr, ids->cs && ids->cs->muted)) { + if (!processResponse(response, localRespRuleActions, dr, ids->cs && ids->cs->muted, true)) { continue; } @@ -897,7 +899,7 @@ static bool applyRulesToQuery(LocalHolders& holders, DNSQuestion& dq, const stru return true; case DNSAction::Action::Truncate: - if(!dq.tcp) { + if (!dq.overTCP()) { updateBlockStats(); vinfolog("Query from %s truncated because of dynamic block", dq.remote->toStringWithPort()); dq.getHeader()->tc = true; @@ -954,7 +956,7 @@ static bool applyRulesToQuery(LocalHolders& holders, DNSQuestion& dq, const stru dq.getHeader()->qr=true; return true; case DNSAction::Action::Truncate: - if(!dq.tcp) { + if (!dq.overTCP()) { updateBlockStats(); vinfolog("Query from %s for %s truncated because of dynamic block", dq.remote->toStringWithPort(), dq.qname->toLogString()); @@ -1126,7 +1128,7 @@ static void queueResponse(const ClientState& cs, const PacketBuffer& response, c /* self-generated responses or cache hits */ static bool prepareOutgoingResponse(LocalHolders& holders, ClientState& cs, DNSQuestion& dq, bool cacheHit) { - DNSResponse dr(dq.qname, dq.qtype, dq.qclass, dq.local, dq.remote, dq.getMutableData(), dq.tcp, dq.queryTime); + DNSResponse dr(dq.qname, dq.qtype, dq.qclass, dq.local, dq.remote, dq.getMutableData(), dq.protocol, dq.queryTime); dr.uniqueId = dq.uniqueId; dr.qTag = dq.qTag; @@ -1141,7 +1143,7 @@ static bool prepareOutgoingResponse(LocalHolders& holders, ClientState& cs, DNSQ #ifdef HAVE_DNSCRYPT if (!cs.muted) { - if (!encryptResponse(dq.getMutableData(), dq.getMaximumSize(), dq.tcp, dq.dnsCryptQuery)) { + if (!encryptResponse(dq.getMutableData(), dq.getMaximumSize(), dq.overTCP(), dq.dnsCryptQuery)) { return false; } } @@ -1212,7 +1214,7 @@ ProcessQueryResult processQuery(DNSQuestion& dq, ClientState& cs, LocalHolders& // we need ECS parsing (parseECS) to be true so we can be sure that the initial incoming query did not have an existing // ECS option, which would make it unsuitable for the zero-scope feature. if (dq.packetCache && !dq.skipCache && (!selectedBackend || !selectedBackend->disableZeroScope) && dq.packetCache->isECSParsingEnabled()) { - if (dq.packetCache->get(dq, dq.getHeader()->id, &dq.cacheKeyNoECS, dq.subnet, dq.dnssecOK, allowExpired)) { + if (dq.packetCache->get(dq, dq.getHeader()->id, &dq.cacheKeyNoECS, dq.subnet, dq.dnssecOK, !dq.overTCP() || dq.getProtocol() == DNSQuestion::Protocol::DoH, allowExpired)) { if (!prepareOutgoingResponse(holders, cs, dq, true)) { return ProcessQueryResult::Drop; @@ -1234,7 +1236,7 @@ ProcessQueryResult processQuery(DNSQuestion& dq, ClientState& cs, LocalHolders& } if (dq.packetCache && !dq.skipCache) { - if (dq.packetCache->get(dq, dq.getHeader()->id, &dq.cacheKey, dq.subnet, dq.dnssecOK, allowExpired)) { + if (dq.packetCache->get(dq, dq.getHeader()->id, &dq.cacheKey, dq.subnet, dq.dnssecOK, !dq.overTCP() || dq.getProtocol() == DNSQuestion::Protocol::DoH, allowExpired)) { if (!prepareOutgoingResponse(holders, cs, dq, true)) { return ProcessQueryResult::Drop; @@ -1273,7 +1275,7 @@ ProcessQueryResult processQuery(DNSQuestion& dq, ClientState& cs, LocalHolders& return ProcessQueryResult::PassToBackend; } catch (const std::exception& e){ - vinfolog("Got an error while parsing a %s query from %s, id %d: %s", (dq.tcp ? "TCP" : "UDP"), dq.remote->toStringWithPort(), queryId, e.what()); + vinfolog("Got an error while parsing a %s query from %s, id %d: %s", (dq.overTCP() ? "TCP" : "UDP"), dq.remote->toStringWithPort(), queryId, e.what()); } return ProcessQueryResult::Drop; } @@ -1331,7 +1333,7 @@ static void processUDPQuery(ClientState& cs, LocalHolders& holders, const struct uint16_t qtype, qclass; unsigned int qnameWireLength = 0; DNSName qname(reinterpret_cast(query.data()), query.size(), sizeof(dnsheader), false, &qtype, &qclass, &qnameWireLength); - DNSQuestion dq(&qname, qtype, qclass, proxiedDestination.sin4.sin_family != 0 ? &proxiedDestination : &cs.local, &proxiedRemote, query, false, &queryRealTime); + DNSQuestion dq(&qname, qtype, qclass, proxiedDestination.sin4.sin_family != 0 ? &proxiedDestination : &cs.local, &proxiedRemote, query, dnsCryptQuery ? DNSQuestion::Protocol::DNSCryptUDP : DNSQuestion::Protocol::DoUDP, &queryRealTime); dq.dnsCryptQuery = std::move(dnsCryptQuery); if (!proxyProtocolValues.empty()) { dq.proxyProtocolValues = make_unique>(std::move(proxyProtocolValues)); diff --git a/pdns/dnsdist.hh b/pdns/dnsdist.hh index cd2328e644..75c393a59d 100644 --- a/pdns/dnsdist.hh +++ b/pdns/dnsdist.hh @@ -63,8 +63,10 @@ using QTag = std::unordered_map; struct DNSQuestion { - DNSQuestion(const DNSName* name, uint16_t type, uint16_t class_, const