plugin/forward: Continue waiting after receiving malformed responses (c…

…oredns#6014) * forward: continue waiting after malformed responses Signed-off-by: Chris O'Haver <[email protected]> * add test Signed-off-by: Chris O'Haver <[email protected]> * fix test Signed-off-by: Chris O'Haver <[email protected]> * clean up Signed-off-by: Chris O'Haver <[email protected]> * clean up Signed-off-by: Chris O'Haver <[email protected]> * move test to /test/. Add build tag. Signed-off-by: Chris O'Haver <[email protected]> * install libpcap-dev for e2e tests Signed-off-by: Chris O'Haver <[email protected]> * sudo the test Signed-off-by: Chris O'Haver <[email protected]> * remove stray err check Signed-off-by: Chris O'Haver <[email protected]> * disable the test Signed-off-by: Chris O'Haver <[email protected]> * use -exec flag to run test binary as root Signed-off-by: Chris O'Haver <[email protected]> * run new test by itself in a new workflow Signed-off-by: Chris O'Haver <[email protected]> * fix test name Signed-off-by: Chris O'Haver <[email protected]> * only for udp Signed-off-by: Chris O'Haver <[email protected]> * remove libpcap test workflow action Signed-off-by: Chris O'Haver <[email protected]> * remove test, since it cant run in ci Signed-off-by: Chris O'Haver <[email protected]> * and remove gopacket package Signed-off-by: Chris O'Haver <[email protected]> --------- Signed-off-by: Chris O'Haver <[email protected]>
gcs278 · Apr 29, 2023 · 604a902 · 604a902
1 parent 1b95a60
commit 604a902
Showing 1 changed file with 12 additions and 2 deletions.
diff --git a/plugin/pkg/proxy/connect.go b/plugin/pkg/proxy/connect.go
@@ -7,6 +7,7 @@ package proxy
 import (
 	"context"
 	"io"
+	"net"
 	"strconv"
 	"sync/atomic"
 	"time"
@@ -117,11 +118,20 @@ func (p *Proxy) Connect(ctx context.Context, state request.Request, opts Options
 	for {
 		ret, err = pc.c.ReadMsg()
 		if err != nil {
-			pc.c.Close() // not giving it back
+			// For UDP, if the error is not a network error keep waiting for a valid response to prevent malformed
+			// spoofs from blocking the upstream response.
+			// In the case this is a legitimate malformed response from the upstream, this will result in a timeout.
+			if proto == "udp" {
+				if _, ok := err.(net.Error); !ok {
+					continue
+				}
+			}
+			pc.c.Close() // connection closed by peer, close the persistent connection
 			if err == io.EOF && cached {
 				return nil, ErrCachedClosed
 			}
-			// recovery the origin Id after upstream.
+
+			// recover the origin Id after upstream.
 			if ret != nil {
 				ret.Id = originId
 			}