From: bert hubert <bert.hubert@netherlabs.nl>
Date: Fri, 12 May 2017 19:25:16 +0000 (+0200)
Subject: Together with Mukund Sivaraman we found out PowerDNS sdig does not truncate
X-Git-Tag: rec-4.1.0-alpha1~120^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F5320%2Fhead;p=thirdparty%2Fpdns.git

Together with Mukund Sivaraman we found out PowerDNS sdig does not truncate
trailing bits of EDNS Client Subnet mask.  So if you'd truncate something as
a /9, we'd have to use 2 bytes anyhow, but we would not zero the last 7 bits.

We do now. Thanks Mukund & ISC!
---

diff --git a/pdns/ednssubnet.cc b/pdns/ednssubnet.cc
index d6b9f8e006..4528be3f3c 100644
--- a/pdns/ednssubnet.cc
+++ b/pdns/ednssubnet.cc
@@ -95,10 +95,13 @@ string makeEDNSSubnetOptsString(const EDNSSubnetOpts& eso)
   ret.assign((const char*)&esow, sizeof(esow));
   int octetsout = ((esow.sourceMask - 1)>> 3)+1;
 
+  ComboAddress src=eso.source.getNetwork();
+  src.truncate(esow.sourceMask);
+  
   if(family == htons(1)) 
-    ret.append((const char*) &eso.source.getNetwork().sin4.sin_addr.s_addr, octetsout);
+    ret.append((const char*) &src.sin4.sin_addr.s_addr, octetsout);
   else
-    ret.append((const char*) &eso.source.getNetwork().sin6.sin6_addr.s6_addr, octetsout);
+    ret.append((const char*) &src.sin6.sin6_addr.s6_addr, octetsout);
   return ret;
 }