mirror of
https://github.com/DNSCrypt/dnscrypt-proxy.git
synced 2025-04-05 14:17:36 +03:00
Improved return codes
This commit is contained in:
Frank Denis
parent
3bbdf93095
commit
977dcad826
6 changed files with 59 additions and 24 deletions
|
|
@ -121,7 +121,7 @@ func (plugin *PluginBlockIP) Eval(pluginsState *PluginsState, msg *dns.Msg) erro
|
||||||
}
|
}
|
||||||
if reject {
|
if reject {
|
||||||
pluginsState.action = PluginsActionReject
|
pluginsState.action = PluginsActionReject
|
||||||
pluginsState.rcode = dns.RcodeRefused
|
pluginsState.returnCode = PluginsReturnCodeReject
|
||||||
if plugin.logger != nil {
|
if plugin.logger != nil {
|
||||||
questions := msg.Question
|
questions := msg.Question
|
||||||
if len(questions) != 1 {
|
if len(questions) != 1 {
|
||||||
|
|
|
||||||
|
|
@ -66,6 +66,6 @@ func (plugin *PluginBlockIPv6) Eval(pluginsState *PluginsState, msg *dns.Msg) er
|
||||||
synth.Ns = []dns.RR{soa}
|
synth.Ns = []dns.RR{soa}
|
||||||
pluginsState.synthResponse = synth
|
pluginsState.synthResponse = synth
|
||||||
pluginsState.action = PluginsActionSynth
|
pluginsState.action = PluginsActionSynth
|
||||||
pluginsState.rcode = dns.RcodeNotImplemented
|
pluginsState.returnCode = PluginsReturnCodeSynth
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -103,7 +103,7 @@ func (plugin *PluginBlockName) Eval(pluginsState *PluginsState, msg *dns.Msg) er
|
||||||
}
|
}
|
||||||
if reject {
|
if reject {
|
||||||
pluginsState.action = PluginsActionReject
|
pluginsState.action = PluginsActionReject
|
||||||
pluginsState.rcode = dns.RcodeRefused
|
pluginsState.returnCode = PluginsReturnCodeReject
|
||||||
if plugin.logger != nil {
|
if plugin.logger != nil {
|
||||||
var clientIPStr string
|
var clientIPStr string
|
||||||
if pluginsState.clientProto == "udp" {
|
if pluginsState.clientProto == "udp" {
|
||||||
|
|
|
||||||
|
|
@ -66,6 +66,10 @@ func (plugin *PluginQueryLog) Eval(pluginsState *PluginsState, msg *dns.Msg) err
|
||||||
clientIPStr = (*pluginsState.clientAddr).(*net.TCPAddr).IP.String()
|
clientIPStr = (*pluginsState.clientAddr).(*net.TCPAddr).IP.String()
|
||||||
}
|
}
|
||||||
qName := StripTrailingDot(question.Name)
|
qName := StripTrailingDot(question.Name)
|
||||||
|
returnCode, ok := PluginsReturnCodeToString[pluginsState.returnCode]
|
||||||
|
if !ok {
|
||||||
|
returnCode = string(returnCode)
|
||||||
|
}
|
||||||
|
|
||||||
var line string
|
var line string
|
||||||
if plugin.format == "tsv" {
|
if plugin.format == "tsv" {
|
||||||
|
|
@ -73,14 +77,10 @@ func (plugin *PluginQueryLog) Eval(pluginsState *PluginsState, msg *dns.Msg) err
|
||||||
year, month, day := now.Date()
|
year, month, day := now.Date()
|
||||||
hour, minute, second := now.Clock()
|
hour, minute, second := now.Clock()
|
||||||
tsStr := fmt.Sprintf("[%d-%02d-%02d %02d:%02d:%02d]", year, int(month), day, hour, minute, second)
|
tsStr := fmt.Sprintf("[%d-%02d-%02d %02d:%02d:%02d]", year, int(month), day, hour, minute, second)
|
||||||
line = fmt.Sprintf("%s\t%s\t%s\t%s\n", tsStr, clientIPStr, StringQuote(qName), qType)
|
line = fmt.Sprintf("%s\t%s\t%s\t%s\t%s\n", tsStr, clientIPStr, StringQuote(qName), qType, returnCode)
