From: W.C.A. Wijngaards Date: Fri, 14 May 2021 14:34:38 +0000 (+0200) Subject: - rpz-triggers, the added soa for client ip modified answers is affected X-Git-Tag: release-1.14.0rc1~62^2~9 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=355526da7def69e614d2c49b65953195d1489af8;p=thirdparty%2Funbound.git - rpz-triggers, the added soa for client ip modified answers is affected by the minimal-responses config option. --- diff --git a/cachedb/cachedb.c b/cachedb/cachedb.c index 707319e85..af4ffe5f2 100644 --- a/cachedb/cachedb.c +++ b/cachedb/cachedb.c @@ -402,7 +402,7 @@ prep_data(struct module_qstate* qstate, struct sldns_buffer* buf) qstate->return_msg->rep); if(!reply_info_answer_encode(&qstate->return_msg->qinfo, qstate->return_msg->rep, 0, qstate->query_flags, - buf, 0, 1, qstate->env->scratch, 65535, &edns, 1, 0, 0)) + buf, 0, 1, qstate->env->scratch, 65535, &edns, 1, 0)) return 0; /* TTLs in the return_msg are relative to time(0) so we have to diff --git a/daemon/worker.c b/daemon/worker.c index 421cd82c4..2ee8b8d9b 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -522,7 +522,7 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, repinfo->c, worker->scratchpad) || !reply_info_answer_encode(&msg->qinfo, msg->rep, id, flags, repinfo->c->buffer, 0, 1, worker->scratchpad, - udpsize, edns, (int)(edns->bits & EDNS_DO), secure, 0)) { + udpsize, edns, (int)(edns->bits & EDNS_DO), secure)) { if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, NULL, LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad, worker->env.now_tv)) @@ -726,7 +726,7 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, repinfo->c, worker->scratchpad) || !reply_info_answer_encode(qinfo, encode_rep, id, flags, repinfo->c->buffer, timenow, 1, worker->scratchpad, - udpsize, edns, (int)(edns->bits & EDNS_DO), *is_secure_answer, 0)) { + udpsize, edns, (int)(edns->bits & EDNS_DO), *is_secure_answer)) { if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, NULL, LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad, worker->env.now_tv)) diff --git a/services/authzone.c b/services/authzone.c index 19f462586..b0cfc4e26 100644 --- a/services/authzone.c +++ b/services/authzone.c @@ -3495,7 +3495,7 @@ auth_answer_encode(struct query_info* qinfo, struct module_env* env, *(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2), buf, 0, 0, temp, udpsize, edns, - (int)(edns->bits&EDNS_DO), 0, 0)) { + (int)(edns->bits&EDNS_DO), 0)) { error_encode(buf, (LDNS_RCODE_SERVFAIL|BIT_AA), qinfo, *(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2), edns); diff --git a/services/localzone.c b/services/localzone.c index 6eecab62a..a24137eac 100644 --- a/services/localzone.c +++ b/services/localzone.c @@ -1261,7 +1261,7 @@ local_encode(struct query_info* qinfo, struct module_env* env, if(!inplace_cb_reply_local_call(env, qinfo, NULL, &rep, rcode, edns, repinfo, temp, env->now_tv) || !reply_info_answer_encode(qinfo, &rep, *(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2), - buf, 0, 0, temp, udpsize, edns, (int)(edns->bits&EDNS_DO), 0, 0)) { + buf, 0, 0, temp, udpsize, edns, (int)(edns->bits&EDNS_DO), 0)) { error_encode(buf, (LDNS_RCODE_SERVFAIL|BIT_AA), qinfo, *(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2), edns); diff --git a/services/mesh.c b/services/mesh.c index 3ff14a0dd..f00ad3e86 100644 --- a/services/mesh.c +++ b/services/mesh.c @@ -1167,7 +1167,7 @@ mesh_do_callback(struct