From 2f945703f2c078db315653e6b57776e67939150e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Wed, 22 Jun 2022 13:45:46 +0200 Subject: [PATCH 1/3] Fix destination port extraction for client queries The current logic for determining the address of the socket to which a client sent its query is: 1. Get the address:port tuple from the netmgr handle using isc_nmhandle_localaddr(). 2. Convert the address:port tuple from step 1 into an isc_netaddr_t using isc_netaddr_fromsockaddr(). 3. Convert the address from step 2 back into a socket address with the port set to 0 using isc_sockaddr_fromnetaddr(). Note that the port number (readily available in the netmgr handle) is needlessly lost in the process, preventing it from being recorded in dnstap captures of client traffic produced by named. Fix by first storing the address:port tuple returned by isc_nmhandle_localaddr() in client->destsockaddr and then creating an isc_netaddr_t from that structure. This allows the port number to be retained in client->destsockaddr, which is what subsequently gets passed to dns_dt_send(). --- lib/ns/client.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/lib/ns/client.c b/lib/ns/client.c index c6b268b974..836cedc8e1 100644 --- a/lib/ns/client.c +++ b/lib/ns/client.c @@ -1706,7 +1706,6 @@ ns__client_request(isc_nmhandle_t *handle, isc_result_t eresult, bool notimp; size_t reqsize; dns_aclenv_t *env = NULL; - isc_sockaddr_t sockaddr; #ifdef HAVE_DNSTAP dns_dtmsgtype_t dtmsgtype; #endif /* ifdef HAVE_DNSTAP */ @@ -2005,10 +2004,8 @@ ns__client_request(isc_nmhandle_t *handle, isc_result_t eresult, return; } - sockaddr = isc_nmhandle_localaddr(handle); - isc_netaddr_fromsockaddr(&client->destaddr, &sockaddr); - - isc_sockaddr_fromnetaddr(&client->destsockaddr, &client->destaddr, 0); + client->destsockaddr = isc_nmhandle_localaddr(handle); + isc_netaddr_fromsockaddr(&client->destaddr, &client->destsockaddr); result = client->manager->sctx->matchingview( &netaddr, &client->destaddr, client->message, env, &sigresult, From 8d8396c3a7d598e1e74be71bdc72a9452c0d520e Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Wed, 22 Jun 2022 13:45:46 +0200 Subject: [PATCH 2/3] Check that the UDP destination port is logged via dnstap --- bin/tests/system/dnstap/tests.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/bin/tests/system/dnstap/tests.sh b/bin/tests/system/dnstap/tests.sh index 40ea0b3995..2157fd8c6a 100644 --- a/bin/tests/system/dnstap/tests.sh +++ b/bin/tests/system/dnstap/tests.sh @@ -518,6 +518,12 @@ ret=0 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` +echo_i "checking whether destination UDP port is logged for client queries" +ret=0 +$DNSTAPREAD ns3/dnstap.out.save | grep -Eq "CQ [0-9:.]+ -> 10.53.0.3:${PORT} UDP" || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + HAS_PYYAML=0 if [ -x "$PYTHON" ] ; then $PYTHON -c "import yaml" 2> /dev/null && HAS_PYYAML=1 From 58c3513fa6b53ddc0d930875a386af4244f86084 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Wed, 22 Jun 2022 13:45:46 +0200 Subject: [PATCH 3/3] Add CHANGES entry for GL #3309 --- CHANGES | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGES b/CHANGES index e6de9dcc64..b4951f7238 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +5909. [bug] The server-side destination port was missing from dnstap + captures of client traffic. [GL #3309] + 5908. [bug] Fix race conditions in route_connected(). [GL #3401] 5907. [bug] Fix a crash in dig NS search mode when one of the NS