#define CTRACE(m) \
ns_client_log(client, NS_LOGCATEGORY_CLIENT, NS_LOGMODULE_CLIENT, \
ISC_LOG_DEBUG(3), "%s", (m))
-#define MTRACE(m) \
- isc_log_write(ns_lctx, NS_LOGCATEGORY_CLIENT, NS_LOGMODULE_CLIENT, \
+#define MTRACE(m) \
+ isc_log_write(NS_LOGCATEGORY_CLIENT, NS_LOGMODULE_CLIENT, \
ISC_LOG_DEBUG(3), "clientmgr @%p: %s", manager, (m))
#else /* ifdef NS_CLIENT_TRACE */
#define CTRACE(m) ((void)(m))
#define MTRACE(m) ((void)(m))
#endif /* ifdef NS_CLIENT_TRACE */
-#define TCP_CLIENT(c) (((c)->inner.attributes & NS_CLIENTATTR_TCP) != 0)
-
#define COOKIE_SIZE 24U /* 8 + 4 + 4 + 8 */
#define ECS_SIZE 20U /* 2 + 1 + 1 + [0..16] */
-#define USEKEEPALIVE(x) \
- (((x)->inner.attributes & NS_CLIENTATTR_USEKEEPALIVE) != 0)
-#define WANTEXPIRE(x) (((x)->inner.attributes & NS_CLIENTATTR_WANTEXPIRE) != 0)
-#define WANTNSID(x) (((x)->inner.attributes & NS_CLIENTATTR_WANTNSID) != 0)
-#define WANTPAD(x) (((x)->inner.attributes & NS_CLIENTATTR_WANTPAD) != 0)
-#define WANTRC(x) (((x)->inner.attributes & NS_CLIENTATTR_WANTRC) != 0)
-#define WANTZONEVERSION(x) \
- (((x)->inner.attributes & NS_CLIENTATTR_WANTZONEVERSION) != 0)
-
#define MANAGER_MAGIC ISC_MAGIC('N', 'S', 'C', 'm')
#define VALID_MANAGER(m) ISC_MAGIC_VALID(m, MANAGER_MAGIC)
*
* When DoQ support this had to be removed to get correct DoQ entries.
*/
- if (!TCP_CLIENT(client)) {
+ if (!client->inner.tcp) {
return DNS_TRANSPORT_UDP;
}
dns_message_reset(client->message, DNS_MESSAGE_INTENTPARSE);
/*
- * Clear all client attributes that are specific to the request
+ * Clear all client attributes that are specific to the request,
+ * but keep the async attribute needed for reseting the async
+ * state later.
*/
- client->inner.attributes = 0;
+ bool async = client->inner.async;
+ memset(&client->inner.attrs, 0, sizeof(client->inner.attrs));
+ client->inner.async = async;
#ifdef ENABLE_AFL
if (client->manager->sctx->fuzznotify != NULL &&
(client->manager->sctx->fuzztype == isc_fuzz_client ||
isc_histomulti_detach(&hmpin);
}
} else {
- if (!TCP_CLIENT(client) && result == ISC_R_MAXSIZE) {
+ if (!client->inner.tcp && result == ISC_R_MAXSIZE) {
ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
"send exceeded maximum size: truncating");
- client->query.attributes &= ~NS_QUERYATTR_ANSWERED;
+ client->query.answered = false;
client->inner.rcode_override = dns_rcode_noerror;
ns_client_error(client, ISC_R_MAXSIZE);
} else {
REQUIRE(datap != NULL);
- if (TCP_CLIENT(client)) {
+ if (client->inner.tcp) {
client_setup_tcp_buffer(client);
data = client->inner.tcpbuf;
isc_buffer_init(buffer, data, client->inner.tcpbuf_size);
} else {
data = client->sendbuf;
- if ((client->inner.attributes & NS_CLIENTATTR_HAVECOOKIE) == 0)
- {
+ if (!client->inner.havecookie) {
if (client->inner.view != NULL) {
bufsize = client->inner.view->nocookieudp;
} else {
REQUIRE(NS_CLIENT_VALID(client));
- if ((client->query.attributes & NS_QUERYATTR_ANSWERED) != 0) {
+ if (client->query.answered) {
return;
}
CTRACE("send");
- if (client->message->opcode == dns_opcode_query &&
- (client->inner.attributes & NS_CLIENTATTR_RA) != 0)
- {
+ if (client->message->opcode == dns_opcode_query && client->inner.ra) {
client->message->flags |= DNS_MESSAGEFLAG_RA;
}
- if ((client->inner.attributes & NS_CLIENTATTR_WANTDNSSEC) != 0) {
+ if (client->inner.wantdnssec) {
render_opts = 0;
} else {
render_opts = DNS_MESSAGERENDER_OMITDNSSEC;
/*
* Create an OPT for our reply.
*/
- if ((client->inner.attributes & NS_CLIENTATTR_WANTOPT) != 0) {
+ if (client->inner.wantopt) {
CHECK(ns_client_addopt(client, client->message));
opt_included = true;
}
if (client->inner.sendcb != NULL) {
client->inner.sendcb(&buffer);
- } else if (TCP_CLIENT(client)) {
+ } else if (client->inner.tcp) {
isc_buffer_usedregion(&buffer, &r);
#ifdef HAVE_DNSTAP
if (client->inner.view != NULL) {
ns_statscounter_truncatedresp);
}
- client->query.attributes |= NS_QUERYATTR_ANSWERED;
+ client->query.answered = true;
return;
loglevel = ISC_LOG_DEBUG(1);
}
wouldlog = isc_log_wouldlog(loglevel);
- rrl_result = dns_rrl(
- client->inner.view, NULL, &client->inner.peeraddr,
- TCP_CLIENT(client), dns_rdataclass_in,
- dns_rdatatype_none, NULL, result, client->inner.now,
- wouldlog, log_buf, sizeof(log_buf));
+ rrl_result = dns_rrl(client->inner.view, NULL,
+ &client->inner.peeraddr, client->inner.tcp,
+ dns_rdataclass_in, dns_rdatatype_none,
+ NULL, result, client->inner.now, wouldlog,
+ log_buf, sizeof(log_buf));
if (rrl_result != DNS_RRL_RESULT_OK) {
/*
* Log dropped errors in the query-errors category
client->inner.formerrcache.id = message->id;
} else if (rcode == dns_rcode_servfail && client->query.qname != NULL &&
client->inner.view != NULL &&
- client->inner.view->fail_ttl != 0 &&
- ((client->inner.attributes & NS_CLIENTATTR_NOSETFC) == 0))
+ client->inner.view->fail_ttl != 0 && !client->inner.nosetfc)
{
/*
* SERVFAIL caching: store qname/qtype of failed queries
dns_message_ednsinit(message, 0, udpsize, flags, 0);
/* Set EDNS options if applicable */
- if (WANTNSID(client)) {
+ if (client->inner.wantnsid) {
char nsid[_POSIX_HOST_NAME_MAX + 1];
char *nsidp = NULL;
}
}
- if ((client->inner.attributes & NS_CLIENTATTR_WANTCOOKIE) != 0) {
+ if (client->inner.wantcookie) {
isc_buffer_t buf;
isc_stdtime_t now = isc_stdtime_now();
RETERR(dns_message_ednsaddopt(message, &option));
}
- if ((client->inner.attributes & NS_CLIENTATTR_HAVEEXPIRE) != 0) {
+ if (client->inner.haveexpire) {
isc_buffer_t buf;
isc_buffer_init(&buf, expire, sizeof(expire));
RETERR(dns_message_ednsaddopt(message, &option));
}
- if (((client->inner.attributes & NS_CLIENTATTR_HAVEECS) != 0) &&
+ if (client->inner.haveecs &&
(client->inner.ecs.addr.family == AF_INET ||
client->inner.ecs.addr.family == AF_INET6))
{
RETERR(dns_message_ednsaddopt(message, &option));
}
- if (TCP_CLIENT(client) && USEKEEPALIVE(client)) {
+ if (client->inner.tcp && client->inner.usekeepalive) {
uint32_t advertised_timeout = isc_nm_getadvertisedtimeout();
isc_buffer_t buf;
.value = ede->value };
RETERR(dns_message_ednsaddopt(message, &option));
}
- if ((client->inner.attributes & NS_CLIENTATTR_HAVEZONEVERSION) != 0) {
+ if (client->inner.havezoneversion) {
dns_ednsopt_t option = {
.code = DNS_OPT_ZONEVERSION,
.length = client->inner.zoneversionlength,
RETERR(dns_message_ednsaddopt(message, &option));
}
- if (WANTRC(client)) {
+ if (client->inner.wantrc) {
dns_name_t *rad = NULL;
if (dns_name_dynamic(&client->inner.rad)) {
rad = &client->inner.rad;
}
/* Padding must be added last */
- if ((view != NULL) && (view->padding > 0) && WANTPAD(client) &&
- (TCP_CLIENT(client) ||
- ((client->inner.attributes & NS_CLIENTATTR_HAVECOOKIE) != 0)))
+ if ((view != NULL) && (view->padding > 0) && client->inner.wantpad &&
+ (client->inner.tcp || client->inner.havecookie))
{
isc_netaddr_t netaddr;
int match;
/*
* If we have already seen a cookie option skip this cookie option.
*/
- if ((!client->manager->sctx->answercookie) ||
- (client->inner.attributes & NS_CLIENTATTR_WANTCOOKIE) != 0)
+ if ((!client->manager->sctx->answercookie) || client->inner.wantcookie)
{
isc_buffer_forward(buf, (unsigned int)optlen);
return;
}
- client->inner.attributes |= NS_CLIENTATTR_WANTCOOKIE;
+ client->inner.wantcookie = true;
ns_stats_increment(client->manager->sctx->nsstats,
ns_statscounter_cookiein);
} else {
ns_stats_increment(client->manager->sctx->nsstats,
ns_statscounter_cookiebadsize);
- client->inner.attributes |= NS_CLIENTATTR_BADCOOKIE;
+ client->inner.badcookie = true;
}
return;
}
if (isc_serial_gt(when, now + 300) /* In the future. */ ||
isc_serial_lt(when, now - 3600) /* In the past. */)
{
- client->inner.attributes |= NS_CLIENTATTR_BADCOOKIE;
+ client->inner.badcookie = true;
ns_stats_increment(client->manager->sctx->nsstats,
ns_statscounter_cookiebadtime);
return;
if (isc_safe_memequal(old, dbuf, COOKIE_SIZE) || alwaysvalid) {
ns_stats_increment(client->manager->sctx->nsstats,
ns_statscounter_cookiematch);
- client->inner.attributes |= NS_CLIENTATTR_HAVECOOKIE;
+ client->inner.havecookie = true;
return;
}
if (isc_safe_memequal(old, dbuf, COOKIE_SIZE)) {
ns_stats_increment(client->manager->sctx->nsstats,
ns_statscounter_cookiematch);
- client->inner.attributes |= NS_CLIENTATTR_HAVECOOKIE;
+ client->inner.havecookie = true;
return;
}
}
- client->inner.attributes |= NS_CLIENTATTR_BADCOOKIE;
+ client->inner.badcookie = true;
ns_stats_increment(client->manager->sctx->nsstats,
ns_statscounter_cookienomatch);
}
/*
* If we have already seen a ECS option skip this ECS option.
