From: Aki Tuomi Date: Tue, 9 Jul 2013 09:58:48 +0000 (+0300) Subject: Support for standard and non-standard EDNS subnet option numbers X-Git-Tag: rec-3.6.0-rc1~578^2~3 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f15149abaaeaafab0acd4635612ef915ad68865e;p=thirdparty%2Fpdns.git Support for standard and non-standard EDNS subnet option numbers --- diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc index ca3087eb8a..d9f3f6f277 100644 --- a/pdns/common_startup.cc +++ b/pdns/common_startup.cc @@ -100,8 +100,8 @@ void declareArguments() ::arg().setSwitch("webserver","Start a webserver for monitoring")="no"; ::arg().setSwitch("webserver-print-arguments","If the webserver should print arguments")="no"; ::arg().setSwitch("edns-subnet-processing","If we should act on EDNS Subnet options")="no"; + ::arg().set("edns-subnet-option-numbers","Comma separated list of whitelisted non-standard EDNS subnet option codes (8 is always included)")="20730"; ::arg().setSwitch("any-to-tcp","Answer ANY queries with tc=1, shunting to TCP")="no"; - ::arg().set("edns-subnet-option-number","EDNS option number to use")="20730"; ::arg().set("webserver-address","IP Address of webserver to listen on")="127.0.0.1"; ::arg().set("webserver-port","Port of webserver to listen on")="8081"; ::arg().set("webserver-password","Password required for accessing the webserver")=""; @@ -340,7 +340,13 @@ void mainthread() g_anyToTcp = ::arg().mustDo("any-to-tcp"); g_addSuperfluousNSEC3 = ::arg().mustDo("add-superfluous-nsec3-for-old-bind"); DNSPacket::s_doEDNSSubnetProcessing = ::arg().mustDo("edns-subnet-processing"); - + { + std::vector codes; + stringtok(codes, ::arg()["edns-subnet-option-numbers"], "\t ,"); + BOOST_FOREACH(std::string &code, codes) { + DNSPacket::s_ednssubnetcodes.push_back(boost::lexical_cast(code)); + } + } #ifndef WIN32 if(!::arg()["chroot"].empty()) { if(::arg().mustDo("master") || ::arg().mustDo("slave")) diff --git a/pdns/dnspacket.cc b/pdns/dnspacket.cc index 62e73e145f..552217d045 100644 --- a/pdns/dnspacket.cc +++ b/pdns/dnspacket.cc @@ -45,7 +45,8 @@ #include "ednssubnet.hh" bool DNSPacket::s_doEDNSSubnetProcessing; - +std::vector DNSPacket::s_ednssubnetcodes; + DNSPacket::DNSPacket() { d_wrapped=false; @@ -331,9 +332,7 @@ void DNSPacket::wrapup() eso.scope = Netmask(eso.source.getNetwork(), maxScopeMask); string opt = makeEDNSSubnetOptsString(eso); - if (::arg().mustDo("edns-subnet-option-number") && ::arg().asNum("edns-subnet-option-number") != 8) - opts.push_back(make_pair(::arg().asNum("edns-subnet-option-number"), opt)); - opts.push_back(make_pair(8, opt)); // 'EDNS SUBNET' + opts.push_back(make_pair(d_ednssubnetcode, opt)); // 'EDNS SUBNET' } if(!opts.empty() || d_haveednssection || d_dnssecOk) @@ -516,10 +515,11 @@ try else if(iter->first == 5) {// 'EDNS PING' d_ednsping = iter->second; } - else if(s_doEDNSSubnetProcessing && (iter->first == 8 || iter->first == ::arg().asNum("edns-subnet-option-number"))) { // 'EDNS SUBNET' + else if(s_doEDNSSubnetProcessing && (iter->first == 8 || std::find(s_ednssubnetcodes.begin(), s_ednssubnetcodes.end(), iter->first) != s_ednssubnetcodes.end())) { // 'EDNS SUBNET' if(getEDNSSubnetOptsFromString(iter->second, &d_eso)) { //cerr<<"Parsed, source: "<