make sure we don't append subnet option just yet.

git-svn-id: file:///svn/unbound/branches/edns-subnet@2743 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/configure.ac b/configure.ac
index 8552a1cfa62fce890f0f247f533c8de048ba1e13..6f4bf4c841ca1b4d717bae12443cefad849ce5a7 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -1191,6 +1191,9 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file,
 /** the version of unbound-control that this software implements */
 #define UNBOUND_CONTROL_VERSION 1
 
+/** YBS: in use by the edns subnet option code*/
+#define IANA_ADDRFAM_IP4 1
+#define IANA_ADDRFAM_IP6 2
 ])
 
 AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8])

diff --git a/libunbound/libworker.c b/libunbound/libworker.c
index 917a9106d078546ea73e573e9188619747548198..381d2bcac42800d4ee23de0eb505dd58785e40db 100644 (file)
--- a/libunbound/libworker.c
+++ b/libunbound/libworker.c
@@ -531,6 +531,7 @@ setup_qinfo_edns(struct libworker* w, struct ctx_query* q,
        edns->ext_rcode = 0;
        edns->edns_version = 0;
        edns->bits = EDNS_DO;
+       edns->subnet_option_add = 0; 
        if(ldns_buffer_capacity(w->back->udp_buff) < 65535)
                edns->udp_size = (uint16_t)ldns_buffer_capacity(
                        w->back->udp_buff);

diff --git a/services/outside_network.c b/services/outside_network.c
index 3ee3e47a34f49d81084dc24a215925b8bbd4fa92..f51fb381011922f9e456fc329e2fb56d4ee21462 100644 (file)
--- a/services/outside_network.c
+++ b/services/outside_network.c
@@ -1323,7 +1323,13 @@ serviced_encode(struct serviced_query* sq, ldns_buffer* buff, int with_edns)
                edns.edns_present = 1;
                edns.ext_rcode = 0;
                edns.edns_version = EDNS_ADVERTISED_VERSION;
-               edns.subnet_option_add = 0;
+               //YBS make conditional on whitelist
+               edns.subnet_option_add = 0; 
+               //~ uint16_t    subnet_addr_fam;
+               //~ uint8_t     subnet_source_mask;
+               //~ uint8_t     subnet_scope_mask;
+               //~ uint8_t     subnet_addr[16];
+               //YBS
                if(sq->status == serviced_query_UDP_EDNS_FRAG) {
                        if(addr_is_ip6(&sq->addr, sq->addrlen)) {
                                if(EDNS_FRAG_SIZE_IP6 < EDNS_ADVERTISED_SIZE)

diff --git a/testcode/fake_event.c b/testcode/fake_event.c
index 26dfaa8b068bda638eb255ba0d2bb8024b101408..cf8ed6d4ed6bcb6f5a5791953d24fcd0261069d6 100644 (file)
--- a/testcode/fake_event.c
+++ b/testcode/fake_event.c
@@ -1078,6 +1078,7 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
                edns.edns_version = EDNS_ADVERTISED_VERSION;
                edns.udp_size = EDNS_ADVERTISED_SIZE;
                edns.bits = 0;
+               edns.subnet_option_add = 0; 
                if(dnssec)
                        edns.bits = EDNS_DO;
                attach_edns_record(pend->buffer, &edns);

diff --git a/testcode/streamtcp.c b/testcode/streamtcp.c
index dbdf1408c1d529fc1513f7d6bfd90abe387d7252..de123ed4dea3f22733815cf52992c7c79e37ec1f 100644 (file)
--- a/testcode/streamtcp.c
+++ b/testcode/streamtcp.c
@@ -141,6 +141,7 @@ write_q(int fd, int udp, SSL* ssl, ldns_buffer* buf, uint16_t id,
                edns.edns_present = 1;
                edns.bits = EDNS_DO;
                edns.udp_size = 4096;
+               edns.subnet_option_add = 0; 
                attach_edns_record(buf, &edns);
        }
 

