From: bert hubert <bert.hubert@netherlabs.nl>
Date: Fri, 12 May 2017 19:25:16 +0000 (+0200)
Subject: Together with Mukund Sivaraman we found out PowerDNS sdig does not truncate
X-Git-Tag: auth-4.0.5~1^2~5^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5b31e93b110424479d4c598394c02190640c09c6;p=pdns

Together with Mukund Sivaraman we found out PowerDNS sdig does not truncate
trailing bits of EDNS Client Subnet mask.  So if you'd truncate something as
a /9, we'd have to use 2 bytes anyhow, but we would not zero the last 7 bits.

We do now. Thanks Mukund & ISC!

(cherry picked from commit d7da15c560946cadaadfc173b8964dd6b40932ed)
---

diff --git a/modules/remotebackend/Makefile.am b/modules/remotebackend/Makefile.am
index ffe8a353a..e965c51b4 100644
--- a/modules/remotebackend/Makefile.am
+++ b/modules/remotebackend/Makefile.am
@@ -105,6 +105,7 @@ libtestremotebackend_la_SOURCES = \
 	../../pdns/dnsrecords.cc \
 	../../pdns/dnssecinfra.cc \
 	../../pdns/ednssubnet.cc \
+	../../pdns/iputils.cc \
 	../../pdns/logger.cc \
 	../../pdns/misc.cc \
 	../../pdns/nsecrecords.cc \
diff --git a/pdns/Makefile.am b/pdns/Makefile.am
index f423cc01d..13085e1ff 100644
--- a/pdns/Makefile.am
+++ b/pdns/Makefile.am
@@ -455,6 +455,7 @@ sdig_SOURCES = \
 	dnsrecords.cc \
 	dnswriter.cc dnswriter.hh \
 	ednssubnet.cc \
+	iputils.hh iputils.cc \
 	logger.cc \
 	misc.cc misc.hh \
 	nsecrecords.cc \
@@ -682,6 +683,7 @@ toysdig_SOURCES = \
 	dnssecinfra.cc \
 	dnswriter.cc dnswriter.hh \
 	ednssubnet.cc ednssubnet.hh \
+	iputils.cc iputils.hh \
 	filterpo.hh \
 	gss_context.cc gss_context.hh \
 	logger.cc \
@@ -894,6 +896,7 @@ dnsreplay_SOURCES = \
 	dnswriter.cc dnswriter.hh \
 	ednssubnet.cc ednssubnet.hh \
 	ednsoptions.cc ednsoptions.hh \
+	iputils.hh iputils.cc \
 	logger.cc \
 	misc.cc \
 	nsecrecords.cc \
diff --git a/pdns/ednssubnet.cc b/pdns/ednssubnet.cc
index 62fa73ee5..2258a64bd 100644
--- a/pdns/ednssubnet.cc
+++ b/pdns/ednssubnet.cc
@@ -88,10 +88,13 @@ string makeEDNSSubnetOptsString(const EDNSSubnetOpts& eso)
   ret.assign((const char*)&esow, sizeof(esow));
   int octetsout = ((esow.sourceMask - 1)>> 3)+1;
 
+  ComboAddress src=eso.source.getNetwork();
+  src.truncate(esow.sourceMask);
+  
   if(family == htons(1)) 
-    ret.append((const char*) &eso.source.getNetwork().sin4.sin_addr.s_addr, octetsout);
+    ret.append((const char*) &src.sin4.sin_addr.s_addr, octetsout);
   else
-    ret.append((const char*) &eso.source.getNetwork().sin6.sin6_addr.s6_addr, octetsout);
+    ret.append((const char*) &src.sin6.sin6_addr.s6_addr, octetsout);
   return ret;
 }