Maintained by: NLnet Labs

[Unbound-users] Question and Potential Bug

W.C.A. Wijngaards
Wed Jun 29 08:09:57 CEST 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Rob,

On 06/28/2011 09:27 PM, Robert Fleischman wrote:
> Folks,
> 
> I noticed that "mesh_new_client" will drop incoming queries if you
> have more that "16" times "mesh->max_reply_states" (which is set to
> the number of queries per thread).
> 
> Question:  Why 16?  What is the logic here?  Shouldn't this be based
> on memory and not a multiple of "number of queries per thread"?

It is to protect the memory from being flooded with reply addrs.  Every
query that gets serviced needs to be able to have one or more reply
addrs, otherwise it is quite useless.  So that is why it is based on the
number of queries per thread.  And then some maximum above it.  I have
not seen reports of the limit getting hit, perhaps in IPv6 if DoSed with
random source IPs.

> Potential Bug: In "mesh_state_cleanup", I noticed that
> "comm_point_drop_reply" is called to remove unset replies, HOWEVER, it
> does not appear that either "stats_dropped" is incremented or more
> importantly "num_reply_addrs" is not decremented.    Doesn't this lack
> of a decrement potentially cause the "16 times" limit go into effect and
> prematurely drop queries?

The num_reply_addrs is decremented when a reply is sent (which can be an
error if the mesh state is removed because of an error).  The
mesh_state_cleanup indeed does not cleanup the num_reply_addrs value
correctly, but this routine is only called from the mesh_state_delete
function.  Thus it does not present a bug.

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJOCsG0AAoJEJ9vHC1+BF+Nx08P/R6G5KNvkn3PgPoTZbCT3xRP
fX76ag8v7tZc3FPWPPQY74QGwdKFQVGokOzJeylSr7dVbyiUBqt9SxFub3wmyyuU
qDxIbSldIC9yw/oaCxK19532/31W9lIZlMXpYq4yILNNDD8RjqJsocbmPvu5n33N
RemBO/jtCurl4xfEnlFxva/ZgRAHL+FYDwcBNZAuZQmL+kTBMzZn1hOnk1oKJsO2
U1sjQuOKSUvRo8oxa7UmPEPhBbZyzk/gyr8fWU8uWf2tu+T9PzB8Of8TZSX1acdJ
D37fKEZZrPf3WWAQa3eOeGXh0v5A1u/KFS7iK04e3PX8I9MirRXIgAtvvhva3lPr
ksCGcFoqVBI8GmJj14YAZIPm6RFZE8zv94O85QmQvJfig0rwFrnrjoA/nm993Wr3
LKwyxUaeSfqbdHq6FF6Tgs4nLrza9gPuqVTjNEGqBXUERg7HACl3boRZ3yP+5NLG
n3KJ9AzGD88SHChpCRe0GT6161XgZQ+1FLmh58PIrpWexYX6z2ipVMVX2vhyiIHU
1CBSjak3YvrLASo5QXots/Hx3ixcv69JsLKY3gHGEzt9o7H6M5MbJwQ/+cZUv4Ni
eUbPpW3ekz4WupSHEXiHxKg7C/kfoWk2+rC68j3w9lQ0qFeTXnl5OvJu3tR0jsFG
ze6vHnhnOCoaDwUtcGNN
=BheD
-----END PGP SIGNATURE-----