*/
- if ((client->inner.attributes & NS_CLIENTATTR_HAVEECS) != 0) {
+ if (client->inner.haveecs) {
isc_buffer_forward(buf, (unsigned int)optlen);
return ISC_R_SUCCESS;
}
memmove(&client->inner.ecs.addr, &caddr, sizeof(caddr));
client->inner.ecs.source = addrlen;
client->inner.ecs.scope = 0;
- client->inner.attributes |= NS_CLIENTATTR_HAVEECS;
+ client->inner.haveecs = true;
isc_buffer_forward(buf, (unsigned int)optlen);
return ISC_R_SUCCESS;
}
switch (optcode) {
case DNS_OPT_NSID:
- if (!WANTNSID(client)) {
+ if (!client->inner.wantnsid) {
ns_stats_increment(
client->manager->sctx->nsstats,
ns_statscounter_nsidopt);
}
- client->inner.attributes |=
- NS_CLIENTATTR_WANTNSID;
+ client->inner.wantnsid = true;
isc_buffer_forward(&optbuf, optlen);
break;
case DNS_OPT_COOKIE:
process_cookie(client, &optbuf, optlen);
break;
case DNS_OPT_EXPIRE:
- if (!WANTEXPIRE(client)) {
+ if (!client->inner.wantexpire) {
ns_stats_increment(
client->manager->sctx->nsstats,
ns_statscounter_expireopt);
}
- client->inner.attributes |=
- NS_CLIENTATTR_WANTEXPIRE;
+ client->inner.wantexpire = true;
isc_buffer_forward(&optbuf, optlen);
break;
case DNS_OPT_CLIENT_SUBNET:
ns_statscounter_ecsopt);
break;
case DNS_OPT_TCP_KEEPALIVE:
- if (!USEKEEPALIVE(client)) {
+ if (!client->inner.usekeepalive) {
ns_stats_increment(
client->manager->sctx->nsstats,
ns_statscounter_keepaliveopt);
}
- client->inner.attributes |=
- NS_CLIENTATTR_USEKEEPALIVE;
+ client->inner.usekeepalive = true;
isc_nmhandle_keepalive(client->inner.handle,
true);
isc_buffer_forward(&optbuf, optlen);
break;
case DNS_OPT_PAD:
- client->inner.attributes |=
- NS_CLIENTATTR_WANTPAD;
+ client->inner.wantpad = true;
ns_stats_increment(
client->manager->sctx->nsstats,
ns_statscounter_padopt);
ns_statscounter_keytagopt);
break;
case DNS_OPT_ZONEVERSION:
- if (optlen != 0 || WANTZONEVERSION(client)) {
+ if (optlen != 0 ||
+ client->inner.wantzoneversion)
+ {
result = DNS_R_FORMERR;
goto formerr;
}
ns_stats_increment(
client->manager->sctx->nsstats,
ns_statscounter_zoneversionopt);
- client->inner.attributes |=
- NS_CLIENTATTR_WANTZONEVERSION;
+ client->inner.wantzoneversion = true;
isc_buffer_forward(&optbuf, optlen);
break;
default:
ns_stats_increment(client->manager->sctx->nsstats,
ns_statscounter_badednsver);
result = DNS_R_BADVERS;
- client->inner.attributes |= NS_CLIENTATTR_WANTOPT;
+ client->inner.wantopt = true;
ns_client_error(client, result);
return result;
}
ns_stats_increment(client->manager->sctx->nsstats,
ns_statscounter_edns0in);
- client->inner.attributes |= NS_CLIENTATTR_WANTOPT;
+ client->inner.wantopt = true;
return result;
if (result == DNS_R_OPTERR) {
result = DNS_R_FORMERR;
}
- client->inner.attributes |= NS_CLIENTATTR_WANTOPT;
+ client->inner.wantopt = true;
ns_client_error(client, result);
return result;
}
}
if (isc_nmhandle_is_stream(handle)) {
- client->inner.attributes |= NS_CLIENTATTR_TCP;
+ client->inner.tcp = true;
}
INSIST(client->inner.state == NS_CLIENTSTATE_READY);
ns_client_log(client, NS_LOGCATEGORY_CLIENT, NS_LOGMODULE_CLIENT,
ISC_LOG_DEBUG(3), "%s request",
- TCP_CLIENT(client) ? "TCP" : "UDP");
+ client->inner.tcp ? "TCP" : "UDP");
result = dns_message_peekheader(client->inner.buffer, &id, &flags);
if (result != ISC_R_SUCCESS) {
ns_stats_increment(client->manager->sctx->nsstats,
ns_statscounter_requestv6);
}
- if (TCP_CLIENT(client)) {
+ if (client->inner.tcp) {
ns_stats_increment(client->manager->sctx->nsstats,
ns_statscounter_requesttcp);
switch (isc_sockaddr_pf(&client->inner.peeraddr)) {
* (typically FORMERR or SERVFAIL).
*/
if (result == DNS_R_OPTERR) {
- client->inner.attributes |= NS_CLIENTATTR_WANTOPT;
+ client->inner.wantopt = true;
}
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1),
char classbuf[DNS_RDATACLASS_FORMATSIZE];
switch (client->message->rdclass) {
case dns_rdataclass_reserved0:
- if ((client->inner.attributes & NS_CLIENTATTR_WANTCOOKIE) !=
- 0 &&
+ if (client->inner.wantcookie &&
client->message->opcode == dns_opcode_query &&
client->message->counts[DNS_SECTION_QUESTION] == 0U)
{
ra_refusal_reason = ALLOW_QUERY_CACHE_ON;
} else {
ra = true;
- client->inner.attributes |= NS_CLIENTATTR_RA;
+ client->inner.ra = true;
}
ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_CLIENT,
dns_ede_reset(&client->edectx);
}
- client->query.attributes &= ~NS_QUERYATTR_ANSWERED;
+ client->query.answered = false;
client->inner.state = NS_CLIENTSTATE_INACTIVE;
client->inner.udpsize = 512;
client->inner.ednsversion = -1;
dns_message_puttempname(client->message, &client->query.qname);
}
client->query.qname = name;
- client->query.attributes &= ~NS_QUERYATTR_REDIRECT;
+ client->query.is_redirect = false;
UNLOCK(&client->query.fetchlock);
}
dns_name_t *name = NULL;
isc_region_t r;
- REQUIRE((client->query.attributes & NS_QUERYATTR_NAMEBUFUSED) == 0);
+ REQUIRE(!client->query.namebufused);
CTRACE("ns_client_newname");
isc_buffer_init(nbuf, r.base, r.length);
dns_name_setbuffer(name, NULL);
dns_name_setbuffer(name, nbuf);
- client->query.attributes |= NS_QUERYATTR_NAMEBUFUSED;
+ client->query.namebufused = true;
CTRACE("ns_client_newname: done");
return name;
* 'name' is using space in 'dbuf', but 'dbuf' has not yet been
* adjusted to take account of that. We do the adjustment.