ComboAddress* lc, const ComboAddress* rem, PacketBuffer& data_, bool isTcp, const struct timespec* queryTime_): - data(data_), qname(name), local(lc), remote(rem), queryTime(queryTime_), tempFailureTTL(boost::none), qtype(type), qclass(class_), ecsPrefixLength(rem->sin4.sin_family == AF_INET ? g_ECSSourcePrefixV4 : g_ECSSourcePrefixV6), tcp(isTcp), ecsOverride(g_ECSOverride) { + enum class Protocol : uint8_t { DoUDP, DoTCP, DNSCryptUDP, DNSCryptTCP, DoT, DoH }; + + DNSQuestion(const DNSName* name, uint16_t type, uint16_t class_, const ComboAddress* lc, const ComboAddress* rem, PacketBuffer& data_, Protocol proto, const struct timespec* queryTime_): + data(data_), qname(name), local(lc), remote(rem), queryTime(queryTime_), tempFailureTTL(boost::none), qtype(type), qclass(class_), ecsPrefixLength(rem->sin4.sin_family == AF_INET ? g_ECSSourcePrefixV4 : g_ECSSourcePrefixV6), protocol(proto), ecsOverride(g_ECSOverride) { const uint16_t* flags = getFlagsFromDNSHeader(getHeader()); origFlags = *flags; } @@ -106,14 +108,25 @@ struct DNSQuestion size_t getMaximumSize() const { - if (tcp) { + if (overTCP()) { return std::numeric_limits::max(); } return 4096; } + Protocol getProtocol() const + { + return protocol; + } + + bool overTCP() const + { + const std::set tcpProto = { Protocol::DoTCP, Protocol::DNSCryptTCP, Protocol::DoT, Protocol::DoH }; + return tcpProto.count(protocol); + } + protected: - PacketBuffer& data; + PacketBuffer& data; public: boost::optional uniqueId; @@ -144,8 +157,8 @@ public: const uint16_t qclass; uint16_t ecsPrefixLength; uint16_t origFlags; + Protocol protocol; uint8_t ednsRCode{0}; - const bool tcp; bool skipCache{false}; bool ecsOverride; bool useECS{true}; @@ -159,8 +172,8 @@ public: struct DNSResponse : DNSQuestion { - DNSResponse(const DNSName* name, uint16_t type, uint16_t class_, const ComboAddress* lc, const ComboAddress* rem, PacketBuffer& data_, bool isTcp, const struct timespec* queryTime_): - DNSQuestion(name, type, class_, lc, rem, data_, isTcp, queryTime_) { } + DNSResponse(const DNSName* name, uint16_t type, uint16_t class_, const ComboAddress* lc, const ComboAddress* rem, PacketBuffer& data_, DNSQuestion::Protocol proto, const struct timespec* queryTime_): + DNSQuestion(name, type, class_, lc, rem, data_, proto, queryTime_) { } DNSResponse(const DNSResponse&) = delete; DNSResponse& operator=(const DNSResponse&) = delete; DNSResponse(DNSResponse&&) = default; @@ -1278,7 +1291,7 @@ bool getLuaNoSideEffect(); // set if there were only explicit declarations of _n void resetLuaSideEffect(); // reset to indeterminate state bool responseContentMatches(const PacketBuffer& response, const DNSName& qname, const uint16_t qtype, const uint16_t qclass, const ComboAddress& remote, unsigned int& qnameWireLength); -bool processResponse(PacketBuffer& response, LocalStateHolder >& localRespRuleActions, DNSResponse& dr, bool muted); +bool processResponse(PacketBuffer& response, LocalStateHolder >& localRespRuleActions, DNSResponse& dr, bool muted, bool receivedOverUDP); bool processRulesResult(const DNSAction::Action& action, DNSQuestion& dq, std::string& ruleresult, bool& drop); bool checkQueryHeaders(const struct dnsheader* dh); @@ -1303,7 +1316,7 @@ static const size_t s_maxPacketCacheEntrySize{4096}; // don't cache responses la enum class ProcessQueryResult { Drop, SendAnswer, PassToBackend }; ProcessQueryResult processQuery(DNSQuestion& dq, ClientState& cs, LocalHolders& holders, std::shared_ptr& selectedBackend); -DNSResponse makeDNSResponseFromIDState(IDState& ids, PacketBuffer& data, bool isTCP); +DNSResponse makeDNSResponseFromIDState(IDState& ids, PacketBuffer& data, DNSQuestion::Protocol proto); void setIDStateFromDNSQuestion(IDState& ids, DNSQuestion& dq, DNSName&& qname); int pickBackendSocketForSending(std::shared_ptr& state); diff --git a/pdns/dnsdistdist/dnsdist-idstate.cc b/pdns/dnsdistdist/dnsdist-idstate.cc index ad124179f4..978680e599 100644 --- a/pdns/dnsdistdist/dnsdist-idstate.cc +++ b/pdns/dnsdistdist/dnsdist-idstate.cc @@ -1,9 +1,9 @@ #include "dnsdist.hh" -DNSResponse makeDNSResponseFromIDState(IDState& ids, PacketBuffer& data, bool isTCP) +DNSResponse makeDNSResponseFromIDState(IDState& ids, PacketBuffer& data, DNSQuestion::Protocol proto) { - DNSResponse dr(&ids.qname, ids.qtype, ids.qclass, &ids.origDest, &ids.origRemote, data, isTCP, &ids.sentTime.d_start); + DNSResponse dr(&ids.qname, ids.qtype, ids.qclass, &ids.origDest, &ids.origRemote, data, proto, &ids.sentTime.d_start); dr.origFlags = ids.origFlags; dr.ecsAdded = ids.ecsAdded; dr.ednsAdded = ids.ednsAdded; diff --git a/pdns/dnsdistdist/dnsdist-lua-ffi.cc