net/dns/dns_response.cc - Issue 9369045: [net] HostResolverImpl + DnsTransaction + DnsConfigService = Asynchronous DNS ready for experiments.

Side by Side Diff: net/dns/dns_response.cc

Issue 9369045: [net] HostResolverImpl + DnsTransaction + DnsConfigService = Asynchronous DNS ready for experiments. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Fix ClientSocketFactory lifetime. Move ScopedAllowIO to StartWatch. Added DnsTask logging. Created 8 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/dns/dns_response.h"	5 #include "net/dns/dns_response.h"

6	6

7 #include "base/sys_byteorder.h"	7 #include "base/sys_byteorder.h"

	8 #include "net/base/address_list.h"

8 #include "net/base/big_endian.h"	9 #include "net/base/big_endian.h"

9 #include "net/base/dns_util.h"	10 #include "net/base/dns_util.h"

10 #include "net/base/io_buffer.h"	11 #include "net/base/io_buffer.h"

11 #include "net/base/net_errors.h"	12 #include "net/base/net_errors.h"

12 #include "net/dns/dns_protocol.h"	13 #include "net/dns/dns_protocol.h"

13 #include "net/dns/dns_query.h"	14 #include "net/dns/dns_query.h"

14	15

15 namespace net {	16 namespace net {

16	17

17 DnsResourceRecord::DnsResourceRecord() {	18 DnsResourceRecord::DnsResourceRecord() {

(...skipping 195 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
213 DnsRecordParser DnsResponse::Parser() const {	214 DnsRecordParser DnsResponse::Parser() const {

214 DCHECK(parser_.IsValid());	215 DCHECK(parser_.IsValid());

215 // Return a copy of the parser.	216 // Return a copy of the parser.

216 return parser_;	217 return parser_;

217 }	218 }

218	219

219 const dns_protocol::Header* DnsResponse::header() const {	220 const dns_protocol::Header* DnsResponse::header() const {

220 return reinterpret_cast<const dns_protocol::Header*>(io_buffer_->data());	221 return reinterpret_cast<const dns_protocol::Header*>(io_buffer_->data());

221 }	222 }

222	223

	224 bool DnsResponse::ParseAddressList(AddressList* addr_list,

	225 base::TimeDelta* ttl) const {

	226 DCHECK(IsValid());

	227 // DnsTransaction already verified that \|response\| matches the issued query

	228 // in terms of query header. We still need to determine if there is a valid

	229 // chain of CNAMEs from the query name to the RR owner name.

	230

	231 // Expected owner of record.

	232 std::string expected_name = GetDottedName();
	cbentzel 2012/02/14 02:01:54 It looks like both DNSDomainToString and ParseName It looks like both DNSDomainToString and ParseName both omit trailing dot. Might be worth mentioning since both need to be identical in behavior for this to work due to the string comparison in the while loop.
	233

	234 uint16 expected_type = qtype();

	235 size_t expected_size = (qtype() == dns_protocol::kTypeAAAA)
	cbentzel 2012/02/14 02:01:54 Could use expected_type instead of qtype(). Could use expected_type instead of qtype().
	236 ? kIPv6AddressSize : kIPv4AddressSize;
	cbentzel 2012/02/14 02:01:54 Do you want to make sure the qtype is only one of Do you want to make sure the qtype is only one of AAAA or A? I don't remember if this is enforced elsewhere.
	237

	238 // getcanonname in eglibc returns the first owner name of an A or AAAA RR.

	239 std::string canon_name;

	240

	241 uint32 ttl_sec = kuint32max;

