From: Ondřej Surý Date: Sat, 21 Mar 2026 16:13:56 +0000 (+0100) Subject: Replace query and client attribute bitfield with named bools X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=430ce335ad2a5032aedec8d5e138785035d4e58c;p=thirdparty%2Fbind9.git Replace query and client attribute bitfield with named bools Replace the unsigned int attributes field in struct ns_query with individual bool bitfields. This removes the NS_QUERYATTR_* constants and the 12 accessor macros (USECACHE, RECURSIONOK, RECURSING, etc.) from query.c, replacing all bit manipulation with direct bool access. And replace the unsigned int attributes field in struct ns_client_inner with individual bool bitfields. This removes the NS_CLIENTATTR_* constants and the accessor macros (TCP, WANTDNSSEC, etc.), replacing all bit manipulation with direct bool access. --- diff --git a/bin/plugins/filter-a.c b/bin/plugins/filter-a.c index d7230cf65ed..706ef25a999 100644 --- a/bin/plugins/filter-a.c +++ b/bin/plugins/filter-a.c @@ -87,12 +87,6 @@ typedef struct filter_instance { #define FILTER_A_RECURSING 0x0001 /* Recursing for AAAA */ #define FILTER_A_FILTERED 0x0002 /* A was removed from answer */ -/* - * Client attribute tests. - */ -#define WANTDNSSEC(c) (((c)->inner.attributes & NS_CLIENTATTR_WANTDNSSEC) != 0) -#define RECURSIONOK(c) (((c)->query.attributes & NS_QUERYATTR_RECURSIONOK) != 0) - /* * Forward declarations of functions referenced in install_hooks(). */ @@ -533,7 +527,7 @@ process_name(query_ctx_t *qctx, filter_a_t mode, const dns_name_t *name, (void)dns_message_findtype(n, dns_rdatatype_rrsig, type, &sigrdataset); if (rdataset != NULL && - (sigrdataset == NULL || !WANTDNSSEC(qctx->client) || + (sigrdataset == NULL || !qctx->client->inner.wantdnssec || mode == BREAK_DNSSEC)) { /* @@ -683,7 +677,7 @@ filter_respond_begin(void *arg, void *cbdata, isc_result_t *resp) { if (client_state->mode != BREAK_DNSSEC && (client_state->mode != FILTER || - (WANTDNSSEC(qctx->client) && qctx->sigrdataset != NULL && + (qctx->client->inner.wantdnssec && qctx->sigrdataset != NULL && dns_rdataset_isassociated(qctx->sigrdataset)))) { return NS_HOOK_CONTINUE; @@ -717,7 +711,8 @@ filter_respond_begin(void *arg, void *cbdata, isc_result_t *resp) { mark_as_rendered(qctx->rdataset, qctx->sigrdataset); qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AD; client_state->flags |= FILTER_A_FILTERED; - } else if (!qctx->authoritative && RECURSIONOK(qctx->client) && + } else if (!qctx->authoritative && + qctx->client->query.recursionok && (result == DNS_R_DELEGATION || result == ISC_R_NOTFOUND)) { @@ -735,8 +730,7 @@ filter_respond_begin(void *arg, void *cbdata, isc_result_t *resp) { NULL, NULL, qctx->resuming); if (result == ISC_R_SUCCESS) { client_state->flags |= FILTER_A_RECURSING; - qctx->client->query.attributes |= - NS_QUERYATTR_RECURSING; + qctx->client->query.recursing = true; } } } else if (qctx->qtype == dns_rdatatype_aaaa && diff --git a/bin/plugins/filter-aaaa.c b/bin/plugins/filter-aaaa.c index b698ede7a15..a6e3684a341 100644 --- a/bin/plugins/filter-aaaa.c +++ b/bin/plugins/filter-aaaa.c @@ -87,12 +87,6 @@ typedef struct filter_instance { #define FILTER_AAAA_RECURSING 0x0001 /* Recursing for A */ #define FILTER_AAAA_FILTERED 0x0002 /* AAAA was removed from answer */ -/* - * Client attribute tests. - */ -#define WANTDNSSEC(c) (((c)->inner.attributes & NS_CLIENTATTR_WANTDNSSEC) != 0) -#define RECURSIONOK(c) (((c)->query.attributes & NS_QUERYATTR_RECURSIONOK) != 0) - /* * Forward declarations of functions referenced in install_hooks(). */ @@ -537,7 +531,7 @@ process_name(query_ctx_t *qctx, filter_aaaa_t mode, const dns_name_t *name, (void)dns_message_findtype(n, dns_rdatatype_rrsig, type, &sigrdataset); if (rdataset != NULL && - (sigrdataset == NULL || !WANTDNSSEC(qctx->client) || + (sigrdataset == NULL || !qctx->client->inner.wantdnssec || mode == BREAK_DNSSEC)) { /* @@ -687,7 +681,7 @@ filter_respond_begin(void *arg, void *cbdata, isc_result_t *resp) { if (client_state->mode != BREAK_DNSSEC && (client_state->mode != FILTER || - (WANTDNSSEC(qctx->client) && qctx->sigrdataset != NULL && + (qctx->client->inner.wantdnssec && qctx->sigrdataset != NULL && dns_rdataset_isassociated(qctx->sigrdataset)))) { return NS_HOOK_CONTINUE; @@ -721,7 +715,8 @@ filter_respond_begin(void *arg, void *cbdata, isc_result_t *resp) { mark_as_rendered(qctx->rdataset, qctx->sigrdataset); qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AD; client_state->flags |= FILTER_AAAA_FILTERED; - } else if (!qctx->authoritative && RECURSIONOK(qctx->client) && + } else if (!qctx->authoritative && + qctx->client->query.recursionok && (result == DNS_R_DELEGATION || result == ISC_R_NOTFOUND)) { @@ -738,8 +733,7 @@ filter_respond_begin(void *arg, void *cbdata, isc_result_t *resp) { NULL, NULL, qctx->resuming); if (result == ISC_R_SUCCESS) { client_state->flags |= FILTER_AAAA_RECURSING; - qctx->client->query.attributes |= - NS_QUERYATTR_RECURSING; + qctx->client->query.recursing = true; } } } else if (qctx->qtype == dns_rdatatype_a && diff --git a/lib/ns/client.c b/lib/ns/client.c index 7c38b2a4b0e..a767c351525 100644 --- a/lib/ns/client.c +++ b/lib/ns/client.c @@ -86,28 +86,17 @@ #define CTRACE(m) \ ns_client_log(client, NS_LOGCATEGORY_CLIENT, NS_LOGMODULE_CLIENT, \ ISC_LOG_DEBUG(3), "%s", (m)) -#define MTRACE(m) \ - isc_log_write(ns_lctx, NS_LOGCATEGORY_CLIENT, NS_LOGMODULE_CLIENT, \ +#define MTRACE(m) \ + isc_log_write(NS_LOGCATEGORY_CLIENT, NS_LOGMODULE_CLIENT, \ ISC_LOG_DEBUG(3), "clientmgr @%p: %s", manager, (m)) #else /* ifdef NS_CLIENT_TRACE */ #define CTRACE(m) ((void)(m)) #define MTRACE(m) ((void)(m)) #endif /* ifdef NS_CLIENT_TRACE */ -#define TCP_CLIENT(c) (((c)->inner.attributes & NS_CLIENTATTR_TCP) != 0) - #define COOKIE_SIZE 24U /* 8 + 4 + 4 + 8 */ #define ECS_SIZE 20U /* 2 + 1 + 1 + [0..16] */ -#define USEKEEPALIVE(x) \ - (((x)->inner.attributes & NS_CLIENTATTR_USEKEEPALIVE) != 0) -#define WANTEXPIRE(x) (((x)->inner.attributes & NS_CLIENTATTR_WANTEXPIRE) != 0) -#define WANTNSID(x) (((x)->inner.attributes & NS_CLIENTATTR_WANTNSID) != 0) -#define WANTPAD(x) (((x)->inner.attributes & NS_CLIENTATTR_WANTPAD) != 0) -#define WANTRC(x) (((x)->inner.attributes & NS_CLIENTATTR_WANTRC) != 0) -#define WANTZONEVERSION(x) \ - (((x)->inner.attributes & NS_CLIENTATTR_WANTZONEVERSION) != 0) - #define MANAGER_MAGIC ISC_MAGIC('N', 'S', 'C', 'm') #define VALID_MANAGER(m) ISC_MAGIC_VALID(m, MANAGER_MAGIC) @@ -151,7 +140,7 @@ ns_client_transport_type(const ns_client_t *client) { * * When DoQ support this had to be removed to get correct DoQ entries. */ - if (!TCP_CLIENT(client)) { + if (!client->inner.tcp) { return DNS_TRANSPORT_UDP; } @@ -282,9 +271,13 @@ ns_client_endrequest(ns_client_t *client) { dns_message_reset(client->message, DNS_MESSAGE_INTENTPARSE); /* - * Clear all client attributes that are specific to the request + * Clear all client attributes that are specific to the request, + * but keep the async attribute needed for reseting the async + * state later. */ - client->inner.attributes = 0; + bool async = client->inner.async; + memset(&client->inner.attrs, 0, sizeof(client->inner.attrs)); + client->inner.async = async; #ifdef ENABLE_AFL if (client->manager->sctx->fuzznotify != NULL && (client->manager->sctx->fuzztype == isc_fuzz_client || @@ -345,11 +338,11 @@ client_senddone(isc_nmhandle_t *handle, isc_result_t result, void *cbarg) { isc_histomulti_detach(&hmpin); } } else { - if (!TCP_CLIENT(client) && result == ISC_R_MAXSIZE) { + if (!client->inner.tcp && result == ISC_R_MAXSIZE) { ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3), "send exceeded maximum size: truncating"); - client->query.attributes &= ~NS_QUERYATTR_ANSWERED; + client->query.answered = false; client->inner.rcode_override = dns_rcode_noerror; ns_client_error(client, ISC_R_MAXSIZE); } else { @@ -395,14 +388,13 @@ client_allocsendbuf(ns_client_t *client, isc_buffer_t *buffer, REQUIRE(datap != NULL); - if (TCP_CLIENT(client)) { + if (client->inner.tcp) { client_setup_tcp_buffer(client); data = client->inner.tcpbuf; isc_buffer_init(buffer, data, client->inner.tcpbuf_size); } else { data = client->sendbuf; - if ((client->inner.attributes & NS_CLIENTATTR_HAVECOOKIE) == 0) - { + if (!client->inner.havecookie) { if (client->inner.view != NULL) { bufsize = client->inner.view->nocookieudp; } else { @@ -582,7 +574,7 @@ ns_client_send(ns_client_t *client) { REQUIRE(NS_CLIENT_VALID(client)); - if ((client->query.attributes & NS_QUERYATTR_ANSWERED) != 0) { + if (client->query.answered) { return; } @@ -595,13 +587,11 @@ ns_client_send(ns_client_t *client) { CTRACE("send"); - if (client->message->opcode == dns_opcode_query && - (client->inner.attributes & NS_CLIENTATTR_RA) != 0) - { + if (client->message->opcode == dns_opcode_query && client->inner.ra) { client->message->flags |= DNS_MESSAGEFLAG_RA; } - if ((client->inner.attributes & NS_CLIENTATTR_WANTDNSSEC) != 0) { + if (client->inner.wantdnssec) { render_opts = 0; } else { render_opts = DNS_MESSAGERENDER_OMITDNSSEC; @@ -628,7 +618,7 @@ ns_client_send(ns_client_t *client) { /* * Create an OPT for our reply. */ - if ((client->inner.attributes & NS_CLIENTATTR_WANTOPT) != 0) { + if (client->inner.wantopt) { CHECK(ns_client_addopt(client, client->message)); opt_included = true; } @@ -738,7 +728,7 @@ renderend: if (client->inner.sendcb != NULL) { client->inner.sendcb(&buffer); - } else if (TCP_CLIENT(client)) { + } else if (client->inner.tcp) { isc_buffer_usedregion(&buffer, &r); #ifdef HAVE_DNSTAP if (client->inner.view != NULL) { @@ -822,7 +812,7 @@ renderend: ns_statscounter_truncatedresp); } - client->query.attributes |= NS_QUERYATTR_ANSWERED; + client->query.answered = true; return; @@ -927,11 +917,11 @@ ns_client_error(ns_client_t *client, isc_result_t result) { loglevel = ISC_LOG_DEBUG(1); } wouldlog = isc_log_wouldlog(loglevel); - rrl_result = dns_rrl( - client->inner.view, NULL, &client->inner.peeraddr, - TCP_CLIENT(client), dns_rdataclass_in, - dns_rdatatype_none, NULL, result, client->inner.now, - wouldlog, log_buf, sizeof(log_buf)); + rrl_result = dns_rrl(client->inner.view, NULL, + &client->inner.peeraddr, client->inner.tcp, + dns_rdataclass_in, dns_rdatatype_none, + NULL, result, client->inner.now, wouldlog, + log_buf, sizeof(log_buf)); if (rrl_result != DNS_RRL_RESULT_OK) { /* * Log dropped errors in the query-errors category @@ -1021,8 +1011,7 @@ ns_client_error(ns_client_t *client, isc_result_t result) { client->inner.formerrcache.id = message->id; } else if (rcode == dns_rcode_servfail && client->query.qname != NULL && client->inner.view != NULL && - client->inner.view->fail_ttl != 0 && - ((client->inner.attributes & NS_CLIENTATTR_NOSETFC) == 0)) + client->inner.view->fail_ttl != 0 && !client->inner.nosetfc) { /* * SERVFAIL caching: store qname/qtype of failed queries @@ -1078,7 +1067,7 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message) { dns_message_ednsinit(message, 0, udpsize, flags, 0); /* Set EDNS options if applicable */ - if (WANTNSID(client)) { + if (client->inner.wantnsid) { char nsid[_POSIX_HOST_NAME_MAX + 1]; char *nsidp = NULL; @@ -1099,7 +1088,7 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message) { } } - if ((client->inner.attributes & NS_CLIENTATTR_WANTCOOKIE) != 0) { + if (client->inner.wantcookie) { isc_buffer_t buf; isc_stdtime_t now = isc_stdtime_now(); @@ -1114,7 +1103,7 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message) { RETERR(dns_message_ednsaddopt(message, &option)); } - if ((client->inner.attributes & NS_CLIENTATTR_HAVEEXPIRE) != 0) { + if (client->inner.haveexpire) { isc_buffer_t buf; isc_buffer_init(&buf, expire, sizeof(expire)); @@ -1126,7 +1115,7 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message) { RETERR(dns_message_ednsaddopt(message, &option)); } - if (((client->inner.attributes & NS_CLIENTATTR_HAVEECS) != 0) && + if (client->inner.haveecs && (client->inner.ecs.addr.family == AF_INET || client->inner.ecs.addr.family == AF_INET6)) { @@ -1180,7 +1169,7 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message) { RETERR(dns_message_ednsaddopt(message, &option)); } - if (TCP_CLIENT(client) && USEKEEPALIVE(client)) { + if (client->inner.tcp && client->inner.usekeepalive) { uint32_t advertised_timeout = isc_nm_getadvertisedtimeout(); isc_buffer_t buf; @@ -1206,7 +1195,7 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message) { .value = ede->value }; RETERR(dns_message_ednsaddopt(message, &option)); } - if ((client->inner.attributes & NS_CLIENTATTR_HAVEZONEVERSION) != 0) { + if (client->inner.havezoneversion) { dns_ednsopt_t option = { .code = DNS_OPT_ZONEVERSION, .length = client->inner.zoneversionlength, @@ -1215,7 +1204,7 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message) { RETERR(dns_message_ednsaddopt(message, &option)); } - if (WANTRC(client)) { + if (client->inner.wantrc) { dns_name_t *rad = NULL; if (dns_name_dynamic(&client->inner.rad)) { rad = &client->inner.rad; @@ -1231,9 +1220,8 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message) { } /* Padding must be added last */ - if ((view != NULL) && (view->padding > 0) && WANTPAD(client) && - (TCP_CLIENT(client) || - ((client->inner.attributes & NS_CLIENTATTR_HAVECOOKIE) != 0))) + if ((view != NULL) && (view->padding > 0) && client->inner.wantpad && + (client->inner.tcp || client->inner.havecookie)) { isc_netaddr_t netaddr; int match; @@ -1312,14 +1300,13 @@ process_cookie(ns_client_t *client, isc_buffer_t *buf, size_t optlen) { /* * If we have already seen a cookie option skip this cookie option. */ - if ((!client->manager->sctx->answercookie) || - (client->inner.attributes & NS_CLIENTATTR_WANTCOOKIE) != 0) + if ((!client->manager->sctx->answercookie) || client->inner.wantcookie) { isc_buffer_forward(buf, (unsigned int)optlen); return; } - client->inner.attributes |= NS_CLIENTATTR_WANTCOOKIE; + client->inner.wantcookie = true; ns_stats_increment(client->manager->sctx->nsstats, ns_statscounter_cookiein); @@ -1338,7 +1325,7 @@ process_cookie(ns_client_t *client, isc_buffer_t *buf, size_t optlen) { } else { ns_stats_increment(client->manager->sctx->nsstats, ns_statscounter_cookiebadsize); - client->inner.attributes |= NS_CLIENTATTR_BADCOOKIE; + client->inner.badcookie = true; } return; } @@ -1372,7 +1359,7 @@ process_cookie(ns_client_t *client, isc_buffer_t *buf, size_t optlen) { if (isc_serial_gt(when, now + 300) /* In the future. */ || isc_serial_lt(when, now - 3600) /* In the past. */) { - client->inner.attributes |= NS_CLIENTATTR_BADCOOKIE; + client->inner.badcookie = true; ns_stats_increment(client->manager->sctx->nsstats, ns_statscounter_cookiebadtime); return; @@ -1384,7 +1371,7 @@ process_cookie(ns_client_t *client, isc_buffer_t *buf, size_t optlen) { if (isc_safe_memequal(old, dbuf, COOKIE_SIZE) || alwaysvalid) { ns_stats_increment(client->manager->sctx->nsstats, ns_statscounter_cookiematch); - client->inner.attributes |= NS_CLIENTATTR_HAVECOOKIE; + client->inner.havecookie = true; return; } @@ -1394,12 +1381,12 @@ process_cookie(ns_client_t *client, isc_buffer_t *buf, size_t optlen) { if (isc_safe_memequal(old, dbuf, COOKIE_SIZE)) { ns_stats_increment(client->manager->sctx->nsstats, ns_statscounter_cookiematch); - client->inner.attributes |= NS_CLIENTATTR_HAVECOOKIE; + client->inner.havecookie = true; return; } } - client->inner.attributes |= NS_CLIENTATTR_BADCOOKIE; + client->inner.badcookie = true; ns_stats_increment(client->manager->sctx->nsstats, ns_statscounter_cookienomatch); } @@ -1413,7 +1400,7 @@ process_ecs(ns_client_t *client, isc_buffer_t *buf, size_t optlen) { /* * If we have already seen a ECS option skip this ECS option. */ - if ((client->inner.attributes & NS_CLIENTATTR_HAVEECS) != 0) { + if (client->inner.haveecs) { isc_buffer_forward(buf, (unsigned int)optlen); return ISC_R_SUCCESS; } @@ -1500,7 +1487,7 @@ process_ecs(ns_client_t *client, isc_buffer_t *buf, size_t optlen) { memmove(&client->inner.ecs.addr, &caddr, sizeof(caddr)); client->inner.ecs.source = addrlen; client->inner.ecs.scope = 0; - client->inner.attributes |= NS_CLIENTATTR_HAVEECS; + client->inner.haveecs = true; isc_buffer_forward(buf, (unsigned int)optlen); return ISC_R_SUCCESS; @@ -1587,26 +1574,24 @@ process_opt(ns_client_t *client, dns_rdataset_t *opt) { } switch (optcode) { case DNS_OPT_NSID: - if (!WANTNSID(client)) { + if (!client->inner.wantnsid) { ns_stats_increment( client->manager->sctx->nsstats, ns_statscounter_nsidopt); } - client->inner.attributes |= - NS_CLIENTATTR_WANTNSID; + client->inner.wantnsid = true; isc_buffer_forward(&optbuf, optlen); break; case DNS_OPT_COOKIE: process_cookie(client, &optbuf, optlen); break; case DNS_OPT_EXPIRE: - if (!WANTEXPIRE(client)) { + if (!client->inner.wantexpire) { ns_stats_increment( client->manager->sctx->nsstats, ns_statscounter_expireopt); } - client->inner.attributes |= - NS_CLIENTATTR_WANTEXPIRE; + client->inner.wantexpire = true; isc_buffer_forward(&optbuf, optlen); break; case DNS_OPT_CLIENT_SUBNET: @@ -1619,20 +1604,18 @@ process_opt(ns_client_t *client, dns_rdataset_t *opt) { ns_statscounter_ecsopt); break; case DNS_OPT_TCP_KEEPALIVE: - if (!USEKEEPALIVE(client)) { + if (!client->inner.usekeepalive) { ns_stats_increment( client->manager->sctx->nsstats, ns_statscounter_keepaliveopt); } - client->inner.attributes |= - NS_CLIENTATTR_USEKEEPALIVE; + client->inner.usekeepalive = true; isc_nmhandle_keepalive(client->inner.handle, true); isc_buffer_forward(&optbuf, optlen); break; case DNS_OPT_PAD: - client->inner.attributes |= - NS_CLIENTATTR_WANTPAD; + client->inner.wantpad = true; ns_stats_increment( client->manager->sctx->nsstats, ns_statscounter_padopt); @@ -1649,15 +1632,16 @@ process_opt(ns_client_t *client, dns_rdataset_t *opt) { ns_statscounter_keytagopt); break; case DNS_OPT_ZONEVERSION: - if (optlen != 0 || WANTZONEVERSION(client)) { + if (optlen != 0 || + client->inner.wantzoneversion) + { result = DNS_R_FORMERR; goto formerr; } ns_stats_increment( client->manager->sctx->nsstats, ns_statscounter_zoneversionopt); - client->inner.attributes |= - NS_CLIENTATTR_WANTZONEVERSION; + client->inner.wantzoneversion = true; isc_buffer_forward(&optbuf, optlen); break; default: @@ -1674,14 +1658,14 @@ process_opt(ns_client_t *client, dns_rdataset_t *opt) { ns_stats_increment(client->manager->sctx->nsstats, ns_statscounter_badednsver); result = DNS_R_BADVERS; - client->inner.attributes |= NS_CLIENTATTR_WANTOPT; + client->inner.wantopt = true; ns_client_error(client, result); return result; } ns_stats_increment(client->manager->sctx->nsstats, ns_statscounter_edns0in); - client->inner.attributes |= NS_CLIENTATTR_WANTOPT; + client->inner.wantopt = true; return result; @@ -1689,7 +1673,7 @@ formerr: if (result == DNS_R_OPTERR) { result = DNS_R_FORMERR; } - client->inner.attributes |= NS_CLIENTATTR_WANTOPT; + client->inner.wantopt = true; ns_client_error(client, result); return result; } @@ -1872,7 +1856,7 @@ ns_client_request(isc_nmhandle_t *handle, isc_result_t eresult, } if (isc_nmhandle_is_stream(handle)) { - client->inner.attributes |= NS_CLIENTATTR_TCP; + client->inner.tcp = true; } INSIST(client->inner.state == NS_CLIENTSTATE_READY); @@ -1923,7 +1907,7 @@ ns_client_request(isc_nmhandle_t *handle, isc_result_t eresult, ns_client_log(client, NS_LOGCATEGORY_CLIENT, NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3), "%s request", - TCP_CLIENT(client) ? "TCP" : "UDP"); + client->inner.tcp ? "TCP" : "UDP"); result = dns_message_peekheader(client->inner.buffer, &id, &flags); if (result != ISC_R_SUCCESS) { @@ -1967,7 +1951,7 @@ ns_client_request(isc_nmhandle_t *handle, isc_result_t eresult, ns_stats_increment(client->manager->sctx->nsstats, ns_statscounter_requestv6); } - if (TCP_CLIENT(client)) { + if (client->inner.tcp) { ns_stats_increment(client->manager->sctx->nsstats, ns_statscounter_requesttcp); switch (isc_sockaddr_pf(&client->inner.peeraddr)) { @@ -2007,7 +1991,7 @@ ns_client_request(isc_nmhandle_t *handle, isc_result_t eresult, * (typically FORMERR or SERVFAIL). */ if (result == DNS_R_OPTERR) { - client->inner.attributes |= NS_CLIENTATTR_WANTOPT; + client->inner.wantopt = true; } ns_client_log(client, NS_LOGCATEGORY_CLIENT, NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1), @@ -2098,8 +2082,7 @@ ns_client_request(isc_nmhandle_t *handle, isc_result_t eresult, char classbuf[DNS_RDATACLASS_FORMATSIZE]; switch (client->message->rdclass) { case dns_rdataclass_reserved0: - if ((client->inner.attributes & NS_CLIENTATTR_WANTCOOKIE) != - 0 && + if (client->inner.wantcookie && client->message->opcode == dns_opcode_query && client->message->counts[DNS_SECTION_QUESTION] == 0U) { @@ -2470,7 +2453,7 @@ ns_client_request_continue(void *arg) { ra_refusal_reason = ALLOW_QUERY_CACHE_ON; } else { ra = true; - client->inner.attributes |= NS_CLIENTATTR_RA; + client->inner.ra = true; } ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_CLIENT, @@ -2637,7 +2620,7 @@ ns__client_setup(ns_client_t *client, ns_clientmgr_t *mgr, bool new) { dns_ede_reset(&client->edectx); } - client->query.attributes &= ~NS_QUERYATTR_ANSWERED; + client->query.answered = false; client->inner.state = NS_CLIENTSTATE_INACTIVE; client->inner.udpsize = 512; client->inner.ednsversion = -1; @@ -3018,7 +3001,7 @@ ns_client_qnamereplace(ns_client_t *client, dns_name_t *name) { dns_message_puttempname(client->message, &client->query.qname); } client->query.qname = name; - client->query.attributes &= ~NS_QUERYATTR_REDIRECT; + client->query.is_redirect = false; UNLOCK(&client->query.fetchlock); } @@ -3078,7 +3061,7 @@ ns_client_newname(ns_client_t *client, isc_buffer_t *dbuf, isc_buffer_t *nbuf) { dns_name_t *name = NULL; isc_region_t r; - REQUIRE((client->query.attributes & NS_QUERYATTR_NAMEBUFUSED) == 0); + REQUIRE(!client->query.namebufused); CTRACE("ns_client_newname"); @@ -3087,7 +3070,7 @@ ns_client_newname(ns_client_t *client, isc_buffer_t *dbuf, isc_buffer_t *nbuf) { isc_buffer_init(nbuf, r.base, r.length); dns_name_setbuffer(name, NULL); dns_name_setbuffer(name, nbuf); - client->query.attributes |= NS_QUERYATTR_NAMEBUFUSED; + client->query.namebufused = true; CTRACE("ns_client_newname: done"); return name; @@ -3131,12 +3114,12 @@ ns_client_keepname(ns_client_t *client, dns_name_t *name, isc_buffer_t *dbuf) { * 'name' is using space in 'dbuf', but 'dbuf' has not yet been * adjusted to take account of that. We do the adjustment. */ - REQUIRE((client->query.attributes & NS_QUERYATTR_NAMEBUFUSED) != 0); + REQUIRE(client->query.namebufused); dns_name_toregion(name, &r); isc_buffer_add(dbuf, r.length); dns_name_setbuffer(name, NULL); - client->query.attributes &= ~NS_QUERYATTR_NAMEBUFUSED; + client->query.namebufused = false; } void @@ -3148,7 +3131,7 @@ ns_client_releasename(ns_client_t *client, dns_name_t **namep) { */ CTRACE("ns_client_releasename"); - client->query.attributes &= ~NS_QUERYATTR_NAMEBUFUSED; + client->query.namebufused = false; dns_message_puttempname(client->message, namep); CTRACE("ns_client_releasename: done"); } diff --git a/lib/ns/include/ns/client.h b/lib/ns/include/ns/client.h index a6b7c64c66d..3cf87e90b05 100644 --- a/lib/ns/include/ns/client.h +++ b/lib/ns/include/ns/client.h @@ -166,13 +166,47 @@ struct ns_client { unsigned int magic; struct ns_client_inner { ns_clientstate_t state; - bool async; - unsigned int attributes; - dns_view_t *view; - dns_dispatch_t *dispatch; - isc_nmhandle_t *handle; /* Permanent pointer to handle */ - isc_nmhandle_t *sendhandle; /* Waiting for send callback */ - isc_nmhandle_t *reqhandle; /* Waiting for request callback + union { + uint8_t attrs[4]; + struct { + bool async : 1; + bool tcp : 1; + bool ra : 1; /*%< Client gets recursive service + */ + bool pktinfo : 1; /*%< pktinfo is valid */ + bool multicast : 1; /*%< recv'd from multicast + */ + bool wantdnssec : 1; /*%< include dnssec records + */ + bool wantnsid : 1; /*%< include nameserver ID */ + bool badcookie : 1; /*%< bad/out-of-date cookie + */ + bool wantrc : 1; /*%< include Report-Channel */ + bool wantad : 1; /*%< want AD in response */ + bool wantcookie : 1; /*%< return a COOKIE */ + bool havecookie : 1; /*%< has a valid COOKIE */ + bool wantexpire : 1; /*%< return seconds to + expire */ + bool haveexpire : 1; /*%< return seconds to + expire */ + bool wantopt : 1; /*%< add opt to reply */ + bool haveecs : 1; /*%< received an ECS option */ + bool wantpad : 1; /*%< pad reply */ + bool usekeepalive : 1; /*%< use TCP keepalive */ + bool nosetfc : 1; /*%< don't set servfail cache + */ + bool needtcp : 1; /*%< send TC=1 */ + bool wantzoneversion : 1; /*%< return + zoneversion */ + bool havezoneversion : 1; /*%< return + zoneversion */ + }; + }; + dns_view_t *view; + dns_dispatch_t *dispatch; + isc_nmhandle_t *handle; /* Permanent pointer to handle */ + isc_nmhandle_t *sendhandle; /* Waiting for send callback */ + isc_nmhandle_t *reqhandle; /* Waiting for request callback (query, update, notify) */ isc_nmhandle_t *updatehandle; /* Waiting for update callback */ isc_nmhandle_t *restarthandle; /* Waiting for restart callback @@ -247,32 +281,14 @@ struct ns_client { uint8_t sendbuf[NS_CLIENT_SEND_BUFFER_SIZE]; }; +STATIC_ASSERT(offsetof(ns_client_t, inner.attrs) + + sizeof(((ns_client_t *)0)->inner.attrs) == + offsetof(ns_client_t, inner.view), + "ns_query.attrs[] must cover the flags bitfield"); + #define NS_CLIENT_MAGIC ISC_MAGIC('N', 'S', 'C', 'c') #define NS_CLIENT_VALID(c) ISC_MAGIC_VALID(c, NS_CLIENT_MAGIC) -#define NS_CLIENTATTR_TCP 0x000001 -#define NS_CLIENTATTR_RA 0x000002 /*%< Client gets recursive service */ -#define NS_CLIENTATTR_PKTINFO 0x000004 /*%< pktinfo is valid */ -#define NS_CLIENTATTR_MULTICAST 0x000008 /*%< recv'd from multicast */ -#define NS_CLIENTATTR_WANTDNSSEC 0x000010 /*%< include dnssec records */ -#define NS_CLIENTATTR_WANTNSID 0x000020 /*%< include nameserver ID */ -#define NS_CLIENTATTR_BADCOOKIE \ - 0x000040 /*%< Presented cookie is bad/out-of-date */ -#define NS_CLIENTATTR_WANTRC 0x000080 /*%< include Report-Channel */ -#define NS_CLIENTATTR_WANTAD 0x000100 /*%< want AD in response if possible */ -#define NS_CLIENTATTR_WANTCOOKIE 0x000200 /*%< return a COOKIE */ -#define NS_CLIENTATTR_HAVECOOKIE 0x000400 /*%< has a valid COOKIE */ -#define NS_CLIENTATTR_WANTEXPIRE 0x000800 /*%< return seconds to expire */ -#define NS_CLIENTATTR_HAVEEXPIRE 0x001000 /*%< return seconds to expire */ -#define NS_CLIENTATTR_WANTOPT 0x002000 /*%< add opt to reply */ -#define NS_CLIENTATTR_HAVEECS 0x004000 /*%< received an ECS option */ -#define NS_CLIENTATTR_WANTPAD 0x008000 /*%< pad reply */ -#define NS_CLIENTATTR_USEKEEPALIVE 0x010000 /*%< use TCP keepalive */ -#define NS_CLIENTATTR_NOSETFC 0x020000 /*%< don't set servfail cache */ -#define NS_CLIENTATTR_NEEDTCP 0x040000 /*%< send TC=1 */ -#define NS_CLIENTATTR_WANTZONEVERSION 0x100000 /*%< return zoneversion */ -#define NS_CLIENTATTR_HAVEZONEVERSION 0x200000 /*%< return zoneversion */ - /* * Flag to use with the SERVFAIL cache to indicate * that a query had the CD bit set. diff --git a/lib/ns/include/ns/query.h b/lib/ns/include/ns/query.h index 053ed69ee3b..44d0566fbc3 100644 --- a/lib/ns/include/ns/query.h +++ b/lib/ns/include/ns/query.h @@ -103,7 +103,30 @@ typedef struct ns_query_recparam { /*% nameserver query structure */ struct ns_query { - unsigned int attributes; + union { + uint8_t attrs[4]; + struct { + bool recursionok : 1; + bool cacheok : 1; + bool partialanswer : 1; + bool namebufused : 1; + bool recursing : 1; + bool queryokvalid : 1; + bool queryok : 1; + bool wantrecursion : 1; + bool secure : 1; + bool noauthority : 1; + bool noadditional : 1; + bool cacheaclokvalid : 1; + bool cacheaclok : 1; + bool dns64 : 1; + bool dns64exclude : 1; + bool rrl_checked : 1; + bool is_redirect : 1; + bool answered : 1; + }; + }; + unsigned int restarts; isc_counter_t *qc; bool timerset; @@ -156,24 +179,10 @@ struct ns_query { bool root_key_sentinel_not_ta; }; -#define NS_QUERYATTR_RECURSIONOK 0x000001 -#define NS_QUERYATTR_CACHEOK 0x000002 -#define NS_QUERYATTR_PARTIALANSWER 0x000004 -#define NS_QUERYATTR_NAMEBUFUSED 0x000008 -#define NS_QUERYATTR_RECURSING 0x000010 -#define NS_QUERYATTR_QUERYOKVALID 0x000040 -#define NS_QUERYATTR_QUERYOK 0x000080 -#define NS_QUERYATTR_WANTRECURSION 0x000100 -#define NS_QUERYATTR_SECURE 0x000200 -#define NS_QUERYATTR_NOAUTHORITY 0x000400 -#define NS_QUERYATTR_NOADDITIONAL 0x000800 -#define NS_QUERYATTR_CACHEACLOKVALID 0x001000 -#define NS_QUERYATTR_CACHEACLOK 0x002000 -#define NS_QUERYATTR_DNS64 0x004000 -#define NS_QUERYATTR_DNS64EXCLUDE 0x008000 -#define NS_QUERYATTR_RRL_CHECKED 0x010000 -#define NS_QUERYATTR_REDIRECT 0x020000 -#define NS_QUERYATTR_ANSWERED 0x040000 +STATIC_ASSERT(offsetof(ns_query_t, attrs) + + sizeof(((struct ns_query *)0)->attrs) == + offsetof(struct ns_query, restarts), + "ns_query.attrs[] must cover the flags bitfield"); typedef struct query_ctx query_ctx_t; diff --git a/lib/ns/query.c b/lib/ns/query.c index ec8b3df8683..913b14282a2 100644 --- a/lib/ns/query.c +++ b/lib/ns/query.c @@ -97,65 +97,9 @@ (qctx)->line = __LINE__; \ } while (0) -/*% Partial answer? */ -#define PARTIALANSWER(c) \ - (((c)->query.attributes & NS_QUERYATTR_PARTIALANSWER) != 0) -/*% Use Cache? */ -#define USECACHE(c) (((c)->query.attributes & NS_QUERYATTR_CACHEOK) != 0) -/*% Recursion OK? */ -#define RECURSIONOK(c) (((c)->query.attributes & NS_QUERYATTR_RECURSIONOK) != 0) -/*% Recursing? */ -#define RECURSING(c) (((c)->query.attributes & NS_QUERYATTR_RECURSING) != 0) -/*% Want Recursion? */ -#define WANTRECURSION(c) \ - (((c)->query.attributes & NS_QUERYATTR_WANTRECURSION) != 0) -/*% Is TCP? */ -#define TCP(c) (((c)->inner.attributes & NS_CLIENTATTR_TCP) != 0) -/*% This query needs to have been sent over TCP. Return TC=1. */ -#define NEEDTCP(c) (((c)->inner.attributes & NS_CLIENTATTR_NEEDTCP) != 0) - -/*% Want DNSSEC? */ -#define WANTDNSSEC(c) (((c)->inner.attributes & NS_CLIENTATTR_WANTDNSSEC) != 0) -/*% Want WANTAD? */ -#define WANTAD(c) (((c)->inner.attributes & NS_CLIENTATTR_WANTAD) != 0) -/*% Client presented a bad COOKIE. */ -#define BADCOOKIE(c) (((c)->inner.attributes & NS_CLIENTATTR_BADCOOKIE) != 0) -/*% Client presented a valid COOKIE. */ -#define HAVECOOKIE(c) (((c)->inner.attributes & NS_CLIENTATTR_HAVECOOKIE) != 0) -/*% Client presented a COOKIE. */ -#define WANTCOOKIE(c) (((c)->inner.attributes & NS_CLIENTATTR_WANTCOOKIE) != 0) -/*% Client presented a CLIENT-SUBNET option. */ -#define HAVEECS(c) (((c)->inner.attributes & NS_CLIENTATTR_HAVEECS) != 0) -/*% No authority? */ -#define NOAUTHORITY(c) (((c)->query.attributes & NS_QUERYATTR_NOAUTHORITY) != 0) -/*% No additional? */ -#define NOADDITIONAL(c) \ - (((c)->query.attributes & NS_QUERYATTR_NOADDITIONAL) != 0) -/*% Secure? */ -#define SECURE(c) (((c)->query.attributes & NS_QUERYATTR_SECURE) != 0) -/*% DNS64 A lookup? */ -#define DNS64(c) (((c)->query.attributes & NS_QUERYATTR_DNS64) != 0) - -#define DNS64EXCLUDE(c) \ - (((c)->query.attributes & NS_QUERYATTR_DNS64EXCLUDE) != 0) - -#define REDIRECT(c) (((c)->query.attributes & NS_QUERYATTR_REDIRECT) != 0) - -/*% Was the client already sent a response? */ -#define QUERY_ANSWERED(q) (((q)->attributes & NS_QUERYATTR_ANSWERED) != 0) - /*% Does the query wants to check for stale RRset due to a timeout? */ #define QUERY_STALETIMEOUT(q) (((q)->dboptions & DNS_DBFIND_STALETIMEOUT) != 0) -/*% Does the rdataset 'r' have an attached 'No QNAME Proof'? */ -#define NOQNAME(r) ((r)->attributes.noqname) - -/*% Does the rdataset 'r' contain a stale answer? */ -#define STALE(r) ((r)->attributes.stale) - -/*% Does the rdataset 'r' is stale and within stale-refresh-time? */ -#define STALE_WINDOW(r) ((r)->attributes.stale_window) - #ifdef WANT_QUERYTRACE static void client_trace(ns_client_t *client, int level, const char *message) { @@ -584,7 +528,7 @@ ns_client_log_flags(ns_client_t *client, unsigned int flags, isc_buffer_t b; isc_buffer_init(&b, buf, len); - isc_buffer_putuint8(&b, WANTRECURSION(client) ? '+' : '-'); + isc_buffer_putuint8(&b, client->query.wantrecursion ? '+' : '-'); if (client->inner.ednsversion >= 0) { char ednsbuf[sizeof("E(255)")] = { 0 }; @@ -595,7 +539,7 @@ ns_client_log_flags(ns_client_t *client, unsigned int flags, if (client->inner.signer != NULL) { isc_buffer_putuint8(&b, 'S'); } - if (TCP(client)) { + if (client->inner.tcp) { isc_buffer_putuint8(&b, 'T'); } if ((extflags & DNS_MESSAGEEXTFLAG_DO) != 0) { @@ -604,9 +548,9 @@ ns_client_log_flags(ns_client_t *client, unsigned int flags, if ((flags & DNS_MESSAGEFLAG_CD) != 0) { isc_buffer_putuint8(&b, 'C'); } - if (HAVECOOKIE(client)) { + if (client->inner.havecookie) { isc_buffer_putuint8(&b, 'V'); - } else if (WANTCOOKIE(client)) { + } else if (client->inner.wantcookie) { isc_buffer_putuint8(&b, 'K'); } isc_buffer_putuint8(&b, 0); @@ -646,7 +590,7 @@ log_response(ns_client_t *client, dns_rcode_t rcode) { isc_buffer_putuint8(&b, 0); isc_netaddr_format(&client->inner.destaddr, onbuf, sizeof(onbuf)); - if (HAVEECS(client)) { + if (client->inner.haveecs) { ns_client_log_ecs(client, ecsbuf, sizeof(ecsbuf)); } @@ -857,8 +801,13 @@ query_reset(ns_client_t *client, bool everything) { dns_message_puttempname(client->message, &client->query.qname); } client->query.qname = NULL; - client->query.attributes = (NS_QUERYATTR_RECURSIONOK | - NS_QUERYATTR_CACHEOK | NS_QUERYATTR_SECURE); + + memset(&client->query.attrs, 0, sizeof(client->query.attrs)); + + client->query.recursionok = true; + client->query.cacheok = true; + client->query.secure = true; + client->query.restarts = 0; client->query.timerset = false; if (client->query.rpz_st != NULL) { @@ -949,10 +898,9 @@ ns_query_init(ns_client_t *client) { * evaluation using the appropriate level, along with 'name' and 'qtype'. * * The cache ACL is only evaluated once for each client and then the result is - * cached: if NS_QUERYATTR_CACHEACLOKVALID is set in client->query.attributes, - * cache ACL evaluation has already been performed. The evaluation result is - * also stored in client->query.attributes: if NS_QUERYATTR_CACHEACLOK is set, - * the client is allowed cache access. + * cached: if client->query.cacheaclokvalid is set, cache ACL evaluation has + * already been performed. The evaluation result is also stored in + * client->query.cacheaclok: if set, the client is allowed cache access. * * Returns: * @@ -964,7 +912,7 @@ query_checkcacheaccess(ns_client_t *client, const dns_name_t *name, dns_rdatatype_t qtype, dns_getdb_options_t options) { isc_result_t result; - if ((client->query.attributes & NS_QUERYATTR_CACHEACLOKVALID) == 0) { + if (!client->query.cacheaclokvalid) { enum refusal_reasons { ALLOW_QUERY_CACHE, ALLOW_QUERY_CACHE_ON @@ -994,7 +942,7 @@ query_checkcacheaccess(ns_client_t *client, const dns_name_t *name, /* * We were allowed by the "allow-query-cache" ACL. */ - client->query.attributes |= NS_QUERYATTR_CACHEACLOK; + client->query.cacheaclok = true; if (!options.nolog && isc_log_wouldlog(ISC_LOG_DEBUG(3))) { @@ -1009,7 +957,7 @@ query_checkcacheaccess(ns_client_t *client, const dns_name_t *name, } else { /* * We were denied by the "allow-query-cache" ACL. - * There is no need to clear NS_QUERYATTR_CACHEACLOK + * There is no need to clear cacheaclok * since it is cleared by query_reset(), before query * processing starts. */ @@ -1028,14 +976,12 @@ query_checkcacheaccess(ns_client_t *client, const dns_name_t *name, /* * Evaluation has been finished; make sure we will just consult - * NS_QUERYATTR_CACHEACLOK for this client from now on. + * cacheaclok for this client from now on. */ - client->query.attributes |= NS_QUERYATTR_CACHEACLOKVALID; + client->query.cacheaclokvalid = true; } - return (client->query.attributes & NS_QUERYATTR_CACHEACLOK) != 0 - ? ISC_R_SUCCESS - : DNS_R_REFUSED; + return client->query.cacheaclok ? ISC_R_SUCCESS : DNS_R_REFUSED; } static isc_result_t @@ -1065,7 +1011,7 @@ query_validatezonedb(ns_client_t *client, const dns_name_t *name, * answering a query where recursion is requested and allowed. */ if (client->query.rpz_st == NULL && - !