Commit 5b52e0dd authored by Karel Slaný's avatar Karel Slaný Committed by Ondřej Surý
Browse files

Conditional compilation of DNS cookie code.

Use ENABLE_cookies=yes variable to compile functionality.
parent 13c9d9cf
......@@ -64,6 +64,10 @@ endif
BUILD_CFLAGS += $(libknot_CFLAGS) $(libuv_CFLAGS) $(cmocka_CFLAGS) $(lua_CFLAGS) $(libdnssec_CFLAGS) $(libsystemd_CFLAGS)
BUILD_CFLAGS += $(addprefix -I,$(wildcard contrib/ccan/*) contrib/murmurhash3)
ifeq ($(ENABLE_cookies),yes)
BUILD_CFLAGS += -DENABLE_COOKIES
endif
# Overview
info:
$(info Target: Knot DNS Resolver $(MAJOR).$(MINOR).$(PATCH)-$(PLATFORM))
......
......@@ -471,7 +471,9 @@ static int init_resolver(struct engine *engine)
}
/* Load basic modules */
#if defined(ENABLE_COOKIES)
engine_register(engine, "cookiemonster", NULL, NULL);
#endif /* defined(ENABLE_COOKIES) */
engine_register(engine, "iterate", NULL, NULL);
engine_register(engine, "validate", NULL, NULL);
engine_register(engine, "rrcache", NULL, NULL);
......
......@@ -14,7 +14,6 @@
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#include <arpa/inet.h> /* inet_ntop() */
#include <uv.h>
#include <lua.h>
#include <libknot/packet/pkt.h>
......@@ -26,7 +25,10 @@
#include <malloc.h>
#endif
#include <assert.h>
#if defined(ENABLE_COOKIES)
#include <arpa/inet.h> /* inet_ntop() */
#include "lib/cookies/control.h"
#endif /* defined(ENABLE_COOKIES) */
#include "lib/utils.h"
#include "lib/layer.h"
#include "daemon/worker.h"
......@@ -441,6 +443,7 @@ static void on_write(uv_write_t *req, int status)
req_release(worker, (struct req *)req);
}
#if defined(ENABLE_COOKIES)
/** Update DNS cookie data in packet. */
static bool subreq_update_cookies(uv_udp_t *handle, struct sockaddr *srvr_addr,
struct kr_cache *cookie_cache,
......@@ -478,6 +481,7 @@ static bool subreq_update_cookies(uv_udp_t *handle, struct sockaddr *srvr_addr,
return true;
}
#endif /* defined(ENABLE_COOKIES) */
static int qr_task_send(struct qr_task *task, uv_handle_t *handle, struct sockaddr *addr, knot_pkt_t *pkt)
{
......@@ -499,11 +503,13 @@ static int qr_task_send(struct qr_task *task, uv_handle_t *handle, struct sockad
return qr_task_on_send(task, handle, kr_error(ENOMEM));
}
if (handle->type == UV_UDP) {
#if defined(ENABLE_COOKIES)
if (knot_wire_get_qr(pkt->wire) == 0) {
/* Update DNS cookies data in query. */
subreq_update_cookies((uv_udp_t *) handle, addr,
&task->worker->engine->resolver.cache, pkt);
}
#endif /* defined(ENABLE_COOKIES) */
uv_buf_t buf = { (char *)pkt->wire, pkt->size };
send_req->as.send.data = task;
......
......@@ -30,11 +30,11 @@
#include "lib/layer.h"
#include "lib/utils.h"
#if defined MODULE_DEBUG_MSGS
#if defined(MODULE_DEBUG_MSGS)
# define DEBUG_MSG(qry, fmt...) QRDEBUG(qry, "cookies_control", fmt)
#else /* !defined MODULE_DEBUG_MSGS */
#else /* !defined(MODULE_DEBUG_MSGS) */
# define DEBUG_MSG(qry, fmt...) do { } while (0)
#endif /* defined MODULE_DEBUG_MSGS */
#endif /* defined(MODULE_DEBUG_MSGS) */
/* Default client secret. */
struct kr_cookie_secret dflt_cs = {
......
......@@ -576,7 +576,11 @@ static int resolve(knot_layer_t *ctx, knot_pkt_t *pkt)
assert(pkt && ctx);
struct kr_request *req = ctx->data;
struct kr_query *query = req->current_query;
#if defined(ENABLE_COOKIES)
if (!query || (query->flags & (QUERY_RESOLVED|QUERY_BADCOOKIE_AGAIN))) {
#else /* !defined(ENABLE_COOKIES) */
if (!query || (query->flags & QUERY_RESOLVED)) {
#endif /* defined(ENABLE_COOKIES) */
return ctx->state;
}
......
libkres_SOURCES := \
contrib/fnv/hash_64a.c \
lib/generic/map.c \
lib/layer/cookiemonster.c \
lib/layer/iterate.c \
lib/layer/validate.c \
lib/layer/rrcache.c \
lib/layer/pktcache.c \
lib/cookies/cache.c \
lib/cookies/control.c \
lib/dnssec/nsec.c \
lib/dnssec/nsec3.c \
lib/dnssec/signature.c \
......@@ -27,8 +24,6 @@ libkres_HEADERS := \
lib/generic/map.h \
lib/generic/set.h \
lib/layer.h \
lib/cookies/cache.h \
lib/cookies/control.h \
lib/dnssec/nsec.h \
lib/dnssec/nsec3.h \
lib/dnssec/signature.h \
......@@ -50,6 +45,17 @@ libkres_CFLAGS := -fvisibility=hidden -fPIC $(lmdb_CFLAGS)
libkres_LIBS := $(contrib_TARGET) $(libknot_LIBS) $(libdnssec_LIBS) $(lmdb_LIBS)
libkres_TARGET := -L$(abspath lib) -lkres
ifeq ($(ENABLE_cookies),yes)
libkres_SOURCES += \
lib/layer/cookiemonster.c \
lib/cookies/cache.c \
lib/cookies/control.c
libkres_HEADERS += \
lib/cookies/cache.h \
lib/cookies/control.h
endif
# Make library
ifeq ($(BUILDMODE), static)
$(eval $(call make_static,libkres,lib,yes))
......