	242 IPAddressList ip_addresses;

	243 DnsRecordParser parser = Parser();

	244 DnsResourceRecord record;

	245 while (parser.ParseRecord(&record)) {
	cbentzel 2012/02/14 02:01:54 Looks like this would accept a response for an A q Looks like this would accept a response for an A query of alpha like alpha CNAME beta beta A 18.85.0.1 beta CNAME gamma gamma A 18.85.0.2 CNAMEs should probably be rejected once we process a non-CNAME entry? szym 2012/02/14 15:56:24 To answer both this and the next question: I look Show quoted text On 2012/02/14 02:01:54, cbentzel wrote: > Looks like this would accept a response for an A query of alpha like > > alpha CNAME beta > beta A 18.85.0.1 > beta CNAME gamma > gamma A 18.85.0.2 > > CNAMEs should probably be rejected once we process a non-CNAME entry? To answer both this and the next question: I looked at evdns, glibc and c-ares. evdns: http://code.google.com/codesearch#OAMlx_jo-ck/src/third_party/libevent/evdns.c Only checks names in question. Does not check names in answers. c-ares: http://code.google.com/codesearch#5jiG3hroW30/trunk/libcurl.mod/src/ares/ares... Assumes CNAMEs are in an ordered chain. glibc: http://code.google.com/codesearch#PfbwIaGvWwI/trunk/glibc-2.14/resolv/nss_dns... ??? I still have not successfully parsed through this. Either way, if we think that a response like this is invalid, should we reject it outright (ERR_DNS_SERVER_FAILED?) or accept part of it? I'm leaning towards the former. I did notice a BUG. This comparison below should ignore case. cbentzel 2012/02/14 18:01:27 I think that makes sense - this is unlikely to be Show quoted text On 2012/02/14 15:56:24, szym wrote: > On 2012/02/14 02:01:54, cbentzel wrote: > > Looks like this would accept a response for an A query of alpha like > > > > alpha CNAME beta > > beta A 18.85.0.1 > > beta CNAME gamma > > gamma A 18.85.0.2 > > > > CNAMEs should probably be rejected once we process a non-CNAME entry? > > To answer both this and the next question: > > I looked at evdns, glibc and c-ares. > > evdns: > http://code.google.com/codesearch#OAMlx_jo-ck/src/third_party/libevent/evdns.c > Only checks names in question. Does not check names in answers. > > c-ares: > http://code.google.com/codesearch#5jiG3hroW30/trunk/libcurl.mod/src/ares/ares... > Assumes CNAMEs are in an ordered chain. > > glibc: > http://code.google.com/codesearch#PfbwIaGvWwI/trunk/glibc-2.14/resolv/nss_dns... > ??? I still have not successfully parsed through this. > > Either way, if we think that a response like this is invalid, should we reject > it outright (ERR_DNS_SERVER_FAILED?) or accept part of it? I'm leaning towards > the former. I think that makes sense - this is unlikely to be something done intentionally. You could even add something like malformed DNS response for an error. Show quoted text > > I did notice a BUG. This comparison below should ignore case.
	246 if (record.name != expected_name) {

	247 // We ignore records owned by unexpected name.

	248 continue;

	249 }

	250 if (record.type == dns_protocol::kTypeCNAME) {

	251 // New \|hostname\|, following the CNAME chain.

	252 if (!parser.ParseName(record.rdata.begin(), &expected_name)) {
	cbentzel 2012/02/14 02:01:54 Are these guaranteed to always be in order of the Are these guaranteed to always be in order of the chain, or could they be reordered and still be valid? i.e. would a query for alpha and a response like alpha CNAME beta gamma CNAME delta beta CNAME gamma delta A 18.85.0.1 be valid, if not common?
	253 return false;

	254 }

	255 } else if (record.type == expected_type &&

	256 record.rdata.size() == expected_size) {

	257 ip_addresses.push_back(IPAddressNumber(record.rdata.begin(),

	258 record.rdata.end()));

	259 ttl_sec = std::min(ttl_sec, record.ttl);
	cbentzel 2012/02/14 02:01:54 I thought TTL for all RRSet entries needed to be i I thought TTL for all RRSet entries needed to be identical according to one of the RFCs (will have to dig for which one). If you're going to be permissive, I'm OK, but may be worth calling out. Doing a min seems correct. szym 2012/02/14 17:44:39 Not clear on this one. C-ares does not bundle the Show quoted text On 2012/02/14 02:01:54, cbentzel wrote: > I thought TTL for all RRSet entries needed to be identical according to one of > the RFCs (will have to dig for which one). > > If you're going to be permissive, I'm OK, but may be worth calling out. Doing a > min seems correct. Not clear on this one. C-ares does not bundle the TTLs together. Instead it returns one TTL per address fetched. cbentzel 2012/02/14 18:01:27 See http://tools.ietf.org/html/rfc2181#section-5 5 Show quoted text On 2012/02/14 17:44:39, szym wrote: > On 2012/02/14 02:01:54, cbentzel wrote: > > I thought TTL for all RRSet entries needed to be identical according to one of > > the RFCs (will have to dig for which one). > > > > If you're going to be permissive, I'm OK, but may be worth calling out. Doing > a > > min seems correct. > > Not clear on this one. C-ares does not bundle the TTLs together. Instead it > returns one TTL per address fetched. See http://tools.ietf.org/html/rfc2181#section-5 5.2 "Should a client receive a response containing RRs from an RRSet with differing TTLs, it should treat this as an error." It might be the case that this isn't actually obeyed in practice. szym 2012/02/14 18:07:20 A good strategy could be to be strict initially, b Show quoted text On 2012/02/14 18:01:27, cbentzel wrote: > On 2012/02/14 17:44:39, szym wrote: > > On 2012/02/14 02:01:54, cbentzel wrote: > > > I thought TTL for all RRSet entries needed to be identical according to one > of > > > the RFCs (will have to dig for which one). > > > > > > If you're going to be permissive, I'm OK, but may be worth calling out. > Doing > > a > > > min seems correct. > > > > Not clear on this one. C-ares does not bundle the TTLs together. Instead it > > returns one TTL per address fetched. > > See http://tools.ietf.org/html/rfc2181#section-5 5.2 > > "Should a client receive a response containing RRs from an RRSet with differing > TTLs, it should treat this as an error." > > It might be the case that this isn't actually obeyed in practice. > A good strategy could be to be strict initially, but have fine-grained net_error. Then if the ProcTask succeeds when the DnsTask failed, we would histogram the net_error returned from DnsTask. This would help us quantify how often a presumably invalid response is accepted by the OS anyway. mmenke 2012/02/14 18:46:00 Agree that it would be great to have a number of n Show quoted text On 2012/02/14 18:07:20, szym wrote: > On 2012/02/14 18:01:27, cbentzel wrote: > > On 2012/02/14 17:44:39, szym wrote: > > > On 2012/02/14 02:01:54, cbentzel wrote: > > > > I thought TTL for all RRSet entries needed to be identical according to > one > > of > > > > the RFCs (will have to dig for which one). > > > > > > > > If you're going to be permissive, I'm OK, but may be worth calling out. > > Doing > > > a > > > > min seems correct. > > > > > > Not clear on this one. C-ares does not bundle the TTLs together. Instead it > > > returns one TTL per address fetched. > > > > See http://tools.ietf.org/html/rfc2181#section-5 5.2 > > > > "Should a client receive a response containing RRs from an RRSet with > differing > > TTLs, it should treat this as an error." > > > > It might be the case that this isn't actually obeyed in practice. > > > > A good strategy could be to be strict initially, but have fine-grained > net_error. Then if the ProcTask succeeds when the DnsTask failed, we would > histogram the net_error returned from DnsTask. This would help us quantify how > often a presumably invalid response is accepted by the OS anyway. Agree that it would be great to have a number of network error codes for different failures. mmenke 2012/02/14 18:46:00 I believe I saw a discussion somewhere (Maybe in a Show quoted text On 2012/02/14 18:01:27, cbentzel wrote: > On 2012/02/14 17:44:39, szym wrote: > > On 2012/02/14 02:01:54, cbentzel wrote: > > > I thought TTL for all RRSet entries needed to be identical according to one > of > > > the RFCs (will have to dig for which one). > > > > > > If you're going to be permissive, I'm OK, but may be worth calling out. > Doing > > a > > > min seems correct. > > > > Not clear on this one. C-ares does not bundle the TTLs together. Instead it > > returns one TTL per address fetched. > > See http://tools.ietf.org/html/rfc2181#section-5 5.2 > > "Should a client receive a response containing RRs from an RRSet with differing > TTLs, it should treat this as an error." > > It might be the case that this isn't actually obeyed in practice. > I believe I saw a discussion somewhere (Maybe in a later RFC) athat had suggestions on how to handle differing TTLs. I believe it was either pick the shortest or pick the first, can't remember which.
	260 if (canon_name.empty())

	261 canon_name = record.name;

	262 }

	263 }

	264 if (ip_addresses.empty())

	265 return false;

	266

	267 *addr_list = AddressList::CreateFromIPAddressList(ip_addresses,

	268 canon_name);

	269 *ttl = base::TimeDelta::FromSeconds(ttl_sec);

	270 return true;

	271 }

	272

223 } // namespace net	273 } // namespace net

OLD	NEW

« net/dns/dns_response.h ('K') | « net/dns/dns_response.h ('k') | net/dns/dns_response_unittest.cc » ('j') | net/dns/dns_transaction.h » ('J')