- Add edns-client-tag-opcode option

2025-12-20 14:53:15 -05:00 · 2020-09-23 12:09:48 +02:00 · 2020-09-23 12:09:48 +02:00 · 7da369e85a
commit 7da369e85a
parent e41daa954e
13 changed files with 2603 additions and 2548 deletions
--- a/doc/Changelog
+++ b/doc/Changelog
@ -4,6 +4,7 @@

 23 September 2020: Ralph
 	- Fix edns-client-tags get_option typo
+	- Add edns-client-tag-opcode option

 21 September 2020: Ralph
 	- Fix #304: dnstap logging not recovering after dnstap process restarts
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@ -1538,6 +1538,10 @@ Include an edns-client-tag option in queries with destination address matching
 the configured IP netblock. This configuration option can be used multiple
 times. The most specific match will be used. The tag data is configured in
 decimal format, from 0 to 65535.
+.TP 5
+.B edns\-client\-tag\-opcode: \fI<opcode>
+EDNS0 option code for the edns-client-tag option, from 0 to 65535. Default is
+16, as assigned by IANA.
 .SS "Remote Control Options"
 In the
 .B remote\-control:
--- a/services/outside_network.c
+++ b/services/outside_network.c
@ -2107,7 +2107,7 @@ outnet_serviced_query(struct outside_network* outnet,
 		addr, addrlen))) {
 		uint16_t client_tag = htons(client_tag_addr->tag_data);
 		edns_opt_list_append(&qstate->edns_opts_back_out,
-			LDNS_EDNS_CLIENT_TAG, 2,
+			env->edns_tags->client_tag_opcode, 2,
 			(uint8_t*)&client_tag, qstate->region);
 	}

--- a/testcode/fake_event.c
+++ b/testcode/fake_event.c
@ -1232,7 +1232,7 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
 			addr, addrlen))) {
 			uint16_t client_tag = htons(client_tag_addr->tag_data);
 			edns_opt_list_append(&qstate->edns_opts_back_out,
-				LDNS_EDNS_CLIENT_TAG, 2,
+				env->edns_tags->client_tag_opcode, 2,
 				(uint8_t*)&client_tag, qstate->region);
 		}
 		edns.opt_list = qstate->edns_opts_back_out;
--- a/util/config_file.c
+++ b/util/config_file.c
@ -322,6 +322,7 @@ config_create(void)
 	cfg->shm_enable = 0;
 	cfg->shm_key = 11777;
 	cfg->edns_client_tags = NULL;
+	cfg->edns_client_tag_opcode = LDNS_EDNS_CLIENT_TAG;
 	cfg->dnscrypt = 0;
 	cfg->dnscrypt_port = 0;
 	cfg->dnscrypt_provider = NULL;
--- a/util/config_file.h
+++ b/util/config_file.h
@ -564,6 +564,8 @@ struct config_file {

 	/** list of EDNS client tag entries, linked list */
 	struct config_str2list* edns_client_tags;
+	/** EDNS opcode to use for EDNS client tags */
+	uint16_t edns_client_tag_opcode;

 	/** DNSCrypt */
 	/** true to enable dnscrypt */
--- a/util/configlexer.c
+++ b/util/configlexer.c
--- a/util/configlexer.lex
+++ b/util/configlexer.lex
@ -524,6 +524,7 @@ name-v6{COLON}			{ YDVAR(1, VAR_IPSET_NAME_V6) }
 udp-upstream-without-downstream{COLON} { YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) }
 tcp-connection-limit{COLON}	{ YDVAR(2, VAR_TCP_CONNECTION_LIMIT) }
 edns-client-tag{COLON}		{ YDVAR(2, VAR_EDNS_CLIENT_TAG) }
+edns-client-tag-opcode{COLON}	{ YDVAR(1, VAR_EDNS_CLIENT_TAG_OPCODE) }
 <INITIAL,val>{NEWLINE}		{ LEXOUT(("NL\n")); cfg_parser->line++; }

