From: Yuri Schaeffer <yuri@nlnetlabs.nl>
Date: Fri, 10 Aug 2012 11:07:08 +0000 (+0000)
Subject: make sure we don't append subnet option just yet.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d141be385ab8176b53fe9259731fa87913fcb3e8;p=thirdparty%2Funbound.git

make sure we don't append subnet option just yet.


git-svn-id: file:///svn/unbound/branches/edns-subnet@2743 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/configure.ac b/configure.ac
index 8552a1cfa..6f4bf4c84 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1191,6 +1191,9 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file,
 /** the version of unbound-control that this software implements */
 #define UNBOUND_CONTROL_VERSION 1
 
+/** YBS: in use by the edns subnet option code*/
+#define IANA_ADDRFAM_IP4 1
+#define IANA_ADDRFAM_IP6 2
 ])
 
 AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8])
diff --git a/libunbound/libworker.c b/libunbound/libworker.c
index 917a9106d..381d2bcac 100644
--- a/libunbound/libworker.c
+++ b/libunbound/libworker.c
@@ -531,6 +531,7 @@ setup_qinfo_edns(struct libworker* w, struct ctx_query* q,
 	edns->ext_rcode = 0;
 	edns->edns_version = 0;
 	edns->bits = EDNS_DO;
+	edns->subnet_option_add = 0; 
 	if(ldns_buffer_capacity(w->back->udp_buff) < 65535)
 		edns->udp_size = (uint16_t)ldns_buffer_capacity(
 			w->back->udp_buff);
diff --git a/services/outside_network.c b/services/outside_network.c
index 3ee3e47a3..f51fb3810 100644
--- a/services/outside_network.c
+++ b/services/outside_network.c
@@ -1323,7 +1323,13 @@ serviced_encode(struct serviced_query* sq, ldns_buffer* buff, int with_edns)
 		edns.edns_present = 1;
 		edns.ext_rcode = 0;
 		edns.edns_version = EDNS_ADVERTISED_VERSION;
-		edns.subnet_option_add = 0;
+		//YBS make conditional on whitelist
+		edns.subnet_option_add = 0; 
+		//~ uint16_t 	subnet_addr_fam;
+		//~ uint8_t 	subnet_source_mask;
+		//~ uint8_t 	subnet_scope_mask;
+		//~ uint8_t 	subnet_addr[16];
+		//YBS
 		if(sq->status == serviced_query_UDP_EDNS_FRAG) {
 			if(addr_is_ip6(&sq->addr, sq->addrlen)) {
 				if(EDNS_FRAG_SIZE_IP6 < EDNS_ADVERTISED_SIZE)
diff --git a/testcode/fake_event.c b/testcode/fake_event.c
index 26dfaa8b0..cf8ed6d4e 100644
--- a/testcode/fake_event.c
+++ b/testcode/fake_event.c
@@ -1078,6 +1078,7 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
 		edns.edns_version = EDNS_ADVERTISED_VERSION;
 		edns.udp_size = EDNS_ADVERTISED_SIZE;
 		edns.bits = 0;
+		edns.subnet_option_add = 0; 
 		if(dnssec)
 			edns.bits = EDNS_DO;
 		attach_edns_record(pend->buffer, &edns);
diff --git a/testcode/streamtcp.c b/testcode/streamtcp.c
index dbdf1408c..de123ed4d 100644
--- a/testcode/streamtcp.c
+++ b/testcode/streamtcp.c
@@ -141,6 +141,7 @@ write_q(int fd, int udp, SSL* ssl, ldns_buffer* buf, uint16_t id,
 		edns.edns_present = 1;
 		edns.bits = EDNS_DO;
 		edns.udp_size = 4096;
+		edns.subnet_option_add = 0; 
 		attach_edns_record(buf, &edns);
 	}
 
