#include "query-local-address.hh"
#include "tcpiohandler.hh"
#include "ednsoptions.hh"
-
+#include "ednspadding.hh"
#include "rec-protozero.hh"
#include "uuid-utils.hh"
#include "rec-tcpout.hh"
return LWResult::Result::Success;
}
+static void addPadding(const DNSPacketWriter& pw, size_t bufsize, DNSPacketWriter::optvect_t& opts)
+{
+ const size_t currentSize = pw.getSizeWithOpts(opts);
+ if (currentSize < (bufsize - 4)) {
+ const size_t remaining = bufsize - (currentSize + 4);
+ /* from rfc8647, "4.1. Recommended Strategy: Block-Length Padding":
+ Clients SHOULD pad queries to the closest multiple of 128 octets.
+ Note we are in the client role here.
+ */
+ const size_t blockSize = 128;
+ const size_t modulo = (currentSize + 4) % blockSize;
+ size_t padSize = 0;
+ if (modulo > 0) {
+ padSize = std::min(blockSize - modulo, remaining);
+ }
+ opts.emplace_back(EDNSOptionCode::PADDING, makeEDNSPaddingOptString(padSize));
+ }
+}
+
/** lwr is only filled out in case 1 was returned, and even when returning 1 for 'success', lwr might contain DNS errors
Never throws!
*/
// string mapped0x20=dns0x20(domain);
uint16_t qid = dns_random_uint16();
DNSPacketWriter pw(vpacket, domain, type);
+ bool dnsOverTLS = SyncRes::s_dot_to_port_853 && ip.getPort() == 853;
pw.getHeader()->rd=sendRDQuery;
pw.getHeader()->id=qid;
weWantEDNSSubnet=true;
}
- pw.addOpt(g_outgoingEDNSBufsize, 0, g_dnssecmode == DNSSECMode::Off ? 0 : EDNSOpts::DNSSECOK, opts);
+ if (dnsOverTLS /* and other conditions? */) {
+ addPadding(pw, bufsize, opts);
+ }
+
+ pw.addOpt(g_outgoingEDNSBufsize, 0, g_dnssecmode == DNSSECMode::Off ? 0 : EDNSOpts::DNSSECOK, opts);
pw.commit();
}
lwr->d_rcode = 0;
boost::uuids::uuid uuid;
const struct timeval queryTime = *now;
- bool dnsOverTLS = SyncRes::s_dot_to_port_853 && ip.getPort() == 853;
if (outgoingLoggers) {
uuid = getUniqueID();
projects / thirdparty / pdns.git / commitdiff
