Implement a "no-initialization" vector to avoid a perf regression

pdns/Makefile.am

@@ -224,6 +224,7 @@ pdns_server_SOURCES = \
 	misc.cc misc.hh \
 	nameserver.cc nameserver.hh \
 	namespaces.hh \
+	noinitvector.hh \
 	nsecrecords.cc \
 	opensslsigners.cc opensslsigners.hh \
 	packetcache.hh \

pdns/dnscrypt.cc

@@ -384,7 +384,7 @@ void DNSCryptContext::removeInactiveCertificate(uint32_t serial)
   throw std::runtime_error("No inactive certificate found with this serial");
 }
 
-bool DNSCryptQuery::parsePlaintextQuery(const std::vector<uint8_t>& packet)
+bool DNSCryptQuery::parsePlaintextQuery(const PacketBuffer& packet)
 {
   assert(d_ctx != nullptr);
 
@@ -418,9 +418,9 @@ bool DNSCryptQuery::parsePlaintextQuery(const std::vector<uint8_t>& packet)
   return true;
 }
 
-void DNSCryptContext::getCertificateResponse(time_t now, const DNSName& qname, uint16_t qid, std::vector<uint8_t>& response)
+void DNSCryptContext::getCertificateResponse(time_t now, const DNSName& qname, uint16_t qid, PacketBuffer& response)
 {
-  DNSPacketWriter pw(response, qname, QType::TXT, QClass::IN, Opcode::Query);
+  GenericDNSPacketWriter<PacketBuffer> pw(response, qname, QType::TXT, QClass::IN, Opcode::Query);
   struct dnsheader * dh = pw.getHeader();
   dh->id = qid;
   dh->qr = true;
@@ -458,7 +458,7 @@ bool DNSCryptContext::magicMatchesAPublicKey(DNSCryptQuery& query, time_t now)
   return false;
 }
 
-bool DNSCryptQuery::isEncryptedQuery(const std::vector<uint8_t>& packet, bool tcp, time_t now)
+bool DNSCryptQuery::isEncryptedQuery(const PacketBuffer& packet, bool tcp, time_t now)
 {
   assert(d_ctx != nullptr);
 
@@ -485,7 +485,7 @@ bool DNSCryptQuery::isEncryptedQuery(const std::vector<uint8_t>& packet, bool tc
   return true;
 }
 
-void DNSCryptQuery::getDecrypted(bool tcp, std::vector<uint8_t>& packet)
+void DNSCryptQuery::getDecrypted(bool tcp, PacketBuffer& packet)
 {
   assert(d_encrypted);
   assert(d_pair != nullptr);
@@ -576,13 +576,13 @@ void DNSCryptQuery::getDecrypted(bool tcp, std::vector<uint8_t>& packet)
   d_valid = true;
 }
 
-void DNSCryptQuery::getCertificateResponse(time_t now, std::vector<uint8_t>& response) const
+void DNSCryptQuery::getCertificateResponse(time_t now, PacketBuffer& response) const
 {
   assert(d_ctx != nullptr);
   d_ctx->getCertificateResponse(now, d_qname, d_id, response);
 }
 
-void DNSCryptQuery::parsePacket(std::vector<uint8_t>& packet, bool tcp, time_t now)
+void DNSCryptQuery::parsePacket(PacketBuffer& packet, bool tcp, time_t now)
 {
   d_valid = false;
 
@@ -635,7 +635,7 @@ uint16_t DNSCryptQuery::computePaddingSize(uint16_t unpaddedLen, size_t maxLen)
   return result;
 }
 
-int DNSCryptQuery::encryptResponse(std::vector<uint8_t>& response, size_t maxResponseSize, bool tcp)
+int DNSCryptQuery::encryptResponse(PacketBuffer& response, size_t maxResponseSize, bool tcp)
 {
   struct DNSCryptResponseHeader responseHeader;
   assert(response.size() > 0);
@@ -746,7 +746,7 @@ int DNSCryptQuery::encryptResponse(std::vector<uint8_t>& response, size_t maxRes
   return res;
 }
 
-int DNSCryptContext::encryptQuery(std::vector<uint8_t>& packet, size_t maximumSize, const unsigned char clientPublicKey[DNSCRYPT_PUBLIC_KEY_SIZE], const DNSCryptPrivateKey& clientPrivateKey, const unsigned char clientNonce[DNSCRYPT_NONCE_SIZE / 2], bool tcp, const std::shared_ptr<DNSCryptCert>& cert) const
+int DNSCryptContext::encryptQuery(PacketBuffer& packet, size_t maximumSize, const unsigned char clientPublicKey[DNSCRYPT_PUBLIC_KEY_SIZE], const DNSCryptPrivateKey& clientPrivateKey, const unsigned char clientNonce[DNSCRYPT_NONCE_SIZE / 2], bool tcp, const std::shared_ptr<DNSCryptCert>& cert) const
 {
   assert(packet.size() > 0);
   assert(cert != nullptr);

pdns/dnscrypt.hh

@@ -52,6 +52,7 @@ private:
 
 #include "dnsname.hh"
 #include "lock.hh"
+#include "noinitvector.hh"
 
 #define DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE (crypto_sign_ed25519_PUBLICKEYBYTES)
 #define DNSCRYPT_PROVIDER_PRIVATE_KEY_SIZE (crypto_sign_ed25519_SECRETKEYBYTES)
@@ -207,10 +208,10 @@ public:
     d_pair = pair;
   }
 
-  void parsePacket(std::vector<uint8_t>& packet, bool tcp, time_t now);
-  void getDecrypted(bool tcp, std::vector<uint8_t>& packet);
-  void getCertificateResponse(time_t now, std::vector<uint8_t>& response) const;
-  int encryptResponse(std::vector<uint8_t>& response, size_t maxResponseSize, bool tcp);
+  void parsePacket(PacketBuffer& packet, bool tcp, time_t now);
+  void getDecrypted(bool tcp, PacketBuffer& packet);
+  void getCertificateResponse(time_t now, PacketBuffer& response) const;
+  int encryptResponse(PacketBuffer& response, size_t maxResponseSize, bool tcp);
 
   static const size_t s_minUDPLength = 256;
 
@@ -221,8 +222,8 @@ private:
 #endif /* HAVE_CRYPTO_BOX_EASY_AFTERNM */
   void fillServerNonce(unsigned char* dest) const;
   uint16_t computePaddingSize(uint16_t unpaddedLen, size_t maxLen) const;
-  bool parsePlaintextQuery(const std::vector<uint8_t>& packet);
-  bool isEncryptedQuery(const std::vector<uint8_t>& packet, bool tcp, time_t now);
+  bool parsePlaintextQuery(const PacketBuffer& packet);
+  bool isEncryptedQuery(const PacketBuffer& packet, bool tcp, time_t now);
 
   DNSCryptQueryHeader d_header;
 #ifdef HAVE_CRYPTO_BOX_EASY_AFTERNM
@@ -275,9 +276,9 @@ public:
   std::vector<std::shared_ptr<DNSCryptCertificatePair>> getCertificates() { return d_certs; };
   const DNSName& getProviderName() const { return providerName; }
 
-  int encryptQuery(std::vector<uint8_t>& query, size_t maximumSize, const unsigned char clientPublicKey[DNSCRYPT_PUBLIC_KEY_SIZE], const DNSCryptPrivateKey& clientPrivateKey, const unsigned char clientNonce[DNSCRYPT_NONCE_SIZE / 2], bool tcp, const std::shared_ptr<DNSCryptCert>& cert) const;
+  int encryptQuery(PacketBuffer& query, size_t maximumSize, const unsigned char clientPublicKey[DNSCRYPT_PUBLIC_KEY_SIZE], const DNSCryptPrivateKey& clientPrivateKey, const unsigned char clientNonce[DNSCRYPT_NONCE_SIZE / 2], bool tcp, const std::shared_ptr<DNSCryptCert>& cert) const;
   bool magicMatchesAPublicKey(DNSCryptQuery& query, time_t now);
-  void getCertificateResponse(time_t now, const DNSName& qname, uint16_t qid, std::vector<uint8_t>& response);
+  void getCertificateResponse(time_t now, const DNSName& qname, uint16_t qid, PacketBuffer& response);
 
 private:
   static void computePublicKeyFromPrivate(const DNSCryptPrivateKey& privK, unsigned char pubK[DNSCRYPT_PUBLIC_KEY_SIZE]);

pdns/dnsdist-cache.cc

@@ -53,7 +53,7 @@ DNSDistPacketCache::~DNSDistPacketCache()
   }
 }
 
-bool DNSDistPacketCache::getClientSubnet(const std::vector<uint8_t>& packet, size_t qnameWireLength, boost::optional<Netmask>& subnet)
+bool DNSDistPacketCache::getClientSubnet(const PacketBuffer& packet, size_t qnameWireLength, boost::optional<Netmask>& subnet)
 {
   uint16_t optRDPosition;
   size_t remaining = 0;
@@ -127,7 +127,7 @@ void DNSDistPacketCache::insertLocked(CacheShard& shard, uint32_t key, CacheValu
   value = newValue;
 }
 