b/pdns/dnsdistdist/dnsdist-lua-ffi.cc index 13fa0cd572..b4b06761e1 100644 --- a/pdns/dnsdistdist/dnsdist-lua-ffi.cc +++ b/pdns/dnsdistdist/dnsdist-lua-ffi.cc @@ -122,7 +122,7 @@ uint8_t dnsdist_ffi_dnsquestion_get_opcode(const dnsdist_ffi_dnsquestion_t* dq) bool dnsdist_ffi_dnsquestion_get_tcp(const dnsdist_ffi_dnsquestion_t* dq) { - return dq->dq->tcp; + return dq->dq->overTCP(); } bool dnsdist_ffi_dnsquestion_get_skip_cache(const dnsdist_ffi_dnsquestion_t* dq) diff --git a/pdns/dnsdistdist/dnsdist-proxy-protocol.cc b/pdns/dnsdistdist/dnsdist-proxy-protocol.cc index b187f848dc..06a300d6a5 100644 --- a/pdns/dnsdistdist/dnsdist-proxy-protocol.cc +++ b/pdns/dnsdistdist/dnsdist-proxy-protocol.cc @@ -29,7 +29,7 @@ bool g_applyACLToProxiedClients = false; std::string getProxyProtocolPayload(const DNSQuestion& dq) { - return makeProxyHeader(dq.tcp, *dq.remote, *dq.local, dq.proxyProtocolValues ? *dq.proxyProtocolValues : std::vector()); + return makeProxyHeader(dq.overTCP(), *dq.remote, *dq.local, dq.proxyProtocolValues ? *dq.proxyProtocolValues : std::vector()); } bool addProxyProtocol(DNSQuestion& dq, const std::string& payload) diff --git a/pdns/dnsdistdist/dnsdist-rules.hh b/pdns/dnsdistdist/dnsdist-rules.hh index e19d363e12..4c739570d2 100644 --- a/pdns/dnsdistdist/dnsdist-rules.hh +++ b/pdns/dnsdistdist/dnsdist-rules.hh @@ -703,7 +703,7 @@ public: } bool matches(const DNSQuestion* dq) const override { - return dq->tcp == d_tcp; + return dq->overTCP() == d_tcp; } string toString() const override { diff --git a/pdns/dnsdistdist/doh.cc b/pdns/dnsdistdist/doh.cc index 407562fba7..e89859c3e8 100644 --- a/pdns/dnsdistdist/doh.cc +++ b/pdns/dnsdistdist/doh.cc @@ -465,7 +465,7 @@ static int processDOHQuery(DOHUnit* du) uint16_t qtype, qclass; unsigned int qnameWireLength = 0; DNSName qname(reinterpret_cast(du->query.data()), du->query.size(), sizeof(dnsheader), false, &qtype, &qclass, &qnameWireLength); - DNSQuestion dq(&qname, qtype, qclass, &du->dest, &du->remote, du->query, false, &queryRealTime); + DNSQuestion dq(&qname, qtype, qclass, &du->dest, &du->remote, du->query, DNSQuestion::Protocol::DoH, &queryRealTime); dq.ednsAdded = du->ednsAdded; dq.du = du; dq.sni = std::move(du->sni); diff --git a/pdns/dnsdistdist/test-dnsdistkvs_cc.cc b/pdns/dnsdistdist/test-dnsdistkvs_cc.cc index 04f19ce140..27e86cae35 100644 --- a/pdns/dnsdistdist/test-dnsdistkvs_cc.cc +++ b/pdns/dnsdistdist/test-dnsdistkvs_cc.cc @@ -234,14 +234,14 @@ BOOST_AUTO_TEST_CASE(test_LMDB) { ComboAddress lc("192.0.2.1:53"); ComboAddress rem("192.0.2.128:42"); PacketBuffer packet(sizeof(dnsheader)); - bool isTcp = false; + auto proto = DNSQuestion::Protocol::DoUDP; struct timespec queryRealTime; gettime(&queryRealTime, true); struct timespec expiredTime; /* the internal QPS limiter does not use the real time */ gettime(&expiredTime); - DNSQuestion dq(&qname, qtype, qclass, &lc, &rem, packet, isTcp, &queryRealTime); + DNSQuestion dq(&qname, qtype, qclass, &lc, &rem, packet, proto, &queryRealTime); ComboAddress v4Masked(v4ToMask); ComboAddress v6Masked(v6ToMask); v4Masked.truncate(25); @@ -289,14 +289,14 @@ BOOST_AUTO_TEST_CASE(test_CDB) { ComboAddress lc("192.0.2.1:53"); ComboAddress rem("192.0.2.128:42"); PacketBuffer packet(sizeof(dnsheader)); - bool isTcp = false; + auto proto = DNSQuestion::Protocol::DoUDP; struct timespec queryRealTime; gettime(&queryRealTime, true); struct timespec expiredTime; /* the internal QPS limiter does not use the real time */ gettime(&expiredTime); - DNSQuestion dq(&qname, qtype, qclass, &lc, &rem, packet, isTcp, &queryRealTime); + DNSQuestion dq(&qname, qtype, qclass, &lc, &rem, packet, proto, &queryRealTime); ComboAddress v4Masked(v4ToMask); ComboAddress v6Masked(v6ToMask); v4Masked.truncate(25); diff --git a/pdns/dnsdistdist/test-dnsdistlbpolicies_cc.cc b/pdns/dnsdistdist/test-dnsdistlbpolicies_cc.cc index 028b30c91c..29f297f72e 100644 --- a/pdns/dnsdistdist/test-dnsdistlbpolicies_cc.cc +++ b/pdns/dnsdistdist/test-dnsdistlbpolicies_cc.cc @@ -101,10 +101,10 @@ static DNSQuestion getDQ(const DNSName* providedName = nullptr) uint16_t qtype = QType::A; uint16_t qclass = QClass::IN; - bool isTcp = false; + auto proto = DNSQuestion::Protocol::DoUDP; gettime(&queryRealTime, true); - DNSQuestion dq(providedName ? providedName : &qname, qtype, qclass, &lc, &rem, packet, isTcp, &queryRealTime); + DNSQuestion dq(providedName ? providedName : &qname, qtype, qclass, &lc, &rem, packet, proto, &queryRealTime); return dq; } diff --git a/pdns/dnsdistdist/test-dnsdistrules_cc.cc b/pdns/dnsdistdist/test-dnsdistrules_cc.cc index f7f939944c..6ae2a6e14b 100644 --- a/pdns/dnsdistdist/test-dnsdistrules_cc.cc +++ b/pdns/dnsdistdist/test-dnsdistrules_cc.cc @@ -23,14 +23,14 @@ BOOST_AUTO_TEST_CASE(test_MaxQPSIPRule) { ComboAddress lc("127.0.0.1:53"); ComboAddress rem("192.0.2.1:42"); PacketBuffer packet(sizeof(dnsheader)); - bool isTcp = false; + auto proto = DNSQuestion::Protocol::DoUDP; struct timespec queryRealTime; gettime(&queryRealTime, true); struct timespec expiredTime; /* the internal QPS limiter does not use the real time */ gettime(&expiredTime); - DNSQuestion dq(&qname, qtype, qclass, &lc, &rem, packet, isTcp, &queryRealTime); + DNSQuestion dq(&qname, qtype, qclass, &lc, &rem, packet, proto, &queryRealTime); for (size_t idx = 0; idx < maxQPS; idx++) { /* let's use different source ports, it shouldn't matter */ diff --git a/pdns/dnsdistdist/test-dnsdisttcp_cc.cc b/pdns/dnsdistdist/test-dnsdisttcp_cc.cc index 30aaa9afcd..7007c5c88c 100644 --- a/pdns/dnsdistdist/test-dnsdisttcp_cc.cc +++ b/pdns/dnsdistdist/test-dnsdisttcp_cc.cc @@ -85,7 +85,7 @@ bool responseContentMatches(const PacketBuffer& response, const DNSName& qname, static std::function >& localRespRuleActions, DNSResponse& dr, bool muted)> s_processResponse; -bool processResponse(PacketBuffer& response, LocalStateHolder >& localRespRuleActions, DNSResponse& dr, bool muted) +bool processResponse(PacketBuffer& response, LocalStateHolder >& localRespRuleActions, DNSResponse& dr, bool muted, bool receivedOverUDP) { if (s_processResponse) { return s_processResponse(response, localRespRuleActions, dr, muted); diff --git a/pdns/test-dnsdist_cc.cc b/pdns/test-dnsdist_cc.cc index 9986213e08..2466297be9 100644 --- a/pdns/test-dnsdist_cc.cc +++ b/pdns/test-dnsdist_cc.cc @@ -62,7 +62,7 @@ static void validateECS(const PacketBuffer& packet, const ComboAddress& expected uint16_t qtype; uint16_t qclass; DNSName qname(reinterpret_cast(packet.data()), packet.size(), sizeof(dnsheader), false, &qtype, &qclass, &consumed); - DNSQuestion dq(&qname, qtype, qclass, nullptr, &rem, const_cast(packet), false, nullptr); + DNSQuestion dq(&qname, qtype, qclass, nullptr, &rem, const_cast(packet), DNSQuestion::Protocol::DoUDP, nullptr); BOOST_CHECK(parseEDNSOptions(dq)); BOOST_REQUIRE(dq.ednsOptions != nullptr); BOOST_CHECK_EQUAL(dq.ednsOptions->size(), 1U); @@ -113,7 +113,7 @@ BOOST_AUTO_TEST_CASE(test_addXPF) BOOST_CHECK_EQUAL(qname, name); BOOST_CHECK(qtype == QType::A); - DNSQuestion dq(&qname, qtype, QClass::IN, &remote, &remote, packet, false, &queryTime); + DNSQuestion dq(&qname, qtype, QClass::IN, &remote, &remote, packet, DNSQuestion::Protocol::DoUDP, &queryTime); BOOST_CHECK(addXPF(dq, xpfOptionCode)); BOOST_CHECK(packet.size() > query.size()); @@ -132,7 +132,7 @@ BOOST_AUTO_TEST_CASE(test_addXPF) BOOST_CHECK_EQUAL(qname, name); BOOST_CHECK(qtype == QType::A); - DNSQuestion dq(&qname, qtype, QClass::IN, &remote, &remote, packet, false, &queryTime); + DNSQuestion dq(&qname, qtype, QClass::IN, &remote, &remote, packet, DNSQuestion::Protocol::DoUDP, &queryTime); BOOST_REQUIRE(!addXPF(dq, xpfOptionCode)); BOOST_CHECK_EQUAL(packet.size(), 4096U); @@ -150,7 +150,7 @@ BOOST_AUTO_TEST_CASE(test_addXPF) BOOST_CHECK_EQUAL(qname, name); BOOST_CHECK(qtype == QType::A); - DNSQuestion dq(&qname, qtype, QClass::IN, &remote, &remote, packet, false, &queryTime); + DNSQuestion dq(&qname, qtype, QClass::IN, &remote, &remote, packet, DNSQuestion::Protocol::DoUDP, &queryTime); /* add trailing data */ const size_t trailingDataSize = 10; @@ -337,7 +337,7 @@ BOOST_AUTO_TEST_CASE(addECSWithoutEDNSAlreadyParsed) BOOST_CHECK(qtype == QType::A); BOOST_CHECK(qclass == QClass::IN); - DNSQuestion dq(&qname, qtype, qclass, nullptr, &remote, packet, false, nullptr); + DNSQuestion dq(&qname, qtype, qclass, nullptr, &remote, packet, DNSQuestion::Protocol::DoUDP, nullptr); /* Parse the options before handling ECS, simulating a Lua rule asking for EDNS Options */ BOOST_CHECK(!parseEDNSOptions(dq)); @@ -360,7 +360,7 @@ BOOST_AUTO_TEST_CASE(addECSWithoutEDNSAlreadyParsed) BOOST_CHECK_EQUAL(qname, name); BOOST_CHECK(qtype == QType::A); BOOST_CHECK(qclass == QClass::IN); - DNSQuestion dq2(&qname, qtype, qclass, nullptr, &remote, packet, false, nullptr); + DNSQuestion dq2(&qname, qtype, qclass, nullptr, &remote, packet, DNSQuestion::Protocol::DoUDP, nullptr); BOOST_CHECK(handleEDNSClientSubnet(dq2, ednsAdded, ecsAdded)); BOOST_CHECK_GT(packet.size(), query.size()); @@ -439,7 +439,7 @@ BOOST_AUTO_TEST_CASE(addECSWithEDNSNoECSAlreadyParsed) { BOOST_CHECK(qtype == QType::A); BOOST_CHECK(qclass == QClass::IN); - DNSQuestion dq(&qname, qtype, qclass, nullptr, &remote, packet, false, nullptr); + DNSQuestion dq(&qname, qtype, qclass, nullptr, &remote, packet, DNSQuestion::Protocol::DoUDP, nullptr); /* Parse