From d2790914df03cc28a42e063004435cc77f9ee6a1 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Sun, 24 Nov 2024 00:08:45 +0000
Subject: [PATCH] More edns0 rationalisation.

---
 src/auth.c    |  8 ++------
 src/dnsmasq.h |  3 +--
 src/forward.c | 37 ++++++++++++++++++++++++-------------
 3 files changed, 27 insertions(+), 21 deletions(-)

diff --git a/src/auth.c b/src/auth.c
index e6adc37..d84a23e 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -96,8 +96,8 @@ int in_zone(struct auth_zone *zone, char *name, char **cut)
 }
 
 
-size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t now, union mysockaddr *peer_addr, 
-		   int local_query, int do_bit, int have_pseudoheader) 
+size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t now,
+		   union mysockaddr *peer_addr, int local_query) 
 {
   char *name = daemon->namebuff;
   unsigned char *p, *ansp;
@@ -890,10 +890,6 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
       return resize_packet(header,  ansp - (unsigned char *)header, NULL, 0);
     }
   
-  /* Advertise our packet size limit in our reply */
-  if (have_pseudoheader)
-    return add_pseudoheader(header,  ansp - (unsigned char *)header, (unsigned char *)limit, daemon->edns_pktsz, 0, NULL, 0, do_bit, 0);
-
   return ansp - (unsigned char *)header;
 }
   
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index f79222e..02fbd53 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -1411,8 +1411,7 @@ int private_net(struct in_addr addr, int ban_localhost);
 /* auth.c */
 #ifdef HAVE_AUTH
 size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, 
-		   time_t now, union mysockaddr *peer_addr, int local_query,
-		   int do_bit, int have_pseudoheader);
+		   time_t now, union mysockaddr *peer_addr, int local_query);
 int in_zone(struct auth_zone *zone, char *name, char **cut);
 #endif
 
diff --git a/src/forward.c b/src/forward.c
index 2491dbb..22d6cd3 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -553,9 +553,9 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
 	  u16 swap = htons((u16)ede);
 
 	  if (ede != EDE_UNSET)
-	    plen = add_pseudoheader(header, plen, (unsigned char *)(header + replylimit), 0, EDNS0_OPTION_EDE, (unsigned char *)&swap, 2, do_bit, 0);
+	    plen = add_pseudoheader(header, plen, (unsigned char *)(header + replylimit), daemon->edns_pktsz, EDNS0_OPTION_EDE, (unsigned char *)&swap, 2, do_bit, 0);
 	  else
-	    plen = add_pseudoheader(header, plen, (unsigned char *)(header + replylimit), 0, 0, NULL, 0, do_bit, 0);
+	    plen = add_pseudoheader(header, plen, (unsigned char *)(header + replylimit), daemon->edns_pktsz, 0, NULL, 0, do_bit, 0);
 	}
       
 #if defined(HAVE_CONNTRACK) && defined(HAVE_UBUS)
@@ -828,7 +828,7 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
   if (pheader && ede != EDE_UNSET)
     {
       u16 swap = htons((u16)ede);
-      n = add_pseudoheader(header, n, limit, 0, EDNS0_OPTION_EDE, (unsigned char *)&swap, 2, do_bit, 1);
+      n = add_pseudoheader(header, n, limit, daemon->edns_pktsz, EDNS0_OPTION_EDE, (unsigned char *)&swap, 2, do_bit, 1);
     }
 
   if (RCODE(header) == NXDOMAIN)
@@ -1776,7 +1776,7 @@ void receive_query(struct listener *listen, time_t now)
       m = answer_disallowed(header, (size_t)n, (u32)mark, is_single_query ? daemon->namebuff : NULL);
       
       if (have_pseudoheader && m != 0)
-	m = add_pseudoheader(header,  m,  ((unsigned char *) header) + daemon->edns_pktsz, 0,
+	m = add_pseudoheader(header,  m,  ((unsigned char *) header) + daemon->edns_pktsz, daemon->edns_pktsz,
 			     EDNS0_OPTION_EDE, (unsigned char *)&swap, 2, do_bit, 0);
       
