From 769d8733146a8de6413efc95b9a6b3912a362d16 Mon Sep 17 00:00:00 2001
From: Mike Beaumont <mjboamail@gmail.com>
Date: Tue, 16 Jul 2024 18:30:32 +0200
Subject: [PATCH] fix: add DNS error patch (#103)

Signed-off-by: Mike Beaumont <mjboamail@gmail.com>
---
 .github/workflows/build-and-release.yaml      | 15 +++++++----
 ...01-dns-don-t-error-if-header-id-is-0.patch | 27 +++++++++++++++++++
 ...01-dns-don-t-error-if-header-id-is-0.patch | 27 +++++++++++++++++++
 ...01-dns-don-t-error-if-header-id-is-0.patch | 27 +++++++++++++++++++
 ...01-dns-don-t-error-if-header-id-is-0.patch | 27 +++++++++++++++++++
 scripts/fetch_sources.sh                      | 12 +++++++++
 6 files changed, 130 insertions(+), 5 deletions(-)
 create mode 100644 patches/v1.27-0001-dns-don-t-error-if-header-id-is-0.patch
 create mode 100644 patches/v1.28-0001-dns-don-t-error-if-header-id-is-0.patch
 create mode 100644 patches/v1.29-0001-dns-don-t-error-if-header-id-is-0.patch
 create mode 100644 patches/v1.30-0001-dns-don-t-error-if-header-id-is-0.patch

diff --git a/.github/workflows/build-and-release.yaml b/.github/workflows/build-and-release.yaml
index f4831ad..ed47ec2 100644
--- a/.github/workflows/build-and-release.yaml
+++ b/.github/workflows/build-and-release.yaml
@@ -1,5 +1,5 @@
 name: Build and release
-run-name: "Build ${{ !inputs.skip-release && 'and release ' || '' }}v${{ inputs.version }}"
+run-name: "Build ${{ !inputs.skip-release && 'and release ' || '' }}v${{ inputs.version }}${{ inputs.suffix }}"
 
 on:
   workflow_dispatch:
@@ -8,6 +8,9 @@ on:
         description: Envoy version to build (don't include leading v, don't cancel the build because things might not be cleaned up by terraform properly)
         type: string
         required: true
+      suffix:
+        description: Additional suffix for release/tag (must include leading '-' if desired)
+        type: string
       skip-release:
         description: Skip the release?
         type: boolean
@@ -73,8 +76,10 @@ jobs:
 
               bin="$(basename "${bin}")"
               IFS=- read -r envoy suffix <<< "${bin}"
-              # We know the suffix begins with a version number
-              archive_name="envoy-${os}-${arch}-${suffix}"
+              archive_name="envoy-${os}-${arch}-v${{ inputs.version }}${{ inputs.suffix }}"
+              if [[ "${fips}" == "true" ]]; then
+                archive_name="${archive_name}+fips"
+              fi
 
