commit 3971cd959467c5f0072da2051e5922a7d8252978 · seiso.moe/alky

+1 -1

go.mod

···

       9
       9
        
       	github.com/ClickHouse/clickhouse-go/v2 v2.34.0

     

       10
       10
        
       	github.com/stretchr/testify v1.10.0

     

       11
       11
        
       	golang.org/x/time v0.11.0

     

       12
       12
       -
       	tangled.sh/seiso.moe/magna v0.0.1

     

       12
       12
       +
       	tangled.sh/seiso.moe/magna v0.0.2

     

       13
       13
        
       )

     

       14
       14
        
       

     

       15
       15
        
       require (

go.sum

···

       117
       117
        
       gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

     

       118
       118
        
       tangled.sh/seiso.moe/magna v0.0.1 h1:v8GM2y3xEinc0jGVxYf/33xtWJ74ES9EuTaMxXL8zxo=

     

       119
       119
        
       tangled.sh/seiso.moe/magna v0.0.1/go.mod h1:bqm+DTo2Pv4ITT0EnR079l++BJgoChBswSB/3KeijUk=

     

       120
       120
       +
       tangled.sh/seiso.moe/magna v0.0.2 h1:4VGPlqv/7tVyTtsR4Qkk8ZNypuNbmaeLogWzkpbHrRs=

     

       121
       121
       +
       tangled.sh/seiso.moe/magna v0.0.2/go.mod h1:bqm+DTo2Pv4ITT0EnR079l++BJgoChBswSB/3KeijUk=

+7 -7

pkg/dns/ratelimit.go

···

       17
       17
        
       }

     

       18
       18
        
       

     

       19
       19
        
       type rateLimiter struct {

     

       20
       20
       -
       	config RateLimitConfig

     

       21
       21
       -
       	limiters map[string]*ipRateLimiterEntry

     

       22
       22
       -
       	mu     sync.RWMutex

     

       20
       20
       +
       	config      RateLimitConfig

     

       21
       21
       +
       	limiters    map[string]*ipRateLimiterEntry

     

       22
       22
       +
       	mu          sync.RWMutex

     

       23
       23
        
       	stopCleanup chan struct{}

     

       24
       24
        
       }

     

       25
       25
        
       

     
···

       39
       39
        
       

     

       40
       40
        
       func newRateLimiter(config RateLimitConfig) *rateLimiter {

     

       41
       41
        
       	rl := &rateLimiter{

     

       42
       42
       -
       		config: config,

     

       43
       43
       -
       		limiters: make(map[string]*ipRateLimiterEntry),

     

       42
       42
       +
       		config:      config,

     

       43
       43
       +
       		limiters:    make(map[string]*ipRateLimiterEntry),

     

       44
       44
        
       		stopCleanup: make(chan struct{}),

     

       45
       45
        
       	}

     

       46
       46
        
       

     
···

       49
       49
        
       }

     

       50
       50
        
       

     

       51
       51
        
       func (rl *rateLimiter) allow(ip string) bool {

     

       52
       52
       -
       	rl.mu.Lock() 

     

       52
       52
       +
       	rl.mu.Lock()

     

       53
       53
        
       	defer rl.mu.Unlock()

     

       54
       54
        
       

     

       55
       55
        
       	entry, exists := rl.limiters[ip]

     
···

       58
       58
        
       	if !exists {

     

       59
       59
        
       		limiter := rate.NewLimiter(rate.Limit(rl.config.Rate), rl.config.Burst)

     

       60
       60
        
       		entry := &ipRateLimiterEntry{

     

       61
       61
       -
       			limiter: limiter,

     

       61
       61
       +
       			limiter:    limiter,

     

       62
       62
        
       			lastAccess: now,

     

       63
       63
        
       		}

     

       64
       64

+147 -81

pkg/dns/resolve.go

···

       5
       5
        
       	"fmt"

     

       6
       6
        
       	"log/slog"

     

       7
       7
        
       	"net"

     

       8
       8
       +
       	"strings"

     

       8
       9
        
       	"time"

     

       9
       10
        
       

     

       10
       11
        
       	"tangled.sh/seiso.moe/magna"

     
···

       12
       13
        
       

     

       13
       14
        
       var errNXDOMAIN = fmt.Errorf("nxdomain")

     

       14
       15
        
       