(WANTRECURSION(client) && RECURSIONOK(client)) && + !(client->query.wantrecursion && client->query.recursionok) && client->query.authdbset && db != client->query.authdb) { return DNS_R_REFUSED; @@ -1077,7 +1023,7 @@ query_validatezonedb(ns_client_t *client, const dns_name_t *name, * and should not be disclosed. */ if (dns_zone_gettype(zone) == dns_zone_staticstub && - !RECURSIONOK(client)) + !client->query.recursionok) { return DNS_R_REFUSED; } @@ -1112,18 +1058,15 @@ query_validatezonedb(ns_client_t *client, const dns_name_t *name, queryacl = dns_zone_getqueryacl(zone); if (queryacl == NULL) { queryacl = client->inner.view->queryacl; - if ((client->query.attributes & NS_QUERYATTR_QUERYOKVALID) != 0) - { + if (client->query.queryokvalid) { /* * We've evaluated the view's queryacl already. If - * NS_QUERYATTR_QUERYOK is set, then the client is + * queryok is set, then the client is * allowed to make queries, otherwise the query should * be refused. */ dbversion->acl_checked = true; - if ((client->query.attributes & NS_QUERYATTR_QUERYOK) == - 0) - { + if (!client->query.queryok) { dbversion->queryok = false; return DNS_R_REFUSED; } @@ -1163,13 +1106,13 @@ query_validatezonedb(ns_client_t *client, const dns_name_t *name, * "allow-query" ACL. Remember this so we * don't have to check again. */ - client->query.attributes |= NS_QUERYATTR_QUERYOK; + client->query.queryok = true; } /* * We've now evaluated the view's query ACL, and - * the NS_QUERYATTR_QUERYOK attribute is now valid. + * the queryok attribute is now valid. */ - client->query.attributes |= NS_QUERYATTR_QUERYOKVALID; + client->query.queryokvalid = true; } /* If and only if we've gotten this far, check allow-query-on too */ @@ -1452,7 +1395,7 @@ query_getcachedb(ns_client_t *client, const dns_name_t *name, REQUIRE(dbp != NULL && *dbp == NULL); - if (!USECACHE(client)) { + if (!client->query.cacheok) { return DNS_R_REFUSED; } @@ -1736,7 +1679,7 @@ query_additionalauth(query_ctx_t *qctx, const dns_name_t *name, &node, fname, rdataset, sigrdataset); if (result != ISC_R_SUCCESS && qctx->view->minimalresponses == dns_minimal_no && - RECURSIONOK(client)) + client->query.recursionok) { /* * If we aren't doing response minimization and recursion is @@ -1792,7 +1735,7 @@ query_additional_cb(void *arg, const dns_name_t *name, dns_rdatatype_t qtype, REQUIRE(NS_CLIENT_VALID(client)); REQUIRE(qtype != dns_rdatatype_any); - if (!WANTDNSSEC(client) && dns_rdatatype_isdnssec(qtype)) { + if (!client->inner.wantdnssec && dns_rdatatype_isdnssec(qtype)) { return ISC_R_SUCCESS; } @@ -1819,7 +1762,7 @@ query_additional_cb(void *arg, const dns_name_t *name, dns_rdatatype_t qtype, dbuf = ns_client_getnamebuf(client); fname = ns_client_newname(client, dbuf, &b); rdataset = ns_client_newrdataset(client); - if (WANTDNSSEC(client)) { + if (client->inner.wantdnssec) { sigrdataset = ns_client_newrdataset(client); } @@ -1872,7 +1815,7 @@ query_additional_cb(void *arg, const dns_name_t *name, dns_rdatatype_t qtype, rdataset, sigrdataset); dns_cache_updatestats(qctx->view->cache, result); - if (!WANTDNSSEC(client)) { + if (!client->inner.wantdnssec) { ns_client_putrdataset(client, &sigrdataset); } if (result == ISC_R_SUCCESS) { @@ -1990,7 +1933,7 @@ found: } if (sigrdataset != NULL) { dns_rdataset_cleanup(sigrdataset); - } else if (WANTDNSSEC(client)) { + } else if (client->inner.wantdnssec) { sigrdataset = ns_client_newrdataset(client); } if (query_isduplicate(client, fname, dns_rdatatype_a, NULL)) { @@ -2188,7 +2131,7 @@ query_additional(query_ctx_t *qctx, dns_name_t *name, CTRACE(ISC_LOG_DEBUG(3), "query_additional"); - if (NOADDITIONAL(client)) { + if (client->query.noadditional) { return; } @@ -2286,7 +2229,7 @@ query_addrrset(query_ctx_t *qctx, dns_name_t **namep, if (rdataset->trust != dns_trust_secure && (section == DNS_SECTION_ANSWER || section == DNS_SECTION_AUTHORITY)) { - client->query.attributes &= ~NS_QUERYATTR_SECURE; + client->query.secure = false; } /* @@ -2457,12 +2400,12 @@ stale_refresh_aftermath(ns_client_t *client, isc_result_t result) { */ client->inner.tnow = isc_time_now(); client->inner.now = isc_time_seconds(&client->inner.tnow); - client->query.attributes &= ~NS_QUERYATTR_RECURSIONOK; + client->query.recursionok = false; qctx_init(client, NULL, 0, &qctx); dns_clientinfomethods_init(&cm, ns_client_sourceip); dns_clientinfo_init(&ci, qctx.client, NULL); - if (HAVEECS(qctx.client)) { + if (qctx.client->inner.haveecs) { dns_clientinfo_setecs(&ci, &qctx.client->inner.ecs); } @@ -2563,7 +2506,7 @@ fetch_and_forget(ns_client_t *client, dns_name_t *qname, dns_rdatatype_t qtype, tmprdataset = ns_client_newrdataset(client); - if (!TCP(client)) { + if (!client->inner.tcp) { peeraddr = &client->inner.peeraddr; } else { peeraddr = NULL; @@ -2612,10 +2555,10 @@ query_stale_refresh(ns_client_t *client, dns_name_t *qname, bool stale_rrset = true; if (rdataset != NULL) { - stale_refresh_window = (STALE_WINDOW(rdataset) && + stale_refresh_window = (rdataset->attributes.stale_window && (client->query.dboptions & DNS_DBFIND_STALEENABLED) != 0); - stale_rrset = STALE(rdataset); + stale_rrset = rdataset->attributes.stale; } if (FETCH_RECTYPE_STALE_REFRESH(client) != NULL || @@ -2811,7 +2754,7 @@ rpz_get_zbits(ns_client_t *client, dns_rdatatype_t ip_type, /* * If the client wants recursion, allow only compatible policies. */ - if (!RECURSIONOK(client)) { + if (!client->query.recursionok) { zbits &= st->popt.no_rd_ok; } @@ -2902,7 +2845,7 @@ rpz_rrset_find(ns_client_t *client, dns_name_t *name, dns_rdatatype_t type, result = dns_db_findext(*dbp, name, version, type, options, client->inner.now, &node, found, &cm, &ci, *rdatasetp, NULL); - if (result == DNS_R_DELEGATION && is_zone && USECACHE(client)) { + if (result == DNS_R_DELEGATION && is_zone && client->query.cacheok) { /* * Try the cache if we're authoritative for an * ancestor but not the domain itself. DELEGATION or @@ -3733,13 +3676,13 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, isc_result_t qresult, if (st != NULL && (st->state & DNS_RPZ_REWRITTEN) != 0) { return DNS_R_DISALLOWED; } - if (RECURSING(client)) { + if (client->query.recursing) { return DNS_R_DISALLOWED; } RWLOCK(&rpzs->search_lock, isc_rwlocktype_read); if ((rpzs->p.num_zones == 0) || - (!RECURSIONOK(client) && rpzs->p.no_rd_ok == 0) || + (!client->query.recursionok && rpzs->p.no_rd_ok == 0) || !rpz_ck_dnssec(client, qresult, ordataset, osigset)) { RWUNLOCK(&rpzs->search_lock, isc_rwlocktype_read); @@ -3779,7 +3722,7 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, isc_result_t qresult, zones_processed < zones_registered) { /* Do not pollute SERVFAIL cache */ - client->inner.attributes |= NS_CLIENTATTR_NOSETFC; + client->inner.nosetfc = true; if (can_log_rpznotready()) { rpz_log_fail(client, DNS_RPZ_INFO_LEVEL, NULL, @@ -3818,7 +3761,7 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, isc_result_t qresult, * If recursion is off, this the normal and only time we * can rewrite. */ - if (RECURSIONOK(client)) { + if (client->query.recursionok) { qresult_type = qresult_type_recurse; } else { qresult_type = qresult_type_restart; @@ -4145,7 +4088,9 @@ rpz_ck_dnssec(ns_client_t *client, isc_result_t qresult, CTRACE(ISC_LOG_DEBUG(3), "rpz_ck_dnssec"); - if (client->inner.view->rpzs->p.break_dnssec || !WANTDNSSEC(client)) { + if (client->inner.view->rpzs->p.break_dnssec || + !client->inner.wantdnssec) + { return true; } @@ -4431,11 +4376,11 @@ dns64_aaaaok(ns_client_t *client, dns_rdataset_t *rdataset, return true; } - if (RECURSIONOK(client)) { + if (client->query.recursionok) { flags |= DNS_DNS64_RECURSIVE; } - if (WANTDNSSEC(client) && sigrdataset != NULL && + if (client->inner.wantdnssec && sigrdataset != NULL && dns_rdataset_isassociated(sigrdataset)) { flags |= DNS_DNS64_DNSSEC; @@ -4504,12 +4449,13 @@ redirect(ns_client_t *client, dns_name_t *name, dns_rdataset_t *rdataset, dns_clientinfo_init(&ci, client, NULL); dns_clientinfo_setecs(&ci, &client->inner.ecs); - if (WANTDNSSEC(client) && dns_db_iszone(*dbp) && dns_db_issecure(*dbp)) + if (client->inner.wantdnssec && dns_db_iszone(*dbp) && + dns_db_issecure(*dbp)) { return ISC_R_NOTFOUND; } - if (WANTDNSSEC(client) && dns_rdataset_isassociated(rdataset)) { + if (client->inner.wantdnssec && dns_rdataset_isassociated(rdataset)) { if (rdataset->trust == dns_trust_secure) { return ISC_R_NOTFOUND; } @@ -4587,8 +4533,8 @@ nxrrset: dns_db_detach(&db); *versionp = dbversion->version; - client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY | - NS_QUERYATTR_NOADDITIONAL); + client->query.noauthority = true; + client->query.noadditional = true; return result; } @@ -4611,11 +4557,11 @@ redirect2(ns_client_t *client, dns_name_t *name, dns_rdataset_t *rdataset, dns_zone_t *zone = NULL; bool is_zone; unsigned int labels; - bool redirected = REDIRECT(client); + bool redirected = client->query.is_redirect; CTRACE(ISC_LOG_DEBUG(3), "redirect2"); - client->query.attributes &= ~NS_QUERYATTR_REDIRECT; + client->query.is_redirect = false; if (client->inner.view->redirectzone == NULL) { return ISC_R_NOTFOUND; @@ -4631,12 +4577,13 @@ redirect2(ns_client_t *client, dns_name_t *name, dns_rdataset_t *rdataset, dns_clientinfo_init(&ci, client, NULL); dns_clientinfo_setecs(&ci, &client->inner.ecs); - if (WANTDNSSEC(client) && dns_db_iszone(*dbp) && dns_db_issecure(*dbp)) + if (client->inner.wantdnssec && dns_db_iszone(*dbp) && + dns_db_issecure(*dbp)) { return ISC_R_NOTFOUND; } - if (WANTDNSSEC(client) && dns_rdataset_isassociated(rdataset)) { + if (client->inner.wantdnssec && dns_rdataset_isassociated(rdataset)) { if (rdataset->trust == dns_trust_secure) { return ISC_R_NOTFOUND; } @@ -4714,9 +4661,8 @@ redirect2(ns_client_t *client, dns_name_t *name, dns_rdataset_t *rdataset, result = ns_query_recurse(client, qtype, redirectname, NULL, NULL, true); if (result == ISC_R_SUCCESS) { - client->query.attributes |= - (NS_QUERYATTR_RECURSING | - NS_QUERYATTR_REDIRECT); + client->query.recursing = true; + client->query.is_redirect = true; return DNS_R_CONTINUE; } } @@ -4761,8 +4707,8 @@ nxrrset: *is_zonep = is_zone; *versionp = version; - client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY | - NS_QUERYATTR_NOADDITIONAL); + client->query.noauthority = true; + client->query.noadditional = true; return result; } @@ -4927,11 +4873,20 @@ qctx_save(query_ctx_t *src, query_ctx_t **targetp) { * Log detailed information about the query immediately after * the client request or a return from recursion. */ +#ifdef WANT_QUERYTRACE +static void +attrs_tohex(char *dst, size_t dstsize, const uint8_t *src, size_t srclen) { + for (size_t i = 0; i < srclen; i++) { + snprintf(&dst[i * 2], dstsize - i * 2, "%02x", src[i]); + } +} + static void query_trace(query_ctx_t *qctx) { -#ifdef WANT_QUERYTRACE char mbuf[2 * DNS_NAME_FORMATSIZE]; char qbuf[DNS_NAME_FORMATSIZE]; + char iabuf[sizeof(qctx->client->inner.attrs) * 2 + 1] = { 0 }; + char qabuf[sizeof(qctx->client->query.attrs) * 2 + 1] = { 0 }; if (qctx->client->query.origqname != NULL) { dns_name_format(qctx->client->query.origqname, qbuf, @@ -4940,20 +4895,27 @@ query_trace(query_ctx_t *qctx) { snprintf(qbuf, sizeof(qbuf), ""); } + attrs_tohex(iabuf, sizeof(iabuf), (uint8_t *)&qctx->client->inner.attrs, + sizeof(qctx->client->inner.attrs)); + attrs_tohex(qabuf, sizeof(qabuf), (uint8_t *)&qctx->client->query.attrs, + sizeof(qctx->client->query.attrs)); + snprintf(mbuf, sizeof(mbuf) - 1, - "client attr:0x%x, query attr:0x%X, restarts:%u, " + "client attr:0x%s, query attr:0x%s, restarts:%u, " "origqname:%s, timer:%d, authdb:%d, referral:%d, id:%hu", - qctx->client->inner.attributes, qctx->client->query.attributes, - qctx->client->query.restarts, qbuf, + iabuf, qabuf, qctx->client->query.restarts, qbuf, (int)qctx->client->query.timerset, (int)qctx->client->query.authdbset, (int)qctx->client->query.isreferral, qctx->client->message->id); CCTRACE(ISC_LOG_DEBUG(3), mbuf); +} #else /* ifdef WANT_QUERYTRACE */ - UNUSED(qctx); -#endif /* ifdef WANT_QUERYTRACE */ +static void +query_trace(query_ctx_t *qctx ISC_ATTR_UNUSED) { + /* noop */ } +#endif /* ifdef WANT_QUERYTRACE */ /* * Set up query processing for the current query of 'client'. @@ -5056,7 +5018,7 @@ static void qctx_reportquery(query_ctx_t *qctx) { ns_client_t *client = qctx->client; - client->inner.attributes |= NS_CLIENTATTR_WANTRC; + client->inner.wantrc = true; /* If this isn't a report-logging zone, there's no more to do */ dns_zoneopt_t opts = dns_zone_getoptions(qctx->zone); @@ -5068,7 +5030,7 @@ qctx_reportquery(query_ctx_t *qctx) { * Suppress EDNS Report-Channel in responses from report- * logging zones; this prevents infinite loops. */ - client->inner.attributes &= ~NS_CLIENTATTR_WANTRC; + client->inner.wantrc = false; /* If this isn't an error-report query, there's nothing more to do */ if (client->query.qtype != dns_rdatatype_txt || @@ -5082,11 +5044,11 @@ qctx_reportquery(query_ctx_t *qctx) { * Check for TCP or a good server cookie. If neither, send * back BADCOOKIE or TC=1. */ - if (!TCP(client) && !HAVECOOKIE(client)) { - if (WANTCOOKIE(client)) { - client->inner.attributes |= NS_CLIENTATTR_BADCOOKIE; + if (!client->inner.tcp && !client->inner.havecookie) { + if (client->inner.wantcookie) { + client->inner.badcookie = true; } else { - client->inner.attributes |= NS_CLIENTATTR_NEEDTCP; + client->inner.needtcp = true; } } @@ -5109,7 +5071,7 @@ qctx_setrad(query_ctx_t *qctx) { ns_client_t *client = qctx->client; /* Set the client to send a Report-Channel option when replying */ - if ((client->inner.attributes & NS_CLIENTATTR_WANTRC) != 0) { + if (client->inner.wantrc) { dns_fixedname_t fixed; dns_name_t *rad = dns_fixedname_initname(&fixed); @@ -5156,22 +5118,22 @@ ns__query_start(query_ctx_t *qctx) { * cookie was bad then send back BADCOOKIE before we have * done too much work. */ - if (!TCP(qctx->client) && - (BADCOOKIE(qctx->client) || - (qctx->view->requireservercookie && WANTCOOKIE(qctx->client) && - !HAVECOOKIE(qctx->client)))) + if (!qctx->client->inner.tcp && (qctx->client->inner.badcookie || + (qctx->view->requireservercookie && + qctx->client->inner.wantcookie && + !qctx->client->inner.havecookie))) { qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AA; qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AD; qctx->client->message->rcode = dns_rcode_badcookie; - qctx->client->inner.attributes &= ~NS_CLIENTATTR_WANTRC; + qctx->client->inner.wantrc = false; return ns_query_done(qctx); } /* * Respond with TC=1 if we need TCP for this request. */ - if (!TCP(qctx->client) && NEEDTCP(qctx->client)) { + if (!qctx->client->inner.tcp && qctx->client->inner.needtcp) { qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AA; qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AD; qctx->client->message->flags |= DNS_MESSAGEFLAG_TC; @@ -5232,8 +5194,8 @@ ns__query_start(query_ctx_t *qctx) { qctx->qtype, qctx->options, &qctx->zone, &qctx->db, &qctx->version, &qctx->is_zone); if ((result != ISC_R_SUCCESS || !qctx->is_zone) && - qctx->qtype == dns_rdatatype_ds && !RECURSIONOK(qctx->client) && - qctx->options.noexact) + qctx->qtype == dns_rdatatype_ds && + !qctx->client->query.recursionok && qctx->options.noexact) { /* * This is a non-recursive QTYPE=DS query with QNAME whose @@ -5289,7 +5251,7 @@ ns__query_start(query_ctx_t *qctx) { */ if (result != ISC_R_SUCCESS) { if (result == DNS_R_REFUSED) { - if (WANTRECURSION(qctx->client)) { + if (qctx->client->query.wantrecursion) { dns_ede_add(&qctx->client->edectx, DNS_EDE_NOTAUTH, "recursion disabled"); @@ -5299,7 +5261,7 @@ ns__query_start(query_ctx_t *qctx) { inc_stats(qctx->client, ns_statscounter_authrej); } - if (!PARTIALANSWER(qctx->client)) { + if (!qctx->client->query.partialanswer) { QUERY_ERROR(qctx, DNS_R_REFUSED); } } else { @@ -5505,7 +5467,7 @@ qctx_prepare_buffers(query_ctx_t *qctx, isc_buffer_t *buffer) { qctx->fname = ns_client_newname(qctx->client, qctx->dbuf, buffer); qctx->rdataset = ns_client_newrdataset(qctx->client); - if (WANTDNSSEC(qctx->client) || qctx->findcoveringnsec) { + if (qctx->client->inner.wantdnssec || qctx->findcoveringnsec) { qctx->sigrdataset = ns_client_newrdataset(qctx->client); } @@ -5562,7 +5524,7 @@ query_lookup(query_ctx_t *qctx) { dns_clientinfomethods_init(&cm, ns_client_sourceip); dns_clientinfo_init(&ci, qctx->client, NULL); - if (HAVEECS(qctx->client)) { + if (qctx->client->inner.haveecs) { dns_clientinfo_setecs(&ci, &qctx->client->inner.ecs); } @@ -5641,7 +5603,7 @@ query_lookup(query_ctx_t *qctx) { * we are allowed to immediately respond with a stale answer if the * request is within the 'stale-refresh-time' window. */ - stale_refresh_window = (STALE_WINDOW(qctx->rdataset) && + stale_refresh_window = (qctx->rdataset->attributes.stale_window && (dboptions & DNS_DBFIND_STALEENABLED) != 0); /* @@ -5654,7 +5616,8 @@ query_lookup(query_ctx_t *qctx) { stale_timeout = ((dboptions & DNS_DBFIND_STALETIMEOUT) != 0); if (dns_rdataset_isassociated(qctx->rdataset) && - dns_rdataset_count(qctx->rdataset) > 0 && !STALE(qctx->rdataset)) + dns_rdataset_count(qctx->rdataset) > 0 && + !qctx->rdataset->attributes.stale) { /* Found non-stale usable rdataset. */ answer_found = true; @@ -5669,7 +5632,7 @@ query_lookup(query_ctx_t *qctx) { if (dns_rdataset_isassociated(qctx->rdataset) && dns_rdataset_count(qctx->rdataset) > 0 && - STALE(qctx->rdataset)) + qctx->rdataset->attributes.stale) { stale_found = true; if (result == DNS_R_NCACHENXDOMAIN || @@ -5796,7 +5759,7 @@ fetch_callback(void *arg) { query_ctx_t qctx; REQUIRE(NS_CLIENT_VALID(client)); - REQUIRE(RECURSING(client)); + REQUIRE(client->query.recursing); CTRACE(ISC_LOG_DEBUG(3), "fetch_callback"); @@ -5807,7 +5770,7 @@ fetch_callback(void *arg) { if (client->inner.view->cachedb != NULL && client->inner.view->recursion) { - client->query.attributes |= NS_QUERYATTR_RECURSIONOK; + client->query.recursionok = true; } client->query.dboptions &= ~DNS_DBFIND_STALETIMEOUT; client->query.dboptions &= ~DNS_DBFIND_STALEENABLED; @@ -5846,7 +5809,7 @@ fetch_callback(void *arg) { isc_nmhandle_detach(&HANDLE_RECTYPE_NORMAL(client)); - client->query.attributes &= ~NS_QUERYATTR_RECURSING; + client->query.recursing = false; client->inner.state = NS_CLIENTSTATE_WORKING; /* @@ -6035,7 +5998,7 @@ ns_query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname, rdataset = ns_client_newrdataset(client); - if (WANTDNSSEC(client)) { + if (client->inner.wantdnssec) { sigrdataset = ns_client_newrdataset(client); } else { sigrdataset = NULL; @@ -6045,7 +6008,7 @@ ns_query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname, ns_client_settimeout(client, 60); } - if (!TCP(client)) { + if (!client->inner.tcp) { peeraddr = &client->inner.peeraddr; } @@ -6092,7 +6055,7 @@ query_resume(query_ctx_t *qctx) { char qbuf[DNS_NAME_FORMATSIZE]; char tbuf[DNS_RDATATYPE_FORMATSIZE]; #endif /* ifdef WANT_QUERYTRACE */ - bool redirect = REDIRECT(qctx->client); + bool redirect = qctx->client->query.is_redirect; CCTRACE(ISC_LOG_DEBUG(3), "query_resume"); @@ -6207,13 +6170,13 @@ query_resume(query_ctx_t *qctx) { CALL_HOOK(NS_QUERY_RESUME_RESTORED, qctx); - if (DNS64(qctx->client)) { - qctx->client->query.attributes &= ~NS_QUERYATTR_DNS64; + if (qctx->client->query.dns64) { + qctx->client->query.dns64 = false; qctx->dns64 = true; } - if (DNS64EXCLUDE(qctx->client)) { - qctx->client->query.attributes &= ~NS_QUERYATTR_DNS64EXCLUDE; + if (qctx->client->query.dns64exclude) { + qctx->client->query.dns64exclude = false; qctx->dns64_exclude = true; } @@ -6265,8 +6228,7 @@ query_resume(query_ctx_t *qctx) { if (result != DNS_R_COVERINGNSEC && result != DNS_R_NXDOMAIN && result != DNS_R_NCACHENXDOMAIN) { - qctx->client->query.attributes &= - ~NS_QUERYATTR_REDIRECT; + qctx->client->query.is_redirect = false; } } else { result = qctx->fresp->result; @@ -6438,7 +6400,7 @@ ns_query_hookasync(query_ctx_t *qctx, ns_query_starthookasync_t runasync, /* * Typically the runasync() function will trigger recursion, but - * there is no need to set NS_QUERYATTR_RECURSING. The calling hook + * there is no need to set the recursing attribute. The calling hook * is expected to return NS_HOOK_RETURN, and the RECURSING * attribute won't be checked anywhere. * @@ -6490,7 +6452,7 @@ ns__query_sfcache(query_ctx_t *qctx) { /* * The SERVFAIL cache doesn't apply to authoritative queries. */ - if (!RECURSIONOK(qctx->client)) { + if (!qctx->client->query.recursionok) { return ISC_R_COMPLETE; } @@ -6532,7 +6494,7 @@ ns__query_sfcache(query_ctx_t *qctx) { } dns_ede_add(&qctx->client->edectx, DNS_EDE_CACHEDERROR, NULL); - qctx->client->inner.attributes |= NS_CLIENTATTR_NOSETFC; + qctx->client->inner.nosetfc = true; QUERY_ERROR(qctx, DNS_R_SERVFAIL); return ns_query_done(qctx); } @@ -6586,26 +6548,25 @@ query_checkrrl(query_ctx_t *qctx, isc_result_t result) { "rrl=%p, HAVECOOKIE=%u, result=%s, " "fname=%p(%u), is_zone=%u, RECURSIONOK=%u, " "query.rpz_st=%p(%u), RRL_CHECKED=%u", - qctx->client->inner.view->rrl, HAVECOOKIE(qctx->client), + qctx->client->inner.view->rrl, qctx->client->inner.havecookie, isc_result_toid(result), qctx->fname, qctx->fname != NULL ? dns_name_isabsolute(qctx->fname) : 0, - qctx->is_zone, RECURSIONOK(qctx->client), + qctx->is_zone, qctx->client->query.recursionok, qctx->client->query.rpz_st, qctx->client->query.rpz_st != NULL ? ((qctx->client->query.rpz_st->state & DNS_RPZ_REWRITTEN) != 0) : 0, - (qctx->client->query.attributes & NS_QUERYATTR_RRL_CHECKED) != - 0); + qctx->client->query.rrl_checked); - if (qctx->view->rrl != NULL && !HAVECOOKIE(qctx->client) && + if (qctx->view->rrl != NULL && !qctx->client->inner.havecookie && ((qctx->fname != NULL && dns_name_isabsolute(qctx->fname)) || - (result == ISC_R_NOTFOUND && !RECURSIONOK(qctx->client))) && + (result == ISC_R_NOTFOUND && !qctx->client->query.recursionok)) && !