Commit f647c0df authored by Mark Andrews's avatar Mark Andrews

4281. [bug] Teach dns_message_totext about BADCOOKIE. [RT #41257]

parent ecc06cbc
4281. [bug] Teach dns_message_totext about BADCOOKIE. [RT #41257]
4280. [performance] Use optimal message sizes to improve compression
in AXFRs. This reduces network traffic. [RT #40996]
......
......@@ -6960,6 +6960,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
inc_stats(client,
dns_nsstatscounter_rateslipped);
if (WANTCOOKIE(client)) {
client->message->flags &=
~DNS_MESSAGEFLAG_AA;
client->message->flags &=
~DNS_MESSAGEFLAG_AD;
client->message->rcode =
......@@ -6978,6 +6980,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
}
} else if (!TCP(client) && client->view->requireservercookie &&
WANTCOOKIE(client) && !HAVECOOKIE(client)) {
client->message->flags &= ~DNS_MESSAGEFLAG_AA;
client->message->flags &= ~DNS_MESSAGEFLAG_AD;
client->message->rcode = dns_rcode_badcookie;
goto cleanup;
}
......
......@@ -127,6 +127,8 @@ n=`expr $n + 1`
echo "I:checking require-server-cookie yes ($n)"
ret=0
$DIG +qr +cookie +nobadcookie soa @10.53.0.3 -p 5300 > dig.out.test$n
grep "flags: qr[^;]* aa[ ;]" dig.out.test$n > /dev/null && ret=1
grep "flags: qr[^;]* ad[ ;]" dig.out.test$n > /dev/null && ret=1
grep BADCOOKIE dig.out.test$n > /dev/null || ret=1
linecount=`getcookie dig.out.test$n | wc -l`
if [ $linecount != 2 ]; then ret=1; fi
......
......@@ -36,6 +36,7 @@
#include <dns/masterdump.h>
#include <dns/message.h>
#include <dns/opcode.h>
#include <dns/rcode.h>
#include <dns/rdata.h>
#include <dns/rdatalist.h>
#include <dns/rdataset.h>
......@@ -145,27 +146,6 @@ static const char *opcodetext[] = {
"RESERVED15"
};
static const char *rcodetext[] = {
"NOERROR",
"FORMERR",
"SERVFAIL",
"NXDOMAIN",
"NOTIMP",
"REFUSED",
"YXDOMAIN",
"YXRRSET",
"NXRRSET",
"NOTAUTH",
"NOTZONE",
"RESERVED11",
"RESERVED12",
"RESERVED13",
"RESERVED14",
"RESERVED15",
"BADVERS"
};
/*%
* "helper" type, which consists of a block of some type, and is linkable.
* For it to work, sizeof(dns_msgblock_t) must be a multiple of the pointer
......@@ -3491,7 +3471,8 @@ dns_message_pseudosectiontotext(dns_message_t *msg,
isc_result_t
dns_message_totext(dns_message_t *msg, const dns_master_style_t *style,
dns_messagetextflag_t flags, isc_buffer_t *target) {
dns_messagetextflag_t flags, isc_buffer_t *target)
{
unsigned int sflags = dns_master_styleflags(style);
char buf[sizeof("1234567890")];
isc_result_t result;
......@@ -3505,12 +3486,9 @@ dns_message_totext(dns_message_t *msg, const dns_master_style_t *style,
ADD_STRING(target, ";; ->>HEADER<<- opcode: ");
ADD_STRING(target, opcodetext[msg->opcode]);
ADD_STRING(target, ", status: ");
if (msg->rcode < (sizeof(rcodetext)/sizeof(rcodetext[0]))) {
ADD_STRING(target, rcodetext[msg->rcode]);
} else {
snprintf(buf, sizeof(buf), "%4u", msg->rcode);
ADD_STRING(target, buf);
}
result = dns_rcode_totext(msg->rcode, target);
if (result != ISC_R_SUCCESS)
return (result);
ADD_STRING(target, ", id: ");
snprintf(buf, sizeof(buf), "%6u", msg->id);
ADD_STRING(target, buf);
......
......@@ -51,6 +51,8 @@
#define NUMBERSIZE sizeof("037777777777") /* 2^32-1 octal + NUL */
#define TOTEXTONLY 0x01
#define RCODENAMES \
/* standard rcodes */ \
{ dns_rcode_noerror, "NOERROR", 0}, \
......@@ -63,7 +65,12 @@
{ dns_rcode_yxrrset, "YXRRSET", 0}, \
{ dns_rcode_nxrrset, "NXRRSET", 0}, \
{ dns_rcode_notauth, "NOTAUTH", 0}, \
{ dns_rcode_notzone, "NOTZONE", 0},
{ dns_rcode_notzone, "NOTZONE", 0}, \
{ 11, "RESERVED11", TOTEXTONLY}, \
{ 12, "RESERVED12", TOTEXTONLY}, \
{ 13, "RESERVED13", TOTEXTONLY}, \
{ 14, "RESERVED14", TOTEXTONLY}, \
{ 15, "RESERVED15", TOTEXTONLY},
#define ERCODENAMES \
/* extended rcodes */ \
......@@ -260,6 +267,7 @@ dns_mnemonic_fromtext(unsigned int *valuep, isc_textregion_t *source,
unsigned int n;
n = strlen(table[i].name);
if (n == source->length &&
(table[i].flags & TOTEXTONLY) == 0 &&
strncasecmp(source->base, table[i].name, n) == 0) {
*valuep = table[i].value;
return (ISC_R_SUCCESS);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment