This repository has been archived by the owner on Jan 25, 2024. It is now read-only.
Getaddrinfo: always retrieve the canonical name #10
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
picnoir
commented
Oct 26, 2023
src/handlers.rs
Outdated
| let ai_resp: AiResponse = match resp { | ||
| Ok(ai_resp_iter) => { | ||
| let addrs: HashSet<IpAddr> = ai_resp_iter | ||
| let name_and_addrs: Vec<(Option<String>, IpAddr)> = ai_resp_iter |
There was a problem hiding this comment.
Not too proud of this part. Can you think of a more rust-idiomatic way to retrieve the addrs and the canonical name in one go?
As a reminder, the canonical name is stored in the first Airesponse struct.
There was a problem hiding this comment.
I'd write this block like this:
let ai_resp: AiResponse = match resp {
Ok(ai_resp_iter) => {
// filter out bad responses.
let mut ai_resp_iter = ai_resp_iter.filter_map(|e| e.ok()).peekable();
// According to man 3 getaddrinfo, the resulting
// canonical name should be stored in the first
// addrinfo struct.
// Re-using the request hostname if we don't get a
// canonical name.
let canon_name = ai_resp_iter
.peek()
.and_then(|e| e.canonname.to_owned())
.unwrap_or(hostname.to_string());
let addrs = ai_resp_iter
.map(|e| e.sockaddr.ip())
.collect::<Vec<_>>();
AiResponse {
canon_name,
addrs,
}
}
Err(_) => ai_resp_empty,
};There was a problem hiding this comment.
Nice! Peek is exactly what I was looking for! <3
|
With this PR, |
Nscd always sets the AI_CANONNAME flag for a getaddrinfo request. When this flag is on, the canonical name (~ FQDN) for the requested address is retrieved. We found this issue through the nixosTests.hostname.explicitDomain NixOS VM test. It went unnoticed in the wild probably because the nscd client tend to fill canonical name in the request itself once it retrieved it once. While investigating this issue, I realized that setting the SOCK_STREAM flag gets rid of the duplicate addrs. Meaning that we do not need to filter them ourselves with a HashSet anymore.
picnoir
force-pushed
the
nin/fix-getai-canonname
branch
from
efa95f6 to
aa1ba01
Compare
flokli
approved these changes
Oct 26, 2023
picnoir
added a commit
to picnoir/nixpkgs
that referenced
this pull request
Oct 26, 2023
Note: we decided to rewrite the history of the fork who somehow got out of hand. Feature-wise, this version bump fixes the various host faulty behaviour. See the nix-community/nsncd#9 and nix-community/nsncd#10 PRs for more details. We're in the process of upstreaming this change to twosigma/nsncd, however, upstream has been pretty slow to review our PRs so far. Since the hostname bug surfaces quite regularly in the Nixpkgs issue tracker, we decided to use the nix-community fork as canon for Nixpkgs for now. Fixes: NixOS#132646 Fixes: NixOS#261269
13 tasks
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Nscd always sets the AI_CANONNAME flag for a getaddrinfo request. When this flag is on, the canonical name (~ FQDN) for the requested address is retrieved.
We found this issue through the nixosTests.hostname.explicitDomain NixOS VM test. It went unnoticed in the wild probably because the nscd client tend to fill canonical name in the request itself once it retrieved it once.
While investigating this issue, I realized that setting the SOCK_STREAM flag gets rid of the duplicate addrs. Meaning that we do not need to filter them ourselves with a HashSet anymore.