2021-05-27 17:19:19 +01:00
|
|
|
package dnsforward
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"encoding/binary"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/AdguardTeam/golibs/cache"
|
|
|
|
"github.com/AdguardTeam/golibs/log"
|
2021-08-09 14:03:37 +01:00
|
|
|
"github.com/AdguardTeam/golibs/netutil"
|
2021-05-27 17:19:19 +01:00
|
|
|
"github.com/miekg/dns"
|
|
|
|
)
|
|
|
|
|
|
|
|
// uint* sizes in bytes to improve readability.
|
|
|
|
//
|
|
|
|
// TODO(e.burkov): Remove when there will be a more regardful way to define
|
|
|
|
// those. See https://github.com/golang/go/issues/29982.
|
|
|
|
const (
|
|
|
|
uint16sz = 2
|
|
|
|
uint64sz = 8
|
|
|
|
)
|
|
|
|
|
|
|
|
// recursionDetector detects recursion in DNS forwarding.
|
|
|
|
type recursionDetector struct {
|
|
|
|
recentRequests cache.Cache
|
|
|
|
ttl time.Duration
|
|
|
|
}
|
|
|
|
|
2021-05-31 11:25:40 +01:00
|
|
|
// check checks if the passed req was already sent by the server.
|
2021-05-27 17:19:19 +01:00
|
|
|
func (rd *recursionDetector) check(msg dns.Msg) (ok bool) {
|
|
|
|
if len(msg.Question) == 0 {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
key := msgToSignature(msg)
|
|
|
|
expireData := rd.recentRequests.Get(key)
|
|
|
|
if expireData == nil {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
expire := time.Unix(0, int64(binary.BigEndian.Uint64(expireData)))
|
|
|
|
|
|
|
|
return time.Now().Before(expire)
|
|
|
|
}
|
|
|
|
|
|
|
|
// add caches the msg if it has anything in the questions section.
|
|
|
|
func (rd *recursionDetector) add(msg dns.Msg) {
|
|
|
|
now := time.Now()
|
|
|
|
|
|
|
|
if len(msg.Question) == 0 {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
key := msgToSignature(msg)
|
|
|
|
expire64 := uint64(now.Add(rd.ttl).UnixNano())
|
|
|
|
expire := make([]byte, uint64sz)
|
|
|
|
binary.BigEndian.PutUint64(expire, expire64)
|
|
|
|
|
|
|
|
rd.recentRequests.Set(key, expire)
|
|
|
|
}
|
|
|
|
|
|
|
|
// clear clears the recent requests cache.
|
|
|
|
func (rd *recursionDetector) clear() {
|
|
|
|
rd.recentRequests.Clear()
|
|
|
|
}
|
|
|
|
|
|
|
|
// newRecursionDetector returns the initialized *recursionDetector.
|
|
|
|
func newRecursionDetector(ttl time.Duration, suspectsNum uint) (rd *recursionDetector) {
|
|
|
|
return &recursionDetector{
|
|
|
|
recentRequests: cache.New(cache.Config{
|
|
|
|
EnableLRU: true,
|
|
|
|
MaxCount: suspectsNum,
|
|
|
|
}),
|
|
|
|
ttl: ttl,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// msgToSignature converts msg into it's signature represented in bytes.
|
|
|
|
func msgToSignature(msg dns.Msg) (sig []byte) {
|
2021-08-09 14:03:37 +01:00
|
|
|
sig = make([]byte, uint16sz*2+netutil.MaxDomainNameLen)
|
2021-12-27 16:40:39 +00:00
|
|
|
// The binary.BigEndian byte order is used everywhere except when the real
|
|
|
|
// machine's endianness is needed.
|
2021-05-27 17:19:19 +01:00
|
|
|
byteOrder := binary.BigEndian
|
|
|
|
byteOrder.PutUint16(sig[0:], msg.Id)
|
|
|
|
q := msg.Question[0]
|
|
|
|
byteOrder.PutUint16(sig[uint16sz:], q.Qtype)
|
|
|
|
copy(sig[2*uint16sz:], []byte(q.Name))
|
|
|
|
|
|
|
|
return sig
|
|
|
|
}
|
|
|
|
|
|
|
|
// msgToSignatureSlow converts msg into it's signature represented in bytes in
|
|
|
|
// the less efficient way.
|
|
|
|
//
|
|
|
|
// See BenchmarkMsgToSignature.
|
|
|
|
func msgToSignatureSlow(msg dns.Msg) (sig []byte) {
|
|
|
|
type msgSignature struct {
|
2021-08-09 14:03:37 +01:00
|
|
|
name [netutil.MaxDomainNameLen]byte
|
2021-05-27 17:19:19 +01:00
|
|
|
id uint16
|
|
|
|
qtype uint16
|
|
|
|
}
|
|
|
|
|
|
|
|
b := bytes.NewBuffer(sig)
|
|
|
|
q := msg.Question[0]
|
|
|
|
signature := msgSignature{
|
|
|
|
id: msg.Id,
|
|
|
|
qtype: q.Qtype,
|
|
|
|
}
|
|
|
|
copy(signature.name[:], q.Name)
|
|
|
|
if err := binary.Write(b, binary.BigEndian, signature); err != nil {
|
|
|
|
log.Debug("writing message signature: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return b.Bytes()
|
|
|
|
}
|