Hi Dominik and Simon, I like the idea, but not so much the implementation. This table is processed per packet and is quite inefficient. The more types we add to it, the more inefficient it becomes. What about transformation to more computer friendly version, which does not have to iterate over all records one by one.
I made optimized version of above and used Dominik's data with some regexps to convert it to different format. It is slightly less human friendly, but much more machine friendly. I think it scales well. Logging each query would be slow anyway, but we should not waste CPU cycles previous way. What do you think? Cheers, Petr On 9/9/21 2:42 PM, Dominik DL6ER wrote: > Hey Simon, > > I have a few patches for the v2.87 cycle, here is the first one: > > This patch implements all known RR type strings as defined by IANA at > https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml > > This is especially important because we've seen logs that contain types > where dnsmasq doesn't know the human-friendly name. Most commonly seen > these days is <type=65> ("HTTPS") which is now used widespread by Apple > devices. We've seen reports where this query type can even make up to > 20% of the overall traffic. Whether this is useful (or healthy) is > another thing. > > I'm involved in the process now and get notified if the IANA RR types > table gets updated and will send new patches if this is the case. > > Best, > Dominik > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
>From f3831862a88b362dbd1caf40ee11bc414f4d9783 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemen...@redhat.com> Date: Thu, 9 Sep 2021 21:42:10 +0200 Subject: [PATCH] Include all DNS types and speed up lookups MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reworked proposal made by Dominik DL6ER, add all types registered by IANA registry. Replace sequential walking through single table by walking through set of arrays with offsets for their values. Makes it more efficient with multiple values, while it omits gaps with undefined types. Signed-off-by: Petr Menšík <pemen...@redhat.com> --- src/cache.c | 173 ++++++++++++++++++++++++++++++++++++-------------- src/dnsmasq.h | 4 +- 2 files changed, 126 insertions(+), 51 deletions(-) diff --git a/src/cache.c b/src/cache.c index 8add610..6665a73 100644 --- a/src/cache.c +++ b/src/cache.c @@ -29,52 +29,125 @@ static void make_non_terminals(struct crec *source); static struct crec *really_insert(char *name, union all_addr *addr, unsigned short class, time_t now, unsigned long ttl, unsigned int flags); +/* taken from https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml */ /* type->string mapping: this is also used by the name-hash function as a mixing table. */ + +static const char *typestr_1[] = { + "A", /* 1 - a host address [RFC1035] */ + "NS", /* 2 - an authoritative name server [RFC1035] */ + "MD", /* 3 - a mail destination (OBSOLETE - use MX) [RFC1035] */ + "MF", /* 4 - a mail forwarder (OBSOLETE - use MX) [RFC1035] */ + "CNAME", /* 5 - the canonical name for an alias [RFC1035] */ + "SOA", /* 6 - marks the start of a zone of authority [RFC1035] */ + "MB", /* 7 - a mailbox domain name (EXPERIMENTAL) [RFC1035] */ + "MG", /* 8 - a mail group member (EXPERIMENTAL) [RFC1035] */ + "MR", /* 9 - a mail rename domain name (EXPERIMENTAL) [RFC1035] */ + "NULL", /* 10 - a null RR (EXPERIMENTAL) [RFC1035] */ + "WKS", /* 11 - a well known service description [RFC1035] */ + "PTR", /* 12 - a domain name pointer [RFC1035] */ + "HINFO", /* 13 - host information [RFC1035] */ + "MINFO", /* 14 - mailbox or mail list information [RFC1035] */ + "MX", /* 15 - mail exchange [RFC1035] */ + "TXT", /* 16 - text strings [RFC1035] */ + "RP", /* 17 - for Responsible Person [RFC1183] */ + "AFSDB", /* 18 - for AFS Data Base location [RFC1183][RFC5864] */ + "X25", /* 19 - for X.25 PSDN address [RFC1183] */ + "ISDN", /* 20 - for ISDN address [RFC1183] */ + "RT", /* 21 - for Route Through [RFC1183] */ + "NSAP", /* 22 - for NSAP address, NSAP style A record [RFC1706] */ + "NSAP_PTR", /* 23 - for domain name pointer, NSAP style [RFC1348][RFC1637][RFC1706] */ + "SIG", /* 24 - for security signature [RFC2535][RFC2536][RFC2537][RFC2931][RFC3008][RFC3110][RFC3755][RFC4034] */ + "KEY", /* 25 - for security key [RFC2535][RFC2536][RFC2537][RFC2539][RFC3008][RFC3110][RFC3755][RFC4034] */ + "PX", /* 26 - X.400 mail mapping information [RFC2163] */ + "GPOS", /* 27 - Geographical Position [RFC1712] */ + "AAAA", /* 28 - IP6 Address [RFC3596] */ + "LOC", /* 29 - Location Information [RFC1876] */ + "NXT", /* 30 - Next Domain (OBSOLETE) [RFC2535][RFC3755] */ + "EID", /* 31 - Endpoint Identifier [Michael_Patton][http://ana-3.lcs.mit.edu/~jnc/nimrod/dns.txt] 1995-06 */ + "NIMLOC", /* 32 - Nimrod Locator [1][Michael_Patton][http://ana-3.lcs.mit.edu/~jnc/nimrod/dns.txt] 1995-06 */ + "SRV", /* 33 - Server Selection [1][RFC2782] */ + "ATMA", /* 34 - ATM Address [ ATM Forum Technical Committee, "ATM Name System, V2.0", Doc ID: AF-DANS-0152.000, July 2000. Available from and held in escrow by IANA.] */ + "NAPTR", /* 35 - Naming Authority Pointer [RFC2168][RFC2915][RFC3403] */ + "KX", /* 36 - Key Exchanger [RFC2230] */ + "CERT", /* 37 - CERT [RFC4398] */ + "A6", /* 38 - A6 (OBSOLETE - use AAAA) [RFC2874][RFC3226][RFC6563] */ + "DNAME", /* 39 - DNAME [RFC6672] */ + "SINK", /* 40 - SINK [Donald_E_Eastlake][http://tools.ietf.org/html/draft-eastlake-kitchen-sink] 1997-11 */ + "OPT", /* 41 - OPT [RFC3225][RFC6891] */ + "APL", /* 42 - APL [RFC3123] */ + "DS", /* 43 - Delegation Signer [RFC3658][RFC4034] */ + "SSHFP", /* 44 - SSH Key Fingerprint [RFC4255] */ + "IPSECKEY", /* 45 - IPSECKEY [RFC4025] */ + "RRSIG", /* 46 - RRSIG [RFC3755][RFC4034] */ + "NSEC", /* 47 - NSEC [RFC3755][RFC4034][RFC9077] */ + "DNSKEY", /* 48 - DNSKEY [RFC3755][RFC4034] */ + "DHCID", /* 49 - DHCID [RFC4701] */ + "NSEC3", /* 50 - NSEC3 [RFC5155][RFC9077] */ + "NSEC3PARAM", /* 51 - NSEC3PARAM [RFC5155] */ + "TLSA", /* 52 - TLSA [RFC6698] */ + "SMIMEA", /* 53 - S/MIME cert association [RFC8162] SMIMEA/smimea-completed-template 2015-12-01 */ + NULL, /* 54 */ + "HIP", /* 55 - Host Identity Protocol [RFC8005] */ + "NINFO", /* 