dnsx: prefix transport addrs for debug only

Author: ignoramous

intra/backend/dnsx_listener.go

@@ -55,6 +55,8 @@ type DNSSummary struct {
 	DO bool
 	// True if DNSSEC validation was successful.
 	AD bool
+	// True if TLS Encrypted Client Hello was used by this transport, if applicable.
+	ECH bool
 	// Diag message from Transport, if any. Typically, "no error"
 	Msg string
 	// Region of the Rethink DNS+ server (if used)

intra/dns53/dot.go

@@ -344,10 +344,8 @@ func (t *dot) Query(network string, q *dns.Msg, smm *x.DNSSummary) (ans *dns.Msg
 	smm.RData = xdns.GetInterestingRData(ans)
 	smm.RCode = xdns.Rcode(ans)
 	smm.RTtl = xdns.RTtl(ans)
-	smm.Server = t.getAddr()
-	if ech {
-		smm.Server = dnsx.EchPrefix + smm.Server
-	}
+	smm.Server = t.GetAddr()
+	smm.ECH = ech
 	smm.PID = pid   // may be local dnsx.IsLocalProxy
 	smm.RPID = rpid // may be empty
 	if err != nil {
@@ -376,10 +374,6 @@ func (t *dot) P50() int64 {
 	return t.est.Get()
 }
 
-func (t *dot) GetAddr() string {
-	return t.getAddr()
-}
-
 func (t *dot) GetRelay() x.Proxy {
 	if r := t.relay; len(r) > 0 {
 		px, _ := t.proxies.ProxyFor(r)
@@ -388,15 +382,10 @@ func (t *dot) GetRelay() x.Proxy {
 	return nil
 }
 
-func (t *dot) getAddr() (addr string) {
-	if t.echconfig.Load() != nil {
-		addr = dnsx.EchPrefix + t.addrport
-	} else if t.skipTLSVerify {
-		addr = dnsx.NoPkiPrefix + t.addrport
-	} else {
-		addr = t.addrport
-	}
-	return addr
+func (t *dot) GetAddr() string {
+	prefix0 := dnsx.CryptoPrefix(t.skipTLSVerify, t.echconfig.Load() != nil)
+	prefix1 := dnsx.TransportPrefix(t.id)
+	return prefix0 + prefix1 + t.addrport
 }
 
 func (t *dot) IPPorts() (ipps []netip.AddrPort) {

intra/dns53/upstream.go

@@ -349,7 +349,7 @@ func (t *transport) getAddr() string {
 		addr = t.addrport
 	}
 
-	prefix := dnsx.PrefixFor(t.id)
+	prefix := dnsx.TransportPrefix(t.id)
 	if len(prefix) > 0 {
 		addr = prefix + addr
 	}

intra/dnsx/alg.go

@@ -902,8 +902,6 @@ func NewDNSGateway(pctx context.Context, fakeaddrs []netip.AddrPort, outer RdnsR
 }
 
 func (t *dnsgateway) translate(tr, fix bool) {
-	// fixed transport can only be used if translation is on
-	fix = tr && fix
 	prevtr := t.mod.Swap(tr)
 	prevfix := t.fix.Swap(fix)
 	log.I("alg: translate? prevtr(%t) > nowtr(%t); prevfix(%t) > nowfix(%t)", prevtr, tr, prevfix, fix)
@@ -918,6 +916,7 @@ func (t *dnsgateway) splitTunnel() {
 }
 
 func (t *dnsgateway) fixedTransport() bool {
+	// fixed transport can only be used if translation "mod" is on.
 	return t.mod.Load() && t.split.Load() && t.fix.Load()
 }
 
