upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Fix to remove erroneous TC flag from TCP upstream.

Browse source
This commit is contained in:
W.C.A. Wijngaards 2022-10-03 09:53:41 +02:00
parent 5b98816751
commit a102fb1df8
9 changed files with 254 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
doc/Changelog
View file

@ -1,3 +1,6 @@
3 October 2022: Wouter
- Fix to remove erroneous TC flag from TCP upstream.
26 September 2022: George 26 September 2022: George
- Better output for skipped tdir tests. - Better output for skipped tdir tests.

2
iterator/iterator.c
View file

@ -3990,6 +3990,8 @@ process_response(struct module_qstate* qstate, struct iter_qstate* iq,
/* remove CD-bit, we asked for in case we handle validation ourself */ /* remove CD-bit, we asked for in case we handle validation ourself */
prs->flags &= ~BIT_CD; prs->flags &= ~BIT_CD;
/* remove TC flag, if this is erroneously set by TCP upstream */
prs->flags &= ~BIT_TC;
/* normalize and sanitize: easy to delete items from linked lists */ /* normalize and sanitize: easy to delete items from linked lists */
if(!scrub_message(pkt, prs, &iq->qinfo_out, iq->dp->name, if(!scrub_message(pkt, prs, &iq->qinfo_out, iq->dp->name,

123
testdata/iter_auth_tc.rpl vendored Normal file
View file

@ -0,0 +1,123 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
minimal-responses: no
stub-zone:
name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
CONFIG_END
SCENARIO_BEGIN Test authoritative response with erroneous TC flag
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 100
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
; erroneous TC flag here
REPLY QR TC NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
SCENARIO_END

16
testdata/stub_auth_tc.tdir/stub_auth_tc.conf vendored Normal file
View file

@ -0,0 +1,16 @@
server:
verbosity: 4
# num-threads: 1
interface: 127.0.0.1
port: @PORT@
use-syslog: no
directory: .
pidfile: "unbound.pid"
chroot: ""
username: ""
do-not-query-localhost: no
stub-zone:
name: "example.com"
stub-addr: "127.0.0.1@@TOPORT@"

16
testdata/stub_auth_tc.tdir/stub_auth_tc.dsc vendored Normal file
View file

@ -0,0 +1,16 @@
BaseName: stub_auth_tc
Version: 1.0
Description: Authority reply with erroneous TC in TCP
CreationDate: Mon Oct 3 09:11:32 CEST 2022
Maintainer: dr. W.C.A. Wijngaards
Category:
Component:
CmdDepends:
Depends:
Help:
Pre: stub_auth_tc.pre
Post: stub_auth_tc.post
Test: stub_auth_tc.test
AuxFiles:
Passed:
Failure:

11
testdata/stub_auth_tc.tdir/stub_auth_tc.post vendored Normal file
View file

@ -0,0 +1,11 @@
# #-- stub_auth_tc.post --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# source the test var file when it's there
[ -f .tpkg.var.test ] && source .tpkg.var.test
#
# do your teardown here
. ../common.sh
kill_pid $FWD_PID
kill_pid $UNBOUND_PID

31
testdata/stub_auth_tc.tdir/stub_auth_tc.pre vendored Normal file
View file

@ -0,0 +1,31 @@
# #-- stub_auth_tc.pre--#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
. ../common.sh
get_random_port 2
UNBOUND_PORT=$RND_PORT
FWD_PORT=$(($RND_PORT + 1))
echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test
# start forwarder
get_ldns_testns
$LDNS_TESTNS -p $FWD_PORT stub_auth_tc.testns >fwd.log 2>&1 &
FWD_PID=$!
echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
# make config file
sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < stub_auth_tc.conf > ub.conf
# start unbound in the background
PRE="../.."
$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
UNBOUND_PID=$!
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
cat .tpkg.var.test
wait_ldns_testns_up fwd.log
wait_unbound_up unbound.log

26
testdata/stub_auth_tc.tdir/stub_auth_tc.test vendored Normal file
View file

@ -0,0 +1,26 @@
# #-- stub_auth_tc.test --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
# do the test
echo "> dig www.example.com."
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log
echo "> check answer"
if grep "10.20.30.42" outfile; then
echo "OK"
else
echo "Not OK"
exit 1
fi
if grep "flags:" outfile | grep " tc "; then
echo "Not OK, TC flag in output"
exit 1
fi
exit 0

26
testdata/stub_auth_tc.tdir/stub_auth_tc.testns vendored Normal file
View file

@ -0,0 +1,26 @@
; nameserver test file
$ORIGIN example.com.
$TTL 3600
ENTRY_BEGIN
MATCH opcode qtype qname UDP
REPLY QR AA TC NOERROR
ADJUST copy_id
SECTION QUESTION
www IN A
SECTION ANSWER
www IN A 10.20.30.40
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname TCP
; erroneous TC flag here.
REPLY QR AA TC NOERROR
ADJUST copy_id
SECTION QUESTION
www IN A
SECTION ANSWER
www IN A 10.20.30.40
www IN A 10.20.30.41
www IN A 10.20.30.42
ENTRY_END