               # move file into tar.gz and rename to 'envoy' in archive
               tar -C "${dir}" "--transform=flags=r;s|${bin}|envoy|" -czvf "out/${archive_name}.tar.gz" "${bin}"
@@ -84,12 +89,12 @@ jobs:
         if: ${{ !inputs.skip-release }}
         uses: softprops/action-gh-release@v2
         with:
-          tag_name: v${{ inputs.version || 'main' }}
+          tag_name: v${{ inputs.version || 'main' }}${{ inputs.suffix }}
           draft: true
           files: |
             out/*
       - uses: actions/upload-artifact@v4
         with:
-          name: envoy-v${{ inputs.version }}
+          name: envoy-v${{ inputs.version }}${{ inputs.suffix }}
           path: out/
           if-no-files-found: error
diff --git a/patches/v1.27-0001-dns-don-t-error-if-header-id-is-0.patch b/patches/v1.27-0001-dns-don-t-error-if-header-id-is-0.patch
new file mode 100644
index 0000000..d4894ef
--- /dev/null
+++ b/patches/v1.27-0001-dns-don-t-error-if-header-id-is-0.patch
@@ -0,0 +1,27 @@
+From 41ef76a374e9f1f4668d2f7d32de16dd1d982aa5 Mon Sep 17 00:00:00 2001
+From: Mike Beaumont <mjboamail@gmail.com>
+Date: Tue, 9 Jul 2024 10:14:29 +0200
+Subject: [PATCH] dns: don't error if header id is 0
+
+---
+ source/extensions/filters/udp/dns_filter/dns_parser.cc | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/source/extensions/filters/udp/dns_filter/dns_parser.cc b/source/extensions/filters/udp/dns_filter/dns_parser.cc
+index b63f69278d..9be5917d9b 100644
+--- a/source/extensions/filters/udp/dns_filter/dns_parser.cc
++++ b/source/extensions/filters/udp/dns_filter/dns_parser.cc
+@@ -212,10 +212,6 @@ bool DnsMessageParser::parseDnsObject(DnsQueryContextPtr& context,
+   }
+ 
+   context->id_ = static_cast<uint16_t>(context->header_.id);
+-  if (context->id_ == 0) {
+-    ENVOY_LOG(debug, "No ID in DNS query");
+-    return false;
+-  }
+ 
+   // Almost always, we will have only one query here. Per the RFC, QDCOUNT is usually 1
+   context->queries_.reserve(context->header_.questions);
+-- 
+2.45.2
+
diff --git a/patches/v1.28-0001-dns-don-t-error-if-header-id-is-0.patch b/patches/v1.28-0001-dns-don-t-error-if-header-id-is-0.patch
new file mode 100644
index 0000000..a684566
--- /dev/null
+++ b/patches/v1.28-0001-dns-don-t-error-if-header-id-is-0.patch
@@ -0,0 +1,27 @@
+From 42af03c8d830fdc2899350f87ac4fe4b4a8e437e Mon Sep 17 00:00:00 2001
+From: Mike Beaumont <mjboamail@gmail.com>
+Date: Tue, 9 Jul 2024 10:14:29 +0200
+Subject: [PATCH] dns: don't error if header id is 0
+
+---
+ source/extensions/filters/udp/dns_filter/dns_parser.cc | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/source/extensions/filters/udp/dns_filter/dns_parser.cc b/source/extensions/filters/udp/dns_filter/dns_parser.cc
+index b63f69278d..9be5917d9b 100644
+--- a/source/extensions/filters/udp/dns_filter/dns_parser.cc
++++ b/source/extensions/filters/udp/dns_filter/dns_parser.cc
+@@ -212,10 +212,6 @@ bool DnsMessageParser::parseDnsObject(DnsQueryContextPtr& context,
+   }
+ 
+   context->id_ = static_cast<uint16_t>(context->header_.id);
+-  if (context->id_ == 0) {
+-    ENVOY_LOG(debug, "No ID in DNS query");
+-    return false;
+-  }
+ 
+   // Almost always, we will have only one query here. Per the RFC, QDCOUNT is usually 1
+   context->queries_.reserve(context->header_.questions);
+-- 
+2.45.2
+
diff --git a/patches/v1.29-0001-dns-don-t-error-if-header-id-is-0.patch b/patches/v1.29-0001-dns-don-t-error-if-header-id-is-0.patch
new file mode 100644
index 0000000..15831c9
