diff --git a/pdns/dnspacket.cc b/pdns/dnspacket.cc index b39aecb27e7c..5f17861d73a9 100644 --- a/pdns/dnspacket.cc +++ b/pdns/dnspacket.cc @@ -391,13 +391,12 @@ void DNSPacket::wrapup(bool throwsOnTruncation) if (d_ednspadding) { size_t remaining = d_tcp ? 65535 : getMaxReplyLen(); - const size_t blockSize = 468; // RFC8467 4.1 // Note that optsize already contains the size of the EDNS0 padding // option header. - size_t modulo = (pw.size() + optsize) % blockSize; + size_t modulo = (pw.size() + optsize) % rfc8467::serverPaddingBlockSize; size_t padSize = 0; if (modulo > 0) { - padSize = std::min(blockSize - modulo, remaining); + padSize = std::min(rfc8467::serverPaddingBlockSize - modulo, remaining); } opts.emplace_back(EDNSOptionCode::PADDING, makeEDNSPaddingOptString(padSize)); } diff --git a/pdns/ednspadding.hh b/pdns/ednspadding.hh index 9db16c6abcaa..51c5e2237053 100644 --- a/pdns/ednspadding.hh +++ b/pdns/ednspadding.hh @@ -24,3 +24,10 @@ #include std::string makeEDNSPaddingOptString(size_t bytes); + +namespace rfc8467 +{ +// Constants from RFC8467 4.1 "Recommended Strategy: Block-Length Padding" +const size_t clientPaddingBlockSize = 128; +const size_t serverPaddingBlockSize = 468; +} diff --git a/pdns/recursordist/lwres.cc b/pdns/recursordist/lwres.cc index aa7206f4e737..eb2f78d45a7c 100644 --- a/pdns/recursordist/lwres.cc +++ b/pdns/recursordist/lwres.cc @@ -373,15 +373,11 @@ static void addPadding(const DNSPacketWriter& pw, size_t bufsize, DNSPacketWrite const size_t currentSize = pw.getSizeWithOpts(opts); if (currentSize < (bufsize - 4)) { const size_t remaining = bufsize - (currentSize + 4); - /* from rfc8467, "4.1. Recommended Strategy: Block-Length Padding": - Clients SHOULD pad queries to the closest multiple of 128 octets. - Note we are in the client role here. - */ - const size_t blockSize = 128; - const size_t modulo = (currentSize + 4) % blockSize; + // Note we are in the client role here. + const size_t modulo = (currentSize + 4) % rfc8467::clientPaddingBlockSize; size_t padSize = 0; if (modulo > 0) { - padSize = std::min(blockSize - modulo, remaining); + padSize = std::min(rfc8467::clientPaddingBlockSize - modulo, remaining); } opts.emplace_back(EDNSOptionCode::PADDING, makeEDNSPaddingOptString(padSize)); } diff --git a/pdns/recursordist/pdns_recursor.cc b/pdns/recursordist/pdns_recursor.cc index f04ff608684e..fd290eeec4ac 100644 --- a/pdns/recursordist/pdns_recursor.cc +++ b/pdns/recursordist/pdns_recursor.cc @@ -1623,17 +1623,10 @@ void startDoResolve(void* arg) // NOLINT(readability-function-cognitive-complexi if (currentSize < (maxSize - 4)) { size_t remaining = maxSize - (currentSize + 4); - /* from rfc8467, "4.1. Recommended Strategy: Block-Length Padding": - If a server receives a query that includes the EDNS(0) "Padding" - option, it MUST pad the corresponding response (see Section 4 of - RFC 7830) and SHOULD pad the corresponding response to a - multiple of 468 octets (see below). - */ - const size_t blockSize = 468; - size_t modulo = (currentSize + 4) % blockSize; + size_t modulo = (currentSize + 4) % rfc8467::serverPaddingBlockSize; size_t padSize = 0; if (modulo > 0) { - padSize = std::min(blockSize - modulo, remaining); + padSize = std::min(rfc8467::serverPaddingBlockSize - modulo, remaining); } returnedEdnsOptions.emplace_back(EDNSOptionCode::PADDING, makeEDNSPaddingOptString(padSize)); }