From 2a714c25f8927a8f214cd2b5b04f710839232baf Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Wed, 5 Apr 2023 14:05:46 -0700 Subject: [PATCH 1/3] add a result code for ENOPROTOOPT, EPROTONOSUPPORT there was no isc_result_t value for invalid protocol errors that could be returned from libuv. (cherry picked from commit 0393b54afbe1c4e08691698b05442d0db8b31a4b) --- lib/isc/include/isc/result.h | 1 + lib/isc/netmgr/uverr2result.c | 12 +++++++----- lib/isc/result.c | 1 + 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/lib/isc/include/isc/result.h b/lib/isc/include/isc/result.h index 1b5941178c..5d5195b38f 100644 --- a/lib/isc/include/isc/result.h +++ b/lib/isc/include/isc/result.h @@ -95,6 +95,7 @@ typedef enum isc_result { ISC_R_TLSBADPEERCERT, /*%< TLS peer certificate verification failed */ ISC_R_HTTP2ALPNERROR, /*%< ALPN for HTTP/2 failed */ ISC_R_DOTALPNERROR, /*%< ALPN for DoT failed */ + ISC_R_INVALIDPROTO, /*%< invalid protocol */ DNS_R_LABELTOOLONG = 1 << 16, DNS_R_BADESCAPE, diff --git a/lib/isc/netmgr/uverr2result.c b/lib/isc/netmgr/uverr2result.c index 99ed1b3aa9..9f16ea8271 100644 --- a/lib/isc/netmgr/uverr2result.c +++ b/lib/isc/netmgr/uverr2result.c @@ -90,13 +90,15 @@ isc___nm_uverr2result(int uverr, bool dolog, const char *file, return (ISC_R_MAXSIZE); case UV_ENOTSUP: return (ISC_R_FAMILYNOSUPPORT); + case UV_ENOPROTOOPT: + case UV_EPROTONOSUPPORT: + return (ISC_R_INVALIDPROTO); default: if (dolog) { - UNEXPECTED_ERROR( - file, line, - "unable to convert libuv " - "error code in %s to isc_result: %d: %s", - func, uverr, uv_strerror(uverr)); + UNEXPECTED_ERROR("unable to convert libuv error code " + "in %s (%s:%d) to isc_result: %d: %s", + func, file, line, uverr, + uv_strerror(uverr)); } return (ISC_R_UNEXPECTED); } diff --git a/lib/isc/result.c b/lib/isc/result.c index 24a0053511..f01df3e817 100644 --- a/lib/isc/result.c +++ b/lib/isc/result.c @@ -94,6 +94,7 @@ static const char *description[ISC_R_NRESULTS] = { [ISC_R_TLSBADPEERCERT] = "TLS peer certificate verification failed", [ISC_R_HTTP2ALPNERROR] = "ALPN for HTTP/2 failed", [ISC_R_DOTALPNERROR] = "ALPN for DoT failed", + [ISC_R_INVALIDPROTO] = "invalid protocol", [DNS_R_LABELTOOLONG] = "label too long", [DNS_R_BADESCAPE] = "bad escape", From 960e4dadd2bf3d3f00bffaeca756b91a9e127189 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Wed, 5 Apr 2023 14:05:46 -0700 Subject: [PATCH 2/3] check for invalid protocol when dispatch fails treat ISC_R_INVALIDPROTO as a networking error when it occurs. (cherry picked from commit 2269a3e6fbcc5708c15aedd396df2a77a60f58bc) --- lib/dns/resolver.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index 9545560bfa..b09813d444 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -8178,6 +8178,7 @@ rctx_dispfail(respctx_t *rctx) { case ISC_R_NETUNREACH: case ISC_R_CONNREFUSED: case ISC_R_CONNECTIONRESET: + case ISC_R_INVALIDPROTO: case ISC_R_CANCELED: case ISC_R_SHUTTINGDOWN: rctx->broken_server = rctx->result; From 89b1f25c44e89a9d6d61e3b2e98aa08a53d35d7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Fri, 21 Apr 2023 10:16:44 +0200 Subject: [PATCH 3/3] Add CHANGES and release note for [GL #4005] (cherry picked from commit c233cd621b3920e0308842637345653414c5ac7e) --- CHANGES | 4 ++++ doc/notes/notes-current.rst | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 7d321d9c53..02066bfd83 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +6155. [bug] Treat ISC_R_INVALIDPROTO as a networking error + in the dispatch code to avoid retrying with the + same server. [GL #4005]< + 6149. [test] As a workaround, include an OpenSSL header file before including cmocka.h in the unit tests, because OpenSSL 3.1.0 uses __attribute__(malloc), conflicting with a diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index f432e1ef0e..212fdb166b 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -35,7 +35,9 @@ Feature Changes Bug Fixes ~~~~~~~~~ -- None. +- When ISC_R_INVALIDPROTO (ENOPROTOOPT, EPROTONOSUPPORT) is returned from + libuv, treat it as a network failure, mark the server as broken and don't + try again. :gl:`#4005` Known Issues ~~~~~~~~~~~~