From 79f4ca6a28029aedd4f4214591c6c99d559bf5b7 Mon Sep 17 00:00:00 2001
From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Tue, 30 Nov 2010 12:55:48 +0000
Subject: [PATCH] Fix storage of noEDNS in the infra cache. iana portlist
 updated.

git-svn-id: file:///svn/unbound/trunk@2348 be551aaa-1e26-0410-a405-d3ace91eadb9
---
 doc/Changelog              |   4 ++++
 services/cache/infra.c     |   3 ++-
 services/outside_network.c |  13 ++++++++++++-
 testcode/do-tests.sh       |   2 +-
 testcode/unitmain.c        |  18 +++++++++++++++++-
 testdata/edns_cache.tpkg   | Bin 0 -> 2155 bytes
 util/iana_ports.inc        |   1 +
 7 files changed, 37 insertions(+), 4 deletions(-)
 create mode 100644 testdata/edns_cache.tpkg

diff --git a/doc/Changelog b/doc/Changelog
index da3f4a27e..bedb5c27a 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+30 November 2010: Wouter
+	- Fix storage of EDNS failures in the infra cache.
+	- iana portlist updated.
+
 18 November 2010: Wouter
 	- harden-below-nxdomain option, default off (because very old
 	  software may be incompatible).  We could enable it by default in
diff --git a/services/cache/infra.c b/services/cache/infra.c
index ba02b5083..4e39886e5 100644
--- a/services/cache/infra.c
+++ b/services/cache/infra.c
@@ -575,7 +575,8 @@ infra_edns_update(struct infra_cache* infra,
 	/* have an entry, update the rtt, and the ttl */
 	data = (struct infra_host_data*)e->data;
 	/* do not update if noEDNS and stored is yesEDNS */
-	if(!(edns_version == -1 && data->edns_version != -1)) {
+	if(!(edns_version == -1 && (data->edns_version != -1 &&
+		data->edns_lame_known))) {
 		data->edns_version = edns_version;
 		data->edns_lame_known = 1;
 	}
diff --git a/services/outside_network.c b/services/outside_network.c
index b9297940a..4812a9cb2 100644
--- a/services/outside_network.c
+++ b/services/outside_network.c
@@ -1308,6 +1308,7 @@ serviced_udp_send(struct serviced_query* sq, ldns_buffer* buff)
 		&edns_lame_known, &rtt))
 		return 0;
 	sq->last_rtt = rtt;
+	verbose(VERB_ALGO, "EDNS lookup known=%d vs=%d", edns_lame_known, vs);
 	if(sq->status == serviced_initial) {
 		if(edns_lame_known == 0 && rtt > 5000 && rtt < 10001) {
 			/* perform EDNS lame probe - check if server is
@@ -1593,6 +1594,7 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error,
 			== LDNS_RCODE_FORMERR || LDNS_RCODE_WIRE(
 			ldns_buffer_begin(c->buffer)) == LDNS_RCODE_NOTIMPL)) {
 		/* try to get an answer by falling back without EDNS */
+		verbose(VERB_ALGO, "serviced query: attempt without EDNS");
 		sq->status = serviced_query_UDP_EDNS_fallback;
 		sq->retry = 0;
 		if(!serviced_udp_send(sq, c->buffer)) {
@@ -1614,6 +1616,8 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error,
 	    } else if(sq->status == serviced_query_UDP_EDNS && 
 		!sq->edns_lame_known) {
 		/* now we know that edns queries received answers store that */
+		log_addr(VERB_ALGO, "serviced query: EDNS works for",
+			&sq->addr, sq->addrlen);
 		if(!infra_edns_update(outnet->infra, &sq->addr, sq->addrlen, 
 			0, (uint32_t)now.tv_sec)) {
 			log_err("Out of memory caching edns works");
@@ -1628,11 +1632,18 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error,
 		/* the fallback produced a result that looks promising, note
 		 * that this server should be approached without EDNS */
 		/* only store noEDNS in cache if domain is noDNSSEC */
-		if(!sq->want_dnssec)
+		if(!sq->want_dnssec) {
+		  log_addr(VERB_ALGO, "serviced query: EDNS fails for",
+			&sq->addr, sq->addrlen);
 		  if(!infra_edns_update(outnet->infra, &sq->addr, sq->addrlen,
 			-1, (uint32_t)now.tv_sec)) {
 			log_err("Out of memory caching no edns for host");
 		  }
+		} else {
+		  log_addr(VERB_ALGO, "serviced query: EDNS fails, but "
+		  	"not stored because need DNSSEC for", &sq->addr,
+			sq->addrlen);
+		}
 		sq->status = serviced_query_UDP;
 	    }
 	    if(now.tv_sec > sq->last_sent_time.tv_sec ||
diff --git a/testcode/do-tests.sh b/testcode/do-tests.sh
index fe67c26d8..1ffe19c0f 100755
--- a/testcode/do-tests.sh
+++ b/testcode/do-tests.sh
@@ -7,7 +7,7 @@ NEED_XXD='fwd_compress_c00c.tpkg fwd_zero.tpkg'
 NEED_NC='fwd_compress_c00c.tpkg fwd_zero.tpkg'
 NEED_CURL='06-ianaports.tpkg root_anchor.tpkg'
 NEED_WHOAMI='07-confroot.tpkg'
-NEED_IPV6='fwd_ancil.tpkg fwd_tcp_tc6.tpkg stub_udp6.tpkg'
+NEED_IPV6='fwd_ancil.tpkg fwd_tcp_tc6.tpkg stub_udp6.tpkg edns_cache.tpkg'
 NEED_NOMINGW='tcp_sigpipe.tpkg 07-confroot.tpkg 08-host-lib.tpkg fwd_ancil.tpkg'
 
