From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from gandalf.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id C69285A026D
	for <passt-dev@passt.top>; Thu, 21 Sep 2023 02:01:45 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=201602; t=1695254499;
	bh=Ix0xWoQLEQEpn5rKMG0del9pr2MgFQttgRADOkTygA0=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=l+/z258DJODvTTLRJ36CdEXRVVrbgPSsgufDkxPjEqQHqmPyqfkjoFKjMd2ujm0PI
	 nPINnlDq+uomKUOgP/1J3i8WiTeMiHhXtX8+CcKJOtMkmktgmbbaaDMqf0L74r0erl
	 eZw6XJFrUnpi02HeoI4NfPVTKlBELRRx/+yXslw8=
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4RrbD35JWCz4x5m; Thu, 21 Sep 2023 10:01:39 +1000 (AEST)
Date: Thu, 21 Sep 2023 09:55:11 +1000
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Subject: Re: [PATCH] dhcpv6: Properly separate domain names in search list
Message-ID: <ZQuGXyV5pR3WnYS3@zatzit>
References: <20230920150506.3341961-1-sbrivio@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="Dy0sQAqk1C4pX8t2"
Content-Disposition: inline
In-Reply-To: <20230920150506.3341961-1-sbrivio@redhat.com>
Message-ID-Hash: Q63QKYOZX6TQP7T4LNPK7XZQUTNTOL3U
X-Message-ID-Hash: Q63QKYOZX6TQP7T4LNPK7XZQUTNTOL3U
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top, Sebastian Mitterle <smitterl@redhat.com>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/ZQuGXyV5pR3WnYS3@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/Q63QKYOZX6TQP7T4LNPK7XZQUTNTOL3U/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--Dy0sQAqk1C4pX8t2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Sep 20, 2023 at 05:05:06PM +0200, Stefano Brivio wrote:
> If we go over the flattened list of search domains and just replace
> dots and zero bytes with the length of the next label to implement
> the encoding specified by section 3.1 of RFC 1035, if there are
> multiple domains in the search list, we'll also replace separators
> between two domain names with the length of the first label of the
> second domain, plus one.

That is... an impressively long sentence.  Any chance you could reword
that in shorter ones that are easier to follow ;).

> Those should remain as zero bytes to
> separate domains, though.
>=20
> To distinguish between label separators and domain names separators,
> for simplicity, introduce a dot before the first label of every
> domain we copy to form the list. All dots are then replaced by label
> lengths, and separators (zero bytes) remain as they are.
>=20
> As we do this, we need to make sure we don't replace the trailing
> dot, if present: that's already a separator. Skip copying it, and
> just add separators as needed.
>=20
> Now that we don't copy those, though, we might end up with
> zero-length domains: skip them, as they're meaningless anyway.
>=20
> And as we might skip domains, we can't use the index 'i' to check if
> we're at the beginning of the option -- use 'srch' instead.
>=20
> This is very similar to how we prepare the list for NDP option 31,
> except that we don't need padding (RFC 8106, 5.2) here, and we should
> refactor this into common functions, but it probably makes sense to
> rework the NDP responder (https://bugs.passt.top/show_bug.cgi?id=3D21)
> first.
>=20
> Reported-by: Sebastian Mitterle <smitterl@redhat.com>
> Link: https://bugs.passt.top/show_bug.cgi?id=3D75
> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
> ---
>  dhcpv6.c | 24 +++++++++++++++++-------
>  1 file changed, 17 insertions(+), 7 deletions(-)
>=20
> diff --git a/dhcpv6.c b/dhcpv6.c
> index fc42a84..58171bb 100644
> --- a/dhcpv6.c
> +++ b/dhcpv6.c
> @@ -376,24 +376,34 @@ search:
>  		return offset;
> =20
>  	for (i =3D 0; *c->dns_search[i].n; i++) {
> -		if (!i) {
> +		size_t name_len =3D strlen(c->dns_search[i].n);
> +
> +		/* We already append separators, don't duplicate if present */
> +		if (c->dns_search[i].n[name_len - 1] =3D=3D '.')
> +			name_len--;
> +
> +		/* Skip root-only search domains */
> +		if (!name_len)
> +			continue;

Should we consider doing this normalisation when we build
c->dns_search, rather than here?

> +		if (!srch) {
>  			srch =3D (struct opt_dns_search *)(buf + offset);
>  			offset +=3D sizeof(struct opt_hdr);
>  			srch->hdr.t =3D OPT_DNS_SEARCH;
>  			srch->hdr.l =3D 0;
>  			p =3D srch->list;
> -			*p =3D 0;
>  		}
> =20
> -		p =3D stpcpy(p + 1, c->dns_search[i].n);
> -		*(p++) =3D 0;
> -		srch->hdr.l +=3D strlen(c->dns_search[i].n) + 2;
> -		offset +=3D strlen(c->dns_search[i].n) + 2;
> +		*p =3D '.';
> +		p =3D stpncpy(p + 1, c->dns_search[i].n, name_len);
> +		p++;
> +		srch->hdr.l +=3D name_len + 2;
> +		offset +=3D name_len + 2;
>  	}
> =20
>  	if (srch) {
>  		for (i =3D 0; i < srch->hdr.l; i++) {
> -			if (srch->list[i] =3D=3D '.' || !srch->list[i]) {
> +			if (srch->list[i] =3D=3D '.') {
>  				srch->list[i] =3D strcspn(srch->list + i + 1,
>  							".");
>  			}

--=20
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

--Dy0sQAqk1C4pX8t2
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmULhkgACgkQzQJF27ox
2GfWDg//Wb9ZukDewjylIaHEmMhzOJuyyeGexrJgVE5HxptBt5DL/YTQTgvEt8R9
idORbN6qAofqo0N3gxcRLInmRrp1L+zL4thHqN1wlsp9P9xjPSieCiLeBcK/VY3L
T9WFlG1y7t5kTJX0IS2G5ISB7QbaySqR5t0SUPOblU3nIxe+FhCDqXuzDlYBBQg6
3V6Bjs/u554BXJJvIOtomueX9whvNkcYq+GFVD9i8FTM4yst0W1zlmX/EQ8XYc8e
omsqqQ8wH1cpKiDzmphIK0+WKgNRLza2fhRn1Jjz+B/FcNA66I34L6K8kfSTqcDl
sRzUM9aK5QDXhwSZ++Aj8Eqkd8f6G1GpAYOvlFrSpENruWmb8YIu6dw/KubRGNn2
rp/1+9OHPsdkP5qUdw/dFNIqqH+AmhHCRyNR8llWqUmssGp+OFbBemEs4GUHd2bN
n9l2t9S0/air2X2myFiiGrurKyIIFyMn2Gkn0E5pikPQ1T511cSVCGTesT3pB30P
04kCDmhGDIjjDrMzPgNL3/QxjJNKxFOwBlmkPO1OnwAftJOiO/ACxpyc1sBfvvtL
sJuYcU1P65M2NCQ1JRpVZFbUDyYq4knUh6ZOCHKbpjmqSBrWyV1V6HExbefvfg1u
6PSBAi2nmK8IjYdSnphLMf4C5OiTppEZEPG26bVuHMx/lGBRcss=
=aaBW
-----END PGP SIGNATURE-----

--Dy0sQAqk1C4pX8t2--