Changeset 700
- Timestamp:
- 04/14/06 14:35:19 (4 years ago)
- Location:
- trunk/pdns/pdns
- Files:
-
- 6 modified
-
dnspbench.cc (modified) (1 diff)
-
lwres.cc (modified) (1 diff)
-
lwres.hh (modified) (1 diff)
-
pdns_recursor.cc (modified) (5 diffs)
-
rec_channel_rec.cc (modified) (1 diff)
-
syncres.hh (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/pdns/pdns/dnspbench.cc
r699 r700 47 47 Socket s(InterNetwork, Datagram); 48 48 49 IPEndpoint rem("1 27.0.0.1",1232), loc("213.156.2.1", 53);49 IPEndpoint rem("10.0.1.6",35515), loc("213.156.2.1", 53); 50 50 s.bind(loc); 51 51 -
trunk/pdns/pdns/lwres.cc
r697 r700 89 89 // sleep until we see an answer to this, interface to mtasker 90 90 91 ret=arecvfrom(reinterpret_cast<char *>(d_buf), d_bufsize-1,0,(struct sockaddr*)(&toaddr), &addrlen, &d_len, pw.getHeader()->id );91 ret=arecvfrom(reinterpret_cast<char *>(d_buf), d_bufsize-1,0,(struct sockaddr*)(&toaddr), &addrlen, &d_len, pw.getHeader()->id, domain); 92 92 } 93 93 else { -
trunk/pdns/pdns/lwres.hh
r694 r700 45 45 46 46 int asendto(const char *data, int len, int flags, struct sockaddr *toaddr, int addrlen, int id); 47 int arecvfrom(char *data, int len, int flags, struct sockaddr *toaddr, Utility::socklen_t *addrlen, int *d_len, int id );47 int arecvfrom(char *data, int len, int flags, struct sockaddr *toaddr, Utility::socklen_t *addrlen, int *d_len, int id, const string& domain); 48 48 49 49 class LWResException : public AhuException -
trunk/pdns/pdns/pdns_recursor.cc
r699 r700 173 173 174 174 // -1 is error, 0 is timeout, 1 is success 175 int arecvfrom(char *data, int len, int flags, struct sockaddr *toaddr, Utility::socklen_t *addrlen, int *d_len, int id) 176 { 175 int arecvfrom(char *data, int len, int flags, struct sockaddr *toaddr, Utility::socklen_t *addrlen, int *d_len, int id, const string& domain) 176 { 177 static optional<unsigned int> nearMissLimit; 178 if(!nearMissLimit) 179 nearMissLimit=::arg().asNum("spoof-nearmiss-max"); 180 177 181 PacketID pident; 178 182 pident.id=id; 183 pident.domain=domain; 179 184 memcpy(&pident.remote, toaddr, sizeof(pident.remote)); 180 185 … … 184 189 *d_len=packet.size(); 185 190 memcpy(data,packet.c_str(),min(len,*d_len)); 186 if(pident.nearMisses > 100) { 187 L<<Logger::Error<<"Too many ("<<pident.nearMisses<<") bogus answers came in from "<<sockAddrToString((struct sockaddr_in*)toaddr, sizeof(pident.remote))<<", assuming spoof attempt."<<endl; 191 if(*nearMissLimit && pident.nearMisses > *nearMissLimit) { 192 L<<Logger::Error<<"Too many ("<<pident.nearMisses<<" > "<<*nearMissLimit<<") bogus answers for '"<<domain<<"' from "<<sockAddrToString((struct sockaddr_in*)toaddr, sizeof(pident.remote))<<", assuming spoof attempt."