Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2026-06-02 07:10:24 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
ce0e5a6f39a88bf517a7f5cf4eb07c8497aa7312
coredns/request/writer.go

39 lines
1.3 KiB
Go
Raw Normal View History

Default to scrubbing replies in the server (#2012) Every plugin needs to deal with EDNS0 and should call Scrub to make a message fit the client's buffer. Move this functionality into the server and wrapping the ResponseWriter into a ScrubWriter that handles these bits for us. Result: Less code and faster, because multiple chained plugins could all be calling scrub and SizeAndDo - now there is just one place. Most tests in file/* and dnssec/* needed adjusting because in those unit tests you don't see OPT RRs anymore. The DNSSEC signer was also looking at the returned OPT RR to see if it needed to sign - as those are now added by the server (and thus later), this needed to change slightly. Scrub itself still exist (for backward compat reasons), but has been made a noop. Scrub has been renamed to scrub as it should not be used by external plugins. Fixes: #2010 Signed-off-by: Miek Gieben <miek@miek.nl>
2018-08-29 12:26:22 +01:00
package request
feat(core): expose TLS ConnectionState (SNI) for DoQ (#8129) DoQWriter previously stored only the QUIC stream, so plugins reading TLS state via dns.ConnectionStater (e.g. for SNI-based routing or auditing) could not see anything for DoQ connections, even though the underlying QUIC connection carries a full tls.ConnectionState. This change adds a *quic.Conn reference to DoQWriter and wires it in serveQUICStream. It implements dns.ConnectionStater on *DoQWriter, returning the TLS state from the underlying QUIC connection (mirrors the DoT behavior that miekg/dns already provides for *tls.Conn) Forwards ConnectionState through request.ScrubWriter, which wraps every response writer before the plugin chain runs; the embedded dns.ResponseWriter interface does not promote ConnectionState (it belongs to a separate interface), so without this plugins would still see nil for both DoQ and DoT Signed-off-by: Nicholas Amorim <nicholas@santos.ee>
2026-05-29 01:45:48 +03:00
import (
"crypto/tls"
"github.com/miekg/dns"
)
Default to scrubbing replies in the server (#2012) Every plugin needs to deal with EDNS0 and should call Scrub to make a message fit the client's buffer. Move this functionality into the server and wrapping the ResponseWriter into a ScrubWriter that handles these bits for us. Result: Less code and faster, because multiple chained plugins could all be calling scrub and SizeAndDo - now there is just one place. Most tests in file/* and dnssec/* needed adjusting because in those unit tests you don't see OPT RRs anymore. The DNSSEC signer was also looking at the returned OPT RR to see if it needed to sign - as those are now added by the server (and thus later), this needed to change slightly. Scrub itself still exist (for backward compat reasons), but has been made a noop. Scrub has been renamed to scrub as it should not be used by external plugins. Fixes: #2010 Signed-off-by: Miek Gieben <miek@miek.nl>
2018-08-29 12:26:22 +01:00
// ScrubWriter will, when writing the message, call scrub to make it fit the client's buffer.
type ScrubWriter struct {
dns.ResponseWriter
req *dns.Msg // original request
}
// NewScrubWriter returns a new and initialized ScrubWriter.
func NewScrubWriter(req *dns.Msg, w dns.ResponseWriter) *ScrubWriter { return &ScrubWriter{w, req} }
Fix some typos (#2560) * Fix some typos Corect some words for reading more easily * Update NOERROR response code NOERROR is a response code so I revert the typo checking for it
2019-02-17 15:31:12 +07:00
// WriteMsg overrides the default implementation of the underlying dns.ResponseWriter and calls
Default to scrubbing replies in the server (#2012) Every plugin needs to deal with EDNS0 and should call Scrub to make a message fit the client's buffer. Move this functionality into the server and wrapping the ResponseWriter into a ScrubWriter that handles these bits for us. Result: Less code and faster, because multiple chained plugins could all be calling scrub and SizeAndDo - now there is just one place. Most tests in file/* and dnssec/* needed adjusting because in those unit tests you don't see OPT RRs anymore. The DNSSEC signer was also looking at the returned OPT RR to see if it needed to sign - as those are now added by the server (and thus later), this needed to change slightly. Scrub itself still exist (for backward compat reasons), but has been made a noop. Scrub has been renamed to scrub as it should not be used by external plugins. Fixes: #2010 Signed-off-by: Miek Gieben <miek@miek.nl>
2018-08-29 12:26:22 +01:00
// scrub on the message m and will then write it to the client.
func (s *ScrubWriter) WriteMsg(m *dns.Msg) error {
state := Request{Req: s.req, W: s.ResponseWriter}
Move to dns.Truncate (#2942) Ditch our truncation code and use the upstream one in miekg/dns. This saves code on our end, end upstream is also more efficient as every RR is Len-ed only once. With our bin-search this is not guaranteed. Signed-off-by: Miek Gieben <miek@miek.nl>
2019-07-11 12:54:47 +00:00
state.SizeAndDo(m)
state.Scrub(m)
return s.ResponseWriter.WriteMsg(m)
Default to scrubbing replies in the server (#2012) Every plugin needs to deal with EDNS0 and should call Scrub to make a message fit the client's buffer. Move this functionality into the server and wrapping the ResponseWriter into a ScrubWriter that handles these bits for us. Result: Less code and faster, because multiple chained plugins could all be calling scrub and SizeAndDo - now there is just one place. Most tests in file/* and dnssec/* needed adjusting because in those unit tests you don't see OPT RRs anymore. The DNSSEC signer was also looking at the returned OPT RR to see if it needed to sign - as those are now added by the server (and thus later), this needed to change slightly. Scrub itself still exist (for backward compat reasons), but has been made a noop. Scrub has been renamed to scrub as it should not be used by external plugins. Fixes: #2010 Signed-off-by: Miek Gieben <miek@miek.nl>
2018-08-29 12:26:22 +01:00
}
feat(core): expose TLS ConnectionState (SNI) for DoQ (#8129) DoQWriter previously stored only the QUIC stream, so plugins reading TLS state via dns.ConnectionStater (e.g. for SNI-based routing or auditing) could not see anything for DoQ connections, even though the underlying QUIC connection carries a full tls.ConnectionState. This change adds a *quic.Conn reference to DoQWriter and wires it in serveQUICStream. It implements dns.ConnectionStater on *DoQWriter, returning the TLS state from the underlying QUIC connection (mirrors the DoT behavior that miekg/dns already provides for *tls.Conn) Forwards ConnectionState through request.ScrubWriter, which wraps every response writer before the plugin chain runs; the embedded dns.ResponseWriter interface does not promote ConnectionState (it belongs to a separate interface), so without this plugins would still see nil for both DoQ and DoT Signed-off-by: Nicholas Amorim <nicholas@santos.ee>
2026-05-29 01:45:48 +03:00
// ConnectionState forwards the TLS connection state from the wrapped
// dns.ResponseWriter, if any. Method-set promotion through the embedded
// dns.ResponseWriter does not surface ConnectionState because it belongs to
// the separate dns.ConnectionStater interface, so plugins that need TLS state
// (e.g. SNI) would otherwise lose access to it once ScrubWriter wraps the
// underlying writer.
func (s *ScrubWriter) ConnectionState() *tls.ConnectionState {
if cs, ok := s.ResponseWriter.(dns.ConnectionStater); ok {
return cs.ConnectionState()
}
return nil
}
Reference in New Issue Copy Permalink