Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-20 02:38:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Further refactoring of the TCP DNS codepath.

Browse Source 
It's not t a thing of beauty, but it's less ugly than it was.
Any bugs, I blame on what I started from....
This commit is contained in:
Simon Kelley
2024-12-19 16:38:47 +00:00
parent 32248ebd5b
commit 3eb008c36d
2 changed files with 156 additions and 190 deletions
Download Patch File Download Diff File Expand all files Collapse all files

136
src/forward.c
View File

@@ -1458,7 +1458,7 @@ void receive_query(struct listener *listen, time_t now)
#ifdef HAVE_CONNTRACK #ifdef HAVE_CONNTRACK
unsigned int mark = 0; unsigned int mark = 0;
int have_mark = 0; int have_mark = 0;
int is_single_query = 0, allowed = 1; int allowed = 1;
#endif #endif
#ifdef HAVE_AUTH #ifdef HAVE_AUTH
int local_auth = 0; int local_auth = 0;
@@ -1705,10 +1705,6 @@ void receive_query(struct listener *listen, time_t now)
log_query_mysockaddr(F_QUERY | F_FORWARD, daemon->namebuff, log_query_mysockaddr(F_QUERY | F_FORWARD, daemon->namebuff,
&source_addr, auth_dns ? "auth" : "query", type); &source_addr, auth_dns ? "auth" : "query", type);
#ifdef HAVE_CONNTRACK
is_single_query = 1;
#endif
#ifdef HAVE_AUTH #ifdef HAVE_AUTH
/* find queries for zones we're authoritative for, and answer them directly */ /* find queries for zones we're authoritative for, and answer them directly */
if (!auth_dns && !option_bool(OPT_LOCALISE)) if (!auth_dns && !option_bool(OPT_LOCALISE))
@@ -1755,7 +1751,7 @@ void receive_query(struct listener *listen, time_t now)
if (!auth_dns || local_auth) if (!auth_dns || local_auth)
#endif #endif
if (option_bool(OPT_CMARK_ALST_EN) && have_mark && ((u32)mark & daemon->allowlist_mask)) if (option_bool(OPT_CMARK_ALST_EN) && have_mark && ((u32)mark & daemon->allowlist_mask))
allowed = is_query_allowed_for_mark((u32)mark, is_single_query ? daemon->namebuff : NULL); allowed = is_query_allowed_for_mark((u32)mark, daemon->namebuff);
#endif #endif
if (0); if (0);
@@ -1764,7 +1760,7 @@ void receive_query(struct listener *listen, time_t now)
{ {
u16 swap = htons(EDE_BLOCKED); u16 swap = htons(EDE_BLOCKED);
m = answer_disallowed(header, (size_t)n, (u32)mark, is_single_query ? daemon->namebuff : NULL); m = answer_disallowed(header, (size_t)n, (u32)mark, daemon->namebuff);
if (have_pseudoheader && m != 0) if (have_pseudoheader && m != 0)
m = add_pseudoheader(header, m, ((unsigned char *) header) + daemon->edns_pktsz, m = add_pseudoheader(header, m, ((unsigned char *) header) + daemon->edns_pktsz,
@@ -2221,14 +2217,12 @@ unsigned char *tcp_request(int confd, time_t now,
size_t size = 0, saved_size = 0; size_t size = 0, saved_size = 0;
int norebind; int norebind;
#ifdef HAVE_CONNTRACK #ifdef HAVE_CONNTRACK
int is_single_query = 0, allowed = 1; int allowed = 1;
#endif #endif
#ifdef HAVE_AUTH #ifdef HAVE_AUTH
int local_auth = 0; int local_auth = 0;
#endif #endif
int checking_disabled, do_bit, added_pheader = 0, have_pseudoheader = 0; int checking_disabled, do_bit, ad_reqd, added_pheader = 0, have_pseudoheader = 0;
int cacheable, no_cache_dnssec = 0, cache_secure = 0, bogusanswer = 0;
size_t m;
struct blockdata *saved_question = NULL; struct blockdata *saved_question = NULL;
unsigned short qtype; unsigned short qtype;
