Merge branch '2319-add-the-ability-to-display-the-badcookie-message-to-dig-when-badcookie-is-active' into 'main'

Resolve "Add the ability to display the BADCOOKIE message to dig when +badcookie is active"

Closes #2319

See merge request isc-projects/bind9!4443

CHANGES

@@ -1,3 +1,6 @@
+5695.	[func]		Dig can now display the BADCOOKIE message as part of
+			processing it (+showbadcookie). [GL #2319]
+
 5694.	[bug]		BIND looks up the deepest zone cut in cache in order
 			to iterate a query. When this node is stale, it may
 			bypass QNAME minimization. This has been fixed.

bin/dig/dig.c

@@ -282,6 +282,7 @@ help(void) {
 	       "short\n"
 	       "                                      form of answers - global "
 	       "option)\n"
+	       "                 +[no]showbadcookie  (Show BADCOOKIE message)\n"
 	       "                 +[no]showsearch     (Search with intermediate "
 	       "results)\n"
 	       "                 +[no]split=##       (Split hex/base64 fields "
@@ -1795,10 +1796,20 @@ plus_option(char *option, bool is_batchfile, bool *need_clone,
 				}
 				break;
 			case 'w': /* showsearch */
-				FULLCHECK("showsearch");
-				if (!lookup->trace) {
-					showsearch = state;
-					usesearch = state;
+				switch (cmd[4]) {
+				case 'b':
+					FULLCHECK("showbadcookie");
+					lookup->showbadcookie = state;
+					break;
+				case 's':
+					FULLCHECK("showsearch");
+					if (!lookup->trace) {
+						showsearch = state;
+						usesearch = state;
+					}
+					break;
+				default:
+					goto invalid_option;
 				}
 				break;
 			default:

bin/dig/dig.rst

@@ -503,6 +503,11 @@ abbreviation is unambiguous; for example, ``+cd`` is equivalent to
    form. This option always has a global effect; it cannot be set globally and
    then overridden on a per-lookup basis.
 
+``+[no]showbadcookie``
+   This option toggles whether to show the message containing the
+   BADCOOKIE rcode before retrying the request or not. The default
+   is to not show the messages.
+
 ``+[no]showsearch``
    This option performs [or does not perform] a search showing intermediate results.
 

bin/dig/dighost.c

@@ -735,6 +735,8 @@ clone_lookup(dig_lookup_t *lookold, bool servers) {
 	}
 	looknew->https_get = lookold->https_get;
 	looknew->http_plain = lookold->http_plain;
+
+	looknew->showbadcookie = lookold->showbadcookie;
 	looknew->sendcookie = lookold->sendcookie;
 	looknew->seenbadcookie = lookold->seenbadcookie;
 	looknew->badcookie = lookold->badcookie;
@@ -3852,6 +3854,11 @@ recv_done(isc_nmhandle_t *handle, isc_result_t eresult, isc_region_t *region,
 	{
 		process_opt(l, msg);
 		if (msg->cc_ok) {
+			if (l->showbadcookie) {
+				dighost_printmessage(query, &b, msg, true);
+				dighost_received(isc_buffer_usedlength(&b),
+						 &peer, query);
+			}
 			dighost_comments(l, "BADCOOKIE, retrying%s.",
 					 l->seenbadcookie ? " in TCP mode"
 							  : "");

bin/dig/dighost.h

@@ -120,9 +120,9 @@ struct dig_lookup {
 		section_answer, section_authority, section_question,
 		seenbadcookie, sendcookie, servfail_stops,
 		setqid, /*% use a speciied query ID */
-		stats, tcflag, tcp_keepalive, tcp_mode, tcp_mode_set,
-		tls_mode,   /*% connect using TLS */
-		trace,	    /*% dig +trace */
+		showbadcookie, stats, tcflag, tcp_keepalive, tcp_mode,
+		tcp_mode_set, tls_mode, /*% connect using TLS */
+		trace,			/*% dig +trace */
 		trace_root, /*% initial query for either +trace or +nssearch */
 		ttlunits, use_usec, waiting_connect, zflag;
 	char textname[MXNAME]; /*% Name we're going to be looking up */

bin/tests/system/cookie/tests.sh

@@ -167,6 +167,40 @@ if [ $linecount != 2 ]; then ret=1; fi
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
+n=`expr $n + 1`
+echo_i "checking +qr +showbadcookie ($n)"
+ret=0
+$DIG $DIGOPTS +qr +cookie +showbadcookie soa @10.53.0.3 > dig.out.test$n
+noerror=$(grep "status: NOERROR" dig.out.test$n | wc -l)
+badcookie=$(grep "status: BADCOOKIE" dig.out.test$n | wc -l)
+server=$(grep "COOKIE: ................................................" dig.out.test$n | wc -l)
+good=$(grep "COOKIE: ................................................ (good)" dig.out.test$n | wc -l)
+linecount=`getcookie dig.out.test$n | wc -l`
+if [ $noerror != 3 ]; then ret=1; fi
+if [ $badcookie != 1 ]; then ret=1; fi
+if [ $server != 3 ]; then ret=1; fi
+if [ $good != 2 ]; then ret=1; fi
+if [ $linecount != 4 ]; then ret=1; fi
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+n=`expr $n + 1`
+
+echo_i "checking +showbadcookie ($n)"
+ret=0
+$DIG $DIGOPTS +cookie +showbadcookie soa @10.53.0.3 > dig.out.test$n
+noerror=$(grep "status: NOERROR" dig.out.test$n | wc -l)
+badcookie=$(grep "status: BADCOOKIE" dig.out.test$n | wc -l)
+server=$(grep "COOKIE: ................................................" dig.out.test$n | wc -l)
+good=$(grep "COOKIE: ................................................ (good)" dig.out.test$n | wc -l)
+linecount=`getcookie dig.out.test$n | wc -l`
+if [ $noerror != 1 ]; then ret=1; fi
+if [ $badcookie != 1 ]; then ret=1; fi
+if [ $server != 2 ]; then ret=1; fi
+if [ $good != 2 ]; then ret=1; fi
+if [ $linecount != 2 ]; then ret=1; fi
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
 n=`expr $n + 1`
 echo_i "checking require-server-cookie yes with rate-limit ($n)"
 ret=0

doc/man/dig.1in

@@ -515,6 +515,11 @@ This option toggles whether a terse answer is provided. The default is to print
 form. This option always has a global effect; it cannot be set globally and
 then overridden on a per\-lookup basis.
 .TP
+.B \fB+[no]showbadcookie\fP
+This option toggles whether to show the message containing the
+BADCOOKIE rcode before retrying the request or not. The default
+is to not show the messages.
+.TP
 .B \fB+[no]showsearch\fP
 This option performs [or does not perform] a search showing intermediate results.
 .TP