From c0a6838a1b8a3ca2c73af04b8829d6736521cba1 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 7 Jan 2020 09:44:59 +0100 Subject: [PATCH] allow GNS clients to control recursion depth limit --- src/gns/gns.h | 8 +-- src/gns/gns_api.c | 68 +++++++++++++++++++----- src/gns/gnunet-service-gns.c | 1 + src/gns/gnunet-service-gns_interceptor.c | 7 +++ src/gns/gnunet-service-gns_resolver.c | 23 ++++---- src/gns/gnunet-service-gns_resolver.h | 5 +- src/include/gnunet_gns_service.h | 25 +++++++++ 7 files changed, 111 insertions(+), 26 deletions(-) diff --git a/src/gns/gns.h b/src/gns/gns.h index 1fa812c23..5f51b7108 100644 --- a/src/gns/gns.h +++ b/src/gns/gns.h @@ -1,6 +1,6 @@ /* This file is part of GNUnet - Copyright (C) 2012-2013 GNUnet e.V. + Copyright (C) 2012-2020 GNUnet e.V. GNUnet is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published @@ -57,9 +57,11 @@ struct LookupMessage int16_t options GNUNET_PACKED; /** - * Always 0. + * Recursion depth limit, i.e. how many more + * GNS zones may be traversed during the resolution + * of this name. */ - int16_t reserved GNUNET_PACKED; + uint16_t recursion_depth_limit GNUNET_PACKED; /** * the type of record to look up diff --git a/src/gns/gns_api.c b/src/gns/gns_api.c index 4a4003b2a..0d99d822e 100644 --- a/src/gns/gns_api.c +++ b/src/gns/gns_api.c @@ -1,6 +1,6 @@ /* This file is part of GNUnet. - Copyright (C) 2009-2013, 2016, 2018 GNUnet e.V. + Copyright (C) 2009-2020 GNUnet e.V. GNUnet is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published @@ -36,6 +36,12 @@ #define LOG(kind, ...) GNUNET_log_from (kind, "gns-api", __VA_ARGS__) +/** + * Default recursion depth limit to apply if + * the application does not specify any. + */ +#define DEFAULT_LIMIT 128 + /** * Handle to a lookup request */ @@ -325,21 +331,24 @@ GNUNET_GNS_lookup_cancel (struct GNUNET_GNS_LookupRequest *lr) * * @param handle handle to the GNS service * @param name the name to look up (in UTF-8 encoding) - * @param zone the zone to start the resolution in - * @param type the record type to look up + * @param zone zone to look in + * @param type the GNS record type to look for * @param options local options for the lookup - * @param proc processor to call on result + * @param recursion_depth_limit maximum number of zones + * that the lookup may (still) traverse + * @param proc function to call on result * @param proc_cls closure for @a proc - * @return handle to the get request + * @return handle to the queued request */ -struct GNUNET_GNS_LookupRequest* -GNUNET_GNS_lookup (struct GNUNET_GNS_Handle *handle, - const char *name, - const struct GNUNET_CRYPTO_EcdsaPublicKey *zone, - uint32_t type, - enum GNUNET_GNS_LocalOptions options, - GNUNET_GNS_LookupResultProcessor proc, - void *proc_cls) +struct GNUNET_GNS_LookupRequest * +GNUNET_GNS_lookup_limited (struct GNUNET_GNS_Handle *handle, + const char *name, + const struct GNUNET_CRYPTO_EcdsaPublicKey *zone, + uint32_t type, + enum GNUNET_GNS_LocalOptions options, + uint16_t recursion_depth_limit, + GNUNET_GNS_LookupResultProcessor proc, + void *proc_cls) { /* IPC to shorten gns names, return shorten_handle */ struct LookupMessage *lookup_msg; @@ -370,6 +379,8 @@ GNUNET_GNS_lookup (struct GNUNET_GNS_Handle *handle, GNUNET_MESSAGE_TYPE_GNS_LOOKUP); lookup_msg->id = htonl (lr->r_id); lookup_msg->options = htons ((uint16_t) options); + lookup_msg->recursion_depth_limit + = htons (recursion_depth_limit); lookup_msg->zone = *zone; lookup_msg->type = htonl (type); GNUNET_memcpy (&lookup_msg[1], @@ -385,4 +396,35 @@ GNUNET_GNS_lookup (struct GNUNET_GNS_Handle *handle, } +/** + * Perform an asynchronous lookup operation on the GNS. + * + * @param handle handle to the GNS service + * @param name the name to look up (in UTF-8 encoding) + * @param zone the zone to start the resolution in + * @param type the record type to look up + * @param options local options for the lookup + * @param proc processor to call on result + * @param proc_cls closure for @a proc + * @return handle to the get request + */ +struct GNUNET_GNS_LookupRequest* +GNUNET_GNS_lookup (struct GNUNET_GNS_Handle *handle, + const char *name, + const struct GNUNET_CRYPTO_EcdsaPublicKey *zone, + uint32_t type, + enum GNUNET_GNS_LocalOptions options, + GNUNET_GNS_LookupResultProcessor proc, + void *proc_cls) +{ + return GNUNET_GNS_lookup_limited (handle, + name, + zone, + type, + options, + DEFAULT_LIMIT, + proc, + proc_cls); +} + /* end of gns_api.c */ diff --git a/src/gns/gnunet-service-gns.c b/src/gns/gnunet-service-gns.c index 99cdbfe4e..8c5b2d6c4 100644 --- a/src/gns/gnunet-service-gns.c +++ b/src/gns/gnunet-service-gns.c @@ -463,6 +463,7 @@ handle_lookup (void *cls, name, (enum GNUNET_GNS_LocalOptions) ntohs ( sh_msg->options), + ntohs (sh_msg->recursion_depth_limit), &send_lookup_response, clh); GNUNET_STATISTICS_update (statistics, "Lookup attempts", diff --git a/src/gns/gnunet-service-gns_interceptor.c b/src/gns/gnunet-service-gns_interceptor.c index dd97782ae..9d6636e84 100644 --- a/src/gns/gnunet-service-gns_interceptor.c +++ b/src/gns/gnunet-service-gns_interceptor.c @@ -33,6 +33,12 @@ #include "gns.h" +/** + * How deep do we allow recursions to go before we abort? + */ +#define MAX_RECURSION 256 + + /** * Handle to a DNS intercepted * reslution request @@ -347,6 +353,7 @@ handle_dns_request (void *cls, p->queries[0].type, p->queries[0].name, GNUNET_NO, + MAX_RECURSION, &reply_to_dns, ilh); return; } diff --git a/src/gns/gnunet-service-gns_resolver.c b/src/gns/gnunet-service-gns_resolver.c index 2c2263e58..735742283 100644 --- a/src/gns/gnunet-service-gns_resolver.c +++ b/src/gns/gnunet-service-gns_resolver.c @@ -77,11 +77,6 @@ */ #define DHT_GNS_REPLICATION_LEVEL 10 -/** - * How deep do we allow recursions to go before we abort? - */ -#define MAX_RECURSION 256 - /** * DLL to hold the authority chain we had to pass in the resolution @@ -320,7 +315,7 @@ struct GNS_ResolverHandle /** * closure passed to @e proc */ - void*proc_cls; + void *proc_cls; /** * Handle for DHT lookups. should be NULL if no lookups are in progress @@ -395,7 +390,7 @@ struct GNS_ResolverHandle struct DnsResult *dns_result_tail; /** - * Current offset in 'name' where we are resolving. + * Current offset in @e name where we are resolving. */ size_t name_resolution_pos; @@ -423,11 +418,16 @@ struct GNS_ResolverHandle /** * We increment the loop limiter for each step in a recursive - * resolution. If it passes our threshold (i.e. due to + * resolution. If it passes our @e loop_threshold (i.e. due to * self-recursion in the resolution, i.e CNAME fun), we stop. */ unsigned int loop_limiter; + /** + * Maximum value of @e loop_limiter allowed by client. + */ + unsigned int loop_threshold; + /** * 16 bit random ID we used in the @e dns_request. */ @@ -1856,6 +1856,7 @@ recursive_gns2dns_resolution (struct GNS_ResolverHandle *rh, gp->rh->record_type = GNUNET_GNSRECORD_TYPE_ANY; gp->rh->options = GNUNET_GNS_LO_DEFAULT; gp->rh->loop_limiter = rh->loop_limiter + 1; + gp->rh->loop_threshold = rh->loop_threshold; gp->rh->task_id = GNUNET_SCHEDULER_add_now (&start_resolver_lookup, gp->rh); @@ -2744,7 +2745,7 @@ recursive_resolution (void *cls) struct GNS_ResolverHandle *rh = cls; rh->task_id = NULL; - if (MAX_RECURSION < rh->loop_limiter++) + if (rh->loop_threshold < rh->loop_limiter++) { GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Encountered unbounded recursion resolving `%s'\n", @@ -2840,6 +2841,8 @@ start_resolver_lookup (void *cls) * @param record_type the record type to look up * @param name the name to look up * @param options local options to control local lookup + * @param recursion_depth_limit how many zones to traverse + * at most * @param proc the processor to call on result * @param proc_cls the closure to pass to @a proc * @return handle to cancel operation @@ -2849,6 +2852,7 @@ GNS_resolver_lookup (const struct GNUNET_CRYPTO_EcdsaPublicKey *zone, uint32_t record_type, const char *name, enum GNUNET_GNS_LocalOptions options, + uint16_t recursion_depth_limit, GNS_ResultProcessor proc, void *proc_cls) { @@ -2868,6 +2872,7 @@ GNS_resolver_lookup (const struct GNUNET_CRYPTO_EcdsaPublicKey *zone, rh->record_type = record_type; rh->name = GNUNET_strdup (name); rh->name_resolution_pos = strlen (name); + rh->loop_threshold = recursion_depth_limit; rh->task_id = GNUNET_SCHEDULER_add_now (&start_resolver_lookup, rh); return rh; diff --git a/src/gns/gnunet-service-gns_resolver.h b/src/gns/gnunet-service-gns_resolver.h index cc918fd90..3dab3c91a 100644 --- a/src/gns/gnunet-service-gns_resolver.h +++ b/src/gns/gnunet-service-gns_resolver.h @@ -1,6 +1,6 @@ /* This file is part of GNUnet. - Copyright (C) 2009-2013 GNUnet e.V. + Copyright (C) 2009-2020 GNUnet e.V. GNUnet is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published @@ -79,6 +79,8 @@ typedef void * @param record_type the record type to look up * @param name the name to look up * @param options options set to control local lookup + * @param recursion_depth_limit how many zones to traverse + * at most * @param proc the processor to call * @param proc_cls the closure to pass to @a proc * @return handle to cancel operation @@ -88,6 +90,7 @@ GNS_resolver_lookup (const struct GNUNET_CRYPTO_EcdsaPublicKey *zone, uint32_t record_type, const char *name, enum GNUNET_GNS_LocalOptions options, + uint16_t recursion_depth_limit, GNS_ResultProcessor proc, void *proc_cls); diff --git a/src/include/gnunet_gns_service.h b/src/include/gnunet_gns_service.h index 5d2b7246a..ef81e9a88 100644 --- a/src/include/gnunet_gns_service.h +++ b/src/include/gnunet_gns_service.h @@ -146,6 +146,31 @@ GNUNET_GNS_lookup (struct GNUNET_GNS_Handle *handle, void *proc_cls); +/** + * Perform an asynchronous lookup operation on the GNS. + * + * @param handle handle to the GNS service + * @param name the name to look up (in UTF-8 encoding) + * @param zone zone to look in + * @param type the GNS record type to look for + * @param options local options for the lookup + * @param recursion_depth_limit maximum number of zones + * that the lookup may (still) traverse + * @param proc function to call on result + * @param proc_cls closure for @a proc + * @return handle to the queued request + */ +struct GNUNET_GNS_LookupRequest * +GNUNET_GNS_lookup_limited (struct GNUNET_GNS_Handle *handle, + const char *name, + const struct GNUNET_CRYPTO_EcdsaPublicKey *zone, + uint32_t type, + enum GNUNET_GNS_LocalOptions options, + uint16_t recursion_depth_limit, + GNUNET_GNS_LookupResultProcessor proc, + void *proc_cls); + + /** * Cancel pending lookup request * -- 2.25.1