     

       16
       16
       +
       const (

     

       17
       17
       +
       	depthKey contextKey = "dns_recursion_depth"

     

       18
       18
       +
       )

     

       19
       19
       +
       

     

       20
       20
       +
       func withIncrementedDepth(ctx context.Context, maxDepth int) (context.Context, error) {

     

       21
       21
       +
       	depth := getDepth(ctx)

     

       22
       22
       +
       	if depth >= maxDepth {

     

       23
       23
       +
       		return nil, fmt.Errorf("maximum recursion depth (%d) exceeded", maxDepth)

     

       24
       24
       +
       	}

     

       25
       25
       +
       	return context.WithValue(ctx, depthKey, depth+1), nil

     

       26
       26
       +
       }

     

       27
       27
       +
       

     

       28
       28
       +
       func getDepth(ctx context.Context) int {

     

       29
       29
       +
       	if depth, ok := ctx.Value(depthKey).(int); ok {

     

       30
       30
       +
       		return depth

     

       31
       31
       +
       	}

     

       32
       32
       +
       	return 0

     

       33
       33
       +
       }

     

       34
       34
       +
       

     

       15
       35
        
       type QueryHandler struct {

     

       16
       36
        
       	RootServers []string

     

       17
       37
        
       	Timeout     time.Duration

     
···

       34
       54
        
       	}

     

       35
       55
        
       

     

       36
       56
        
       	question := r.Message.Question[0]

     

       37
       37
       -
       

     

       38
       57
        
       	msg := r.Message.CreateReply(r.Message)

     

       39
       58
        
       	msg.Header.RA = true

     

       40
       59
        
       

     
···

       58
       77
        
       }

     

       59
       78
        
       

     

       60
       79
        
       func (h *QueryHandler) resolveQuestion(ctx context.Context, question magna.Question, servers []string) ([]magna.ResourceRecord, error) {

     

       61
       61
       -
       	ch := make(chan queryResponse, len(servers))

     

       80
       80
       +
       	const maxDepth = 16

     

       62
       81
        
       

     

       63
       63
       -
       	for _, s := range servers {

     

       64
       64
       -
       		go queryServer(ctx, question, s, ch, h.Timeout)

     

       82
       82
       +
       	newCtx, err := withIncrementedDepth(ctx, maxDepth)

     

       83
       83
       +
       	if err != nil {

     

       84
       84
       +
       		return nil, err

     

       65
       85
        
       	}

     

       86
       86
       +
       	ctx = newCtx

     

       66
       87
        
       

     

       67
       67
       -
       	for range servers {

     

       68
       68
       -
       		select {

     

       69
       69
       -
       		case res := <-ch:

     

       70
       70
       -
       			if res.Error != nil {

     

       71
       71
       -
       				break

     

       72
       72
       -
       			}

     

       73
       73
       -
       

     

       74
       74
       -
       			msg := res.MSG

     

       75
       75
       -
       			if msg.Header.ANCount > 0 {

     

       76
       76
       -
       				if msg.Answer[0].RType == magna.CNAMEType {

     

       77
       77
       -
       					cname_answers, err := h.resolveQuestion(ctx, magna.Question{QName: msg.Answer[0].RData.String(), QType: question.QType, QClass: question.QClass}, h.RootServers)

     

       78
       78
       -
       					if err != nil {

     

       79
       79
       -
       						continue

     

       80
       80
       -
       					}

     

       81
       81
       -
       					msg.Answer = append(msg.Answer, cname_answers...)

     

       82
       82
       -
       				}

     

       83
       83
       -
       

     

       84
       84
       -
       				return msg.Answer, nil

     

       85
       85
       -
       			}

     

       88
       88
       +
       	for _, s := range servers {

     

       89
       89
       +
       		msg, err := queryServer(ctx, question, s, h.Timeout)

     

       90
       90
       +
       		if err != nil {

     

       91
       91
       +
       			h.Logger.Warn("unable to resolve question", "server", s)

     

       92
       92
       +
       			continue

     

       93
       93
       +
       		}

     

       86
       94
        
       

     

       87
       87
       -
       			if msg.Header.ARCount > 0 {

     

       88
       88
       -
       				var nextZone []string

     

       89
       89
       -
       				for _, ans := range msg.Additional {

     