the options before handling ECS, simulating a Lua rule asking for EDNS Options */ BOOST_CHECK(parseEDNSOptions(dq)); @@ -461,7 +461,7 @@ BOOST_AUTO_TEST_CASE(addECSWithEDNSNoECSAlreadyParsed) { BOOST_CHECK_EQUAL(qname, name); BOOST_CHECK(qtype == QType::A); BOOST_CHECK(qclass == QClass::IN); - DNSQuestion dq2(&qname, qtype, qclass, nullptr, &remote, packet, false, nullptr); + DNSQuestion dq2(&qname, qtype, qclass, nullptr, &remote, packet, DNSQuestion::Protocol::DoUDP, nullptr); BOOST_CHECK(handleEDNSClientSubnet(dq2, ednsAdded, ecsAdded)); BOOST_CHECK_GT(packet.size(), query.size()); @@ -537,7 +537,7 @@ BOOST_AUTO_TEST_CASE(replaceECSWithSameSizeAlreadyParsed) { BOOST_CHECK(qtype == QType::A); BOOST_CHECK(qclass == QClass::IN); - DNSQuestion dq(&qname, qtype, qclass, nullptr, &remote, packet, false, nullptr); + DNSQuestion dq(&qname, qtype, qclass, nullptr, &remote, packet, DNSQuestion::Protocol::DoUDP, nullptr); dq.ecsOverride = true; /* Parse the options before handling ECS, simulating a Lua rule asking for EDNS Options */ @@ -1430,7 +1430,7 @@ BOOST_AUTO_TEST_CASE(rewritingWithoutECSWhenLastOption) { static DNSQuestion getDNSQuestion(const DNSName& qname, const uint16_t qtype, const uint16_t qclass, const ComboAddress& lc, const ComboAddress& rem, const struct timespec& realTime, PacketBuffer& query) { - return DNSQuestion(&qname, qtype, qclass, &lc, &rem, query, false, &realTime); + return DNSQuestion(&qname, qtype, qclass, &lc, &rem, query, DNSQuestion::Protocol::DoUDP, &realTime); } static DNSQuestion turnIntoResponse(const DNSName& qname, const uint16_t qtype, const uint16_t qclass, const ComboAddress& lc, const ComboAddress& rem, const struct timespec& queryRealTime, PacketBuffer& query, bool resizeBuffer=true) @@ -1933,7 +1933,7 @@ BOOST_AUTO_TEST_CASE(test_setNegativeAndAdditionalSOA) { unsigned int consumed = 0; uint16_t qtype; DNSName qname(reinterpret_cast(packet.data()), packet.size(), sizeof(dnsheader), false, &qtype, nullptr, &consumed); - DNSQuestion dq(&qname, qtype, QClass::IN, &remote, &remote, packet, false, &queryTime); + DNSQuestion dq(&qname, qtype, QClass::IN, &remote, &remote, packet, DNSQuestion::Protocol::DoUDP, &queryTime); BOOST_CHECK(setNegativeAndAdditionalSOA(dq, true, DNSName("zone."), 42, DNSName("mname."), DNSName("rname."), 1, 2, 3, 4 , 5)); BOOST_CHECK(packet.size() > query.size()); @@ -1957,7 +1957,7 @@ BOOST_AUTO_TEST_CASE(test_setNegativeAndAdditionalSOA) { unsigned int consumed = 0; uint16_t qtype; DNSName qname(reinterpret_cast(packet.data()), packet.size(), sizeof(dnsheader), false, &qtype, nullptr, &consumed); - DNSQuestion dq(&qname, qtype, QClass::IN, &remote, &remote, packet, false, &queryTime); + DNSQuestion dq(&qname, qtype, QClass::IN, &remote, &remote, packet, DNSQuestion::Protocol::DoUDP, &queryTime); BOOST_CHECK(setNegativeAndAdditionalSOA(dq, true, DNSName("zone."), 42, DNSName("mname."), DNSName("rname."), 1, 2, 3, 4 , 5)); BOOST_CHECK(packet.size() > queryWithEDNS.size()); @@ -1985,7 +1985,7 @@ BOOST_AUTO_TEST_CASE(test_setNegativeAndAdditionalSOA) { unsigned int consumed = 0; uint16_t qtype; DNSName qname(reinterpret_cast(packet.data()), packet.size(), sizeof(dnsheader), false, &qtype, nullptr, &consumed); - DNSQuestion dq(&qname, qtype, QClass::IN, &remote, &remote, packet, false, &queryTime); + DNSQuestion dq(&qname, qtype, QClass::IN, &remote, &remote, packet, DNSQuestion::Protocol::DoUDP, &queryTime); BOOST_CHECK(setNegativeAndAdditionalSOA(dq, false, DNSName("zone."), 42, DNSName("mname."), DNSName("rname."), 1, 2, 3, 4 , 5)); BOOST_CHECK(packet.size() > query.size()); @@ -2009,7 +2009,7 @@ BOOST_AUTO_TEST_CASE(test_setNegativeAndAdditionalSOA) { unsigned int consumed = 0; uint16_t qtype; DNSName qname(reinterpret_cast(packet.data()), packet.size(), sizeof(dnsheader), false, &qtype, nullptr, &consumed); - DNSQuestion dq(&qname, qtype, QClass::IN, &remote, &remote, packet, false, &queryTime); + DNSQuestion dq(&qname, qtype, QClass::IN, &remote, &remote, packet, DNSQuestion::Protocol::DoUDP, &queryTime); BOOST_CHECK(setNegativeAndAdditionalSOA(dq, false, DNSName("zone."), 42, DNSName("mname."), DNSName("rname."), 1, 2, 3, 4 , 5)); BOOST_CHECK(packet.size() > queryWithEDNS.size()); @@ -2050,7 +2050,7 @@ BOOST_AUTO_TEST_CASE(getEDNSOptionsWithoutEDNS) { uint16_t qtype; uint16_t qclass; DNSName qname(reinterpret_cast(packet.data()), packet.size(), sizeof(dnsheader), false, &qtype, &qclass, &consumed); - DNSQuestion dq(&qname, qtype, qclass, nullptr, &remote, packet, false, nullptr); + DNSQuestion