date:20240615

Allow response with AD bit in resolver

2024-06-15 Thread Kirill A . Korinsky

Greetings,

Here a trivial patch which allows DNS responses with enabled AD bit
from used resolver.

Index: src/core/ngx_resolver.c
--- src/core/ngx_resolver.c.orig
+++ src/core/ngx_resolver.c
@@ -1774,7 +1774,7 @@ ngx_resolver_process_response(ngx_resolver_t *r, u_cha
(response->nar_hi << 8) + response->nar_lo);
 
 /* response to a standard query */
-if ((flags & 0xf870) != 0x8000 || (trunc && tcp)) {
+if ((flags & 0xf850) != 0x8000 || (trunc && tcp)) {
 ngx_log_error(r->log_level, r->log, 0,
   "invalid %s DNS response %ui fl:%04Xi",
   tcp ? "TCP" : "UDP", ident, flags);

-- 
wbr, Kirill
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx

How important is the "reuseport" flag for quic?

2024-06-15 Thread Dominic Preston

I'm using nginx 1.26.1 from the nginx.org ubuntu repo.

I find when I remove the "reuseport" flag from the "listen" directive
for my quic port, a lot page assets fail to load, and the browser
ultimately falls back to http/2.

When I re-add "reuseport", all http/3 requests succeed again.

How crucial is "reuseport" when using quic on nginx? Is it normal for
things to break badly without it?
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx

Re: Allow response with AD bit in resolver

2024-06-15 Thread Maxim Dounin

Hello!

On Sat, Jun 15, 2024 at 12:02:28PM +0100, Kirill A. Korinsky wrote:

> Greetings,
> 
> Here a trivial patch which allows DNS responses with enabled AD bit
> from used resolver.
> 
> Index: src/core/ngx_resolver.c
> --- src/core/ngx_resolver.c.orig
> +++ src/core/ngx_resolver.c
> @@ -1774,7 +1774,7 @@ ngx_resolver_process_response(ngx_resolver_t *r, u_cha
> (response->nar_hi << 8) + response->nar_lo);
>  
>  /* response to a standard query */
> -if ((flags & 0xf870) != 0x8000 || (trunc && tcp)) {
> +if ((flags & 0xf850) != 0x8000 || (trunc && tcp)) {
>  ngx_log_error(r->log_level, r->log, 0,
>"invalid %s DNS response %ui fl:%04Xi",
>tcp ? "TCP" : "UDP", ident, flags);
> 

Looks good to me, pushed with an appropriate commit log, thanks.

-- 
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx

Re: Custom HTTP protocol response?

2024-06-15 Thread J Carter

Hello,

On Thu, 13 Jun 2024 16:05:18 +0100
Kirill A. Korinsky  wrote:

> On Mon, 10 Jun 2024 09:56:05 +0100,
> Martin Kjær Jørgensen via nginx  wrote:
> > 
> > 
> > Is this possible without hacking nginx sources or manipulative intermediate
> > proxies?
> > 
> 
> As you may see in ngx_http_header_filter_module.c such string is hardcoded.
> 

Indeed. 

I'd reccomend stream njs, with it's filter phase handler, js_filter[1],
if you prefer to perform such intermediary manipulation within nginx
itself.

There is an example of performing HTTP manipulation with js_filter
here[2], albeit for injecting a custom header, but the same approach
would with the 'download' callback. 

The Stream module itself can do TLS offloading[3], now has Virtual
Servers[4], and now has direct pass to http listener feature[5] making
such hacks more workable and efficient :).

[1]https://nginx.org/en/docs/stream/ngx_stream_js_module.html#js_filter
[2]https://github.com/nginx/njs-examples/blob/master/njs/stream/inject_header.js
[3]https://nginx.org/en/docs/stream/ngx_stream_ssl_module.html 
[4]https://nginx.org/en/docs/stream/ngx_stream_core_module.html#server_name
[5]https://nginx.org/en/docs/stream/ngx_stream_pass_module.html
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx

Re: Allow response with AD bit in resolver

2024-06-15 Thread J Carter

On Sun, 16 Jun 2024 04:29:51 +0300
Maxim Dounin  wrote:

> Hello!
> 
> On Sat, Jun 15, 2024 at 12:02:28PM +0100, Kirill A. Korinsky wrote:
> 
> > Greetings,
> > 
> > Here a trivial patch which allows DNS responses with enabled AD bit
> > from used resolver.
> > 
> > Index: src/core/ngx_resolver.c
> > --- src/core/ngx_resolver.c.orig
> > +++ src/core/ngx_resolver.c
> > @@ -1774,7 +1774,7 @@ ngx_resolver_process_response(ngx_resolver_t *r, u_cha
> > (response->nar_hi << 8) + response->nar_lo);
> >  
> >  /* response to a standard query */
> > -if ((flags & 0xf870) != 0x8000 || (trunc && tcp)) {
> > +if ((flags & 0xf850) != 0x8000 || (trunc && tcp)) {
> >  ngx_log_error(r->log_level, r->log, 0,
> >"invalid %s DNS response %ui fl:%04Xi",
> >tcp ? "TCP" : "UDP", ident, flags);
> > 
> 
> Looks good to me, pushed with an appropriate commit log, thanks.
>

Sounds familiar :)

https://mailman.nginx.org/pipermail/nginx-devel/2022-May/YQ3MYP4VNQYWEJS3XYLPMU4HZUKS4PYF.html
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx

Allow response with AD bit in resolver

How important is the "reuseport" flag for quic?

Re: Allow response with AD bit in resolver

Re: Custom HTTP protocol response?

Re: Allow response with AD bit in resolver

5 matches

Site Navigation

Mail list logo

Footer information