       90
       90
       -
       					if ans.RType == magna.AType {

     

       91
       91
       -
       						nextZone = append(nextZone, ans.RData.String())

     

       92
       92
       -
       					}

     

       95
       95
       +
       		if ok, answers := ExtractAnswer(question, msg); ok {

     

       96
       96
       +
       			if msg.Answer[0].RType == magna.CNAMEType {

     

       97
       97
       +
       				cnameQuestion := magna.Question{QName: msg.Answer[0].RData.String(), QType: question.QType, QClass: question.QClass}

     

       98
       98
       +
       				ips, err := h.resolveQuestion(ctx, cnameQuestion, h.RootServers)

     

       99
       99
       +
       				if err != nil {

     

       100
       100
       +
       					h.Logger.Info("unable to resolve CNAME target", "question", cnameQuestion, "depth", getDepth(ctx), "error", err)

     

       93
       101
        
       				}

     

       94
       102
        
       

     

       95
       95
       -
       				return h.resolveQuestion(ctx, question, nextZone)

     

       103
       103
       +
       				answers = append(answers, ips...)

     

       96
       104
        
       			}

     

       105
       105
       +
       			return answers, nil

     

       106
       106
       +
       		}

     

       97
       107
        
       

     

       98
       98
       -
       			if msg.Header.NSCount > 0 {

     

       99
       99
       -
       				var ns []string

     

       100
       100
       -
       				for _, a := range msg.Authority {

     

       101
       101
       -
       					if a.RType == magna.NSType {

     

       102
       102
       -
       						ans, err := h.resolveQuestion(ctx, magna.Question{QName: a.RData.String(), QType: magna.AType, QClass: magna.IN}, h.RootServers)

     

       103
       103
       -
       						if err != nil {

     

       104
       104
       -
       							break

     

       105
       105
       -
       						}

     

       106
       106
       -
       						for _, x := range ans {

     

       107
       107
       -
       							ns = append(ns, x.RData.String())

     

       108
       108
       -
       						}

     

       109
       109
       -
       					}

     

       110
       110
       -
       				}

     

       108
       108
       +
       		if ok, answers := HandleGlueRecords(question, msg); ok {

     

       109
       109
       +
       			return h.resolveQuestion(ctx, question, answers)

     

       110
       110
       +
       		}

     

       111
       111
        
       

     

       112
       112
       -
       				return h.resolveQuestion(ctx, question, ns)

     

       113
       113
       -
       			}

     

       114
       114
       -
       

     

       115
       115
       -
       			return []magna.ResourceRecord{}, nil

     

       112
       112
       +
       		if ok, answers := h.HandleReferral(ctx, question, msg); ok {

     

       113
       113
       +
       			return h.resolveQuestion(ctx, question, answers)

     

       116
       114
        
       		}

     

       117
       115
        
       	}

     

       118
       116
        
       

     

       119
       117
        
       	return []magna.ResourceRecord{}, nil

     

       120
       118
        
       }

     

       121
       119
        
       

     

       122
       122
       -
       func queryServer(ctx context.Context, question magna.Question, server string, ch chan<- queryResponse, timeout time.Duration) {

     

       123
       123
       -
       	done := make(chan struct{}, 1)

     

       120
       120
       +
       func queryServer(ctx context.Context, question magna.Question, server string, timeout time.Duration) (magna.Message, error) {

     

       121
       121
       +
       	var d net.Dialer

     

       122
       122
       +
       	conn, err := d.DialContext(ctx, "udp", fmt.Sprintf("%s:53", server))

     

       123
       123
       +
       	if err != nil {

     

       124
       124
       +
       		return magna.Message{}, err

     

       125
       125
       +
       	}

     

       126
       126
       +
       	defer conn.Close()

     

       124
       127
        
       

     

       125
       128
        
       	go func() {

     

       126
       126
       -
       		conn, err := net.Dial("udp", fmt.Sprintf("%s:53", server))

     

       127
       127
       -
       		if err != nil {

     

       128
       128
       -
       			ch <- queryResponse{Error: err}

     

       129
       129
       -
       			return

     

       129
       129
       +
       			<-ctx.Done()

     

       130
       130
       +
       			conn.Close()

     

       131
       131
       +
       	}()

     

       132
       132
       +
       

     

       133
       133
       +
       	conn.SetDeadline(time.Now().Add(timeout))