dq(&qname, qtype, qclass, nullptr, &remote, packet, DNSQuestion::Protocol::DoUDP, nullptr); BOOST_CHECK(!parseEDNSOptions(dq)); } @@ -2071,7 +2071,7 @@ BOOST_AUTO_TEST_CASE(getEDNSOptionsWithoutEDNS) { uint16_t qtype; uint16_t qclass; DNSName qname(reinterpret_cast(packet.data()), packet.size(), sizeof(dnsheader), false, &qtype, &qclass, &consumed); - DNSQuestion dq(&qname, qtype, qclass, nullptr, &remote, packet, false, nullptr); + DNSQuestion dq(&qname, qtype, qclass, nullptr, &remote, packet, DNSQuestion::Protocol::DoUDP, nullptr); BOOST_CHECK(!parseEDNSOptions(dq)); } @@ -2092,7 +2092,7 @@ BOOST_AUTO_TEST_CASE(getEDNSOptionsWithoutEDNS) { uint16_t qtype; uint16_t qclass; DNSName qname(reinterpret_cast(packet.data()), packet.size(), sizeof(dnsheader), false, &qtype, &qclass, &consumed); - DNSQuestion dq(&qname, qtype, qclass, nullptr, &remote, packet, false, nullptr); + DNSQuestion dq(&qname, qtype, qclass, nullptr, &remote, packet, DNSQuestion::Protocol::DoUDP, nullptr); BOOST_CHECK(!parseEDNSOptions(dq)); } diff --git a/pdns/test-dnsdistpacketcache_cc.cc b/pdns/test-dnsdistpacketcache_cc.cc index 3ac48628aa..07c9c8cb60 100644 --- a/pdns/test-dnsdistpacketcache_cc.cc +++ b/pdns/test-dnsdistpacketcache_cc.cc @@ -15,6 +15,8 @@ BOOST_AUTO_TEST_SUITE(test_dnsdistpacketcache_cc) +static bool receivedOverUDP = true; + BOOST_AUTO_TEST_CASE(test_PacketCacheSimple) { const size_t maxEntries = 150000; DNSDistPacketCache PC(maxEntries, 86400, 1); @@ -48,14 +50,14 @@ BOOST_AUTO_TEST_CASE(test_PacketCacheSimple) { uint32_t key = 0; boost::optional subnet; - DNSQuestion dq(&a, QType::A, QClass::IN, &remote, &remote, query, false, &queryTime); - bool found = PC.get(dq, 0, &key, subnet, dnssecOK); + DNSQuestion dq(&a, QType::A, QClass::IN, &remote, &remote, query, DNSQuestion::Protocol::DoUDP, &queryTime); + bool found = PC.get(dq, 0, &key, subnet, dnssecOK, receivedOverUDP); BOOST_CHECK_EQUAL(found, false); BOOST_CHECK(!subnet); - PC.insert(key, subnet, *(getFlagsFromDNSHeader(dq.getHeader())), dnssecOK, a, QType::A, QClass::IN, response, false, 0, boost::none); + PC.insert(key, subnet, *(getFlagsFromDNSHeader(dq.getHeader())), dnssecOK, a, QType::A, QClass::IN, response, receivedOverUDP, 0, boost::none); - found = PC.get(dq, pwR.getHeader()->id, &key, subnet, dnssecOK, 0, true); + found = PC.get(dq, pwR.getHeader()->id, &key, subnet, dnssecOK, receivedOverUDP, 0, true); if (found == true) { BOOST_CHECK_EQUAL(dq.getData().size(), response.size()); int match = memcmp(dq.getData().data(), response.data(), dq.getData().size()); @@ -79,8 +81,8 @@ BOOST_AUTO_TEST_CASE(test_PacketCacheSimple) { pwQ.getHeader()->rd = 1; uint32_t key = 0; boost::optional subnet; - DNSQuestion dq(&a, QType::A, QClass::IN, &remote, &remote, query, false, &queryTime); - bool found = PC.get(dq, 0, &key, subnet, dnssecOK); + DNSQuestion dq(&a, QType::A, QClass::IN, &remote, &remote, query, DNSQuestion::Protocol::DoUDP, &queryTime); + bool found = PC.get(dq, 0, &key, subnet, dnssecOK, receivedOverUDP); if (found == true) { auto removed = PC.expungeByName(a); BOOST_CHECK_EQUAL(removed, 1U); @@ -98,8 +100,8 @@ BOOST_AUTO_TEST_CASE(test_PacketCacheSimple) { pwQ.getHeader()->rd = 1; uint32_t key = 0; boost::optional subnet; - DNSQuestion dq(&a, QType::A, QClass::IN, &remote, &remote, query, false, &queryTime); - if (PC.get(dq, pwQ.getHeader()->id, &key, subnet, dnssecOK)) { + DNSQuestion dq(&a, QType::A, QClass::IN, &remote, &remote, query, DNSQuestion::Protocol::DoUDP, &queryTime); + if (PC.get(dq, pwQ.getHeader()->id, &key, subnet, dnssecOK, receivedOverUDP)) { matches++; } } @@ -158,14 +160,14 @@ BOOST_AUTO_TEST_CASE(test_PacketCacheSharded) { uint32_t key = 0; boost::optional subnet; - DNSQuestion dq(&a, QType::AAAA, QClass::IN, &remote, &remote, query, false, &queryTime); - bool found = PC.get(dq, 0, &key, subnet, dnssecOK); + DNSQuestion dq(&a, QType::AAAA, QClass::IN, &remote, &remote, query, DNSQuestion::Protocol::DoUDP, &queryTime); + bool found = PC.get(dq, 0, &key, subnet, dnssecOK, receivedOverUDP); BOOST_CHECK_EQUAL(found, false); BOOST_CHECK(!subnet); - PC.insert(key, subnet, *(getFlagsFromDNSHeader(dq.getHeader())), dnssecOK, a, QType::AAAA, QClass::IN, response, false, 0, boost::none); + PC.insert(key, subnet, *(getFlagsFromDNSHeader(dq.getHeader())), dnssecOK, a, QType::AAAA, QClass::IN, response, receivedOverUDP, 0, boost::none); - found = PC.get(dq, pwR.getHeader()->id, &key, subnet, dnssecOK, 0, true); + found = PC.get(dq, pwR.getHeader()->id, &key, subnet, dnssecOK, receivedOverUDP, 0, true); if (found == true) { BOOST_CHECK_EQUAL(dq.getData().size(), response.size()); int match = memcmp(dq.getData().data(), response.data(), dq.getData().size()); @@ -189,8 +191,8 @@ BOOST_AUTO_TEST_CASE(test_PacketCacheSharded) { pwQ.getHeader()->rd = 1; uint32_t key = 0; boost::optional subnet; - DNSQuestion dq(&a, QType::AAAA, QClass::IN, &remote, &remote, query, false, &queryTime); - if (PC.get(dq, pwQ.getHeader()->id, &key, subnet, dnssecOK)) { + DNSQuestion dq(&a, QType::AAAA, QClass::IN, &remote, &remote, query, DNSQuestion::Protocol::DoUDP, &queryTime); + if (PC.get(dq, pwQ.getHeader()->id, &key, subnet, dnssecOK, receivedOverUDP)) { matches++; } } @@ -249,20 +251,20 @@ BOOST_AUTO_TEST_CASE(test_PacketCacheServFailTTL) { uint32_t key = 0; boost::optional subnet; - DNSQuestion dq(&a, QType::A, QClass::IN, &remote, &remote, query, false, &queryTime); - bool found = PC.get(dq, 0, &key, subnet, dnssecOK); + DNSQuestion dq(&a, QType::A, QClass::IN, &remote, &remote, query, DNSQuestion::Protocol::DoUDP, &queryTime); + bool found = PC.get(dq, 0, &key, subnet, dnssecOK, receivedOverUDP); BOOST_CHECK_EQUAL(found, false); BOOST_CHECK(!subnet); // Insert with failure-TTL of 0 (-> should not enter cache). - PC.insert(key, subnet, *(getFlagsFromDNSHeader(dq.getHeader())), dnssecOK, a, QType::A, QClass::IN, response, false, RCode::ServFail, boost::optional(0)); - found = PC.get(dq, pwR.getHeader()->id, &key, subnet, dnssecOK, 0, true); + PC.insert(key, subnet, *(getFlagsFromDNSHeader(dq.getHeader())), dnssecOK, a, QType::A, QClass::IN, response, receivedOverUDP, RCode::ServFail, boost::optional(0)); + found = PC.get(dq, pwR.getHeader()->id, &key, subnet, dnssecOK, receivedOverUDP, 0, true); BOOST_CHECK_EQUAL(found, false); BOOST_CHECK(!subnet); // Insert with failure-TTL non-zero (-> should enter cache). - PC.insert(key, subnet, *(getFlagsFromDNSHeader(dq.getHeader())), dnssecOK, a, QType::A, QClass::IN, response, false, RCode::ServFail, boost::optional(300)); - found = PC.get(dq, pwR.getHeader()->id, &key, subnet, dnssecOK, 0, true); + PC.insert(key, subnet, *(getFlagsFromDNSHeader(dq.getHeader())), dnssecOK, a, QType::A, QClass::IN, response, receivedOverUDP, RCode::ServFail, boost::optional(300)); + found = PC.get(dq, pwR.getHeader()->id, &key, subnet, dnssecOK, receivedOverUDP, 0, true); BOOST_CHECK_EQUAL(found, true); BOOST_CHECK(!subnet); } @@ -302,19 +304,19 @@ BOOST_AUTO_TEST_CASE(test_PacketCacheNoDataTTL) { uint32_t key = 0; boost::optional subnet; - DNSQuestion dq(&name, QType::A, QClass::IN, &remote, &remote, query, false, &queryTime); - bool found = PC.get(dq, 0, &key, subnet, dnssecOK); + DNSQuestion dq(&name, QType::A, QClass::IN, &remote, &remote, query, DNSQuestion::Protocol::DoUDP, &queryTime); + bool found = PC.get(dq, 0, &key, subnet, dnssecOK, receivedOverUDP); BOOST_CHECK_EQUAL(found, false); BOOST_CHECK(!subnet); - PC.insert(key, subnet, *(getFlagsFromDNSHeader(dq.getHeader())), dnssecOK, name, QType::A, QClass::IN, response, false, RCode::NoError, boost::none); - found = PC.get(dq, pwR.getHeader()->id, &key, subnet, dnssecOK, 0, true); + PC.insert(key, subnet, *(getFlagsFromDNSHeader(dq.getHeader())), dnssecOK, name, QType::A, QClass::IN, response, receivedOverUDP, RCode::NoError, boost::none); + found = PC.get(dq, pwR.getHeader()->id, &key, subnet, dnssecOK, receivedOverUDP, 0, true); BOOST_CHECK_EQUAL(found, true); BOOST_CHECK(!subnet); sleep(2); /* it should have expired by now */ - found = PC.get(dq, pwR.getHeader()->id, &key, subnet, dnssecOK, 0, true); + found = PC.get(dq, pwR.getHeader()->id, &key, subnet, dnssecOK, receivedOverUDP, 0, true); BOOST_CHECK_EQUAL(found, false); BOOST_CHECK(!subnet); } @@ -354,19 +356,19 @@ BOOST_AUTO_TEST_CASE(test_PacketCacheNXDomainTTL) { uint32_t key = 0; boost::optional subnet; - DNSQuestion dq(&name, QType::A, QClass::IN, &remote, &remote, query, false, &queryTime); - bool found = PC.get(dq, 0, &key, subnet, dnssecOK); + DNSQuestion dq(&name, QType::A, QClass::IN, &remote, &remote, query, DNSQuestion::Protocol::DoUDP, &queryTime); + bool found = PC.get(dq, 0, &key, subnet, dnssecOK, receivedOverUDP); BOOST_CHECK_EQUAL(found, false); BOOST_CHECK(!subnet); - PC.insert(key, subnet, *(getFlagsFromDNSHeader(dq.getHeader())), dnssecOK, name, QType::A, QClass::IN, response, false, RCode::NXDomain, boost::none); - found = PC.get(dq, pwR.getHeader()->id, &key, subnet, dnssecOK, 0, true); + PC.insert(key, subnet, *(getFlagsFromDNSHeader(dq.getHeader())), dnssecOK, name, QType::A, QClass::IN, response, receivedOverUDP, RCode::NXDomain, boost::none); + found = PC.get(dq, pwR.getHeader()->id, &key, subnet, dnssecOK, receivedOverUDP, 0, true); BOOST_CHECK_EQUAL(found, true); BOOST_CHECK(!subnet); sleep(2); /* it should have expired by now */ - found = PC.get(dq, pwR.getHeader()->id, &key, subnet, dnssecOK, 