-void DNSDistPacketCache::insert(uint32_t key, const boost::optional<Netmask>& subnet, uint16_t queryFlags, bool dnssecOK, const DNSName& qname, uint16_t qtype, uint16_t qclass, const std::vector<uint8_t>& response, bool tcp, uint8_t rcode, boost::optional<uint32_t> tempFailureTTL)
+void DNSDistPacketCache::insert(uint32_t key, const boost::optional<Netmask>& subnet, uint16_t queryFlags, bool dnssecOK, const DNSName& qname, uint16_t qtype, uint16_t qclass, const PacketBuffer& response, bool tcp, uint8_t rcode, boost::optional<uint32_t> tempFailureTTL)
 {
   if (response.size() < sizeof(dnsheader)) {
     return;
@@ -414,7 +414,7 @@ uint32_t DNSDistPacketCache::getMinTTL(const char* packet, uint16_t length, bool
   return getDNSPacketMinTTL(packet, length, seenNoDataSOA);
 }
 
-uint32_t DNSDistPacketCache::getKey(const DNSName::string_t& qname, size_t qnameWireLength, const std::vector<uint8_t>& packet, bool tcp)
+uint32_t DNSDistPacketCache::getKey(const DNSName::string_t& qname, size_t qnameWireLength, const PacketBuffer& packet, bool tcp)
 {
   uint32_t result = 0;
   /* skip the query ID */

pdns/dnsdist-cache.hh

@@ -26,6 +26,7 @@
 
 #include "iputils.hh"
 #include "lock.hh"
+#include "noinitvector.hh"
 
 struct DNSQuestion;
 
@@ -35,7 +36,7 @@ public:
   DNSDistPacketCache(size_t maxEntries, uint32_t maxTTL=86400, uint32_t minTTL=0, uint32_t tempFailureTTL=60, uint32_t maxNegativeTTL=3600, uint32_t staleTTL=60, bool dontAge=false, uint32_t shards=1, bool deferrableInsertLock=true, bool parseECS=false);
   ~DNSDistPacketCache();
 
-  void insert(uint32_t key, const boost::optional<Netmask>& subnet, uint16_t queryFlags, bool dnssecOK, const DNSName& qname, uint16_t qtype, uint16_t qclass, const std::vector<uint8_t>& response, bool tcp, uint8_t rcode, boost::optional<uint32_t> tempFailureTTL);
+  void insert(uint32_t key, const boost::optional<Netmask>& subnet, uint16_t queryFlags, bool dnssecOK, const DNSName& qname, uint16_t qtype, uint16_t qclass, const PacketBuffer& response, bool tcp, uint8_t rcode, boost::optional<uint32_t> tempFailureTTL);
   bool get(DNSQuestion& dq, uint16_t queryId, uint32_t* keyOut, boost::optional<Netmask>& subnet, bool dnssecOK, uint32_t allowExpired = 0, bool skipAging = false);
   size_t purgeExpired(size_t upTo=0);
   size_t expunge(size_t upTo=0);
@@ -76,10 +77,10 @@ public:
     d_parseECS = enabled;
   }
 
-  uint32_t getKey(const DNSName::string_t& qname, size_t qnameWireLength, const std::vector<uint8_t>& packet, bool tcp);
+  uint32_t getKey(const DNSName::string_t& qname, size_t qnameWireLength, const PacketBuffer& packet, bool tcp);
 
   static uint32_t getMinTTL(const char* packet, uint16_t length, bool* seenNoDataSOA);
-  static bool getClientSubnet(const std::vector<uint8_t>& packet, size_t qnameWireLength, boost::optional<Netmask>& subnet);
+  static bool getClientSubnet(const PacketBuffer& packet, size_t qnameWireLength, boost::optional<Netmask>& subnet);
 
 private:
 

pdns/dnsdist-dnscrypt.cc

@@ -24,7 +24,7 @@
 #include "dnscrypt.hh"
 