@@ -1485,7 +1484,7 @@ func withDNS64Summary(ans64 *dns.Msg, s *x.DNSSummary) {
 	s.RData = xdns.GetInterestingRData(ans64)
 	s.RTtl = xdns.RTtl(ans64)
 	if settings.Debug {
-		prefix := PrefixFor(AlgDNS64)
+		prefix := TransportPrefix(AlgDNS64)
 		s.Server = prefix + s.Server
 	}
 }
@@ -1500,7 +1499,7 @@ func withAlgSummary(s *x.DNSSummary, algips ...netip.Addr) {
 		} else {
 			s.RData = ipcsv
 		}
-		prefix := PrefixFor(Alg)
+		prefix := TransportPrefix(Alg)
 		if len(s.Server) > 0 {
 			s.Server = prefix + s.Server
 		} else {
@@ -1785,7 +1784,9 @@ func (t *dnsgateway) S() string {
 	sb.WriteString(strconv.FormatBool(t.mod.Load()))
 	sb.WriteString(" / cansplit: ")
 	sb.WriteString(strconv.FormatBool(t.split.Load()))
-	sb.WriteString(" / wantsplit: ")
+	sb.WriteString(" / forcesplit: ")
+	sb.WriteString(strconv.FormatBool(t.fix.Load()))
+	sb.WriteString(" / usefixed: ")
 	sb.WriteString(strconv.FormatBool(t.fixedTransport()))
 	sb.WriteString(" / chash: ")
 	sb.WriteString(strconv.FormatBool(t.chash))
@@ -2355,7 +2356,7 @@ func withPresetSummary(smm *x.DNSSummary, reqSent, fixed bool) {
 		smm.Status = Complete
 		smm.Server = "127.5.3.9"
 	}
-	smm.Server = PrefixFor(id) + smm.Server
+	smm.Server = TransportPrefix(id) + smm.Server
 	smm.Blocklists = ""    // blocklists are not honoured
 	smm.BlockedTarget = "" // no targets are blocked
 	smm.PID = ""           // no relay is used

intra/dnsx/cacher.go

@@ -517,7 +517,7 @@ func (t *ctransport) P50() int64 {
 }
 
 func (t *ctransport) GetAddr() string {
-	prefix := PrefixFor(CT)
+	prefix := TransportPrefix(CT)
 	return prefix + t.Transport.GetAddr()
 }
 
@@ -605,6 +605,7 @@ func fillSummary(s *x.DNSSummary, out *x.DNSSummary) {
 		out.DO = s.DO
 	}
 
+	out.ECH = s.ECH
 	out.Cached = s.Cached
 	out.RCode = s.RCode
 	out.RTtl = s.RTtl

intra/dnsx/plus.go

@@ -70,7 +70,7 @@ func NewPlusTransport(ctx context.Context, r TransportProviderInternal, ts ...Tr
 		}
 	}
 
-	log.I("plus: at %s; added: %d/%d", t.getAddr(), len(t.transports), len(ts))
+	log.I("plus: at %s; added: %d/%d", t.GetAddr(), len(t.transports), len(ts))
 	context.AfterFunc(ctx, t.stopAll)
 	return t
 }
@@ -311,11 +311,7 @@ func (t *plus) P50() int64 {
 }
 
 func (t *plus) GetAddr() string {
-	return t.getAddr()
-}
-
-func (t *plus) getAddr() string {
-	return PrefixFor(t.ID()) + t.ipports[0].String()
+	return TransportPrefix(t.ID()) + t.ipports[0].String()
 }
 
 func (t *plus) GetRelay() x.Proxy {
@@ -361,7 +357,7 @@ func (t *plus) Add(tr x.DNSTransport) bool {
 	defer t.mu.Unlock()
 
 	if oldt, ok := t.transports[tr.ID()]; ok {
-		if oldt == newt {
+		if core.Loc(oldt) == core.Loc(newt) {
 			log.I("plus: add %s@%s: already present", newt.ID(), newt.GetAddr())
 			return true
 		}

intra/dnsx/transport.go

@@ -58,9 +58,12 @@ const (
 	IpMapper  = x.IpMapper
 	NoDNS     = ""
 
-	// DNS request origin indicators
+	// DNS request origin indicator:
+	// OriginInternal flags requests by firestack or its owner uid.
 	OriginInternal = x.OriginInternal
-	OriginTunnel   = x.OriginTunnel
+	// OriginTunnel flags requests by tunnel read (presumably from another app,
+	// or firestack or its owner uid if Loopback mode is turned on).
+	OriginTunnel = x.OriginTunnel
 
 	invalidQname = "invalid.query"
 
@@ -92,8 +95,8 @@ var (
 	defaultprefix = "d."
 	presetprefix  = "pre."
 	fixedprefix   = "fix."
-	EchPrefix     = "ech."
-	NoPkiPrefix   = "nopki."
+	echPrefix     = "ech."
+	noPkiPrefix   = "nopki."
 