(result == ISC_R_NOTFOUND && !qctx->is_zone && - RECURSIONOK(qctx->client)) && + qctx->client->query.recursionok) && (qctx->client->query.rpz_st == NULL || (qctx->client->query.rpz_st->state & DNS_RPZ_REWRITTEN) == 0) && - (qctx->client->query.attributes & NS_QUERYATTR_RRL_CHECKED) == 0) + !qctx->client->query.rrl_checked) { bool wouldlog; const dns_name_t *constname; @@ -6614,7 +6575,7 @@ query_checkrrl(query_ctx_t *qctx, isc_result_t result) { isc_result_t resp_result; dns_rrl_result_t rrl_result; - qctx->client->query.attributes |= NS_QUERYATTR_RRL_CHECKED; + qctx->client->query.rrl_checked = true; wouldlog = isc_log_wouldlog(DNS_RRL_LOG_DROP); constname = qctx->fname; @@ -6667,7 +6628,7 @@ query_checkrrl(query_ctx_t *qctx, isc_result_t result) { rrl_result = dns_rrl( qctx->view, qctx->zone, &qctx->client->inner.peeraddr, - TCP(qctx->client), qctx->client->message->rdclass, + qctx->client->inner.tcp, qctx->client->message->rdclass, qctx->qtype, constname, resp_result, qctx->client->inner.now, wouldlog, log_buf, sizeof(log_buf)); @@ -6711,15 +6672,15 @@ query_checkrrl(query_ctx_t *qctx, isc_result_t result) { */ inc_stats(qctx->client, ns_statscounter_rateslipped); - if (WANTCOOKIE(qctx->client)) { + if (qctx->client->inner.wantcookie) { qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AA; qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AD; qctx->client->message->rcode = dns_rcode_badcookie; - qctx->client->inner.attributes &= - ~NS_CLIENTATTR_WANTRC; + qctx->client->inner.wantrc = + false; } else { qctx->client->message->flags |= DNS_MESSAGEFLAG_TC; @@ -6773,7 +6734,7 @@ query_checkrpz(query_ctx_t *qctx, isc_result_t result) { * recursing for NS names or addresses, * so save the main query state */ - INSIST(!RECURSING(qctx->client)); + INSIST(!qctx->client->query.recursing); qctx->rpz_st->q.qtype = qctx->qtype; qctx->rpz_st->q.is_zone = qctx->is_zone; qctx->rpz_st->q.authoritative = qctx->authoritative; @@ -6784,7 +6745,7 @@ query_checkrpz(query_ctx_t *qctx, isc_result_t result) { qctx->rpz_st->q.sigrdataset = MOVE_OWNERSHIP(qctx->sigrdataset); dns_name_copy(qctx->fname, qctx->rpz_st->fname); qctx->rpz_st->q.result = result; - qctx->client->query.attributes |= NS_QUERYATTR_RECURSING; + qctx->client->query.recursing = true; return ISC_R_COMPLETE; default: QUERY_ERROR(qctx, rresult); @@ -6798,7 +6759,7 @@ query_checkrpz(query_ctx_t *qctx, isc_result_t result) { if (qctx->rpz_st->m.policy != DNS_RPZ_POLICY_MISS && qctx->rpz_st->m.policy != DNS_RPZ_POLICY_PASSTHRU && (qctx->rpz_st->m.policy != DNS_RPZ_POLICY_TCP_ONLY || - !TCP(qctx->client)) && + !qctx->client->inner.tcp) && qctx->rpz_st->m.policy != DNS_RPZ_POLICY_ERROR) { /* @@ -6934,8 +6895,8 @@ query_checkrpz(query_ctx_t *qctx, isc_result_t result) { * Turn off DNSSEC because the results of a * response policy zone cannot verify. */ - qctx->client->inner.attributes &= ~(NS_CLIENTATTR_WANTDNSSEC | - NS_CLIENTATTR_WANTAD); + qctx->client->inner.wantdnssec = false; + qctx->client->inner.wantad = false; qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AD; ns_client_putrdataset(qctx->client, &qctx->sigrdataset); qctx->rpz_st->q.is_zone = qctx->is_zone; @@ -7002,8 +6963,8 @@ query_rpzcname(query_ctx_t *qctx, dns_name_t *cname) { * Turn off DNSSEC because the results of a * response policy zone cannot verify. */ - client->inner.attributes &= ~(NS_CLIENTATTR_WANTDNSSEC | - NS_CLIENTATTR_WANTAD); + client->inner.wantdnssec = false; + client->inner.wantad = false; return ISC_R_SUCCESS; } @@ -7196,7 +7157,8 @@ query_gotanswer(query_ctx_t *qctx, isc_result_t result) { */ goto root_key_sentinel; } - if (RECURSING(qctx->client) && result == DNS_R_DISALLOWED) { + if (qctx->client->query.recursing && result == DNS_R_DISALLOWED) + { /* * We are recursing, and thus RPZ processing is not * allowed at the moment. This could happen on a @@ -7220,7 +7182,7 @@ root_key_sentinel: /* * Don't record this response in the SERVFAIL cache. */ - qctx->client->inner.attributes |= NS_CLIENTATTR_NOSETFC; + qctx->client->inner.nosetfc = true; QUERY_ERROR(qctx, DNS_R_SERVFAIL); return ns_query_done(qctx); } @@ -7429,15 +7391,17 @@ query_respond_any(query_ctx_t *qctx) { */ dns_rdataset_disassociate(qctx->rdataset); hidden = true; - } else if (qctx->view->minimal_any && !TCP(qctx->client) && - !WANTDNSSEC(qctx->client) && + } else if (qctx->view->minimal_any && + !qctx->client->inner.tcp && + !qctx->client->inner.wantdnssec && qctx->qtype == dns_rdatatype_any && (dns_rdatatype_issig(qctx->rdataset->type))) { CCTRACE(ISC_LOG_DEBUG(5), "query_respond_any: " "minimal-any skip signature"); dns_rdataset_disassociate(qctx->rdataset); - } else if (qctx->view->minimal_any && !TCP(qctx->client) && + } else if (qctx->view->minimal_any && + !qctx->client->inner.tcp && onetype != dns_rdatatype_none && qctx->rdataset->type != onetype && qctx->rdataset->covers != onetype) @@ -7449,7 +7413,8 @@ query_respond_any(query_ctx_t *qctx) { qctx->rdataset->type == qctx->qtype) && qctx->rdataset->type != 0) { - if (NOQNAME(qctx->rdataset) && WANTDNSSEC(qctx->client)) + if (qctx->rdataset->attributes.noqname && + qctx->client->inner.wantdnssec) { qctx->noqname = qctx->rdataset; } else { @@ -7466,7 +7431,7 @@ query_respond_any(query_ctx_t *qctx) { qctx->rpz_st->m.ttl); } - if (!qctx->is_zone && RECURSIONOK(qctx->client)) { + if (!qctx->is_zone && qctx->client->query.recursionok) { dns_name_t *name; name = (qctx->fname != NULL) ? qctx->fname : qctx->tname; @@ -7540,7 +7505,7 @@ query_respond_any(query_ctx_t *qctx) { */ if (!qctx->is_zone) { qctx->authoritative = false; - qctx->client->inner.attributes &= ~NS_CLIENTATTR_RA; + qctx->client->inner.ra = false; query_addauth(qctx); return ns_query_done(qctx); } @@ -7585,7 +7550,7 @@ query_getexpire(query_ctx_t *qctx) { if (qctx->zone == NULL || !qctx->is_zone || qctx->qtype != dns_rdatatype_soa || qctx->client->query.restarts != 0 || - (qctx->client->inner.attributes & NS_CLIENTATTR_WANTEXPIRE) == 0) + !qctx->client->inner.wantexpire) { return; } @@ -7603,8 +7568,7 @@ query_getexpire(query_ctx_t *qctx) { if (secs >= qctx->client->inner.now && qctx->result == ISC_R_SUCCESS) { - qctx->client->inner.attributes |= - NS_CLIENTATTR_HAVEEXPIRE; + qctx->client->inner.haveexpire = true; qctx->client->inner.expire = secs - qctx->client->inner.now; } @@ -7621,7 +7585,7 @@ query_getexpire(query_ctx_t *qctx) { RUNTIME_CHECK(result == ISC_R_SUCCESS); qctx->client->inner.expire = soa.expire; - qctx->client->inner.attributes |= NS_CLIENTATTR_HAVEEXPIRE; + qctx->client->inner.haveexpire = true; } if (raw != NULL) { @@ -7639,10 +7603,8 @@ query_getzoneversion(query_ctx_t *qctx) { if (qctx->zone == NULL || !qctx->is_zone || qctx->client->query.restarts != 0 || - (qctx->client->inner.attributes & NS_CLIENTATTR_WANTZONEVERSION) == - 0 || - (qctx->client->inner.attributes & NS_CLIENTATTR_HAVEZONEVERSION) != - 0) + !qctx->client->inner.wantzoneversion || + qctx->client->inner.havezoneversion) { return; } @@ -7665,8 +7627,7 @@ query_getzoneversion(query_ctx_t *qctx) { if (len < 2 || (buf[1] == 0 && len != 6)) { return; } - qctx->client->inner.attributes |= - NS_CLIENTATTR_HAVEZONEVERSION; + qctx->client->inner.havezoneversion = true; INSIST(qctx->client->inner.zoneversion == NULL); qctx->client->inner.zoneversion = isc_mem_get(qctx->client->manager->mctx, len); @@ -7729,11 +7690,12 @@ query_addanswer(query_ctx_t *qctx) { qctx->client->query.dns64_aaaaoklen, sizeof(bool)); qctx->client->query.dns64_aaaaoklen = 0; } else { - if (!qctx->is_zone && RECURSIONOK(qctx->client)) { + if (!qctx->is_zone && qctx->client->query.recursionok) { query_prefetch(qctx->client, qctx->fname, qctx->rdataset); } - if (WANTDNSSEC(qctx->client) && qctx->sigrdataset != NULL) { + if (qctx->client->inner.wantdnssec && qctx->sigrdataset != NULL) + { sigrdatasetp = &qctx->sigrdataset; } query_addrrset(qctx, &qctx->fname, &qctx->rdataset, @@ -7792,7 +7754,9 @@ query_respond(query_ctx_t *qctx) { */ CALL_HOOK(NS_QUERY_RESPOND_BEGIN, qctx); - if (NOQNAME(qctx->rdataset) && WANTDNSSEC(qctx->client)) { + if (qctx->rdataset->attributes.noqname && + qctx->client->inner.wantdnssec) + { qctx->noqname = qctx->rdataset; } else { qctx->noqname = NULL; @@ -7817,8 +7781,7 @@ query_respond(query_ctx_t *qctx) { * of "minimal-responses" setting. */ if (dns_name_equal(qctx->client->query.qname, dns_rootname)) { - qctx->client->query.attributes &= - ~NS_QUERYATTR_NOADDITIONAL; + qctx->client->query.noadditional = false; dns_db_attach(qctx->db, &qctx->client->query.gluedb); } } @@ -7919,20 +7882,20 @@ query_dns64(query_ctx_t *qctx) { } if (qctx->rdataset->trust != dns_trust_secure) { - client->query.attributes &= ~NS_QUERYATTR_SECURE; + client->query.secure = false; } /* * We use the signatures from the A lookup to set DNS_DNS64_DNSSEC * as this provides a easy way to see if the answer was signed. */ - if (WANTDNSSEC(qctx->client) && qctx->sigrdataset != NULL && + if (qctx->client->inner.wantdnssec && qctx->sigrdataset != NULL && dns_rdataset_isassociated(qctx->sigrdataset)) { flags |= DNS_DNS64_DNSSEC; } - if (RECURSIONOK(client)) { + if (client->query.recursionok) { flags |= DNS_DNS64_RECURSIVE; } @@ -7943,7 +7906,7 @@ query_dns64(query_ctx_t *qctx) { &dns64_rdataset)); dns_rdataset_setownercase(dns64_rdataset, mname); - client->query.attributes |= NS_QUERYATTR_NOADDITIONAL; + client->query.noadditional = true; if (client->query.dns64_ttl != UINT32_MAX) { dns64_rdataset->ttl = ISC_MIN(qctx->rdataset->ttl, @@ -8008,7 +7971,7 @@ query_filter64(query_ctx_t *qctx) { } if (qctx->rdataset->trust != dns_trust_secure) { - client->query.attributes &= ~NS_QUERYATTR_SECURE; + client->query.secure = false; } isc_buffer_allocate(client->manager->mctx, &buffer, @@ -8042,7 +8005,7 @@ query_filter64(query_ctx_t *qctx) { dns_rdatalist_tordataset(myrdatalist, myrdataset); dns_rdataset_setownercase(myrdataset, mname); - client->query.attributes |= NS_QUERYATTR_NOADDITIONAL; + client->query.noadditional = true; if (mname == name) { if (qctx->dbuf != NULL) { ns_client_keepname(client, name, qctx->dbuf); @@ -8114,23 +8077,20 @@ query_notfound(query_ctx_t *qctx) { * we may have working forwarders, so try to * recurse anyway. */ - if (RECURSIONOK(qctx->client)) { - INSIST(!REDIRECT(qctx->client)); + if (qctx->client->query.recursionok) { + INSIST(!qctx->client->query.is_redirect); result = ns_query_recurse(qctx->client, qctx->qtype, qctx->client->query.qname, NULL, NULL, qctx->resuming); if (result == ISC_R_SUCCESS) { CALL_HOOK(NS_QUERY_NOTFOUND_RECURSE, qctx); - qctx->client->query.attributes |= - NS_QUERYATTR_RECURSING; + qctx->client->query.recursing = true; if (qctx->dns64) { - qctx->client->query.attributes |= - NS_QUERYATTR_DNS64; + qctx->client->query.dns64 = true; } if (qctx->dns64_exclude) { - qctx->client->query.attributes |= - NS_QUERYATTR_DNS64EXCLUDE; + qctx->client->query.dns64exclude = true; } } else if (query_usestale(qctx, result)) { /* @@ -8191,8 +8151,8 @@ query_prepare_delegation_response(query_ctx_t *qctx) { * We must ensure NOADDITIONAL is off, because the generation of * additional data is required in delegations. */ - qctx->client->query.attributes &= ~NS_QUERYATTR_NOADDITIONAL; - if (WANTDNSSEC(qctx->client) && qctx->sigrdataset != NULL) { + qctx->client->query.noadditional = false; + if (qctx->client->inner.wantdnssec && qctx->sigrdataset != NULL) { sigrdatasetp = &qctx->sigrdataset; } query_addrrset(qctx, &qctx->fname, &qctx->rdataset, sigrdatasetp, @@ -8228,7 +8188,7 @@ query_zone_delegation(query_ctx_t *qctx) { * If the query type is DS, look to see if we are * authoritative for the child zone */ - if (!RECURSIONOK(qctx->client) && + if (!qctx->client->query.recursionok && (qctx->options.noexact && qctx->qtype == dns_rdatatype_ds)) { dns_db_t *tdb = NULL; @@ -8275,8 +8235,8 @@ query_zone_delegation(query_ctx_t *qctx) { } } - if (USECACHE(qctx->client) && - (RECURSIONOK(qctx->client) || + if (qctx->client->query.cacheok && + (qctx->client->query.recursionok || (qctx->zone != NULL && dns_zone_gettype(qctx->zone) == dns_zone_mirror))) { @@ -8413,7 +8373,7 @@ query_delegation_recurse(query_ctx_t *qctx) { CCTRACE(ISC_LOG_DEBUG(3), "query_delegation_recurse"); - if (!RECURSIONOK(qctx->client)) { + if (!qctx->client->query.recursionok) { return ISC_R_COMPLETE; } @@ -8427,7 +8387,7 @@ query_delegation_recurse(query_ctx_t *qctx) { * query_resume() when the recursion is complete. */ - INSIST(!REDIRECT(qctx->client)); + INSIST(!qctx->client->query.is_redirect); if (dns_rdatatype_atparent(qctx->type)) { /* @@ -8473,13 +8433,12 @@ query_delegation_recurse(query_ctx_t *qctx) { } if (result == ISC_R_SUCCESS) { - qctx->client->query.attributes |= NS_QUERYATTR_RECURSING; + qctx->client->query.recursing = true; if (qctx->dns64) { - qctx->client->query.attributes |= NS_QUERYATTR_DNS64; + qctx->client->query.dns64 = true; } if (qctx->dns64_exclude) { - qctx->client->query.attributes |= - NS_QUERYATTR_DNS64EXCLUDE; + qctx->client->query.dns64exclude = true; } } else if (query_usestale(qctx, result)) { /* @@ -8516,7 +8475,7 @@ query_addds(query_ctx_t *qctx) { /* * DS not needed. */ - if (!WANTDNSSEC(client)) { + if (!client->inner.wantdnssec) { return; } @@ -8758,7 +8717,7 @@ query_sign_nodata(query_ctx_t *qctx) { return