[master] correct dispatch address/port check

3690.	[bug]		Iterative responses could be missed when the source
			port for an upstream query was the same as the
			listener port (53). [RT #34925]

CHANGES

@@ -1,3 +1,7 @@
+3690.	[bug]		Iterative responses could be missed when the source
+			port for an upstream query was the same as the
+			listener port (53). [RT #34925]
+
 3689.	[bug]		Fixed a bug causing an insecure delegation from one
 			static-stub zone to another to fail with a broken
 			trust chain. [RT #35081]

bin/tests/system/resolver/clean.sh

@@ -29,6 +29,6 @@ rm -f ns6/K*
 rm -f ns6/example.net.db.signed ns6/example.net.db
 rm -f ns6/dsset-example.net. ns6/example.net.db.signed.jnl
 rm -f ns6/to-be-removed.tld.db ns6/to-be-removed.tld.db.jnl
-rm -f ns7/server.db ns7/server.db.jnl
+rm -f ns7/server.db ns7/server.db.jnl ns7/named.conf
 rm -f random.data
 rm -f resolve.out

bin/tests/system/resolver/ns7/named1.conf

@@ -14,8 +14,6 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.5 2011/07/28 03:18:17 each Exp $ */
-
 // NS4
 
 controls { /* empty */ };
@@ -33,6 +31,15 @@ options {
 	disable-empty-zone 20.172.in-addr.arpa;
 };
 
+key rndc_key {
+	secret "1234abcd8765";
+	algorithm hmac-sha256;
+};
+
+controls {
+        inet 10.53.0.7 port 9953 allow { any; } keys { rndc_key; };
+};
+
 zone "." {
 	type hint;
 	file "root.hint";

bin/tests/system/resolver/ns7/named2.conf

@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2010, 2011, 2013  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+// NS4
+
+controls { /* empty */ };
+
+options {
+	query-source address 10.53.0.7 port 5300 dscp 13;
+	notify-source 10.53.0.7 dscp 14;
+	transfer-source 10.53.0.7 dscp 15;
+	port 5300;
+	pid-file "named.pid";
+	listen-on { 10.53.0.7; };
+	listen-on-v6 { none; };
+	recursion yes;
+	empty-zones-enable yes;
+	disable-empty-zone 20.172.in-addr.arpa;
+};
+
+key rndc_key {
+	secret "1234abcd8765";
+	algorithm hmac-sha256;
+};
+
+controls {
+        inet 10.53.0.7 port 9953 allow { any; } keys { rndc_key; };
+};
+
+zone "." {
+	type hint;
+	file "root.hint";
+};
+
+zone "server" {
+	type master;
+	file "server.db";
+	allow-update { any; };
+};

bin/tests/system/resolver/setup.sh

@@ -21,4 +21,5 @@
 cp ns4/tld1.db ns4/tld.db
 cp ns6/to-be-removed.tld.db.in ns6/to-be-removed.tld.db
 cp ns7/server.db.in ns7/server.db
+cp ns7/named1.conf ns7/named.conf
 (cd ns6 && sh keygen.sh)

bin/tests/system/resolver/tests.sh

@@ -395,13 +395,27 @@ done
 [ $ret = 0 ] && ret=$foo; 
 if [ $ret != 0 ]; then echo "I:failed"; status=1; fi
 
-echo "I:check for improved error message with SOA mismatch"
+n=`expr $n + 1`
+echo "I:check for improved error message with SOA mismatch ($n)"
 ret=0
 $DIG @10.53.0.1 -p 5300 www.sub.broken aaaa > dig.out.${n} || ret=1
 grep "not subdomain of zone" ns1/named.run > /dev/null || ret=1
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
-echo "I:exit status: $status"
+#HERE <<<
+cp ns7/named2.conf ns7/named.conf
+$RNDC -c ../common/rndc.conf -s 10.53.0.7 -p 9953 reconfig 2>&1 | sed 's/^/I:ns7 /'
 
+n=`expr $n + 1`
+echo "I:check resolution on the listening port ($n)"
+ret=0
+$DIG +tcp +tries=2 +time=5 mx example.net @10.53.0.7 -p 5300 > dig.ns7.out.${n} || ret=2
+grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=1
+grep "ANSWER: 1" dig.ns7.out.${n} > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
+status=`expr $status + $ret`
+#HERE >>>
+
+echo "I:exit status: $status"
 exit $status

lib/dns/dispatch.c

@@ -1397,8 +1397,8 @@ udp_recv(isc_event_t *ev_in, dns_dispatch_t *disp, dispsocket_t *dispsock) {
 		}
 
 		/*
-		 * If both dispatches are bound to an address then fail as
+		 * If each dispatch is bound to a different address
-		 * the addresses can't be equal (enforced by the IP stack).
+		 * then fail.
 		 *
 		 * Note under Linux a packet can be sent out via IPv4 socket
 		 * and the response be received via a IPv6 socket.
@@ -1413,7 +1413,8 @@ udp_recv(isc_event_t *ev_in, dns_dispatch_t *disp, dispsocket_t *dispsock) {
 		}
 		isc_sockaddr_anyofpf(&a1, isc_sockaddr_pf(&resp->disp->local));
 		isc_sockaddr_anyofpf(&a2, isc_sockaddr_pf(&disp->local));
-		if (!isc_sockaddr_eqaddr(&a1, &resp->disp->local) &&
+		if (!isc_sockaddr_eqaddr(&disp->local, &resp->disp->local) &&
+		    !isc_sockaddr_eqaddr(&a1, &resp->disp->local) &&
 		    !isc_sockaddr_eqaddr(&a2, &disp->local)) {
 			free_buffer(disp, ev->region.base, ev->region.length);
 			goto unlock;