|
||||||
} else if plugin.format == "ltsv" {
|
} else if plugin.format == "ltsv" {
|
||||||
rcode, ok := dns.RcodeToString[int(pluginsState.rcode)]
|
line = fmt.Sprintf("time:%d\thost:%s\tmessage:%s\ttype:%s\treturn:%s\n",
|
||||||
if !ok {
|
time.Now().Unix(), clientIPStr, StringQuote(qName), qType, returnCode)
|
||||||
rcode = string(rcode)
|
|
||||||
}
|
|
||||||
line = fmt.Sprintf("time:%d\thost:%s\tmessage:%s\ttype:%s\trcode:%s\n",
|
|
||||||
time.Now().Unix(), clientIPStr, StringQuote(qName), qType, rcode)
|
|
||||||
} else {
|
} else {
|
||||||
dlog.Fatalf("Unexpected log format: [%s]", plugin.format)
|
dlog.Fatalf("Unexpected log format: [%s]", plugin.format)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -26,6 +26,32 @@ type PluginsGlobals struct {
|
||||||
loggingPlugins *[]Plugin
|
loggingPlugins *[]Plugin
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type PluginsReturnCode int
|
||||||
|
|
||||||
|
const (
|
||||||
|
PluginsReturnCodePass = iota
|
||||||
|
PluginsReturnCodeForward
|
||||||
|
PluginsReturnCodeDrop
|
||||||
|
PluginsReturnCodeReject
|
||||||
|
PluginsReturnCodeSynth
|
||||||
|
PluginsReturnCodeParseError
|
||||||
|
PluginsReturnCodeNXDomain
|
||||||
|
PluginsReturnCodeResponseError
|
||||||
|
PluginsReturnCodeServerError
|
||||||
|
)
|
||||||
|
|
||||||
|
var PluginsReturnCodeToString = map[PluginsReturnCode]string{
|
||||||
|
PluginsReturnCodePass: "PASS",
|
||||||
|
PluginsReturnCodeForward: "FORWARD",
|
||||||
|
PluginsReturnCodeDrop: "DROP",
|
||||||
|
PluginsReturnCodeReject: "REJECT",
|
||||||
|
PluginsReturnCodeSynth: "SYNTH",
|
||||||
|
PluginsReturnCodeParseError: "PARSE_ERROR",
|
||||||
|
PluginsReturnCodeNXDomain: "NXDOMAIN",
|
||||||
|
PluginsReturnCodeResponseError: "RESPONSE_ERROR",
|
||||||
|
PluginsReturnCodeServerError: "SERVER_ERROR",
|
||||||
|
}
|
||||||
|
|
||||||
type PluginsState struct {
|
type PluginsState struct {
|
||||||
sessionData map[string]interface{}
|
sessionData map[string]interface{}
|
||||||
action PluginsAction
|
action PluginsAction
|
||||||
|
|
@ -41,7 +67,7 @@ type PluginsState struct {
|
||||||
cacheMinTTL uint32
|
cacheMinTTL uint32
|
||||||
cacheMaxTTL uint32
|
cacheMaxTTL uint32
|
||||||
questionMsg *dns.Msg
|
questionMsg *dns.Msg
|
||||||
rcode uint8
|
returnCode PluginsReturnCode
|
||||||
}
|
}
|
||||||
|
|
||||||
func InitPluginsGlobals(pluginsGlobals *PluginsGlobals, proxy *Proxy) error {
|
func InitPluginsGlobals(pluginsGlobals *PluginsGlobals, proxy *Proxy) error {
|
||||||
|
|
@ -179,7 +205,16 @@ func (pluginsState *PluginsState) ApplyResponsePlugins(pluginsGlobals *PluginsGl
|
||||||
}
|
}
|
||||||
return packet, err
|
return packet, err
|
||||||
}
|
}
|
||||||
pluginsState.rcode = Rcode(packet)
|
switch Rcode(packet) {
|
||||||
|
case dns.RcodeSuccess:
|
||||||
|
pluginsState.returnCode = PluginsReturnCodePass
|
||||||
|
case dns.RcodeNameError:
|
||||||
|
pluginsState.returnCode = PluginsReturnCodeNXDomain
|
||||||
|
case dns.RcodeServerFailure:
|
||||||
|
pluginsState.returnCode = PluginsReturnCodeServerError
|
||||||
|
default:
|
||||||
|
pluginsState.returnCode = PluginsReturnCodeResponseError
|
||||||
|
}
|
||||||
