Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dnsdist: Detect ECS collisions in the packet cache #6754

Merged
merged 2 commits into from Jul 9, 2018

Conversation

@rgacogne
Copy link
Member

@rgacogne rgacogne commented Jun 25, 2018

Short description

We did not detect a collision involving two queries for the same qname, qtype, qclass and flags but with different ECS values hashing to the same key.
This commit adds an option to the packet cache to parse and keep the ECS value in order to detect this kind of collisions.
It's not enabled by default because parsing the ECS value has a cost and most deployment probably don't care.

This PR is based on the branch from #6747, so will need to be rebased after this one has been merged.

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)
@rgacogne rgacogne added this to the dnsdist-1.3.x milestone Jun 25, 2018
@rgacogne rgacogne force-pushed the dnsdist-subnet-collision branch from 701030d to 713ace6 Jun 28, 2018
@rgacogne
Copy link
Member Author

@rgacogne rgacogne commented Jun 28, 2018

Rebased following the merge of #6747.

rgacogne added 2 commits Jul 4, 2018
We did not detect a collision involving two queries for the same qname,
qtype, qclass and flags but with different ECS values hashing to the same key.
This commit adds an option to the packet cache to parse and keep the ECS value
in order to detect this kind of collisions.
It's not enabled by default because parsing the ECS value has a cost.
@rgacogne rgacogne force-pushed the dnsdist-subnet-collision branch from 713ace6 to 8336411 Jul 4, 2018
@rgacogne rgacogne removed this from the dnsdist-1.3.x milestone Jul 4, 2018
@rgacogne rgacogne added this to the dnsdist-1.3.1 milestone Jul 4, 2018
Copy link
Member

@chbruyand chbruyand left a comment

LGTM.

@rgacogne rgacogne merged commit 85e857b into PowerDNS:master Jul 9, 2018
4 checks passed
@rgacogne rgacogne deleted the dnsdist-subnet-collision branch Jul 9, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants