From: Wouter Wijngaards Date: Wed, 4 Mar 2015 09:06:05 +0000 (+0000) Subject: - many nameservers does not try to compare more than max-sent-count, X-Git-Tag: release-1.5.4~83 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=54771e5b3d892065c2c102e1c44c649047a79114;p=thirdparty%2Funbound.git - many nameservers does not try to compare more than max-sent-count, parse failures start 0x20 fallback procedure. git-svn-id: file:///svn/unbound/trunk@3347 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index a3b05b49a..e709e8fb3 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,10 +1,11 @@ 4 March 2015: Wouter - Patch from Brad Smith that syncs compat/getentropy_linux with OpenBSD's version (2015-03-04). - - 0x20 fallback improved, better handling of servfail responses, - they do not count as missing comparisons (except if all are failed), - and better handling of inability to find nameservers, no more - nameservers can be found results in fallback acceptance. + - 0x20 fallback improved: servfail responses do not count as missing + comparisons (except if all responses are errors), + inability to find nameservers does not fail equality comparisons, + many nameservers does not try to compare more than max-sent-count, + parse failures start 0x20 fallback procedure. 3 March 2015: Wouter - tag 1.5.3rc1 diff --git a/iterator/iterator.c b/iterator/iterator.c index cd7e5b36b..9c425fc11 100644 --- a/iterator/iterator.c +++ b/iterator/iterator.c @@ -1787,7 +1787,8 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, * the original query is one that matched too, so we have * caps_server+1 number of matching queries now */ if(iq->caps_server+1 >= naddr*3 || - iq->caps_server+1 >= MAX_SENT_COUNT) { + iq->caps_server*2+2 >= MAX_SENT_COUNT) { + /* *2 on sentcount check because ipv6 may fail */ /* we're done, process the response */ verbose(VERB_ALGO, "0x20 fallback had %d responses " "match for %d wanted, done.", @@ -2884,8 +2885,18 @@ process_response(struct module_qstate* qstate, struct iter_qstate* iq, /* normalize and sanitize: easy to delete items from linked lists */ if(!scrub_message(pkt, prs, &iq->qchase, iq->dp->name, - qstate->env->scratch, qstate->env, ie)) + qstate->env->scratch, qstate->env, ie)) { + /* if 0x20 enabled, start fallback, but we have no message */ + if(event == module_event_capsfail && !iq->caps_fallback) { + iq->caps_fallback = 1; + iq->caps_server = 0; + iq->caps_reply = NULL; + iq->state = QUERYTARGETS_STATE; + iq->num_current_queries--; + verbose(VERB_DETAIL, "Capsforid: scrub failed, starting fallback with no response"); + } goto handle_it; + } /* allocate response dns_msg in region */ iq->response = dns_alloc_msg(pkt, prs, qstate->region);