dns: adding resolution details#34490
Conversation
| address_changed = true; | ||
| stats_.host_address_changed_.inc(); | ||
| } else if (current_address == nullptr) { | ||
| primary_host_info->host_info_->setDetails(details); |
There was a problem hiding this comment.
this will end up setting error details for DNS even if we already have an address for the host, but this particular DNS query failed to give us an address (i.e. current_address==nullptr). So probably instead of an else if, right after the if on L434, we should do if (!primary_host_info->host_info_->hasAddress()) { primary_host_info->host_info_->setDetails(details); }.
Unless I'm missing something?
There was a problem hiding this comment.
so my thought was if we had a non-null address and we resolve a null address, we don't actually update the resolved address so we also shouldn't update the details. but if current address is null it's one we never had an address for at which point we'll use the null address and should set details. WDYT?
| // events indicates that the sd_ref state is broken. | ||
| // Therefore, finish resolving with an error. | ||
| pending_response_.status_ = ResolutionStatus::Failure; | ||
| pending_response_.details = absl::StrCat(error); |
There was a problem hiding this comment.
maybe we should append "onEventCallback" to the details here?
alyssawilk
left a comment
alyssawilk
left a comment
There was a problem hiding this comment.
sorry for lack of diffs for you - I generally force push changes until reviewer is assigned just to have a clean first commit!
alyssawilk
force-pushed
the
dns_details
branch
2 times, most recently
from
65d432e to
9db7151
Compare
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
alyssawilk
requested review from
lizan,
mattklein123 and
yanavlasov
as code owners
RyanTheOptimist
left a comment
RyanTheOptimist
left a comment
There was a problem hiding this comment.
Yay more detailed logging!
| @@ -97,7 +97,8 @@ class DnsResolver { | |||
| * @param status supplies the final status of the resolution. | |||
| * @param response supplies the list of resolved IP addresses and TTLs. | |||
There was a problem hiding this comment.
Can you add the new details param to this comment?
Should details be a string_view, or a const string&? Or do we want the move semantics? (Presumably I'll figure this out down below)
Looking below, it seems like we're doing some copies. I'd be inclined to make this a string_view but if we actually need the callback to own the string, can we do string&& instead?
There was a problem hiding this comment.
had started with string view but I think it needs to be a string to handle cross-thread lifetime issues.
There was a problem hiding this comment.
Oh, does this cross threads? I didn't see any dispatcher calls. How does that happen? In any case, if we need the string data to be owned by the callback, can we use string&& to avoid a copy?
There was a problem hiding this comment.
ah sorry it's the outer one that's cross thread - see source/extensions/network/dns_resolver/getaddrinfo/getaddrinfo.cc post so I might be able to make it string view? lmk if you think it's worth the change.
There was a problem hiding this comment.
Ah! Yeah, I'd switch this to string_view and change the post() call in source/extensions/network/dns_resolver/getaddrinfo/getaddrinfo.cc to do details = std::string(details) in the capture list. WDYT?
There was a problem hiding this comment.
done (once I test locally and push)
| void setResponseCode(uint32_t code) override { response_code_ = code; } | ||
|
|
||
| void setResponseCodeDetails(absl::string_view rc_details) override { | ||
| // Callers should sanitize with StringUtil::replaceAllEmptySpace if necessary. |
There was a problem hiding this comment.
nit: "should sanitize" => "should have sanitized"?
There was a problem hiding this comment.
I think both are correct - callers should have done so, but if you're reading this comment it's probable you should and you haven't =P
| struct PendingResponse { | ||
| ResolutionStatus status_; | ||
| std::list<DnsResponse> address_list_; | ||
| std::string details_{"not_set"}; |
There was a problem hiding this comment.
I've not see "not_set" as a default error details before. I wonder if empty string would be more clear? In particular if I were debugging something and I saw "not_set" in an error log, I can totally imagine thinking that I didn't set something in my call and that was causing a "not_set" error.
There was a problem hiding this comment.
yeah I preferred an explicit not set in case some error to string function didn't have details, or some extension lazily just set the callback with an empty string, so you'd be able to differentiate a resolve resulting in an empty string from a corner case where the string was accidentally not set. I can change if you prefer
| // onDNSServiceGetAddrInfoReply callback. | ||
| struct PendingResponse { | ||
| ResolutionStatus status_ = ResolutionStatus::Success; | ||
| std::string details_ = "not_set"; |
There was a problem hiding this comment.
ditto about "not_set" vs "".
| /** | ||
| * Returns details about the last resolution. | ||
| */ | ||
| virtual std::string details() PURE; |
There was a problem hiding this comment.
Are these error details? Or is this set for success too? (Would be good to comment this)
| latchTime(decoder_callbacks_, DNS_END); | ||
| if (!host.has_value() || !host.value()->address()) { | ||
| onDnsResolutionFail(); | ||
| onDnsResolutionFail(host.has_value() ? *host : nullptr); |
There was a problem hiding this comment.
How 'bout we just pass host down to onDnsResolutionFail? This will avoid making a copy of the shared pointer, I think.
There was a problem hiding this comment.
eh, I mildly prefer doing the optional sorting here rather than in the function but no strong feelings
There was a problem hiding this comment.
Copying shared pointer involve locking operations which is a bit of a bummer. Looking at the method, it looks like we don't actually use the value of the host at all, just the details. Maybe we could just pass in the details?
RyanTheOptimist
left a comment
RyanTheOptimist
left a comment
There was a problem hiding this comment.
Two minor comments, but lgtm otherwise
| @@ -97,7 +97,8 @@ class DnsResolver { | |||
| * @param status supplies the final status of the resolution. | |||
| * @param response supplies the list of resolved IP addresses and TTLs. | |||
There was a problem hiding this comment.
Oh, does this cross threads? I didn't see any dispatcher calls. How does that happen? In any case, if we need the string data to be owned by the callback, can we use string&& to avoid a copy?
| latchTime(decoder_callbacks_, DNS_END); | ||
| if (!host.has_value() || !host.value()->address()) { | ||
| onDnsResolutionFail(); | ||
| onDnsResolutionFail(host.has_value() ? *host : nullptr); |
There was a problem hiding this comment.
Copying shared pointer involve locking operations which is a bit of a bummer. Looking at the method, it looks like we don't actually use the value of the host at all, just the details. Maybe we could just pass in the details?
alyssawilk
left a comment
alyssawilk
left a comment
There was a problem hiding this comment.
Ci may bounce - can't check apple changes locally
| latchTime(decoder_callbacks_, DNS_END); | ||
| if (!host.has_value() || !host.value()->address()) { | ||
| onDnsResolutionFail(); | ||
| onDnsResolutionFail(host.has_value() ? *host : nullptr); |
| @@ -97,7 +97,8 @@ class DnsResolver { | |||
| * @param status supplies the final status of the resolution. | |||
| * @param response supplies the list of resolved IP addresses and TTLs. | |||
There was a problem hiding this comment.
ah sorry it's the outer one that's cross thread - see source/extensions/network/dns_resolver/getaddrinfo/getaddrinfo.cc post so I might be able to make it string view? lmk if you think it's worth the change.
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
|
/retest |
|
done, PTAL |
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
|
/wait on CI |
|
/wait on CI. will ping when this is ready for a pass |
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
|
/retest |
Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: Neal Soni <Nealsoni00@gmail.com>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: antoniovleonti <leonti@google.com>
<!-- !!!ATTENTION!!! If you are fixing *any* crash or *any* potential security issue, *do not* open a pull request in this repo. Please report the issue via emailing envoy-security@googlegroups.com where the issue will be triaged appropriately. Thank you in advance for helping to keep Envoy secure. !!!ATTENTION!!! For an explanation of how to fill out the fields, please see the relevant section in [PULL_REQUESTS.md](https://github.com/envoyproxy/envoy/blob/main/PULL_REQUESTS.md) --> Commit Message: Additional Description: I believe it is stable now since we conduct a security review and improvement for dns filter like #18651 #20744 #22861 #17479 #34409 #34456 #34490 and so on Risk Level: low Testing: Docs Changes: Release Notes: Signed-off-by: Boteng Yao <boteng@google.com>
3 participants
Commit Message:
Additional Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional API Considerations:]