mirror of https://github.com/getdnsapi/getdns.git
Better retry on badcookie flooding prevention
This commit is contained in:
Willem Toorop
parent
8b62970e0c
commit
de13a0c32d
|
|
@ -209,6 +209,7 @@ network_req_init(getdns_network_req *net_req, getdns_dns_req *owner,
|
|||
net_req->transport_current = 0;
|
||||
memset(&net_req->event, 0, sizeof(net_req->event));
|
||||
net_req->keepalive_sent = 0;
|
||||
net_req->badcookie_retry = 0;
|
||||
net_req->write_queue_tail = NULL;
|
||||
/* Some fields to record info for return_call_reporting */
|
||||
net_req->debug_tls_auth_status = GETDNS_AUTH_NONE;
|
||||
|
|
|
|||
|
|
@ -1358,7 +1358,6 @@ stub_udp_read_cb(void *userarg)
|
|||
getdns_network_req *netreq = (getdns_network_req *)userarg;
|
||||
getdns_dns_req *dnsreq = netreq->owner;
|
||||
getdns_upstream *upstream = netreq->upstream;
|
||||
int prev_server_cookie = 0;
|
||||
ssize_t read;
|
||||
DEBUG_STUB("%s %-35s: MSG: %p \n", STUB_DEBUG_READ,
|
||||
__FUNC__, (void*)netreq);
|
||||
|
|
@ -1399,7 +1398,6 @@ stub_udp_read_cb(void *userarg)
|
|||
return; /* Cache poisoning attempt ;) */
|
||||
|
||||
if (netreq->owner->edns_cookies) {
|
||||
prev_server_cookie = upstream->has_server_cookie;
|
||||
netreq->response_len = read;
|
||||
if (match_and_process_server_cookie(upstream, netreq)) {
|
||||
netreq->response_len = 0; /* 0 means error */
|
||||
|
|
@ -1434,14 +1432,14 @@ stub_udp_read_cb(void *userarg)
|
|||
}
|
||||
netreq->response_len = read;
|
||||
if (netreq->owner->edns_cookies
|
||||
&& !prev_server_cookie
|
||||
&& upstream->has_server_cookie /* newly learned server cookie */
|
||||
&& !netreq->badcookie_retry
|
||||
&& netreq->response_opt /* actually: assert(netreq->response_opt) */
|
||||
&& (netreq->response_opt[-4] << 4 | GLDNS_RCODE_WIRE(netreq->response))
|
||||
== GETDNS_RCODE_BADCOOKIE
|
||||
&& netreq->fd >= 0) {
|
||||
|
||||
/* Retry over UDP with the newly learned Cookie */
|
||||
netreq->badcookie_retry = 1;
|
||||
GETDNS_SCHEDULE_EVENT(dnsreq->loop, netreq->fd,
|
||||
_getdns_ms_until_expiry(dnsreq->expires),
|
||||
getdns_eventloop_event_init(&netreq->event, netreq,
|
||||
|
|
|
|||
|
|
@ -233,8 +233,6 @@ typedef struct getdns_network_req
|
|||
int edns_maximum_udp_payload_size;
|
||||
uint16_t max_udp_payload_size;
|
||||
|
||||
size_t keepalive_sent;
|
||||
|
||||
/* Network requests scheduled to write after me */
|
||||
struct getdns_network_req *write_queue_tail;
|
||||
|
||||
|
|
@ -244,7 +242,11 @@ typedef struct getdns_network_req
|
|||
getdns_auth_state_t debug_tls_auth_status;
|
||||
getdns_bindata debug_tls_peer_cert;
|
||||
const char *debug_tls_version;
|
||||
size_t debug_udp;
|
||||
|
||||
/* Some booleans */
|
||||
unsigned debug_udp : 1;
|
||||
unsigned keepalive_sent : 1;
|
||||
unsigned badcookie_retry: 1;
|
||||
|
||||
/* When more space is needed for the wire_data response than is
|
||||
* available in wire_data[], it will be allocated separately.
|
||||
|
|
|
|||
Loading…
Reference in New Issue