Currently ovn ignores DNS AAAA queries that has record in the DNS tables but no ipv6 associated with this record, this will incress the DNS processing time for the custmer since they will keep waiting for reply or a timeout.
To improve the DNS processing time this patch will immediately send a DNS reply with DNS RCODE flag set to 0x5 (server refuses to perform the specified operation) and no DNS answers. Reported-at: https://issues.redhat.com/browse/FD-1211 Signed-off-by: Mohammad Heib <[email protected]> --- controller/pinctrl.c | 28 +++++++++++++++++++++++++--- tests/ovn.at | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+), 3 deletions(-) diff --git a/controller/pinctrl.c b/controller/pinctrl.c index 1884e9f1b..3212900c5 100644 --- a/controller/pinctrl.c +++ b/controller/pinctrl.c @@ -2815,6 +2815,7 @@ pinctrl_handle_dns_lookup( enum ofputil_protocol proto = ofputil_protocol_from_ofp_version(version); struct dp_packet *pkt_out_ptr = NULL; uint32_t success = 0; + bool send_aaaa_query_rejection = false; /* Parse result field. */ const struct mf_field *f; @@ -2972,6 +2973,18 @@ pinctrl_handle_dns_lookup( ancount++; } } + + /* DNS is configured with a record for this domain with + * an IPv4 only, so instead of ignoring this AAAA query, + * we can reply with RCODE = 5 (server refuses) and that + * will speed up the DNS process by not letting the customer + * wait for a timeout. + */ + if (query_type == DNS_QUERY_TYPE_AAAA && !ancount) { + ancount = 1; + send_aaaa_query_rejection = true; + } + destroy_lport_addresses(&ip_addrs); } @@ -3009,15 +3022,24 @@ pinctrl_handle_dns_lookup( out_dns_header->lo_flag |= 0x80; /* Set the answer RRs. */ - out_dns_header->ancount = htons(ancount); + if (!send_aaaa_query_rejection) { + out_dns_header->ancount = htons(ancount); + } else { + /* set RCODE = 5 (server refuses). */ + out_dns_header->ancount = 0; + out_dns_header->hi_flag |= 0x5; + ofpbuf_uninit(&dns_answer); + } out_dns_header->arcount = 0; /* Copy the Query section. */ dp_packet_put(&pkt_out, dp_packet_data(pkt_in), dp_packet_size(pkt_in)); /* Copy the answer sections. */ - dp_packet_put(&pkt_out, dns_answer.data, dns_answer.size); - ofpbuf_uninit(&dns_answer); + if (!send_aaaa_query_rejection) { + dp_packet_put(&pkt_out, dns_answer.data, dns_answer.size); + ofpbuf_uninit(&dns_answer); + } out_udp->udp_len = htons(new_l4_size); out_udp->udp_csum = 0; diff --git a/tests/ovn.at b/tests/ovn.at index c6c5f920f..7b90a991d 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -11290,6 +11290,38 @@ reset_pcap_file hv1-vif2 hv1/vif2 rm -f 1.expected rm -f 2.expected +# send AAAA query for a server known domain that don't have +# any IPV6 address associated with this domain, and expected +# server refused DNS reply to save the sender time of waiting for timeout. +AS_BOX([Test IPv6 (AAAA records) NO timeout.]) +# Add back the DNS options for ls1-lp1 without ipv6. +ovn-nbctl --wait=hv remove DNS $DNS1 records vm1.ovn.org +ovn-nbctl --wait=hv set DNS $DNS1 records:vm1.ovn.org="10.0.0.4" +ovn-sbctl list DNS > dns4 +AT_CAPTURE_FILE([dns4]) +ovn-sbctl dump-flows > sbflows4 +AT_CAPTURE_FILE([sbflows4]) + +set_dns_params vm1_ipv6_only +src_ip=`ip_to_hex 10 0 0 6` +dst_ip=`ip_to_hex 10 0 0 1` +dns_reply=1 +test_dns 2 f00000000002 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data $dns_resp_data + +# NXT_RESUMEs should be 5. +OVS_WAIT_UNTIL([test 13 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`]) + +$PYTHON "$ovs_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets +# dns hdr with server refuse RCODE +echo "01028125" > expout +#only check for the DNS HDR flags since we are not getting any DNS answer +AT_CHECK([cat 2.packets | cut -c -92 | cut -c 85-], [0], [expout]) + +reset_pcap_file hv1-vif1 hv1/vif1 +reset_pcap_file hv1-vif2 hv1/vif2 +rm -f 1.expected +rm -f 2.expected + OVN_CLEANUP([hv1]) AT_CLEANUP -- 2.34.3 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