 	NoIPPort []netip.AddrPort = nil
 )
@@ -1532,7 +1535,25 @@ func trimcsv(s string) string {
 	return strings.Trim(s, ",")
 }
 
-func PrefixFor(id string) string {
+func CryptoPrefix(nopki, ech bool) string {
+	if !settings.Debug {
+		return ""
+	}
+
+	if nopki {
+		return noPkiPrefix
+	}
+	if ech {
+		return echPrefix
+	}
+	return ""
+}
+
+func TransportPrefix(id string) string {
+	if !settings.Debug {
+		return ""
+	}
+
 	switch id {
 	case CT:
 		return cacheprefix

intra/doh/doh.go

@@ -866,10 +866,7 @@ func (t *transport) Query(network string, q *dns.Msg, smm *x.DNSSummary) (r *dns
 		r, ech, elapsed, qerr = t.doOdoh(pid, q)
 	}
 
-	smm.Server = t.getAddr()
-	if ech {
-		smm.Server = dnsx.EchPrefix + smm.Server
-	}
+	smm.Server = t.GetAddr()
 
 	status := dnsx.Complete
 
@@ -884,6 +881,7 @@ func (t *transport) Query(network string, q *dns.Msg, smm *x.DNSSummary) (r *dns
 	smm.RData = xdns.GetInterestingRData(r)
 	smm.RCode = xdns.Rcode(r)
 	smm.RTtl = xdns.RTtl(r)
+	smm.ECH = ech
 	smm.Status = status
 	smm.Region = region
 	// TODO: smm.BlockedTarget
@@ -899,8 +897,8 @@ func (t *transport) Query(network string, q *dns.Msg, smm *x.DNSSummary) (r *dns
 		smm.Msg = err.Error()
 	}
 	if settings.Debug {
-		log.V("doh: (p/px/via/can? %s/%s/%s/%t); a:%d/sz:%d/pad:%d, q: %s:%d, data: %s, code: %d, px: %s, dur: %s, err? %v",
-			network, pid, rpid, canproxy, xdns.Len(r), xdns.Size(r), xdns.EDNS0PadLen(r), smm.QName, smm.QType, smm.RData, smm.RCode, smm.PID, core.FmtPeriod(elapsed), err)
+		log.V("doh: (p/px/via %s/%s/%s, can? %t / ech? %t); a:%d/sz:%d/pad:%d, q: %s:%d, data: %s, code: %d, px: %s, dur: %s, err? %v",
+			network, pid, rpid, canproxy, ech, xdns.Len(r), xdns.Size(r), xdns.EDNS0PadLen(r), smm.QName, smm.QType, smm.RData, smm.RCode, smm.PID, core.FmtPeriod(elapsed), err)
 	}
 	return r, err
 }
@@ -910,24 +908,15 @@ func (t *transport) P50() int64 {
 }
 
 func (t *transport) GetAddr() string {
-	return t.getAddr()
-}
-
-func (t *transport) getAddr() string {
 	addr := t.hostname
 	if t.typ == dnsx.ODOH {
 		addr = t.odohtargetname
 	}
 
-	if t.skipTLSVerify {
-		addr = dnsx.NoPkiPrefix + addr
-	}
+	prefix0 := dnsx.CryptoPrefix(t.skipTLSVerify, t.echconfig.Load() != nil)
 	// doh transports could be "dnsx.Bootstrap"
-	prefix := dnsx.PrefixFor(t.id)
-	if len(prefix) > 0 {
-		addr = prefix + addr
-	}
-	return addr
+	prefix1 := dnsx.TransportPrefix(t.id)
+	return prefix0 + prefix1 + addr
 }
 
 func (t *transport) GetRelay() x.Proxy {