ns_query_done(qctx); } if (!dns_rdataset_isassociated(qctx->rdataset) && - WANTDNSSEC(qctx->client)) + qctx->client->inner.wantdnssec) { if (!qctx->fname->attributes.wildcard) { dns_name_t *found; @@ -8855,7 +8814,7 @@ query_sign_nodata(query_ctx_t *qctx) { /* * Add NSEC record if we found one. */ - if (WANTDNSSEC(qctx->client) && + if (qctx->client->inner.wantdnssec && dns_rdataset_isassociated(qctx->rdataset)) { query_addnxrrsetnsec(qctx); @@ -8981,7 +8940,7 @@ query_nxdomain(query_ctx_t *qctx, isc_result_t result) { } } - if (WANTDNSSEC(qctx->client)) { + if (qctx->client->inner.wantdnssec) { /* * Add NSEC record if we found one. */ @@ -9157,7 +9116,7 @@ query_synthnodata(query_ctx_t *qctx, const dns_name_t *signer, * We want the SOA record to be first, so save the * NODATA proof's name now or else discard it. */ - if (WANTDNSSEC(qctx->client)) { + if (qctx->client->inner.wantdnssec) { ns_client_keepname(qctx->client, qctx->fname, qctx->dbuf); } else { ns_client_releasename(qctx->client, &qctx->fname); @@ -9170,13 +9129,13 @@ query_synthnodata(query_ctx_t *qctx, const dns_name_t *signer, /* * Add SOA record. Omit the RRSIG if DNSSEC was not requested. */ - if (!WANTDNSSEC(qctx->client)) { + if (!qctx->client->inner.wantdnssec) { sigsoardatasetp = NULL; } query_addrrset(qctx, &name, soardatasetp, sigsoardatasetp, dbuf, DNS_SECTION_AUTHORITY); - if (WANTDNSSEC(qctx->client)) { + if (qctx->client->inner.wantdnssec) { /* * Add NODATA proof. */ @@ -9210,7 +9169,7 @@ query_synthwildcard(query_ctx_t *qctx, dns_rdataset_t *rdataset, * We want the answer to be first, so save the * NOQNAME proof's name now or else discard it. */ - if (WANTDNSSEC(qctx->client)) { + if (qctx->client->inner.wantdnssec) { ns_client_keepname(qctx->client, qctx->fname, qctx->dbuf); } else { ns_client_releasename(qctx->client, &qctx->fname); @@ -9226,7 +9185,7 @@ query_synthwildcard(query_ctx_t *qctx, dns_rdataset_t *rdataset, /* * Add answer RRset. Omit the RRSIG if DNSSEC was not requested. */ - if (WANTDNSSEC(qctx->client)) { + if (qctx->client->inner.wantdnssec) { clonesigset = ns_client_newrdataset(qctx->client); dns_rdataset_clone(sigrdataset, clonesigset); sigrdatasetp = &clonesigset; @@ -9237,7 +9196,7 @@ query_synthwildcard(query_ctx_t *qctx, dns_rdataset_t *rdataset, query_addrrset(qctx, &name, &cloneset, sigrdatasetp, dbuf, DNS_SECTION_ANSWER); - if (WANTDNSSEC(qctx->client)) { + if (qctx->client->inner.wantdnssec) { /* * Add NOQNAME proof. */ @@ -9274,7 +9233,7 @@ query_synthcnamewildcard(query_ctx_t *qctx, dns_rdataset_t *rdataset, RETERR(query_synthwildcard(qctx, rdataset, sigrdataset)); - qctx->client->query.attributes |= NS_QUERYATTR_PARTIALANSWER; + qctx->client->query.partialanswer = true; /* * Reset qname to be the target name of the CNAME and restart @@ -9304,7 +9263,7 @@ query_synthcnamewildcard(query_ctx_t *qctx, dns_rdataset_t *rdataset, dns_rdata_freestruct(&cname); ns_client_qnamereplace(qctx->client, tname); qctx->want_restart = true; - if (!WANTRECURSION(qctx->client)) { + if (!qctx->client->query.wantrecursion) { qctx->options.nolog = true; } @@ -9343,7 +9302,7 @@ query_synthnxdomainnodata(query_ctx_t *qctx, bool nodata, dns_name_t *nowild, * We want the SOA record to be first, so save the * NOQNAME proof's name now or else discard it. */ - if (WANTDNSSEC(qctx->client)) { + if (qctx->client->inner.wantdnssec) { ns_client_keepname(qctx->client, qctx->fname, qctx->dbuf); } else { ns_client_releasename(qctx->client, &qctx->fname); @@ -9356,13 +9315,13 @@ query_synthnxdomainnodata(query_ctx_t *qctx, bool nodata, dns_name_t *nowild, /* * Add SOA record. Omit the RRSIG if DNSSEC was not requested. */ - if (!WANTDNSSEC(qctx->client)) { + if (!qctx->client->inner.wantdnssec) { sigsoardatasetp = NULL; } query_addrrset(qctx, &name, soardatasetp, sigsoardatasetp, dbuf, DNS_SECTION_AUTHORITY); - if (WANTDNSSEC(qctx->client)) { + if (qctx->client->inner.wantdnssec) { /* * Add NOQNAME proof. */ @@ -9557,8 +9516,8 @@ query_coveringnsec(query_ctx_t *qctx) { { goto cleanup; } - if (!qctx->resuming && !STALE(qctx->rdataset) && - qctx->rdataset->ttl == 0 && RECURSIONOK(qctx->client)) + if (!qctx->resuming && !qctx->rdataset->attributes.stale && + qctx->rdataset->ttl == 0 && qctx->client->query.recursionok) { goto cleanup; } @@ -9615,8 +9574,8 @@ query_coveringnsec(query_ctx_t *qctx) { } FALLTHROUGH; case DNS_R_CNAME: - if (!qctx->resuming && !STALE(&rdataset) && rdataset.ttl == 0 && - RECURSIONOK(qctx->client)) + if (!qctx->resuming && !rdataset.attributes.stale && + rdataset.ttl == 0 && qctx->client->query.recursionok) { goto cleanup; } @@ -9775,7 +9734,7 @@ query_ncache(query_ctx_t *qctx, isc_result_t result) { } } - if (!qctx->is_zone && RECURSIONOK(qctx->client)) { + if (!qctx->is_zone && qctx->client->query.recursionok) { query_stale_refresh_ncache(qctx->client); } @@ -9794,29 +9753,29 @@ query_zerottl_refetch(query_ctx_t *qctx) { CCTRACE(ISC_LOG_DEBUG(3), "query_zerottl_refetch"); - if (qctx->is_zone || qctx->resuming || STALE(qctx->rdataset) || - qctx->rdataset->ttl != 0 || !RECURSIONOK(qctx->client)) + if (qctx->is_zone || qctx->resuming || + qctx->rdataset->attributes.stale || qctx->rdataset->ttl != 0 || + !qctx->client->query.recursionok) { return ISC_R_COMPLETE; } qctx_clean(qctx); - INSIST(!REDIRECT(qctx->client)); + INSIST(!qctx->client->query.is_redirect); result = ns_query_recurse(qctx->client, qctx->qtype, qctx->client->query.qname, NULL, NULL, qctx->resuming); if (result == ISC_R_SUCCESS) { CALL_HOOK(NS_QUERY_ZEROTTL_RECURSE, qctx); - qctx->client->query.attributes |= NS_QUERYATTR_RECURSING; + qctx->client->query.recursing = true; if (qctx->dns64) { - qctx->client->query.attributes |= NS_QUERYATTR_DNS64; + qctx->client->query.dns64 = true; } if (qctx->dns64_exclude) { - qctx->client->query.attributes |= - NS_QUERYATTR_DNS64EXCLUDE; + qctx->client->query.dns64exclude = true; } } else { /* @@ -9863,24 +9822,27 @@ query_cname(query_ctx_t *qctx) { /* * Add the CNAME to the answer section. */ - if (WANTDNSSEC(qctx->client) && qctx->sigrdataset != NULL) { + if (qctx->client->inner.wantdnssec && qctx->sigrdataset != NULL) { sigrdatasetp = &qctx->sigrdataset; } - if (WANTDNSSEC(qctx->client) && qctx->fname->attributes.wildcard) { + if (qctx->client->inner.wantdnssec && qctx->fname->attributes.wildcard) + { dns_fixedname_init(&qctx->wildcardname); dns_name_copy(qctx->fname, dns_fixedname_name(&qctx->wildcardname)); qctx->need_wildcardproof = true; } - if (NOQNAME(qctx->rdataset) && WANTDNSSEC(qctx->client)) { + if (qctx->rdataset->attributes.noqname && + qctx->client->inner.wantdnssec) + { qctx->noqname = qctx->rdataset; } else { qctx->noqname = NULL; } - if (!qctx->is_zone && RECURSIONOK(qctx->client)) { + if (!qctx->is_zone && qctx->client->query.recursionok) { query_prefetch(qctx->client, qctx->fname, qctx->rdataset); } @@ -9893,7 +9855,7 @@ query_cname(query_ctx_t *qctx) { * We set the PARTIALANSWER attribute so that if anything goes * wrong later on, we'll return what we've got so far. */ - qctx->client->query.attributes |= NS_QUERYATTR_PARTIALANSWER; + qctx->client->query.partialanswer = true; /* * Reset qname to be the target name of the CNAME and restart @@ -9919,7 +9881,7 @@ query_cname(query_ctx_t *qctx) { ns_client_qnamereplace(qctx->client, tname); qctx->want_restart = true; - if (!WANTRECURSION(qctx->client)) { + if (!qctx->client->query.wantrecursion) { qctx->options.nolog = true; } @@ -9971,18 +9933,19 @@ query_dname(query_ctx_t *qctx) { /* * Add the DNAME to the answer section. */ - if (WANTDNSSEC(qctx->client) && qctx->sigrdataset != NULL) { + if (qctx->client->inner.wantdnssec && qctx->sigrdataset != NULL) { sigrdatasetp = &qctx->sigrdataset; } - if (WANTDNSSEC(qctx->client) && qctx->fname->attributes.wildcard) { + if (qctx->client->inner.wantdnssec && qctx->fname->attributes.wildcard) + { dns_fixedname_init(&qctx->wildcardname); dns_name_copy(qctx->fname, dns_fixedname_name(&qctx->wildcardname)); qctx->need_wildcardproof = true; } - if (!qctx->is_zone && RECURSIONOK(qctx->client)) { + if (!qctx->is_zone && qctx->client->query.recursionok) { query_prefetch(qctx->client, qctx->fname, qctx->rdataset); } query_addrrset(qctx, &qctx->fname, &qctx->rdataset, sigrdatasetp, @@ -9992,7 +9955,7 @@ query_dname(query_ctx_t *qctx) { * We set the PARTIALANSWER attribute so that if anything goes * wrong later on, we'll return what we've got so far. */ - qctx->client->query.attributes |= NS_QUERYATTR_PARTIALANSWER; + qctx->client->query.partialanswer = true; /* * Get the target name of the DNAME. @@ -10102,7 +10065,7 @@ query_dname(query_ctx_t *qctx) { ns_client_qnamereplace(qctx->client, qctx->fname); qctx->fname = NULL; qctx->want_restart = true; - if (!WANTRECURSION(qctx->client)) { + if (!qctx->client->query.wantrecursion) { qctx->options.nolog = true; } } @@ -10175,7 +10138,8 @@ query_prepresponse(query_ctx_t *qctx) { CALL_HOOK(NS_QUERY_PREP_RESPONSE_BEGIN, qctx); - if (WANTDNSSEC(qctx->client) && qctx->fname->attributes.wildcard) { + if (qctx->client->inner.wantdnssec && qctx->fname->attributes.wildcard) + { dns_fixedname_init(&qctx->wildcardname); dns_name_copy(qctx->fname, dns_fixedname_name(&qctx->wildcardname)); @@ -10223,7 +10187,8 @@ query_addsoa(query_ctx_t *qctx, unsigned int override_ttl, * Don't add the SOA record for test which set "-T nosoa". */ if (((client->manager->sctx->options & NS_SERVER_NOSOA) != 0) && - (!WANTDNSSEC(client) || !dns_rdataset_isassociated(qctx->rdataset))) + (!client->inner.wantdnssec || + !dns_rdataset_isassociated(qctx->rdataset))) { return ISC_R_SUCCESS; } @@ -10240,7 +10205,7 @@ query_addsoa(query_ctx_t *qctx, unsigned int override_ttl, dns_name_clone(dns_db_origin(qctx->db), name); rdataset = ns_client_newrdataset(client); - if (WANTDNSSEC(client) && dns_db_issecure(qctx->db)) { + if (client->inner.wantdnssec && dns_db_issecure(qctx->db)) { sigrdataset = ns_client_newrdataset(client); } @@ -10361,7 +10326,7 @@ query_addns(query_ctx_t *qctx) { dns_name_clone(dns_db_origin(qctx->db), name); rdataset = ns_client_newrdataset(client); - if (WANTDNSSEC(client) && dns_db_issecure(qctx->db)) { + if (client->inner.wantdnssec && dns_db_issecure(qctx->db)) { sigrdataset = ns_client_newrdataset(client); } @@ -10467,7 +10432,7 @@ query_addbestns(query_ctx_t *qctx) { &qname); continue; } - if (!USECACHE(client)) { + if (!client->query.cacheok) { goto cleanup; } dns_db_attach(client->inner.view->cachedb, &db); @@ -10488,7 +10453,7 @@ db_find: * Get the RRSIGs if the client requested them or if we may * need to validate answers from the cache. */ - if (WANTDNSSEC(client) || !is_zone) { + if (client->inner.wantdnssec || !is_zone) { sigrdataset = ns_client_newrdataset(client); } @@ -10503,7 +10468,7 @@ db_find: if (result != DNS_R_DELEGATION) { goto cleanup; } - if (USECACHE(client)) { + if (client->query.cacheok) { ns_client_keepname(client, fname, dbuf); dns_db_detachnode(&node); zdb = MOVE_OWNERSHIP(db); @@ -10557,7 +10522,8 @@ db_find: * If the answer is secure only add NS records if they are secure * when the client may be looking for AD in the response. */ - if (SECURE(client) && (WANTDNSSEC(client) || WANTAD(client)) && + if (client->query.secure && + (client->inner.wantdnssec || client->inner.wantad) && ((rdataset->trust != dns_trust_secure) || (sigrdataset != NULL && sigrdataset->trust != dns_trust_secure))) { @@ -10568,7 +10534,7 @@ db_find: * If the client doesn't want DNSSEC we can discard the sigrdataset * now. */ - if (!WANTDNSSEC(client)) { + if (!client->inner.wantdnssec) { ns_client_putrdataset(client, &sigrdataset); } @@ -10910,7 +10876,7 @@ query_addauth(query_ctx_t *qctx) { * Add NS records to the authority section (if we haven't already * added them to the answer section). */ - if (!qctx->want_restart && !NOAUTHORITY(qctx->client)) { + if (!qctx->want_restart && !qctx->client->query.noauthority) { if (qctx->is_zone) { if (!qctx->answer_has_ns) { (void)query_addns(qctx); @@ -11003,7 +10969,7 @@ ns_query_done(query_ctx_t *qctx) { */ if (qctx->client->query.restarts == 0 && !qctx->authoritative) { qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AA; - qctx->client->inner.attributes &= ~NS_CLIENTATTR_WANTRC; + qctx->client->inner.wantrc = false; } /* @@ -11025,8 +10991,7 @@ ns_query_done(query_ctx_t *qctx) { /* * This is e.g. a long CNAME chain which we cut short. */ - qctx->client->query.attributes |= - NS_QUERYATTR_PARTIALANSWER; + qctx->client->query.partialanswer = true; qctx->client->message->rcode = dns_rcode_servfail; qctx->result = DNS_R_SERVFAIL; @@ -11045,8 +11010,9 @@ ns_query_done(query_ctx_t *qctx) { } if (qctx->result != ISC_R_SUCCESS && - (!PARTIALANSWER(qctx->client) || - (WANTRECURSION(qctx->client) && !partial_result_with_servfail) || + (!qctx->client->query.partialanswer || + (qctx->client->query.wantrecursion && + !partial_result_with_servfail) || qctx->result == DNS_R_DROP)) { if (qctx->result == DNS_R_DUPLICATE || @@ -11076,7 +11042,7 @@ ns_query_done(query_ctx_t *qctx) { * If we're recursing then just return; the query will * resume when recursion ends. */ - if (RECURSING(qctx->client) && + if (qctx->client->query.recursing && (!QUERY_STALETIMEOUT(&qctx->client->query) || qctx->options.stalefirst)) { @@ -11211,7 +11177,7 @@ log_query(ns_client_t *client, unsigned int flags, unsigned int extflags) { dns_rdatatype_format(rdataset->type, typebuf, sizeof(typebuf)); isc_sockaddr_format(&client->inner.destsockaddr, sabuf, sizeof(sabuf)); - if (HAVEECS(client)) { + if (client->inner.haveecs) { ns_client_log_ecs(client, ecsbuf, sizeof(ecsbuf)); } ns_client_log_flags(client, flags, extflags, flagsbuf, @@ -11293,26 +11259,26 @@ ns_query_start(ns_client_t *client, isc_nmhandle_t *handle) { client->inner.cleanup = query_cleanup; if ((message->flags & DNS_MESSAGEFLAG_RD) != 0) { - client->query.attributes |= NS_QUERYATTR_WANTRECURSION; + client->query.wantrecursion = true; } if ((client->inner.extflags & DNS_MESSAGEEXTFLAG_DO) != 0) { - client->inner.attributes |= NS_CLIENTATTR_WANTDNSSEC; + client->inner.wantdnssec = true; } switch (client->inner.view->minimalresponses) { case dns_minimal_no: break; case dns_minimal_yes: - client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY | - NS_QUERYATTR_NOADDITIONAL); + client->query.noauthority = true; + client->query.noadditional = true; break; case dns_minimal_noauth: - client->query.attributes |= NS_QUERYATTR_NOAUTHORITY; + client->query.noauthority = true; break; case dns_minimal_noauthrec: if ((message->flags & DNS_MESSAGEFLAG_RD) != 0) { - client->query.attributes |= NS_QUERYATTR_NOAUTHORITY; + client->query.noauthority = true; } break; } @@ -11324,10 +11290,10 @@ ns_query_start(ns_client_t *client, isc_nmhandle_t *handle) { * We don't have a cache. Turn off cache support and * recursion. */ - client->query.attributes &= ~(NS_QUERYATTR_RECURSIONOK | - NS_QUERYATTR_CACHEOK); - client->inner.attributes |= NS_CLIENTATTR_NOSETFC; - } else if ((client->inner.attributes & NS_CLIENTATTR_RA) == 0 || + client->query.recursionok = false; + client->query.cacheok = false; + client->inner.nosetfc = true; + } else if (!client->inner.ra || (message->flags & DNS_MESSAGEFLAG_RD) == 0) { /* @@ -11336,8 +11302,8 @@ ns_query_start(ns_client_t *client, isc_nmhandle_t *handle) { * lack of a resolver in this view), or if it * doesn't want recursion, turn recursion off. */ - client->query.attributes &= ~NS_QUERYATTR_RECURSIONOK; - client->inner.attributes |= NS_CLIENTATTR_NOSETFC; + client->query.recursionok = false; + client->inner.nosetfc = true; } /* @@ -11457,34 +11423,34 @@ ns_query_start(ns_client_t *client, isc_nmhandle_t *handle) { * Turn on minimal response for (C)DNSKEY and (C)DS queries. */ if (dns_rdatatype_iskeymaterial(qtype) || qtype == dns_rdatatype_ds) { - client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY | - NS_QUERYATTR_NOADDITIONAL); + client->query.noauthority = true; + client->query.noadditional = true; } else if (qtype == dns_rdatatype_ns) { /* * Always turn on additional records for NS queries. */ - client->query.attributes &= ~(NS_QUERYATTR_NOAUTHORITY | - NS_QUERYATTR_NOADDITIONAL); + client->query.noauthority = false; + client->query.noadditional = false; } /* * Maybe turn on minimal responses for ANY queries. */ if (qtype == dns_rdatatype_any && client->inner.view->minimal_any && - !TCP(client)) + !client->inner.tcp) { - client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY | - NS_QUERYATTR_NOADDITIONAL); + client->query.noauthority = true; + client->query.noadditional = true; } /* * Turn on minimal responses for EDNS/UDP bufsize 512 queries. */ if (client->inner.ednsversion >= 0 && client->inner.udpsize <= 512U && - !TCP(client)) + !client->inner.tcp) { - client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY | - NS_QUERYATTR_NOADDITIONAL); + client->query.noauthority = true; + client->query.noadditional = true; } /* @@ -11517,15 +11483,15 @@ ns_query_start(ns_client_t *client, isc_nmhandle_t *handle) { * if the answer is secure. */ if ((message->flags & DNS_MESSAGEFLAG_CD) != 0) { - client->query.attributes &= ~NS_QUERYATTR_SECURE; + client->query.secure = false; } /* - * Set NS_CLIENTATTR_WANTAD if the client has set AD in the query. + * Set wantad if the client has set AD in the query. * This allows AD to be returned on queries without DO set. */ if ((message->flags & DNS_MESSAGEFLAG_AD) != 0) { - client->inner.attributes |= NS_CLIENTATTR_WANTAD; + client->inner.wantad = true; } /* @@ -11552,7 +11518,7 @@ ns_query_start(ns_client_t *client, isc_nmhandle_t *handle) { * Set AD. We must clear it if we add non-validated data to a * response. */ - if (WANTDNSSEC(client) || WANTAD(client)) { + if (client->inner.wantdnssec || client->inner.wantad) { message->flags |= DNS_MESSAGEFLAG_AD; } diff --git a/lib/ns/update.c b/lib/ns/update.c index 7cfc75dbe1c..d6517899204 100644 --- a/lib/ns/update.c +++ b/lib/ns/update.c @@ -180,12 +180,6 @@ goto cleanup; \ } while (0) -/* - * Return TRUE if NS_CLIENTATTR_TCP is set in the attributes other FALSE. - */ -#define TCPCLIENT(client) \ - (((client)->inner.attributes & NS_CLIENTATTR_TCP) != 0) - /**************************************************************************/ typedef struct rr rr_t; @@ -1649,7 +1643,7 @@ send_update(ns_client_t *client, dns_zone_t *zone) { CHECK(checkupdateacl(client, dns_zone_getupdateacl(zone), "update", dns_zone_getorigin(zone), false, false)); - } else if (client->inner.signer == NULL && !TCPCLIENT(client)) { + } else if (client->inner.signer == NULL && !client->inner.tcp) { CHECK(checkupdateacl(client, NULL, "update", dns_zone_getorigin(zone), false, true)); } @@ -1789,7 +1783,7 @@ send_update(ns_client_t *client, dns_zone_t *zone) { ssuinfo.signer = client->inner.signer; ssuinfo.addr = &netaddr; ssuinfo.aclenv = env; - ssuinfo.tcp = TCPCLIENT(client); + ssuinfo.tcp = client->inner.tcp; ssuinfo.key = tsigkey; result = foreach_rr(db, ver, name, rdata.type, @@ -1807,7 +1801,7 @@ send_update(ns_client_t *client, dns_zone_t *zone) { if (flag && !dns_ssutable_checkrules( ssutable, client->inner.signer, - name, &netaddr, TCPCLIENT(client), + name, &netaddr, client->inner.tcp, env, rdata.type, target, tsigkey, NULL)) { @@ -1818,7 +1812,7 @@ send_update(ns_client_t *client, dns_zone_t *zone) { const dns_ssurule_t *ssurule = NULL; if (!dns_ssutable_checkrules( ssutable, client->inner.signer, - name, &netaddr, TCPCLIENT(client), + name, &netaddr, client->inner.tcp, env, rdata.type, target, tsigkey, &ssurule)) { @@ -1831,7 +1825,7 @@ send_update(ns_client_t *client, dns_zone_t *zone) { if (!ssu_checkall(db, ver, name, ssutable, client->inner.signer, &netaddr, env, - TCPCLIENT(client), tsigkey)) + client->inner.tcp, tsigkey)) { FAILC(DNS_R_REFUSED, "rejected by secure update"); diff --git a/lib/ns/xfrout.c b/lib/ns/xfrout.c index 1865f6b1f45..bed279b3ec3 100644 --- a/lib/ns/xfrout.c +++ b/lib/ns/xfrout.c @@ -907,9 +907,7 @@ got_soa: /* * AXFR over UDP is not possible. */ - if (reqtype == dns_rdatatype_axfr && - (client->inner.attributes & NS_CLIENTATTR_TCP) == 0) - { + if (reqtype == dns_rdatatype_axfr && !client->inner.tcp) { FAILC(DNS_R_FORMERR, "attempted AXFR over UDP"); } @@ -972,7 +970,7 @@ got_soa: * IXFR over UDP (currently, we always do). */ if (DNS_SERIAL_GE(begin_serial, current_serial) || - (client->inner.attributes & NS_CLIENTATTR_TCP) == 0) + !client->inner.tcp) { CHECK(soa_rrstream_create(mctx, db, ver, &stream)); is_poll = true; @@ -983,7 +981,7 @@ got_soa: * Outgoing IXFR may have been disabled for this peer * or globally. */ - if ((client->inner.attributes & NS_CLIENTATTR_TCP) != 0) { + if (client->inner.tcp) { bool provide_ixfr; provide_ixfr = client->inner.view->provideixfr; @@ -1116,8 +1114,7 @@ have_stream: if (zone != NULL) { dns_zone_getraw(zone, &raw); mayberaw = (raw != NULL) ? raw : zone; - if ((client->inner.attributes & NS_CLIENTATTR_WANTEXPIRE) != - 0 && + if (client->inner.wantexpire && (dns_zone_gettype(mayberaw) == dns_zone_secondary || dns_zone_gettype(mayberaw) == dns_zone_mirror)) { @@ -1128,8 +1125,7 @@ have_stream: if (secs >= client->inner.now && result == ISC_R_SUCCESS) { - client->inner.attributes |= - NS_CLIENTATTR_HAVEEXPIRE; + client->inner.haveexpire = true; client->inner.expire = secs - client->inner.now; } } @@ -1279,8 +1275,7 @@ xfrout_ctx_create(isc_mem_t *mctx, ns_client_t *client, unsigned int id, static void xfrout_send(xfrout_ctx_t *xfr) { - const bool is_tcp = - ((xfr->client->inner.attributes & NS_CLIENTATTR_TCP) != 0); + const bool is_tcp = xfr->client->inner.tcp; if (is_tcp) { isc_region_t used; @@ -1371,7 +1366,7 @@ sendstream(xfrout_ctx_t *xfr) { isc_buffer_clear(&xfr->buf); isc_buffer_clear(&xfr->txbuf); - is_tcp = ((xfr->client->inner.attributes & NS_CLIENTATTR_TCP) != 0); + is_tcp = xfr->client->inner.tcp; if (!is_tcp) { /* * In the UDP case, we put the response data directly into @@ -1395,7 +1390,7 @@ sendstream(xfrout_ctx_t *xfr) { msg->id = xfr->id; msg->rcode = dns_rcode_noerror; msg->flags = DNS_MESSAGEFLAG_QR | DNS_MESSAGEFLAG_AA; - if ((xfr->client->inner.attributes & NS_CLIENTATTR_RA) != 0) { + if (xfr->client->inner.ra) { msg->flags |= DNS_MESSAGEFLAG_RA; } CHECK(dns_message_settsigkey(msg, xfr->tsigkey)); @@ -1408,17 +1403,13 @@ sendstream(xfrout_ctx_t *xfr) { /* * Add a EDNS option to the message? */ - if ((xfr->client->inner.attributes & NS_CLIENTATTR_WANTOPT) != - 0) - { + if (xfr->client->inner.wantopt) { CHECK(ns_client_addopt(xfr->client, msg)); /* * Add to first message only. */ - xfr->client->inner.attributes &= - ~NS_CLIENTATTR_WANTNSID; - xfr->client->inner.attributes &= - ~NS_CLIENTATTR_HAVEEXPIRE; + xfr->client->inner.wantnsid = false; + xfr->client->inner.haveexpire = false; } /* @@ -1671,7 +1662,7 @@ static void xfrout_senddone(isc_nmhandle_t *handle, isc_result_t result, void *arg) { xfrout_ctx_t *xfr = (xfrout_ctx_t *)arg; - REQUIRE((xfr->client->inner.attributes & NS_CLIENTATTR_TCP) != 0); + REQUIRE(xfr->client->inner.tcp); INSIST(handle == xfr->client->inner.handle); diff --git a/tests/libtest/ns.c b/tests/libtest/ns.c index 7c5c9babbb0..4d67974d31f 100644 --- a/tests/libtest/ns.c +++ b/tests/libtest/ns.c @@ -438,11 +438,11 @@ ns_test_qctx_create(const ns_test_qctx_create_params_t *params, } /* - * Allow recursion for the client. As NS_CLIENTATTR_RA normally gets - * set in ns_client_request(), i.e. earlier than the unit tests hook + * Allow recursion for the client. As inner.ra normally gets set + * in ns_client_request(), i.e. earlier than the unit tests hook * into the call chain, just set it manually. */ - client->inner.attributes |= NS_CLIENTATTR_RA; + client->inner.ra = true; /* * Create a query context for a client sending the previously