 #ifdef HAVE_DNSCRYPT
-int handleDNSCryptQuery(std::vector<uint8_t>& packet, std::shared_ptr<DNSCryptQuery>& query, bool tcp, time_t now, std::vector<uint8_t>& response)
+int handleDNSCryptQuery(PacketBuffer& packet, std::shared_ptr<DNSCryptQuery>& query, bool tcp, time_t now, PacketBuffer& response)
 {
   query->parsePacket(packet, tcp, now);
 

pdns/dnsdist-ecs.cc

@@ -41,7 +41,7 @@ uint16_t g_ECSSourcePrefixV6 = 56;
 bool g_ECSOverride{false};
 bool g_addEDNSToSelfGeneratedResponses{true};
 
-int rewriteResponseWithoutEDNS(const std::vector<uint8_t>& initialPacket, vector<uint8_t>& newContent)
+int rewriteResponseWithoutEDNS(const PacketBuffer& initialPacket, PacketBuffer& newContent)
 {
   assert(initialPacket.size() >= sizeof(dnsheader));
   const struct dnsheader* dh = reinterpret_cast<const struct dnsheader*>(initialPacket.data());
@@ -52,7 +52,7 @@ int rewriteResponseWithoutEDNS(const std::vector<uint8_t>& initialPacket, vector
   if (ntohs(dh->qdcount) == 0)
     return ENOENT;
 
-  GenericPacketReader<std::vector<uint8_t>> pr(initialPacket);
+  PacketReader pr(pdns_string_view(reinterpret_cast<const char*>(initialPacket.data()), initialPacket.size()));
 
   size_t idx = 0;
   DNSName rrname;
@@ -69,7 +69,7 @@ int rewriteResponseWithoutEDNS(const std::vector<uint8_t>& initialPacket, vector
   rrtype = pr.get16BitInt();
   rrclass = pr.get16BitInt();
 
-  DNSPacketWriter pw(newContent, rrname, rrtype, rrclass, dh->opcode);
+  GenericDNSPacketWriter<PacketBuffer> pw(newContent, rrname, rrtype, rrclass, dh->opcode);
   pw.getHeader()->id=dh->id;
   pw.getHeader()->qr=dh->qr;
   pw.getHeader()->aa=dh->aa;
@@ -149,7 +149,7 @@ static bool addOrReplaceECSOption(std::vector<std::pair<uint16_t, std::string>>&
   return true;
 }
 
-static bool slowRewriteQueryWithExistingEDNS(const std::vector<uint8_t>& initialPacket, vector<uint8_t>& newContent, bool& ednsAdded, bool& ecsAdded, bool overrideExisting, const string& newECSOption)
+static bool slowRewriteQueryWithExistingEDNS(const PacketBuffer& initialPacket, PacketBuffer& newContent, bool& ednsAdded, bool& ecsAdded, bool overrideExisting, const string& newECSOption)
 {
   assert(initialPacket.size() >= sizeof(dnsheader));
   const struct dnsheader* dh = reinterpret_cast<const struct dnsheader*>(initialPacket.data());
@@ -165,7 +165,7 @@ static bool slowRewriteQueryWithExistingEDNS(const std::vector<uint8_t>& initial
     throw std::runtime_error("slowRewriteQueryWithExistingEDNS() should not be called for queries that have no EDNS");
   }
 
-  GenericPacketReader<std::vector<uint8_t>> pr(initialPacket);
+  PacketReader pr(pdns_string_view(reinterpret_cast<const char*>(initialPacket.data()), initialPacket.size()));
 
   size_t idx = 0;
   DNSName rrname;
@@ -182,7 +182,7 @@ static bool slowRewriteQueryWithExistingEDNS(const std::vector<uint8_t>& initial
   rrtype = pr.get16BitInt();
   rrclass = pr.get16BitInt();
 
-  DNSPacketWriter pw(newContent, rrname, rrtype, rrclass, dh->opcode);
+  GenericDNSPacketWriter<PacketBuffer> pw(newContent, rrname, rrtype, rrclass, dh->opcode);
   pw.getHeader()->id=dh->id;
   pw.getHeader()->qr=dh->qr;
   pw.getHeader()->aa=dh->aa;
@@ -261,7 +261,7 @@ static bool slowRewriteQueryWithExistingEDNS(const std::vector<uint8_t>& initial
   return true;
 }
 
