Follow @Openwall on Twitter for new release announcements and other news
[<prev] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <lhu7bxz4f5u.fsf@oldenburg.str.redhat.com>
Date: Mon, 15 Sep 2025 22:46:53 +0200
From: Florian Weimer <fweimer@...hat.com>
To: Gal Luspam <galluspam@...il.com>
Cc: musl@...ts.openwall.com
Subject: Re: getnameinfo waits timeout with no DNS configured

* Gal Luspam:

> I noticed that on a system without dns configuration, a call to
> getnameinfo() will return only after timeout, even if dns queries sent
> to 127.0.0.1:53 have a prompt "icmp port unreachable" reply.
> This leads for example to the issue of slow output of some iptables
> commands (see https://devnonsense.com/posts/slow-iptables-reverse-dns/
> ). This issue is not showing on systems with glibc.
> Is this behaviour by design? Any hints?

I suspect it's because the IP_RECVERR and IPV6_RECVERR socket options
are not set.  Linux requires setting these socket options before
reporting ICMP errors on connected UDP sockets.

As far as I understand it, the kernel-reported errors cover only cases
where the original UDP packet was sent, but did not make it to the
destination, so it does not make sense to wait for the timeout if these
kinds of ICMP errors are received.

Thanks,
Florian

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.