56 - NINFO [Jim_Reid] NINFO/ninfo-completed-template 2008-01-21 */ + "RKEY", /* 57 - RKEY [Jim_Reid] RKEY/rkey-completed-template 2008-01-21 */ + "TALINK", /* 58 - Trust Anchor LINK [Wouter_Wijngaards] TALINK/talink-completed-template 2010-02-17 */ + "CDS", /* 59 - Child DS [RFC7344] CDS/cds-completed-template 2011-06-06 */ + "CDNSKEY", /* 60 - DNSKEY(s) the Child wants reflected in DS [RFC7344] 2014-06-16 */ + "OPENPGPKEY", /* 61 - OpenPGP Key [RFC7929] OPENPGPKEY/openpgpkey-completed-template 2014-08-12 */ + "CSYNC", /* 62 - Child-To-Parent Synchronization [RFC7477] 2015-01-27 */ + "ZONEMD", /* 63 - Message Digest Over Zone Data [RFC8976] ZONEMD/zonemd-completed-template 2018-12-12 */ + "SVCB", /* 64 - Service Binding [draft-ietf-dnsop-svcb-https-00] SVCB/svcb-completed-template 2020-06-30 */ + "HTTPS", /* 65 - HTTPS Binding [draft-ietf-dnsop-svcb-https-00] HTTPS/https-completed-template 2020-06-30 */ +}; + + +static const char *typestr_99[] = { + "SPF", /* 99 - [RFC7208] */ + "UINFO", /* 100 - [IANA-Reserved] */ + "UID", /* 101 - [IANA-Reserved] */ + "GID", /* 102 - [IANA-Reserved] */ + "UNSPEC", /* 103 - [IANA-Reserved] */ + "NID", /* 104 - [RFC6742] ILNP/nid-completed-template */ + "L32", /* 105 - [RFC6742] ILNP/l32-completed-template */ + "L64", /* 106 - [RFC6742] ILNP/l64-completed-template */ + "LP", /* 107 - [RFC6742] ILNP/lp-completed-template */ + "EUI48", /* 108 - an EUI-48 address [RFC7043] EUI48/eui48-completed-template 2013-03-27 */ + "EUI64", /* 109 - an EUI-64 address [RFC7043] EUI64/eui64-completed-template 2013-03-27 */ +}; + +static const char *typestr_249[] = { + "TKEY", /* 249 - Transaction Key [RFC2930] */ + "TSIG", /* 250 - Transaction Signature [RFC8945] */ + "IXFR", /* 251 - incremental transfer [RFC1995] */ + "AXFR", /* 252 - transfer of an entire zone [RFC1035][RFC5936] */ + "MAILB", /* 253 - mailbox-related RRs (MB, MG or MR) [RFC1035] */ + "MAILA", /* 254 - mail agent RRs (OBSOLETE - see MX) [RFC1035] */ + "ANY", /* 255 - A request for some or all records the server has available [RFC1035][RFC6895][RFC8482] */ + "URI", /* 256 - URI [RFC7553] URI/uri-completed-template 2011-02-22 */ + "CAA", /* 257 - Certification Authority Restriction [RFC8659] CAA/caa-completed-template 2011-04-07 */ + "AVC", /* 258 - Application Visibility and Control [Wolfgang_Riedel] AVC/avc-completed-template 2016-02-26 */ + "DOA", /* 259 - Digital Object Architecture [draft-durand-doa-over-dns] DOA/doa-completed-template 2017-08-30 */ + "AMTRELAY", /* 260 - Automatic Multicast Tunneling Relay [RFC8777] AMTRELAY/amtrelay-completed-template 2019-02-06 */ +}; + +static const char *typestr_32768[] = { + "TA", /* 32768 - DNSSEC Trust Authorities [Sam_Weiler][http://cameo.library.cmu.edu/][ Deploying DNSSEC Without a Signed Root. Technical Report 1999-19, Information Networking Institute, Carnegie Mellon University, April 2004.] 