Path applied to mainline.
Simon. On 29/06/2021 14:48, Etan Kissling wrote: > This fixes a problem with ipset processing that got recently introduced > when `extract_request` filtering was tightened. During the recent change > an incorrect assumption was made that `extract_request` was only called > for requests but with ipset it is also called when processing responses. > > The fix ensures that the new filters only apply to requests (QR=0 @ hdr) > > Signed-off-by: Etan Kissling <etan.kissl...@gmail.com> > --- > src/rfc1035.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/src/rfc1035.c b/src/rfc1035.c > index a163919..9f4504e 100644 > --- a/src/rfc1035.c > +++ b/src/rfc1035.c > @@ -982,10 +982,12 @@ unsigned int extract_request(struct dns_header *header, > size_t qlen, char *name, > > *name = 0; /* return empty name if no query found. */ > > - if (ntohs(header->qdcount) != 1 || OPCODE(header) != QUERY || > - ntohs(header->ancount) != 0 || ntohs(header->nscount) != 0) > + if (ntohs(header->qdcount) != 1 || OPCODE(header) != QUERY) > return 0; /* must be exactly one query. */ > > + if (!(header->hb3 & HB3_QR) && (ntohs(header->ancount) != 0 || > ntohs(header->nscount) != 0)) > + return 0; /* non-standard query. */ > + > if (!extract_name(header, qlen, &p, name, 1, 4)) > return 0; /* bad packet */ > > _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
