Commit 441de7db authored by Mukund Sivaraman's avatar Mukund Sivaraman Committed by Mark Andrews

Add a answer-cookie named config option

(cherry picked from commit 29305073)
parent f5ae506b
......@@ -1912,7 +1912,9 @@ process_cookie(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
/*
* If we have already seen a cookie option skip this cookie option.
*/
if ((client->attributes & NS_CLIENTATTR_WANTCOOKIE) != 0) {
if ((!ns_g_server->answercookie) ||
(client->attributes & NS_CLIENTATTR_WANTCOOKIE) != 0)
{
isc_buffer_forward(buf, (unsigned int)optlen);
return;
}
......
......@@ -47,6 +47,7 @@
/*% default configuration */
static char defaultconf[] = "\
options {\n\
answer-cookie true;\n\
automatic-interface-scan yes;\n\
bindkeys-file \"" NS_SYSCONFDIR "/bind.keys\";\n\
# blackhole {none;};\n"
......
......@@ -124,6 +124,7 @@ struct ns_server {
unsigned char secret[32]; /*%< Server Cookie Secret */
ns_altsecretlist_t altsecrets;
ns_cookiealg_t cookiealg;
isc_boolean_t answercookie;
dns_dtenv_t *dtenv; /*%< Dnstap environment */
......
......@@ -8327,6 +8327,11 @@ load_configuration(const char *filename, ns_server_t *server,
server->flushonshutdown = ISC_FALSE;
}
obj = NULL;
result = ns_config_get(maps, "answer-cookie", &obj);
INSIST(result == ISC_R_SUCCESS);
server->answercookie = cfg_obj_asboolean(obj);
obj = NULL;
result = ns_config_get(maps, "cookie-algorithm", &obj);
INSIST(result == ISC_R_SUCCESS);
......@@ -9033,6 +9038,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
server->lockfile = NULL;
server->dtenv = NULL;
server->answercookie = ISC_TRUE;
server->magic = NS_SERVER_MAGIC;
*serverp = server;
......
......@@ -1024,6 +1024,7 @@ static cfg_type_t cfg_type_fstrm_model = {
*/
static cfg_clausedef_t
options_clauses[] = {
{ "answer-cookie", &cfg_type_boolean, CFG_CLAUSEFLAG_DEPRECATED },
{ "automatic-interface-scan", &cfg_type_boolean, 0 },
{ "avoid-v4-udp-ports", &cfg_type_bracketed_portlist, 0 },
{ "avoid-v6-udp-ports", &cfg_type_bracketed_portlist, 0 },
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment