From patchwork Fri Feb  9 15:21:17 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Dumitru Ceara <dceara@redhat.com>
X-Patchwork-Id: 1897124
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
 unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=akN+p4Ao;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
 (client-ip=2605:bc80:3010::138; helo=smtp1.osuosl.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org)
Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4TWcyR1fk2z23j0
	for <incoming@patchwork.ozlabs.org>; Sat, 10 Feb 2024 02:21:35 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by smtp1.osuosl.org (Postfix) with ESMTP id CAC008523B;
	Fri,  9 Feb 2024 15:21:32 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp1.osuosl.org ([127.0.0.1])
	by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id kf3lNy8davaE; Fri,  9 Feb 2024 15:21:31 +0000 (UTC)
X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56;
 helo=lists.linuxfoundation.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org BC8C485214
Authentication-Results: smtp1.osuosl.org;
	dkim=fail reason="signature verification failed" (1024-bit key,
 unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=akN+p4Ao
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56])
	by smtp1.osuosl.org (Postfix) with ESMTPS id BC8C485214;
	Fri,  9 Feb 2024 15:21:31 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id 91B0BC0077;
	Fri,  9 Feb 2024 15:21:31 +0000 (UTC)
X-Original-To: ovs-dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133])
 by lists.linuxfoundation.org (Postfix) with ESMTP id E9F3CC0037
 for <ovs-dev@openvswitch.org>; Fri,  9 Feb 2024 15:21:29 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp2.osuosl.org (Postfix) with ESMTP id C537441C41
 for <ovs-dev@openvswitch.org>; Fri,  9 Feb 2024 15:21:29 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp2.osuosl.org ([127.0.0.1])
 by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id aW8Zny1JbmVj for <ovs-dev@openvswitch.org>;
 Fri,  9 Feb 2024 15:21:28 +0000 (UTC)
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.133.124;
 helo=us-smtp-delivery-124.mimecast.com; envelope-from=dceara@redhat.com;
 receiver=<UNKNOWN>
DMARC-Filter: OpenDMARC Filter v1.4.2 smtp2.osuosl.org EEBB94052C
Authentication-Results: smtp2.osuosl.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org EEBB94052C
Authentication-Results: smtp2.osuosl.org; dkim=pass (1024-bit key,
 unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=akN+p4Ao
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by smtp2.osuosl.org (Postfix) with ESMTPS id EEBB94052C
 for <ovs-dev@openvswitch.org>; Fri,  9 Feb 2024 15:21:27 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1707492086;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=BqjGjk8gWazKiMcISFCcp+8BtKSO3CwzvbbIKDU9QAE=;
 b=akN+p4AortGVtYukaRVMwfuxJtFsvoF/a98hzAQ1e8m6KzlcS4DkuTbaIJoEvDJJKIRBwZ
 bzsrcHWPN8E5zSsSMFNmJ3GelhCWUvXcHKbsyZzfuc1qyWXhDpNT2mir2JviIpNPMxZSxO
 mrwkfPatC542JAGsm67Zl5hWBQCeRNw=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-630-MXHZAZ5wMRG1YIGX3ZYO4w-1; Fri, 09 Feb 2024 10:21:23 -0500
X-MC-Unique: MXHZAZ5wMRG1YIGX3ZYO4w-1
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com
 [10.11.54.5])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
 (No client certificate requested)
 by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 176F0828CE2;
 Fri,  9 Feb 2024 15:21:23 +0000 (UTC)
Received: from dceara.remote.csb (unknown [10.39.194.44])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 5EDB11103A;
 Fri,  9 Feb 2024 15:21:22 +0000 (UTC)
From: Dumitru Ceara <dceara@redhat.com>
To: ovs-dev@openvswitch.org
Date: Fri,  9 Feb 2024 16:21:17 +0100
Message-Id: <20240209152117.957387-1-dceara@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.5
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Subject: [ovs-dev] [PATCH ovn v2] pinctrl: dns: Ignore additional records.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

EDNS is backwards compatible so it's safe to just ignore additional ARs.

Reported-at: https://github.com/ovn-org/ovn/issues/228
Reported-at: https://issues.redhat.com/browse/FDP-222
Signed-off-by: Dumitru Ceara <dceara@redhat.com>
Acked-by: Mark Michelson <mmichels@redhat.com>
---
V2:
- Addressed Mark's comments:
  - fixed subject
  - added test
---
 controller/pinctrl.c | 20 ++++++++---------
 tests/ovn.at         | 51 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 61 insertions(+), 10 deletions(-)

diff --git a/controller/pinctrl.c b/controller/pinctrl.c
index faa3f92260..98b29de9ff 100644
--- a/controller/pinctrl.c
+++ b/controller/pinctrl.c
@@ -2887,6 +2887,7 @@ dns_build_ptr_answer(
 }
 
 #define DNS_RCODE_SERVER_REFUSE 0x5
+#define DNS_QUERY_TYPE_CLASS_LEN (2 * sizeof(ovs_be16))
 
 /* Called with in the pinctrl_handler thread context. */
 static void
@@ -2950,18 +2951,13 @@ pinctrl_handle_dns_lookup(
         goto exit;
     }
 
-    /* Check if there is an additional record present, which is unsupported */
-    if (in_dns_header->arcount) {
-        VLOG_DBG_RL(&rl, "Received DNS query with additional records, which"
-                    " is unsupported");
-        goto exit;
-    }
-
     struct udp_header *in_udp = dp_packet_l4(pkt_in);
     size_t udp_len = ntohs(in_udp->udp_len);
     size_t l4_len = dp_packet_l4_size(pkt_in);
+    uint8_t *l4_start = (uint8_t *) in_udp;
     uint8_t *end = (uint8_t *)in_udp + MIN(udp_len, l4_len);
     uint8_t *in_dns_data = (uint8_t *)(in_dns_header + 1);
+    uint8_t *in_dns_data_start = in_dns_data;
     uint8_t *in_queryname = in_dns_data;
     uint16_t idx = 0;
     struct ds query_name;
@@ -2985,7 +2981,7 @@ pinctrl_handle_dns_lookup(
     in_dns_data += idx;
 
     /* Query should have TYPE and CLASS fields */
-    if (in_dns_data + (2 * sizeof(ovs_be16)) > end) {
+    if (in_dns_data + DNS_QUERY_TYPE_CLASS_LEN > end) {
         ds_destroy(&query_name);
         goto exit;
     }
@@ -2999,6 +2995,10 @@ pinctrl_handle_dns_lookup(
         goto exit;
     }
 
+    uint8_t *rest = in_dns_data + DNS_QUERY_TYPE_CLASS_LEN;
+    uint32_t query_size = rest - in_dns_data_start;
+    uint32_t query_l4_size = rest - l4_start;
+
     uint64_t dp_key = ntohll(pin->flow_metadata.flow.metadata);
     const char *answer_data = NULL;
     bool ovn_owned = false;
@@ -3081,7 +3081,7 @@ pinctrl_handle_dns_lookup(
         goto exit;
     }
 
-    uint16_t new_l4_size = ntohs(in_udp->udp_len) +  dns_answer.size;
+    uint16_t new_l4_size = query_l4_size + dns_answer.size;
     size_t new_packet_size = pkt_in->l4_ofs + new_l4_size;
     struct dp_packet pkt_out;
     dp_packet_init(&pkt_out, new_packet_size);
@@ -3118,7 +3118,7 @@ pinctrl_handle_dns_lookup(
     out_dns_header->arcount = 0;
 
     /* Copy the Query section. */
-    dp_packet_put(&pkt_out, dp_packet_data(pkt_in), dp_packet_size(pkt_in));
+    dp_packet_put(&pkt_out, dp_packet_data(pkt_in), query_size);
 
     /* Copy the answer sections. */
     dp_packet_put(&pkt_out, dns_answer.data, dns_answer.size);
diff --git a/tests/ovn.at b/tests/ovn.at
index 2cf335cf45..6b0b80bfc1 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -11455,6 +11455,57 @@ OVN_CLEANUP([hv1])
 AT_CLEANUP
 ])
 
+OVN_FOR_EACH_NORTHD([
+AT_SETUP([dns lookup : EDNS])
+AT_SKIP_IF([test $HAVE_SCAPY = no])
+ovn_start
+
+check ovn-nbctl ls-add ls \
+    -- lsp-add ls lsp     \
+    -- lsp-set-addresses lsp "00:00:00:00:00:01 10.0.0.1"
+
+d=$(ovn-nbctl create dns records={})
+
+check ovn-nbctl set dns $d records:foo.ovn.org="10.0.0.42"
+check ovn-nbctl set Logical_switch ls dns_records="$d"
+
+net_add n1
+sim_add hv1
+
+as hv1
+ovs-vsctl add-br br-phys
+ovn_attach n1 br-phys 192.168.0.1
+ovs-vsctl -- add-port br-int hv1-vif1 -- \
+    set interface hv1-vif1 external-ids:iface-id=lsp \
+    options:tx_pcap=hv1/vif1-tx.pcap \
+    options:rxq_pcap=hv1/vif1-rx.pcap
+
+OVN_POPULATE_ARP
+wait_for_ports_up
+check ovn-nbctl --wait=hv sync
+
+dns_req=$(fmt_pkt "Ether(dst='00:00:00:00:00:02', src='00:00:00:00:00:01') / \
+                   IP(dst='10.0.0.254', src='10.0.0.1') / \
+                   UDP(sport=42424, dport=53) / \
+                   DNS(rd=1, qd=DNSQR(qname='foo.ovn.org'), arcount=1, ar=[ \
+                       DNSRR(type='OPT', rclass=4096, \
+                             rdata=EDNS0ClientSubnet(source_plen=24, \
+                                                     address='10.0.0.1'))])")
+dns_reply=$(fmt_pkt "Ether(dst='00:00:00:00:00:01', src='00:00:00:00:00:02') / \
+                     IP(dst='10.0.0.1', src='10.0.0.254') / \
+                     UDP(sport=53, dport=42424,chksum=0) / \
+                     DNS(qr=1, qd=DNSQR(qname='foo.ovn.org'), \
+                         an=DNSRR(rrname='foo.ovn.org', type='A', ttl=3600, \
+                                  rdata='10.0.0.42'))")
+echo ${dns_reply} > expected
+
+as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 ${dns_req}
+OVN_CHECK_PACKETS_REMOVE_BROADCAST([hv1/vif1-tx.pcap], [expected])
+
+OVN_CLEANUP([hv1])
+AT_CLEANUP
+])
+
 OVN_FOR_EACH_NORTHD([
 AT_SETUP([4 HV, 1 LS, 1 LR, packet test with HA distributed router gateway port])
 ovn_start