mirror of https://github.com/getdnsapi/getdns.git
actually implement tls_query_padding_blocksize
since no DNS OPT value has been allocated, i chose a random value in the experimental/local range.
This commit is contained in:
parent
1457c1a2b5
commit
83bf5ab08b
|
@ -409,6 +409,7 @@ AC_DEFINE_UNQUOTED([EDNS_COOKIE_OPCODE], [10], [The edns cookie option code.])
|
|||
AC_DEFINE_UNQUOTED([EDNS_COOKIE_ROLLOVER_TIME], [(24 * 60 * 60)], [How often the edns client cookie is refreshed.])
|
||||
|
||||
AC_DEFINE_UNQUOTED([MAXIMUM_UPSTREAM_OPTION_SPACE], [3000], [limit for dynamically-generated DNS options])
|
||||
AC_DEFINE_UNQUOTED([EDNS_PADDING_OPCODE], [65461], [The experimental edns padding option code.])
|
||||
|
||||
my_with_libunbound=1
|
||||
AC_ARG_ENABLE(stub-only, AC_HELP_STRING([--enable-stub-only], [Restricts resolution modes to STUB (which will be the default mode). Removes the libunbound dependency.]))
|
||||
|
|
12
src/stub.c
12
src/stub.c
|
@ -1138,6 +1138,7 @@ stub_tls_write(getdns_upstream *upstream, getdns_tcp_state *tcp,
|
|||
uint16_t query_id;
|
||||
intptr_t query_id_intptr;
|
||||
SSL* tls_obj = upstream->tls_obj;
|
||||
uint16_t padding_sz;
|
||||
|
||||
int q = tls_connected(upstream);
|
||||
if (q != 0)
|
||||
|
@ -1173,6 +1174,17 @@ stub_tls_write(getdns_upstream *upstream, getdns_tcp_state *tcp,
|
|||
if (netreq->owner->edns_client_subnet_private)
|
||||
if (attach_edns_client_subnet_private(netreq))
|
||||
return STUB_OUT_OF_OPTIONS;
|
||||
if (netreq->owner->tls_query_padding_blocksize > 1) {
|
||||
pkt_len = netreq->response - netreq->query;
|
||||
pkt_len += 4; /* this accounts for the OPTION-CODE and OPTION-LENGTH of the padding */
|
||||
padding_sz = pkt_len % netreq->owner->tls_query_padding_blocksize;
|
||||
if (padding_sz)
|
||||
padding_sz = netreq->owner->tls_query_padding_blocksize - padding_sz;
|
||||
if (_getdns_network_req_add_upstream_option(netreq,
|
||||
EDNS_PADDING_OPCODE,
|
||||
padding_sz, NULL))
|
||||
return STUB_OUT_OF_OPTIONS;
|
||||
}
|
||||
}
|
||||
|
||||
pkt_len = netreq->response - netreq->query;
|
||||
|
|
Loading…
Reference in New Issue