 # test if dig and ldns-testns are available.
diff --git a/testcode/unitmain.c b/testcode/unitmain.c
index 3adff443b..aac49586f 100644
--- a/testcode/unitmain.c
+++ b/testcode/unitmain.c
@@ -435,7 +435,7 @@ infra_test(void)
 	unit_assert( infra_edns_update(slab, &one, onelen, -1, now) );
 	unit_assert( infra_host(slab, &one, onelen, 
 			now, &vs, &edns_lame, &to) );
-	unit_assert( vs == 0 && to == init*2  && edns_lame == 0);
+	unit_assert( vs == -1 && to == init*2  && edns_lame == 1);
 
 	now += cfg->host_ttl + 10;
 	unit_assert( infra_host(slab, &one, onelen, 
@@ -465,6 +465,22 @@ infra_test(void)
 	unit_assert(!dlame && !rlame && alame && olame);
 	lock_rw_unlock(&k->entry.lock);
 
+	/* test that noEDNS cannot overwrite known-yesEDNS */
+	now += cfg->host_ttl + 10;
+	unit_assert( infra_host(slab, &one, onelen, 
+			now, &vs, &edns_lame, &to) );
+	unit_assert( vs == 0 && to == init && edns_lame == 0 );
+
+	unit_assert( infra_edns_update(slab, &one, onelen, 0, now) );
+	unit_assert( infra_host(slab, &one, onelen, 
+			now, &vs, &edns_lame, &to) );
+	unit_assert( vs == 0 && to == init && edns_lame == 1 );
+
+	unit_assert( infra_edns_update(slab, &one, onelen, -1, now) );
+	unit_assert( infra_host(slab, &one, onelen, 
+			now, &vs, &edns_lame, &to) );
+	unit_assert( vs == 0 && to == init && edns_lame == 1 );
+
 	infra_delete(slab);
 	config_delete(cfg);
 }
diff --git a/testdata/edns_cache.tpkg b/testdata/edns_cache.tpkg
new file mode 100644
index 0000000000000000000000000000000000000000..c816f2cbd7da9e81b9ac26203e462f321fb6d885
GIT binary patch
literal 2155
zc-jGL2$c69iwFSS@$^gp1MOOSciPGk&%f-an8=(sIVnO9Fz4WyV`50-Hpaeyo947V
zTv=K`*B~i+n7EJc-r1Fe9z5)}j&ttq{t|<<J3Bl3nAw?GsO1C`(=g{$wrs!t;(I_r
zv|7#h`>0X)PVhoi8?B~#)N1NjuIhSAdjZYwB25WV5E?$fi<KLN)Zb0_Q2nnIw7CAc
z*N_I`)AYd>_^7n*x%F2YjmCQY8x7ni>XF{mUx4y7-S5Z$`T8HgL9GU*WrterfE+;J
zM!rcQoKsjD0gfK-aH^*Eg2HM}9k9d0fYthx`~_-Lkmb4@dbcwf$>gNP-{94&l+l)Y
z>?I1YW?js?pSnKS4)A9zw2d3=(ldg<c4kRe#Ri353RMJqaNN-5<1j*4QQo2JPzb{4
z1_J8ep_r}%=T~<}&~B?ST@ZPm>xTjKdxH@#LPj(Djt1b<DfNA0fn#_1<hX1Oikupt
zYAsp8e+fT3KrtM~OeW-N*guijY{(LFwPG$@T58T+kUC)5GjM2#%OcZn#?o6*8DEi{
zRh%*@YaUdu2k$Sh2ffMF<#4=>9R7)1QNAc-i&kL1TCLWkrn}tBxlFr*t;wbh=Twy!
z?o1+uSJ<G^id5PrRpi{bkz-|axq^&vPR&~|oM1(LiP%$^`P2hRRb)+(bwzF{QYz>%
zn`Vbp;-;5>ln7k}G<_eqA+WLv{bq-tlBrDye^khi*3s{Y-S*!K%qQyO0sF5sTI=&)
