From dd6ded03084daaa0dcce4427c11f0636683f868c Mon Sep 17 00:00:00 2001 From: Daniel Date: Thu, 15 Oct 2020 11:19:40 +0200 Subject: [PATCH] Implement review suggestions --- firewall/dns.go | 20 +++++++++----------- resolver/ipinfo.go | 22 +++++++++++----------- resolver/namerecord.go | 5 ++--- resolver/resolve.go | 14 +++++++------- resolver/rrcache.go | 31 +++++++++++++++---------------- 5 files changed, 44 insertions(+), 48 deletions(-) diff --git a/firewall/dns.go b/firewall/dns.go index 6386e5db..acdf5ca6 100644 --- a/firewall/dns.go +++ b/firewall/dns.go @@ -121,9 +121,9 @@ func filterDNSResponse(conn *network.Connection, rrCache *resolver.RRCache) *res err, ) } - } else if rrCache.TTL > time.Now().Add(10*time.Second).Unix() { + } else if rrCache.Expires > time.Now().Add(10*time.Second).Unix() { // Set a low TTL of 10 seconds if TTL is higher than that. - rrCache.TTL = time.Now().Add(10 * time.Second).Unix() + rrCache.Expires = time.Now().Add(10 * time.Second).Unix() err := rrCache.Save() if err != nil { log.Debugf( @@ -208,13 +208,11 @@ func mayBlockCNAMEs(conn *network.Connection) bool { // updateIPsAndCNAMEs saves all the IP->Name mappings to the cache database and // updates the CNAMEs in the Connection's Entity. func updateIPsAndCNAMEs(q *resolver.Query, rrCache *resolver.RRCache, conn *network.Connection) { - // FIXME: ignore localhost - - // Get IPInfo scope. - var scope string + // Get profileID for scoping IPInfo. + var profileID string proc := conn.Process() if proc != nil { - scope = proc.LocalProfileKey + profileID = proc.LocalProfileKey } // Collect IPs and CNAMEs. @@ -244,7 +242,7 @@ func updateIPsAndCNAMEs(q *resolver.Query, rrCache *resolver.RRCache, conn *netw // Create new record for this IP. record := resolver.ResolvedDomain{ Domain: q.FQDN, - Expires: rrCache.TTL, + Expires: rrCache.Expires, } // Resolve all CNAMEs in the correct order and add the to the record. @@ -265,15 +263,15 @@ func updateIPsAndCNAMEs(q *resolver.Query, rrCache *resolver.RRCache, conn *netw // Check if there is an existing record for this DNS response. // Else create a new one. ipString := ip.String() - info, err := resolver.GetIPInfo(scope, ipString) + info, err := resolver.GetIPInfo(profileID, ipString) if err != nil { if err != database.ErrNotFound { log.Errorf("nameserver: failed to search for IP info record: %s", err) } info = &resolver.IPInfo{ - IP: ipString, - Scope: scope, + IP: ipString, + ProfileID: profileID, } } diff --git a/resolver/ipinfo.go b/resolver/ipinfo.go index acb490d7..7217e306 100644 --- a/resolver/ipinfo.go +++ b/resolver/ipinfo.go @@ -10,7 +10,8 @@ import ( ) const ( - IPInfoScopeGlobal = "global" + // IPInfoProfileScopeGlobal is the profile scope used for unscoped IPInfo entries. + IPInfoProfileScopeGlobal = "global" ) var ( @@ -80,9 +81,8 @@ type IPInfo struct { // IP holds the actual IP address. IP string - // Scope holds a scope for this IPInfo. - // Usually this would be the Profile ID of the associated process. - Scope string + // ProfileID is used to scope this entry to a process group. + ProfileID string // ResolvedDomain is a slice of domains that // have been requested