<<endl; 193 g_stats.spoofCount++; 188 194 return -1; 189 195 } … … 741 747 } 742 748 #endif 749 750 string questionExpand(const char* packet, uint16_t len) 751 { 752 const char* end=packet+len; 753 const char* pos=packet+12; 754 unsigned char labellen; 755 string ret; 756 757 while((labellen=*pos++)) { 758 if(pos+labellen > end) 759 break; 760 ret.append(pos, labellen); 761 ret.append(1,'.'); 762 pos+=labellen; 763 } 764 if(ret.empty()) 765 ret="."; 766 return ret; 767 } 743 768 744 769 int main(int argc, char **argv) … … 779 804 ::arg().set("max-tcp-per-client", "If set, maximum number of TCP sessions per client (IP address)")="0"; 780 805 ::arg().set("fork", "If set, fork the daemon for possible double performance")="no"; 806 ::arg().set("spoof-nearmiss-max", "If non-zero, assume spoofing after this many near misses")="20"; 781 807 782 808 ::arg().setCmd("help","Provide a helpful message"); … … 999 1025 pident.remote=fromaddr; 1000 1026 pident.id=dh.id; 1027 pident.domain=questionExpand(data, d_len); 1001 1028 string packet; 1002 1029 packet.assign(data, d_len); 1003 1030 if(!MT->sendEvent(pident, &packet)) { 1004 1031 if(logCommonErrors) 1005 L<<Logger::Warning<<"Discarding unexpected packet from "<<sockAddrToString((struct sockaddr_in*) &fromaddr, addrlen)<<endl;1032 L<<Logger::Warning<<"Discarding unexpected packet answering '"<<pident.domain<<"' from "<<sockAddrToString((struct sockaddr_in*) &fromaddr, addrlen)<<endl; 1006 1033 g_stats.unexpectedCount++; 1007 1034 1008 1035 for(MT_t::waiters_t::iterator mthread=MT->d_waiters.begin(); mthread!=MT->d_waiters.end(); ++mthread) { 1009 if(!memcmp(&mthread->key.remote.sin_addr, &pident.remote.sin_addr, sizeof(pident.remote.sin_addr)) ) {1036 if(!memcmp(&mthread->key.remote.sin_addr, &pident.remote.sin_addr, sizeof(pident.remote.sin_addr)) && !strcasecmp(pident.domain.c_str(), mthread->key.domain.c_str())) { 1010 1037 mthread->key.nearMisses++; 1011 1038 } -
trunk/pdns/pdns/rec_channel_rec.cc
r678 r700 154 154 155 155 addGetStat("qa-latency", &g_stats.avgLatencyUsec); 156 addGetStat("unexpected-packets", &g_stats.unexpectedCount); 157 addGetStat("spoof-prevents", &g_stats.spoofCount); 156 158 157 159 addGetStat("negcache-entries", boost::bind(&SyncRes::negcache_t::size, ref(SyncRes::s_negcache))); -
trunk/pdns/pdns/syncres.hh
r699 r700 323 323 uint16_t id; // wait for a specific id/remote pair 324 324 struct sockaddr_in remote; // this is the remote 325 string domain; // this is the question 325 326 326 327 Socket* sock; // or wait for an event on a TCP fd … … 337 338 int ourSock= sock ? sock->getHandle() : 0; 338 339 int bSock = b.sock ? b.sock->getHandle() : 0; 339 return 340 tie(id, remote.sin_addr.s_addr, remote.sin_port, ourSock) < 341 tie(b.id, b.remote.sin_addr.s_addr, b.remote.sin_port, bSock); 340 if( tie(id, remote.sin_addr.s_addr, remote.sin_port, ourSock) < 341 tie(b.id, b.remote.sin_addr.s_addr, b.remote.sin_port, bSock)) 342 return true; 343 if( tie(id, remote.sin_addr.s_addr, remote.sin_port, ourSock) > 344 tie(b.id, b.remote.sin_addr.s_addr, b.remote.sin_port, bSock)) 345 return false; 346 347 return strcasecmp(domain.c_str(), b.domain.c_str()) < 0; 342 348 } 343 349 }; … … 362 368 uint64_t serverParseError; 363 369 uint64_t unexpectedCount; 370 uint64_t spoofCount; 364 371 }; 365 372