       if (m >= 1)
@@ -1793,10 +1793,13 @@ void receive_query(struct listener *listen, time_t now)
 #ifdef HAVE_AUTH
   else if (auth_dns)
     {
-      m = answer_auth(header, ((char *) header) + udp_size, (size_t)n, now, &source_addr, 
-		      local_auth, do_bit, have_pseudoheader);
+      m = answer_auth(header, ((char *) header) + udp_size, (size_t)n, now, &source_addr, local_auth);
       if (m >= 1)
 	{
+	  if (have_pseudoheader)
+	    m = add_pseudoheader(header,  m,  ((unsigned char *) header) + udp_size, daemon->edns_pktsz,
+				 0, NULL, 0, do_bit, 0);
+	  
 #ifdef HAVE_DUMPFILE
 	  dump_packet_udp(DUMP_REPLY, daemon->packet, m, NULL, &source_addr, listen->fd);
 #endif
@@ -1840,11 +1843,11 @@ void receive_query(struct listener *listen, time_t now)
 		{
 		  u16 swap = htons(ede);
 		  
-		  m = add_pseudoheader(header,  m,  ((unsigned char *) header) + daemon->edns_pktsz, 0,
+		  m = add_pseudoheader(header,  m,  ((unsigned char *) header) + daemon->edns_pktsz, daemon->edns_pktsz,
 				       EDNS0_OPTION_EDE, (unsigned char *)&swap, 2, do_bit, 0);
 		}
 	      else
-		m = add_pseudoheader(header,  m,  ((unsigned char *) header) + daemon->edns_pktsz, 0,
+		m = add_pseudoheader(header,  m,  ((unsigned char *) header) + daemon->edns_pktsz, daemon->edns_pktsz,
 				     0, NULL, 0, do_bit, 0);
 	    }
 	  
@@ -2400,14 +2403,18 @@ unsigned char *tcp_request(int confd, time_t now,
 	  m = answer_disallowed(header, size, (u32)mark, is_single_query ? daemon->namebuff : NULL);
 	  
 	  if (have_pseudoheader && m != 0)
-	    m = add_pseudoheader(header,  m, ((unsigned char *) header) + 65536, 0,
+	    m = add_pseudoheader(header,  m, ((unsigned char *) header) + 65536, daemon->edns_pktsz,
 				 EDNS0_OPTION_EDE, (unsigned char *)&swap, 2, do_bit, 0);
 	}
 #endif
 #ifdef HAVE_AUTH
       else if (auth_dns)
-	m = answer_auth(header, ((char *) header) + 65536, (size_t)size, now, &peer_addr, 
-			local_auth, do_bit, have_pseudoheader);
+	{
+	  m = answer_auth(header, ((char *) header) + 65536, (size_t)size, now, &peer_addr, local_auth);
+	  if (m >= 1 && have_pseudoheader)
+	    m = add_pseudoheader(header,  m,  ((unsigned char *) header) + 65536, daemon->edns_pktsz,
+				 0, NULL, 0, do_bit, 0);
+	}
 #endif
       else
 	{
@@ -2429,6 +2436,10 @@ unsigned char *tcp_request(int confd, time_t now,
 	       /* m > 0 if answered from cache */
 	       m = answer_request(header, ((char *) header) + 65536, (size_t)size, 
 				  dst_addr_4, netmask, now, ad_reqd, do_bit, &stale, &filtered);
+
+	       if (m >= 1 && have_pseudoheader)
+		 m = add_pseudoheader(header,  m,  ((unsigned char *) header) + 65536, daemon->edns_pktsz,
+				      0, NULL, 0, do_bit, 0);
 	     }
 	  /* Do this by steam now we're not in the select() loop */
 	  check_log_writer(1); 
@@ -2585,9 +2596,9 @@ unsigned char *tcp_request(int confd, time_t now,
 	  u16 swap = htons((u16)ede);
 	  
 	  if (ede != EDE_UNSET)
-	    m = add_pseudoheader(header, m, ((unsigned char *) header) + 65536, 0, EDNS0_OPTION_EDE, (unsigned char *)&swap, 2, do_bit, 0);
+	    m = add_pseudoheader(header, m, ((unsigned char *) header) + 65536, daemon->edns_pktsz, EDNS0_OPTION_EDE, (unsigned char *)&swap, 2, do_bit, 0);
 	  else
-	    m = add_pseudoheader(header, m, ((unsigned char *) header) + 65536, 0, 0, NULL, 0, do_bit, 0);
+	    m = add_pseudoheader(header, m, ((unsigned char *) header) + 65536, daemon->edns_pktsz, 0, NULL, 0, do_bit, 0);
 	}
 		  
       check_log_writer(1);