Skip to content

Commit

Permalink
fix clippy
Browse files Browse the repository at this point in the history
  • Loading branch information
@hanneary
hanneary committed Jul 30, 2024
1 parent 2a3fb33 commit 9120453
Show file tree
Hide file tree
Showing 5 changed files with 19 additions and 35 deletions.
1 change: 0 additions & 1 deletion control-plane/src/dnsproxy.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,6 @@ impl<R: RngCore + Clone> DnsProxy<R> {
socket.send(&request_buffer[..packet_size]).await?;
let (amt, _) = socket.recv_from(&mut response_buffer).await?;
let response_bytes = &response_buffer[..amt];
println!("About to cache IP");
cache_ip_for_allowlist(response_bytes)?;
stream.write_all(response_bytes).await?;
stream.flush().await?;
Expand Down
3 changes: 0 additions & 3 deletions data-plane/src/dns/egressproxy.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,6 @@ impl EgressProxy {
mut external_stream: TcpStream,
allowed_domains: EgressDestinations,
) -> Result<(), DNSError> {
println!("Handling egress connection:::::::::");
let mut buf = vec![0u8; 4096];
let n = external_stream.read(&mut buf).await?;
let customer_data = &mut buf[..n];
Expand All @@ -60,10 +59,8 @@ impl EgressProxy {

let fd = external_stream.as_raw_fd();
let (ip, port) = Self::get_destination(fd)?;
println!("IP: {ip}, Port: {port}");
check_ip_allow_list(ip.to_string(), &allowed_domains)?;

println!("Sending request to data plane :::: {}", ip);
let external_request = ExternalRequest {
ip,
data: customer_data.to_vec(),
Expand Down
28 changes: 14 additions & 14 deletions data-plane/src/dns/enclavedns.rs
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
use super::error::DNSError;
use bytes::Bytes;
use shared::server::egress::cache_ip_for_allowlist;
use shared::server::egress::check_dns_allowed_for_domain;
use shared::server::egress::get_cached_dns;
use shared::server::egress::EgressDestinations;
Expand All @@ -16,7 +17,6 @@ use tokio::time::timeout;
use trust_dns_proto::op::{Message, MessageType, OpCode, ResponseCode};
use trust_dns_proto::rr::Record;
use trust_dns_proto::serialize::binary::BinEncodable;
use shared::server::egress::cache_ip_for_allowlist;

/// Empty struct for the DNS proxy that runs in the data plane
pub struct EnclaveDnsProxy;
Expand Down Expand Up @@ -152,24 +152,24 @@ impl EnclaveDnsDriver {
// Check domain is allowed before proxying lookup
let packet = check_dns_allowed_for_domain(&dns_packet, &allowed_destinations)?;
match get_cached_dns(packet.clone()) {
Ok(record) => {
match record {
Some(record) => {
let dns_response = Self::get_dns_answer(packet.header().id(), record);
return Ok(Bytes::copy_from_slice(&dns_response));
}
None => {
let dns_response = timeout(request_upper_bound, Self::forward_dns_lookup(dns_packet)).await??;
cache_ip_for_allowlist(&dns_response.clone())?;
Ok(dns_response)
}
Ok(record) => match record {
Some(record) => {
let dns_response = Self::get_dns_answer(packet.header().id(), record);
Ok(Bytes::copy_from_slice(&dns_response))
}
}
None => {
let dns_response =
timeout(request_upper_bound, Self::forward_dns_lookup(dns_packet))
.await??;
cache_ip_for_allowlist(&dns_response.clone())?;
Ok(dns_response)
}
},
Err(_) => {
// // Attempt DNS lookup wth a timeout, flatten timeout errors into a DNS Error
let dns_response =
timeout(request_upper_bound, Self::forward_dns_lookup(dns_packet)).await??;
cache_ip_for_allowlist(&dns_response.clone())?;
cache_ip_for_allowlist(&dns_response.clone())?;
Ok(dns_response)
}
}
Expand Down
2 changes: 1 addition & 1 deletion data-plane/src/server/server.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ where
});
}

log::info!("TLS Server Created - Listening for new connections. ::::::::");
log::info!("TLS Server Created - Listening for new connections.");
let enclave_context = match EnclaveContext::get() {
Ok(context) => Arc::new(context),
Err(e) => {
Expand Down
20 changes: 4 additions & 16 deletions shared/src/server/egress.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,28 +95,19 @@ pub fn check_dns_allowed_for_domain(
pub fn cache_ip_for_allowlist(packet: &[u8]) -> Result<(), EgressError> {
let parsed_packet = Message::from_bytes(packet).unwrap();
parsed_packet.answers().iter().try_for_each(|ans| {
let ip = ans.data().unwrap().ip_addr().unwrap().to_string();
println!("Caching IP: {}", ip);
cache_ip(
ip,
ans.name().to_string(),
ans.ttl(),
)
let ip = ans.data().unwrap().ip_addr().unwrap().to_string();
cache_ip(ip, ans.name().to_string(), ans.ttl())?;
cache_dns_record(ans.name().to_string(), ans.clone())
})
}

pub fn get_ip_from_cache(ip: String) -> Result<(), EgressError> {
println!("Checking IP cache!!!!!!!!");
ALLOWED_IPS_FROM_DNS.lock().unwrap().iter().for_each(|(k, v)| println!("{}: {}", k, v));
let cache = match ALLOWED_IPS_FROM_DNS.lock() {
Ok(cache) => cache,
Err(_) => return Err(EgressError::CouldntObtainLock),
};
match cache.get(&ip) {
Some(_) => {
println!("Found IP: {} in cache", ip);
Ok(())
}
Some(_) => Ok(()),
None => Err(EgressError::EgressIpNotAllowed(ip)),
}
}
Expand All @@ -139,7 +130,6 @@ fn cache_ip(ip: String, name: String, ttl: u32) -> Result<(), EgressError> {
Ok(cache) => cache,
Err(_) => return Err(EgressError::CouldntObtainLock),
};
println!("Caching IP: {} for domain: {}", ip, name);
cache.insert(ip, name, Duration::from_secs(ttl as u64));
Ok(())
}
Expand All @@ -157,14 +147,12 @@ pub fn check_ip_allow_list(
ip: String,
allowed_destinations: &EgressDestinations,
) -> Result<(), EgressError> {
println!("Checking IP: {}", ip);
if allowed_destinations.allow_all
|| allowed_destinations.ips.contains(&ip)
|| get_ip_from_cache(ip.clone()).is_ok()
{
Ok(())
} else {
println!("IP not allowed: {}", ip);
Err(EgressError::EgressIpNotAllowed(ip))
}
}
Expand Down

0 comments on commit 9120453

Please sign in to comment.