if(with_edns) {
/* add edns section */
struct edns_data edns;
+ struct edns_option padding_option;
edns.edns_present = 1;
edns.ext_rcode = 0;
edns.edns_version = EDNS_ADVERTISED_VERSION;
edns.bits = EDNS_DO;
if(sq->dnssec & BIT_CD)
LDNS_CD_SET(sldns_buffer_begin(buff));
+ if (sq->ssl_upstream) {
+ padding_option.opt_code = LDNS_EDNS_PADDING;
+ padding_option.opt_len = 0;
+ padding_option.opt_data = NULL;
+ padding_option.next = edns.opt_list;
+ edns.opt_list = &padding_option;
+ fprintf(stderr, "add padding, pos: %d, limit: %d\n",
+ (int)sldns_buffer_position(buff), (int)sldns_buffer_limit(buff));
+ }
attach_edns_record(buff, &edns);
}
}
sldns_buffer_write(pkt, opt->opt_data, opt->opt_len);
}
if (padding_opt) {
+ size_t block_sz = LDNS_QR_WIRE(sldns_buffer_begin(pkt))
+ ? EDNS_PADDING_RESPONSE_BLOCK_SIZE
+ : EDNS_PADDING_QUERY_BLOCK_SIZE;
size_t pad_pos = sldns_buffer_position(pkt);
size_t max_sz = pad_pos + 4 - len + udpsize;
- size_t msg_sz = ((pad_pos + 3) / 468 + 1) * 468;
+ size_t msg_sz = ((pad_pos + 3) / block_sz + 1) * block_sz;
size_t pad_sz = msg_sz - pad_pos - 4;
sldns_buffer_write_u16(pkt, LDNS_EDNS_PADDING);
#define MAX_ADDR_STRLEN 128 /* characters */
/** default value for EDNS ADVERTISED size */
uint16_t EDNS_ADVERTISED_SIZE = 4096;
+/** default value of padding block size with encrypted queries (RFC8467) */
+uint16_t EDNS_PADDING_QUERY_BLOCK_SIZE = 128;
+/** default value of padding block size with encrypted responses (RFC8467) */
+uint16_t EDNS_PADDING_RESPONSE_BLOCK_SIZE = 468;
/** minimal responses when positive answer: default is no */
int MINIMAL_RESPONSES = 0;
#define INET_SIZE 4
/** byte size of ip6 address */
#define INET6_SIZE 16
+/** block size with which to pad encrypted queries */
+extern uint16_t EDNS_PADDING_QUERY_BLOCK_SIZE;
+/** block size with which to pad encrypted responses */
+extern uint16_t EDNS_PADDING_RESPONSE_BLOCK_SIZE;
/** DNSKEY zone sign key flag */
#define DNSKEY_BIT_ZSK 0x0100
projects / thirdparty / unbound.git / commitdiff
