apply max-recursion-queries quota to validator queries

author Evan Hunt <each@isc.org>

Wed, 22 May 2024 22:17:47 +0000 (15:17 -0700)

committer Evan Hunt <each@isc.org>

Wed, 7 Aug 2024 21:12:34 +0000 (21:12 +0000)
author Evan Hunt <each@isc.org>
Wed, 22 May 2024 22:17:47 +0000 (15:17 -0700)
committer Evan Hunt <each@isc.org>
Wed, 7 Aug 2024 21:12:34 +0000 (21:12 +0000)
diff --git a/lib/dns/include/dns/validator.h b/lib/dns/include/dns/validator.h

index c68c5555b99608d855da1449ef74d92cc6a476eb..02058d115b374a16ea966d2a7a9dbd732c54e794 100644 (file)
--- a/lib/dns/include/dns/validator.h
+++ b/lib/dns/include/dns/validator.h
@@ -146,12 +146,13 @@ struct dns_validator {
         unsigned int  authfail;
         isc_stdtime_t start;
  
-       bool        digest_sha1;
-       bool        supported_algorithm;
-       dns_rdata_t rdata;
-       bool        resume;
-       uint32_t   *nvalidations;
-       uint32_t   *nfails;
+       bool           digest_sha1;
+       bool           supported_algorithm;
+       dns_rdata_t    rdata;
+       bool           resume;
+       uint32_t      *nvalidations;
+       uint32_t      *nfails;
+       isc_counter_t *qc;
  };
  
  /*%
@@ -170,7 +171,7 @@ dns_validator_create(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type,
                      dns_message_t *message, unsigned int options,
                      isc_loop_t *loop, isc_job_cb cb, void *arg,
                      uint32_t *nvalidations, uint32_t *nfails,
-                    dns_validator_t **validatorp);
+                    isc_counter_t *qc, dns_validator_t **validatorp);
  /*%<
   * Start a DNSSEC validation.
   *
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c

index ee85b1e0170385f4f9ba25a284230ffc93bef771..a7eb821ced47be122f83065a262f72d8a2887413 100644 (file)
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -991,7 +991,7 @@ valcreate(fetchctx_t *fctx, dns_message_t *message, dns_adbaddrinfo_t *addrinfo,
         result = dns_validator_create(
                 fctx->res->view, name, type, rdataset, sigrdataset, message,
                 valoptions, fctx->loop, validated, valarg, &fctx->nvalidations,
-               &fctx->nfails, &validator);
+               &fctx->nfails, fctx->qc, &validator);
         RUNTIME_CHECK(result == ISC_R_SUCCESS);
         inc_stats(fctx->res, dns_resstatscounter_val);
         if ((valoptions & DNS_VALIDATOR_DEFER) == 0) {
diff --git a/lib/dns/validator.c b/lib/dns/validator.c

index 7c4135b61cba9aab7814d1def421b159dda0e97f..814551d759e77993ef502e9218c45b4fbac6ad97 100644 (file)
--- a/lib/dns/validator.c
+++ b/lib/dns/validator.c
@@ -16,6 +16,7 @@
  
  #include <isc/async.h>
  #include <isc/base32.h>
+#include <isc/counter.h>
  #include <isc/job.h>
  #include <isc/md.h>
  #include <isc/mem.h>
@@ -974,9 +975,10 @@ create_validator(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type,
                   (DNS_VALIDATOR_NOCDFLAG | DNS_VALIDATOR_NONTA));
  
         validator_logcreate(val, name, type, caller, "validator");
-       result = dns_validator_create(
-               val->view, name, type, rdataset, sig, NULL, vopts, val->loop,
-               cb, val, val->nvalidations, val->nfails, &val->subvalidator);
+       result = dns_validator_create(val->view, name, type, rdataset, sig,
+                                     NULL, vopts, val->loop, cb, val,
+                                     val->nvalidations, val->nfails, val->qc,
+                                     &val->subvalidator);
         if (result == ISC_R_SUCCESS) {
                 dns_validator_attach(val, &val->subvalidator->parent);
                 val->subvalidator->depth = val->depth + 1;
@@ -3355,7 +3357,7 @@ dns_validator_create(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type,
                      dns_message_t *message, unsigned int options,
                      isc_loop_t *loop, isc_job_cb cb, void *arg,
                      uint32_t *nvalidations, uint32_t *nfails,
-                    dns_validator_t **validatorp) {
+                    isc_counter_t *qc, dns_validator_t **validatorp) {
         isc_result_t result = ISC_R_FAILURE;
         dns_validator_t *val = NULL;
         dns_keytable_t *kt = NULL;
@@ -3395,6 +3397,10 @@ dns_validator_create(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type,
                 dns_message_attach(message, &val->message);
         }
  
+       if (qc != NULL) {
+               isc_counter_attach(qc, &val->qc);
+       }
+
         val->mustbesecure = dns_resolver_getmustbesecure(view->resolver, name);
         dns_rdataset_init(&val->fdsset);
         dns_rdataset_init(&val->frdataset);
@@ -3470,6 +3476,9 @@ destroy_validator(dns_validator_t *val) {
         if (val->message != NULL) {
                 dns_message_detach(&val->message);
         }
+       if (val->qc != NULL) {
+               isc_counter_detach(&val->qc);
+       }
         dns_view_detach(&val->view);
         isc_mem_put(mctx, val, sizeof(*val));
  }
author	Evan Hunt <each@isc.org>
	Wed, 22 May 2024 22:17:47 +0000 (15:17 -0700)
committer	Evan Hunt <each@isc.org>
	Wed, 7 Aug 2024 21:12:34 +0000 (21:12 +0000)
lib/dns/include/dns/validator.h		patch \| blob \| blame \| history
lib/dns/resolver.c		patch \| blob \| blame \| history
lib/dns/validator.c		patch \| blob \| blame \| history