From: Philip Homburg <philip@nlnetlabs.nl>
Date: Tue, 31 Jan 2023 14:16:38 +0000 (+0100)
Subject: Fix issue #825: interaction between ECS and serve-expired.
X-Git-Tag: release-1.19.0rc1~38^2~29
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fb06364014f19d2592fd0f21851dc534901d446d;p=thirdparty%2Funbound.git

Fix issue #825: interaction between ECS and serve-expired.
---

diff --git a/edns-subnet/subnetmod.c b/edns-subnet/subnetmod.c
index 458a89702..5e6d9efd3 100644
--- a/edns-subnet/subnetmod.c
+++ b/edns-subnet/subnetmod.c
@@ -779,6 +779,11 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event,
 				&qstate->mesh_info->reply_list->query_reply.client_addr,
 				&sq->ecs_client_in, qstate->env->cfg);
 		}
+		else if(qstate->client_addr.ss_family != AF_UNSPEC) {
+			subnet_option_from_ss(
+				&qstate->client_addr,
+				&sq->ecs_client_in, qstate->env->cfg);
+		}
 		
 		if(sq->ecs_client_in.subnet_validdata == 0) {
 			/* No clients are interested in result or we could not
diff --git a/services/mesh.c b/services/mesh.c
index 9007b6e08..8321a48b2 100644
--- a/services/mesh.c
+++ b/services/mesh.c
@@ -803,20 +803,10 @@ static void mesh_schedule_prefetch_subnet(struct mesh_area* mesh,
 			return;
 		}
 	} else {
-		/* Fake the ECS data from the client's IP */
-		struct ecs_data ecs;
-		memset(&ecs, 0, sizeof(ecs));
-		subnet_option_from_ss(&rep->client_addr, &ecs, mesh->env->cfg);
-		if(ecs.subnet_validdata == 0) {
-			log_err("prefetch_subnet subnet_option_from_ss: invalid data");
-			return;
-		}
-		subnet_ecs_opt_list_append(&ecs, &s->s.edns_opts_front_in,
-			&s->s, s->s.region);
-		if(!s->s.edns_opts_front_in) {
-			log_err("prefetch_subnet subnet_ecs_opt_list_append: out of memory");
-			return;
-		}
+		/* Store the client's address. Later in the subnet module,
+		 * it is decided whether to include an ECS option or not.
+		 */
+		s->s.client_addr =  rep->client_addr;
 	}
 #ifdef UNBOUND_DEBUG
 	n =
diff --git a/util/module.h b/util/module.h
index 013c65b02..3752c8c33 100644
--- a/util/module.h
+++ b/util/module.h
@@ -619,6 +619,10 @@ struct module_qstate {
 	/** if this is a validation recursion query that does not get
 	 * validation itself */
 	int is_valrec;
+	/** client network address is needed for the client-subnet option
+	 *  when probing, but we want use reply_list in mesh_info, because
+	 * we don't want to send a reply. */
+        struct sockaddr_storage client_addr;
 
 	/** comm_reply contains server replies */
 	struct comm_reply* reply;