diff --git a/util/data/msgencode.c b/util/data/msgencode.c
index c7cd60a96648850dabffd75c8c6933f4bc74c500..e3ba948b9fe65260bea3f32513963ada489a50bc 100644 (file)
--- a/util/data/msgencode.c
+++ b/util/data/msgencode.c
@@ -747,12 +747,17 @@ attach_edns_record(ldns_buffer* pkt, struct edns_data* edns)
        ldns_buffer_write_u16(pkt, edns->bits);
        /* YBS: do vandergaast hier! */
        if(edns->subnet_option_add) {
-               assert(edns.addr_fam == 0x01 || edns.addr_fam == 0x02);
-               assert(edns.addr_fam != 0x01 || edns->subnet_source_mask <=  32);
-               assert(edns.addr_fam != 0x02 || edns->subnet_source_mask <= 128); //ipv6 addr fam?
+               assert(edns.addr_fam == IANA_ADDRFAM_IP4 || 
+                       edns.addr_fam == IANA_ADDRFAM_IP6);
+               assert(edns.addr_fam != IANA_ADDRFAM_IP4 || 
+                       edns->subnet_source_mask <=  32);
+               assert(edns.addr_fam != IANA_ADDRFAM_IP6 || 
+                       edns->subnet_source_mask <= 128); //ipv6 addr fam?
 
                sn_octs = edns->subnet_source_mask / 8;
-               sn_octs_remainder = !!(edns->subnet_source_mask % 8);
+               sn_octs_remainder = (edns->subnet_source_mask % 8)>0?1:0;
+               
+               assert(ldns_buffer_available(sn_octs + sn_octs_remainder + 4 + 6));
                
                ldns_buffer_write_u16(pkt, sn_octs + sn_octs_remainder + 4 + 4); /* rdatalen */
                ldns_buffer_write_u16(pkt, EDNS_SUBNET_OPC); /* opc */
@@ -761,11 +766,12 @@ attach_edns_record(ldns_buffer* pkt, struct edns_data* edns)
                ldns_buffer_write_u8(pkt,  edns->subnet_source_mask); /* source mask */
                ldns_buffer_write_u8(pkt,  edns->subnet_scope_mask); /* scope mask */
 
-               for(i = 0; i<sn_octs; i++)
-                       ldns_buffer_write_u8(pkt, edns->subnet_addr[i]);
+               ldns_buffer_write(pkt, edns->subnet_addr, sn_octs);
+               /** If the last octed is partially masked, make sure we don't
+                * send our private bits. */
                if(sn_octs_remainder)
                                ldns_buffer_write_u8(pkt, edns->subnet_addr[sn_octs] & 
-                                               ~(1<<(8-(edns->subnet_source_mask % 8))-1));
+                                               ~(0xFF >> (edns->subnet_source_mask % 8)));
        } else ldns_buffer_write_u16(pkt, 0); /* rdatalen */
        /* //YBS: do vandergaast hier! */
        ldns_buffer_flip(pkt);

diff --git a/util/data/msgparse.c b/util/data/msgparse.c
index a03f543e827b5c656969ee9ea329cbeea1fa4ca4..7af3fc0fdad43093497ba652ca8ff5a4f1f7cdee 100644 (file)
--- a/util/data/msgparse.c
+++ b/util/data/msgparse.c
@@ -982,6 +982,7 @@ parse_extract_edns(struct msg_parse* msg, struct edns_data* edns)
        edns->edns_version = found->rr_last->ttl_data[1];
        edns->bits = ldns_read_uint16(&found->rr_last->ttl_data[2]);
        edns->udp_size = ntohs(found->rrset_class);
+       edns->subnet_option_add = 0; //YBS do some actual parsing here
        /* ignore rdata and rrsigs */
        return 0;
 }

diff --git a/validator/autotrust.c b/validator/autotrust.c
index 9896943245e44fe7c980eb06c0ec30b721aca0cf..4e59fdf3b07b964b6c77d27f376381c6cbcbd2b1 100644 (file)
--- a/validator/autotrust.c
+++ b/validator/autotrust.c
@@ -2127,6 +2127,7 @@ probe_anchor(struct module_env* env, struct trust_anchor* tp)
        edns.ext_rcode = 0;
        edns.edns_version = 0;
        edns.bits = EDNS_DO;
+       edns.subnet_option_add = 0; 
        if(ldns_buffer_capacity(buf) < 65535)
                edns.udp_size = (uint16_t)ldns_buffer_capacity(buf);
        else    edns.udp_size = 65535;