by various applications @@ -120,13 +120,13 @@ func (info *IPInfo) MostRecentDomain() *ResolvedDomain { return &mostRecent } -func makeIPInfoKey(scope, ip string) string { - return fmt.Sprintf("cache:intel/ipInfo/%s/%s", scope, ip) +func makeIPInfoKey(profileID, ip string) string { + return fmt.Sprintf("cache:intel/ipInfo/%s/%s", profileID, ip) } // GetIPInfo gets an IPInfo record from the database. -func GetIPInfo(scope, ip string) (*IPInfo, error) { - r, err := ipInfoDatabase.Get(makeIPInfoKey(scope, ip)) +func GetIPInfo(profileID, ip string) (*IPInfo, error) { + r, err := ipInfoDatabase.Get(makeIPInfoKey(profileID, ip)) if err != nil { return nil, err } @@ -158,10 +158,10 @@ func (info *IPInfo) Save() error { // Set database key if not yet set already. if !info.KeyIsSet() { // Default to global scope if scope is unset. - if info.Scope == "" { - info.Scope = IPInfoScopeGlobal + if info.ProfileID == "" { + info.ProfileID = IPInfoProfileScopeGlobal } - info.SetKey(makeIPInfoKey(info.Scope, info.IP)) + info.SetKey(makeIPInfoKey(info.ProfileID, info.IP)) } // Calculate and set cache expiry. diff --git a/resolver/namerecord.go b/resolver/namerecord.go index 6493f32a..d0faf14c 100644 --- a/resolver/namerecord.go +++ b/resolver/namerecord.go @@ -46,8 +46,7 @@ type NameRecord struct { Answer []string Ns []string Extra []string - // TODO: Name change in progress. Rename "TTL" field to "Expires" in Q1 2021. - TTL int64 `json:"Expires"` + Expires int64 Server string ServerScope int8 @@ -100,7 +99,7 @@ func (rec *NameRecord) Save() error { rec.SetKey(makeNameRecordKey(rec.Domain, rec.Question)) rec.UpdateMeta() - rec.Meta().SetAbsoluteExpiry(rec.TTL + databaseOvertime) + rec.Meta().SetAbsoluteExpiry(rec.Expires + databaseOvertime) return recordDatabase.PutNew(rec) } diff --git a/resolver/resolve.go b/resolver/resolve.go index b917968a..22f2fe23 100644 --- a/resolver/resolve.go +++ b/resolver/resolve.go @@ -220,19 +220,19 @@ func checkCache(ctx context.Context, q *Query) *RRCache { log.Tracer(ctx).Tracef( "resolver: cache for %s will expire in %s, refreshing async now", q.ID(), - time.Until(time.Unix(rrCache.TTL, 0)).Round(time.Second), + time.Until(time.Unix(rrCache.Expires, 0)).Round(time.Second), ) // resolve async - module.StartWorker("resolve async", func(ctx context.Context) error { - ctx, tracer := log.AddTracer(ctx) + module.StartWorker("resolve async", func(asyncCtx context.Context) error { + tracingCtx, tracer := log.AddTracer(asyncCtx) defer tracer.Submit() - tracer.Debugf("resolver: resolving %s async", q.ID()) - _, err := resolveAndCache(ctx, q, nil) + tracer.Tracef("resolver: resolving %s async", q.ID()) + _, err := resolveAndCache(tracingCtx, q, nil) if err != nil { tracer.Warningf("resolver: async query for %s failed: %s", q.ID(), err) } else { - tracer.Debugf("resolver: async query for %s succeeded", q.ID()) + tracer.Infof("resolver: async query for %s succeeded", q.ID()) } return nil }) @@ -242,7 +242,7 @@ func checkCache(ctx context.Context, q *Query) *RRCache { log.Tracer(ctx).Tracef( "resolver: using cached RR (expires in %s)", - time.Until(time.Unix(rrCache.TTL, 