From: W.C.A. Wijngaards Date: Mon, 3 Oct 2022 07:53:41 +0000 (+0200) Subject: - Fix to remove erroneous TC flag from TCP upstream. X-Git-Tag: release-1.17.0rc1~17 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a102fb1df888d8a5eee07b7cc3f8f1d6d4cda840;p=thirdparty%2Funbound.git - Fix to remove erroneous TC flag from TCP upstream. --- diff --git a/doc/Changelog b/doc/Changelog index bbcef6f31..2c9ed1aba 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +3 October 2022: Wouter + - Fix to remove erroneous TC flag from TCP upstream. + 26 September 2022: George - Better output for skipped tdir tests. diff --git a/iterator/iterator.c b/iterator/iterator.c index da9b7990c..b99b188e6 100644 --- a/iterator/iterator.c +++ b/iterator/iterator.c @@ -3990,6 +3990,8 @@ process_response(struct module_qstate* qstate, struct iter_qstate* iq, /* remove CD-bit, we asked for in case we handle validation ourself */ prs->flags &= ~BIT_CD; + /* remove TC flag, if this is erroneously set by TCP upstream */ + prs->flags &= ~BIT_TC; /* normalize and sanitize: easy to delete items from linked lists */ if(!scrub_message(pkt, prs, &iq->qinfo_out, iq->dp->name, diff --git a/testdata/iter_auth_tc.rpl b/testdata/iter_auth_tc.rpl new file mode 100644 index 000000000..2136ca8b0 --- /dev/null +++ b/testdata/iter_auth_tc.rpl @@ -0,0 +1,123 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authoritative response with erroneous TC flag + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +; erroneous TC flag here +REPLY QR TC NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/testdata/stub_auth_tc.tdir/stub_auth_tc.conf b/testdata/stub_auth_tc.tdir/stub_auth_tc.conf new file mode 100644 index 000000000..b74942799 --- /dev/null +++ b/testdata/stub_auth_tc.tdir/stub_auth_tc.conf @@ -0,0 +1,16 @@ +server: + verbosity: 4 + # num-threads: 1 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: . + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + +stub-zone: + name: "example.com" + stub-addr: "127.0.0.1@@TOPORT@" + diff --git a/testdata/stub_auth_tc.tdir/stub_auth_tc.dsc b/testdata/stub_auth_tc.tdir/stub_auth_tc.dsc new file mode 100644 index 000000000..1f71961f1 --- /dev/null +++ b/testdata/stub_auth_tc.tdir/stub_auth_tc.dsc @@ -0,0 +1,16 @@ +BaseName: stub_auth_tc +Version: 1.0 +Description: Authority reply with erroneous TC in TCP +CreationDate: Mon Oct 3 09:11:32 CEST 2022 +Maintainer: dr. W.C.A. Wijngaards +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: stub_auth_tc.pre +Post: stub_auth_tc.post +Test: stub_auth_tc.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/stub_auth_tc.tdir/stub_auth_tc.post b/testdata/stub_auth_tc.tdir/stub_auth_tc.post new file mode 100644 index 000000000..907a885e4 --- /dev/null +++ b/testdata/stub_auth_tc.tdir/stub_auth_tc.post @@ -0,0 +1,11 @@ +# #-- stub_auth_tc.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +. ../common.sh +kill_pid $FWD_PID +kill_pid $UNBOUND_PID + diff --git a/testdata/stub_auth_tc.tdir/stub_auth_tc.pre b/testdata/stub_auth_tc.tdir/stub_auth_tc.pre new file mode 100644 index 000000000..2f7e317bc --- /dev/null +++ b/testdata/stub_auth_tc.tdir/stub_auth_tc.pre @@ -0,0 +1,31 @@ +# #-- stub_auth_tc.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh +get_random_port 2 +UNBOUND_PORT=$RND_PORT +FWD_PORT=$(($RND_PORT + 1)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test + +# start forwarder +get_ldns_testns +$LDNS_TESTNS -p $FWD_PORT stub_auth_tc.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < stub_auth_tc.conf > ub.conf +# start unbound in the background +PRE="../.." +$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_ldns_testns_up fwd.log +wait_unbound_up unbound.log + diff --git a/testdata/stub_auth_tc.tdir/stub_auth_tc.test b/testdata/stub_auth_tc.tdir/stub_auth_tc.test new file mode 100644 index 000000000..2d3df5365 --- /dev/null +++ b/testdata/stub_auth_tc.tdir/stub_auth_tc.test @@ -0,0 +1,26 @@ +# #-- stub_auth_tc.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +# do the test +echo "> dig www.example.com." +dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +echo "> cat logfiles" +cat fwd.log +cat unbound.log +echo "> check answer" +if grep "10.20.30.42" outfile; then + echo "OK" +else + echo "Not OK" + exit 1 +fi +if grep "flags:" outfile | grep " tc "; then + echo "Not OK, TC flag in output" + exit 1 +fi + +exit 0 diff --git a/testdata/stub_auth_tc.tdir/stub_auth_tc.testns b/testdata/stub_auth_tc.tdir/stub_auth_tc.testns new file mode 100644 index 000000000..f2829add4 --- /dev/null +++ b/testdata/stub_auth_tc.tdir/stub_auth_tc.testns @@ -0,0 +1,26 @@ +; nameserver test file +$ORIGIN example.com. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname UDP +REPLY QR AA TC NOERROR +ADJUST copy_id +SECTION QUESTION +www IN A +SECTION ANSWER +www IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname TCP +; erroneous TC flag here. +REPLY QR AA TC NOERROR +ADJUST copy_id +SECTION QUESTION +www IN A +SECTION ANSWER +www IN A 10.20.30.40 +www IN A 10.20.30.41 +www IN A 10.20.30.42 +ENTRY_END