- With hide-version unbound also omits the version from http headers.

daemon/worker.c

@@ -1796,7 +1796,7 @@ worker_init(struct worker* worker, struct config_file *cfg,
 		worker->daemon->connect_sslctx, cfg->delay_close,
 		cfg->tls_use_sni, dtenv, cfg->udp_connect,
 		cfg->max_reuse_tcp_queries, cfg->tcp_reuse_timeout,
-		cfg->tcp_auth_query_timeout);
+		cfg->tcp_auth_query_timeout, cfg->hide_version);
 	if(!worker->back) {
 		log_err("could not create outgoing sockets");
 		worker_delete(worker);

doc/Changelog

@@ -7,6 +7,7 @@
 	- Fix unbound-control local_data and local_datas to print detailed
 	  syntax errors.
 	- review fix to remove duplicate error printout.
+	- With hide-version unbound also omits the version from http headers.
 
 6 July 2021: Wouter
 	- iana portlist update.

libunbound/libworker.c

@@ -243,7 +243,7 @@ libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb)
 		cfg->do_udp || cfg->udp_upstream_without_downstream, w->sslctx,
 		cfg->delay_close, cfg->tls_use_sni, NULL, cfg->udp_connect,
 		cfg->max_reuse_tcp_queries, cfg->tcp_reuse_timeout,
-		cfg->tcp_auth_query_timeout);
+		cfg->tcp_auth_query_timeout, cfg->hide_version);
 	w->env->outnet = w->back;
 	if(!w->is_bg || w->is_bg_thread) {
 		lock_basic_unlock(&ctx->cfglock);

services/outside_network.c

@@ -1437,7 +1437,7 @@ outside_network_create(struct comm_base *base, size_t bufsize,
 	void (*unwanted_action)(void*), void* unwanted_param, int do_udp,
 	void* sslctx, int delayclose, int tls_use_sni, struct dt_env* dtenv,
 	int udp_connect, int max_reuse_tcp_queries, int tcp_reuse_timeout,
-	int tcp_auth_query_timeout)
+	int tcp_auth_query_timeout, int hide_version)
 {
 	struct outside_network* outnet = (struct outside_network*)
 		calloc(1, sizeof(struct outside_network));
@@ -1471,6 +1471,7 @@ outside_network_create(struct comm_base *base, size_t bufsize,
 	outnet->do_udp = do_udp;
 	outnet->tcp_mss = tcp_mss;
 	outnet->ip_dscp = dscp;
+	outnet->hide_version = hide_version;
 #ifndef S_SPLINT_S
 	if(delayclose) {
 		outnet->delayclose = 1;
@@ -3436,13 +3437,14 @@ outnet_comm_point_for_tcp(struct outside_network* outnet,
 
 /** setup http request headers in buffer for sending query to destination */
 static int
-setup_http_request(sldns_buffer* buf, char* host, char* path)
+setup_http_request(sldns_buffer* buf, char* host, char* path, int hide_version)
 {
 	sldns_buffer_clear(buf);
 	sldns_buffer_printf(buf, "GET /%s HTTP/1.1\r\n", path);
 	sldns_buffer_printf(buf, "Host: %s\r\n", host);
-	sldns_buffer_printf(buf, "User-Agent: unbound/%s\r\n",
-		PACKAGE_VERSION);
+	if(!hide_version)
+		sldns_buffer_printf(buf, "User-Agent: unbound/%s\r\n",
+			PACKAGE_VERSION);
 	/* We do not really do multiple queries per connection,
 	 * but this header setting is also not needed.
 	 * sldns_buffer_printf(buf, "Connection: close\r\n") */
@@ -3494,7 +3496,7 @@ outnet_comm_point_for_http(struct outside_network* outnet,
 	comm_point_start_listening(cp, fd, timeout);
 
 	/* setup http request in cp->buffer */
-	if(!setup_http_request(cp->buffer, host, path)) {
+	if(!setup_http_request(cp->buffer, host, path, outnet->hide_version)) {
 		log_err("error setting up http request");
 		comm_point_delete(cp);
 		return NULL;

services/outside_network.h

@@ -146,6 +146,8 @@ struct outside_network {
 	int tcp_mss;
 	/** IP_TOS socket option requested on the sockets */
 	int ip_dscp;
+	/** hide version option */
+	int hide_version;
 
 	/**
 	 * Array of tcp pending used for outgoing TCP connections.
@@ -544,6 +546,7 @@ struct serviced_query {
  * @param max_reuse_tcp_queries: max number of queries on a reuse connection.
  * @param tcp_reuse_timeout: timeout for REUSE entries in milliseconds.
  * @param tcp_auth_query_timeout: timeout in milliseconds for TCP queries to auth servers.
+ * @param hide_version: if the version is hidden.
  * @return: the new structure (with no pending answers) or NULL on error.
  */
 struct outside_network* outside_network_create(struct comm_base* base,
@@ -554,7 +557,7 @@ struct outside_network* outside_network_create(struct comm_base* base,
 	void (*unwanted_action)(void*), void* unwanted_param, int do_udp,
 	void* sslctx, int delayclose, int tls_use_sni, struct dt_env *dtenv,
 	int udp_connect, int max_reuse_tcp_queries, int tcp_reuse_timeout,
-	int tcp_auth_query_timeout);
+	int tcp_auth_query_timeout, int hide_version);
 
 /**
  * Delete outside_network structure.

testcode/fake_event.c

@@ -1052,7 +1052,7 @@ outside_network_create(struct comm_base* base, size_t bufsize,
 	int ATTR_UNUSED(delayclose), int ATTR_UNUSED(tls_use_sni),
 	struct dt_env* ATTR_UNUSED(dtenv), int ATTR_UNUSED(udp_connect),
 	int ATTR_UNUSED(max_reuse_tcp_queries), int ATTR_UNUSED(tcp_reuse_timeout),
-	int ATTR_UNUSED(tcp_auth_query_timeout))
+	int ATTR_UNUSED(tcp_auth_query_timeout), int ATTR_UNUSED(hide_version))
 {
 	struct replay_runtime* runtime = (struct replay_runtime*)base;
 	struct outside_network* outnet =  calloc(1,