Add EDNS unknown version handling

PowerDNS · Aug 25, 2015 · 5cfea4c · 5cfea4c
1 parent 463fcff
commit 5cfea4c
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 1 deletion.
diff --git a/pdns/dnspacket.cc b/pdns/dnspacket.cc
@@ -56,6 +56,8 @@ DNSPacket::DNSPacket()
   d_wantsnsid=false;
   d_haveednssubnet = false;
   d_dnssecOk=false;
+  d_ednsversion=0;
+  d_ednsrcode=0;
 }
 
 const string& DNSPacket::getString()
@@ -95,6 +97,8 @@ DNSPacket::DNSPacket(const DNSPacket &orig)
   d_eso = orig.d_eso;
   d_haveednssubnet = orig.d_haveednssubnet;
   d_haveednssection = orig.d_haveednssection;
+  d_ednsversion = orig.d_ednsversion;
+  d_ednsrcode = orig.d_ednsrcode;
   d_dnssecOk = orig.d_dnssecOk;
   d_rrs=orig.d_rrs;
 
@@ -340,7 +344,7 @@ void DNSPacket::wrapup()
 
       if(!opts.empty() || d_haveednssection || d_dnssecOk)
       {
-        pw.addOpt(s_udpTruncationThreshold, 0, d_dnssecOk ? EDNSOpts::DNSSECOK : 0, opts);
+        pw.addOpt(s_udpTruncationThreshold, d_ednsrcode, d_dnssecOk ? EDNSOpts::DNSSECOK : 0, opts);
         pw.commit();
       }
     }
@@ -396,6 +400,8 @@ DNSPacket *DNSPacket::replyPacket() const
   r->d_eso = d_eso;
   r->d_haveednssubnet = d_haveednssubnet;
   r->d_haveednssection = d_haveednssection;
+  r->d_ednsversion = 0;
+  r->d_ednsrcode = 0;
 
   if(!d_tsigkeyname.empty()) {
     r->d_tsigkeyname = d_tsigkeyname;
@@ -549,6 +555,8 @@ try
         // cerr<<"Have an option #"<<iter->first<<": "<<makeHexDump(iter->second)<<endl;
       }
     }
+    d_ednsversion = edo.d_version;
+    d_ednsrcode = edo.d_extRCode;
   }
   else  {
     d_maxreplylen=512;

diff --git a/pdns/dnspacket.hh b/pdns/dnspacket.hh
@@ -134,6 +134,13 @@ public:
   bool couldBeCached(); //!< returns 0 if this query should bypass the packet cache
   bool hasEDNSSubnet();
   bool hasEDNS();
+  uint8_t getEDNSVersion() const { return d_ednsversion; };
+  void setEDNSRcode(uint16_t extRCode)
+  {
+    // WARNING: this is really 12 bits
+    d_ednsrcode=extRCode;
+  };
+  uint8_t getEDNSRCode() const { return d_ednsrcode; };
   //////// DATA !
 
   ComboAddress d_remote;
@@ -167,6 +174,8 @@ private:
   string d_rawpacket; // this is where everything lives 4
   int d_maxreplylen;
   string d_ednsping;
+  uint8_t d_ednsversion;
+  uint16_t d_ednsrcode; // WARNING: this is really 12 bits
   bool d_wantsnsid;
   bool d_haveednssubnet;
   bool d_haveednssection;

diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
@@ -995,6 +995,13 @@ DNSPacket *PacketHandler::questionOrRecurse(DNSPacket *p, bool *shouldRecurse)
     return 0;
   }
 
+  if (p->hasEDNS() && p->getEDNSVersion() > 0) {
+    r = p->replyPacket();
+    r->setRcode(16 & 0xF);
+    r->setEDNSRcode((16 & 0xFFF0)>>4); // set rcode to BADVERS
+    return r;
+  }
+
   if(p->d_havetsig) {
     string keyname, secret;
     TSIGRecordContent trc;