Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix high cpu usage with IPv6 recursor address. Closes #6120 #6128

Merged
merged 1 commit into from
Feb 18, 2020
Merged

Fix high cpu usage with IPv6 recursor address. Closes #6120 #6128

merged 1 commit into from
Feb 18, 2020

Conversation

42wim
Copy link
Contributor

@42wim 42wim commented Jul 12, 2019

No description provided.

@hashicorp-cla
Copy link

hashicorp-cla commented Jul 12, 2019
edited
Loading

CLA assistant check
All committers have signed the CLA.

@42wim 42wim mentioned this pull request Aug 5, 2019
Closed
banks
banks approved these changes Aug 12, 2019
View reviewed changes
Copy link
Member

@banks banks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR!

mkeeler
mkeeler requested changes Aug 12, 2019
View reviewed changes
Copy link
Member

@mkeeler mkeeler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR. While it would definitely fix the linked issue I believe there is a small hole that would allow input to be used that was not valid (such as when foo::53 is provided as the recursor address).

I made some suggestions for how to fix it. (basically just ensure that we have a plain IPv6 address when we get that particular error).

agent/dns.go Outdated
@@ -270,7 +270,7 @@ func recursorAddr(recursor string) (string, error) {
// Add the port if none
START:
_, _, err := net.SplitHostPort(recursor)
if ae, ok := err.(*net.AddrError); ok && ae.Err == "missing port in address" {
if ae, ok := err.(*net.AddrError); ok && (ae.Err == "missing port in address" || ae.Err == "too many colons in address") {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I took a quick look at the implementation of SplitHostPort and there are several other real error cases where the too many colons in address can be returned. In those cases we would not want to use the FormatAddressPort logic with the default port but rather return the error.

I think something like the following should be sufficient to only assume a non-bracketed IPv6 address when we get that error.

if ae, ok := err.(*net.AddrError); ok {
  if ae.Err == "missing port in address" {
    recursor = ipaddr.FormatAddressPort(recursor, 53)
    goto START
  } else if ae.Err == "too many colons in address" {
    if ip := net.ParseIp(recursor); ip != nil && ip.To4() == nil {
      recursor = ipaddr.FormatAddressPort(recursor, 53)
      goto START
    }
  }
}

I haven't tested that myself but basically it just ensures that in the case of the too many colons error that the address is a valid IPv6 address and we didn't get that error for any other reason.

In addition, it would be great to also add a test for foo::53 as that should return with the too many colons in address error but we should not attempt to turn it into an actual recursor.

@swills
Copy link

swills commented Sep 27, 2019

What is the status of this? I'm hitting this error too.

@hanshasselberg
Copy link
Member

@42wim This looks like something we would like to fix. Any updates on this one?

@hanshasselberg hanshasselberg self-assigned this Feb 3, 2020
@hanshasselberg hanshasselberg added the waiting-reply Waiting on response from Original Poster or another individual in the thread label Feb 3, 2020
@42wim
Copy link
Contributor Author

42wim commented Feb 9, 2020

@i0rek seems like I forgot about this issue, I'll try to fix this soon.

@ghost ghost removed the waiting-reply Waiting on response from Original Poster or another individual in the thread label Feb 9, 2020
@hanshasselberg
Copy link
Member

Thank you!

@hanshasselberg hanshasselberg added the waiting-reply Waiting on response from Original Poster or another individual in the thread label Feb 11, 2020
@42wim
Copy link
Contributor Author

42wim commented Feb 15, 2020

changes pushed

@ghost ghost removed the waiting-reply Waiting on response from Original Poster or another individual in the thread label Feb 15, 2020
hanshasselberg
hanshasselberg approved these changes Feb 18, 2020
View reviewed changes
Copy link
Member

@hanshasselberg hanshasselberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! Looks great now!

mkeeler
mkeeler approved these changes Feb 18, 2020
View reviewed changes
Copy link
Member

@mkeeler mkeeler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mkeeler mkeeler merged commit 3a2c865 into hashicorp:master Feb 18, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hanshasselberg hanshasselberg hanshasselberg approved these changes

@banks banks banks approved these changes

@mkeeler mkeeler mkeeler approved these changes

Assignees

@hanshasselberg hanshasselberg

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@42wim @hashicorp-cla @swills @hanshasselberg @banks @mkeeler