[Dnsmasq-discuss] [PATCH] Fix ipset support.
Simon Kelley
simon at thekelleys.org.uk
Wed Jun 30 11:35:13 UTC 2021
Path applied to mainline.
Simon.
On 29/06/2021 14:48, Etan Kissling wrote:
> This fixes a problem with ipset processing that got recently introduced
> when `extract_request` filtering was tightened. During the recent change
> an incorrect assumption was made that `extract_request` was only called
> for requests but with ipset it is also called when processing responses.
>
> The fix ensures that the new filters only apply to requests (QR=0 @ hdr)
>
> Signed-off-by: Etan Kissling <etan.kissling at gmail.com>
> ---
> src/rfc1035.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/src/rfc1035.c b/src/rfc1035.c
> index a163919..9f4504e 100644
> --- a/src/rfc1035.c
> +++ b/src/rfc1035.c
> @@ -982,10 +982,12 @@ unsigned int extract_request(struct dns_header *header, size_t qlen, char *name,
>
> *name = 0; /* return empty name if no query found. */
>
> - if (ntohs(header->qdcount) != 1 || OPCODE(header) != QUERY ||
> - ntohs(header->ancount) != 0 || ntohs(header->nscount) != 0)
> + if (ntohs(header->qdcount) != 1 || OPCODE(header) != QUERY)
> return 0; /* must be exactly one query. */
>
> + if (!(header->hb3 & HB3_QR) && (ntohs(header->ancount) != 0 || ntohs(header->nscount) != 0))
> + return 0; /* non-standard query. */
> +
> if (!extract_name(header, qlen, &p, name, 1, 4))
> return 0; /* bad packet */
>
>
More information about the Dnsmasq-discuss
mailing list