Skip to content

Commit d0ea907

Browse files
dcearadceara
committed
pinctrl: dns: Ignore additional additional records.
EDNS is backwards compatible so it's safe to just ignore additional ARs. Reported-at: ovn-org#228 Reported-at: https://issues.redhat.com/browse/FDP-222 Signed-off-by: Dumitru Ceara <dceara@redhat.com>
1 parent 8b15ea3 commit d0ea907

File tree

1 file changed

+10
-10
lines changed

1 file changed

+10
-10
lines changed

controller/pinctrl.c

+10-10
Original file line numberDiff line numberDiff line change
@@ -2872,6 +2872,7 @@ dns_build_ptr_answer(
28722872
}
28732873

28742874
#define DNS_RCODE_SERVER_REFUSE 0x5
2875+
#define DNS_QUERY_TYPE_CLASS_LEN (2 * sizeof(ovs_be16))
28752876

28762877
/* Called with in the pinctrl_handler thread context. */
28772878
static void
@@ -2935,18 +2936,13 @@ pinctrl_handle_dns_lookup(
29352936
goto exit;
29362937
}
29372938

2938-
/* Check if there is an additional record present, which is unsupported */
2939-
if (in_dns_header->arcount) {
2940-
VLOG_DBG_RL(&rl, "Received DNS query with additional records, which"
2941-
" is unsupported");
2942-
goto exit;
2943-
}
2944-
29452939
struct udp_header *in_udp = dp_packet_l4(pkt_in);
29462940
size_t udp_len = ntohs(in_udp->udp_len);
29472941
size_t l4_len = dp_packet_l4_size(pkt_in);
2942+
uint8_t *l4_start = (uint8_t *) in_udp;
29482943
uint8_t *end = (uint8_t *)in_udp + MIN(udp_len, l4_len);
29492944
uint8_t *in_dns_data = (uint8_t *)(in_dns_header + 1);
2945+
uint8_t *in_dns_data_start = in_dns_data;
29502946
uint8_t *in_queryname = in_dns_data;
29512947
uint16_t idx = 0;
29522948
struct ds query_name;
@@ -2970,7 +2966,7 @@ pinctrl_handle_dns_lookup(
29702966
in_dns_data += idx;
29712967

29722968
/* Query should have TYPE and CLASS fields */
2973-
if (in_dns_data + (2 * sizeof(ovs_be16)) > end) {
2969+
if (in_dns_data + DNS_QUERY_TYPE_CLASS_LEN > end) {
29742970
ds_destroy(&query_name);
29752971
goto exit;
29762972
}
@@ -2984,6 +2980,10 @@ pinctrl_handle_dns_lookup(
29842980
goto exit;
29852981
}
29862982

2983+
uint8_t *rest = in_dns_data + DNS_QUERY_TYPE_CLASS_LEN;
2984+
uint32_t query_size = rest - in_dns_data_start;
2985+
uint32_t query_l4_size = rest - l4_start;
2986+
29872987
uint64_t dp_key = ntohll(pin->flow_metadata.flow.metadata);
29882988
const char *answer_data = NULL;
29892989
bool ovn_owned = false;
@@ -3066,7 +3066,7 @@ pinctrl_handle_dns_lookup(
30663066
goto exit;
30673067
}
30683068

3069-
uint16_t new_l4_size = ntohs(in_udp->udp_len) + dns_answer.size;
3069+
uint16_t new_l4_size = query_l4_size + dns_answer.size;
30703070
size_t new_packet_size = pkt_in->l4_ofs + new_l4_size;
30713071
struct dp_packet pkt_out;
30723072
dp_packet_init(&pkt_out, new_packet_size);
@@ -3103,7 +3103,7 @@ pinctrl_handle_dns_lookup(
31033103
out_dns_header->arcount = 0;
31043104

31053105
/* Copy the Query section. */
3106-
dp_packet_put(&pkt_out, dp_packet_data(pkt_in), dp_packet_size(pkt_in));
3106+
dp_packet_put(&pkt_out, dp_packet_data(pkt_in), query_size);
31073107

31083108
/* Copy the answer sections. */
31093109
dp_packet_put(&pkt_out, dns_answer.data, dns_answer.size);

0 commit comments

Comments
 (0)