2005-12-13 */ + "DLV", /* 32769 - DNSSEC Lookaside Validation (OBSOLETE) [RFC8749][RFC4431] */ +}; + + +#define OFFSET_ARRAY(o, a) { o, o+countof(a), a } static const struct { - unsigned int type; - const char * const name; -} typestr[] = { - { 1, "A" }, - { 2, "NS" }, - { 5, "CNAME" }, - { 6, "SOA" }, - { 10, "NULL" }, - { 11, "WKS" }, - { 12, "PTR" }, - { 13, "HINFO" }, - { 15, "MX" }, - { 16, "TXT" }, - { 22, "NSAP" }, - { 23, "NSAP_PTR" }, - { 24, "SIG" }, - { 25, "KEY" }, - { 28, "AAAA" }, - { 29, "LOC" }, - { 33, "SRV" }, - { 35, "NAPTR" }, - { 36, "KX" }, - { 37, "CERT" }, - { 38, "A6" }, - { 39, "DNAME" }, - { 41, "OPT" }, - { 43, "DS" }, - { 46, "RRSIG" }, - { 47, "NSEC" }, - { 48, "DNSKEY" }, - { 50, "NSEC3" }, - { 51, "NSEC3PARAM" }, - { 52, "TLSA" }, - { 53, "SMIMEA" }, - { 55, "HIP" }, - { 249, "TKEY" }, - { 250, "TSIG" }, - { 251, "IXFR" }, - { 252, "AXFR" }, - { 253, "MAILB" }, - { 254, "MAILA" }, - { 255, "ANY" }, - { 257, "CAA" } + unsigned int offset; + unsigned int end; + const char ** const names; +} typedb[] = { + OFFSET_ARRAY( 1, typestr_1 ), + OFFSET_ARRAY( 99, typestr_99 ), + OFFSET_ARRAY( 249, typestr_249 ), + OFFSET_ARRAY( 32768, typestr_32768 ), }; +#undef OFFSET_ARRAY static void cache_free(struct crec *crecp); static void cache_unlink(struct crec *crecp); @@ -162,7 +235,7 @@ static void rehash(int size) static struct crec **hash_bucket(char *name) { unsigned int c, val = 017465; /* Barker code - minimum self-correlation in cyclic shift */ - const unsigned char *mix_tab = (const unsigned char*)typestr; + const unsigned char *mix_tab = (const unsigned char*)typestr_1; while((c = (unsigned char) *name++)) { @@ -1805,7 +1878,7 @@ char *record_source(unsigned int index) return "<unknown>"; } -char *querystr(char *desc, unsigned short type) +char *querystr(const char *desc, unsigned short type) { unsigned int i; int len = 10; /* strlen("type=xxxxx") */ @@ -1813,11 +1886,13 @@ char *querystr(char *desc, unsigned short type) static char *buff = NULL; static int bufflen = 0; - for (i = 0; i < (sizeof(typestr)/sizeof(typestr[0])); i++) - if (typestr[i].type == type) + /* typedb is offset sorted */ + for (i = 0; i < countof(typedb) && type < typedb[i].end; i++) + if (type >= typedb[i].offset) { - types = typestr[i].name; - len = strlen(types); + types = typedb[i].names[type-typedb[i].offset]; + if (types) + len = strlen(types); break; } diff --git a/src/dnsmasq.h b/src/dnsmasq.h index 8674823..593ca57 100644 --- a/src/dnsmasq.h +++ b/src/dnsmasq.h @@ -70,7 +70,7 @@ typedef unsigned short u16; typedef unsigned int u32; typedef unsigned long long u64; -#define countof(x) (long)(sizeof(x) / sizeof(x[0])) +#define countof(x) (sizeof(x) / sizeof(x[0])) #define MIN(a,b) ((a) < (b) ? (a) : (b)) #include "dns-protocol.h" @@ -1247,7 +1247,7 @@ void cache_init(void); void next_uid(struct crec *crecp); void log_query(unsigned int flags, char *name, union all_addr *addr, char *arg); char *record_source(unsigned int index); -char *querystr(char *desc, unsigned short type); +char *querystr(const char *desc, unsigned short type); int cache_find_non_terminal(char *name, time_t now); struct crec *cache_find_by_addr(struct crec *crecp, union all_addr *addr, time_t now, -- 2.31.1
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