unsigned int gotname; unsigned int gotname;
@@ -2247,8 +2241,7 @@ unsigned char *tcp_request(int confd, time_t now,
unsigned char *pheader; unsigned char *pheader;
unsigned int mark = 0; unsigned int mark = 0;
int have_mark = 0; int have_mark = 0;
int first, last, filtered, stale, do_stale = 0; int first, last, filtered, do_stale = 0;
unsigned int flags = 0;
if (!packet || getpeername(confd, (struct sockaddr *)&peer_addr, &peer_len) == -1) if (!packet || getpeername(confd, (struct sockaddr *)&peer_addr, &peer_len) == -1)
return packet; return packet;
@@ -2301,9 +2294,12 @@ unsigned char *tcp_request(int confd, time_t now,
while (1) while (1)
{ {
int ede = EDE_UNSET; int stale = 0, ede = EDE_UNSET;
size_t m = 0;
stale = 0; unsigned int flags = 0;
#ifdef HAVE_AUTH
struct auth_zone *zone;
#endif
if (!do_stale) if (!do_stale)
{ {
@@ -2314,7 +2310,6 @@ unsigned char *tcp_request(int confd, time_t now,
!(size = ntohs(tcp_len)) || !(size = ntohs(tcp_len)) ||
!read_write(confd, payload, size, RW_READ)) !read_write(confd, payload, size, RW_READ))
break; break;
}
if (size < (int)sizeof(struct dns_header)) if (size < (int)sizeof(struct dns_header))
continue; continue;
@@ -2331,29 +2326,22 @@ unsigned char *tcp_request(int confd, time_t now,
daemon->log_display_id = -(++daemon->log_id); daemon->log_display_id = -(++daemon->log_id);
daemon->log_source_addr = &peer_addr; daemon->log_source_addr = &peer_addr;
/* save state of "cd" flag in query */
if ((checking_disabled = header->hb4 & HB4_CD))
no_cache_dnssec = 1;
if (OPCODE(header) != QUERY) if (OPCODE(header) != QUERY)
{ {
log_query_mysockaddr(F_QUERY | F_FORWARD, "opcode", &peer_addr, "non-query", 0); log_query_mysockaddr(F_QUERY | F_FORWARD, "opcode", &peer_addr, "non-query", 0);
gotname = 0; gotname = 0;
m = 0;
flags = F_RCODE; flags = F_RCODE;
} }
else if ((gotname = extract_request(header, (unsigned int)size, daemon->namebuff, &qtype))) else if (!(gotname = extract_request(header, (unsigned int)size, daemon->namebuff, &qtype)))
ede = EDE_INVALID_DATA;
else
{ {
#ifdef HAVE_AUTH if (saved_question)
struct auth_zone *zone; blockdata_free(saved_question);
#endif
#ifdef HAVE_CONNTRACK saved_question = blockdata_alloc((char *)header, (size_t)size);
is_single_query = 1; saved_size = size;
#endif
if (!do_stale)
{
log_query_mysockaddr(F_QUERY | F_FORWARD, daemon->namebuff, log_query_mysockaddr(F_QUERY | F_FORWARD, daemon->namebuff,
&peer_addr, auth_dns ? "auth" : "query", qtype); &peer_addr, auth_dns ? "auth" : "query", qtype);
@@ -2368,7 +2356,6 @@ unsigned char *tcp_request(int confd, time_t now,
break; break;
} }
#endif #endif
}
norebind = domain_no_rebind(daemon->namebuff); norebind = domain_no_rebind(daemon->namebuff);
@@ -2381,101 +2368,77 @@ unsigned char *tcp_request(int confd, time_t now,
if (find_pseudoheader(header, (size_t)size, NULL, &pheader, NULL, NULL)) if (find_pseudoheader(header, (size_t)size, NULL, &pheader, NULL, NULL))
{ {
unsigned short flags; unsigned short ede_flags;
have_pseudoheader = 1; have_pseudoheader = 1;
pheader += 4; /* udp_size, ext_rcode */ pheader += 4; /* udp_size, ext_rcode */
GETSHORT(flags, pheader); GETSHORT(ede_flags, pheader);
if (flags & 0x8000) if (ede_flags & 0x8000)
do_bit = 1; /* do bit */ do_bit = 1; /* do bit */
} }
ad_reqd = do_bit;
/* RFC 6840 5.7 */
