From: TCY16 Date: Wed, 10 Nov 2021 15:58:54 +0000 (+0100) Subject: make local_data ede inclusion configurable, rewrite local_error_encode to include... X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0eba781ed31c10800a89b755dc8e828b99fb4e29;p=thirdparty%2Funbound.git make local_data ede inclusion configurable, rewrite local_error_encode to include this logic, and remove superfluous msgparse_check_edns_in_packet function --- diff --git a/services/localzone.c b/services/localzone.c index d296d10de..c6ed979fb 100644 --- a/services/localzone.c +++ b/services/localzone.c @@ -1323,30 +1323,9 @@ local_encode_ede(struct query_info* qinfo, struct module_env* env, return 1; } - /** encode local error answer */ static void local_error_encode(struct query_info* qinfo, struct module_env* env, - struct edns_data* edns, struct comm_reply* repinfo, sldns_buffer* buf, - struct regional* temp, int rcode, int r) -{ - edns->edns_version = EDNS_ADVERTISED_VERSION; - edns->udp_size = EDNS_ADVERTISED_SIZE; - edns->ext_rcode = 0; - edns->bits &= EDNS_DO; - - if(!inplace_cb_reply_local_call(env, qinfo, NULL, NULL, - rcode, edns, repinfo, temp, env->now_tv)) - edns->opt_list = NULL; - /* Errors with EDE are generated with local_error_encode_ede, - * so no EDE here. */ - error_encode(buf, r, qinfo, *(uint16_t*)sldns_buffer_begin(buf), - sldns_buffer_read_u16_at(buf, 2), edns); -} - -/** encode local error answer */ -static void -local_error_encode_ede(struct query_info* qinfo, struct module_env* env, struct edns_data* edns, struct comm_reply* repinfo, sldns_buffer* buf, struct regional* temp, int rcode, int r, sldns_ede_code ede_code, const char* ede_txt) @@ -1359,7 +1338,8 @@ local_error_encode_ede(struct query_info* qinfo, struct module_env* env, if(!inplace_cb_reply_local_call(env, qinfo, NULL, NULL, rcode, edns, repinfo, temp, env->now_tv)) edns->opt_list = NULL; - edns_opt_append_ede(edns, temp, ede_code, ede_txt); + if(ede_code >= 0 && env->cfg->local_data_do_ede) + edns_opt_append_ede(edns, temp, ede_code, ede_txt); error_encode(buf, r, qinfo, *(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2), edns); } @@ -1555,7 +1535,7 @@ local_data_answer(struct local_zone* z, struct module_env* env, if(newtargetlen > LDNS_MAX_DOMAINLEN) { qinfo->local_alias = NULL; - local_error_encode_ede(qinfo, env, edns,repinfo, + local_error_encode(qinfo, env, edns,repinfo, buf, temp, LDNS_RCODE_YXDOMAIN, (LDNS_RCODE_YXDOMAIN|BIT_AA), LDNS_EDE_OTHER, @@ -1653,7 +1633,7 @@ local_zones_zone_answer(struct local_zone* z, struct module_env* env, return 1; } else if(lz_type == local_zone_refuse || lz_type == local_zone_always_refuse) { - local_error_encode_ede(qinfo, env, edns, repinfo, buf, temp, + local_error_encode(qinfo, env, edns, repinfo, buf, temp, LDNS_RCODE_REFUSED, (LDNS_RCODE_REFUSED|BIT_AA), LDNS_EDE_BLOCKED, ""); return 1; @@ -1676,9 +1656,8 @@ local_zones_zone_answer(struct local_zone* z, struct module_env* env, if(z->soa && z->soa_negative) return local_encode(qinfo, env, edns, repinfo, buf, temp, z->soa_negative, 0, rcode); - local_error_encode_ede(qinfo, env, edns, repinfo, buf, temp, - rcode, (rcode|BIT_AA), - LDNS_EDE_BLOCKED, ""); + local_error_encode(qinfo, env, edns, repinfo, buf, temp, + rcode, (rcode|BIT_AA), LDNS_EDE_BLOCKED, ""); return 1; } else if(lz_type == local_zone_typetransparent || lz_type == local_zone_always_transparent) { @@ -1722,7 +1701,7 @@ local_zones_zone_answer(struct local_zone* z, struct module_env* env, /* NODATA: No EDE needed */ local_error_encode(qinfo, env, edns, repinfo, buf, temp, LDNS_RCODE_NOERROR, - (LDNS_RCODE_NOERROR|BIT_AA)); + (LDNS_RCODE_NOERROR|BIT_AA), -1, NULL); } return 1; } @@ -1737,7 +1716,7 @@ local_zones_zone_answer(struct local_zone* z, struct module_env* env, z->soa_negative, 0, rcode); /* NODATA: No EDE needed */ local_error_encode(qinfo, env, edns, repinfo, buf, temp, rcode, - (rcode|BIT_AA)); + (rcode|BIT_AA), -1, NULL); return 1; } diff --git a/util/config_file.c b/util/config_file.c index 1a8f5ada8..d7b26c10c 100644 --- a/util/config_file.c +++ b/util/config_file.c @@ -372,6 +372,7 @@ config_create(void) cfg->ipset_name_v4 = NULL; cfg->ipset_name_v6 = NULL; #endif + cfg->local_data_do_ede = 0; return cfg; error_exit: config_delete(cfg); @@ -788,7 +789,8 @@ int config_set_option(struct config_file* cfg, const char* opt, } oi[cfg->num_out_ifs++] = d; cfg->out_ifs = oi; - } else { + } else S_YNO("local_data_do_ede:", local_data_do_ede) + else { /* unknown or unsupported (from the set_option interface): * interface, outgoing-interface, access-control, * stub-zone, name, stub-addr, stub-host, stub-prime diff --git a/util/config_file.h b/util/config_file.h index a7b759e93..0f329277c 100644 --- a/util/config_file.h +++ b/util/config_file.h @@ -667,6 +667,9 @@ struct config_file { char* ipset_name_v4; char* ipset_name_v6; #endif + + /** should local_data result in EDE (RFC8914) code inclusion? */ + int local_data_do_ede; }; /** from cfg username, after daemonize setup performed */ diff --git a/util/data/msgparse.c b/util/data/msgparse.c index 1435e3798..9fb6b756e 100644 --- a/util/data/msgparse.c +++ b/util/data/msgparse.c @@ -1127,25 +1127,3 @@ log_edns_opt_list(enum verbosity_value level, const char* info_str, } } } - - -/** parse a DNS packet to find out if it contains an EDNS section */ -int -msgparse_check_edns_in_packet(sldns_buffer* pkt) -{ - size_t rdata_len; - uint8_t* rdata_ptr; - log_assert(LDNS_QDCOUNT(sldns_buffer_begin(pkt)) == 1); - if(LDNS_ANCOUNT(sldns_buffer_begin(pkt)) != 0 || - LDNS_NSCOUNT(sldns_buffer_begin(pkt)) != 0) { - if(!skip_pkt_rrs(pkt, ((int)LDNS_ANCOUNT(sldns_buffer_begin(pkt)))+ - ((int)LDNS_NSCOUNT(sldns_buffer_begin(pkt))))) - return LDNS_RCODE_FORMERR; - } - /* check edns section is present */ - if(LDNS_ARCOUNT(sldns_buffer_begin(pkt)) == 1) - return 0; - else - return 1; -} - diff --git a/util/data/msgparse.h b/util/data/msgparse.h index fe64a7dec..981f53d46 100644 --- a/util/data/msgparse.h +++ b/util/data/msgparse.h @@ -349,12 +349,4 @@ void msgparse_bucket_remove(struct msg_parse* msg, struct rrset_parse* rrset); void log_edns_opt_list(enum verbosity_value level, const char* info_str, struct edns_option* list); -/** - * Verify if the packet contains EDNS (RFC6891) - * @param pkt: the packet. - * @return 0 if true, 1 if false - */ -int msgparse_check_edns_in_packet(struct sldns_buffer* pkt); - - #endif /* UTIL_DATA_MSGPARSE_H */