rec: Anonymize the protobuf ECS value as well

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index 6717e0571dce678c1b46015622caee340cf17306..33997eb38eccf7a3e55543db45ccd3e16f242891 100644 (file)
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -616,7 +616,7 @@ static void protobufLogQuery(const std::shared_ptr<RemoteLogger>& logger, uint8_
   Netmask requestorNM(remote, remote.sin4.sin_family == AF_INET ? maskV4 : maskV6);
   const ComboAddress& requestor = requestorNM.getMaskedNetwork();
   RecProtoBufMessage message(DNSProtoBufMessage::Query, uniqueId, &requestor, &local, qname, qtype, qclass, id, tcp, len);
-  message.setEDNSSubnet(ednssubnet);
+  message.setEDNSSubnet(ednssubnet, ednssubnet.isIpv4() ? maskV4 : maskV6);
 
   if (!appliedPolicy.empty()) {
     message.setAppliedPolicy(appliedPolicy);
@@ -666,7 +666,7 @@ void startDoResolve(void *p)
       Netmask requestorNM(dc->d_remote, dc->d_remote.sin4.sin_family == AF_INET ? luaconfsLocal->protobufMaskV4 : luaconfsLocal->protobufMaskV6);
       const ComboAddress& requestor = requestorNM.getMaskedNetwork();
       pbMessage.update(dc->d_uuid, &requestor, &dc->d_local, dc->d_tcp, dc->d_mdp.d_header.id);
-      pbMessage.setEDNSSubnet(dc->d_ednssubnet);
+      pbMessage.setEDNSSubnet(dc->d_ednssubnet, dc->d_ednssubnet.isIpv4() ? luaconfsLocal->protobufMaskV4 : luaconfsLocal->protobufMaskV6);
       pbMessage.setQuestion(dc->d_mdp.d_qname, dc->d_mdp.d_qtype, dc->d_mdp.d_qclass);
     }
 #endif /* HAVE_PROTOBUF */
@@ -1398,7 +1398,7 @@ string* doProcessUDPQuestion(const std::string& question, const ComboAddress& fr
         Netmask requestorNM(fromaddr, fromaddr.sin4.sin_family == AF_INET ? luaconfsLocal->protobufMaskV4 : luaconfsLocal->protobufMaskV6);
         const ComboAddress& requestor = requestorNM.getMaskedNetwork();
         pbMessage.update(uniqueId, &requestor, &destaddr, false, dh->id);
-        pbMessage.setEDNSSubnet(ednssubnet);
+        pbMessage.setEDNSSubnet(ednssubnet, ednssubnet.isIpv4() ? luaconfsLocal->protobufMaskV4 : luaconfsLocal->protobufMaskV6);
         pbMessage.setQueryTime(g_now.tv_sec, g_now.tv_usec);
         protobufLogResponse(luaconfsLocal->protobufServer, pbMessage);
       }

diff --git a/pdns/protobuf.cc b/pdns/protobuf.cc
index d04fa2540b1a702a88d2fbd577e822034080d540..2cd32d1258b1050ec56779e2b17199d22da247c8 100644 (file)
--- a/pdns/protobuf.cc
+++ b/pdns/protobuf.cc
@@ -58,11 +58,12 @@ void DNSProtoBufMessage::setQueryTime(time_t sec, uint32_t usec)
 #endif /* HAVE_PROTOBUF */
 }
 
-void DNSProtoBufMessage::setEDNSSubnet(const Netmask& subnet)
+void DNSProtoBufMessage::setEDNSSubnet(const Netmask& subnet, uint8_t mask)
 {
 #ifdef HAVE_PROTOBUF
   if (!subnet.empty()) {
-    const ComboAddress ca = subnet.getNetwork();
+    ComboAddress ca(subnet.getNetwork());
+    ca.truncate(mask);
     if (ca.sin4.sin_family == AF_INET) {
       d_message.set_originalrequestorsubnet(&ca.sin4.sin_addr.s_addr, sizeof(ca.sin4.sin_addr.s_addr));
     }

diff --git a/pdns/protobuf.hh b/pdns/protobuf.hh
index c1cd49e4dbe8940a369fa2dc22266e9500e0ed75..ef76fa9449c7a9a1c78688dcd8de3dca5d598b4c 100644 (file)
--- a/pdns/protobuf.hh
+++ b/pdns/protobuf.hh
@@ -34,7 +34,7 @@ public:
   }
 
   void setQuestion(const DNSName& qname, uint16_t qtype, uint16_t qclass);
-  void setEDNSSubnet(const Netmask& subnet);
+  void setEDNSSubnet(const Netmask& subnet, uint8_t mask=128);
   void setBytes(size_t bytes);
   void setTime(time_t sec, uint32_t usec);
   void setQueryTime(time_t sec, uint32_t usec);