Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 4c75195f5b5f4cc13f6b952e4d00d280f360bc05^! / .
commit4c75195f5b5f4cc13f6b952e4d00d280f360bc05[log] [tgz]
authorEmeric Brun <ebrun@haproxy.com>Mon Mar 08 16:41:29 2021 +0100
committerWilly Tarreau <w@1wt.eu>Tue Mar 09 15:44:46 2021 +0100
tree747fc012f3ebfb515b442ca6ba0478486486978b
parente89fae3a4eb6dec00743b436ce164e03d7630b1c [diff]
BUG/MEDIUM: resolvers: handle huge responses over tcp servers.

Parameter "accepted_payload_size" is currently considered regardless
the used nameserver is using TCP or UDP. It remains mandatory to annouce
such capability to support e-dns, so a value have to be announced also
in TCP. Maximum DNS message size in TCP is limited by protocol to 65535
and so for UDP (65507) if system supports such UDP messages. But
the maximum value for this option was arbitrary forced to 8192.

This patch change this maximum to 65535 to allow user to set bigger value
for UDP if its system supports. It also sets accepted_payload_size
in TCP allowing to retrieve huge responses if the configuration uses
TCP nameservers.

The request announcing the accepted_payload_size capability is currently
built at resolvers level and is common to all used nameservers of the
section regardess transport protocol used. A further patch should be
made to at least specify a different payload size depending of the
transport, and perhaps could be forced to 65535 in case of TCP and
maximum would be forced back to 65507 matching UDP max.

This patch is appliable since 2.4 version

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 383ec15..1f5d605 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt

@@ -14629,7 +14629,12 @@
   <nb> is in bytes. If not set, HAProxy announces 512. (minimal value defined
        by RFC 6891)
 
-  Note: the maximum allowed value is 8192.
+  Note: the maximum allowed value is 65535. Recommended value for UDP is
+        4096 and it is not recommended to exceed 8192 except if you are sure
+        that your system and network can handle this (over 65507 makes no sense
+        since is the maximum UDP payload size). If you are using only TCP
+        nameservers to handle huge DNS responses, you should put this value
+        to the max: 65535.
 
 nameserver <id> <ip>:<port>
   UDP DNS server description:

diff --git a/include/haproxy/resolvers-t.h b/include/haproxy/resolvers-t.h
index 4e16545..ba37370 100644
--- a/include/haproxy/resolvers-t.h
+++ b/include/haproxy/resolvers-t.h

@@ -41,7 +41,7 @@
  */
 #define DNS_MAX_LABEL_SIZE   63
 #define DNS_MAX_NAME_SIZE    255
-#define DNS_MAX_UDP_MESSAGE  8192
+#define DNS_MAX_UDP_MESSAGE  65535
 
 /* DNS minimum record size: 1 char + 1 NULL + type + class */
 #define DNS_MIN_RECORD_SIZE  (1 + 1 + 2 + 2)