/src/pdns/pdns/packetcache.hh
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * This file is part of PowerDNS or dnsdist. |
3 | | * Copyright -- PowerDNS.COM B.V. and its contributors |
4 | | * |
5 | | * This program is free software; you can redistribute it and/or modify |
6 | | * it under the terms of version 2 of the GNU General Public License as |
7 | | * published by the Free Software Foundation. |
8 | | * |
9 | | * In addition, for the avoidance of any doubt, permission is granted to |
10 | | * link this program with OpenSSL and to (re)distribute the binaries |
11 | | * produced as the result of such linking. |
12 | | * |
13 | | * This program is distributed in the hope that it will be useful, |
14 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | | * GNU General Public License for more details. |
17 | | * |
18 | | * You should have received a copy of the GNU General Public License |
19 | | * along with this program; if not, write to the Free Software |
20 | | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
21 | | */ |
22 | | #pragma once |
23 | | #include "ednsoptions.hh" |
24 | | #include "misc.hh" |
25 | | #include "iputils.hh" |
26 | | |
27 | | class PacketCache : public boost::noncopyable |
28 | | { |
29 | | public: |
30 | | |
31 | | /* hash the packet from the provided position, which should point right after tje qname. This skips: |
32 | | - the query ID ; |
33 | | - EDNS Cookie options, if any ; |
34 | | - Any given option code present in optionsToSkip |
35 | | */ |
36 | | static uint32_t hashAfterQname(const std::string_view& packet, uint32_t currentHash, size_t pos, const std::unordered_set<uint16_t>& optionsToSkip = {EDNSOptionCode::COOKIE}) |
37 | 1.22k | { |
38 | 1.22k | const size_t packetSize = packet.size(); |
39 | 1.22k | assert(packetSize >= sizeof(dnsheader)); |
40 | | |
41 | | /* we need at least 2 (QTYPE) + 2 (QCLASS) |
42 | | |
43 | | + OPT root label (1), type (2), class (2) and ttl (4) |
44 | | + the OPT RR rdlen (2) |
45 | | = 15 |
46 | | */ |
47 | 0 | const dnsheader_aligned dnsheaderdata(packet.data()); |
48 | 1.22k | const struct dnsheader *dh = dnsheaderdata.get(); |
49 | 1.22k | if (ntohs(dh->qdcount) != 1 || ntohs(dh->ancount) != 0 || ntohs(dh->nscount) != 0 || ntohs(dh->arcount) != 1 || (pos + 15) >= packetSize) { |
50 | 338 | if (packetSize > pos) { |
51 | 338 | currentHash = burtle(reinterpret_cast<const unsigned char*>(&packet.at(pos)), packetSize - pos, currentHash); |
52 | 338 | } |
53 | 338 | return currentHash; |
54 | 338 | } |
55 | | |
56 | 886 | currentHash = burtle(reinterpret_cast<const unsigned char*>(&packet.at(pos)), 15, currentHash); |
57 | | /* skip the qtype (2), qclass (2) */ |
58 | | /* root label (1), type (2), class (2) and ttl (4) */ |
59 | | /* already hashed above */ |
60 | 886 | pos += 13; |
61 | | |
62 | 886 | const uint16_t rdLen = ((static_cast<uint16_t>(packet.at(pos)) * 256) + static_cast<uint16_t>(packet.at(pos + 1))); |
63 | | /* skip the rd length */ |
64 | | /* already hashed above */ |
65 | 886 | pos += 2; |
66 | | |
67 | 886 | if (rdLen > (packetSize - pos)) { |
68 | 164 | if (pos < packetSize) { |
69 | 164 | currentHash = burtle(reinterpret_cast<const unsigned char*>(&packet.at(pos)), packetSize - pos, currentHash); |
70 | 164 | } |
71 | 164 | return currentHash; |
72 | 164 | } |
73 | | |
74 | 722 | uint16_t rdataRead = 0; |
75 | 722 | uint16_t optionCode; |
76 | 722 | uint16_t optionLen; |
77 | | |
78 | 16.7k | while (pos < packetSize && rdataRead < rdLen && getNextEDNSOption(&packet.at(pos), rdLen - rdataRead, optionCode, optionLen)) { |
79 | 16.3k | if (optionLen > (rdLen - rdataRead - 4)) { |
80 | 344 | if (packetSize > pos) { |
81 | 344 | currentHash = burtle(reinterpret_cast<const unsigned char*>(&packet.at(pos)), packetSize - pos, currentHash); |
82 | 344 | } |
83 | 344 | return currentHash; |
84 | 344 | } |
85 | | |
86 | 16.0k | if (optionsToSkip.count(optionCode) == 0) { |
87 | | /* hash the option code, length and content */ |
88 | 15.1k | currentHash = burtle(reinterpret_cast<const unsigned char*>(&packet.at(pos)), 4 + optionLen, currentHash); |
89 | 15.1k | } |
90 | 867 | else { |
91 | | /* skip option: hash only its code and length */ |
92 | 867 | currentHash = burtle(reinterpret_cast<const unsigned char*>(&packet.at(pos)), 4, currentHash); |
93 | 867 | } |
94 | | |
95 | 16.0k | pos += 4 + optionLen; |
96 | 16.0k | rdataRead += 4 + optionLen; |
97 | 16.0k | } |
98 | | |
99 | 378 | if (pos < packetSize) { |
100 | 278 | currentHash = burtle(reinterpret_cast<const unsigned char*>(&packet.at(pos)), packetSize - pos, currentHash); |
101 | 278 | } |
102 | | |
103 | 378 | return currentHash; |
104 | 722 | } |
105 | | |
106 | | static uint32_t hashHeaderAndQName(const std::string& packet, size_t& pos) |
107 | 2.01k | { |
108 | 2.01k | const size_t packetSize = packet.size(); |
109 | 2.01k | assert(packetSize >= sizeof(dnsheader)); |
110 | | // Quite some bits in the header are actually irrelevant for |
111 | | // incoming queries. If we ever change that and ignore them for |
112 | | // hashing, don't forget to also adapt the `queryHeaderMatches` |
113 | | // code, as it should be consistent with the hash function. |
114 | 0 | uint32_t currentHash = burtle(reinterpret_cast<const unsigned char*>(&packet.at(2)), sizeof(dnsheader) - 2, 0); // rest of dnsheader, skip id |
115 | | |
116 | 99.0k | for (pos = sizeof(dnsheader); pos < packetSize; ) { |
117 | 98.4k | const unsigned char labelLen = static_cast<unsigned char>(packet.at(pos)); |
118 | 98.4k | ++pos; |
119 | 98.4k | if (labelLen == 0) { |
120 | 1.36k | break; |
121 | 1.36k | } |
122 | 97.0k | pos = std::min(pos + labelLen, packetSize); |
123 | 97.0k | } |
124 | 2.01k | return burtleCI(reinterpret_cast<const unsigned char*>(&packet.at(sizeof(dnsheader))), pos - sizeof(dnsheader), currentHash); |
125 | 2.01k | } |
126 | | |
127 | | /* hash the packet from the beginning, including the qname. This skips: |
128 | | - the query ID ; |
129 | | - EDNS Cookie options, if any ; |
130 | | - Any given option code present in optionsToSkip |
131 | | */ |
132 | | static uint32_t canHashPacket(const std::string& packet, const std::unordered_set<uint16_t>& optionsToSkip = {EDNSOptionCode::COOKIE}) |
133 | 2.01k | { |
134 | 2.01k | size_t pos = 0; |
135 | 2.01k | uint32_t currentHash = hashHeaderAndQName(packet, pos); |
136 | | |
137 | 2.01k | if (pos >= packet.size()) { |
138 | 782 | return currentHash; |
139 | 782 | } |
140 | | |
141 | 1.22k | return hashAfterQname(packet, currentHash, pos, optionsToSkip); |
142 | 2.01k | } |
143 | | |
144 | | static bool queryHeaderMatches(const std::string& cachedQuery, const std::string& query) |
145 | 1.43k | { |
146 | 1.43k | if (cachedQuery.size() != query.size()) { |
147 | 0 | return false; |
148 | 0 | } |
149 | | |
150 | 1.43k | return (cachedQuery.compare(/* skip the ID */ 2, sizeof(dnsheader) - 2, query, 2, sizeof(dnsheader) - 2) == 0); |
151 | 1.43k | } |
152 | | |
153 | | static bool queryMatches(const std::string& cachedQuery, const std::string& query, const DNSName& qname, const std::unordered_set<uint16_t>& optionsToIgnore) |
154 | 1.43k | { |
155 | 1.43k | const size_t querySize = query.size(); |
156 | 1.43k | const size_t cachedQuerySize = cachedQuery.size(); |
157 | 1.43k | if (querySize != cachedQuerySize) { |
158 | 0 | return false; |
159 | 0 | } |
160 | | |
161 | 1.43k | if (!queryHeaderMatches(cachedQuery, query)) { |
162 | 0 | return false; |
163 | 0 | } |
164 | | |
165 | 1.43k | size_t pos = sizeof(dnsheader) + qname.wirelength(); |
166 | | |
167 | | /* we need at least 2 (QTYPE) + 2 (QCLASS) |
168 | | + OPT root label (1), type (2), class (2) and ttl (4) |
169 | | + the OPT RR rdlen (2) |
170 | | = 15 |
171 | | */ |
172 | 1.43k | const dnsheader_aligned dnsheaderdata(query.data()); |
173 | 1.43k | const struct dnsheader* dh = dnsheaderdata.get(); |
174 | 1.43k | if (ntohs(dh->qdcount) != 1 || ntohs(dh->ancount) != 0 || ntohs(dh->nscount) != 0 || ntohs(dh->arcount) != 1 || (pos + 15) >= querySize || optionsToIgnore.empty()) { |
175 | 686 | return cachedQuery.compare(pos, cachedQuerySize - pos, query, pos, querySize - pos) == 0; |
176 | 686 | } |
177 | | |
178 | | /* compare up to the first option, if any */ |
179 | 752 | if (cachedQuery.compare(pos, 15, query, pos, 15) != 0) { |
180 | 0 | return false; |
181 | 0 | } |
182 | | |
183 | | /* skip the qtype (2), qclass (2) */ |
184 | | /* root label (1), type (2), class (2) and ttl (4) */ |
185 | | /* already compared above */ |
186 | 752 | pos += 13; |
187 | | |
188 | 752 | const uint16_t rdLen = ((static_cast<unsigned char>(query.at(pos)) * 256) + static_cast<unsigned char>(query.at(pos + 1))); |
189 | | /* skip the rd length */ |
190 | | /* already compared above */ |
191 | 752 | pos += sizeof(uint16_t); |
192 | | |
193 | 752 | if (rdLen > (querySize - pos)) { |
194 | | /* something is wrong, let's just compare everything */ |
195 | 184 | return cachedQuery.compare(pos, cachedQuerySize - pos, query, pos, querySize - pos) == 0; |
196 | 184 | } |
197 | | |
198 | 568 | uint16_t rdataRead = 0; |
199 | 568 | uint16_t optionCode; |
200 | 568 | uint16_t optionLen; |
201 | | |
202 | 11.6k | while (pos < querySize && rdataRead < rdLen && getNextEDNSOption(&query.at(pos), rdLen - rdataRead, optionCode, optionLen)) { |
203 | 11.2k | if (optionLen > (rdLen - rdataRead)) { |
204 | 180 | return cachedQuery.compare(pos, cachedQuerySize - pos, query, pos, querySize - pos) == 0; |
205 | 180 | } |
206 | | |
207 | | /* compare the option code and length */ |
208 | 11.1k | if (cachedQuery.compare(pos, 4, query, pos, 4) != 0) { |
209 | 0 | return false; |
210 | 0 | } |
211 | 11.1k | pos += 4; |
212 | 11.1k | rdataRead += 4; |
213 | | |
214 | 11.1k | if (optionLen > 0 && optionsToIgnore.count(optionCode) == 0) { |
215 | 4.91k | if (cachedQuery.compare(pos, optionLen, query, pos, optionLen) != 0) { |
216 | 0 | return false; |
217 | 0 | } |
218 | 4.91k | } |
219 | 11.1k | pos += optionLen; |
220 | 11.1k | rdataRead += optionLen; |
221 | 11.1k | } |
222 | | |
223 | 388 | if (pos >= querySize) { |
224 | 178 | return true; |
225 | 178 | } |
226 | | |
227 | 210 | return cachedQuery.compare(pos, cachedQuerySize - pos, query, pos, querySize - pos) == 0; |
228 | 388 | } |
229 | | |
230 | | }; |