From 91d363667baabdd85b29a806d9514bca09e1bac5 Mon Sep 17 00:00:00 2001
From: Yuri Schaeffer <yuri@nlnetlabs.nl>
Date: Thu, 30 Aug 2012 12:23:48 +0000
Subject: [PATCH] Use exposed bits from configuration

git-svn-id: file:///svn/unbound/branches/edns-subnet@2755 be551aaa-1e26-0410-a405-d3ace91eadb9
---
 services/outside_network.c | 4 ++--
 util/config_file.c         | 2 ++
 util/net_help.c            | 2 ++
 util/net_help.h            | 3 +++
 4 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/services/outside_network.c b/services/outside_network.c
index 431917935..e1f51108f 100644
--- a/services/outside_network.c
+++ b/services/outside_network.c
@@ -1342,14 +1342,14 @@ serviced_encode(struct serviced_query* sq, ldns_buffer* buff, int with_edns)
 				/* YBS TODO: source mask must come from original query if
 				 * any. Some default otherwise. But not more than 
 				 * configured maximum */
-				edns.subnet_source_mask = 26;
+				edns.subnet_source_mask = MAX_CLIENT_SUBNET_IP4;
 			} 
 #ifdef INET6
 			else {
 				edns.subnet_addr_fam = IANA_ADDRFAM_IP6;
 				sinaddr = &((struct sockaddr_in6*)ss)->sin6_addr;
 				memcpy(edns.subnet_addr, (uint8_t *)sinaddr, INET6_SIZE);
-				edns.subnet_source_mask = 100;
+				edns.subnet_source_mask = MAX_CLIENT_SUBNET_IP6;
 			}
 #endif
 			edns.subnet_scope_mask = 0;
diff --git a/util/config_file.c b/util/config_file.c
index 7d6a8e8e0..cf9509258 100644
--- a/util/config_file.c
+++ b/util/config_file.c
@@ -1101,6 +1101,8 @@ config_apply(struct config_file* config)
 	MIN_TTL = (uint32_t)config->min_ttl;
 	EDNS_ADVERTISED_SIZE = (uint16_t)config->edns_buffer_size;
 	EDNS_SUBNET_OPC = (uint16_t)config->client_subnet_opc;
+	MAX_CLIENT_SUBNET_IP4 = (uint8_t)config->max_client_subnet_ipv4;
+	MAX_CLIENT_SUBNET_IP6 = (uint8_t)config->max_client_subnet_ipv6;
 	MINIMAL_RESPONSES = config->minimal_responses;
 	RRSET_ROUNDROBIN = config->rrset_roundrobin;
 	log_set_time_asc(config->log_time_ascii);
diff --git a/util/net_help.c b/util/net_help.c
index 151b34fcc..948c241c4 100644
--- a/util/net_help.c
+++ b/util/net_help.c
@@ -54,6 +54,8 @@
 uint16_t EDNS_ADVERTISED_SIZE = 4096;
 /** Opcode for edns subnet option, is TBD. */
 uint16_t EDNS_SUBNET_OPC = 0x50fa;
+uint8_t MAX_CLIENT_SUBNET_IP4 = 24;
+uint8_t MAX_CLIENT_SUBNET_IP6 = 64;
 
 /** minimal responses when positive answer: default is no */
 int MINIMAL_RESPONSES = 0;
diff --git a/util/net_help.h b/util/net_help.h
index e8f44b3b0..f8cad67a4 100644
--- a/util/net_help.h
+++ b/util/net_help.h
@@ -83,6 +83,9 @@ struct regional;
 extern uint16_t EDNS_ADVERTISED_SIZE;
 /** Opcode for edns subnet option, is TBD. */
 extern uint16_t EDNS_SUBNET_OPC;
+/** Maximum number of bits we are willing to expose */
+extern uint8_t MAX_CLIENT_SUBNET_IP4;
+extern uint8_t MAX_CLIENT_SUBNET_IP6;
 /** bits for EDNS bitfield */
 #define EDNS_DO 0x8000 /* Dnssec Ok */
 /** byte size of ip4 address */
-- 
2.47.2