......@@ -24,13 +24,17 @@
#include "lib/module.h"
/* List of embedded modules */
#if defined(ENABLE_COOKIES)
const knot_layer_api_t *cookiemonster_layer(struct kr_module *module);
#endif /* defined(ENABLE_COOKIES) */
const knot_layer_api_t *iterate_layer(struct kr_module *module);
const knot_layer_api_t *validate_layer(struct kr_module *module);
const knot_layer_api_t *rrcache_layer(struct kr_module *module);
const knot_layer_api_t *pktcache_layer(struct kr_module *module);
static const struct kr_module embedded_modules[] = {
#if defined(ENABLE_COOKIES)
{ "cookiemonster", NULL, NULL, NULL, cookiemonster_layer, NULL, NULL, NULL },
#endif /* defined(ENABLE_COOKIES) */
{ "iterate", NULL, NULL, NULL, iterate_layer, NULL, NULL, NULL },
{ "validate", NULL, NULL, NULL, validate_layer, NULL, NULL, NULL },
{ "rrcache", NULL, NULL, NULL, rrcache_layer, NULL, NULL, NULL },
......
......@@ -27,7 +27,9 @@
#include "lib/rplan.h"
#include "lib/layer/iterate.h"
#include "lib/dnssec/ta.h"
#if defined(ENABLE_COOKIES)
#include "lib/cookies/control.h"
#endif /* defined(ENABLE_COOKIES) */
#define DEBUG_MSG(qry, fmt...) QRDEBUG((qry), "resl", fmt)
......@@ -267,11 +269,15 @@ static int edns_put(knot_pkt_t *pkt)
static int edns_create(knot_pkt_t *pkt, knot_pkt_t *template, struct kr_request *req)
{
pkt->opt_rr = knot_rrset_copy(req->ctx->opt_rr, &pkt->mm);
#if defined(ENABLE_COOKIES)
size_t wire_size = knot_edns_wire_size(pkt->opt_rr);
if (kr_glob_cookie_ctx.enabled) {
wire_size += KR_COOKIE_OPT_MAX_LEN;
}
return knot_pkt_reserve(pkt, wire_size);
#else /* !defined(ENABLE_COOKIES) */
return knot_pkt_reserve(pkt, knot_edns_wire_size(pkt->opt_rr));
#endif /* defined(ENABLE_COOKIES) */
}
static int answer_prepare(knot_pkt_t *answer, knot_pkt_t *query, struct kr_request *req)
......@@ -440,6 +446,7 @@ int kr_resolve_consume(struct kr_request *request, const struct sockaddr *src, k
/* Different processing for network error */
struct kr_query *qry = array_tail(rplan->pending);
#if defined(ENABLE_COOKIES)
if (src && !(qry->flags & QUERY_CACHED)) {
/* Track response source.
* TODO -- Find a more suitable place to put the source address
......@@ -456,6 +463,7 @@ int kr_resolve_consume(struct kr_request *request, const struct sockaddr *src, k
break;
}
}
#endif /* defined(ENABLE_COOKIES) */
bool tried_tcp = (qry->flags & QUERY_TCP);
if (!packet || packet->size == 0) {
......@@ -750,7 +758,11 @@ ns_election:
if (qry->flags & (QUERY_AWAIT_IPV4|QUERY_AWAIT_IPV6)) {
kr_nsrep_elect_addr(qry, request->ctx);
#if defined(ENABLE_COOKIES)
} else if (!qry->ns.name || !(qry->flags & (QUERY_TCP|QUERY_STUB|QUERY_BADCOOKIE_AGAIN))) { /* Keep NS when requerying/stub/badcookie. */
#else /* defined(ENABLE_COOKIES) */
} else if (!qry->ns.name || !(qry->flags & (QUERY_TCP|QUERY_STUB))) { /* Keep NS when requerying/stub. */
#endif /* defined(ENABLE_COOKIES) */
/* Root DNSKEY must be fetched from the hints to avoid chicken and egg problem. */
if (qry->sname[0] == '\0' && qry->stype == KNOT_RRTYPE_DNSKEY) {
kr_zonecut_set_sbelt(request->ctx, &qry->zone_cut);
......
......@@ -76,10 +76,12 @@ struct kr_query {
struct kr_zonecut zone_cut;
struct kr_nsrep ns;
struct kr_layer_pickle *deferred;
#if defined(ENABLE_COOKIES)
union {
struct sockaddr_in ip4;
struct sockaddr_in6 ip6;
} rsource; /**< Response source address. */
#endif /* defined(ENABLE_COOKIES) */
};
/** @cond internal Array of queries. */
......
# List of built-in modules
modules_TARGETS := hints \
stats \
cookiectl
stats
# DNS cookies
ifeq ($(ENABLE_cookies),yes)
modules_TARGETS += cookiectl
endif
# Memcached
ifeq ($(HAS_libmemcached),yes)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment