if (daemon->edns_pktsz < PACKETSZ)
daemon->edns_pktsz = PACKETSZ;
- daemon->packet_buff_sz = daemon->edns_pktsz > DNSMASQ_PACKETSZ ?
- daemon->edns_pktsz : DNSMASQ_PACKETSZ;
+ /* Min buffer size: we check after adding each record, so there must be
+ memory for the largest packet, and the largest record so the
+ min for DNS is PACKETSZ+MAXDNAME+RRFIXEDSZ which is < 1000.
+ This might be increased is EDNS packet size if greater than the minimum. */
+ daemon->packet_buff_sz = daemon->edns_pktsz + MAXDNAME + RRFIXEDSZ;
daemon->packet = safe_malloc(daemon->packet_buff_sz);
daemon->addrbuff = safe_malloc(ADDRSTRLEN);
#define EC_MISC 5
#define EC_INIT_OFFSET 10
-/* Min buffer size: we check after adding each record, so there must be
- memory for the largest packet, and the largest record so the
- min for DNS is PACKETSZ+MAXDNAME+RRFIXEDSZ which is < 1000.
- This might be increased is EDNS packet size if greater than the minimum.
-*/
-#define DNSMASQ_PACKETSZ PACKETSZ+MAXDNAME+RRFIXEDSZ
-
/* Trust the compiler dead-code eliminator.... */
#define option_bool(x) (((x) < 32) ? daemon->options & (1u << (x)) : daemon->options2 & (1u << ((x) - 32)))
#define FREC_DO_QUESTION 64
#define FREC_ADDED_PHEADER 128
#define FREC_TEST_PKTSZ 256
+#define FREC_HAS_EXTRADATA 512
#ifdef HAVE_DNSSEC
#define HASH_SIZE 20 /* SHA-1 digest size */
{
struct server *firstsentto = start;
int forwarded = 0;
-
+ size_t edns0_len;
+
/* If a query is retried, use the log_id for the retry when logging the answer. */
forward->log_id = daemon->log_id;
if (option_bool(OPT_ADD_MAC))
{
- size_t new = add_mac(header, plen, ((char *) header) + daemon->packet_buff_sz, &forward->source);
+ size_t new = add_mac(header, plen, ((char *) header) + PACKETSZ, &forward->source);
if (new != plen)
{
plen = new;
if (option_bool(OPT_CLIENT_SUBNET))
{
- size_t new = add_source_addr(header, plen, ((char *) header) + daemon->packet_buff_sz, &forward->source);
+ size_t new = add_source_addr(header, plen, ((char *) header) + PACKETSZ, &forward->source);
if (new != plen)
{
plen = new;
#ifdef HAVE_DNSSEC
if (option_bool(OPT_DNSSEC_VALID))
{
- size_t new = add_do_bit(header, plen, ((char *) header) + daemon->packet_buff_sz);
+ size_t new = add_do_bit(header, plen, ((char *) header) + PACKETSZ);
if (new != plen)
forward->flags |= FREC_ADDED_PHEADER;
}
#endif
+
+ /* If we're sending an EDNS0 with any options, we can't recreate the query from a reply. */
+ if (find_pseudoheader(header, plen, &edns0_len, NULL, NULL, NULL) && edns0_len > 11)
+ forward->flags |= FREC_HAS_EXTRADATA;
while (1)
{
check_for_ignored_address(header, n, daemon->ignore_addr))
return;
+ /* Note: if we send extra options in the EDNS0 header, we can't recreate
+ the query from the reply. */
if (RCODE(header) == REFUSED &&
!option_bool(OPT_ORDER) &&
- forward->forwardall == 0)
+ forward->forwardall == 0 &&
+ !(forward->flags & FREC_HAS_EXTRADATA))
/* for broken servers, attempt to send to another one. */
{
unsigned char *pheader;
if (status == STAT_NEED_KEY)
{
new->flags |= FREC_DNSKEY_QUERY;
- nn = dnssec_generate_query(header, ((char *) header) + daemon->packet_buff_sz,
+ nn = dnssec_generate_query(header, ((char *) header) + server->edns_pktsz,
daemon->keyname, forward->class, T_DNSKEY, &server->addr, server->edns_pktsz);
}
else
{
new->flags |= FREC_DS_QUERY;
- nn = dnssec_generate_query(header,((char *) header) + daemon->packet_buff_sz,
+ nn = dnssec_generate_query(header,((char *) header) + server->edns_pktsz,
daemon->keyname, forward->class, T_DS, &server->addr, server->edns_pktsz);
}
if ((hash = hash_questions(header, nn, daemon->namebuff)))