From 376d48c7f187cd3c3e941929a4cd5e9c9903fc89 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Wed, 13 Nov 2013 13:04:30 +0000 Subject: [PATCH] Allow interface name to specify subnets in --auth-zone. --- CHANGELOG | 31 +++++++++++++ man/dnsmasq.8 | 39 +++++++++------- src/auth.c | 81 +++++++++++++--------------------- src/dnsmasq.h | 39 ++++++++-------- src/network.c | 120 +++++++++++++++++++++++++++++++++++++++----------- src/option.c | 58 +++++++++++++++--------- src/rfc1035.c | 38 +++++++--------- 7 files changed, 255 insertions(+), 151 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 77acde2..10b8da9 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,34 @@ +version 2.68 + Use random addresses for DHCPv6 temporary address + allocations, instead of algorithmically determined stable + addresses. + + Fix bug which meant that the DHCPv6 DUID was not available + in DHCP script runs during the lifetime of the dnsmasq + process which created the DUID de-novo. Once the DUID was + created and stored in the lease file and dnsmasq + restarted, this bug disappeared. + + Fix bug introduced in 2.67 which could result in erroneous + NXDOMAIN returns to CNAME queries. + + Fix build failures on MacOS X and openBSD. + + Allow subnet specifications in --auth-zone to be interface + names as well as address literals. This makes it possible + to configure authoritative DNS when local address ranges + are dynamic and works much better than the previous + work-around which exempted contructed DHCP ranges from the + IP address filtering. As a consequence, that work-around + is removed. Under certain circumstances, this change wil + break existing configuration: if you're relying on the + contructed-range exception, you need to change --auth-zone + to specify the same interface as is used to construct your + DHCP ranges, probably with a trailing "/6" like this: + --auth-zone=example.com,eth0/6 to limit the addresses to + IPv6 addresses of eth0. + + version 2.67 Fix crash if upstream server returns SERVFAIL when --conntrack in use. Thanks to Giacomo Tazzari for finding diff --git a/man/dnsmasq.8 b/man/dnsmasq.8 index 123c98f..deb3eb6 100644 --- a/man/dnsmasq.8 +++ b/man/dnsmasq.8 @@ -589,10 +589,19 @@ needed for a client to do validation itself. .B --auth-zone=[,[/][,[/].....]] Define a DNS zone for which dnsmasq acts as authoritative server. Locally defined DNS records which are in the domain will be served. A and AAAA records must be in one of the -specified subnets, or in a subnet corresponding to a constructed DHCP -range. (This can be overridden with -.B constructor-noauth: -) The subnet(s) are also used to define in-addr.arpa and +specified subnets. As alternative to directly specifying the subnets, it's possible to +give the name of an interface, in which case the subnets implied by +that interface's configured addresses and netmask/prefix-length are +used; this is useful when using constructed DHCP ranges as the actual +address is dynamic and not known when configuring dnsmasq. The +interface addresses may be confined to only IPv6 addresses using +/6 or to only IPv4 using /4. This is useful when +an interface has dynamically determined global IPv6 addresses which should +appear in the zone, but RFC1918 IPv4 addresses which should not. +Interface-name and address-literal subnet specifications may be used +freely in the same --auth-zone declaration. + +The subnet(s) are also used to define in-addr.arpa and ipv6.arpa domains which are served for reverse-DNS queries. If not specified, the prefix length defaults to 24 for IPv4 and 64 for IPv6. For IPv4 subnets, the prefix length should be have the value 8, 16 or 24 @@ -680,12 +689,6 @@ then the address can be simply :: .B --dhcp-range=::,constructor:eth0 -There is a variant of the constructor: syntax using the keyword -.B constructor-noauth. -See -.B --auth-zone -for an explanation of this. - The optional .B set: sets an alphanumeric label which marks this network so that @@ -1959,18 +1962,20 @@ IPv4 and IPv6 addresses from /etc/hosts (and .B --addn-hosts ) and .B --host-record +and +.B --interface-name provided the address falls into one of the subnets specified in the .B --auth-zone. -.PP -Addresses specified by -.B --interface-name. -In this case, the address is not contrained to a subnet from -.B --auth-zone. - .PP Addresses of DHCP leases, provided the address falls into one of the subnets specified in the +.B --auth-zone. +(If contructed DHCP ranges are is use, which depend on the address dynamically +assigned to an interface, then the form of .B --auth-zone -OR a constructed DHCP range. In the default mode, where a DHCP lease +which defines subnets by the dynamic address of an interface should +be used to ensure this condition is met.) +.PP +In the default mode, where a DHCP lease has an unqualified name, and possibly a qualified name constructed using .B --domain diff --git a/src/auth.c b/src/auth.c index 4a1075b..e7168c2 100644 --- a/src/auth.c +++ b/src/auth.c @@ -18,27 +18,26 @@ #ifdef HAVE_AUTH -static struct subnet *filter_zone(struct auth_zone *zone, int flag, struct all_addr *addr_u) +static struct addrlist *filter_zone(struct auth_zone *zone, int flag, struct all_addr *addr_u) { - struct subnet *subnet; + struct addrlist *subnet; for (subnet = zone->subnet; subnet; subnet = subnet->next) { - if (subnet->is6 && (flag & F_IPV4)) - continue; - - if (!subnet->is6) + if (!(subnet->flags & ADDRLIST_IPV6)) { - struct in_addr addr = addr_u->addr.addr4; - struct in_addr mask; + struct in_addr netmask, addr = addr_u->addr.addr4; + + if (!(flag & F_IPV4)) + continue; - mask.s_addr = htonl(~((1 << (32 - subnet->prefixlen)) - 1)); + netmask.s_addr = htonl(~((1 << (32 - subnet->prefixlen)) - 1)); - if (is_same_net(addr, subnet->addr4, mask)) + if (is_same_net(addr, subnet->addr.addr.addr4, netmask)) return subnet; } #ifdef HAVE_IPV6 - else if (is_same_net6(&(addr_u->addr.addr6), &subnet->addr6, subnet->prefixlen)) + else if (is_same_net6(&(addr_u->addr.addr6), &subnet->addr.addr.addr6, subnet->prefixlen)) return subnet; #endif @@ -46,22 +45,6 @@ static struct subnet *filter_zone(struct auth_zone *zone, int flag, struct all_a return NULL; } -static int filter_constructed_dhcp(struct auth_zone *zone, int flag, struct all_addr *addr_u) -{ -#ifdef HAVE_DHCP6 - struct dhcp_context *context; - - if (flag & F_IPV6) - for (context = daemon->dhcp6; context; context = context->next) - if ((context->flags & CONTEXT_CONSTRUCTED) && - !(context->flags & CONTEXT_NOAUTH) && - is_same_net6(&(addr_u->addr.addr6), &context->start6, context->prefix)) - return 1; -#endif - - return filter_zone(zone, flag, addr_u) != NULL; -} - int in_zone(struct auth_zone *zone, char *name, char **cut) { size_t namelen = strlen(name); @@ -99,7 +82,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n struct crec *crecp; int auth = !local_query, trunc = 0, nxdomain = 1, soa = 0, ns = 0, axfr = 0; struct auth_zone *zone = NULL; - struct subnet *subnet = NULL; + struct addrlist *subnet = NULL; char *cut; struct mx_srv_record *rec, *move, **up; struct txt_record *txt; @@ -164,8 +147,8 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n { struct addrlist *addrlist; - for (addrlist = intr->addr4; addrlist; addrlist = addrlist->next) - if (addr.addr.addr4.s_addr == addrlist->addr.addr.addr4.s_addr) + for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) + if (!