mesh_state* m, int rcode, struct reply_info* rep, !reply_info_answer_encode(&m->s.qinfo, rep, r->qid, r->qflags, r->buf, 0, 1, m->s.env->scratch, udp_size, &r->edns, - (int)(r->edns.bits & EDNS_DO), secure, 0)) + (int)(r->edns.bits & EDNS_DO), secure)) { fptr_ok(fptr_whitelist_mesh_cb(r->cb)); (*r->cb)(r->cb_arg, LDNS_RCODE_SERVFAIL, r->buf, @@ -1313,7 +1313,7 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, !reply_info_answer_encode(&m->s.qinfo, rep, r->qid, r->qflags, r_buffer, 0, 1, m->s.env->scratch, udp_size, &r->edns, (int)(r->edns.bits & EDNS_DO), - secure, 0)) + secure)) { if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s, rep, LDNS_RCODE_SERVFAIL, &r->edns, &r->query_reply, m->s.region, &r->start_time)) diff --git a/services/rpz.c b/services/rpz.c index a612cc094..d7bada4a9 100644 --- a/services/rpz.c +++ b/services/rpz.c @@ -1528,8 +1528,7 @@ rpz_local_encode(struct module_env* env, struct query_info* qinfo, repinfo, temp, env->now_tv) || !reply_info_answer_encode(qinfo, &rep, *(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2), - buf, 0, 0, temp, udpsize, edns, (int)(edns->bits&EDNS_DO), 0, - 1 /* not minimal */ )) { + buf, 0, 0, temp, udpsize, edns, (int)(edns->bits&EDNS_DO), 0)) { error_encode(buf, (LDNS_RCODE_SERVFAIL|BIT_AA), qinfo, *(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2), edns); diff --git a/testdata/rpz_clientip.rpl b/testdata/rpz_clientip.rpl index 7d5b5330d..78e05ad91 100644 --- a/testdata/rpz_clientip.rpl +++ b/testdata/rpz_clientip.rpl @@ -3,6 +3,7 @@ server: module-config: "respip validator iterator" target-fetch-policy: "0 0 0 0 0" qname-minimisation: no + minimal-responses: no access-control: 192.0.0.0/8 allow rpz: diff --git a/util/data/msgencode.c b/util/data/msgencode.c index 1cf30dd5d..5f297b551 100644 --- a/util/data/msgencode.c +++ b/util/data/msgencode.c @@ -878,7 +878,7 @@ int reply_info_answer_encode(struct query_info* qinf, struct reply_info* rep, uint16_t id, uint16_t qflags, sldns_buffer* pkt, time_t timenow, int cached, struct regional* region, uint16_t udpsize, - struct edns_data* edns, int dnssec, int secure, int notminimal) + struct edns_data* edns, int dnssec, int secure) { uint16_t flags; unsigned int attach_edns = 0; @@ -916,7 +916,7 @@ reply_info_answer_encode(struct query_info* qinf, struct reply_info* rep, } if(!reply_info_encode(qinf, rep, id, flags, pkt, timenow, region, - udpsize, dnssec, (notminimal?0:MINIMAL_RESPONSES))) { + udpsize, dnssec, MINIMAL_RESPONSES)) { log_err("reply encode: out of memory"); return 0; } diff --git a/util/data/msgencode.h b/util/data/msgencode.h index 3baa0eaf9..30dc515cb 100644 --- a/util/data/msgencode.h +++ b/util/data/msgencode.h @@ -64,14 +64,12 @@ struct edns_data; * or if edns_present = 0, it is not included. * @param dnssec: if 0 DNSSEC records are omitted from the answer. * @param secure: if 1, the AD bit is set in the reply. - * @param notminimal: if 1, ignore minimalresponses and include additional - * section anyway. * @return: 0 on error (server failure). */ int reply_info_answer_encode(struct query_info* qinf, struct reply_info* rep, uint16_t id, uint16_t qflags, struct sldns_buffer* dest, time_t timenow, int cached, struct regional* region, uint16_t udpsize, - struct edns_data* edns, int dnssec, int secure, int notminimal); + struct edns_data* edns, int dnssec, int secure); /** * Regenerate the wireformat from the stored msg reply.