diff options
| author | Lennart Poettering <lennart@poettering.net> | 2020-10-28 09:57:46 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2020-10-28 10:01:07 +0100 |
| commit | b370adb593ef18982e9631a955cde1fb094e7051 (patch) | |
| tree | f95d4770544b080766cce4e1ab7b53780e484753 /src/resolve/resolved-dns-stub.c | |
| parent | 8facd1ce4f3191dcfd418c6514a2e3983ec9c0f2 (diff) | |
| download | systemd-b370adb593ef18982e9631a955cde1fb094e7051.tar.gz | |
resolved: advertise smaller UDP datagram size on extra stubs
Diffstat (limited to 'src/resolve/resolved-dns-stub.c')
| -rw-r--r-- | src/resolve/resolved-dns-stub.c | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/src/resolve/resolved-dns-stub.c b/src/resolve/resolved-dns-stub.c index 445fa86dd1..6fdd26399e 100644 --- a/src/resolve/resolved-dns-stub.c +++ b/src/resolve/resolved-dns-stub.c @@ -15,6 +15,9 @@ * IP and UDP header sizes */ #define ADVERTISE_DATAGRAM_SIZE_MAX (65536U-14U-20U-8U) +/* On the extra stubs, use a more conservative choice */ +#define ADVERTISE_EXTRA_DATAGRAM_SIZE_MAX DNS_PACKET_UNICAST_SIZE_LARGE_MAX + static int manager_dns_stub_fd_extra(Manager *m, DnsStubListenerExtra *l, int type); static void dns_stub_listener_extra_hash_func(const DnsStubListenerExtra *a, struct siphash *state) { @@ -155,14 +158,15 @@ static int dns_stub_finish_reply_packet( bool tc, /* set the Truncated bit? */ bool add_opt, /* add an OPT RR to this packet? */ bool edns0_do, /* set the EDNS0 DNSSEC OK bit? */ - bool ad) { /* set the DNSSEC authenticated data bit? */ + bool ad, /* set the DNSSEC authenticated data bit? */ + uint16_t max_udp_size) { /* The maximum UDP datagram size to advertise to clients */ int r; assert(p); if (add_opt) { - r = dns_packet_append_opt(p, ADVERTISE_DATAGRAM_SIZE_MAX, edns0_do, /* include_rfc6975 = */ false, rcode, NULL); + r = dns_packet_append_opt(p, max_udp_size, edns0_do, /* include_rfc6975 = */ false, rcode, NULL); if (r == -EMSGSIZE) /* Hit the size limit? then indicate truncation */ tc = true; else if (r < 0) @@ -245,7 +249,15 @@ static int dns_stub_send_failure( if (r < 0) return log_debug_errno(r, "Failed to make failure packet: %m"); - r = dns_stub_finish_reply_packet(reply, DNS_PACKET_ID(p), rcode, false, !!p->opt, DNS_PACKET_DO(p), authenticated); + r = dns_stub_finish_reply_packet( + reply, + DNS_PACKET_ID(p), + rcode, + /* truncated = */ false, + !!p->opt, + DNS_PACKET_DO(p), + authenticated, + l ? ADVERTISE_EXTRA_DATAGRAM_SIZE_MAX : ADVERTISE_DATAGRAM_SIZE_MAX); if (r < 0) return log_debug_errno(r, "Failed to build failure packet: %m"); @@ -290,7 +302,8 @@ static void dns_stub_query_complete(DnsQuery *q) { truncated, !!q->request_dns_packet->opt, DNS_PACKET_DO(q->request_dns_packet), - dns_query_fully_authenticated(q)); + dns_query_fully_authenticated(q), + q->stub_listener_extra ? ADVERTISE_EXTRA_DATAGRAM_SIZE_MAX : ADVERTISE_DATAGRAM_SIZE_MAX); if (r < 0) { log_debug_errno(r, "Failed to finish reply packet: %m"); break; |