1
0
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git synced 2025-01-07 01:41:22 +01:00

Add support for extended error codes

This commit is contained in:
Frank Denis 2023-08-11 14:59:10 +02:00
parent 98d0938815
commit aff09648bb

View File

@ -40,6 +40,11 @@ func TruncatedResponse(packet []byte) ([]byte, error) {
func RefusedResponseFromMessage(srcMsg *dns.Msg, refusedCode bool, ipv4 net.IP, ipv6 net.IP, ttl uint32) *dns.Msg { func RefusedResponseFromMessage(srcMsg *dns.Msg, refusedCode bool, ipv4 net.IP, ipv6 net.IP, ttl uint32) *dns.Msg {
dstMsg := EmptyResponseFromMessage(srcMsg) dstMsg := EmptyResponseFromMessage(srcMsg)
ede := new(dns.EDNS0_EDE)
if edns0 := dstMsg.IsEdns0(); edns0 != nil {
edns0.Option = append(edns0.Option, ede)
}
ede.InfoCode = dns.ExtendedErrorCodeFiltered
if refusedCode { if refusedCode {
dstMsg.Rcode = dns.RcodeRefused dstMsg.Rcode = dns.RcodeRefused
} else { } else {
@ -58,6 +63,7 @@ func RefusedResponseFromMessage(srcMsg *dns.Msg, refusedCode bool, ipv4 net.IP,
if rr.A != nil { if rr.A != nil {
dstMsg.Answer = []dns.RR{rr} dstMsg.Answer = []dns.RR{rr}
sendHInfoResponse = false sendHInfoResponse = false
ede.InfoCode = dns.ExtendedErrorCodeForgedAnswer
} }
} else if ipv6 != nil && question.Qtype == dns.TypeAAAA { } else if ipv6 != nil && question.Qtype == dns.TypeAAAA {
rr := new(dns.AAAA) rr := new(dns.AAAA)
@ -66,6 +72,7 @@ func RefusedResponseFromMessage(srcMsg *dns.Msg, refusedCode bool, ipv4 net.IP,
if rr.AAAA != nil { if rr.AAAA != nil {
dstMsg.Answer = []dns.RR{rr} dstMsg.Answer = []dns.RR{rr}
sendHInfoResponse = false sendHInfoResponse = false
ede.InfoCode = dns.ExtendedErrorCodeForgedAnswer
} }
} }
@ -78,8 +85,11 @@ func RefusedResponseFromMessage(srcMsg *dns.Msg, refusedCode bool, ipv4 net.IP,
hinfo.Cpu = "This query has been locally blocked" hinfo.Cpu = "This query has been locally blocked"
hinfo.Os = "by dnscrypt-proxy" hinfo.Os = "by dnscrypt-proxy"
dstMsg.Answer = []dns.RR{hinfo} dstMsg.Answer = []dns.RR{hinfo}
} else {
ede.ExtraText = "This query has been locally blocked by dnscrypt-proxy"
} }
} }
return dstMsg return dstMsg
} }