/* YBS TODO: source mask must come from original query if
* any. Some default otherwise. But not more than
* configured maximum */
- edns.subnet_source_mask = 26;
+ edns.subnet_source_mask = MAX_CLIENT_SUBNET_IP4;
}
#ifdef INET6
else {
edns.subnet_addr_fam = IANA_ADDRFAM_IP6;
sinaddr = &((struct sockaddr_in6*)ss)->sin6_addr;
memcpy(edns.subnet_addr, (uint8_t *)sinaddr, INET6_SIZE);
- edns.subnet_source_mask = 100;
+ edns.subnet_source_mask = MAX_CLIENT_SUBNET_IP6;
}
#endif
edns.subnet_scope_mask = 0;
MIN_TTL = (uint32_t)config->min_ttl;
EDNS_ADVERTISED_SIZE = (uint16_t)config->edns_buffer_size;
EDNS_SUBNET_OPC = (uint16_t)config->client_subnet_opc;
+ MAX_CLIENT_SUBNET_IP4 = (uint8_t)config->max_client_subnet_ipv4;
+ MAX_CLIENT_SUBNET_IP6 = (uint8_t)config->max_client_subnet_ipv6;
MINIMAL_RESPONSES = config->minimal_responses;
RRSET_ROUNDROBIN = config->rrset_roundrobin;
log_set_time_asc(config->log_time_ascii);
uint16_t EDNS_ADVERTISED_SIZE = 4096;
/** Opcode for edns subnet option, is TBD. */
uint16_t EDNS_SUBNET_OPC = 0x50fa;
+uint8_t MAX_CLIENT_SUBNET_IP4 = 24;
+uint8_t MAX_CLIENT_SUBNET_IP6 = 64;
/** minimal responses when positive answer: default is no */
int MINIMAL_RESPONSES = 0;
extern uint16_t EDNS_ADVERTISED_SIZE;
/** Opcode for edns subnet option, is TBD. */
extern uint16_t EDNS_SUBNET_OPC;
+/** Maximum number of bits we are willing to expose */
+extern uint8_t MAX_CLIENT_SUBNET_IP4;
+extern uint8_t MAX_CLIENT_SUBNET_IP6;
/** bits for EDNS bitfield */
#define EDNS_DO 0x8000 /* Dnssec Ok */
/** byte size of ip4 address */
projects / thirdparty / unbound.git / commitdiff