*/
- REQUIRE((client->query.attributes & NS_QUERYATTR_NAMEBUFUSED) != 0);
+ REQUIRE(client->query.namebufused);
dns_name_toregion(name, &r);
isc_buffer_add(dbuf, r.length);
dns_name_setbuffer(name, NULL);
- client->query.attributes &= ~NS_QUERYATTR_NAMEBUFUSED;
+ client->query.namebufused = false;
}
void
*/
CTRACE("ns_client_releasename");
- client->query.attributes &= ~NS_QUERYATTR_NAMEBUFUSED;
+ client->query.namebufused = false;
dns_message_puttempname(client->message, namep);
CTRACE("ns_client_releasename: done");
}
(qctx)->line = __LINE__; \
} while (0)
-/*% Partial answer? */
-#define PARTIALANSWER(c) \
- (((c)->query.attributes & NS_QUERYATTR_PARTIALANSWER) != 0)
-/*% Use Cache? */
-#define USECACHE(c) (((c)->query.attributes & NS_QUERYATTR_CACHEOK) != 0)
-/*% Recursion OK? */
-#define RECURSIONOK(c) (((c)->query.attributes & NS_QUERYATTR_RECURSIONOK) != 0)
-/*% Recursing? */
-#define RECURSING(c) (((c)->query.attributes & NS_QUERYATTR_RECURSING) != 0)
-/*% Want Recursion? */
-#define WANTRECURSION(c) \
- (((c)->query.attributes & NS_QUERYATTR_WANTRECURSION) != 0)
-/*% Is TCP? */
-#define TCP(c) (((c)->inner.attributes & NS_CLIENTATTR_TCP) != 0)
-/*% This query needs to have been sent over TCP. Return TC=1. */
-#define NEEDTCP(c) (((c)->inner.attributes & NS_CLIENTATTR_NEEDTCP) != 0)
-
-/*% Want DNSSEC? */
-#define WANTDNSSEC(c) (((c)->inner.attributes & NS_CLIENTATTR_WANTDNSSEC) != 0)
-/*% Want WANTAD? */
-#define WANTAD(c) (((c)->inner.attributes & NS_CLIENTATTR_WANTAD) != 0)
-/*% Client presented a bad COOKIE. */
-#define BADCOOKIE(c) (((c)->inner.attributes & NS_CLIENTATTR_BADCOOKIE) != 0)
-/*% Client presented a valid COOKIE. */
-#define HAVECOOKIE(c) (((c)->inner.attributes & NS_CLIENTATTR_HAVECOOKIE) != 0)
-/*% Client presented a COOKIE. */
-#define WANTCOOKIE(c) (((c)->inner.attributes & NS_CLIENTATTR_WANTCOOKIE) != 0)
-/*% Client presented a CLIENT-SUBNET option. */
-#define HAVEECS(c) (((c)->inner.attributes & NS_CLIENTATTR_HAVEECS) != 0)
-/*% No authority? */
-#define NOAUTHORITY(c) (((c)->query.attributes & NS_QUERYATTR_NOAUTHORITY) != 0)
-/*% No additional? */
-#define NOADDITIONAL(c) \
- (((c)->query.attributes & NS_QUERYATTR_NOADDITIONAL) != 0)
-/*% Secure? */
-#define SECURE(c) (((c)->query.attributes & NS_QUERYATTR_SECURE) != 0)
-/*% DNS64 A lookup? */
-#define DNS64(c) (((c)->query.attributes & NS_QUERYATTR_DNS64) != 0)
-
-#define DNS64EXCLUDE(c) \
- (((c)->query.attributes & NS_QUERYATTR_DNS64EXCLUDE) != 0)
-
-#define REDIRECT(c) (((c)->query.attributes & NS_QUERYATTR_REDIRECT) != 0)
-
-/*% Was the client already sent a response? */
-#define QUERY_ANSWERED(q) (((q)->attributes & NS_QUERYATTR_ANSWERED) != 0)
-
/*% Does the query wants to check for stale RRset due to a timeout? */
#define QUERY_STALETIMEOUT(q) (((q)->dboptions & DNS_DBFIND_STALETIMEOUT) != 0)
-/*% Does the rdataset 'r' have an attached 'No QNAME Proof'? */
-#define NOQNAME(r) ((r)->attributes.noqname)
-
-/*% Does the rdataset 'r' contain a stale answer? */
-#define STALE(r) ((r)->attributes.stale)
-
-/*% Does the rdataset 'r' is stale and within stale-refresh-time? */
-#define STALE_WINDOW(r) ((r)->attributes.stale_window)
-
#ifdef WANT_QUERYTRACE
static void
client_trace(ns_client_t *client, int level, const char *message) {
isc_buffer_t b;
isc_buffer_init(&b, buf, len);
- isc_buffer_putuint8(&b, WANTRECURSION(client) ? '+' : '-');
+ isc_buffer_putuint8(&b, client->query.wantrecursion ? '+' : '-');
if (client->inner.ednsversion >= 0) {
char ednsbuf[sizeof("E(255)")] = { 0 };
if (client->inner.signer != NULL) {
isc_buffer_putuint8(&b, 'S');
}
- if (TCP(client)) {
+ if (client->inner.tcp) {
isc_buffer_putuint8(&b, 'T');
}
if ((extflags & DNS_MESSAGEEXTFLAG_DO) != 0) {
if ((flags & DNS_MESSAGEFLAG_CD) != 0) {
isc_buffer_putuint8(&b, 'C');
}
- if (HAVECOOKIE(client)) {
+ if (client->inner.havecookie) {
isc_buffer_putuint8(&b, 'V');
- } else if (WANTCOOKIE(client)) {
+ } else if (client->inner.wantcookie) {
isc_buffer_putuint8(&b, 'K');
}
isc_buffer_putuint8(&b, 0);
isc_buffer_putuint8(&b, 0);
isc_netaddr_format(&client->inner.destaddr, onbuf, sizeof(onbuf));
- if (HAVEECS(client)) {
+ if (client->inner.haveecs) {
ns_client_log_ecs(client, ecsbuf, sizeof(ecsbuf));
}
dns_message_puttempname(client->message, &client->query.qname);
}
client->query.qname = NULL;
- client->query.attributes = (NS_QUERYATTR_RECURSIONOK |
- NS_QUERYATTR_CACHEOK | NS_QUERYATTR_SECURE);
+
+ memset(&client->query.attrs, 0, sizeof(client->query.attrs));
+
+ client->query.recursionok = true;
+ client->query.cacheok = true;
+ client->query.secure = true;
+
client->query.restarts = 0;
client->query.timerset = false;
if (client->query.rpz_st != NULL) {
* evaluation using the appropriate level, along with 'name' and 'qtype'.
*
* The cache ACL is only evaluated once for each client and then the result is
- * cached: if NS_QUERYATTR_CACHEACLOKVALID is set in client->query.attributes,
- * cache ACL evaluation has already been performed. The evaluation result is
- * also stored in client->query.attributes: if NS_QUERYATTR_CACHEACLOK is set,
- * the client is allowed cache access.
+ * cached: if client->query.cacheaclokvalid is set, cache ACL evaluation has
+ * already been performed. The evaluation result is also stored in
+ * client->query.cacheaclok: if set, the client is allowed cache access.
*
* Returns:
*
dns_rdatatype_t qtype, dns_getdb_options_t options) {
isc_result_t result;
- if ((client->query.attributes & NS_QUERYATTR_CACHEACLOKVALID) == 0) {
+ if (!client->query.cacheaclokvalid) {
enum refusal_reasons {
ALLOW_QUERY_CACHE,
ALLOW_QUERY_CACHE_ON
/*
* We were allowed by the "allow-query-cache" ACL.
*/
- client->query.attributes |= NS_QUERYATTR_CACHEACLOK;
+ client->query.cacheaclok = true;
if (!options.nolog &&
isc_log_wouldlog(ISC_LOG_DEBUG(3)))
{
} else {
/*
* We were denied by the "allow-query-cache" ACL.
- * There is no need to clear NS_QUERYATTR_CACHEACLOK
+ * There is no need to clear cacheaclok
* since it is cleared by query_reset(), before query
* processing starts.
*/
/*
* Evaluation has been finished; make sure we will just consult
- * NS_QUERYATTR_CACHEACLOK for this client from now on.
+ * cacheaclok for this client from now on.
*/
- client->query.attributes |= NS_QUERYATTR_CACHEACLOKVALID;
+ client->query.cacheaclokvalid = true;
}
- return (client->query.attributes & NS_QUERYATTR_CACHEACLOK) != 0
- ? ISC_R_SUCCESS
- : DNS_R_REFUSED;
+ return client->query.cacheaclok ? ISC_R_SUCCESS : DNS_R_REFUSED;
}
static isc_result_t
* answering a query where recursion is requested and allowed.
*/
if (client->query.rpz_st == NULL &&
- !(WANTRECURSION(client) && RECURSIONOK(client)) &&
+ !(client->query.wantrecursion && client->query.recursionok) &&
client->query.authdbset && db != client->query.authdb)
{
return DNS_R_REFUSED;
* and should not be disclosed.
*/
if (dns_zone_gettype(zone) == dns_zone_staticstub &&
- !RECURSIONOK(client))
+ !client->query.recursionok)
{
return DNS_R_REFUSED;
}
queryacl = dns_zone_getqueryacl(zone);
if (queryacl == NULL) {
queryacl = client->inner.view->queryacl;
- if ((client->query.attributes & NS_QUERYATTR_QUERYOKVALID) != 0)
- {
+ if (client->query.queryokvalid) {
/*
* We've evaluated the view's queryacl already. If
- * NS_QUERYATTR_QUERYOK is set, then the client is
+ * queryok is set, then the client is
* allowed to make queries, otherwise the query should
* be refused.
*/
dbversion->acl_checked = true;
- if ((client->query.attributes & NS_QUERYATTR_QUERYOK) ==
- 0)
- {
+ if (!client->query.queryok) {
dbversion->queryok = false;
return DNS_R_REFUSED;
}
* "allow-query" ACL. Remember this so we
* don't have to check again.
*/
- client->query.attributes |= NS_QUERYATTR_QUERYOK;
+ client->query.queryok = true;
}
/*
* We've now evaluated the view's query ACL, and
- * the NS_QUERYATTR_QUERYOK attribute is now valid.
+ * the queryok attribute is now valid.
*/
- client->query.attributes |= NS_QUERYATTR_QUERYOKVALID;
+ client->query.queryokvalid = true;
}
/* If and only if we've gotten this far, check allow-query-on too */
REQUIRE(dbp != NULL && *dbp == NULL);
- if (!USECACHE(client)) {
+ if (!client->query.cacheok) {
return DNS_R_REFUSED;
}
&node, fname, rdataset, sigrdataset);
if (result != ISC_R_SUCCESS &&
qctx->view->minimalresponses == dns_minimal_no &&
- RECURSIONOK(client))
+ client->query.recursionok)
{
/*
* If we aren't doing response minimization and recursion is
REQUIRE(NS_CLIENT_VALID(client));
REQUIRE(qtype != dns_rdatatype_any);
- if (!WANTDNSSEC(client) && dns_rdatatype_isdnssec(qtype)) {
+ if (!client->inner.wantdnssec && dns_rdatatype_isdnssec(qtype)) {
return ISC_R_SUCCESS;
}
dbuf = ns_client_getnamebuf(client);
fname = ns_client_newname(client, dbuf, &b);
rdataset = ns_client_newrdataset(client);
- if (WANTDNSSEC(client)) {
+ if (client->inner.wantdnssec) {
sigrdataset = ns_client_newrdataset(client);
}
rdataset, sigrdataset);
dns_cache_updatestats(qctx->view->cache, result);
- if (!WANTDNSSEC(client)) {
+ if (!client->inner.wantdnssec) {
ns_client_putrdataset(client, &sigrdataset);
}
if (result == ISC_R_SUCCESS) {
}
if (sigrdataset != NULL) {
dns_rdataset_cleanup(sigrdataset);
- } else if (WANTDNSSEC(client)) {
+ } else if (client->inner.wantdnssec) {
sigrdataset = ns_client_newrdataset(client);
}
if (query_isduplicate(client, fname, dns_rdatatype_a, NULL)) {
CTRACE(ISC_LOG_DEBUG(3), "query_additional");
- if (NOADDITIONAL(client)) {
+ if (client->query.noadditional) {
return;
}
if (rdataset->trust != dns_trust_secure &&
(section == DNS_SECTION_ANSWER || section == DNS_SECTION_AUTHORITY))
{
- client->query.attributes &= ~NS_QUERYATTR_SECURE;
+ client->query.secure = false;
}
/*
*/
client->inner.tnow = isc_time_now();
client->inner.now = isc_time_seconds(&client->inner.tnow);
- client->query.attributes &= ~NS_QUERYATTR_RECURSIONOK;
+ client->query.recursionok = false;
qctx_init(client, NULL, 0, &qctx);
dns_clientinfomethods_init(&cm, ns_client_sourceip);
dns_clientinfo_init(&ci, qctx.client, NULL);
- if (HAVEECS(qctx.client)) {
+ if (qctx.client->inner.haveecs) {
dns_clientinfo_setecs(&ci, &qctx.client->inner.ecs);
}
tmprdataset = ns_client_newrdataset(client);
- if (!TCP(client)) {
+ if (!client->inner.tcp) {
peeraddr = &client->inner.peeraddr;
} else {
peeraddr = NULL;
bool stale_rrset = true;
if (rdataset != NULL) {
- stale_refresh_window = (STALE_WINDOW(rdataset) &&
+ stale_refresh_window = (rdataset->attributes.stale_window &&
(client->query.dboptions &
DNS_DBFIND_STALEENABLED) != 0);
- stale_rrset = STALE(rdataset);
+ stale_rrset = rdataset->attributes.stale;
}
if (FETCH_RECTYPE_STALE_REFRESH(client) != NULL ||
/*
* If the client wants recursion, allow only compatible policies.
*/
- if (!RECURSIONOK(client)) {
+ if (!client->query.recursionok) {
zbits &= st->popt.no_rd_ok;
}
result = dns_db_findext(*dbp, name, version, type, options,
client->inner.now, &node, found, &cm, &ci,
*rdatasetp, NULL);
- if (result == DNS_R_DELEGATION && is_zone && USECACHE(client)) {
+ if (result == DNS_R_DELEGATION && is_zone && client->query.cacheok) {
/*
* Try the cache if we're authoritative for an
* ancestor but not the domain itself. DELEGATION or
if (st != NULL && (st->state & DNS_RPZ_REWRITTEN) != 0) {
return DNS_R_DISALLOWED;
}
- if (RECURSING(client)) {
+ if (client->query.recursing) {
return DNS_R_DISALLOWED;
}
RWLOCK(&rpzs->search_lock, isc_rwlocktype_read);
if ((rpzs->p.num_zones == 0) ||
- (!RECURSIONOK(client) && rpzs->p.no_rd_ok == 0) ||
+ (!client->query.recursionok && rpzs->p.no_rd_ok == 0) ||
!rpz_ck_dnssec(client, qresult, ordataset, osigset))
{
RWUNLOCK(&rpzs->search_lock, isc_rwlocktype_read);
zones_processed < zones_registered)
{
/* Do not pollute SERVFAIL cache */
- client->inner.attributes |= NS_CLIENTATTR_NOSETFC;
+ client->inner.nosetfc = true;
if (can_log_rpznotready()) {
rpz_log_fail(client, DNS_RPZ_INFO_LEVEL, NULL,
* If recursion is off, this the normal and only time we
* can rewrite.
*/
- if (RECURSIONOK(client)) {
+ if (client->query.recursionok) {
qresult_type = qresult_type_recurse;
} else {
qresult_type = qresult_type_restart;
CTRACE(ISC_LOG_DEBUG(3), "rpz_ck_dnssec");
- if (client->inner.view->rpzs->p.break_dnssec || !WANTDNSSEC(client)) {
+ if (client->inner.view->rpzs->p.break_dnssec ||
+ !client->inner.wantdnssec)
+ {
return true;
}
return true;
}
- if (RECURSIONOK(client)) {
+ if (client->query.recursionok) {
flags |= DNS_DNS64_RECURSIVE;
}
- if (WANTDNSSEC(client) && sigrdataset != NULL &&
+ if (client->inner.wantdnssec && sigrdataset != NULL &&
dns_rdataset_isassociated(sigrdataset))
{
flags |= DNS_DNS64_DNSSEC;
dns_clientinfo_init(&ci, client, NULL);
dns_clientinfo_setecs(&ci, &client->inner.ecs);
- if (WANTDNSSEC(client) && dns_db_iszone(*dbp) && dns_db_issecure(*dbp))
+ if (client->inner.wantdnssec && dns_db_iszone(*dbp) &&
+ dns_db_issecure(*dbp))
{
return ISC_R_NOTFOUND;
}
- if (WANTDNSSEC(client) && dns_rdataset_isassociated(rdataset)) {
+ if (client->inner.wantdnssec && dns_rdataset_isassociated(rdataset)) {
if (rdataset->trust == dns_trust_secure) {
return ISC_R_NOTFOUND;
}
dns_db_detach(&db);
*versionp = dbversion->version;
- client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
- NS_QUERYATTR_NOADDITIONAL);
+ client->query.noauthority = true;
+ client->query.noadditional = true;
return result;
}
dns_zone_t *zone = NULL;
bool is_zone;
unsigned int labels;
- bool redirected = REDIRECT(client);
+ bool redirected = client->query.is_redirect;
CTRACE(ISC_LOG_DEBUG(3), "redirect2");
- client->query.attributes &= ~NS_QUERYATTR_REDIRECT;
+ client->query.is_redirect = false;
if (client->inner.view->redirectzone == NULL) {
return ISC_R_NOTFOUND;
dns_clientinfo_init(&ci, client, NULL);
dns_clientinfo_setecs(&ci, &client->inner.ecs);
- if (WANTDNSSEC(client) && dns_db_iszone(*dbp) && dns_db_issecure(*dbp))
+ if (client->inner.wantdnssec && dns_db_iszone(*dbp) &&
+ dns_db_issecure(*dbp))
{
return ISC_R_NOTFOUND;
}
- if (WANTDNSSEC(client) && dns_rdataset_isassociated(rdataset)) {
+ if (client->inner.wantdnssec && dns_rdataset_isassociated(rdataset)) {
if (rdataset->trust == dns_trust_secure) {
return ISC_R_NOTFOUND;
}
result = ns_query_recurse(client, qtype, redirectname,
NULL, NULL, true);
if (result == ISC_R_SUCCESS) {
- client->query.attributes |=
- (NS_QUERYATTR_RECURSING |
- NS_QUERYATTR_REDIRECT);
+ client->query.recursing = true;
+ client->query.is_redirect = true;
return DNS_R_CONTINUE;
}
}
*is_zonep = is_zone;
*versionp = version;
- client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
- NS_QUERYATTR_NOADDITIONAL);
+ client->query.noauthority = true;
+ client->query.noadditional = true;
return result;
}
* Log detailed information about the query immediately after
* the client request or a return from recursion.
*/
+#ifdef WANT_QUERYTRACE
+static void
+attrs_tohex(char *dst, size_t dstsize, const uint8_t *src, size_t srclen) {
+ for (size_t i = 0; i < srclen; i++) {
+ snprintf(&dst[i * 2], dstsize - i * 2, "%02x", src[i]);
+ }
+}
+
static void
query_trace(query_ctx_t *qctx) {
-#ifdef WANT_QUERYTRACE
char mbuf[2 * DNS_NAME_FORMATSIZE];
char qbuf[DNS_NAME_FORMATSIZE];
+ char iabuf[sizeof(qctx->client->inner.attrs) * 2 + 1] = { 0 };
+ char qabuf[sizeof(qctx->client->query.attrs) * 2 + 1] = { 0 };
if (qctx->client->query.origqname != NULL) {
dns_name_format(qctx->client->query.origqname, qbuf,
snprintf(qbuf, sizeof(qbuf), "<unset>");
}
+ attrs_tohex(iabuf, sizeof(iabuf), (uint8_t *)&qctx->client->inner.attrs,
+ sizeof(qctx->client->inner.attrs));
+ attrs_tohex(qabuf, sizeof(qabuf), (uint8_t *)&qctx->client->query.attrs,
+ sizeof(qctx->client->query.attrs));
+
snprintf(mbuf, sizeof(mbuf) - 1,
- "client attr:0x%x, query attr:0x%X, restarts:%u, "
+ "client attr:0x%s, query attr:0x%s, restarts:%u, "
"origqname:%s, timer:%d, authdb:%d, referral:%d, id:%hu",
- qctx->client->inner.attributes, qctx->client->query.attributes,
- qctx->client->query.restarts, qbuf,
+ iabuf, qabuf, qctx->client->query.restarts, qbuf,
(int)qctx->client->query.timerset,
(int)qctx->client->query.authdbset,
(int)qctx->client->query.isreferral,
qctx->client->message->id);
CCTRACE(ISC_LOG_DEBUG(3), mbuf);
+}
#else /* ifdef WANT_QUERYTRACE */
- UNUSED(qctx);
-#endif /* ifdef WANT_QUERYTRACE */
+static void
+query_trace(query_ctx_t *qctx ISC_ATTR_UNUSED) {
+ /* noop */
}
+#endif /* ifdef WANT_QUERYTRACE */
/*
* Set up query processing for the current query of 'client'.
qctx_reportquery(query_ctx_t *qctx) {
ns_client_t *client = qctx->client;
- client->inner.attributes |= NS_CLIENTATTR_WANTRC;
+ client->inner.wantrc = true;
/* If this isn't a report-logging zone, there's no more to do */
dns_zoneopt_t opts = dns_zone_getoptions(qctx->zone);
* Suppress EDNS Report-Channel in responses from report-
* logging zones; this prevents infinite loops.
*/
- client->inner.attributes &= ~NS_CLIENTATTR_WANTRC;
+ client->inner.wantrc = false;
/* If this isn't an error-report query, there's nothing more to do */
if (client->query.qtype != dns_rdatatype_txt ||
* Check for TCP or a good server cookie. If neither, send
* back BADCOOKIE or TC=1.
*/
- if (!TCP(client) && !HAVECOOKIE(client)) {
- if (WANTCOOKIE(client)) {
- client->inner.attributes |= NS_CLIENTATTR_BADCOOKIE;
+ if (!client->inner.tcp && !client->inner.havecookie) {
+ if (client->inner.wantcookie) {
+ client->inner.badcookie = true;
} else {
- client->inner.attributes |= NS_CLIENTATTR_NEEDTCP;
+ client->inner.needtcp = true;
}
}
ns_client_t *client = qctx->client;
/* Set the client to send a Report-Channel option when replying */
- if ((client->inner.attributes & NS_CLIENTATTR_WANTRC) != 0) {
+ if (client->inner.wantrc) {
dns_fixedname_t fixed;
dns_name_t *rad = dns_fixedname_initname(&fixed);
* cookie was bad then send back BADCOOKIE before we have
* done too much work.
*/
- if (!TCP(qctx->client) &&
- (BADCOOKIE(qctx->client) ||
- (qctx->view->requireservercookie && WANTCOOKIE(qctx->client) &&
- !HAVECOOKIE(qctx->client))))
+ if (!qctx->client->inner.tcp && (qctx->client->inner.badcookie ||
+ (qctx->view->requireservercookie &&
+ qctx->client->inner.wantcookie &&
+ !qctx->client->inner.havecookie)))
{
qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AA;
qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AD;
qctx->client->message->rcode = dns_rcode_badcookie;
- qctx->client->inner.attributes &= ~NS_CLIENTATTR_WANTRC;
+ qctx->client->inner.wantrc = false;
return ns_query_done(qctx);
}
/*
* Respond with TC=1 if we need TCP for this request.