0)).Round(time.Second), + time.Until(time.Unix(rrCache.Expires, 0)).Round(time.Second), ) return rrCache } diff --git a/resolver/rrcache.go b/resolver/rrcache.go index a835672d..6be85659 100644 --- a/resolver/rrcache.go +++ b/resolver/rrcache.go @@ -25,11 +25,10 @@ type RRCache struct { RCode int // Response Content - Answer []dns.RR - Ns []dns.RR - Extra []dns.RR - // TODO: Name change in progress. Rename "TTL" field to "Expires" in Q1 2021. - TTL int64 `json:"Expires"` + Answer []dns.RR + Ns []dns.RR + Extra []dns.RR + Expires int64 // Source Information Server string @@ -55,12 +54,12 @@ func (rrCache *RRCache) ID() string { // Expired returns whether the record has expired. func (rrCache *RRCache) Expired() bool { - return rrCache.TTL <= time.Now().Unix() + return rrCache.Expires <= time.Now().Unix() } // ExpiresSoon returns whether the record will expire soon and should already be refreshed. func (rrCache *RRCache) ExpiresSoon() bool { - return rrCache.TTL <= time.Now().Unix()+refreshTTL + return rrCache.Expires <= time.Now().Unix()+refreshTTL } // Clean sets all TTLs to 17 and sets cache expiry with specified minimum. @@ -100,7 +99,7 @@ func (rrCache *RRCache) Clean(minExpires uint32) { } // log.Tracef("lowest TTL is %d", lowestTTL) - rrCache.TTL = time.Now().Unix() + int64(lowestTTL) + rrCache.Expires = time.Now().Unix() + int64(lowestTTL) } // ExportAllARecords return of a list of all A and AAAA IP addresses. @@ -132,7 +131,7 @@ func (rrCache *RRCache) ToNameRecord() *NameRecord { Domain: rrCache.Domain, Question: rrCache.Question.String(), RCode: rrCache.RCode, - TTL: rrCache.TTL, + Expires: rrCache.Expires, Server: rrCache.Server, ServerScope: rrCache.ServerScope, ServerInfo: rrCache.ServerInfo, @@ -189,7 +188,7 @@ func GetRRCache(domain string, question dns.Type) (*RRCache, error) { } rrCache.RCode = nameRecord.RCode - rrCache.TTL = nameRecord.TTL + rrCache.Expires = nameRecord.Expires for _, entry := range nameRecord.Answer { rrCache.Answer = parseRR(rrCache.Answer, entry) } @@ -250,10 +249,10 @@ func (rrCache *RRCache) ShallowCopy() *RRCache { Question: rrCache.Question, RCode: rrCache.RCode, - Answer: rrCache.Answer, - Ns: rrCache.Ns, - Extra: rrCache.Extra, - TTL: rrCache.TTL, + Answer: rrCache.Answer, + Ns: rrCache.Ns, + Extra: rrCache.Extra, + Expires: rrCache.Expires, Server: rrCache.Server, ServerScope: rrCache.ServerScope, @@ -311,9 +310,9 @@ func (rrCache *RRCache) GetExtraRRs(ctx context.Context, query *dns.Msg) (extra // Add expiry and cache information. if rrCache.Expired() { - extra = addExtra(ctx, extra, fmt.Sprintf("record expired since %s", time.Since(time.Unix(rrCache.TTL, 0)).Round(time.Second))) + extra = addExtra(ctx, extra, fmt.Sprintf("record expired since %s", time.Since(time.Unix(rrCache.Expires, 0)).Round(time.Second))) } else { - extra = addExtra(ctx, extra, fmt.Sprintf("record valid for %s", time.Until(time.Unix(rrCache.TTL, 0)).Round(time.Second))) + extra = addExtra(ctx, extra, fmt.Sprintf("record valid for %s", time.Until(time.Unix(rrCache.Expires, 0)).Round(time.Second))) } if rrCache.RequestingNew { extra = addExtra(ctx, extra, "async request to refresh the cache has been started")