Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
D
Dnsmasq
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Locked Files
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Security & Compliance
Security & Compliance
Dependency List
License Compliance
Packages
Packages
List
Container Registry
Analytics
Analytics
CI / CD
Code Review
Insights
Issues
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nanahira
Dnsmasq
Commits
5aa5f0ff
Commit
5aa5f0ff
authored
Dec 21, 2015
by
Simon Kelley
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Truncate DNS replies >512 bytes that the client isn't expecting.
parent
5bb88f09
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
17 additions
and
5 deletions
+17
-5
src/edns0.c
src/edns0.c
+2
-3
src/forward.c
src/forward.c
+15
-2
No files found.
src/edns0.c
View file @
5aa5f0ff
...
...
@@ -340,7 +340,6 @@ int check_source(struct dns_header *header, size_t plen, unsigned char *pseudohe
{
/* Section 9.2, Check that subnet option in reply matches. */
int
len
,
calc_len
;
struct
subnet_opt
opt
;
unsigned
char
*
p
;
...
...
src/forward.c
View file @
5aa5f0ff
...
...
@@ -485,8 +485,8 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
packet size to 512. But that won't provide space for the RRSIGS in many cases.
The RRSIGS will be stripped out before the answer goes back, so the packet should
shrink again. So, if we added a do-bit, bump the udp packet size to the value
known to be OK for this server.
Mayb
e check returned size after stripping and set
the truncated bit
?
*/
known to be OK for this server.
W
e check returned size after stripping and set
the truncated bit
if it's still too big.
*/
unsigned
char
*
pheader
;
int
is_sign
;
if
(
find_pseudoheader
(
header
,
plen
,
NULL
,
&
pheader
,
&
is_sign
,
NULL
)
&&
!
is_sign
)
...
...
@@ -1028,6 +1028,19 @@ void reply_query(int fd, int family, time_t now)
{
header
->
id
=
htons
(
forward
->
orig_id
);
header
->
hb4
|=
HB4_RA
;
/* recursion if available */
#ifdef HAVE_DNSSEC
/* We added an EDNSO header for the purpose of getting DNSSEC RRs, and set the value of the UDP payload size
greater than the no-EDNS0-implied 512 to have if space for the RRSIGS. If, having stripped them and the EDNS0
header, the answer is still bigger than 512, truncate it and mark it so. The client then retries with TCP. */
if
(
option_bool
(
OPT_DNSSEC_VALID
)
&&
(
forward
->
flags
&
FREC_ADDED_PHEADER
)
&&
(
nn
>
PACKETSZ
))
{
header
->
ancount
=
htons
(
0
);
header
->
nscount
=
htons
(
0
);
header
->
arcount
=
htons
(
0
);
header
->
hb3
|=
HB3_TC
;
nn
=
resize_packet
(
header
,
nn
,
NULL
,
0
);
}
#endif
send_from
(
forward
->
fd
,
option_bool
(
OPT_NOWILD
)
||
option_bool
(
OPT_CLEVERBIND
),
daemon
->
packet
,
nn
,
&
forward
->
source
,
&
forward
->
dest
,
forward
->
iface
);
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
