diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c index 62fc949b39..38f8021ad7 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c @@ -3149,7 +3149,7 @@ launch_next_query(dig_query_t *query) { xfr = query->lookup->rdtype == dns_rdatatype_ixfr || query->lookup->rdtype == dns_rdatatype_axfr; - if (xfr && isc_nm_is_tlsdns_handle(query->handle) && + if (xfr && isc_nm_socket_type(query->handle) == isc_nm_tlsdnssocket && !isc_nm_xfr_allowed(query->handle)) { dighost_error("zone transfers over the " diff --git a/lib/isc/include/isc/netmgr.h b/lib/isc/include/isc/netmgr.h index f662421a55..4b17006d28 100644 --- a/lib/isc/include/isc/netmgr.h +++ b/lib/isc/include/isc/netmgr.h @@ -500,8 +500,6 @@ isc_nm_tlsdnsconnect(isc_nm_t *mgr, isc_sockaddr_t *local, isc_sockaddr_t *peer, * 'cb'. */ -bool -isc_nm_is_tlsdns_handle(isc_nmhandle_t *handle); /*%< * Returns 'true' iff 'handle' is associated with a socket of type * 'isc_nm_tlsdnssocket'. @@ -647,6 +645,15 @@ isc_nm_set_maxage(isc_nmhandle_t *handle, const uint32_t ttl); * connection. */ +isc_nmsocket_type +isc_nm_socket_type(const isc_nmhandle_t *handle); +/*%< + * Returns the handle's underlying socket type. + * + * Requires: + * \li 'handle' is a valid netmgr handle object. + */ + void isc_nm_task_enqueue(isc_nm_t *mgr, isc_task_t *task, int threadid); /*%< diff --git a/lib/isc/include/isc/types.h b/lib/isc/include/isc/types.h index b68365cd93..eb39ed8204 100644 --- a/lib/isc/include/isc/types.h +++ b/lib/isc/include/isc/types.h @@ -122,3 +122,23 @@ typedef enum { isc_statsformat_xml, isc_statsformat_json } isc_statsformat_t; + +typedef enum isc_nmsocket_type { + isc_nm_nonesocket = 0, + isc_nm_udpsocket = 1 << 1, + isc_nm_tcpsocket = 1 << 2, + isc_nm_tcpdnssocket = 1 << 3, + isc_nm_tlssocket = 1 << 4, + isc_nm_tlsdnssocket = 1 << 5, + isc_nm_httpsocket = 1 << 6, + isc_nm_maxsocket, + + isc_nm_udplistener, /* Aggregate of nm_udpsocks */ + isc_nm_tcplistener, + isc_nm_tlslistener, + isc_nm_tcpdnslistener, + isc_nm_tlsdnslistener, + isc_nm_httplistener +} isc_nmsocket_type; + +typedef isc_nmsocket_type isc_nmsocket_type_t; diff --git a/lib/isc/netmgr/netmgr-int.h b/lib/isc/netmgr/netmgr-int.h index a281fbde76..649017e522 100644 --- a/lib/isc/netmgr/netmgr-int.h +++ b/lib/isc/netmgr/netmgr-int.h @@ -709,21 +709,6 @@ struct isc_nm { #endif }; -typedef enum isc_nmsocket_type { - isc_nm_udpsocket, - isc_nm_udplistener, /* Aggregate of nm_udpsocks */ - isc_nm_tcpsocket, - isc_nm_tcplistener, - isc_nm_tcpdnslistener, - isc_nm_tcpdnssocket, - isc_nm_tlslistener, - isc_nm_tlssocket, - isc_nm_tlsdnslistener, - isc_nm_tlsdnssocket, - isc_nm_httplistener, - isc_nm_httpsocket -} isc_nmsocket_type; - /*% * A universal structure for either a single socket or a group of * dup'd/SO_REUSE_PORT-using sockets listening on the same interface. diff --git a/lib/isc/netmgr/netmgr.c b/lib/isc/netmgr/netmgr.c index e2d57f0ac1..97b9f5bb25 100644 --- a/lib/isc/netmgr/netmgr.c +++ b/lib/isc/netmgr/netmgr.c @@ -3448,14 +3448,6 @@ isc_nm_xfr_allowed(isc_nmhandle_t *handle) { return (false); } -bool -isc_nm_is_tlsdns_handle(isc_nmhandle_t *handle) { - REQUIRE(VALID_NMHANDLE(handle)); - REQUIRE(VALID_NMSOCK(handle->sock)); - - return (handle->sock->type == isc_nm_tlsdnssocket); -} - bool isc_nm_is_http_handle(isc_nmhandle_t *handle) { REQUIRE(VALID_NMHANDLE(handle)); @@ -3500,6 +3492,14 @@ isc_nm_set_maxage(isc_nmhandle_t *handle, const uint32_t ttl) { } } +isc_nmsocket_type +isc_nm_socket_type(const isc_nmhandle_t *handle) { + REQUIRE(VALID_NMHANDLE(handle)); + REQUIRE(VALID_NMSOCK(handle->sock)); + + return (handle->sock->type); +} + #ifdef NETMGR_TRACE /* * Dump all active sockets in netmgr. We output to stderr diff --git a/lib/ns/query.c b/lib/ns/query.c index bf95b49f5a..71a65d4894 100644 --- a/lib/ns/query.c +++ b/lib/ns/query.c @@ -12064,8 +12064,9 @@ ns_query_start(ns_client_t *client, isc_nmhandle_t *handle) { query_error(client, DNS_R_NOTIMP, __LINE__); return; } - if (isc_nm_is_tlsdns_handle(handle) && - !isc_nm_xfr_allowed(handle)) { + if (isc_nm_socket_type(handle) == isc_nm_tlsdnssocket && + !isc_nm_xfr_allowed(handle)) + { /* * Currently this code is here for DoT, which * has more complex requirements for zone