git.ipfire.org Git - thirdparty/pdns.git/commit - regression-tests.dnsdist/test

author	Remi Gacogne <remi.gacogne@powerdns.com>
	Wed, 4 May 2022 16:38:22 +0000 (18:38 +0200)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Wed, 4 May 2022 16:38:22 +0000 (18:38 +0200)
commit	1c9c001cbe327023e5d490e5bc044d67ecae9cf2
tree	648a275096119ffc64ad5c08f3f28375bafce950	tree \| snapshot
parent	5bf256b1473c54ad0cb173a5c51e35a0a3f9183a	commit \| diff

dnsdist: Fix invalid proxy protocol payload on a DoH TC to TCP retry

dnsdist forwards incoming DoH queries to its backend over UDP, and
retry over TCP if the response is truncated (TC=1).
When the proxy protocol is used between dnsdist and its backend, the
second query, over TCP, needs to take into account that the proxy
protocol payload has already been handled. This was not properly done
in that exact case because the proxy protocol payload length was not
propagated to the code handling the TCP communication, leading to
the query ID being edited at the wrong offset in the packet and thus
to an invalid proxy protocol payload.

pdns/dnsdist-tcp.cc		diff \| blob \| blame \| history
pdns/dnsdistdist/dnsdist-tcp-downstream.cc		diff \| blob \| blame \| history
pdns/dnsdistdist/dnsdist-tcp.hh		diff \| blob \| blame \| history
pdns/dnsdistdist/doh.cc		diff \| blob \| blame \| history
regression-tests.dnsdist/dnsdistdohtests.py	[new file with mode: 0644]	blob
regression-tests.dnsdist/test_DOH.py		diff \| blob \| blame \| history
regression-tests.dnsdist/test_ProxyProtocol.py		diff \| blob \| blame \| history