zX*OHT{;Lf|*#GCidn2F&V@cb&Gl2Yw`ho2_ZBS)}^k`uEwioh(QEcQamoj^{Hj}ZH
zG#m>!15`9Skja@(4c4q@gvfs!Q5d*)petw_+j^s|x8STl22D{Fa$(p`h=0^?gXPQc
zSw54y_+|g%%nZY~0&<2-X0CtV26E;uJv87>*d}L7t4BTRSOJ!2Pao;RYm+O#Ff7@_
zgX+o+!eSv7kTETla%0?$zI{Nu!5CiQ;X|!9`C!<K2-*H-Y{G8+XA|=@eLST9ExncM
zzp5!Z_x~C#q5sc;4gZfV`?LCgxn5F-Z(kpecKi-v*XkZCkulm3cjW+QgcY~;Vi9{M
zgg;hC<Lme8<m$YKl}qCmy+c&<avgN)7QL%G5teG5S89QimZR48aMJd2N_?Dze(i>B
z<(8}6;P+V9Ww-vDt}}g_J@%0P<Eg*a|E8jF{Z~|>|IdLqYH5=Se%`o&9pVA2kqQP)
z(XtlK@dRfFs!A$&K2v{cn0TaOkU%Qz*l)ur3lL681!JmOa37#&-bTNGRB$g*Gvvp$
zgg&)rTTG?#CH3L41k262@48`3gDiZ9dm`-3a%<>c)V@a4zppJ^(^$;;$&JjJveo{M
z4ggA>G{^-#*p?F*mW95Av<|~gPZQ;10!#atV2JZbCI?^u1|Pr%0dt(8U>je##0{q}
z=A)*3e&G7=)_-o(o}`b5@;^!|%l~Lc-2ZRr4Wa+ffn#91G|64W$rl#WS1*U>zds*9
zKI|ve@%R(yM~Xs7e=r_?nY`~K4Y}x!&pv|dnXX0QYk2SBCu54b%C-|3_OCvDfuDxZ
z?ZV))KO9~TNw@ch>(LlY*SnwC78&)=#^;v<`02VoVh^O8a;TgSD%~|%cQE?gA8seA
z<U;>M%>JPF{UzR#e%UJYF1pIv$mFFyhABoIad^dSp^b4D%Z?>n9yO}Ma6ViPFK|Hr
z{cv)^{ph_b@V{eE{O8jr>f-_XuQzpl?f>aYod0QR!u~%8Hse2^{+6=;!z77)Qhogz
zs>AM}cX<JCp{X|;@a7H4=ebX+DKW{sGuCchjty08l=*<=S`BOCbaIh#{!M~Trz~dN
zCf{rJyq{jn(Q7;D*>d7GPZIKEj7EMiI$7YV*H}FsdG<7(@Rw|UrJq-G+nhr+Cj41S
zQ|C#;`rKX8daM!k8{4VpIZbVnw1e6azf8!+0ww=ag-&)wz~WYTMb^>wN%duMVp!4o
z@xftgnHV1A=BF%!7R#WOWzaTd&@vgcJu>h(orTZ#EcT`XYC(;{VNmDs(qB*OhlMS1
zSU*hbv$^6_*=vbLE7E9dns-o&;h_W34S!lsPZET2EkpIbG0fYU&(jY1o2e?k)Kk(L
z{x?%b(8*oJq;r<bMr5;AD9pWVojG>LvpJh9!;Wo2>ZH0bb0PA6$87?<LlM{{Gf$@j
z?}E@rGr@>fMrh7EWEwdpOG0x#lbFXO@?O7ze~`*W_s^5-s|k8EC#t59%IEI+cryMt
z?2k@#d}Y0&*$Dmn69tahH@rK6YSt<)eESwn2|ijF_*POyLN%(Y%rH&k8>y-$v4Sj5
zlj>9@xq!0Rog~W1da2@v#HwyE0KYxPC)BEpH><|Y@HH<=nO%~p$0f#IE!*PhdOmS4
zIcGN6Rh8583$GoW%qUc|S;;yH78FONCXJZv<X^?rLY?9_r0AJb?3HgmzBY%SY&8B3
zd&J?gJi;Lp6W38D#YM{9A4(gIq;167PU5_5>89Q)-H5A*JLUV$Ht9~`@;V>|rB>3f
z#68|0|Eo{Z$AiEBP>)joPg7bv|Hq1i|Mv{o5&s|aD?IkA1@?;ocCp6}3Lb{8T>q9S
zO58?XrwR)Bf#WzQ=J__ppZ{@?`q-G8hopm1ImDI$%K<B(!laN>N!Mi8<Burx_)AvO
z>z%WQ?kAFOu{SVJe+I&=NG=Ppd$d7xW4TMicCxW<A87o|Q=gk--jfws535AOrlPVX
zpnrHgNcCLf*^)5X7*9g8b39v?bK9?CkV6-?uIi80Mgai<0RaI40RaI40RaI40RaI4
h0RaI40RaI40RaI40RaI40Re%>;oojN+K2#9005V)Q9S?v

literal 0
Hc-jL100001

diff --git a/util/iana_ports.inc b/util/iana_ports.inc
index bff957383..021cbe16a 100644
--- a/util/iana_ports.inc
+++ b/util/iana_ports.inc
@@ -5269,6 +5269,7 @@
 40841,
 40842,
 40843,
+40853,
 41111,
 41794,
 41795,
-- 
2.47.2