MCPcopy
hub / github.com/AdguardTeam/dnsproxy / validQUICMsg

Function validQUICMsg

proxy/serverquic.go:429–473  ·  view source on GitHub ↗

validQUICMsg validates the incoming DNS message and returns false if something is wrong with the message.

(req *dns.Msg, l *slog.Logger)

Source from the content-addressed store, hash-verified

427// validQUICMsg validates the incoming DNS message and returns false if
428// something is wrong with the message.
429func validQUICMsg(req *dns.Msg, l *slog.Logger) (ok bool) {
430 // See https://www.rfc-editor.org/rfc/rfc9250.html#name-protocol-errors
431
432 // 1. a client or server receives a message with a non-zero Message ID.
433 //
434 // We do consciously not validate this case since there are stub proxies
435 // that are sending a non-zero Message IDs.
436
437 // 2. a client or server receives a STREAM FIN before receiving all the
438 // bytes for a message indicated in the 2-octet length field.
439 // 3. a server receives more than one query on a stream
440 //
441 // These cases are covered earlier when unpacking the DNS message.
442
443 // 4. the client or server does not indicate the expected STREAM FIN after
444 // sending requests or responses (see Section 4.2).
445 //
446 // This is quite problematic to validate this case since this would imply
447 // we have to wait until STREAM FIN is arrived before we start processing
448 // the message. So we're consciously ignoring this case in this
449 // implementation.
450
451 // 5. an implementation receives a message containing the edns-tcp-keepalive
452 // EDNS(0) Option [RFC7828] (see Section 5.5.2).
453 if opt := req.IsEdns0(); opt != nil {
454 for _, option := range opt.Option {
455 // Check for EDNS TCP keepalive option
456 if option.Option() == dns.EDNS0TCPKEEPALIVE {
457 l.Debug("client sent edns0 tcp keepalive option")
458
459 return false
460 }
461 }
462 }
463
464 // 6. a client or a server attempts to open a unidirectional QUIC stream.
465 //
466 // This case can only be handled when writing a response.
467
468 // 7. a server receives a "replayable" transaction in 0-RTT data
469 //
470 // The information necessary to validate this is not exposed by quic-go.
471
472 return true
473}
474
475// logShortQUICRead is a logging helper for short reads from a QUIC stream.
476func logShortQUICRead(ctx context.Context, err error, l *slog.Logger) {

Callers 1

handleQUICStreamMethod · 0.85

Calls

no outgoing calls

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…