From afd10572ecbdd1d538ed4280f705ee79423b3c07 Mon Sep 17 00:00:00 2001
Message-Id: <afd10572ecbdd1d538ed4280f705ee79423b3c07.1594300918.git.lorenzo.bianconi@redhat.com>
From: Mark Michelson <mmichels@redhat.com>
Date: Mon, 20 Apr 2020 09:25:09 -0400
Subject: [PATCH] DNS: Make DNS lookups case insensitive.

From RFC 1035 Section 2.3.3:

"For all parts of the DNS that are part of the official protocol, all
comparisons between character strings (e.g., labels, domain names, etc.)
are done in a case-insensitive manner."

OVN was using case-sensitive lookups and therefore was not complying.
This change makes lookups case insensitive by storing lowercase record
names in the southbound database and converting incoming query names to
lowercase.

Change-Id: I164898989a39c2eddac3f54396c5861ad8c18bb1
Signed-off-by: Mark Michelson <mmichels@redhat.com>
Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1819069
Reported-by: Jianlin Shi <jishi@redhat.com>
Acked-by: Numan Siddique <numans@ovn.org>
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
---
 ovn/controller/pinctrl.c |  7 ++++-
 ovn/lib/ovn-util.c       | 15 ++++++++++
 ovn/lib/ovn-util.h       |  5 ++++
 ovn/northd/ovn-northd.c  | 15 +++++++++-
 ovn/ovn-sb.xml           |  3 +-
 tests/ovn.at             | 61 +++++++++++++++++++++++++++++-----------
 6 files changed, 87 insertions(+), 19 deletions(-)

--- a/ovn/controller/pinctrl.c
+++ b/ovn/controller/pinctrl.c
@@ -1807,7 +1807,12 @@ pinctrl_handle_dns_lookup(
         struct dns_data *d = iter->data;
         for (size_t i = 0; i < d->n_dps; i++) {
             if (d->dps[i] == dp_key) {
-                answer_ips = smap_get(&d->records, ds_cstr(&query_name));
+                /* DNS records in SBDB are stored in lowercase. Convert to
+                 * lowercase to perform case insensitive lookup
+                 */
+                char *query_name_lower = str_tolower(ds_cstr(&query_name));
+                answer_ips = smap_get(&d->records, query_name_lower);
+                free(query_name_lower);
                 if (answer_ips) {
                     break;
                 }
--- a/ovn/lib/ovn-util.c
+++ b/ovn/lib/ovn-util.c
@@ -19,6 +19,7 @@
 #include "openvswitch/ofp-parse.h"
 #include "ovn/lib/ovn-nb-idl.h"
 #include "ovn/lib/ovn-sb-idl.h"
+#include <ctype.h>
 
 VLOG_DEFINE_THIS_MODULE(ovn_util);
 
@@ -411,3 +412,17 @@ datapath_is_switch(const struct sbrec_da
 {
     return smap_get(&ldp->external_ids, "logical-switch") != NULL;
 }
+
+char *
+str_tolower(const char *orig)
+{
+    char *copy = xmalloc(strlen(orig) + 1);
+    char *p = copy;
+
+    while (*orig) {
+        *p++ = tolower(*orig++);
+    }
+    *p = '\0';
+
+    return copy;
+}
--- a/ovn/lib/ovn-util.h
+++ b/ovn/lib/ovn-util.h
@@ -87,4 +87,9 @@ uint32_t ovn_logical_flow_hash(const str
                                uint16_t priority,
                                const char *match, const char *actions);
 bool datapath_is_switch(const struct sbrec_datapath_binding *);
+
+/* Returns a lowercase copy of orig.
+ * Caller must free the returned string.
+ */
+char *str_tolower(const char *orig);
 #endif
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -9767,7 +9767,20 @@ sync_dns_entries(struct northd_context *
             dns_info->sb_dns,
             (struct sbrec_datapath_binding **)dns_info->sbs,
             dns_info->n_sbs);
-        sbrec_dns_set_records(dns_info->sb_dns, &dns_info->nb_dns->records);
+
+        /* DNS lookups are case-insensitive. Convert records to lowercase so
+         * we can do consistent lookups when DNS requests arrive
+         */
+        struct smap lower_records = SMAP_INITIALIZER(&lower_records);
+        struct smap_node *node;
+        SMAP_FOR_EACH (node, &dns_info->nb_dns->records) {
+            smap_add_nocopy(&lower_records, xstrdup(node->key),
+                            str_tolower(node->value));
+        }
+
+        sbrec_dns_set_records(dns_info->sb_dns, &lower_records);
+
+        smap_destroy(&lower_records);
         free(dns_info->sbs);
         free(dns_info);
     }
--- a/ovn/ovn-sb.xml
+++ b/ovn/ovn-sb.xml
@@ -3502,7 +3502,8 @@ tcp.flags = RST;
     <column name="records">
       Key-value pair of DNS records with <code>DNS query name</code> as the key
       and a string of IP address(es) separated by comma or space as the
-      value.
+      value. ovn-northd stores the DNS query name in all lowercase in order to
+      facilitate case-insensitive lookups.
 