0, true); + found = PC.get(dq, pwR.getHeader()->id, &key, subnet, dnssecOK, receivedOverUDP, 0, true); BOOST_CHECK_EQUAL(found, false); BOOST_CHECK(!subnet); } @@ -403,10 +405,10 @@ static void threadMangler(unsigned int offset) uint32_t key = 0; boost::optional subnet; - DNSQuestion dq(&a, QType::A, QClass::IN, &remote, &remote, query, false, &queryTime); - g_PC.get(dq, 0, &key, subnet, dnssecOK); + DNSQuestion dq(&a, QType::A, QClass::IN, &remote, &remote, query, DNSQuestion::Protocol::DoUDP, &queryTime); + g_PC.get(dq, 0, &key, subnet, dnssecOK, receivedOverUDP); - g_PC.insert(key, subnet, *(getFlagsFromDNSHeader(dq.getHeader())), dnssecOK, a, QType::A, QClass::IN, response, false, 0, boost::none); + g_PC.insert(key, subnet, *(getFlagsFromDNSHeader(dq.getHeader())), dnssecOK, a, QType::A, QClass::IN, response, receivedOverUDP, 0, boost::none); } } catch(PDNSException& e) { @@ -433,8 +435,8 @@ static void threadReader(unsigned int offset) uint32_t key = 0; boost::optional subnet; - DNSQuestion dq(&a, QType::A, QClass::IN, &remote, &remote, query, false, &queryTime); - bool found = g_PC.get(dq, 0, &key, subnet, dnssecOK); + DNSQuestion dq(&a, QType::A, QClass::IN, &remote, &remote, query, DNSQuestion::Protocol::DoUDP, &queryTime); + bool found = g_PC.get(dq, 0, &key, subnet, dnssecOK, receivedOverUDP); if (!found) { g_missing++; } @@ -509,8 +511,8 @@ BOOST_AUTO_TEST_CASE(test_PCCollision) { ComboAddress remote("192.0.2.1"); struct timespec queryTime; gettime(&queryTime); - DNSQuestion dq(&qname, QType::AAAA, QClass::IN, &remote, &remote, query, false, &queryTime); - bool found = PC.get(dq, 0, &key, subnetOut, dnssecOK); + DNSQuestion dq(&qname, QType::AAAA, QClass::IN, &remote, &remote, query, DNSQuestion::Protocol::DoUDP, &queryTime); + bool found = PC.get(dq, 0, &key, subnetOut, dnssecOK, receivedOverUDP); BOOST_CHECK_EQUAL(found, false); BOOST_REQUIRE(subnetOut); BOOST_CHECK_EQUAL(subnetOut->toString(), opt.source.toString()); @@ -526,10 +528,10 @@ BOOST_AUTO_TEST_CASE(test_PCCollision) { pwR.addOpt(512, 0, 0, ednsOptions); pwR.commit(); - PC.insert(key, subnetOut, *(getFlagsFromDNSHeader(pwR.getHeader())), dnssecOK, qname, qtype, QClass::IN, response, false, RCode::NoError, boost::none); + PC.insert(key, subnetOut, *(getFlagsFromDNSHeader(pwR.getHeader())), dnssecOK, qname, qtype, QClass::IN, response, receivedOverUDP, RCode::NoError, boost::none); BOOST_CHECK_EQUAL(PC.getSize(), 1U); - found = PC.get(dq, 0, &key, subnetOut, dnssecOK); + found = PC.get(dq, 0, &key, subnetOut, dnssecOK, receivedOverUDP); BOOST_CHECK_EQUAL(found, true); BOOST_REQUIRE(subnetOut); BOOST_CHECK_EQUAL(subnetOut->toString(), opt.source.toString()); @@ -552,8 +554,8 @@ BOOST_AUTO_TEST_CASE(test_PCCollision) { ComboAddress remote("192.0.2.1"); struct timespec queryTime; gettime(&queryTime); - DNSQuestion dq(&qname, QType::AAAA, QClass::IN, &remote, &remote, query, false, &queryTime); - bool found = PC.get(dq, 0, &secondKey, subnetOut, dnssecOK); + DNSQuestion dq(&qname, QType::AAAA, QClass::IN, &remote, &remote, query, DNSQuestion::Protocol::DoUDP, &queryTime); + bool found = PC.get(dq, 0, &secondKey, subnetOut, dnssecOK, receivedOverUDP); BOOST_CHECK_EQUAL(found, false); BOOST_CHECK_EQUAL(secondKey, key); BOOST_REQUIRE(subnetOut); @@ -628,8 +630,8 @@ BOOST_AUTO_TEST_CASE(test_PCDNSSECCollision) { ComboAddress remote("192.0.2.1"); struct timespec queryTime; gettime(&queryTime); - DNSQuestion dq(&qname, QType::AAAA, QClass::IN, &remote, &remote, query, false, &queryTime); - bool found = PC.get(dq, 0, &key, subnetOut, true); + DNSQuestion dq(&qname, QType::AAAA, QClass::IN, &remote, &remote, query, DNSQuestion::Protocol::DoUDP, &queryTime); + bool found = PC.get(dq, 0, &key, subnetOut, true, receivedOverUDP); BOOST_CHECK_EQUAL(found, false); PacketBuffer response; @@ -643,13 +645,13 @@ BOOST_AUTO_TEST_CASE(test_PCDNSSECCollision) { pwR.addOpt(512, 0, EDNS_HEADER_FLAG_DO); pwR.commit(); - PC.insert(key, subnetOut, *(getFlagsFromDNSHeader(pwR.getHeader())), /* DNSSEC OK is set */ true, qname, qtype, QClass::IN, response, false, RCode::NoError, boost::none); + PC.insert(key, subnetOut, *(getFlagsFromDNSHeader(pwR.getHeader())), /* DNSSEC OK is set */ true, qname, qtype, QClass::IN, response, receivedOverUDP, RCode::NoError, boost::none); BOOST_CHECK_EQUAL(PC.getSize(), 1U); - found = PC.get(dq, 0, &key, subnetOut, false); + found = PC.get(dq, 0, &key, subnetOut, false, receivedOverUDP); BOOST_CHECK_EQUAL(found, false); - found = PC.get(dq, 0, &key, subnetOut, true); + found = PC.get(dq, 0, &key, subnetOut, true, receivedOverUDP); BOOST_CHECK_EQUAL(found, true); }