From: tcarpay <tom@nlnetlabs.nl>
Date: Fri, 13 Aug 2021 10:01:28 +0000 (+0200)
Subject: add locations for EDE errors
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4049885da24690de1ed4ada4029ea04907e82ddd;p=thirdparty%2Funbound.git

add locations for EDE errors
---

diff --git a/daemon/worker.c b/daemon/worker.c
index 03d131245..ec726d877 100644
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -1291,7 +1291,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
 				edns.bits &= EDNS_DO;
 				edns.opt_list = NULL;
 				EDNS_OPT_APPEND_EDE(&edns, worker->scratchpad,
-					LDNS_EDNS_EDE, "query with bad edns keepalive.");
+					LDNS_EDNS_EDE, "query with bad edns keepalive");
 				verbose(VERB_ALGO, "query with bad edns keepalive.");
 				log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
 				error_encode(c->buffer, LDNS_RCODE_FORMERR, &qinfo,
@@ -1404,12 +1404,29 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
 	 * ACLs allow the snooping. */
 	if(!(LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) &&
 		acl != acl_allow_snoop ) {
+
+
+
+		// @TODO ADD Error Code 20 - Not Authoritative
+		// @TODO add EDNS record
+		
+		EDNS_OPT_APPEND_EDE(&edns, worker->scratchpad, LDNS_EDNS_EDE,
+							"Not Authoritative");
+
+
+
+
 		error_encode(c->buffer, LDNS_RCODE_REFUSED, &qinfo,
 			*(uint16_t*)(void *)sldns_buffer_begin(c->buffer),
 			sldns_buffer_read_u16_at(c->buffer, 2), NULL);
 		regional_free_all(worker->scratchpad);
 		log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from",
 			&repinfo->addr, repinfo->addrlen);
+
+		if(sldns_buffer_capacity(c->buffer) >=
+		   sldns_buffer_limit(c->buffer)+calc_edns_field_size(&edns))
+			attach_edns_record(c->buffer, &edns);
+
 		goto send_reply;
 	}
 
@@ -1482,10 +1499,23 @@ lookup_cache:
 						< *worker->env.now)
 						leeway = 0;
 					lock_rw_unlock(&e->lock);
+
+					// // stale answer? 
+					// if (worker->env.cfg->serve_expired &&
+					// 	*worker->env.now >= ((struct reply_info*)e->data)->ttl) {
+					// 	// EDE Error Code 3 - Stale Answer
+					// 	EDNS_OPT_APPEND_EDE(&edns, worker->scratchpad,
+					// LDNS_EDNS_EDE, "query with bad edns keepalive.");
+					// }
+
+					// add EDNS struct?
 					reply_and_prefetch(worker, lookup_qinfo,
 						sldns_buffer_read_u16_at(c->buffer, 2),
 						repinfo, leeway,
 						(partial_rep || need_drop));
+
+
+
 					if(!partial_rep) {
 						rc = 0;
 						regional_free_all(worker->scratchpad);
@@ -1522,6 +1552,9 @@ lookup_cache:
 			verbose(VERB_ALGO, "answer from the cache failed");
 			lock_rw_unlock(&e->lock);
 		}
+
+		// @TODO Extended DNS Error Code 13 - Cached Error? place not clear
+
 		if(!LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) {
 			if(answer_norec_from_cache(worker, &qinfo,
 				*(uint16_t*)(void *)sldns_buffer_begin(c->buffer), 
diff --git a/services/rpz.c b/services/rpz.c
index 3a1ec00d7..1268a9a06 100644
--- a/services/rpz.c
+++ b/services/rpz.c
@@ -1037,6 +1037,8 @@ rpz_apply_qname_trigger(struct auth_zones* az, struct module_env* env,
 		return 0;
 	}
 
+
+	// @TODO: Find out if it's local answer of blocked; if blocked then EDE: blocked
 	if(lzt == local_zone_redirect && local_data_answer(z, env, qinfo,
 		edns, repinfo, buf, temp, dname_count_labels(qinfo->qname),
 		&ld, lzt, -1, NULL, 0, NULL, 0)) {