*/
- if (!TCP(qctx->client) && NEEDTCP(qctx->client)) {
+ if (!qctx->client->inner.tcp && qctx->client->inner.needtcp) {
qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AA;
qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AD;
qctx->client->message->flags |= DNS_MESSAGEFLAG_TC;
qctx->qtype, qctx->options, &qctx->zone, &qctx->db,
&qctx->version, &qctx->is_zone);
if ((result != ISC_R_SUCCESS || !qctx->is_zone) &&
- qctx->qtype == dns_rdatatype_ds && !RECURSIONOK(qctx->client) &&
- qctx->options.noexact)
+ qctx->qtype == dns_rdatatype_ds &&
+ !qctx->client->query.recursionok && qctx->options.noexact)
{
/*
* This is a non-recursive QTYPE=DS query with QNAME whose
*/
if (result != ISC_R_SUCCESS) {
if (result == DNS_R_REFUSED) {
- if (WANTRECURSION(qctx->client)) {
+ if (qctx->client->query.wantrecursion) {
dns_ede_add(&qctx->client->edectx,
DNS_EDE_NOTAUTH,
"recursion disabled");
inc_stats(qctx->client,
ns_statscounter_authrej);
}
- if (!PARTIALANSWER(qctx->client)) {
+ if (!qctx->client->query.partialanswer) {
QUERY_ERROR(qctx, DNS_R_REFUSED);
}
} else {
qctx->fname = ns_client_newname(qctx->client, qctx->dbuf, buffer);
qctx->rdataset = ns_client_newrdataset(qctx->client);
- if (WANTDNSSEC(qctx->client) || qctx->findcoveringnsec) {
+ if (qctx->client->inner.wantdnssec || qctx->findcoveringnsec) {
qctx->sigrdataset = ns_client_newrdataset(qctx->client);
}
dns_clientinfomethods_init(&cm, ns_client_sourceip);
dns_clientinfo_init(&ci, qctx->client, NULL);
- if (HAVEECS(qctx->client)) {
+ if (qctx->client->inner.haveecs) {
dns_clientinfo_setecs(&ci, &qctx->client->inner.ecs);
}
* we are allowed to immediately respond with a stale answer if the
* request is within the 'stale-refresh-time' window.
*/
- stale_refresh_window = (STALE_WINDOW(qctx->rdataset) &&
+ stale_refresh_window = (qctx->rdataset->attributes.stale_window &&
(dboptions & DNS_DBFIND_STALEENABLED) != 0);
/*
stale_timeout = ((dboptions & DNS_DBFIND_STALETIMEOUT) != 0);
if (dns_rdataset_isassociated(qctx->rdataset) &&
- dns_rdataset_count(qctx->rdataset) > 0 && !STALE(qctx->rdataset))
+ dns_rdataset_count(qctx->rdataset) > 0 &&
+ !qctx->rdataset->attributes.stale)
{
/* Found non-stale usable rdataset. */
answer_found = true;
if (dns_rdataset_isassociated(qctx->rdataset) &&
dns_rdataset_count(qctx->rdataset) > 0 &&
- STALE(qctx->rdataset))
+ qctx->rdataset->attributes.stale)
{
stale_found = true;
if (result == DNS_R_NCACHENXDOMAIN ||
query_ctx_t qctx;
REQUIRE(NS_CLIENT_VALID(client));
- REQUIRE(RECURSING(client));
+ REQUIRE(client->query.recursing);
CTRACE(ISC_LOG_DEBUG(3), "fetch_callback");
if (client->inner.view->cachedb != NULL &&
client->inner.view->recursion)
{
- client->query.attributes |= NS_QUERYATTR_RECURSIONOK;
+ client->query.recursionok = true;
}
client->query.dboptions &= ~DNS_DBFIND_STALETIMEOUT;
client->query.dboptions &= ~DNS_DBFIND_STALEENABLED;
isc_nmhandle_detach(&HANDLE_RECTYPE_NORMAL(client));
- client->query.attributes &= ~NS_QUERYATTR_RECURSING;
+ client->query.recursing = false;
client->inner.state = NS_CLIENTSTATE_WORKING;
/*
rdataset = ns_client_newrdataset(client);
- if (WANTDNSSEC(client)) {
+ if (client->inner.wantdnssec) {
sigrdataset = ns_client_newrdataset(client);
} else {
sigrdataset = NULL;
ns_client_settimeout(client, 60);
}
- if (!TCP(client)) {
+ if (!client->inner.tcp) {
peeraddr = &client->inner.peeraddr;
}
char qbuf[DNS_NAME_FORMATSIZE];
char tbuf[DNS_RDATATYPE_FORMATSIZE];
#endif /* ifdef WANT_QUERYTRACE */
- bool redirect = REDIRECT(qctx->client);
+ bool redirect = qctx->client->query.is_redirect;
CCTRACE(ISC_LOG_DEBUG(3), "query_resume");
CALL_HOOK(NS_QUERY_RESUME_RESTORED, qctx);
- if (DNS64(qctx->client)) {
- qctx->client->query.attributes &= ~NS_QUERYATTR_DNS64;
+ if (qctx->client->query.dns64) {
+ qctx->client->query.dns64 = false;
qctx->dns64 = true;
}
- if (DNS64EXCLUDE(qctx->client)) {
- qctx->client->query.attributes &= ~NS_QUERYATTR_DNS64EXCLUDE;
+ if (qctx->client->query.dns64exclude) {
+ qctx->client->query.dns64exclude = false;
qctx->dns64_exclude = true;
}
if (result != DNS_R_COVERINGNSEC && result != DNS_R_NXDOMAIN &&
result != DNS_R_NCACHENXDOMAIN)
{
- qctx->client->query.attributes &=
- ~NS_QUERYATTR_REDIRECT;
+ qctx->client->query.is_redirect = false;
}
} else {
result = qctx->fresp->result;
/*
* Typically the runasync() function will trigger recursion, but
- * there is no need to set NS_QUERYATTR_RECURSING. The calling hook
+ * there is no need to set the recursing attribute. The calling hook
* is expected to return NS_HOOK_RETURN, and the RECURSING
* attribute won't be checked anywhere.
*
/*
* The SERVFAIL cache doesn't apply to authoritative queries.
*/
- if (!RECURSIONOK(qctx->client)) {
+ if (!qctx->client->query.recursionok) {
return ISC_R_COMPLETE;
}
}
dns_ede_add(&qctx->client->edectx, DNS_EDE_CACHEDERROR, NULL);
- qctx->client->inner.attributes |= NS_CLIENTATTR_NOSETFC;
+ qctx->client->inner.nosetfc = true;
QUERY_ERROR(qctx, DNS_R_SERVFAIL);
return ns_query_done(qctx);
}
"rrl=%p, HAVECOOKIE=%u, result=%s, "
"fname=%p(%u), is_zone=%u, RECURSIONOK=%u, "
"query.rpz_st=%p(%u), RRL_CHECKED=%u",
- qctx->client->inner.view->rrl, HAVECOOKIE(qctx->client),
+ qctx->client->inner.view->rrl, qctx->client->inner.havecookie,
isc_result_toid(result), qctx->fname,
qctx->fname != NULL ? dns_name_isabsolute(qctx->fname) : 0,
- qctx->is_zone, RECURSIONOK(qctx->client),
+ qctx->is_zone, qctx->client->query.recursionok,
qctx->client->query.rpz_st,
qctx->client->query.rpz_st != NULL
? ((qctx->client->query.rpz_st->state &
DNS_RPZ_REWRITTEN) != 0)
: 0,
- (qctx->client->query.attributes & NS_QUERYATTR_RRL_CHECKED) !=
- 0);
+ qctx->client->query.rrl_checked);
- if (qctx->view->rrl != NULL && !HAVECOOKIE(qctx->client) &&
+ if (qctx->view->rrl != NULL && !qctx->client->inner.havecookie &&
((qctx->fname != NULL && dns_name_isabsolute(qctx->fname)) ||
- (result == ISC_R_NOTFOUND && !RECURSIONOK(qctx->client))) &&
+ (result == ISC_R_NOTFOUND && !qctx->client->query.recursionok)) &&
!(result == ISC_R_NOTFOUND && !qctx->is_zone &&
- RECURSIONOK(qctx->client)) &&
+ qctx->client->query.recursionok) &&
(qctx->client->query.rpz_st == NULL ||
(qctx->client->query.rpz_st->state & DNS_RPZ_REWRITTEN) == 0) &&
- (qctx->client->query.attributes & NS_QUERYATTR_RRL_CHECKED) == 0)
+ !qctx->client->query.rrl_checked)
{
bool wouldlog;
const dns_name_t *constname;
isc_result_t resp_result;
dns_rrl_result_t rrl_result;
- qctx->client->query.attributes |= NS_QUERYATTR_RRL_CHECKED;
+ qctx->client->query.rrl_checked = true;
wouldlog = isc_log_wouldlog(DNS_RRL_LOG_DROP);
constname = qctx->fname;
rrl_result = dns_rrl(
qctx->view, qctx->zone, &qctx->client->inner.peeraddr,
- TCP(qctx->client), qctx->client->message->rdclass,
+ qctx->client->inner.tcp, qctx->client->message->rdclass,
qctx->qtype, constname, resp_result,
qctx->client->inner.now, wouldlog, log_buf,
sizeof(log_buf));
*/
inc_stats(qctx->client,
ns_statscounter_rateslipped);
- if (WANTCOOKIE(qctx->client)) {
+ if (qctx->client->inner.wantcookie) {
qctx->client->message->flags &=
~DNS_MESSAGEFLAG_AA;
qctx->client->message->flags &=
~DNS_MESSAGEFLAG_AD;
qctx->client->message->rcode =
dns_rcode_badcookie;
- qctx->client->inner.attributes &=
- ~NS_CLIENTATTR_WANTRC;
+ qctx->client->inner.wantrc =
+ false;
} else {
qctx->client->message->flags |=
DNS_MESSAGEFLAG_TC;
* recursing for NS names or addresses,
* so save the main query state
*/
- INSIST(!RECURSING(qctx->client));
+ INSIST(!qctx->client->query.recursing);
qctx->rpz_st->q.qtype = qctx->qtype;
qctx->rpz_st->q.is_zone = qctx->is_zone;
qctx->rpz_st->q.authoritative = qctx->authoritative;
qctx->rpz_st->q.sigrdataset = MOVE_OWNERSHIP(qctx->sigrdataset);
dns_name_copy(qctx->fname, qctx->rpz_st->fname);
qctx->rpz_st->q.result = result;
- qctx->client->query.attributes |= NS_QUERYATTR_RECURSING;
+ qctx->client->query.recursing = true;
return ISC_R_COMPLETE;
default:
QUERY_ERROR(qctx, rresult);
if (qctx->rpz_st->m.policy != DNS_RPZ_POLICY_MISS &&
qctx->rpz_st->m.policy != DNS_RPZ_POLICY_PASSTHRU &&
(qctx->rpz_st->m.policy != DNS_RPZ_POLICY_TCP_ONLY ||
- !TCP(qctx->client)) &&
+ !qctx->client->inner.tcp) &&
qctx->rpz_st->m.policy != DNS_RPZ_POLICY_ERROR)
{
/*
* Turn off DNSSEC because the results of a
* response policy zone cannot verify.
*/
- qctx->client->inner.attributes &= ~(NS_CLIENTATTR_WANTDNSSEC |
- NS_CLIENTATTR_WANTAD);
+ qctx->client->inner.wantdnssec = false;
+ qctx->client->inner.wantad = false;
qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AD;
ns_client_putrdataset(qctx->client, &qctx->sigrdataset);
qctx->rpz_st->q.is_zone = qctx->is_zone;
* Turn off DNSSEC because the results of a
* response policy zone cannot verify.
*/
- client->inner.attributes &= ~(NS_CLIENTATTR_WANTDNSSEC |
- NS_CLIENTATTR_WANTAD);
+ client->inner.wantdnssec = false;
+ client->inner.wantad = false;
return ISC_R_SUCCESS;
}
*/
goto root_key_sentinel;
}
- if (RECURSING(qctx->client) && result == DNS_R_DISALLOWED) {
+ if (qctx->client->query.recursing && result == DNS_R_DISALLOWED)
+ {
/*
* We are recursing, and thus RPZ processing is not
* allowed at the moment. This could happen on a
/*
* Don't record this response in the SERVFAIL cache.
*/
- qctx->client->inner.attributes |= NS_CLIENTATTR_NOSETFC;
+ qctx->client->inner.nosetfc = true;
QUERY_ERROR(qctx, DNS_R_SERVFAIL);
return ns_query_done(qctx);
}
*/
dns_rdataset_disassociate(qctx->rdataset);
hidden = true;
- } else if (qctx->view->minimal_any && !TCP(qctx->client) &&
- !WANTDNSSEC(qctx->client) &&
+ } else if (qctx->view->minimal_any &&
+ !qctx->client->inner.tcp &&
+ !qctx->client->inner.wantdnssec &&
qctx->qtype == dns_rdatatype_any &&
(dns_rdatatype_issig(qctx->rdataset->type)))
{
CCTRACE(ISC_LOG_DEBUG(5), "query_respond_any: "
"minimal-any skip signature");
dns_rdataset_disassociate(qctx->rdataset);
- } else if (qctx->view->minimal_any && !TCP(qctx->client) &&
+ } else if (qctx->view->minimal_any &&
+ !qctx->client->inner.tcp &&
onetype != dns_rdatatype_none &&
qctx->rdataset->type != onetype &&
qctx->rdataset->covers != onetype)
qctx->rdataset->type == qctx->qtype) &&
qctx->rdataset->type != 0)
{
- if (NOQNAME(qctx->rdataset) && WANTDNSSEC(qctx->client))
+ if (qctx->rdataset->attributes.noqname &&
+ qctx->client->inner.wantdnssec)
{
qctx->noqname = qctx->rdataset;
} else {
qctx->rpz_st->m.ttl);
}
- if (!qctx->is_zone && RECURSIONOK(qctx->client)) {
+ if (!qctx->is_zone && qctx->client->query.recursionok) {
dns_name_t *name;
name = (qctx->fname != NULL) ? qctx->fname
: qctx->tname;
*/
if (!qctx->is_zone) {
qctx->authoritative = false;
- qctx->client->inner.attributes &= ~NS_CLIENTATTR_RA;
+ qctx->client->inner.ra = false;
query_addauth(qctx);
return ns_query_done(qctx);
}
if (qctx->zone == NULL || !qctx->is_zone ||
qctx->qtype != dns_rdatatype_soa ||
qctx->client->query.restarts != 0 ||
- (qctx->client->inner.attributes & NS_CLIENTATTR_WANTEXPIRE) == 0)
+ !qctx->client->inner.wantexpire)
{
return;
}
if (secs >= qctx->client->inner.now &&
qctx->result == ISC_R_SUCCESS)
{
- qctx->client->inner.attributes |=
- NS_CLIENTATTR_HAVEEXPIRE;
+ qctx->client->inner.haveexpire = true;
qctx->client->inner.expire = secs -
qctx->client->inner.now;
}
RUNTIME_CHECK(result == ISC_R_SUCCESS);
qctx->client->inner.expire = soa.expire;
- qctx->client->inner.attributes |= NS_CLIENTATTR_HAVEEXPIRE;
+ qctx->client->inner.haveexpire = true;
}
if (raw != NULL) {
if (qctx->zone == NULL || !qctx->is_zone ||
qctx->client->query.restarts != 0 ||
- (qctx->client->inner.attributes & NS_CLIENTATTR_WANTZONEVERSION) ==
- 0 ||
- (qctx->client->inner.attributes & NS_CLIENTATTR_HAVEZONEVERSION) !=
- 0)
+ !qctx->client->inner.wantzoneversion ||
+ qctx->client->inner.havezoneversion)
{
return;
}
if (len < 2 || (buf[1] == 0 && len != 6)) {
return;
}
- qctx->client->inner.attributes |=
- NS_CLIENTATTR_HAVEZONEVERSION;
+ qctx->client->inner.havezoneversion = true;
INSIST(qctx->client->inner.zoneversion == NULL);
qctx->client->inner.zoneversion =
isc_mem_get(qctx->client->manager->mctx, len);
qctx->client->query.dns64_aaaaoklen, sizeof(bool));
qctx->client->query.dns64_aaaaoklen = 0;
} else {
- if (!qctx->is_zone && RECURSIONOK(qctx->client)) {
+ if (!qctx->is_zone && qctx->client->query.recursionok) {
query_prefetch(qctx->client, qctx->fname,
qctx->rdataset);
}
- if (WANTDNSSEC(qctx->client) && qctx->sigrdataset != NULL) {
+ if (qctx->client->inner.wantdnssec && qctx->sigrdataset != NULL)
+ {
sigrdatasetp = &qctx->sigrdataset;
}
query_addrrset(qctx, &qctx->fname, &qctx->rdataset,
*/
CALL_HOOK(NS_QUERY_RESPOND_BEGIN, qctx);
- if (NOQNAME(qctx->rdataset) && WANTDNSSEC(qctx->client)) {
+ if (qctx->rdataset->attributes.noqname &&
+ qctx->client->inner.wantdnssec)
+ {
qctx->noqname = qctx->rdataset;
} else {
qctx->noqname = NULL;
* of "minimal-responses" setting.
*/
if (dns_name_equal(qctx->client->query.qname, dns_rootname)) {
- qctx->client->query.attributes &=
- ~NS_QUERYATTR_NOADDITIONAL;
+ qctx->client->query.noadditional = false;
dns_db_attach(qctx->db, &qctx->client->query.gluedb);
}
}
}
if (qctx->rdataset->trust != dns_trust_secure) {
- client->query.attributes &= ~NS_QUERYATTR_SECURE;
+ client->query.secure = false;
}
/*
* We use the signatures from the A lookup to set DNS_DNS64_DNSSEC
* as this provides a easy way to see if the answer was signed.
*/
- if (WANTDNSSEC(qctx->client) && qctx->sigrdataset != NULL &&
+ if (qctx->client->inner.wantdnssec && qctx->sigrdataset != NULL &&
dns_rdataset_isassociated(qctx->sigrdataset))
{
flags |= DNS_DNS64_DNSSEC;
}
- if (RECURSIONOK(client)) {
+ if (client->query.recursionok) {
flags |= DNS_DNS64_RECURSIVE;
}
&dns64_rdataset));
dns_rdataset_setownercase(dns64_rdataset, mname);
- client->query.attributes |= NS_QUERYATTR_NOADDITIONAL;
+ client->query.noadditional = true;
if (client->query.dns64_ttl != UINT32_MAX) {
dns64_rdataset->ttl = ISC_MIN(qctx->rdataset->ttl,
}
if (qctx->rdataset->trust != dns_trust_secure) {
- client->query.attributes &= ~NS_QUERYATTR_SECURE;
+ client->query.secure = false;
}
isc_buffer_allocate(client->manager->mctx, &buffer,
dns_rdatalist_tordataset(myrdatalist, myrdataset);
dns_rdataset_setownercase(myrdataset, mname);
- client->query.attributes |= NS_QUERYATTR_NOADDITIONAL;
+ client->query.noadditional = true;
if (mname == name) {
if (qctx->dbuf != NULL) {
ns_client_keepname(client, name, qctx->dbuf);
* we may have working forwarders, so try to
* recurse anyway.
*/
- if (RECURSIONOK(qctx->client)) {
- INSIST(!REDIRECT(qctx->client));
+ if (qctx->client->query.recursionok) {
+ INSIST(!qctx->client->query.is_redirect);
result = ns_query_recurse(qctx->client, qctx->qtype,
qctx->client->query.qname,
NULL, NULL, qctx->resuming);
if (result == ISC_R_SUCCESS) {
CALL_HOOK(NS_QUERY_NOTFOUND_RECURSE, qctx);
- qctx->client->query.attributes |=
- NS_QUERYATTR_RECURSING;
+ qctx->client->query.recursing = true;
if (qctx->dns64) {
- qctx->client->query.attributes |=
- NS_QUERYATTR_DNS64;
+ qctx->client->query.dns64 = true;
}
if (qctx->dns64_exclude) {
- qctx->client->query.attributes |=
- NS_QUERYATTR_DNS64EXCLUDE;
+ qctx->client->query.dns64exclude = true;
}
} else if (query_usestale(qctx, result)) {
/*
* We must ensure NOADDITIONAL is off, because the generation of
* additional data is required in delegations.
