From: Yuri Schaeffer Date: Fri, 22 Feb 2013 13:05:24 +0000 (+0000) Subject: some review comments X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8bf5bcfcae56a9b983f5e24b05bf7c56f264c49e;p=thirdparty%2Funbound.git some review comments git-svn-id: file:///svn/unbound/branches/edns-subnet@2851 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/FEATURES b/doc/FEATURES index 93ed29257..66aa1c391 100644 --- a/doc/FEATURES +++ b/doc/FEATURES @@ -75,6 +75,8 @@ draft-ietf-dnsop-resolver-priming(-00): can prime and can fallback to draft-ietf-dnsop-dnssec-trust-anchor(-01): DS records can be configured as trust anchors. Also DNSKEYs are allowed, by the way. draft-ietf-dnsext-dnssec-bis-updates: supported. +draft-vandergaast-edns-client-subnet-01: Basic support with limited + caching for specific answers. Record type syntax support, extensive, from lib ldns. For these types only syntax and parsing support is needed. diff --git a/doc/README b/doc/README index a5b47cf0e..1bf23114c 100644 --- a/doc/README +++ b/doc/README @@ -77,6 +77,9 @@ This software is under BSD license, see LICENSE for details. Disable support for RSASHA256 and RSASHA512 crypto. * --disable-gost Disable support for GOST crypto, RFC 5933. + * --enable-subnet + Enables support for client subnet. Client address prefix is send to + authorities to get a more specific answer. * 'make test' runs a series of self checks. diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index cf04e4bd0..89c916e96 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -904,6 +904,23 @@ it as detailed in the stub zone section below. Configure local data shorthand for a PTR record with the reversed IPv4 or IPv6 address and the host name. For example "192.0.2.4 www.example.com". TTL can be inserted like this: "2001:DB8::4 7200 www.example.com" +.TP 5 +.B send\-client\-subnet: \fI +Send client source address to this authority. Can be IP4 or IP6. Append +/num to indicate a classless delegation netblock, for example like +10.2.3.4/24 or 2001::11/64. +.TP 5 +.B client\-subnet\-opcode: \fI +Client subnet option code is not assigned by IANA. Specify positive +integer smaller than 65536. Defaults to 20730. +.TP 5 +.B max\-client\-subnet\-ipv6: \fI +Specifies the maximum prefix length of the client source address we +are willing to expose to third parties for IPv6. Defaults to 64. +.TP 5 +.B max\-client\-subnet\-ipv4: \fI +Specifies the maximum prefix length of the client source address we +are willing to expose to third parties for IPv4. Defaults to 24. .SS "Remote Control Options" In the .B remote\-control: diff --git a/libunbound/libworker.c b/libunbound/libworker.c index 89068a5ad..2bad0ba60 100644 --- a/libunbound/libworker.c +++ b/libunbound/libworker.c @@ -201,23 +201,17 @@ libworker_setup(struct ub_ctx* ctx, int is_bg) libworker_delete(w); return NULL; } -#ifdef CLIENT_SUBNET w->back = outside_network_create(w->base, cfg->msg_buffer_size, (size_t)cfg->outgoing_num_ports, cfg->out_ifs, cfg->num_out_ifs, cfg->do_ip4, cfg->do_ip6, cfg->do_tcp?cfg->outgoing_num_tcp:0, w->env->infra_cache, w->env->rnd, cfg->use_caps_bits_for_id, ports, numports, cfg->unwanted_threshold, - &libworker_alloc_cleanup, w, cfg->do_udp, w->sslctx, NULL); -#else - w->back = outside_network_create(w->base, cfg->msg_buffer_size, - (size_t)cfg->outgoing_num_ports, cfg->out_ifs, - cfg->num_out_ifs, cfg->do_ip4, cfg->do_ip6, - cfg->do_tcp?cfg->outgoing_num_tcp:0, - w->env->infra_cache, w->env->rnd, cfg->use_caps_bits_for_id, - ports, numports, cfg->unwanted_threshold, - &libworker_alloc_cleanup, w, cfg->do_udp, w->sslctx); + &libworker_alloc_cleanup, w, cfg->do_udp, w->sslctx +#ifdef CLIENT_SUBNET + , NULL #endif + ); if(!w->is_bg || w->is_bg_thread) { lock_basic_unlock(&ctx->cfglock); } @@ -751,19 +745,17 @@ struct