SSH login takes very long time...sometimes

Hajimu UMEMOTO ume at freebsd.org
Wed Feb 22 09:11:11 PST 2006 

Hi,

>>>>> On Wed, 22 Feb 2006 02:44:30 +0200
>>>>> Rostislav Krasny <rosti.bsd at gmail.com> said:

rosti> On Tue, 21 Feb 2006 19:59:59 +0300
rosti> Yar Tikhiy <yar at comp.chem.msu.su> wrote:

rosti> I forgot that a "search" resolver(5) parameter is useless for reverse
rosti> resolving. But that "doubling" of name->IP requests with an empty (or
rosti> root, according to resolver(5)) domain in the "search" is still a bug,
rosti> IMHO. Although it shouldn't affect the sshd.

I looked BIND9's resolver, and took the related part into our
resolver.  However, it seems to me that there is still same issue in
BIND9's resolver.  So, I change more bit.  Please try the following
patch and let me know the result:

Index: lib/libc/net/getaddrinfo.c
diff -u -p lib/libc/net/getaddrinfo.c.orig lib/libc/net/getaddrinfo.c
--- lib/libc/net/getaddrinfo.c.orig	Sat Jul 23 03:21:28 2005
+++ lib/libc/net/getaddrinfo.c	Thu Feb 23 01:43:49 2006
@@ -2405,7 +2405,9 @@ res_searchN(name, target)
 	HEADER *hp = (HEADER *)(void *)target->answer;	/*XXX*/
 	u_int dots;
 	int trailing_dot, ret, saved_herrno;
-	int got_nodata = 0, got_servfail = 0, tried_as_is = 0;
+	int got_nodata = 0, got_servfail = 0, root_on_list = 0;
+	int tried_as_is = 0;
+	int searched = 0;
 	char abuf[MAXDNAME];
 
 	if ((_res.options & RES_INIT) == 0 && res_init() == -1) {
@@ -2429,13 +2431,14 @@ res_searchN(name, target)
 		return (res_queryN(cp, target));
 
 	/*
-	 * If there are dots in the name already, let's just give it a try
-	 * 'as is'.  The threshold can be set with the "ndots" option.
+	 * If there are enough dots in the name, let's just give it a
+	 * try 'as is'. The threshold can be set with the "ndots" option.
+	 * Also, query 'as is', if there is a trailing dot in the name.
 	 */
 	saved_herrno = -1;
-	if (dots >= _res.ndots) {
+	if (dots >= _res.ndots || trailing_dot) {
 		ret = res_querydomainN(name, NULL, target);
-		if (ret > 0)
+		if (ret > 0 || trailing_dot)
 			return (ret);
 		saved_herrno = h_errno;
 		tried_as_is++;
@@ -2454,6 +2457,14 @@ res_searchN(name, target)
 		for (domain = (const char * const *)_res.dnsrch;
 		   *domain && !done;
 		   domain++) {
+			searched = 1;
+
+			if (domain[0][0] == '\0' ||
+			    (domain[0][0] == '.' && domain[0][1] == '\0'))
+				root_on_list++;
+
+			if (root_on_list && tried_as_is)
+				continue;
 
 			ret = res_querydomainN(name, *domain, target);
 			if (ret > 0)
@@ -2505,11 +2516,11 @@ res_searchN(name, target)
 	}
 
 	/*
-	 * if we have not already tried the name "as is", do that now.
-	 * note that we do this regardless of how many dots were in the
-	 * name or whether it ends with a dot.
+	 * If the query has not already been tried as is then try it
+	 * unless RES_NOTLDQUERY is set and there were no dots.
 	 */
-	if (!tried_as_is && (dots || !(_res.options & RES_NOTLDQUERY))) {
+	if ((dots || !searched || !(_res.options & RES_NOTLDQUERY)) &&
+	    !(tried_as_is || root_on_list)) {
 		ret = res_querydomainN(name, NULL, target);
 		if (ret > 0)
 			return (ret);
Index: lib/libc/net/res_query.c
diff -u -p lib/libc/net/res_query.c.orig lib/libc/net/res_query.c
--- lib/libc/net/res_query.c.orig	Fri Apr 15 23:42:29 2005
+++ lib/libc/net/res_query.c	Thu Feb 23 01:43:49 2006
@@ -198,7 +198,9 @@ res_search(name, class, type, answer, an
 	char tmp[MAXDNAME];
 	u_int dots;
 	int trailing_dot, ret, saved_herrno;
-	int got_nodata = 0, got_servfail = 0, tried_as_is = 0;
+	int got_nodata = 0, got_servfail = 0, root_on_list = 0;
+	int tried_as_is = 0;
+	int searched = 0;
 
 	if ((_res.options & RES_INIT) == 0 && res_init() == -1) {
 		h_errno = NETDB_INTERNAL;
@@ -218,13 +220,14 @@ res_search(name, class, type, answer, an
 		return (res_query(cp, class, type, answer, anslen));
 
 	/*
-	 * If there are dots in the name already, let's just give it a try
-	 * 'as is'.  The threshold can be set with the "ndots" option.
+	 * If there are enough dots in the name, let's just give it a
+	 * try 'as is'. The threshold can be set with the "ndots" option.
+	 * Also, query 'as is', if there is a trailing dot in the name.
 	 */
 	saved_herrno = -1;
-	if (dots >= _res.ndots) {
+	if (dots >= _res.ndots || trailing_dot) {
 		ret = res_querydomain(name, NULL, class, type, answer, anslen);
-		if (ret > 0)
+		if (ret > 0 || trailing_dot)
 			return (ret);
 		saved_herrno = h_errno;
 		tried_as_is++;
@@ -243,6 +246,14 @@ res_search(name, class, type, answer, an
 		for (domain = (const char * const *)_res.dnsrch;
 		     *domain && !done;
 		     domain++) {
+			searched = 1;
+
+			if (domain[0][0] == '\0' ||
+			    (domain[0][0] == '.' && domain[0][1] == '\0'))
+				root_on_list++;
+
+			if (root_on_list && tried_as_is)
+				continue;
 
 			ret = res_querydomain(name, *domain, class, type,
 					      answer, anslen);
@@ -308,11 +319,11 @@ res_search(name, class, type, answer, an
 	}
 
 	/*
-	 * If we have not already tried the name "as is", do that now.
-	 * note that we do this regardless of how many dots were in the
-	 * name or whether it ends with a dot unless NOTLDQUERY is set.
+	 * If the query has not already been tried as is then try it
+	 * unless RES_NOTLDQUERY is set and there were no dots.
 	 */
-	if (!tried_as_is && (dots || !(_res.options & RES_NOTLDQUERY))) {
+	if ((dots || !searched || !(_res.options & RES_NOTLDQUERY)) &&
+	    !(tried_as_is || root_on_list)) {
 		ret = res_querydomain(name, NULL, class, type, answer, anslen);
 		if (ret > 0)
 			return (ret);


Sincerely,

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume at mahoroba.org  ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/

More information about the freebsd-stable mailing list