if (header->hb4 & HB4_AD)
ad_reqd = 1;
#ifdef HAVE_CONNTRACK #ifdef HAVE_CONNTRACK
#ifdef HAVE_AUTH #ifdef HAVE_AUTH
if (!auth_dns || local_auth) if (!auth_dns || local_auth)
#endif #endif
if (option_bool(OPT_CMARK_ALST_EN) && have_mark && ((u32)mark & daemon->allowlist_mask)) if (option_bool(OPT_CMARK_ALST_EN) && have_mark && ((u32)mark & daemon->allowlist_mask))
allowed = is_query_allowed_for_mark((u32)mark, is_single_query ? daemon->namebuff : NULL); allowed = is_query_allowed_for_mark((u32)mark, daemon->namebuff);
#endif #endif
if (0); if (0);
#ifdef HAVE_CONNTRACK #ifdef HAVE_CONNTRACK
else if (!allowed) else if (!allowed)
{ {
u16 swap = htons(EDE_BLOCKED); ede = EDE_BLOCKED;
m = answer_disallowed(header, size, (u32)mark, daemon->namebuff);
m = answer_disallowed(header, size, (u32)mark, is_single_query ? daemon->namebuff : NULL);
if (have_pseudoheader && m != 0)
m = add_pseudoheader(header, m, ((unsigned char *) header) + 65536,
EDNS0_OPTION_EDE, (unsigned char *)&swap, 2, do_bit, 0);
} }
#endif #endif
#ifdef HAVE_AUTH #ifdef HAVE_AUTH
else if (auth_dns) else if (auth_dns)
{
m = answer_auth(header, ((char *) header) + 65536, (size_t)size, now, &peer_addr, local_auth); m = answer_auth(header, ((char *) header) + 65536, (size_t)size, now, &peer_addr, local_auth);
if (m >= 1 && have_pseudoheader)
m = add_pseudoheader(header, m, ((unsigned char *) header) + 65536,
0, NULL, 0, do_bit, 0);
}
#endif #endif
else else
{
int ad_reqd = do_bit;
/* RFC 6840 5.7 */
if (header->hb4 & HB4_AD)
ad_reqd = 1;
if (do_stale)
m = 0;
else
{
if (saved_question)
blockdata_free(saved_question);
saved_question = blockdata_alloc((char *)header, (size_t)size);
saved_size = size;
/* m > 0 if answered from cache */
m = answer_request(header, ((char *) header) + 65536, (size_t)size, m = answer_request(header, ((char *) header) + 65536, (size_t)size,
dst_addr_4, netmask, now, ad_reqd, do_bit, &stale, &filtered); dst_addr_4, netmask, now, ad_reqd, do_bit, &stale, &filtered);
}
if (m >= 1 && have_pseudoheader)
m = add_pseudoheader(header, m, ((unsigned char *) header) + 65536,
0, NULL, 0, do_bit, 0);
} }
/* Do this by steam now we're not in the select() loop */ /* Do this by steam now we're not in the select() loop */
check_log_writer(1); check_log_writer(1);
if (m == 0 && saved_question) if (m == 0 && ede == EDE_UNSET && saved_question)
{ {
struct server *master; struct server *master;
int start; int start;
int cacheable, no_cache_dnssec = 0, cache_secure = 0, bogusanswer = 0;
blockdata_retrieve(saved_question, (size_t)saved_size, header); blockdata_retrieve(saved_question, (size_t)saved_size, header);
size = saved_size; size = saved_size;
/* save state of "cd" flag in query */
if ((checking_disabled = header->hb4 & HB4_CD))
no_cache_dnssec = 1;
if (lookup_domain(daemon->namebuff, gotname, &first, &last)) if (lookup_domain(daemon->namebuff, gotname, &first, &last))
flags = is_local_answer(now, first, daemon->namebuff); flags = is_local_answer(now, first, daemon->namebuff);
else else
{
/* No configured servers */
ede = EDE_NOT_READY; ede = EDE_NOT_READY;
flags = 0;
}
if (!flags && ede == EDE_UNSET)
{
/* don't forward A or AAAA queries for simple names, except the empty name */ /* don't forward A or AAAA queries for simple names, except the empty name */
if (!flags && if (option_bool(OPT_NODOTS_LOCAL) &&
