If rcode is SERVFAIL, there is no need to look at the packet.

This pulls the check for rcode up, before we check if the answer
packet has sensible length. Since we are not touching the packet at
all, we don't care about the size and don't need to log if the size is
wrong from a DNS perspective.

With asr error reporting improved in the previous commit, this
probably gets rid of all "bad packet: too short" messages.

OK semarie

diff --git a/sbin/unwind/resolver.c b/sbin/unwind/resolver.c
index 0682e9e..98c5f47 100644 (file)
--- a/sbin/unwind/resolver.c
+++ b/sbin/unwind/resolver.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: resolver.c,v 1.159 2023/04/18 09:57:08 florian Exp $  */
+/*     $OpenBSD: resolver.c,v 1.160 2023/04/18 09:57:51 florian Exp $  */
 
 
 /*
@@ -953,6 +953,12 @@ resolve_done(struct uw_resolver *res, void *arg, int rcode,
 
        running_res = --rq->running;
 
+       if (rcode == LDNS_RCODE_SERVFAIL) {
+               if (res->stop != 1)
+                       check_resolver(res);
+               goto servfail;
+       }
+
        if (answer_len < LDNS_HEADER_SIZE) {
                log_warnx("bad packet: too short");
                goto servfail;
@@ -965,12 +971,6 @@ resolve_done(struct uw_resolver *res, void *arg, int rcode,
        }
        answer_header->answer_len = answer_len;
 
-       if (rcode == LDNS_RCODE_SERVFAIL) {
-               if (res->stop != 1)
-                       check_resolver(res);
-               goto servfail;
-       }
-
        if ((result = calloc(1, sizeof(*result))) == NULL)
                goto servfail;
        if ((buf = sldns_buffer_new(answer_len)) == NULL)
@@ -1545,12 +1545,6 @@ check_resolver_done(struct uw_resolver *res, void *arg, int rcode,
 
        prev_state = checked_resolver->state;
 
-       if (answer_len < LDNS_HEADER_SIZE) {
-               checked_resolver->state = DEAD;
-               log_warnx("%s: bad packet: too short", __func__);
-               goto out;
-       }
-
        if (rcode == LDNS_RCODE_SERVFAIL) {
                log_debug("%s: %s rcode: SERVFAIL", __func__,
                    uw_resolver_type_str[checked_resolver->type]);
@@ -1559,6 +1553,12 @@ check_resolver_done(struct uw_resolver *res, void *arg, int rcode,
                goto out;
        }
 
+       if (answer_len < LDNS_HEADER_SIZE) {
+               checked_resolver->state = DEAD;
+               log_warnx("%s: bad packet: too short", __func__);
+               goto out;
+       }
+
        if (sec == SECURE) {
                if (dns64_present && (res->type == UW_RES_AUTOCONF ||
                    res->type == UW_RES_ODOT_AUTOCONF)) {
@@ -1902,6 +1902,11 @@ trust_anchor_resolve_done(struct uw_resolver *res, void *arg, int rcode,
        uint16_t                 dnskey_flags;
        char                     rdata_buf[1024], *ta;
 
+       if (rcode == LDNS_RCODE_SERVFAIL) {
+               log_debug("%s: rcode: SERVFAIL", __func__);
+               goto out;
+       }
+
        if (answer_len < LDNS_HEADER_SIZE) {
                log_warnx("bad packet: too short");
                goto out;