*/
- qctx->client->query.attributes &= ~NS_QUERYATTR_NOADDITIONAL;
- if (WANTDNSSEC(qctx->client) && qctx->sigrdataset != NULL) {
+ qctx->client->query.noadditional = false;
+ if (qctx->client->inner.wantdnssec && qctx->sigrdataset != NULL) {
sigrdatasetp = &qctx->sigrdataset;
}
query_addrrset(qctx, &qctx->fname, &qctx->rdataset, sigrdatasetp,
* If the query type is DS, look to see if we are
* authoritative for the child zone
*/
- if (!RECURSIONOK(qctx->client) &&
+ if (!qctx->client->query.recursionok &&
(qctx->options.noexact && qctx->qtype == dns_rdatatype_ds))
{
dns_db_t *tdb = NULL;
}
}
- if (USECACHE(qctx->client) &&
- (RECURSIONOK(qctx->client) ||
+ if (qctx->client->query.cacheok &&
+ (qctx->client->query.recursionok ||
(qctx->zone != NULL &&
dns_zone_gettype(qctx->zone) == dns_zone_mirror)))
{
CCTRACE(ISC_LOG_DEBUG(3), "query_delegation_recurse");
- if (!RECURSIONOK(qctx->client)) {
+ if (!qctx->client->query.recursionok) {
return ISC_R_COMPLETE;
}
* query_resume() when the recursion is complete.
*/
- INSIST(!REDIRECT(qctx->client));
+ INSIST(!qctx->client->query.is_redirect);
if (dns_rdatatype_atparent(qctx->type)) {
/*
}
if (result == ISC_R_SUCCESS) {
- qctx->client->query.attributes |= NS_QUERYATTR_RECURSING;
+ qctx->client->query.recursing = true;
if (qctx->dns64) {
- qctx->client->query.attributes |= NS_QUERYATTR_DNS64;
+ qctx->client->query.dns64 = true;
}
if (qctx->dns64_exclude) {
- qctx->client->query.attributes |=
- NS_QUERYATTR_DNS64EXCLUDE;
+ qctx->client->query.dns64exclude = true;
}
} else if (query_usestale(qctx, result)) {
/*
/*
* DS not needed.
*/
- if (!WANTDNSSEC(client)) {
+ if (!client->inner.wantdnssec) {
return;
}
return ns_query_done(qctx);
}
if (!dns_rdataset_isassociated(qctx->rdataset) &&
- WANTDNSSEC(qctx->client))
+ qctx->client->inner.wantdnssec)
{
if (!qctx->fname->attributes.wildcard) {
dns_name_t *found;
/*
* Add NSEC record if we found one.
*/
- if (WANTDNSSEC(qctx->client) &&
+ if (qctx->client->inner.wantdnssec &&
dns_rdataset_isassociated(qctx->rdataset))
{
query_addnxrrsetnsec(qctx);
}
}
- if (WANTDNSSEC(qctx->client)) {
+ if (qctx->client->inner.wantdnssec) {
/*
* Add NSEC record if we found one.
*/
* We want the SOA record to be first, so save the
* NODATA proof's name now or else discard it.
*/
- if (WANTDNSSEC(qctx->client)) {
+ if (qctx->client->inner.wantdnssec) {
ns_client_keepname(qctx->client, qctx->fname, qctx->dbuf);
} else {
ns_client_releasename(qctx->client, &qctx->fname);
/*
* Add SOA record. Omit the RRSIG if DNSSEC was not requested.
*/
- if (!WANTDNSSEC(qctx->client)) {
+ if (!qctx->client->inner.wantdnssec) {
sigsoardatasetp = NULL;
}
query_addrrset(qctx, &name, soardatasetp, sigsoardatasetp, dbuf,
DNS_SECTION_AUTHORITY);
- if (WANTDNSSEC(qctx->client)) {
+ if (qctx->client->inner.wantdnssec) {
/*
* Add NODATA proof.
*/
* We want the answer to be first, so save the
* NOQNAME proof's name now or else discard it.
*/
- if (WANTDNSSEC(qctx->client)) {
+ if (qctx->client->inner.wantdnssec) {
ns_client_keepname(qctx->client, qctx->fname, qctx->dbuf);
} else {
ns_client_releasename(qctx->client, &qctx->fname);
/*
* Add answer RRset. Omit the RRSIG if DNSSEC was not requested.
*/
- if (WANTDNSSEC(qctx->client)) {
+ if (qctx->client->inner.wantdnssec) {
clonesigset = ns_client_newrdataset(qctx->client);
dns_rdataset_clone(sigrdataset, clonesigset);
sigrdatasetp = &clonesigset;
query_addrrset(qctx, &name, &cloneset, sigrdatasetp, dbuf,
DNS_SECTION_ANSWER);
- if (WANTDNSSEC(qctx->client)) {
+ if (qctx->client->inner.wantdnssec) {
/*
* Add NOQNAME proof.
*/
RETERR(query_synthwildcard(qctx, rdataset, sigrdataset));
- qctx->client->query.attributes |= NS_QUERYATTR_PARTIALANSWER;
+ qctx->client->query.partialanswer = true;
/*
* Reset qname to be the target name of the CNAME and restart
dns_rdata_freestruct(&cname);
ns_client_qnamereplace(qctx->client, tname);
qctx->want_restart = true;
- if (!WANTRECURSION(qctx->client)) {
+ if (!qctx->client->query.wantrecursion) {
qctx->options.nolog = true;
}
* We want the SOA record to be first, so save the
* NOQNAME proof's name now or else discard it.
*/
- if (WANTDNSSEC(qctx->client)) {
+ if (qctx->client->inner.wantdnssec) {
ns_client_keepname(qctx->client, qctx->fname, qctx->dbuf);
} else {
ns_client_releasename(qctx->client, &qctx->fname);
/*
* Add SOA record. Omit the RRSIG if DNSSEC was not requested.
*/
- if (!WANTDNSSEC(qctx->client)) {
+ if (!qctx->client->inner.wantdnssec) {
sigsoardatasetp = NULL;
}
query_addrrset(qctx, &name, soardatasetp, sigsoardatasetp, dbuf,
DNS_SECTION_AUTHORITY);
- if (WANTDNSSEC(qctx->client)) {
+ if (qctx->client->inner.wantdnssec) {
/*
* Add NOQNAME proof.
*/
{
goto cleanup;
}
- if (!qctx->resuming && !STALE(qctx->rdataset) &&
- qctx->rdataset->ttl == 0 && RECURSIONOK(qctx->client))
+ if (!qctx->resuming && !qctx->rdataset->attributes.stale &&
+ qctx->rdataset->ttl == 0 && qctx->client->query.recursionok)
{
goto cleanup;
}
}
FALLTHROUGH;
case DNS_R_CNAME:
- if (!qctx->resuming && !STALE(&rdataset) && rdataset.ttl == 0 &&
- RECURSIONOK(qctx->client))
+ if (!qctx->resuming && !rdataset.attributes.stale &&
+ rdataset.ttl == 0 && qctx->client->query.recursionok)
{
goto cleanup;
}
}
}
- if (!qctx->is_zone && RECURSIONOK(qctx->client)) {
+ if (!qctx->is_zone && qctx->client->query.recursionok) {
query_stale_refresh_ncache(qctx->client);
}
CCTRACE(ISC_LOG_DEBUG(3), "query_zerottl_refetch");
- if (qctx->is_zone || qctx->resuming || STALE(qctx->rdataset) ||
- qctx->rdataset->ttl != 0 || !RECURSIONOK(qctx->client))
+ if (qctx->is_zone || qctx->resuming ||
+ qctx->rdataset->attributes.stale || qctx->rdataset->ttl != 0 ||
+ !qctx->client->query.recursionok)
{
return ISC_R_COMPLETE;
}
qctx_clean(qctx);
- INSIST(!REDIRECT(qctx->client));
+ INSIST(!qctx->client->query.is_redirect);
result = ns_query_recurse(qctx->client, qctx->qtype,
qctx->client->query.qname, NULL, NULL,
qctx->resuming);
if (result == ISC_R_SUCCESS) {
CALL_HOOK(NS_QUERY_ZEROTTL_RECURSE, qctx);
- qctx->client->query.attributes |= NS_QUERYATTR_RECURSING;
+ qctx->client->query.recursing = true;
if (qctx->dns64) {
- qctx->client->query.attributes |= NS_QUERYATTR_DNS64;
+ qctx->client->query.dns64 = true;
}
if (qctx->dns64_exclude) {
- qctx->client->query.attributes |=
- NS_QUERYATTR_DNS64EXCLUDE;
+ qctx->client->query.dns64exclude = true;
}
} else {
/*
/*
* Add the CNAME to the answer section.
*/
- if (WANTDNSSEC(qctx->client) && qctx->sigrdataset != NULL) {
+ if (qctx->client->inner.wantdnssec && qctx->sigrdataset != NULL) {
sigrdatasetp = &qctx->sigrdataset;
}
- if (WANTDNSSEC(qctx->client) && qctx->fname->attributes.wildcard) {
+ if (qctx->client->inner.wantdnssec && qctx->fname->attributes.wildcard)
+ {
dns_fixedname_init(&qctx->wildcardname);
dns_name_copy(qctx->fname,
dns_fixedname_name(&qctx->wildcardname));
qctx->need_wildcardproof = true;
}
- if (NOQNAME(qctx->rdataset) && WANTDNSSEC(qctx->client)) {
+ if (qctx->rdataset->attributes.noqname &&
+ qctx->client->inner.wantdnssec)
+ {
qctx->noqname = qctx->rdataset;
} else {
qctx->noqname = NULL;
}
- if (!qctx->is_zone && RECURSIONOK(qctx->client)) {
+ if (!qctx->is_zone && qctx->client->query.recursionok) {
query_prefetch(qctx->client, qctx->fname, qctx->rdataset);
}
* We set the PARTIALANSWER attribute so that if anything goes
* wrong later on, we'll return what we've got so far.
*/
- qctx->client->query.attributes |= NS_QUERYATTR_PARTIALANSWER;
+ qctx->client->query.partialanswer = true;
/*
* Reset qname to be the target name of the CNAME and restart
ns_client_qnamereplace(qctx->client, tname);
qctx->want_restart = true;
- if (!WANTRECURSION(qctx->client)) {
+ if (!qctx->client->query.wantrecursion) {
qctx->options.nolog = true;
}
/*
* Add the DNAME to the answer section.