pluginsGlobals.RLock()
|
pluginsGlobals.RLock()
|
||||||
for _, plugin := range *pluginsGlobals.responsePlugins {
|
for _, plugin := range *pluginsGlobals.responsePlugins {
|
||||||
if ret := plugin.Eval(pluginsState, &msg); ret != nil {
|
if ret := plugin.Eval(pluginsState, &msg); ret != nil {
|
||||||
|
|
|
||||||
|
|
@ -8,8 +8,6 @@ import (
|
||||||
"sync/atomic"
|
"sync/atomic"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/miekg/dns"
|
|
||||||
|
|
||||||
"github.com/jedisct1/dlog"
|
"github.com/jedisct1/dlog"
|
||||||
clocksmith "github.com/jedisct1/go-clocksmith"
|
clocksmith "github.com/jedisct1/go-clocksmith"
|
||||||
stamps "github.com/jedisct1/go-dnsstamps"
|
stamps "github.com/jedisct1/go-dnsstamps"
|
||||||
|
|
@ -268,23 +266,25 @@ func (proxy *Proxy) processIncomingQuery(serverInfo *ServerInfo, clientProto str
|
||||||
if pluginsState.synthResponse != nil {
|
if pluginsState.synthResponse != nil {
|
||||||
response, err = pluginsState.synthResponse.PackBuffer(response)
|
response, err = pluginsState.synthResponse.PackBuffer(response)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
pluginsState.rcode = dns.RcodeFormatError
|
pluginsState.returnCode = PluginsReturnCodeParseError
|
||||||
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if pluginsState.action == PluginsActionDrop {
|
if pluginsState.action == PluginsActionDrop {
|
||||||
pluginsState.rcode = dns.RcodeRefused
|
pluginsState.returnCode = PluginsReturnCodeDrop
|
||||||
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
pluginsState.returnCode = PluginsReturnCodeForward
|
||||||
}
|
}
|
||||||
if len(response) == 0 {
|
if len(response) == 0 {
|
||||||
var ttl *uint32
|
var ttl *uint32
|
||||||
if serverInfo.Proto == stamps.StampProtoTypeDNSCrypt {
|
if serverInfo.Proto == stamps.StampProtoTypeDNSCrypt {
|
||||||
sharedKey, encryptedQuery, clientNonce, err := proxy.Encrypt(serverInfo, query, serverProto)
|
sharedKey, encryptedQuery, clientNonce, err := proxy.Encrypt(serverInfo, query, serverProto)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
pluginsState.rcode = dns.RcodeFormatError
|
pluginsState.returnCode = PluginsReturnCodeParseError
|
||||||
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -295,7 +295,7 @@ func (proxy *Proxy) processIncomingQuery(serverInfo *ServerInfo, clientProto str
|
||||||
response, err = proxy.exchangeWithTCPServer(serverInfo, sharedKey, encryptedQuery, clientNonce)
|
response, err = proxy.exchangeWithTCPServer(serverInfo, sharedKey, encryptedQuery, clientNonce)
|
||||||
}
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
pluginsState.rcode = dns.RcodeServerFailure
|
pluginsState.returnCode = PluginsReturnCodeServerError
|
||||||
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
||||||
serverInfo.noticeFailure(proxy)
|
serverInfo.noticeFailure(proxy)
|
||||||
return
|
return
|
||||||
|
|
@ -307,14 +307,14 @@ func (proxy *Proxy) processIncomingQuery(serverInfo *ServerInfo, clientProto str
|
||||||
resp, _, err := proxy.xTransport.DoHQuery(serverInfo.useGet, serverInfo.URL, query, proxy.timeout)
|
resp, _, err := proxy.xTransport.DoHQuery(serverInfo.useGet, serverInfo.URL, query, proxy.timeout)
