[CWS] Discard truncated DNS messages (#36822)

kovagsm · web-flow · commit 2e1c7f60e53a · 2025-05-09T17:32:48.000Z
diff --git a/pkg/security/ebpf/c/include/hooks/network/dns.h b/pkg/security/ebpf/c/include/hooks/network/dns.h
@@ -152,8 +152,8 @@ TAIL_CALL_CLASSIFIER_FNC(dns_response, struct __sk_buff *skb) {
         return ACT_OK;
     }
 
-    if(!flags.qr) {
-        // Stop processing if it's not a query response
+    if(!flags.qr || flags.tc) {
+        // Stop processing if it's not a query response or if the message is truncated
         return ACT_OK;
     }
 

Original file line number	Diff line number	Diff line change
`@@ -152,8 +152,8 @@ TAIL_CALL_CLASSIFIER_FNC(dns_response, struct __sk_buff *skb) {`
`152`	`152`	`return ACT_OK;`
`153`	`153`	`}`
`154`	`154`
`155`		`- if(!flags.qr) {`
`156`		`- // Stop processing if it's not a query response`
	`155`	`+ if(!flags.qr \|\| flags.tc) {`
	`156`	`+ // Stop processing if it's not a query response or if the message is truncated`
`157`	`157`	`return ACT_OK;`
`158`	`158`	`}`
`159`	`159`