Commit 9fd560c1 authored by Karel Slaný's avatar Karel Slaný Committed by Ondřej Surý

Putting cookie option into request before packet is finalised.

parent 98d6cd9c
......@@ -46,9 +46,9 @@ static const uint8_t *peek_and_check_cc(kr_cookie_lru_t *cache, const void *sa,
}
/**
* @brief Add a client cookie option into the RR Set.
* @brief Put a client cookie into the RR Set.
*/
static int opt_rr_add_cookie(knot_rrset_t *opt_rr, uint8_t *data,
static int opt_rr_put_cookie(knot_rrset_t *opt_rr, uint8_t *data,
uint16_t data_len, knot_mm_t *mm)
{
assert(opt_rr && data && data_len > 0);
......@@ -84,9 +84,9 @@ static int opt_rr_add_cookie(knot_rrset_t *opt_rr, uint8_t *data,
}
/**
* @brief Adds entire EDNS option into the RR Set.
* @brief Puts entire EDNS option into the RR Set.
*/
static int opt_rr_add_cookie_opt(knot_rrset_t *opt_rr, uint8_t *option, knot_mm_t *mm)
static int opt_rr_put_cookie_opt(knot_rrset_t *opt_rr, uint8_t *option, knot_mm_t *mm)
{
assert(opt_rr && option);
......@@ -99,20 +99,20 @@ static int opt_rr_add_cookie_opt(knot_rrset_t *opt_rr, uint8_t *option, knot_mm_
uint16_t opt_len = knot_edns_opt_get_length(option);
uint8_t *opt_data = knot_edns_opt_get_data(option);
return opt_rr_add_cookie(opt_rr, opt_data, opt_len, mm);
return opt_rr_put_cookie(opt_rr, opt_data, opt_len, mm);
}
int kr_request_put_cookie(const struct kr_cookie_comp *clnt_comp,
kr_cookie_lru_t *cookie_cache,
const struct sockaddr *clnt_sa,
const struct sockaddr *srvr_sa,
knot_pkt_t *pkt)
struct kr_request *req)
{
if (!clnt_comp || !pkt) {
if (!clnt_comp || !req) {
return kr_error(EINVAL);
}
if (!pkt->opt_rr) {
if (!req->ctx->opt_rr) {
return kr_ok();
}
......@@ -120,8 +120,10 @@ int kr_request_put_cookie(const struct kr_cookie_comp *clnt_comp,
return kr_error(EINVAL);
}
/* Generate client cookie from client address, server address and
* secret quantity. */
/*
* Generate client cookie from client address, server address and
* secret quantity.
*/
struct knot_cc_input input = {
.clnt_sockaddr = clnt_sa,
.srvr_sockaddr = srvr_sa,
......@@ -141,25 +143,18 @@ int kr_request_put_cookie(const struct kr_cookie_comp *clnt_comp,
const uint8_t *cached_cookie = peek_and_check_cc(cookie_cache,
srvr_sa, cc, cc_len);
/* This is a very nasty hack that prevents the packet to be corrupted
* when using contemporary 'Cookie interface'. */
assert(pkt->current == KNOT_ADDITIONAL);
pkt->sections[KNOT_ADDITIONAL].count -= 1;
pkt->rrset_count -= 1;
pkt->size -= knot_edns_wire_size(pkt->opt_rr);
knot_wire_set_arcount(pkt->wire, knot_wire_get_arcount(pkt->wire) - 1);
/* Add cookie option. */
int ret;
if (cached_cookie) {
ret = opt_rr_add_cookie_opt(pkt->opt_rr,
ret = opt_rr_put_cookie_opt(req->ctx->opt_rr,
(uint8_t *)cached_cookie,
&pkt->mm);
req->ctx->pool);
} else {
ret = opt_rr_add_cookie(pkt->opt_rr, cc, cc_len, &pkt->mm);
ret = opt_rr_put_cookie(req->ctx->opt_rr, cc, cc_len,
req->ctx->pool);
}
/* Write to packet. */
return knot_pkt_put(pkt, KNOT_COMPR_HINT_NONE, pkt->opt_rr, KNOT_PF_FREE);
return ret;
}
int kr_answer_write_cookie(const struct knot_sc_private *srvr_data,
......