|
||||||
SetTransactionID(query, tid)
|
SetTransactionID(query, tid)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
pluginsState.rcode = dns.RcodeServerFailure
|
pluginsState.returnCode = PluginsReturnCodeServerError
|
||||||
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
||||||
serverInfo.noticeFailure(proxy)
|
serverInfo.noticeFailure(proxy)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
response, err = ioutil.ReadAll(io.LimitReader(resp.Body, int64(MaxDNSPacketSize)))
|
response, err = ioutil.ReadAll(io.LimitReader(resp.Body, int64(MaxDNSPacketSize)))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
pluginsState.rcode = dns.RcodeServerFailure
|
pluginsState.returnCode = PluginsReturnCodeServerError
|
||||||
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
||||||
serverInfo.noticeFailure(proxy)
|
serverInfo.noticeFailure(proxy)
|
||||||
return
|
return
|
||||||
|
|
@ -326,14 +326,14 @@ func (proxy *Proxy) processIncomingQuery(serverInfo *ServerInfo, clientProto str
|
||||||
dlog.Fatal("Unsupported protocol")
|
dlog.Fatal("Unsupported protocol")
|
||||||
}
|
}
|
||||||
if len(response) < MinDNSPacketSize || len(response) > MaxDNSPacketSize {
|
if len(response) < MinDNSPacketSize || len(response) > MaxDNSPacketSize {
|
||||||
pluginsState.rcode = dns.RcodeFormatError
|
pluginsState.returnCode = PluginsReturnCodeParseError
|
||||||
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
||||||
serverInfo.noticeFailure(proxy)
|
serverInfo.noticeFailure(proxy)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
response, err = pluginsState.ApplyResponsePlugins(&proxy.pluginsGlobals, response, ttl)
|
response, err = pluginsState.ApplyResponsePlugins(&proxy.pluginsGlobals, response, ttl)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
pluginsState.rcode = dns.RcodeServerFailure
|
pluginsState.returnCode = PluginsReturnCodeParseError
|
||||||
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
||||||
serverInfo.noticeFailure(proxy)
|
serverInfo.noticeFailure(proxy)
|
||||||
return
|
return
|
||||||
|
|
@ -349,7 +349,7 @@ func (proxy *Proxy) processIncomingQuery(serverInfo *ServerInfo, clientProto str
|
||||||
if len(response) > MaxDNSUDPPacketSize {
|
if len(response) > MaxDNSUDPPacketSize {
|
||||||
response, err = TruncatedResponse(response)
|
response, err = TruncatedResponse(response)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
pluginsState.rcode = dns.RcodeSuccess
|
pluginsState.returnCode = PluginsReturnCodeParseError
|
||||||
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -363,7 +363,7 @@ func (proxy *Proxy) processIncomingQuery(serverInfo *ServerInfo, clientProto str
|
||||||
} else {
|
} else {
|
||||||
response, err = PrefixWithSize(response)
|
response, err = PrefixWithSize(response)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
pluginsState.rcode = dns.RcodeFormatError
|
pluginsState.returnCode = PluginsReturnCodeParseError
|
||||||
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
|
||||||
serverInfo.noticeFailure(proxy)
|
serverInfo.noticeFailure(proxy)
|
||||||
return
|
return
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue