resolv: Reduce EDNS payload size to 1200 bytes [BZ #21361]

This hardens the stub resolver against fragmentation-based attacks.
author: Florian Weimer <fweimer@redhat.com> 2017-04-13 13:09:38 +0200
committer: Florian Weimer <fweimer@redhat.com> 2017-04-13 13:09:38 +0200
commit: e14a27723cc3a154d67f3f26e719d08c0ba9ad25 (patch)
tree: c4706acf27f91784a8b592772d03e0c8da0b4731 /support/resolv_test.h
parent: c803cb9b24c6cea15698768e4301e963b98e742c (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/support/resolv_test.h b/support/resolv_test.h
index 7a9f1f7ae8..6498751569 100644
--- a/support/resolv_test.h
+++ b/support/resolv_test.h
@@ -25,6 +25,16 @@
 
 __BEGIN_DECLS
 
+/* Information about EDNS properties of a DNS query.  */
+struct resolv_edns_info
+{
+  bool active;
+  uint8_t extended_rcode;
+  uint8_t version;
+  uint16_t flags;
+  uint16_t payload_size;
+};
+
 /* This struct provides context information when the response callback
    specified in struct resolv_redirect_config is invoked. */
 struct resolv_response_context
@@ -33,6 +43,7 @@ struct resolv_response_context
   size_t query_length;
   int server_index;
   bool tcp;
+  struct resolv_edns_info edns;
 };
 
 /* This opaque struct is used to construct responses from within the
author	Florian Weimer <fweimer@redhat.com>	2017-04-13 13:09:38 +0200
committer	Florian Weimer <fweimer@redhat.com>	2017-04-13 13:09:38 +0200
commit	e14a27723cc3a154d67f3f26e719d08c0ba9ad25 (patch)
tree	c4706acf27f91784a8b592772d03e0c8da0b4731 /support/resolv_test.h
parent	c803cb9b24c6cea15698768e4301e963b98e742c (diff)