......@@ -23,15 +23,16 @@
#include "lib/cookies/lru_cache.h"
#include "lib/cookies/nonce.h"
#include "lib/defines.h"
#include "lib/resolve.h"
/**
* @brief Insert a DNS cookie into query packet.
* @note The packet must already contain ENDS section.
* @brief Updates DNS cookie in the request EDNS options.
* @note This function must be called before the request packet is finalised.
* @param clnt_comp client cookie control structure
* @param cookie_cache cookie cache
* @param clnt_sa client socket address
* @param srvr_sa server socket address
* @param pkt DNS request packet
* @param req name resolution request
* @return kr_ok() or error code
*/
KR_EXPORT
......@@ -39,7 +40,7 @@ int kr_request_put_cookie(const struct kr_cookie_comp *clnt_comp,
kr_cookie_lru_t *cookie_cache,
const struct sockaddr *clnt_sa,
const struct sockaddr *srvr_sa,
knot_pkt_t *pkt);
struct kr_request *req);
/**
* @brief Inserts a cookie option into the OPT RR. It does not write any
......
......@@ -857,12 +857,10 @@ int kr_resolve_produce(struct kr_request *request, struct sockaddr **dst, int *t
#if defined(ENABLE_COOKIES)
/** Update DNS cookie data in packet. */
static bool outbound_query_add_cookies(struct kr_request *req,
const struct sockaddr *dst,
knot_pkt_t *pkt)
static bool outbound_request_update_cookies(struct kr_request *req,
const struct sockaddr *dst)
{
assert(req);
assert(pkt);
/* RFC7873 4.1 strongly requires server address. */
if (!dst) {
......@@ -872,7 +870,7 @@ static bool outbound_query_add_cookies(struct kr_request *req,
struct kr_cookie_settings *clnt_sett = &req->ctx->cookie_ctx.clnt;
/* Cookies disabled or packet has no ENDS section. */
if (!clnt_sett->enabled || !pkt->opt_rr) {
if (!clnt_sett->enabled) {
return true;
}
......@@ -890,7 +888,7 @@ static bool outbound_query_add_cookies(struct kr_request *req,
*/
kr_request_put_cookie(&clnt_sett->current, req->ctx->cache_cookie,
NULL, dst, pkt);
NULL, dst, req);
return true;
}
......@@ -919,13 +917,8 @@ int kr_resolve_query_finalize(struct kr_request *request, struct sockaddr *dst,
* cons: Additional stress on API before sending every packet.
*/
int ret = query_finalize(request, qry, packet);
if (ret != 0) {
return KNOT_STATE_FAIL;
}
#if defined(ENABLE_COOKIES)
/* Update DNS cookies data in query. */
/* Update DNS cookies in request. */
if (type == SOCK_DGRAM) { /* @todo: Add cookies also over TCP? */
/* The actual server IP address is needed before generating the
* actual cookie. If we don't know the server address then we
......@@ -933,12 +926,17 @@ int kr_resolve_query_finalize(struct kr_request *request, struct sockaddr *dst,
* Also the resolver somehow mangles the query packets before
* building the query i.e. the space needed for the cookie
* cannot be allocated in the cookie layer. */
if (!outbound_query_add_cookies(request, dst, packet)) {
if (!outbound_request_update_cookies(request, dst)) {
return KNOT_STATE_FAIL;
}
}
#endif /* defined(ENABLE_COOKIES) */
int ret = query_finalize(request, qry, packet);
if (ret != 0) {
return KNOT_STATE_FAIL;
}
WITH_DEBUG {
char qname_str[KNOT_DNAME_MAXLEN], zonecut_str[KNOT_DNAME_MAXLEN], ns_str[INET6_ADDRSTRLEN], type_str[16];
knot_dname_to_str(qname_str, knot_pkt_qname(packet), sizeof(qname_str));
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment