From: TCY16 <tom@nlnetlabs.nl>
Date: Mon, 21 Nov 2022 10:35:27 +0000 (+0100)
Subject: add cachedb support
X-Git-Tag: release-1.18.0rc1~32
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6dcba49ff1dd30e1188c95e593ba9c7fce4bec65;p=thirdparty%2Funbound.git

add cachedb support
---

diff --git a/cachedb/cachedb.c b/cachedb/cachedb.c
index 6f987fc03..7e26b7c22 100644
--- a/cachedb/cachedb.c
+++ b/cachedb/cachedb.c
@@ -102,7 +102,6 @@ static int
 testframe_init(struct module_env* env, struct cachedb_env* cachedb_env)
 {
 	struct testframe_moddata* d;
-	(void)env;
 	verbose(VERB_ALGO, "testframe_init");
 	d = (struct testframe_moddata*)calloc(1,
 		sizeof(struct testframe_moddata));
@@ -111,6 +110,16 @@ testframe_init(struct module_env* env, struct cachedb_env* cachedb_env)
 		log_err("out of memory");
 		return 0;
 	}
+	cachedb_env->no_internal_lookup = 1;
+
+	if(!edns_register_option(49152,
+		1 /* bypass cache */,
+		0 /* no aggregation */, env)) {
+		log_err("cachedb: could not register test opcode");
+		free(d);
+		return 0;
+	}
+
 	lock_basic_init(&d->lock);
 	lock_protect(&d->lock, d, sizeof(*d));
 	return 1;
@@ -406,6 +415,14 @@ prep_data(struct module_qstate* qstate, struct sldns_buffer* buf)
 	if(qstate->return_msg->rep->ttl == 0 &&
 		!qstate->env->cfg->serve_expired)
 		return 0;
+
+	/* The EDE is added to the out-list so it is encoded in the cached message */
+	if (qstate->env->cfg->ede && qstate->return_msg->rep->reason_bogus != LDNS_EDE_NONE) {
+		edns_opt_list_append_ede(&edns.opt_list_out, qstate->env->scratch,
+					qstate->return_msg->rep->reason_bogus,
+					qstate->return_msg->rep->reason_bogus_str);
+	}
+
 	if(verbosity >= VERB_ALGO)
 		log_dns_msg("cachedb encoding", &qstate->return_msg->qinfo,
 	                qstate->return_msg->rep);
@@ -502,6 +519,7 @@ parse_data(struct module_qstate* qstate, struct sldns_buffer* buf)
 {
 	struct msg_parse* prs;
 	struct edns_data edns;
+	struct edns_option* ede;
 	uint64_t timestamp, expiry;
 	time_t adjust;
 	size_t lim = sldns_buffer_limit(buf);
@@ -539,6 +557,27 @@ parse_data(struct module_qstate* qstate, struct sldns_buffer* buf)
 	if(!qstate->return_msg)
 		return 0;
 	
+	/* We find the EDE in the in-list after parsing */
+	if (qstate->env->cfg->ede && (ede = edns_opt_list_find(edns.opt_list_in, LDNS_EDNS_EDE))) {
+		if (ede->opt_len >= 2) {
+			qstate->return_msg->rep->reason_bogus =
+				sldns_read_uint16(ede->opt_data);
+		}
+
+		/* allocate space and store the error string and it's size */
+		if (ede->opt_len > 2) {
+			size_t ede_len = ede->opt_len - 2;
+
+			qstate->return_msg->rep->reason_bogus_str = regional_alloc(
+				qstate->region, sizeof(char) * (ede_len));
+
+			memcpy(qstate->return_msg->rep->reason_bogus_str,
+			ede->opt_data+2, ede_len);
+
+			qstate->return_msg->rep->reason_bogus_str_size = ede_len;
+		}
+	}
+
 	qstate->return_rcode = LDNS_RCODE_NOERROR;
 
 	/* see how much of the TTL expired, and remove it */
@@ -703,7 +742,7 @@ cachedb_handle_query(struct module_qstate* qstate,
 
 	/* lookup inside unbound's internal cache.
 	 * This does not look for expired entries. */
-	if(cachedb_intcache_lookup(qstate)) {
+	if(!ie->no_internal_lookup && cachedb_intcache_lookup(qstate)) {
 		if(verbosity >= VERB_ALGO) {
 			if(qstate->return_msg->rep)
 				log_dns_msg("cachedb internal cache lookup",
diff --git a/cachedb/cachedb.h b/cachedb/cachedb.h
index 05c4368e6..5b4185b33 100644
--- a/cachedb/cachedb.h
+++ b/cachedb/cachedb.h
@@ -56,6 +56,9 @@ struct cachedb_env {
 
 	/** backend specific data here */
 	void* backend_data;
+
+    /** if true, the cache lookup does not look at the internal cache */
+    int no_internal_lookup;
 };
 
 /**
diff --git a/services/mesh.c b/services/mesh.c
index 9007b6e08..5d5a1b81b 100644
--- a/services/mesh.c
+++ b/services/mesh.c
@@ -1412,9 +1412,7 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
 			m->s.env->cfg->ignore_cd) && rep &&
 			(rep->security <= sec_status_bogus ||
 			rep->security == sec_status_secure_sentinel_fail)) {
-			char *reason = m->s.env->cfg->val_log_level >= 2
-				? errinf_to_str_bogus(&m->s) : NULL;
-
+			char *reason = NULL;
 			/* During validation the EDE code can be received via two
 			 * code paths. One code path fills the reply_info EDE, and
 			 * the other fills it in the errinf_strlist. These paths
@@ -1422,12 +1420,24 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
 			 * the complexity of the validator. At the time of writing
 			 * we make the choice to prefer the EDE from errinf_strlist
 			 * but a compelling reason to do otherwise is just as valid
+			 *
+			 * Not that we try to tie EDE text (reason_bogus_str) to
+			 * the location where we found the reason_bogus.
 			 */
 			sldns_ede_code reason_bogus = errinf_to_reason_bogus(&m->s);
 			if ((reason_bogus == LDNS_EDE_DNSSEC_BOGUS &&
 				rep->reason_bogus != LDNS_EDE_NONE) ||
 				reason_bogus == LDNS_EDE_NONE) {
-					reason_bogus = rep->reason_bogus;
+
+				reason_bogus = rep->reason_bogus;
+				if (rep->reason_bogus_str_size) {
+					reason = strdup(rep->reason_bogus_str);
+				}
+			}
+
+			if (!reason) {
+				reason = m->s.env->cfg->val_log_level >= 2
+				? errinf_to_str_bogus(&m->s) : NULL;
 			}
 
 			if(reason_bogus != LDNS_EDE_NONE) {