-static bool slowParseEDNSOptions(const std::vector<uint8_t>& packet, std::shared_ptr<std::map<uint16_t, EDNSOptionView> >& options)
+static bool slowParseEDNSOptions(const PacketBuffer& packet, std::shared_ptr<std::map<uint16_t, EDNSOptionView> >& options)
 {
   if (packet.size() < sizeof(dnsheader)) {
     return false;
@@ -317,7 +317,7 @@ static bool slowParseEDNSOptions(const std::vector<uint8_t>& packet, std::shared
   return true;
 }
 
-int locateEDNSOptRR(const std::vector<uint8_t>& packet, uint16_t * optStart, size_t * optLen, bool * last)
+int locateEDNSOptRR(const PacketBuffer& packet, uint16_t * optStart, size_t * optLen, bool * last)
 {
   assert(optStart != NULL);
   assert(optLen != NULL);
@@ -327,7 +327,7 @@ int locateEDNSOptRR(const std::vector<uint8_t>& packet, uint16_t * optStart, siz
   if (ntohs(dh->arcount) == 0)
     return ENOENT;
 
-  GenericPacketReader<std::vector<uint8_t>> pr(packet);
+  PacketReader pr(pdns_string_view(reinterpret_cast<const char*>(packet.data()), packet.size()));
 
   size_t idx = 0;
   DNSName rrname;
@@ -384,7 +384,7 @@ int locateEDNSOptRR(const std::vector<uint8_t>& packet, uint16_t * optStart, siz
 }
 
 /* extract the start of the OPT RR in a QUERY packet if any */
-int getEDNSOptionsStart(const std::vector<uint8_t>& packet, const size_t offset, uint16_t* optRDPosition, size_t* remaining)
+int getEDNSOptionsStart(const PacketBuffer& packet, const size_t offset, uint16_t* optRDPosition, size_t* remaining)
 {
   assert(optRDPosition != nullptr);
   assert(remaining != nullptr);
@@ -437,7 +437,7 @@ void generateECSOption(const ComboAddress& source, string& res, uint16_t ECSPref
   generateEDNSOption(EDNSOptionCode::ECS, payload, res);
 }
 
-bool generateOptRR(const std::string& optRData, std::vector<uint8_t>& res, size_t maximumSize, uint16_t udpPayloadSize, uint8_t ednsrcode, bool dnssecOK)
+bool generateOptRR(const std::string& optRData, PacketBuffer& res, size_t maximumSize, uint16_t udpPayloadSize, uint8_t ednsrcode, bool dnssecOK)
 {
   const uint8_t name = 0;
   dnsrecordheader dh;
@@ -464,7 +464,7 @@ bool generateOptRR(const std::string& optRData, std::vector<uint8_t>& res, size_
   return true;
 }
 
-static bool replaceEDNSClientSubnetOption(std::vector<uint8_t>& packet, size_t maximumSize, size_t const oldEcsOptionStartPosition, size_t const oldEcsOptionSize, size_t const optRDLenPosition, const string& newECSOption)
+static bool replaceEDNSClientSubnetOption(PacketBuffer& packet, size_t maximumSize, size_t const oldEcsOptionStartPosition, size_t const oldEcsOptionSize, size_t const optRDLenPosition, const string& newECSOption)
 {
   assert(oldEcsOptionStartPosition < packet.size());
   assert(optRDLenPosition < packet.size());
@@ -536,7 +536,7 @@ bool parseEDNSOptions(const DNSQuestion& dq)
   return false;
 }
 
-static bool addECSToExistingOPT(std::vector<uint8_t>& packet, size_t maximumSize, const string& newECSOption, size_t optRDLenPosition, bool& ecsAdded)
+static bool addECSToExistingOPT(PacketBuffer& packet, size_t maximumSize, const string& newECSOption, size_t optRDLenPosition, bool& ecsAdded)
 {
   /* we need to add one EDNS0 ECS option, fixing the size of EDNS0 RDLENGTH */
   /* getEDNSOptionsStart has already checked that there is exactly one AR,
@@ -562,7 +562,7 @@ static bool addECSToExistingOPT(std::vector<uint8_t>& packet, size_t maximumSize
   return true;
 }
 
-static bool addEDNSWithECS(std::vector<uint8_t>& packet, size_t maximumSize, const string& newECSOption, bool& ednsAdded, bool& ecsAdded)
+static bool addEDNSWithECS(PacketBuffer& packet, size_t maximumSize, const string& newECSOption, bool& ednsAdded, bool& ecsAdded)
 {
   if (!generateOptRR(newECSOption, packet, maximumSize, g_EdnsUDPPayloadSize, 0, false)) {
     return false;
@@ -578,14 +578,14 @@ static bool addEDNSWithECS(std::vector<uint8_t>& packet, size_t maximumSize, con
   return true;
 }
 
