make local_data ede inclusion configurable, rewrite local_error_encode to include...

diff --git a/services/localzone.c b/services/localzone.c
index d296d10de3d038c7fc74b3116408e6cc72ac4636..c6ed979fb08d7cc6174c16208e37bc074810e52d 100644 (file)
--- a/services/localzone.c
+++ b/services/localzone.c
@@ -1323,30 +1323,9 @@ local_encode_ede(struct query_info* qinfo, struct module_env* env,
        return 1;
 }
 
-
 /** encode local error answer */
 static void
 local_error_encode(struct query_info* qinfo, struct module_env* env,
-       struct edns_data* edns, struct comm_reply* repinfo, sldns_buffer* buf,
-       struct regional* temp, int rcode, int r)
-{
-       edns->edns_version = EDNS_ADVERTISED_VERSION;
-       edns->udp_size = EDNS_ADVERTISED_SIZE;
-       edns->ext_rcode = 0;
-       edns->bits &= EDNS_DO;
-
-       if(!inplace_cb_reply_local_call(env, qinfo, NULL, NULL,
-               rcode, edns, repinfo, temp, env->now_tv))
-               edns->opt_list = NULL;
-       /* Errors with EDE are generated with local_error_encode_ede,
-        * so no EDE here. */
-       error_encode(buf, r, qinfo, *(uint16_t*)sldns_buffer_begin(buf),
-               sldns_buffer_read_u16_at(buf, 2), edns);
-}
-
-/** encode local error answer */
-static void
-local_error_encode_ede(struct query_info* qinfo, struct module_env* env,
        struct edns_data* edns, struct comm_reply* repinfo, sldns_buffer* buf,
        struct regional* temp, int rcode, int r, sldns_ede_code ede_code,
        const char* ede_txt)
@@ -1359,7 +1338,8 @@ local_error_encode_ede(struct query_info* qinfo, struct module_env* env,
        if(!inplace_cb_reply_local_call(env, qinfo, NULL, NULL,
                rcode, edns, repinfo, temp, env->now_tv))
                edns->opt_list = NULL;
-       edns_opt_append_ede(edns, temp, ede_code, ede_txt);
+       if(ede_code >= 0 && env->cfg->local_data_do_ede)
+               edns_opt_append_ede(edns, temp, ede_code, ede_txt);
        error_encode(buf, r, qinfo, *(uint16_t*)sldns_buffer_begin(buf),
                sldns_buffer_read_u16_at(buf, 2), edns);
 }
@@ -1555,7 +1535,7 @@ local_data_answer(struct local_zone* z, struct module_env* env,
 
                        if(newtargetlen > LDNS_MAX_DOMAINLEN) {
                                qinfo->local_alias = NULL;
-                               local_error_encode_ede(qinfo, env, edns,repinfo,
+                               local_error_encode(qinfo, env, edns,repinfo,
                                        buf, temp, LDNS_RCODE_YXDOMAIN,
                                        (LDNS_RCODE_YXDOMAIN|BIT_AA),
                                        LDNS_EDE_OTHER,
@@ -1653,7 +1633,7 @@ local_zones_zone_answer(struct local_zone* z, struct module_env* env,
                return 1;
        } else if(lz_type == local_zone_refuse
                || lz_type == local_zone_always_refuse) {
-               local_error_encode_ede(qinfo, env, edns, repinfo, buf, temp,
+               local_error_encode(qinfo, env, edns, repinfo, buf, temp,
                        LDNS_RCODE_REFUSED, (LDNS_RCODE_REFUSED|BIT_AA),
                        LDNS_EDE_BLOCKED, "");
                return 1;
@@ -1676,9 +1656,8 @@ local_zones_zone_answer(struct local_zone* z, struct module_env* env,
                if(z->soa && z->soa_negative)
                        return local_encode(qinfo, env, edns, repinfo, buf, temp,
                                z->soa_negative, 0, rcode);
-               local_error_encode_ede(qinfo, env, edns, repinfo, buf, temp,
-                       rcode, (rcode|BIT_AA),
-                       LDNS_EDE_BLOCKED, "");
+               local_error_encode(qinfo, env, edns, repinfo, buf, temp,
+                       rcode, (rcode|BIT_AA), LDNS_EDE_BLOCKED, "");
                return 1;
        } else if(lz_type == local_zone_typetransparent
                || lz_type == local_zone_always_transparent) {
@@ -1722,7 +1701,7 @@ local_zones_zone_answer(struct local_zone* z, struct module_env* env,
                        /* NODATA: No EDE needed */
                        local_error_encode(qinfo, env, edns, repinfo, buf,
                                temp, LDNS_RCODE_NOERROR,
-                               (LDNS_RCODE_NOERROR|BIT_AA));
+                               (LDNS_RCODE_NOERROR|BIT_AA), -1, NULL);
                }
                return 1;
        }
@@ -1737,7 +1716,7 @@ local_zones_zone_answer(struct local_zone* z, struct module_env* env,
                                z->soa_negative, 0, rcode);
                /* NODATA: No EDE needed */
                local_error_encode(qinfo, env, edns, repinfo, buf, temp, rcode,
-                       (rcode|BIT_AA));
+                       (rcode|BIT_AA), -1, NULL);
                return 1;
        }
 

diff --git a/util/config_file.c b/util/config_file.c
index 1a8f5ada81cc641f126943a425a628fd3fbb42c0..d7b26c10c47ee3fb7d5d68df00d588fd4447d138 100644 (file)
--- a/util/config_file.c
+++ b/util/config_file.c
@@ -372,6 +372,7 @@ config_create(void)
        cfg->ipset_name_v4 = NULL;
        cfg->ipset_name_v6 = NULL;
 #endif
+       cfg->local_data_do_ede = 0;
        return cfg;
 error_exit:
        config_delete(cfg);
@@ -788,7 +789,8 @@ int config_set_option(struct config_file* cfg, const char* opt,
                }
                oi[cfg->num_out_ifs++] = d;
                cfg->out_ifs = oi;
-       } else {
+       } else S_YNO("local_data_do_ede:", local_data_do_ede)
+       else {
                /* unknown or unsupported (from the set_option interface):
                 * interface, outgoing-interface, access-control,
                 * stub-zone, name, stub-addr, stub-host, stub-prime

diff --git a/util/config_file.h b/util/config_file.h
index a7b759e9303d00cbfebba48eab9091c14be476d3..0f329277caf1f3686dd01839e8e4e822018507da 100644 (file)
--- a/util/config_file.h
+++ b/util/config_file.h
@@ -667,6 +667,9 @@ struct config_file {
        char* ipset_name_v4;
        char* ipset_name_v6;
 #endif
+
+       /** should local_data result in EDE (RFC8914) code inclusion? */
+       int local_data_do_ede;
 };
 
 /** from cfg username, after daemonize setup performed */

diff --git a/util/data/msgparse.c b/util/data/msgparse.c
index 1435e3798ceaa7db9a98cd8200826412431d326a..9fb6b756e69f6901e778c792486e2718290c2b1c 100644 (file)
--- a/util/data/msgparse.c
+++ b/util/data/msgparse.c
@@ -1127,25 +1127,3 @@ log_edns_opt_list(enum verbosity_value level, const char* info_str,
                }
        }
 }
-
-
-/** parse a DNS packet to find out if it contains an EDNS section */
-int
-msgparse_check_edns_in_packet(sldns_buffer* pkt)
-{
-       size_t rdata_len;
-       uint8_t* rdata_ptr;
-       log_assert(LDNS_QDCOUNT(sldns_buffer_begin(pkt)) == 1);
-       if(LDNS_ANCOUNT(sldns_buffer_begin(pkt)) != 0 ||
-               LDNS_NSCOUNT(sldns_buffer_begin(pkt)) != 0) {
-               if(!skip_pkt_rrs(pkt, ((int)LDNS_ANCOUNT(sldns_buffer_begin(pkt)))+
-                       ((int)LDNS_NSCOUNT(sldns_buffer_begin(pkt)))))
-                       return LDNS_RCODE_FORMERR;
-       }
-       /* check edns section is present */
-       if(LDNS_ARCOUNT(sldns_buffer_begin(pkt)) == 1)
-               return 0;
-       else
-               return 1;
-}
-

diff --git a/util/data/msgparse.h b/util/data/msgparse.h
index fe64a7dec6df04a97519200f01a8159fdaac498a..981f53d4631d7f4ee79dead0a93155302cee997f 100644 (file)
--- a/util/data/msgparse.h
+++ b/util/data/msgparse.h
@@ -349,12 +349,4 @@ void msgparse_bucket_remove(struct msg_parse* msg, struct rrset_parse* rrset);
 void log_edns_opt_list(enum verbosity_value level, const char* info_str,
        struct edns_option* list);
 
-/**
- * Verify if the packet contains EDNS (RFC6891)
- * @param pkt: the packet.
- * @return 0 if true, 1 if false
- */
-int msgparse_check_edns_in_packet(struct sldns_buffer* pkt);
-
-
 #endif /* UTIL_DATA_MSGPARSE_H */