[Dnsmasq-discuss] [PATCH] Fix ipset support.

Simon Kelley simon at thekelleys.org.uk
Wed Jun 30 11:35:13 UTC 2021


Path applied to mainline.



Simon.

On 29/06/2021 14:48, Etan Kissling wrote:
> This fixes a problem with ipset processing that got recently introduced
> when `extract_request` filtering was tightened. During the recent change
> an incorrect assumption was made that `extract_request` was only called
> for requests but with ipset it is also called when processing responses.
> 
> The fix ensures that the new filters only apply to requests (QR=0 @ hdr)
> 
> Signed-off-by: Etan Kissling <etan.kissling at gmail.com>
> ---
>  src/rfc1035.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/src/rfc1035.c b/src/rfc1035.c
> index a163919..9f4504e 100644
> --- a/src/rfc1035.c
> +++ b/src/rfc1035.c
> @@ -982,10 +982,12 @@ unsigned int extract_request(struct dns_header *header, size_t qlen, char *name,
>  
>    *name = 0; /* return empty name if no query found. */
>    
> -  if (ntohs(header->qdcount) != 1 || OPCODE(header) != QUERY ||
> -      ntohs(header->ancount) != 0 || ntohs(header->nscount) != 0)
> +  if (ntohs(header->qdcount) != 1 || OPCODE(header) != QUERY)
>      return 0; /* must be exactly one query. */
>    
> +  if (!(header->hb3 & HB3_QR) && (ntohs(header->ancount) != 0 || ntohs(header->nscount) != 0))
> +    return 0; /* non-standard query. */
> +  
>    if (!extract_name(header, qlen, &p, name, 1, 4))
>      return 0; /* bad packet */
>     
> 




More information about the Dnsmasq-discuss mailing list