X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fcoremods%2Fcore_dns.cpp;h=753b41f430531103556321df6f5b5f190d03ae5a;hb=2df0e9048693d88bac78ebb370b3a2529e66223d;hp=a7ed8d3ed3a63334193cac94cfab8e6d24dd5d96;hpb=edfe7f035ea83731b9316d40d64402411a531426;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/coremods/core_dns.cpp b/src/coremods/core_dns.cpp index a7ed8d3ed..753b41f43 100644 --- a/src/coremods/core_dns.cpp +++ b/src/coremods/core_dns.cpp @@ -27,12 +27,24 @@ #pragma comment(lib, "Iphlpapi.lib") #endif +namespace DNS +{ + /** Maximum value of a dns request id, 16 bits wide, 0xFFFF. + */ + const unsigned int MAX_REQUEST_ID = 0xFFFF; +} + using namespace DNS; /** A full packet sent or recieved to/from the nameserver */ class Packet : public Query { + static bool IsValidName(const std::string& name) + { + return (name.find_first_not_of("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.-") == std::string::npos); + } + void PackName(unsigned char* output, unsigned short output_size, unsigned short& pos, const std::string& name) { if (pos + name.length() + 2 > output_size) @@ -183,6 +195,9 @@ class Packet : public Query case QUERY_PTR: { record.rdata = this->UnpackName(input, input_size, pos); + if (!IsValidName(record.rdata)) + throw Exception("Invalid name"); // XXX: Causes the request to time out + break; } default: @@ -323,6 +338,11 @@ class MyManager : public Manager, public Timer, public EventHandler cache_map cache; irc::sockets::sockaddrs myserver; + bool unloading; + + /** Maximum number of entries in cache + */ + static const unsigned int MAX_CACHE_SIZE = 1000; static bool IsExpired(const Query& record, time_t now = ServerInstance->Time()) { @@ -359,7 +379,22 @@ class MyManager : public Manager, public Timer, public EventHandler */ void AddCache(Query& r) { - const ResourceRecord& rr = r.answers[0]; + if (cache.size() >= MAX_CACHE_SIZE) + cache.clear(); + + // Determine the lowest TTL value and use that as the TTL of the cache entry + unsigned int cachettl = UINT_MAX; + for (std::vector::const_iterator i = r.answers.begin(); i != r.answers.end(); ++i) + { + const ResourceRecord& rr = *i; + if (rr.ttl < cachettl) + cachettl = rr.ttl; + } + + cachettl = std::min(cachettl, (unsigned int)5*60); + ResourceRecord& rr = r.answers.front(); + // Set TTL to what we've determined to be the lowest + rr.ttl = cachettl; ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "cache: added cache for " + rr.name + " -> " + rr.rdata + " ttl: " + ConvToStr(rr.ttl)); this->cache[r.question] = r; } @@ -367,7 +402,8 @@ class MyManager : public Manager, public Timer, public EventHandler public: DNS::Request* requests[MAX_REQUEST_ID+1]; - MyManager(Module* c) : Manager(c), Timer(3600, true) + MyManager(Module* c) : Manager(c), Timer(5*60, true) + , unloading(false) { for (unsigned int i = 0; i <= MAX_REQUEST_ID; ++i) requests[i] = NULL; @@ -376,13 +412,16 @@ class MyManager : public Manager, public Timer, public EventHandler ~MyManager() { + // Ensure Process() will fail for new requests + unloading = true; + for (unsigned int i = 0; i <= MAX_REQUEST_ID; ++i) { DNS::Request* request = requests[i]; if (!request) continue; - Query rr(*request); + Query rr(request->question); rr.error = ERROR_UNKNOWN; request->OnError(&rr); @@ -392,7 +431,10 @@ class MyManager : public Manager, public Timer, public EventHandler void Process(DNS::Request* req) { - ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "Processing request to lookup " + req->name + " of type " + ConvToStr(req->type) + " to " + this->myserver.addr()); + if ((unloading) || (req->creator->dying)) + throw Exception("Module is being unloaded"); + + ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "Processing request to lookup " + req->question.name + " of type " + ConvToStr(req->question.type) + " to " + this->myserver.addr()); /* Create an id */ unsigned int tries = 0; @@ -429,7 +471,7 @@ class MyManager : public Manager, public Timer, public EventHandler Packet p; p.flags = QUERYFLAGS_RD; p.id = req->id; - p.question = *req; + p.question = req->question; unsigned char buffer[524]; unsigned short len = p.Pack(buffer, sizeof(buffer)); @@ -444,13 +486,20 @@ class MyManager : public Manager, public Timer, public EventHandler return; } + // Update name in the original request so question checking works for PTR queries + req->question.name = p.question.name; + if (SocketEngine::SendTo(this, buffer, len, 0, &this->myserver.sa, this->myserver.sa_size()) != len) throw Exception("DNS: Unable to send query"); + + // Add timer for timeout + ServerInstance->Timers.AddTimer(req); } void RemoveRequest(DNS::Request* req) { - this->requests[req->id] = NULL; + if (requests[req->id] == req) + requests[req->id] = NULL; } std::string GetErrorStr(Error e) @@ -464,6 +513,7 @@ class MyManager : public Manager, public Timer, public EventHandler case ERROR_NOT_AN_ANSWER: case ERROR_NONSTANDARD_QUERY: case ERROR_FORMAT_ERROR: + case ERROR_MALFORMED: return "Malformed answer"; case ERROR_SERVER_FAILURE: case ERROR_NOT_IMPLEMENTED: @@ -506,17 +556,19 @@ class MyManager : public Manager, public Timer, public EventHandler } Packet recv_packet; + bool valid = false; try { recv_packet.Fill(buffer, length); + valid = true; } catch (Exception& ex) { ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, ex.GetReason()); - return; } + // recv_packet.id must be filled in here DNS::Request* request = this->requests[recv_packet.id]; if (request == NULL) { @@ -524,14 +576,27 @@ class MyManager : public Manager, public Timer, public EventHandler return; } - if (recv_packet.flags & QUERYFLAGS_OPCODE) + if (request->question != recv_packet.question) + { + // This can happen under high latency, drop it silently, do not fail the request + ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "Received an answer that isn't for a question we asked"); + return; + } + + if (!valid) + { + ServerInstance->stats.DnsBad++; + recv_packet.error = ERROR_MALFORMED; + request->OnError(&recv_packet); + } + else if (recv_packet.flags & QUERYFLAGS_OPCODE) { ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "Received a nonstandard query"); ServerInstance->stats.DnsBad++; recv_packet.error = ERROR_NONSTANDARD_QUERY; request->OnError(&recv_packet); } - else if (recv_packet.flags & QUERYFLAGS_RCODE) + else if (!(recv_packet.flags & QUERYFLAGS_QR) || (recv_packet.flags & QUERYFLAGS_RCODE)) { Error error = ERROR_UNKNOWN; @@ -574,7 +639,7 @@ class MyManager : public Manager, public Timer, public EventHandler } else { - ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "Lookup complete for " + request->name); + ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "Lookup complete for " + request->question.name); ServerInstance->stats.DnsGood++; request->OnLookupComplete(&recv_packet); this->AddCache(recv_packet); @@ -601,7 +666,7 @@ class MyManager : public Manager, public Timer, public EventHandler return true; } - void Rehash(const std::string& dnsserver) + void Rehash(const std::string& dnsserver, std::string sourceaddr, unsigned int sourceport) { if (this->GetFd() > -1) { @@ -625,8 +690,15 @@ class MyManager : public Manager, public Timer, public EventHandler SocketEngine::NonBlocking(s); irc::sockets::sockaddrs bindto; - memset(&bindto, 0, sizeof(bindto)); - bindto.sa.sa_family = myserver.sa.sa_family; + if (sourceaddr.empty()) + { + // set a sourceaddr for irc::sockets::aptosa() based on the servers af type + if (myserver.sa.sa_family == AF_INET) + sourceaddr = "0.0.0.0"; + else if (myserver.sa.sa_family == AF_INET6) + sourceaddr = "::"; + } + irc::sockets::aptosa(sourceaddr, sourceport, bindto); if (SocketEngine::Bind(this->GetFd(), bindto) < 0) { @@ -641,6 +713,9 @@ class MyManager : public Manager, public Timer, public EventHandler SocketEngine::Close(this->GetFd()); this->SetFd(-1); } + + if (bindto.sa.sa_family != myserver.sa.sa_family) + ServerInstance->Logs->Log(MODNAME, LOG_SPARSE, "Nameserver address family differs from source address family - hostnames might not resolve"); } else { @@ -653,12 +728,14 @@ class ModuleDNS : public Module { MyManager manager; std::string DNSServer; + std::string SourceIP; + unsigned int SourcePort; void FindDNSServer() { #ifdef _WIN32 // attempt to look up their nameserver from the system - ServerInstance->Logs->Log("CONFIG", LOG_DEFAULT, "WARNING: not defined, attempting to find a working server in the system settings..."); + ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "WARNING: not defined, attempting to find a working server in the system settings..."); PFIXED_INFO pFixedInfo; DWORD dwBufferSize = sizeof(FIXED_INFO); @@ -682,15 +759,15 @@ class ModuleDNS : public Module if (!DNSServer.empty()) { - ServerInstance->Logs->Log("CONFIG", LOG_DEFAULT, " set to '%s' as first active resolver in the system settings.", DNSServer.c_str()); + ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, " set to '%s' as first active resolver in the system settings.", DNSServer.c_str()); return; } } - ServerInstance->Logs->Log("CONFIG", LOG_DEFAULT, "No viable nameserver found! Defaulting to nameserver '127.0.0.1'!"); + ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "No viable nameserver found! Defaulting to nameserver '127.0.0.1'!"); #else // attempt to look up their nameserver from /etc/resolv.conf - ServerInstance->Logs->Log("CONFIG", LOG_DEFAULT, "WARNING: not defined, attempting to find working server in /etc/resolv.conf..."); + ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "WARNING: not defined, attempting to find working server in /etc/resolv.conf..."); std::ifstream resolv("/etc/resolv.conf"); @@ -699,33 +776,41 @@ class ModuleDNS : public Module if (DNSServer == "nameserver") { resolv >> DNSServer; - if (DNSServer.find_first_not_of("0123456789.") == std::string::npos) + if (DNSServer.find_first_not_of("0123456789.") == std::string::npos || DNSServer.find_first_not_of("0123456789ABCDEFabcdef:") == std::string::npos) { - ServerInstance->Logs->Log("CONFIG", LOG_DEFAULT, " set to '%s' as first resolver in /etc/resolv.conf.",DNSServer.c_str()); + ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, " set to '%s' as first resolver in /etc/resolv.conf.",DNSServer.c_str()); return; } } } - ServerInstance->Logs->Log("CONFIG", LOG_DEFAULT, "/etc/resolv.conf contains no viable nameserver entries! Defaulting to nameserver '127.0.0.1'!"); + ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "/etc/resolv.conf contains no viable nameserver entries! Defaulting to nameserver '127.0.0.1'!"); #endif DNSServer = "127.0.0.1"; } public: - ModuleDNS() : manager(this) + ModuleDNS() : manager(this) + , SourcePort(0) { } void ReadConfig(ConfigStatus& status) CXX11_OVERRIDE { std::string oldserver = DNSServer; - DNSServer = ServerInstance->Config->ConfValue("dns")->getString("server"); + const std::string oldip = SourceIP; + const unsigned int oldport = SourcePort; + + ConfigTag* tag = ServerInstance->Config->ConfValue("dns"); + DNSServer = tag->getString("server"); + SourceIP = tag->getString("sourceip"); + SourcePort = tag->getInt("sourceport", 0, 0, 65535); + if (DNSServer.empty()) FindDNSServer(); - if (oldserver != DNSServer) - this->manager.Rehash(DNSServer); + if (oldserver != DNSServer || oldip != SourceIP || oldport != SourcePort) + this->manager.Rehash(DNSServer, SourceIP, SourcePort); } void OnUnloadModule(Module* mod) @@ -738,7 +823,7 @@ class ModuleDNS : public Module if (req->creator == mod) { - Query rr(*req); + Query rr(req->question); rr.error = ERROR_UNLOADED; req->OnError(&rr);