     

       134
       134
       +
       

     

       135
       135
       +
       	query := magna.CreateRequest(0, false)

     

       136
       136
       +
       	query = query.AddQuestion(question)

     

       137
       137
       +
       	msg, err := query.Encode()

     

       138
       138
       +
       	if err != nil {

     

       139
       139
       +
       		return magna.Message{}, err

     

       140
       140
       +
       	}

     

       141
       141
       +
       

     

       142
       142
       +
       	if _, err := conn.Write(msg); err != nil {

     

       143
       143
       +
       		return magna.Message{}, err

     

       144
       144
       +
       	}

     

       145
       145
       +
       

     

       146
       146
       +
       	p := make([]byte, 512)

     

       147
       147
       +
       	nn, err := conn.Read(p)

     

       148
       148
       +
       

     

       149
       149
       +
       	// TODO: retry request with TCP

     

       150
       150
       +
       	if err != nil || nn > 512 {

     

       151
       151
       +
       		if err == nil {

     

       152
       152
       +
       			err = fmt.Errorf("truncated response")

     

       130
       153
        
       		}

     

       131
       131
       -
       		defer conn.Close()

     

       154
       154
       +
       		return magna.Message{}, err

     

       155
       155
       +
       	}

     

       132
       156
        
       

     

       133
       133
       -
       		query := magna.CreateRequest(0, false)

     

       134
       134
       -
       		query = query.AddQuestion(question)

     

       135
       135
       -
       		msg, err := query.Encode()

     

       136
       136
       -
       		if err != nil {

     

       137
       137
       -
       			ch <-queryResponse{Server: server, Error: err}

     

       157
       157
       +
       	var response magna.Message

     

       158
       158
       +
       	err = response.Decode(p)

     

       159
       159
       +
       	return response, err

     

       160
       160
       +
       }

     

       161
       161
       +
       

     

       162
       162
       +
       func ExtractAnswer(q magna.Question, r magna.Message) (bool, []magna.ResourceRecord) {

     

       163
       163
       +
       	answers := make([]magna.ResourceRecord, 0, r.Header.ANCount)

     

       164
       164
       +
       	for _, a := range r.Answer {

     

       165
       165
       +
       		if a.RClass == q.QClass && strings.ToLower(a.Name) == strings.ToLower(q.QName) {

     

       166
       166
       +
       			answers = append(answers, a)

     

       138
       167
        
       		}

     

       168
       168
       +
       	}

     

       139
       169
        
       

     

       140
       140
       -
       		if _, err := conn.Write(msg); err != nil {

     

       141
       141
       -
       			ch <- queryResponse{Server: server, Error: err}

     

       142
       142
       -
       			return

     

       170
       170
       +
       	if len(answers) <= 0 {

     

       171
       171
       +
       		return false, []magna.ResourceRecord{}

     

       172
       172
       +
       	}

     

       173
       173
       +
       

     

       174
       174
       +
       	return true, answers

     

       175
       175
       +
       }

     

       176
       176
       +
       

     

       177
       177
       +
       func HandleGlueRecords(q magna.Question, r magna.Message) (bool, []string) {

     

       178
       178
       +
       	answers := make([]string, 0, r.Header.ARCount)

     

       179
       179
       +
       	for _, a := range r.Authority {

     

       180
       180
       +
       		if a.RType != magna.NSType {

     

       181
       181
       +
       			continue

     

       143
       182
        
       		}

     

       144
       183
        
       

     

       145
       145
       -
       		p := make([]byte, 512)

     

       146
       146
       -
       		nn, err := conn.Read(p)

     

       184
       184
       +
       		ns, ok := a.RData.(*magna.NS)

     

       185
       185
       +
       		if !ok {

     

       186
       186
       +
       			// this should not happen but better safe than sorry

     

       187
       187
       +
       			continue

     

       188
       188
       +
       		}

     

       147
       189
        
       

     

       148
       148
       -
       		// TODO: retry request with TCP

     

       149
       149
       -
       		if err != nil || nn > 512 {

     

       150
       150
       -
       			if err == nil {

     

       151
       151
       -
       				err = fmt.Errorf("truncated response")

     

       190
       190
       +
       		for _, ad := range r.Additional {

     

       191
       191
       +
       			// XXX: add AAAAType when magna supports it

     

