mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-24 23:31:40 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MEDIUM: resolvers: handle huge responses over tcp servers.

Browse Source 
Parameter "accepted_payload_size" is currently considered regardless
the used nameserver is using TCP or UDP. It remains mandatory to annouce
such capability to support e-dns, so a value have to be announced also
in TCP. Maximum DNS message size in TCP is limited by protocol to 65535
and so for UDP (65507) if system supports such UDP messages. But
the maximum value for this option was arbitrary forced to 8192.

This patch change this maximum to 65535 to allow user to set bigger value
for UDP if its system supports. It also sets accepted_payload_size
in TCP allowing to retrieve huge responses if the configuration uses
TCP nameservers.

The request announcing the accepted_payload_size capability is currently
built at resolvers level and is common to all used nameservers of the
section regardess transport protocol used. A further patch should be
made to at least specify a different payload size depending of the
transport, and perhaps could be forced to 65535 in case of TCP and
maximum would be forced back to 65507 matching UDP max.

This patch is appliable since 2.4 version
This commit is contained in:
Emeric Brun 2021-03-08 16:41:29 +01:00 committed by Willy Tarreau
parent e89fae3a4e
commit 4c75195f5b
2 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
doc/configuration.txt
View File

@ -14629,7 +14629,12 @@ accepted_payload_size <nb>
<nb> is in bytes. If not set, HAProxy announces 512. (minimal value defined
by RFC 6891)
Note: the maximum allowed value is 8192.
Note: the maximum allowed value is 65535. Recommended value for UDP is
4096 and it is not recommended to exceed 8192 except if you are sure
that your system and network can handle this (over 65507 makes no sense
since is the maximum UDP payload size). If you are using only TCP
nameservers to handle huge DNS responses, you should put this value
to the max: 65535.
nameserver <id> <ip>:<port>
UDP DNS server description:

2
include/haproxy/resolvers-t.h
View File

@ -41,7 +41,7 @@ extern struct pool_head *resolv_requester_pool;
*/
#define DNS_MAX_LABEL_SIZE 63
#define DNS_MAX_NAME_SIZE 255
#define DNS_MAX_UDP_MESSAGE 8192
#define DNS_MAX_UDP_MESSAGE 65535
/* DNS minimum record size: 1 char + 1 NULL + type + class */
#define DNS_MIN_RECORD_SIZE (1 + 1 + 2 + 2)