outbound_entry* libworker_send_query(uint8_t* qname, size_t qnamelen, if(!e) return NULL; e->qstate = q; - #ifdef CLIENT_SUBNET - e->qsent = outnet_serviced_query(w->back, qname, - qnamelen, qtype, qclass, flags, dnssec, want_dnssec, - q->env->cfg->tcp_upstream, q->env->cfg->ssl_upstream, addr, - addrlen, zone, zonelen, libworker_handle_service_reply, e, - w->back->udp_buff, &q->edns_out); -#else + e->qsent = outnet_serviced_query(w->back, qname, qnamelen, qtype, qclass, flags, dnssec, want_dnssec, q->env->cfg->tcp_upstream, q->env->cfg->ssl_upstream, addr, addrlen, zone, zonelen, libworker_handle_service_reply, e, - w->back->udp_buff); + w->back->udp_buff +#ifdef CLIENT_SUBNET + , &q->edns_out #endif + ); + if(!e->qsent) { return NULL; } diff --git a/testdata/subnet_derived.crpl b/testdata/subnet_derived.crpl index 2493d4b62..3cca47a14 100644 --- a/testdata/subnet_derived.crpl +++ b/testdata/subnet_derived.crpl @@ -1,7 +1,7 @@ server: send-client-subnet: 5.0.15.10 send-client-subnet: 193.0.14.129 - client-subnet-opc: 20730 + client-subnet-opcode: 20730 max-client-subnet-ipv4: 21 verbosity: 3 module-config: "subnetcache validator iterator" diff --git a/testdata/subnet_format_ip4.crpl b/testdata/subnet_format_ip4.crpl index ced6888af..817772a21 100644 --- a/testdata/subnet_format_ip4.crpl +++ b/testdata/subnet_format_ip4.crpl @@ -1,6 +1,6 @@ server: send-client-subnet: 5.0.15.10 - client-subnet-opc: 20730 + client-subnet-opcode: 20730 max-client-subnet-ipv4: 21 verbosity: 3 module-config: "subnetcache validator iterator" diff --git a/testdata/subnet_nondefault_opc.crpl b/testdata/subnet_nondefault_opc.crpl index 9e309d242..9363e35a4 100644 --- a/testdata/subnet_nondefault_opc.crpl +++ b/testdata/subnet_nondefault_opc.crpl @@ -1,6 +1,6 @@ server: send-client-subnet: 5.0.15.10 - client-subnet-opc: 99 + client-subnet-opcode: 99 max-client-subnet-ipv4: 21 verbosity: 3 module-config: "subnetcache validator iterator" diff --git a/testdata/subnet_not_whitelisted.crpl b/testdata/subnet_not_whitelisted.crpl index 58df0132f..9cf1f4759 100644 --- a/testdata/subnet_not_whitelisted.crpl +++ b/testdata/subnet_not_whitelisted.crpl @@ -1,6 +1,6 @@ server: ; send-client-subnet: 5.0.15.10 - client-subnet-opc: 20730 + client-subnet-opcode: 20730 max-client-subnet-ipv4: 21 verbosity: 3 module-config: "subnetcache validator iterator" diff --git a/testdata/subnet_without_validator.crpl b/testdata/subnet_without_validator.crpl index 0cc6ad091..0d73ce835 100644 --- a/testdata/subnet_without_validator.crpl +++ b/testdata/subnet_without_validator.crpl @@ -1,6 +1,6 @@ server: send-client-subnet: 5.0.15.10 - client-subnet-opc: 20730 + client-subnet-opcode: 20730 max-client-subnet-ipv4: 21 verbosity: 3 module-config: "subnetcache iterator" diff --git a/util/config_file.c b/util/config_file.c index 30eac6c7a..6a2894204 100644 --- a/util/config_file.c +++ b/util/config_file.c @@ -436,7 +436,7 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_STRLIST("send-client-subnet", client_subnet) else S_NUMBER_OR_ZERO("max-client-subnet-ipv4:", max_client_subnet_ipv4) else S_NUMBER_OR_ZERO("max-client-subnet-ipv6:", max_client_subnet_ipv6) - else S_NUMBER_OR_ZERO("client-subnet-opc:", client_subnet_opcode) + else S_NUMBER_OR_ZERO("client-subnet-opcode:", client_subnet_opcode) #endif else if (strcmp(opt, "outgoing-interface:") == 0) { char* d = strdup(val); @@ -686,7 +686,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_LST(opt, "send-client-subnet", client_subnet) else O_DEC(opt, "max-client-subnet-ipv4", max_client_subnet_ipv4) else O_DEC(opt, "max-client-subnet-ipv6", max_client_subnet_ipv6) - else O_DEC(opt, "client-subnet-opc", client_subnet_opcode) + else O_DEC(opt, "client-subnet-opcode", client_subnet_opcode) #endif /* not here: * outgoing-permit, outgoing-avoid - have list of ports