option_bool(OPT_NODOTS_LOCAL) &&
(gotname & (F_IPV4 | F_IPV6)) && (gotname & (F_IPV4 | F_IPV6)) &&
!strchr(daemon->namebuff, '.') && !strchr(daemon->namebuff, '.') &&
strlen(daemon->namebuff) != 0) strlen(daemon->namebuff) != 0)
flags = check_for_local_domain(daemon->namebuff, now) ? F_NOERR : F_NXDOMAIN; flags = check_for_local_domain(daemon->namebuff, now) ? F_NOERR : F_NXDOMAIN;
else
if (!flags && ede != EDE_NOT_READY)
{ {
master = daemon->serverarray[first]; master = daemon->serverarray[first];
@@ -2505,11 +2468,9 @@ unsigned char *tcp_request(int confd, time_t now,
/* Loop round available servers until we succeed in connecting to one. */ /* Loop round available servers until we succeed in connecting to one. */
if ((m = tcp_talk(first, last, start, packet, size, have_mark, mark, &serv)) == 0) if ((m = tcp_talk(first, last, start, packet, size, have_mark, mark, &serv)) == 0)
{
ede = EDE_NETERR; ede = EDE_NETERR;
break; else
} {
/* get query name again for logging - may have been overwritten */ /* get query name again for logging - may have been overwritten */
if (!(gotname = extract_request(header, (unsigned int)size, daemon->namebuff, &qtype))) if (!(gotname = extract_request(header, (unsigned int)size, daemon->namebuff, &qtype)))
strcpy(daemon->namebuff, "query"); strcpy(daemon->namebuff, "query");
@@ -2565,6 +2526,7 @@ unsigned char *tcp_request(int confd, time_t now,
} }
#endif #endif
/* restore CD bit to the value in the query */ /* restore CD bit to the value in the query */
if (checking_disabled) if (checking_disabled)
header->hb4 |= HB4_CD; header->hb4 |= HB4_CD;
@@ -2579,6 +2541,9 @@ unsigned char *tcp_request(int confd, time_t now,
m = process_reply(header, now, serv, (unsigned int)m, m = process_reply(header, now, serv, (unsigned int)m,
option_bool(OPT_NO_REBIND) && !norebind, no_cache_dnssec, cache_secure, bogusanswer, option_bool(OPT_NO_REBIND) && !norebind, no_cache_dnssec, cache_secure, bogusanswer,
ad_reqd, do_bit, added_pheader, &peer_addr, ((unsigned char *)header) + 65536, ede); ad_reqd, do_bit, added_pheader, &peer_addr, ((unsigned char *)header) + 65536, ede);
/* process_reply() adds pheader itself */
have_pseudoheader = 0;
} }
} }
} }
@@ -2594,10 +2559,8 @@ unsigned char *tcp_request(int confd, time_t now,
((char *) header) + 65536, first, last, ede))) ((char *) header) + 65536, first, last, ede)))
break; break;
} }
else else if (ede == EDE_UNSET)
{ {
ede = EDE_UNSET;
if (filtered) if (filtered)
ede = EDE_FILTERED; ede = EDE_FILTERED;
else if (stale) else if (stale)
@@ -2625,6 +2588,7 @@ unsigned char *tcp_request(int confd, time_t now,
if (option_bool(OPT_CMARK_ALST_EN) && have_mark && ((u32)mark & daemon->allowlist_mask)) if (option_bool(OPT_CMARK_ALST_EN) && have_mark && ((u32)mark & daemon->allowlist_mask))
report_addresses(header, m, mark); report_addresses(header, m, mark);
#endif #endif
if (!read_write(confd, packet, m + sizeof(u16), RW_WRITE)) if (!read_write(confd, packet, m + sizeof(u16), RW_WRITE))
break; break;
@@ -2637,6 +2601,8 @@ unsigned char *tcp_request(int confd, time_t now,
shutdown(confd, SHUT_RDWR); shutdown(confd, SHUT_RDWR);
close(confd); close(confd);
do_stale = 1; do_stale = 1;
/* Don't mark the query with the source when refreshing stale data. */
daemon->log_source_addr = NULL;
} }
} }