diff --git a/util/data/msgencode.c b/util/data/msgencode.c
index c7cd60a96..e3ba948b9 100644
--- a/util/data/msgencode.c
+++ b/util/data/msgencode.c
@@ -747,12 +747,17 @@ attach_edns_record(ldns_buffer* pkt, struct edns_data* edns)
 	ldns_buffer_write_u16(pkt, edns->bits);
 	/* YBS: do vandergaast hier! */
 	if(edns->subnet_option_add) {
-		assert(edns.addr_fam == 0x01 || edns.addr_fam == 0x02);
-		assert(edns.addr_fam != 0x01 || edns->subnet_source_mask <=  32);
-		assert(edns.addr_fam != 0x02 || edns->subnet_source_mask <= 128); //ipv6 addr fam?
+		assert(edns.addr_fam == IANA_ADDRFAM_IP4 || 
+			edns.addr_fam == IANA_ADDRFAM_IP6);
+		assert(edns.addr_fam != IANA_ADDRFAM_IP4 || 
+			edns->subnet_source_mask <=  32);
+		assert(edns.addr_fam != IANA_ADDRFAM_IP6 || 
+			edns->subnet_source_mask <= 128); //ipv6 addr fam?
 
 		sn_octs = edns->subnet_source_mask / 8;
-		sn_octs_remainder = !!(edns->subnet_source_mask % 8);
+		sn_octs_remainder = (edns->subnet_source_mask % 8)>0?1:0;
+		
+		assert(ldns_buffer_available(sn_octs + sn_octs_remainder + 4 + 6));
 		
 		ldns_buffer_write_u16(pkt, sn_octs + sn_octs_remainder + 4 + 4); /* rdatalen */
 		ldns_buffer_write_u16(pkt, EDNS_SUBNET_OPC); /* opc */
@@ -761,11 +766,12 @@ attach_edns_record(ldns_buffer* pkt, struct edns_data* edns)
 		ldns_buffer_write_u8(pkt,  edns->subnet_source_mask); /* source mask */
 		ldns_buffer_write_u8(pkt,  edns->subnet_scope_mask); /* scope mask */
 
-		for(i = 0; i<sn_octs; i++)
-			ldns_buffer_write_u8(pkt, edns->subnet_addr[i]);
+		ldns_buffer_write(pkt, edns->subnet_addr, sn_octs);
+		/** If the last octed is partially masked, make sure we don't
+		 * send our private bits. */
 		if(sn_octs_remainder)
 				ldns_buffer_write_u8(pkt, edns->subnet_addr[sn_octs] & 
-						~(1<<(8-(edns->subnet_source_mask % 8))-1));
+						~(0xFF >> (edns->subnet_source_mask % 8)));
 	} else ldns_buffer_write_u16(pkt, 0); /* rdatalen */
 	/* //YBS: do vandergaast hier! */
 	ldns_buffer_flip(pkt);
diff --git a/util/data/msgparse.c b/util/data/msgparse.c
index a03f543e8..7af3fc0fd 100644
--- a/util/data/msgparse.c
+++ b/util/data/msgparse.c
@@ -982,6 +982,7 @@ parse_extract_edns(struct msg_parse* msg, struct edns_data* edns)
 	edns->edns_version = found->rr_last->ttl_data[1];
 	edns->bits = ldns_read_uint16(&found->rr_last->ttl_data[2]);
 	edns->udp_size = ntohs(found->rrset_class);
+	edns->subnet_option_add = 0; //YBS do some actual parsing here
 	/* ignore rdata and rrsigs */
 	return 0;
 }
diff --git a/validator/autotrust.c b/validator/autotrust.c
index 989694324..4e59fdf3b 100644
--- a/validator/autotrust.c
+++ b/validator/autotrust.c
@@ -2127,6 +2127,7 @@ probe_anchor(struct module_env* env, struct trust_anchor* tp)
 	edns.ext_rcode = 0;
 	edns.edns_version = 0;
 	edns.bits = EDNS_DO;
+	edns.subnet_option_add = 0; 
 	if(ldns_buffer_capacity(buf) < 65535)
 		edns.udp_size = (uint16_t)ldns_buffer_capacity(buf);
 	else	edns.udp_size = 65535;