-bool handleEDNSClientSubnet(std::vector<uint8_t>& packet, const size_t maximumSize, const size_t qnameWireLength, bool& ednsAdded, bool& ecsAdded, bool overrideExisting, const string& newECSOption)
+bool handleEDNSClientSubnet(PacketBuffer& packet, const size_t maximumSize, const size_t qnameWireLength, bool& ednsAdded, bool& ecsAdded, bool overrideExisting, const string& newECSOption)
 {
   assert(qnameWireLength <= packet.size());
 
   const struct dnsheader* dh = reinterpret_cast<const struct dnsheader*>(packet.data());
 
   if (ntohs(dh->ancount) != 0 || ntohs(dh->nscount) != 0 || (ntohs(dh->arcount) != 0 && ntohs(dh->arcount) != 1)) {
-    vector<uint8_t> newContent;
+    PacketBuffer newContent;
     newContent.reserve(packet.size());
 
     if (!slowRewriteQueryWithExistingEDNS(packet, newContent, ednsAdded, ecsAdded, overrideExisting, newECSOption)) {
@@ -709,7 +709,7 @@ int removeEDNSOptionFromOPT(char* optStart, size_t* optLen, const uint16_t optio
   return 0;
 }
 
-bool isEDNSOptionInOpt(const std::vector<uint8_t>& packet, const size_t optStart, const size_t optLen, const uint16_t optionCodeToFind, size_t* optContentStart, uint16_t* optContentLen)
+bool isEDNSOptionInOpt(const PacketBuffer& packet, const size_t optStart, const size_t optLen, const uint16_t optionCodeToFind, size_t* optContentStart, uint16_t* optContentLen)
 {
   if (optLen < optRecordMinimumSize) {
     return false;
@@ -748,7 +748,7 @@ bool isEDNSOptionInOpt(const std::vector<uint8_t>& packet, const size_t optStart
   return false;
 }
 
-int rewriteResponseWithoutEDNSOption(const std::vector<uint8_t>& initialPacket, const uint16_t optionCodeToSkip, vector<uint8_t>& newContent)
+int rewriteResponseWithoutEDNSOption(const PacketBuffer& initialPacket, const uint16_t optionCodeToSkip, PacketBuffer& newContent)
 {
   assert(initialPacket.size() >= sizeof(dnsheader));
   const struct dnsheader* dh = reinterpret_cast<const struct dnsheader*>(initialPacket.data());
@@ -759,7 +759,7 @@ int rewriteResponseWithoutEDNSOption(const std::vector<uint8_t>& initialPacket,
   if (ntohs(dh->qdcount) == 0)
     return ENOENT;
 
-  GenericPacketReader<std::vector<uint8_t>> pr(initialPacket);
+  PacketReader pr(pdns_string_view(reinterpret_cast<const char*>(initialPacket.data()), initialPacket.size()));
 
   size_t idx = 0;
   DNSName rrname;
@@ -776,7 +776,7 @@ int rewriteResponseWithoutEDNSOption(const std::vector<uint8_t>& initialPacket,
   rrtype = pr.get16BitInt();
   rrclass = pr.get16BitInt();
 
-  DNSPacketWriter pw(newContent, rrname, rrtype, rrclass, dh->opcode);
+  GenericDNSPacketWriter<PacketBuffer> pw(newContent, rrname, rrtype, rrclass, dh->opcode);
   pw.getHeader()->id=dh->id;
   pw.getHeader()->qr=dh->qr;
   pw.getHeader()->aa=dh->aa;
@@ -845,7 +845,7 @@ int rewriteResponseWithoutEDNSOption(const std::vector<uint8_t>& initialPacket,
   return 0;
 }
 
-bool addEDNS(std::vector<uint8_t>& packet, size_t maximumSize, bool dnssecOK, uint16_t payloadSize, uint8_t ednsrcode)
+bool addEDNS(PacketBuffer& packet, size_t maximumSize, bool dnssecOK, uint16_t payloadSize, uint8_t ednsrcode)
 {
   if (!generateOptRR(std::string(), packet, maximumSize, payloadSize, ednsrcode, dnssecOK)) {
     return false;