       192
       192
       +
       			if ad.RType == magna.AType && strings.ToLower(ad.Name) == strings.ToLower(ns.NSDName) {

     

       193
       193
       +
       				answers = append(answers, ad.RData.String())

     

       152
       194
        
       			}

     

       153
       153
       -
       			ch <- queryResponse{Server: server, Error: err}

     

       154
       154
       -
       			return

     

       155
       195
        
       		}

     

       196
       196
       +
       	}

     

       156
       197
        
       

     

       157
       157
       -
       		var response magna.Message

     

       158
       158
       -
       		err = response.Decode(p)

     

       159
       159
       -
       		ch <- queryResponse{MSG: response, Server: server, Error: err}

     

       160
       160
       -
       	}()

     

       198
       198
       +
       	if len(answers) <= 0 {

     

       199
       199
       +
       		return false, []string{}

     

       200
       200
       +
       	}

     

       201
       201
       +
       

     

       202
       202
       +
       	return true, answers

     

       203
       203
       +
       }

     

       204
       204
       +
       

     

       205
       205
       +
       func (h *QueryHandler) HandleReferral(ctx context.Context, q magna.Question, r magna.Message) (bool, []string) {

     

       206
       206
       +
       	servers := make([]string, 0, r.Header.NSCount)

     

       207
       207
       +
       

     

       208
       208
       +
       	for _, auth := range r.Authority {

     

       209
       209
       +
       		if auth.RType == magna.NSType {

     

       210
       210
       +
       			nsQuestion := magna.Question{

     

       211
       211
       +
       				QName:  auth.RData.String(),

     

       212
       212
       +
       				QType:  magna.AType,

     

       213
       213
       +
       				QClass: magna.IN,

     

       214
       214
       +
       			}

     

       215
       215
       +
       

     

       216
       216
       +
       			answers, err := h.resolveQuestion(ctx, nsQuestion, h.RootServers)

     

       217
       217
       +
       			if err != nil {

     

       218
       218
       +
       				h.Logger.Warn("error handling referral",

     

       219
       219
       +
       					"question", nsQuestion,

     

       220
       220
       +
       					"depth", getDepth(ctx),

     

       221
       221
       +
       					"error", err)

     

       222
       222
       +
       				continue

     

       223
       223
       +
       			}

     

       161
       224
        
       

     

       162
       162
       -
       	select {

     

       163
       163
       -
       	case <-ctx.Done():

     

       164
       164
       -
       		ch <- queryResponse{Server: server, Error: ctx.Err()}

     

       165
       165
       -
       	case <-done:

     

       166
       166
       -
       	// goroutine finished with no cancellation

     

       167
       167
       -
       	case <-time.After(timeout):

     

       168
       168
       -
       		ch <- queryResponse{Server: server, Error: fmt.Errorf("timeout")}

     

       225
       225
       +
       			for _, ans := range answers {

     

       226
       226
       +
       				servers = append(servers, ans.RData.String())

     

       227
       227
       +
       			}

     

       228
       228
       +
       		}

     

       169
       229
        
       	}

     

       230
       230
       +
       

     

       231
       231
       +
       	if len(servers) <= 0 {

     

       232
       232
       +
       		return false, []string{}

     

       233
       233
       +
       	}

     

       234
       234
       +
       

     

       235
       235
       +
       	return true, servers

     

       170
       236
        
       }

+2 -2

pkg/dns/server.go

···

       21
       21
        
       )

     

       22
       22
        
       

     

       23
       23
        
       var (

     

       24
       24
       -
       	serverUDPBufferPool = sync.Pool {

     

       24
       24
       +
       	serverUDPBufferPool = sync.Pool{

     

       25
       25
        
       		New: func() any {

     

       26
       26
        
       			b := make([]byte, maxUDPBufferSize)

     

       27
       27
        
       			return &b

     

       28
       28
        
       		},

     

       29
       29
        
       	}

     

       30
       30
        
       

     

       31
       31
       -
       	resolverUDPBufferPool = sync.Pool {

     

       31
       31
       +
       	resolverUDPBufferPool = sync.Pool{

     

       32
       32
        
       		New: func() any {

     

       33
       33
        
       			b := make([]byte, maxResolverUDPBufferSize)

     

       34
       34
        
       			return &b