client: filter mDNS query responses by queried service name#150
Open
vleonbonnet wants to merge 1 commit intohashicorp:mainfrom
Open
client: filter mDNS query responses by queried service name#150vleonbonnet wants to merge 1 commit intohashicorp:mainfrom
vleonbonnet wants to merge 1 commit intohashicorp:mainfrom
Conversation
The query() method processes all mDNS response records without checking whether they belong to the service being queried. On networks with many mDNS-enabled devices (Chromecast, Sonos, Spotify Connect, etc.), unrelated responses pollute results, causing callers like Consul's retry_join to attempt connections to random devices. Fix: introduce a validNames map that gates processing of SRV, TXT, A, and AAAA records on whether the name was first seen in a PTR record matching the queried serviceAddr. This resolves the TODO(reddaly) at the top of the response processing loop. Fixes hashicorp#96
|
Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement Learn more about why HashiCorp requires a CLA and what the CLA includes Have you signed the CLA already but the status is still pending? Recheck it. |
1 similar comment
|
Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement Learn more about why HashiCorp requires a CLA and what the CLA includes Have you signed the CLA already but the status is still pending? Recheck it. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The
query()method inclient.goprocesses all mDNS response records without validating whether they belong to the service being queried. On networks with many mDNS-enabled devices (smart speakers, streaming devices, etc.), unrelated multicast responses arrive during the query window and are blindly added to the results.This causes callers like Consul's
retry_join(viago-discover) to receive IP addresses of random network devices instead of actual service members, breaking cluster formation.This resolves the
TODO(reddaly)comment at the top of the response processing loop.Changes
Introduce a
validNamesmap that gates processing of all record types:rr.Hdr.Namematches the queriedserviceAddr(case-insensitive). The instance name (rr.Ptr) is added tovalidNames.rr.Hdr.Nameis invalidNames. The SRV target hostname is also added tovalidNamesso subsequent A/AAAA records for it are accepted.rr.Hdr.Nameis invalidNames.Testing
Tested on a home network with ~30 mDNS-enabled devices:
Before (unpatched):
After (patched):
Fixes #96