From: Vladimír Čunát Date: Fri, 3 Nov 2023 11:31:06 +0000 (+0100) Subject: lib/zonecut.c fetch_addr(): resurrect filtering by NO_IPV* X-Git-Tag: v6.0.5~17^2^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3bbda0ad5607bde9303bdacbf51fd5f010b0ca23;p=thirdparty%2Fknot-resolver.git lib/zonecut.c fetch_addr(): resurrect filtering by NO_IPV* This filtering was dropped in 4565cc596680 (v5.3.0). Now it's reintroduced - but inside the function, as that seems nicer. Nit: naming and comment were updated to fit the current usage. As the code is designed so far (in whole history probably), in order to detect whether we need to choose a zone cut closer to the root, we need to do something like this in lib/zonecut.c already, instead of just during server selection. I don't think this change can break anything. Fetching unusable addresses from cache seems pointless, as selection wouldn't be allowed to use them or try resolving them. --- diff --git a/NEWS b/NEWS index fa25a72a2..72f022fa3 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,11 @@ +Knot Resolver 5.x.y (202y-mm-dd) +================================ + +Bugfixes +-------- +- fix potential SERVFAIL deadlocks if net.ipv6 = false (#880) + + Knot Resolver 5.7.0 (2023-08-22) ================================ diff --git a/lib/zonecut.c b/lib/zonecut.c index 4ec403672..2bbd26fcc 100644 --- a/lib/zonecut.c +++ b/lib/zonecut.c @@ -19,8 +19,7 @@ /** Information for one NS name + address type. */ typedef enum { AI_UNINITED = 0, - AI_REPUT, /**< Don't use this addrset, due to: cache_rep, NO_IPV6, ... - * cache_rep approximates various problems when fetching the RRset. */ + AI_DISABLED, /**< Can't use this addrset. */ AI_CYCLED, /**< Skipped due to cycle detection; see implementation for details. */ AI_LAST_BAD = AI_CYCLED, /** bad states: <= AI_LAST_BAD */ AI_UNKNOWN, /**< Don't know status of this RRset; various reasons. */ @@ -289,9 +288,13 @@ static addrset_info_t fetch_addr(pack_t *addrs, const knot_dname_t *ns, uint16_t int rdlen; switch (rrtype) { case KNOT_RRTYPE_A: + if (qry->flags.NO_IPV4) + return AI_DISABLED; rdlen = 4; break; case KNOT_RRTYPE_AAAA: + if (qry->flags.NO_IPV6 || no6_is_bad()) + return AI_DISABLED; rdlen = 16; break; default: