Permalink
Browse files

Add EDNS unknown version handling

  • Loading branch information...
1 parent 463fcff commit 5cfea4c5b34d8a3c3559d41d55da7b8b36af1064 @cmouse cmouse committed Aug 17, 2015
Showing with 25 additions and 1 deletion.
  1. +9 −1 pdns/dnspacket.cc
  2. +9 −0 pdns/dnspacket.hh
  3. +7 −0 pdns/packethandler.cc
View
@@ -56,6 +56,8 @@ DNSPacket::DNSPacket()
d_wantsnsid=false;
d_haveednssubnet = false;
d_dnssecOk=false;
+ d_ednsversion=0;
+ d_ednsrcode=0;
}
const string& DNSPacket::getString()
@@ -95,6 +97,8 @@ DNSPacket::DNSPacket(const DNSPacket &orig)
d_eso = orig.d_eso;
d_haveednssubnet = orig.d_haveednssubnet;
d_haveednssection = orig.d_haveednssection;
+ d_ednsversion = orig.d_ednsversion;
+ d_ednsrcode = orig.d_ednsrcode;
d_dnssecOk = orig.d_dnssecOk;
d_rrs=orig.d_rrs;
@@ -340,7 +344,7 @@ void DNSPacket::wrapup()
if(!opts.empty() || d_haveednssection || d_dnssecOk)
{
- pw.addOpt(s_udpTruncationThreshold, 0, d_dnssecOk ? EDNSOpts::DNSSECOK : 0, opts);
+ pw.addOpt(s_udpTruncationThreshold, d_ednsrcode, d_dnssecOk ? EDNSOpts::DNSSECOK : 0, opts);
pw.commit();
}
}
@@ -396,6 +400,8 @@ DNSPacket *DNSPacket::replyPacket() const
r->d_eso = d_eso;
r->d_haveednssubnet = d_haveednssubnet;
r->d_haveednssection = d_haveednssection;
+ r->d_ednsversion = 0;
+ r->d_ednsrcode = 0;
if(!d_tsigkeyname.empty()) {
r->d_tsigkeyname = d_tsigkeyname;
@@ -549,6 +555,8 @@ try
// cerr<<"Have an option #"<<iter->first<<": "<<makeHexDump(iter->second)<<endl;
}
}
+ d_ednsversion = edo.d_version;
+ d_ednsrcode = edo.d_extRCode;
}
else {
d_maxreplylen=512;
View
@@ -134,6 +134,13 @@ public:
bool couldBeCached(); //!< returns 0 if this query should bypass the packet cache
bool hasEDNSSubnet();
bool hasEDNS();
+ uint8_t getEDNSVersion() const { return d_ednsversion; };
+ void setEDNSRcode(uint16_t extRCode)
+ {
+ // WARNING: this is really 12 bits
+ d_ednsrcode=extRCode;
+ };
+ uint8_t getEDNSRCode() const { return d_ednsrcode; };
//////// DATA !
ComboAddress d_remote;
@@ -167,6 +174,8 @@ private:
string d_rawpacket; // this is where everything lives 4
int d_maxreplylen;
string d_ednsping;
+ uint8_t d_ednsversion;
+ uint16_t d_ednsrcode; // WARNING: this is really 12 bits
bool d_wantsnsid;
bool d_haveednssubnet;
bool d_haveednssection;
@@ -995,6 +995,13 @@ DNSPacket *PacketHandler::questionOrRecurse(DNSPacket *p, bool *shouldRecurse)
return 0;
}
+ if (p->hasEDNS() && p->getEDNSVersion() > 0) {
+ r = p->replyPacket();
+ r->setRcode(16 & 0xF);
+ r->setEDNSRcode((16 & 0xFFF0)>>4); // set rcode to BADVERS
+ return r;
+ }
+
if(p->d_havetsig) {
string keyname, secret;
TSIGRecordContent trc;

0 comments on commit 5cfea4c

Please sign in to comment.