 	/* Quoted strings. Strip leading and ending quotes */
--- a/util/configparser.c
+++ b/util/configparser.c
--- a/util/configparser.h
+++ b/util/configparser.h
@ -344,7 +344,8 @@ extern int yydebug;
    VAR_RPZ_LOG_NAME = 550,
    VAR_DYNLIB = 551,
    VAR_DYNLIB_FILE = 552,
-    VAR_EDNS_CLIENT_TAG = 553
+    VAR_EDNS_CLIENT_TAG = 553,
+    VAR_EDNS_CLIENT_TAG_OPCODE = 554
  };
 #endif
 /* Tokens.  */
@ -644,6 +645,7 @@ extern int yydebug;
 #define VAR_DYNLIB 551
 #define VAR_DYNLIB_FILE 552
 #define VAR_EDNS_CLIENT_TAG 553
+#define VAR_EDNS_CLIENT_TAG_OPCODE 554

 /* Value type.  */
 #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
@ -653,7 +655,7 @@ union YYSTYPE

 	char*	str;

-#line 657 "util/configparser.h"
+#line 659 "util/configparser.h"

 };
 typedef union YYSTYPE YYSTYPE;
--- a/util/configparser.y
+++ b/util/configparser.y
@ -178,7 +178,7 @@ extern struct config_parser_state* cfg_parser;
 %token VAR_IPSET VAR_IPSET_NAME_V4 VAR_IPSET_NAME_V6
 %token VAR_TLS_SESSION_TICKET_KEYS VAR_RPZ VAR_TAGS VAR_RPZ_ACTION_OVERRIDE
 %token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME
-%token VAR_DYNLIB VAR_DYNLIB_FILE VAR_EDNS_CLIENT_TAG
+%token VAR_DYNLIB VAR_DYNLIB_FILE VAR_EDNS_CLIENT_TAG VAR_EDNS_CLIENT_TAG_OPCODE

 %%
 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
@ -291,7 +291,8 @@ content_server: server_num_threads | server_verbosity | server_port |
 	server_unknown_server_time_limit | server_log_tag_queryreply |
 	server_stream_wait_size | server_tls_ciphers |
 	server_tls_ciphersuites | server_tls_session_ticket_keys |
-	server_tls_use_sni | server_edns_client_tag
+	server_tls_use_sni | server_edns_client_tag |
+	server_edns_client_tag_opcode
 	;
 stubstart: VAR_STUB_ZONE
 	{
@ -2479,6 +2480,17 @@ server_edns_client_tag: VAR_EDNS_CLIENT_TAG STRING_ARG STRING_ARG
 				"edns-client-tag");
 	}
 	;
+server_edns_client_tag_opcode: VAR_EDNS_CLIENT_TAG_OPCODE STRING_ARG
+	{
+		OUTYY(("P(edns_client_tag_opcode:%s)\n", $2));
+		if(atoi($2) == 0 && strcmp($2, "0") != 0)
+			yyerror("option code expected");
+		else if(atoi($2) > 65535 || atoi($2) < 0)
+			yyerror("option code must be in interval [0, 65535]");
+		else cfg_parser->cfg->edns_client_tag_opcode = atoi($2);
+
+	}
+	;
 stub_name: VAR_NAME STRING_ARG
 	{
 		OUTYY(("P(name:%s)\n", $2));
--- a/util/edns.c
+++ b/util/edns.c
@ -112,6 +112,7 @@ int edns_tags_apply_cfg(struct edns_tags* edns_tags,
 			return 0;
 		}
 	}
+	edns_tags->client_tag_opcode = config->edns_client_tag_opcode;

 	addr_tree_init_parents(&edns_tags->client_tags);
 	return 1;
--- a/util/edns.h
+++ b/util/edns.h
@ -56,6 +56,8 @@ struct edns_tags {
 	/** Tree of EDNS client tags to use in upstream queries, per address
 	 * prefix. Contains nodes of type edns_tag_addr. */
 	rbtree_type client_tags;
+	/** EDNS opcode to use for client tags */
+	uint16_t client_tag_opcode;
 	/** region to allocate tree nodes in */
 	struct regional* region;
 };