commit b8a0d2cf9ff8796123b3c167c051f78ab03cc4cf
author Dave Barach <dave@barachs.net> Wed Nov 15 13:28:15 2017 -0500
committer Dave Barach <dave@barachs.net> Wed Nov 15 13:28:43 2017 -0500
tree 69226e5206458c9c12e83fae1abd4bd34e0d04ff
parent 5665a22f81dd48c6d211a9a2be83d174c62d73cf

Punt DNS request/reply traffic when name resolution disabled

Change-Id: Iaad22f25993783be57247aa1f050740f96d2566a
Signed-off-by: Dave Barach <dave@barachs.net>

src/vnet/dns/reply_node.c

diff --git a/src/vnet/dns/reply_node.c b/src/vnet/dns/reply_node.c
index fbb99e8..5681e11 100644
--- a/src/vnet/dns/reply_node.c
+++ b/src/vnet/dns/reply_node.c
@@ -50,6 +50,7 @@
 typedef enum
 {
   DNS46_REPLY_NEXT_DROP,
+  DNS46_REPLY_NEXT_PUNT,
   DNS46_REPLY_N_NEXT,
 } dns46_reply_next_t;
 
@@ -59,6 +60,7 @@
 {
   u32 n_left_from, *from, *to_next;
   dns46_reply_next_t next_index;
+  dns_main_t *dm = &dns_main;
 
   from = vlib_frame_vector_args (frame);
   n_left_from = frame->n_vectors;
@@ -139,8 +141,8 @@
 	  vlib_buffer_t *b0;
 	  u32 next0 = DNS46_REPLY_NEXT_DROP;
 	  dns_header_t *d0;
-	  u32 pool_index0;
-	  u32 error0;
+	  u32 pool_index0 = ~0;
+	  u32 error0 = 0;
 	  u8 *resp0 = 0;
 
 	  /* speculatively enqueue b0 to the current next frame */
@@ -149,11 +151,16 @@
 	  from += 1;
 	  to_next += 1;
 	  n_left_from -= 1;
-
 	  n_left_to_next -= 1;
 
 	  b0 = vlib_get_buffer (vm, bi0);
 	  d0 = vlib_buffer_get_current (b0);
+	  if (PREDICT_FALSE (dm->is_enabled == 0))
+	    {
+	      next0 = DNS46_REPLY_NEXT_PUNT;
+	      error0 = DNS46_REPLY_ERROR_DISABLED;
+	      goto done0;
+	    }
 
 	  pool_index0 = clib_host_to_net_u16 (d0->id);
 
@@ -169,6 +176,7 @@
 					(uword) resp0);
 	  error0 = DNS46_REPLY_ERROR_PROCESSED;
 
+	done0:
 	  b0->error = node->errors[error0];
 
 	  if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
@@ -205,6 +213,7 @@
   .n_next_nodes = DNS46_REPLY_N_NEXT,
   .next_nodes = {
     [DNS46_REPLY_NEXT_DROP] = "error-drop",
+    [DNS46_REPLY_NEXT_PUNT] = "error-punt",
   },
 };
 /* *INDENT-ON* */