--- /dev/null
+++ b/patches/v1.29-0001-dns-don-t-error-if-header-id-is-0.patch
@@ -0,0 +1,27 @@
+From 12ddfa3964f010d5fc8290570389f71d49e14533 Mon Sep 17 00:00:00 2001
+From: Mike Beaumont <mjboamail@gmail.com>
+Date: Tue, 9 Jul 2024 10:14:29 +0200
+Subject: [PATCH] dns: don't error if header id is 0
+
+---
+ source/extensions/filters/udp/dns_filter/dns_parser.cc | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/source/extensions/filters/udp/dns_filter/dns_parser.cc b/source/extensions/filters/udp/dns_filter/dns_parser.cc
+index b63f69278d..9be5917d9b 100644
+--- a/source/extensions/filters/udp/dns_filter/dns_parser.cc
++++ b/source/extensions/filters/udp/dns_filter/dns_parser.cc
+@@ -212,10 +212,6 @@ bool DnsMessageParser::parseDnsObject(DnsQueryContextPtr& context,
+   }
+ 
+   context->id_ = static_cast<uint16_t>(context->header_.id);
+-  if (context->id_ == 0) {
+-    ENVOY_LOG(debug, "No ID in DNS query");
+-    return false;
+-  }
+ 
+   // Almost always, we will have only one query here. Per the RFC, QDCOUNT is usually 1
+   context->queries_.reserve(context->header_.questions);
+-- 
+2.45.2
+
diff --git a/patches/v1.30-0001-dns-don-t-error-if-header-id-is-0.patch b/patches/v1.30-0001-dns-don-t-error-if-header-id-is-0.patch
new file mode 100644
index 0000000..beb9943
--- /dev/null
+++ b/patches/v1.30-0001-dns-don-t-error-if-header-id-is-0.patch
@@ -0,0 +1,27 @@
+From db432303b88ef5197ad6ed330a15173bf7967e1d Mon Sep 17 00:00:00 2001
+From: Mike Beaumont <mjboamail@gmail.com>
+Date: Tue, 9 Jul 2024 10:14:29 +0200
+Subject: [PATCH] dns: don't error if header id is 0
+
+---
+ source/extensions/filters/udp/dns_filter/dns_parser.cc | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/source/extensions/filters/udp/dns_filter/dns_parser.cc b/source/extensions/filters/udp/dns_filter/dns_parser.cc
+index b63f69278d..9be5917d9b 100644
+--- a/source/extensions/filters/udp/dns_filter/dns_parser.cc
++++ b/source/extensions/filters/udp/dns_filter/dns_parser.cc
+@@ -212,10 +212,6 @@ bool DnsMessageParser::parseDnsObject(DnsQueryContextPtr& context,
+   }
+ 
+   context->id_ = static_cast<uint16_t>(context->header_.id);
+-  if (context->id_ == 0) {
+-    ENVOY_LOG(debug, "No ID in DNS query");
+-    return false;
+-  }
+ 
+   // Almost always, we will have only one query here. Per the RFC, QDCOUNT is usually 1
+   context->queries_.reserve(context->header_.questions);
+-- 
+2.45.2
+
diff --git a/scripts/fetch_sources.sh b/scripts/fetch_sources.sh
index 3ccb735..a3b7c34 100755
--- a/scripts/fetch_sources.sh
+++ b/scripts/fetch_sources.sh
@@ -10,6 +10,12 @@ set -o errexit
 set -o pipefail
 set -o nounset
 
+declare -A patches_per_version
+patches_per_version[v1.27]="$(realpath "patches/v1.27-0001-dns-don-t-error-if-header-id-is-0.patch")"
+patches_per_version[v1.28]="$(realpath "patches/v1.28-0001-dns-don-t-error-if-header-id-is-0.patch")"
+patches_per_version[v1.29]="$(realpath "patches/v1.29-0001-dns-don-t-error-if-header-id-is-0.patch")"
+patches_per_version[v1.30]="$(realpath "patches/v1.30-0001-dns-don-t-error-if-header-id-is-0.patch")"
+
 PATCH_FILES_1_26=(
   "$(realpath "scripts/dns_filter_resolver.h.patch")"
   "$(realpath "scripts/filter_test.cc.patch")"
@@ -50,4 +56,10 @@ else
   fi
 fi
 
+IFS=. read -r major minor rest <<< "$(cat VERSION.txt)"
+patches=${patches_per_version["v${major}.${minor}"]}
+# read string into array because lists of lists is too much for bash
+read -ra patches <<< "${patches}"
+git apply -v "${patches[@]}"
+
 popd