- For #145: Fix that service of remaining TCP and TLS connections

does not allow new queries to be made, the connection is closed. Only existing queries and zone transfers are answered, new ones are rejected by a close of the channel.
NLnetLabs · Dec 3, 2020 · 696d35a · 696d35a
1 parent ce23089
commit 696d35a
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 8 deletions.
diff --git a/doc/ChangeLog b/doc/ChangeLog
@@ -1,3 +1,9 @@
+3 December 2020: Wouter
+	- For #145: Fix that service of remaining TCP and TLS connections
+	  does not allow new queries to be made, the connection is closed.
+	  Only existing queries and zone transfers are answered, new ones
+	  are rejected by a close of the channel.
+
 30 November 2020: Wouter
 	- Fix #144: fix better.
 

diff --git a/doc/RELNOTES b/doc/RELNOTES
@@ -6,6 +6,10 @@ FEATURES:
 BUG FIXES:
 	- Fix #143: xfrd no hysteresis with NOT IMPLEMENTED rcode.
 	- Fix #144: Typo fix in nsd.conf.5.in.
+	- For #145: Fix that service of remaining TCP and TLS connections
+	  does not allow new queries to be made, the connection is closed.
+	  Only existing queries and zone transfers are answered, new ones
+	  are rejected by a close of the channel.
 
 
 4.3.4

diff --git a/server.c b/server.c
@@ -209,6 +209,11 @@ struct tcp_handler_data
 	 * The timeout in msec for this tcp connection
 	 */
 	int	tcp_timeout;
+
+	/*
+	 * If the connection is allowed to have further queries on it.
+	 */
+	int tcp_no_more_queries;
 #ifdef HAVE_SSL
 	/*
 	 * TLS object.
@@ -3096,6 +3101,7 @@ service_remaining_tcp(struct nsd* nsd)
 		}
 #endif
 
+		p->tcp_no_more_queries = 1;
 		/* set timeout to 1/10 second */
 		if(p->tcp_timeout > 100)
 			p->tcp_timeout = 100;
@@ -3487,8 +3493,9 @@ handle_tcp_reading(int fd, short event, void* arg)
 		return;
 	}
 
-	if (data->nsd->tcp_query_count > 0 &&
-		data->query_count >= data->nsd->tcp_query_count) {
+	if ((data->nsd->tcp_query_count > 0 &&
+		data->query_count >= data->nsd->tcp_query_count) ||
+		data->tcp_no_more_queries) {
 		/* No more queries allowed on this tcp connection. */
 		cleanup_tcp_handler(data);
 		return;
@@ -3840,8 +3847,9 @@ handle_tcp_writing(int fd, short event, void* arg)
 	 * Done sending, wait for the next request to arrive on the
 	 * TCP socket by installing the TCP read handler.
 	 */
-	if (data->nsd->tcp_query_count > 0 &&
-		data->query_count >= data->nsd->tcp_query_count) {
+	if ((data->nsd->tcp_query_count > 0 &&
+		data->query_count >= data->nsd->tcp_query_count) ||
+		data->tcp_no_more_queries) {
 
 		(void) shutdown(fd, SHUT_WR);
 	}
@@ -3965,8 +3973,9 @@ handle_tls_reading(int fd, short event, void* arg)
 		return;
 	}
 
-	if (data->nsd->tcp_query_count > 0 &&
-	    data->query_count >= data->nsd->tcp_query_count) {
+	if ((data->nsd->tcp_query_count > 0 &&
+	    data->query_count >= data->nsd->tcp_query_count) ||
+	    data->tcp_no_more_queries) {
 		/* No more queries allowed on this tcp connection. */
 		cleanup_tcp_handler(data);
 		return;
@@ -4280,8 +4289,9 @@ handle_tls_writing(int fd, short event, void* arg)
 	 * Done sending, wait for the next request to arrive on the
 	 * TCP socket by installing the TCP read handler.
 	 */
-	if (data->nsd->tcp_query_count > 0 &&
-		data->query_count >= data->nsd->tcp_query_count) {
+	if ((data->nsd->tcp_query_count > 0 &&
+		data->query_count >= data->nsd->tcp_query_count) ||
+		data->tcp_no_more_queries) {
 
 		(void) shutdown(fd, SHUT_WR);
 	}
@@ -4426,6 +4436,7 @@ handle_tcp_accept(int fd, short event, void* arg)
 	memcpy(&tcp_data->query->addr, &addr, addrlen);
 	tcp_data->query->addrlen = addrlen;
 
+	tcp_data->tcp_no_more_queries = 0;
 	tcp_data->tcp_timeout = data->nsd->tcp_timeout * 1000;
 	if (data->nsd->current_tcp_count > data->nsd->maximum_tcp_count/2) {
 		/* very busy, give smaller timeout */