       <p><b>Example: </b> "vm1.ovn.org" = "10.0.0.4 aef0::4"</p>
     </column>
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -8380,6 +8380,12 @@ set_dns_params() {
         # IPv4 address - 10.0.0.4
         expected_dns_answer=${query_name}00010001${ttl}00040a000004
         ;;
+    VM1)
+        # VM1.OVN.ORG
+        query_name=03564d31034f564e034f524700
+        # IPv4 address - 10.0.0.4
+        expected_dns_answer=${query_name}00010001${ttl}00040a000004
+        ;;
     vm2)
         # vm2.ovn.org
         query_name=03766d32036f766e036f726700
@@ -8542,6 +8548,29 @@ reset_pcap_file hv1-vif2 hv1/vif2
 rm -f 1.expected
 rm -f 2.expected
 
+# Try vm1 again but an all-caps query name
+
+set_dns_params VM1
+src_ip=`ip_to_hex 10 0 0 6`
+dst_ip=`ip_to_hex 10 0 0 1`
+dns_reply=1
+test_dns 2 f00000000002 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data $dns_resp_data
+
+# NXT_RESUMEs should be 3.
+OVS_WAIT_UNTIL([test 3 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
+
+$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets
+cat 2.expected | cut -c -48 > expout
+AT_CHECK([cat 2.packets | cut -c -48], [0], [expout])
+# Skipping the IPv4 checksum.
+cat 2.expected | cut -c 53- > expout
+AT_CHECK([cat 2.packets | cut -c 53-], [0], [expout])
+
+reset_pcap_file hv1-vif1 hv1/vif1
+reset_pcap_file hv1-vif2 hv1/vif2
+rm -f 1.expected
+rm -f 2.expected
+
 # Clear the query name options for ls1-lp2
 ovn-nbctl --wait=hv remove DNS $DNS1 records vm2.ovn.org
 
@@ -8551,8 +8580,8 @@ dst_ip=`ip_to_hex 10 0 0 1`
 dns_reply=0
 test_dns 1 f00000000001 f00000000002 $src_ip $dst_ip $dns_reply $dns_req_data
 
-# NXT_RESUMEs should be 3.
-OVS_WAIT_UNTIL([test 3 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
+# NXT_RESUMEs should be 4.
+OVS_WAIT_UNTIL([test 4 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
 
 $PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap > 1.packets
 AT_CHECK([cat 1.packets], [0], [])
@@ -8573,8 +8602,8 @@ dst_ip=`ip_to_hex 10 0 0 1`
 dns_reply=0
 test_dns 2 f00000000002 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data
 
-# NXT_RESUMEs should be 3 only.
-OVS_WAIT_UNTIL([test 3 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
+# NXT_RESUMEs should be 4 only.
+OVS_WAIT_UNTIL([test 4 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
 
 $PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets
 AT_CHECK([cat 2.packets], [0], [])
@@ -8594,8 +8623,8 @@ dst_ip=`ip_to_hex 10 0 0 1`
 dns_reply=1
 test_dns 2 f00000000002 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data $dns_resp_data
 
-# NXT_RESUMEs should be 4.
-OVS_WAIT_UNTIL([test 4 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
+# NXT_RESUMEs should be 5.
+OVS_WAIT_UNTIL([test 5 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
 
 $PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets
 cat 2.expected | cut -c -48 > expout
@@ -8616,8 +8645,8 @@ dst_ip=`ip_to_hex 10 0 0 1`
 dns_reply=1
 test_dns 2 f00000000002 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data $dns_resp_data
 
-# NXT_RESUMEs should be 5.
-OVS_WAIT_UNTIL([test 5 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
+# NXT_RESUMEs should be 6.
+OVS_WAIT_UNTIL([test 6 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
 
 $PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets
 cat 2.expected | cut -c -48 > expout
@@ -8638,8 +8667,8 @@ dst_ip=`ip_to_hex 10 0 0 1`
 dns_reply=0
 test_dns 2 f00000000002 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data
 
-# NXT_RESUMEs should be 6.
-OVS_WAIT_UNTIL([test 6 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
+# NXT_RESUMEs should be 7.
+OVS_WAIT_UNTIL([test 7 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
 
 $PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets
 AT_CHECK([cat 2.packets], [0], [])
@@ -8656,8 +8685,8 @@ dst_ip=`ip_to_hex 10 0 0 1`
 dns_reply=0
 test_dns 2 f00000000002 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data
 
-# NXT_RESUMEs should be 7.
-OVS_WAIT_UNTIL([test 7 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
+# NXT_RESUMEs should be 8.
+OVS_WAIT_UNTIL([test 8 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
 
 $PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets
 AT_CHECK([cat 2.packets], [0], [])
@@ -8676,8 +8705,8 @@ dst_ip=`ip_to_hex 10 0 0 1`
 dns_reply=1
 test_dns 1 f00000000001 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data $dns_resp_data
 
-# NXT_RESUMEs should be 8.
-OVS_WAIT_UNTIL([test 8 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
+# NXT_RESUMEs should be 9.
+OVS_WAIT_UNTIL([test 9 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
 
 $PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap > 1.packets
 cat 1.expected | cut -c -48 > expout
@@ -8698,8 +8727,8 @@ dst_ip=aef00000000000000000000000000001
 dns_reply=1
 test_dns6 1 f00000000001 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data $dns_resp_data
 
-# NXT_RESUMEs should be 9.
-OVS_WAIT_UNTIL([test 9 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
+# NXT_RESUMEs should be 10
+OVS_WAIT_UNTIL([test 10 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
 
 $PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap > 1.packets
 # Skipping the UDP checksum.