From a94bc5d77d2cf1c044fe8658c6f316817614daaf Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Tue, 16 Aug 2016 15:15:33 +0200 Subject: [PATCH] rec: Anonymize the protobuf ECS value as well --- pdns/pdns_recursor.cc | 6 +++--- pdns/protobuf.cc | 5 +++-- pdns/protobuf.hh | 2 +- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc index 6717e0571..33997eb38 100644 --- a/pdns/pdns_recursor.cc +++ b/pdns/pdns_recursor.cc @@ -616,7 +616,7 @@ static void protobufLogQuery(const std::shared_ptr& logger, uint8_ Netmask requestorNM(remote, remote.sin4.sin_family == AF_INET ? maskV4 : maskV6); const ComboAddress& requestor = requestorNM.getMaskedNetwork(); RecProtoBufMessage message(DNSProtoBufMessage::Query, uniqueId, &requestor, &local, qname, qtype, qclass, id, tcp, len); - message.setEDNSSubnet(ednssubnet); + message.setEDNSSubnet(ednssubnet, ednssubnet.isIpv4() ? maskV4 : maskV6); if (!appliedPolicy.empty()) { message.setAppliedPolicy(appliedPolicy); @@ -666,7 +666,7 @@ void startDoResolve(void *p) Netmask requestorNM(dc->d_remote, dc->d_remote.sin4.sin_family == AF_INET ? luaconfsLocal->protobufMaskV4 : luaconfsLocal->protobufMaskV6); const ComboAddress& requestor = requestorNM.getMaskedNetwork(); pbMessage.update(dc->d_uuid, &requestor, &dc->d_local, dc->d_tcp, dc->d_mdp.d_header.id); - pbMessage.setEDNSSubnet(dc->d_ednssubnet); + pbMessage.setEDNSSubnet(dc->d_ednssubnet, dc->d_ednssubnet.isIpv4() ? luaconfsLocal->protobufMaskV4 : luaconfsLocal->protobufMaskV6); pbMessage.setQuestion(dc->d_mdp.d_qname, dc->d_mdp.d_qtype, dc->d_mdp.d_qclass); } #endif /* HAVE_PROTOBUF */ @@ -1398,7 +1398,7 @@ string* doProcessUDPQuestion(const std::string& question, const ComboAddress& fr Netmask requestorNM(fromaddr, fromaddr.sin4.sin_family == AF_INET ? luaconfsLocal->protobufMaskV4 : luaconfsLocal->protobufMaskV6); const ComboAddress& requestor = requestorNM.getMaskedNetwork(); pbMessage.update(uniqueId, &requestor, &destaddr, false, dh->id); - pbMessage.setEDNSSubnet(ednssubnet); + pbMessage.setEDNSSubnet(ednssubnet, ednssubnet.isIpv4() ? luaconfsLocal->protobufMaskV4 : luaconfsLocal->protobufMaskV6); pbMessage.setQueryTime(g_now.tv_sec, g_now.tv_usec); protobufLogResponse(luaconfsLocal->protobufServer, pbMessage); } diff --git a/pdns/protobuf.cc b/pdns/protobuf.cc index d04fa2540..2cd32d125 100644 --- a/pdns/protobuf.cc +++ b/pdns/protobuf.cc @@ -58,11 +58,12 @@ void DNSProtoBufMessage::setQueryTime(time_t sec, uint32_t usec) #endif /* HAVE_PROTOBUF */ } -void DNSProtoBufMessage::setEDNSSubnet(const Netmask& subnet) +void DNSProtoBufMessage::setEDNSSubnet(const Netmask& subnet, uint8_t mask) { #ifdef HAVE_PROTOBUF if (!subnet.empty()) { - const ComboAddress ca = subnet.getNetwork(); + ComboAddress ca(subnet.getNetwork()); + ca.truncate(mask); if (ca.sin4.sin_family == AF_INET) { d_message.set_originalrequestorsubnet(&ca.sin4.sin_addr.s_addr, sizeof(ca.sin4.sin_addr.s_addr)); } diff --git a/pdns/protobuf.hh b/pdns/protobuf.hh index c1cd49e4d..ef76fa944 100644 --- a/pdns/protobuf.hh +++ b/pdns/protobuf.hh @@ -34,7 +34,7 @@ public: } void setQuestion(const DNSName& qname, uint16_t qtype, uint16_t qclass); - void setEDNSSubnet(const Netmask& subnet); + void setEDNSSubnet(const Netmask& subnet, uint8_t mask=128); void setBytes(size_t bytes); void setTime(time_t sec, uint32_t usec); void setQueryTime(time_t sec, uint32_t usec); -- 2.40.0