Make TSIG work again
Start fixing and using the UDP bufsize option.
This commit is contained in:
Miek Gieben
parent
a743ae8b68
commit
b97b3340fb
66
client.go
66
client.go
|
|
@ -15,11 +15,9 @@ import (
|
||||||
// A Conn represents a connection (which may be short lived) to a DNS server.
|
// A Conn represents a connection (which may be short lived) to a DNS server.
|
||||||
type Conn struct {
|
type Conn struct {
|
||||||
net.Conn
|
net.Conn
|
||||||
tsigRequestMAC string
|
rtt time.Duration
|
||||||
tsigTimersOnly bool
|
t time.Time
|
||||||
tsigStatus error
|
requestMAC string
|
||||||
rtt time.Duration
|
|
||||||
t time.Time
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// A Client defines parameters for a DNS client. A nil Client is usable for sending queries.
|
// A Client defines parameters for a DNS client. A nil Client is usable for sending queries.
|
||||||
|
|
@ -32,7 +30,7 @@ type Client struct {
|
||||||
group singleflight
|
group singleflight
|
||||||
}
|
}
|
||||||
|
|
||||||
// Exchange performs an synchronous UDP query. It sends the message m to the address
|
// Exchange performs a synchronous UDP query. It sends the message m to the address
|
||||||
// contained in a and waits for an reply.
|
// contained in a and waits for an reply.
|
||||||
func Exchange(m *Msg, a string) (r *Msg, err error) {
|
func Exchange(m *Msg, a string) (r *Msg, err error) {
|
||||||
co := new(Conn)
|
co := new(Conn)
|
||||||
|
|
@ -41,10 +39,10 @@ func Exchange(m *Msg, a string) (r *Msg, err error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
defer co.Close()
|
defer co.Close()
|
||||||
if err = co.WriteMsg(m); err != nil {
|
if err = co.WriteMsg(m, nil); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
r, err = co.ReadMsg()
|
r, err = co.ReadMsg(nil)
|
||||||
return r, err
|
return r, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -75,7 +73,6 @@ func (c *Client) Exchange(m *Msg, a string) (r *Msg, rtt time.Duration, err erro
|
||||||
}
|
}
|
||||||
if shared {
|
if shared {
|
||||||
r1 := r.copy()
|
r1 := r.copy()
|
||||||
// not needed r1.Id = r.Id // Copy Id!
|
|
||||||
r = r1
|
r = r1
|
||||||
}
|
}
|
||||||
return r, rtt, nil
|
return r, rtt, nil
|
||||||
|
|
@ -92,20 +89,21 @@ func (c *Client) exchange(m *Msg, a string) (r *Msg, rtt time.Duration, err erro
|
||||||
return nil, 0, err
|
return nil, 0, err
|
||||||
}
|
}
|
||||||
defer co.Close()
|
defer co.Close()
|
||||||
if err = co.WriteMsg(m); err != nil {
|
if err = co.WriteMsg(m, c.TsigSecret); err != nil {
|
||||||
return nil, 0, err
|
return nil, 0, err
|
||||||
}
|
}
|
||||||
r, err = co.ReadMsg()
|
r, err = co.ReadMsg(c.TsigSecret)
|
||||||
return r, co.rtt, err
|
return r, co.rtt, err
|
||||||
}
|
}
|
||||||
|
|
||||||
func (co *Conn) ReadMsg() (*Msg, error) {
|
// Add bufsize
|
||||||
|
func (co *Conn) ReadMsg(tsigSecret map[string]string) (*Msg, error) {
|
||||||
var p []byte
|
var p []byte
|
||||||
m := new(Msg)
|
m := new(Msg)
|
||||||
if _, ok := co.Conn.(*net.TCPConn); ok {
|
if _, ok := co.Conn.(*net.TCPConn); ok {
|
||||||
p = make([]byte, MaxMsgSize)
|
p = make([]byte, MaxMsgSize)
|
||||||
} else {
|
} else {
|
||||||
// OPT! TODO(mg)
|
// OPT! TODO(miek): needs function change
|
||||||
p = make([]byte, DefaultMsgSize)
|
p = make([]byte, DefaultMsgSize)
|
||||||
}
|
}
|
||||||
n, err := co.Read(p)
|
n, err := co.Read(p)
|
||||||
|
|
@ -117,16 +115,14 @@ func (co *Conn) ReadMsg() (*Msg, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
co.rtt = time.Since(co.t)
|
co.rtt = time.Since(co.t)
|
||||||
// if t := m.IsTsig(); t != nil {
|
if t := m.IsTsig(); t != nil {
|
||||||
// secret := t.Hdr.Name
|
if _, ok := tsigSecret[t.Hdr.Name]; !ok {
|
||||||
// if _, ok := w.client.TsigSecret[secret]; !ok {
|
return m, ErrSecret
|
||||||
// w.tsigStatus = ErrSecret
|
}
|
||||||
// return m, ErrSecret
|
// Need to work on the original message p, as that was used to calculate the tsig.
|
||||||
// }
|
err = TsigVerify(p, tsigSecret[t.Hdr.Name], co.requestMAC, false)
|
||||||
// // Need to work on the original message p, as that was used to calculate the tsig.
|
}
|
||||||
// w.tsigStatus = TsigVerify(p, w.client.TsigSecret[secret], w.tsigRequestMAC, w.tsigTimersOnly)
|
return m, err
|
||||||
// }
|
|
||||||
return m, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (co *Conn) Read(p []byte) (n int, err error) {
|
func (co *Conn) Read(p []byte) (n int, err error) {
|
||||||
|
|
@ -174,19 +170,19 @@ func (co *Conn) Read(p []byte) (n int, err error) {
|
||||||
// send sends a dns msg to the address specified in w.
|
// send sends a dns msg to the address specified in w.
|
||||||
// If the message m contains a TSIG record the transaction
|
// If the message m contains a TSIG record the transaction
|
||||||
// signature is calculated.
|
// signature is calculated.
|
||||||
func (co *Conn) WriteMsg(m *Msg) (err error) {
|
func (co *Conn) WriteMsg(m *Msg, tsigSecret map[string]string) (err error) {
|
||||||
var out []byte
|
var out []byte
|
||||||
// if t := m.IsTsig(); t != nil {
|
if t := m.IsTsig(); t != nil {
|
||||||
// mac := ""
|
mac := ""
|
||||||
// name := t.Hdr.Name
|
if _, ok := tsigSecret[t.Hdr.Name]; !ok {
|
||||||
// if _, ok := w.client.TsigSecret[name]; !ok {
|
return ErrSecret
|
||||||
// return ErrSecret
|
}
|
||||||
// }
|
out, mac, err = TsigGenerate(m, tsigSecret[t.Hdr.Name], co.requestMAC, false)
|
||||||
// out, mac, err = TsigGenerate(m, w.client.TsigSecret[name], w.tsigRequestMAC, w.tsigTimersOnly)
|
// Set for the next read
|
||||||
// w.tsigRequestMAC = mac
|
co.requestMAC = mac
|
||||||
// } else {
|
} else {
|
||||||
out, err = m.Pack()
|
out, err = m.Pack()
|
||||||
// }
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue