From: Peter van Dijk <peter.van.dijk@netherlabs.nl>
Date: Fri, 20 Jun 2014 07:41:40 +0000 (+0200)
Subject: fix edns subnet option code at 8
X-Git-Tag: auth-3.4.0-rc1~124
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=48981c2ea75ba808adc9bd567e1f91265bc36f6a;p=thirdparty%2Fpdns.git

fix edns subnet option code at 8
---

diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index 1fa1d08622..5bfa4e92c0 100644
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -114,7 +114,6 @@ void declareArguments()
   ::arg().setSwitch("webserver","Start a webserver for monitoring")="no"; 
   ::arg().setSwitch("webserver-print-arguments","If the webserver should print arguments")="no"; 
   ::arg().setSwitch("edns-subnet-processing","If we should act on EDNS Subnet options")="no"; 
-  ::arg().set("edns-subnet-option-numbers","Comma separated list of whitelisted non-standard EDNS subnet option codes (8 is always included)")="20730";
   ::arg().setSwitch("any-to-tcp","Answer ANY queries with tc=1, shunting to TCP")="no"; 
   ::arg().set("webserver-address","IP Address of webserver to listen on")="127.0.0.1";
   ::arg().set("webserver-port","Port of webserver to listen on")="8081";
@@ -361,13 +360,6 @@ void mainthread()
 
    DNSPacket::s_udpTruncationThreshold = std::max(512, ::arg().asNum("udp-truncation-threshold"));
    DNSPacket::s_doEDNSSubnetProcessing = ::arg().mustDo("edns-subnet-processing");
-   {
-      std::vector<std::string> codes;
-      stringtok(codes, ::arg()["edns-subnet-option-numbers"], "\t ,");
-      BOOST_FOREACH(std::string &code, codes) {
-         DNSPacket::s_ednssubnetcodes.push_back(boost::lexical_cast<int>(code));
-      }
-   }
    if(!::arg()["chroot"].empty()) {  
      if(::arg().mustDo("master") || ::arg().mustDo("slave"))
         gethostbyname("a.root-servers.net"); // this forces all lookup libraries to be loaded
diff --git a/pdns/dnspacket.cc b/pdns/dnspacket.cc
index 7dcefd9e92..52f1298005 100644
--- a/pdns/dnspacket.cc
+++ b/pdns/dnspacket.cc
@@ -46,7 +46,6 @@
 #include "ednssubnet.hh"
 
 bool DNSPacket::s_doEDNSSubnetProcessing;
-std::vector<int> DNSPacket::s_ednssubnetcodes;
 uint16_t DNSPacket::s_udpTruncationThreshold;
  
 DNSPacket::DNSPacket() 
@@ -96,7 +95,6 @@ DNSPacket::DNSPacket(const DNSPacket &orig)
   d_eso = orig.d_eso;
   d_haveednssubnet = orig.d_haveednssubnet;
   d_haveednssection = orig.d_haveednssection;
-  d_ednssubnetcode = orig.d_ednssubnetcode;
   d_dnssecOk = orig.d_dnssecOk;
   d_rrs=orig.d_rrs;
   
@@ -337,7 +335,7 @@ void DNSPacket::wrapup()
         eso.scope = Netmask(eso.source.getNetwork(), maxScopeMask);
     
         string opt = makeEDNSSubnetOptsString(eso);
-        opts.push_back(make_pair(d_ednssubnetcode, opt)); // 'EDNS SUBNET'
+        opts.push_back(make_pair(8, opt)); // 'EDNS SUBNET'
       }
 
       if(!opts.empty() || d_haveednssection || d_dnssecOk)
@@ -398,7 +396,6 @@ DNSPacket *DNSPacket::replyPacket() const
   r->d_eso = d_eso;
   r->d_haveednssubnet = d_haveednssubnet;
   r->d_haveednssection = d_haveednssection;
-  r->d_ednssubnetcode = d_ednssubnetcode;
  
   if(!d_tsigkeyname.empty()) {
     r->d_tsigkeyname = d_tsigkeyname;
@@ -521,11 +518,10 @@ try
       else if(iter->first == 5) {// 'EDNS PING'
         d_ednsping = iter->second;
       }
-      else if(s_doEDNSSubnetProcessing && (iter->first == 8 || std::find(s_ednssubnetcodes.begin(), s_ednssubnetcodes.end(), iter->first) != s_ednssubnetcodes.end())) { // 'EDNS SUBNET'
+      else if(s_doEDNSSubnetProcessing && (iter->first == 8)) { // 'EDNS SUBNET'
         if(getEDNSSubnetOptsFromString(iter->second, &d_eso)) {
           //cerr<<"Parsed, source: "<<d_eso.source.toString()<<", scope: "<<d_eso.scope.toString()<<", family = "<<d_eso.scope.getNetwork().sin4.sin_family<<endl;
           d_haveednssubnet=true;
-          d_ednssubnetcode=iter->first;
         } 
       }
       else {
diff --git a/pdns/dnspacket.hh b/pdns/dnspacket.hh
index 48b1d26378..f6c2646d24 100644
--- a/pdns/dnspacket.hh
+++ b/pdns/dnspacket.hh
@@ -154,7 +154,6 @@ public:
   TSIGRecordContent d_trc;
   static bool s_doEDNSSubnetProcessing;
   static uint16_t s_udpTruncationThreshold;
-  static std::vector<int> s_ednssubnetcodes;
 private:
   void pasteQ(const char *question, int length); //!< set the question of this packet, useful for crafting replies
 
@@ -169,7 +168,6 @@ private:
   string d_ednsping;
   bool d_wantsnsid;
   bool d_haveednssubnet;
-  int d_ednssubnetcode;
   bool d_haveednssection;
   EDNSSubnetOpts d_eso;
   string d_tsigsecret;
diff --git a/pdns/pdns.conf-dist b/pdns/pdns.conf-dist
index d525a71ef5..4ee3f85781 100644
--- a/pdns/pdns.conf-dist
+++ b/pdns/pdns.conf-dist
@@ -139,11 +139,6 @@
 #
 # do-ipv6-additional-processing=yes
 
-#################################
-# edns-subnet-option-numbers	Comma separated list of whitelisted non-standard EDNS subnet option codes (8 is always included)
-#
-# edns-subnet-option-numbers=20730
-
 #################################
 # edns-subnet-processing	If we should act on EDNS Subnet options
 #