*/
- if (WANTDNSSEC(qctx->client) && qctx->sigrdataset != NULL) {
+ if (qctx->client->inner.wantdnssec && qctx->sigrdataset != NULL) {
sigrdatasetp = &qctx->sigrdataset;
}
- if (WANTDNSSEC(qctx->client) && qctx->fname->attributes.wildcard) {
+ if (qctx->client->inner.wantdnssec && qctx->fname->attributes.wildcard)
+ {
dns_fixedname_init(&qctx->wildcardname);
dns_name_copy(qctx->fname,
dns_fixedname_name(&qctx->wildcardname));
qctx->need_wildcardproof = true;
}
- if (!qctx->is_zone && RECURSIONOK(qctx->client)) {
+ if (!qctx->is_zone && qctx->client->query.recursionok) {
query_prefetch(qctx->client, qctx->fname, qctx->rdataset);
}
query_addrrset(qctx, &qctx->fname, &qctx->rdataset, sigrdatasetp,
* We set the PARTIALANSWER attribute so that if anything goes
* wrong later on, we'll return what we've got so far.
*/
- qctx->client->query.attributes |= NS_QUERYATTR_PARTIALANSWER;
+ qctx->client->query.partialanswer = true;
/*
* Get the target name of the DNAME.
ns_client_qnamereplace(qctx->client, qctx->fname);
qctx->fname = NULL;
qctx->want_restart = true;
- if (!WANTRECURSION(qctx->client)) {
+ if (!qctx->client->query.wantrecursion) {
qctx->options.nolog = true;
}
}
CALL_HOOK(NS_QUERY_PREP_RESPONSE_BEGIN, qctx);
- if (WANTDNSSEC(qctx->client) && qctx->fname->attributes.wildcard) {
+ if (qctx->client->inner.wantdnssec && qctx->fname->attributes.wildcard)
+ {
dns_fixedname_init(&qctx->wildcardname);
dns_name_copy(qctx->fname,
dns_fixedname_name(&qctx->wildcardname));
* Don't add the SOA record for test which set "-T nosoa".
*/
if (((client->manager->sctx->options & NS_SERVER_NOSOA) != 0) &&
- (!WANTDNSSEC(client) || !dns_rdataset_isassociated(qctx->rdataset)))
+ (!client->inner.wantdnssec ||
+ !dns_rdataset_isassociated(qctx->rdataset)))
{
return ISC_R_SUCCESS;
}
dns_name_clone(dns_db_origin(qctx->db), name);
rdataset = ns_client_newrdataset(client);
- if (WANTDNSSEC(client) && dns_db_issecure(qctx->db)) {
+ if (client->inner.wantdnssec && dns_db_issecure(qctx->db)) {
sigrdataset = ns_client_newrdataset(client);
}
dns_name_clone(dns_db_origin(qctx->db), name);
rdataset = ns_client_newrdataset(client);
- if (WANTDNSSEC(client) && dns_db_issecure(qctx->db)) {
+ if (client->inner.wantdnssec && dns_db_issecure(qctx->db)) {
sigrdataset = ns_client_newrdataset(client);
}
&qname);
continue;
}
- if (!USECACHE(client)) {
+ if (!client->query.cacheok) {
goto cleanup;
}
dns_db_attach(client->inner.view->cachedb, &db);
* Get the RRSIGs if the client requested them or if we may
* need to validate answers from the cache.
*/
- if (WANTDNSSEC(client) || !is_zone) {
+ if (client->inner.wantdnssec || !is_zone) {
sigrdataset = ns_client_newrdataset(client);
}
if (result != DNS_R_DELEGATION) {
goto cleanup;
}
- if (USECACHE(client)) {
+ if (client->query.cacheok) {
ns_client_keepname(client, fname, dbuf);
dns_db_detachnode(&node);
zdb = MOVE_OWNERSHIP(db);
* If the answer is secure only add NS records if they are secure
* when the client may be looking for AD in the response.
*/
- if (SECURE(client) && (WANTDNSSEC(client) || WANTAD(client)) &&
+ if (client->query.secure &&
+ (client->inner.wantdnssec || client->inner.wantad) &&
((rdataset->trust != dns_trust_secure) ||
(sigrdataset != NULL && sigrdataset->trust != dns_trust_secure)))
{
* If the client doesn't want DNSSEC we can discard the sigrdataset
* now.
*/
- if (!WANTDNSSEC(client)) {
+ if (!client->inner.wantdnssec) {
ns_client_putrdataset(client, &sigrdataset);
}
* Add NS records to the authority section (if we haven't already
* added them to the answer section).
*/
- if (!qctx->want_restart && !NOAUTHORITY(qctx->client)) {
+ if (!qctx->want_restart && !qctx->client->query.noauthority) {
if (qctx->is_zone) {
if (!qctx->answer_has_ns) {
(void)query_addns(qctx);
*/
if (qctx->client->query.restarts == 0 && !qctx->authoritative) {
qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AA;
- qctx->client->inner.attributes &= ~NS_CLIENTATTR_WANTRC;
+ qctx->client->inner.wantrc = false;
}
/*
/*
* This is e.g. a long CNAME chain which we cut short.
*/
- qctx->client->query.attributes |=
- NS_QUERYATTR_PARTIALANSWER;
+ qctx->client->query.partialanswer = true;
qctx->client->message->rcode = dns_rcode_servfail;
qctx->result = DNS_R_SERVFAIL;
}
if (qctx->result != ISC_R_SUCCESS &&
- (!PARTIALANSWER(qctx->client) ||
- (WANTRECURSION(qctx->client) && !partial_result_with_servfail) ||
+ (!qctx->client->query.partialanswer ||
+ (qctx->client->query.wantrecursion &&
+ !partial_result_with_servfail) ||
qctx->result == DNS_R_DROP))
{
if (qctx->result == DNS_R_DUPLICATE ||
* If we're recursing then just return; the query will
* resume when recursion ends.
*/
- if (RECURSING(qctx->client) &&
+ if (qctx->client->query.recursing &&
(!QUERY_STALETIMEOUT(&qctx->client->query) ||
qctx->options.stalefirst))
{
dns_rdatatype_format(rdataset->type, typebuf, sizeof(typebuf));
isc_sockaddr_format(&client->inner.destsockaddr, sabuf, sizeof(sabuf));
- if (HAVEECS(client)) {
+ if (client->inner.haveecs) {
ns_client_log_ecs(client, ecsbuf, sizeof(ecsbuf));
}
ns_client_log_flags(client, flags, extflags, flagsbuf,
client->inner.cleanup = query_cleanup;
if ((message->flags & DNS_MESSAGEFLAG_RD) != 0) {
- client->query.attributes |= NS_QUERYATTR_WANTRECURSION;
+ client->query.wantrecursion = true;
}
if ((client->inner.extflags & DNS_MESSAGEEXTFLAG_DO) != 0) {
- client->inner.attributes |= NS_CLIENTATTR_WANTDNSSEC;
+ client->inner.wantdnssec = true;
}
switch (client->inner.view->minimalresponses) {
case dns_minimal_no:
break;
case dns_minimal_yes:
- client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
- NS_QUERYATTR_NOADDITIONAL);
+ client->query.noauthority = true;
+ client->query.noadditional = true;
break;
case dns_minimal_noauth:
- client->query.attributes |= NS_QUERYATTR_NOAUTHORITY;
+ client->query.noauthority = true;
break;
case dns_minimal_noauthrec:
if ((message->flags & DNS_MESSAGEFLAG_RD) != 0) {
- client->query.attributes |= NS_QUERYATTR_NOAUTHORITY;
+ client->query.noauthority = true;
}
break;
}
* We don't have a cache. Turn off cache support and
* recursion.
*/
- client->query.attributes &= ~(NS_QUERYATTR_RECURSIONOK |
- NS_QUERYATTR_CACHEOK);
- client->inner.attributes |= NS_CLIENTATTR_NOSETFC;
- } else if ((client->inner.attributes & NS_CLIENTATTR_RA) == 0 ||
+ client->query.recursionok = false;
+ client->query.cacheok = false;
+ client->inner.nosetfc = true;
+ } else if (!client->inner.ra ||
(message->flags & DNS_MESSAGEFLAG_RD) == 0)
{
/*
* lack of a resolver in this view), or if it
* doesn't want recursion, turn recursion off.
*/
- client->query.attributes &= ~NS_QUERYATTR_RECURSIONOK;
- client->inner.attributes |= NS_CLIENTATTR_NOSETFC;
+ client->query.recursionok = false;
+ client->inner.nosetfc = true;
}
/*
* Turn on minimal response for (C)DNSKEY and (C)DS queries.
*/
if (dns_rdatatype_iskeymaterial(qtype) || qtype == dns_rdatatype_ds) {
- client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
- NS_QUERYATTR_NOADDITIONAL);
+ client->query.noauthority = true;
+ client->query.noadditional = true;
} else if (qtype == dns_rdatatype_ns) {
/*
* Always turn on additional records for NS queries.
*/
- client->query.attributes &= ~(NS_QUERYATTR_NOAUTHORITY |
- NS_QUERYATTR_NOADDITIONAL);
+ client->query.noauthority = false;
+ client->query.noadditional = false;
}
/*
* Maybe turn on minimal responses for ANY queries.
*/
if (qtype == dns_rdatatype_any && client->inner.view->minimal_any &&
- !TCP(client))
+ !client->inner.tcp)
{
- client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
- NS_QUERYATTR_NOADDITIONAL);
+ client->query.noauthority = true;
+ client->query.noadditional = true;
}
/*
* Turn on minimal responses for EDNS/UDP bufsize 512 queries.
*/
if (client->inner.ednsversion >= 0 && client->inner.udpsize <= 512U &&
- !TCP(client))
+ !client->inner.tcp)
{
- client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
- NS_QUERYATTR_NOADDITIONAL);
+ client->query.noauthority = true;
+ client->query.noadditional = true;
}
/*
* if the answer is secure.
*/
if ((message->flags & DNS_MESSAGEFLAG_CD) != 0) {
- client->query.attributes &= ~NS_QUERYATTR_SECURE;
+ client->query.secure = false;
}
/*
- * Set NS_CLIENTATTR_WANTAD if the client has set AD in the query.
+ * Set wantad if the client has set AD in the query.
* This allows AD to be returned on queries without DO set.
*/
if ((message->flags & DNS_MESSAGEFLAG_AD) != 0) {
- client->inner.attributes |= NS_CLIENTATTR_WANTAD;
+ client->inner.wantad = true;
}
/*
* Set AD. We must clear it if we add non-validated data to a
* response.
*/
- if (WANTDNSSEC(client) || WANTAD(client)) {
+ if (client->inner.wantdnssec || client->inner.wantad) {
message->flags |= DNS_MESSAGEFLAG_AD;
}