(addrlist->flags & ADDRLIST_IPV6) && addr.addr.addr4.s_addr == addrlist->addr.addr.addr4.s_addr) break; if (addrlist) @@ -180,8 +163,8 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n { struct addrlist *addrlist; - for (addrlist = intr->addr6; addrlist; addrlist = addrlist->next) - if (IN6_ARE_ADDR_EQUAL(&addr.addr.addr6, &addrlist->addr.addr.addr6)) + for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) + if ((addrlist->flags & ADDRLIST_IPV6) && IN6_ARE_ADDR_EQUAL(&addr.addr.addr6, &addrlist->addr.addr.addr6)) break; if (addrlist) @@ -362,16 +345,12 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n { struct addrlist *addrlist; - addrlist = intr->addr4; -#ifdef HAVE_IPV6 - if (qtype == T_AAAA) - addrlist = intr->addr6; -#endif nxdomain = 0; if (flag) - for (; addrlist; addrlist = addrlist->next) - if (local_query || filter_constructed_dhcp(zone, flag, &addrlist->addr)) + for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) + if (((addrlist->flags & ADDRLIST_IPV6) ? T_AAAA : T_A) == qtype && + (local_query || filter_zone(zone, flag, &addrlist->addr))) { found = 1; log_query(F_FORWARD | F_CONFIG | flag, name, &addrlist->addr, NULL); @@ -468,7 +447,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n { nxdomain = 0; if ((crecp->flags & flag) && - (local_query || filter_constructed_dhcp(zone, flag, &(crecp->addr.addr)))) + (local_query || filter_zone(zone, flag, &(crecp->addr.addr)))) { *cut = '.'; /* restore domain part */ log_query(crecp->flags, name, &crecp->addr.addr, record_source(crecp->uid)); @@ -491,7 +470,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n do { nxdomain = 0; - if ((crecp->flags & flag) && (local_query || filter_constructed_dhcp(zone, flag, &(crecp->addr.addr)))) + if ((crecp->flags & flag) && (local_query || filter_zone(zone, flag, &(crecp->addr.addr)))) { log_query(crecp->flags, name, &crecp->addr.addr, record_source(crecp->uid)); found = 1; @@ -522,9 +501,9 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n authname = name; - if (!subnet->is6) + if (!(subnet->flags & ADDRLIST_IPV6)) { - in_addr_t a = ntohl(subnet->addr4.s_addr) >> 8; + in_addr_t a = ntohl(subnet->addr.addr.addr4.s_addr) >> 8; char *p = name; if (subnet->prefixlen >= 24) @@ -544,7 +523,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n for (i = subnet->prefixlen-1; i >= 0; i -= 4) { - int dig = ((unsigned char *)&subnet->addr6)[i>>3]; + int dig = ((unsigned char *)&subnet->addr.addr.addr6)[i>>3]; p += sprintf(p, "%.1x.", (i>>2) & 1 ? dig & 15 : dig >> 4); } p += sprintf(p, "ip6.arpa"); @@ -680,15 +659,17 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n if (cut) *cut = 0; - for (addrlist = intr->addr4; addrlist; addrlist = addrlist->next) - if ((local_query || filter_constructed_dhcp(zone, F_IPV4, &addrlist->addr)) && + for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) + if (!(subnet->flags & ADDRLIST_IPV6) && + (local_query || filter_zone(zone, F_IPV4, &addrlist->addr)) && add_resource_record(header, limit, &trunc, -axfroffset, &ansp, daemon->auth_ttl, NULL, T_A, C_IN, "4", cut ? intr->name : NULL, &addrlist->addr)) anscount++; #ifdef HAVE_IPV6 - for (addrlist = intr->addr6; addrlist; addrlist = addrlist->next) - if ((local_query || filter_constructed_dhcp(zone, F_IPV6, &addrlist->addr)) && + for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) + if ((subnet->flags & ADDRLIST_IPV6) && + (local_query || filter_zone(zone, F_IPV6, &addrlist->addr)) && add_resource_record(header, limit, &trunc, -axfroffset, &ansp, daemon->auth_ttl, NULL, T_AAAA, C_IN, "6", cut ? intr->name : NULL, &addrlist->addr)) anscount++; @@ -729,7 +710,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n { char *cache_name = cache_get_name(crecp); if (!strchr(cache_name, '.') && - (local_query || filter_constructed_dhcp(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr.addr)))) + (local_query || filter_zone(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr.addr)))) { qtype = T_A; #ifdef HAVE_IPV6 @@ -747,7 +728,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n { strcpy(name, cache_get_name(crecp)); if (in_zone(zone, name, &cut) && - (local_query || filter_constructed_dhcp(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr.addr)))) + (local_query || filter_zone(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr.addr)))) { qtype = T_A; #ifdef HAVE_IPV6 diff --git a/src/dnsmasq.h b/src/dnsmasq.h index 98266c6..c316b50 100644 --- a/src/dnsmasq.h +++ b/src/dnsmasq.h @@ -280,18 +280,28 @@ struct ptr_record { struct cname { char *alias, *target; struct cname *next; +}; + +#define ADDRLIST_LITERAL 1 +#define ADDRLIST_IPV6 2 + +struct addrlist { + struct all_addr addr; + int flags, prefixlen; + struct addrlist *next; }; +#define AUTH6 1 +#define AUTH4 2 + struct auth_zone { char *domain; - struct subnet { - int is6, prefixlen; - struct in_addr addr4; -#ifdef HAVE_IPV6 - struct in6_addr addr6; -#endif - struct subnet *next; - } *subnet; + struct auth_name_list { + char *name; + int flags; + struct auth_name_list *next; + } *interface_names; + struct addrlist *subnet; struct auth_zone *next; }; @@ -311,13 +321,7 @@ struct host_record { struct interface_name { char *name; /* domain name */ char *intr; /* interface name */ - struct addrlist { - struct all_addr addr; - struct addrlist *next; - } *addr4; -#ifdef HAVE_IPV6 - struct addrlist *addr6; -#endif + struct addrlist *addr; struct interface_name *next; }; @@ -748,9 +752,8 @@ struct dhcp_context { #define CONTEXT_RA (1u<<13) #define CONTEXT_CONF_USED (1u<<14) #define CONTEXT_USED (1u<<15) -#define CONTEXT_NOAUTH (1u<<16) -#define CONTEXT_OLD (1u<<17) -#define CONTEXT_V6 (1u<<18) +#define CONTEXT_OLD (1u<<16) +#define CONTEXT_V6 (1u<<17) struct ping_result { diff --git a/src/network.c b/src/network.c index de5d9f2..3515a52 100644 --- a/src/network.c +++ b/src/network.c @@ -239,7 +239,7 @@ struct iface_param { }; static int iface_allowed(struct iface_param *param, int if_index, char *label, - union mysockaddr *addr, struct in_addr netmask, int dad) + union mysockaddr *addr, struct in_addr netmask, int prefixlen, int dad) { struct irec *iface; int mtu = 0, loopback; @@ -267,15 +267,67 @@ static int iface_allowed(struct iface_param *param, int if_index, char *label, label = ifr.ifr_name; - /* Update addresses from interface_names. These are a set independent - of the set we're listening on. */ #ifdef HAVE_IPV6 if (addr->sa.sa_family != AF_INET6 || !IN6_IS_ADDR_LINKLOCAL(&addr->in6.sin6_addr)) #endif { struct interface_name *int_name; struct addrlist *al; +#ifdef HAVE_AUTH + struct auth_zone *zone; + struct auth_name_list *name; + /* Find subnets in auth_zones */ + for (zone = daemon->auth_zones; zone; zone = zone->next) + for (name = zone->interface_names; name; name = name->next) + if (wildcard_match(name->name, label)) + { + if (addr->sa.sa_family == AF_INET && (name->flags & AUTH4)) + { + if (param->spare) + { + al = param->spare; + param->spare = al->next; + } + else + al = whine_malloc(sizeof(struct addrlist)); + + if (al) + { + al->next = zone->subnet; + zone->subnet = al; + al->prefixlen = prefixlen; + al->addr.addr.addr4 = addr->in.sin_addr; + al->flags = 0; + } + } + +#ifdef HAVE_IPV6 + if (addr->sa.sa_family == AF_INET6 && (name->flags & AUTH6)) + { + if (param->spare) + { + al = param->spare; + param->spare = al->next; + } + else + al = whine_malloc(sizeof(struct addrlist)); + + if (al) + { + al->next = zone->subnet; + zone->subnet = al; + al->prefixlen = prefixlen;al->addr.addr.addr6 = addr->in6.sin6_addr; + al->flags = ADDRLIST_IPV6; + } + } +#endif + + } +#endif + + /* Update addresses from interface_names. These are a set independent + of the set we're listening on. */ for (int_name = daemon->int_names; int_name; int_name = int_name->next) if (strncmp(label, int_name->intr, IF_NAMESIZE) == 0) { @@ -289,18 +341,19 @@ static int iface_allowed(struct iface_param *param, int if_index, char *label, if (al) { + al->next = int_name->addr; + int_name->addr = al; + if (addr->sa.sa_family == AF_INET) { al->addr.addr.addr4 = addr->in.sin_addr; - al->next = int_name->addr4; - int_name->addr4 = al; + al->flags = 0; } #ifdef HAVE_IPV6 else { al->addr.addr.addr6 = addr->in6.sin6_addr; - al->next = int_name->addr6; - int_name->addr6 = al; + al->flags = ADDRLIST_IPV6; } #endif } @@ -413,7 +466,6 @@ static int iface_allowed_v6(struct in6_addr *local, int prefix, struct in_addr netmask; /* dummy */ netmask.s_addr = 0; - (void)prefix; /* warning */ (void)scope; /* warning */ (void)preferred; (void)valid; @@ -427,7 +479,7 @@ static int iface_allowed_v6(struct in6_addr *local, int prefix, addr.in6.sin6_port = htons(daemon->port); addr.in6.sin6_scope_id = if_index; - return iface_allowed((struct iface_param *)vparam, if_index, NULL, &addr, netmask, !!(flags & IFACE_TENTATIVE)); + return iface_allowed((struct iface_param *)vparam, if_index, NULL, &addr, netmask, prefix, !!(flags & IFACE_TENTATIVE)); } #endif @@ -435,6 +487,7 @@ static int iface_allowed_v4(struct in_addr local, int if_index, char *label, struct in_addr netmask, struct in_addr broadcast, void *vparam) { union mysockaddr addr; + int prefix, bit; memset(&addr, 0, sizeof(addr)); #ifdef HAVE_SOCKADDR_SA_LEN @@ -445,7 +498,10 @@ static int iface_allowed_v4(struct in_addr local, int if_index, char *label, addr.in.sin_addr = local; addr.in.sin_port = htons(daemon->port); - return iface_allowed((struct iface_param *)vparam, if_index, label, &addr, netmask, 0); + /* determine prefix length from netmask */ + for (prefix = 32, bit = 1; (bit & ntohl(netmask.s_addr)) == 0 && prefix != 0; bit = bit << 1, prefix--); + + return iface_allowed((struct iface_param *)vparam, if_index, label, &addr, netmask, prefix, 0); } int enumerate_interfaces(int reset) @@ -456,7 +512,10 @@ int enumerate_interfaces(int reset) int errsave, ret = 1; struct addrlist *addr, *tmp; struct interface_name *intname; - +#ifdef HAVE_AUTH + struct auth_zone *zone; +#endif + /* Do this max once per select cycle - also inhibits netlink socket use in TCP child processes. */ @@ -480,27 +539,38 @@ int enumerate_interfaces(int reset) /* remove addresses stored against interface_names */ for (intname = daemon->int_names; intname; intname = intname->next) { - for (addr = intname->addr4; addr; addr = tmp) + for (addr = intname->addr; addr; addr = tmp) { tmp = addr->next; addr->next = spare; spare = addr; } - intname->addr4 = NULL; - -#ifdef HAVE_IPV6 - for (addr = intname->addr6; addr; addr = tmp) - { - tmp = addr->next; - addr->next = spare; - spare = addr; - } - - intname->addr6 = NULL; -#endif + intname->addr = NULL; } - + +#ifdef HAVE_AUTH + /* remove addresses stored against auth_zone subnets, but not + ones configured as address literals */ + for (zone = daemon->auth_zones; zone; zone = zone->next) + if (zone->interface_names) + { + struct addrlist **up; + for (up = &zone->subnet, addr = zone->subnet; addr; addr = tmp) + { + tmp = addr->next; + if (addr->flags & ADDRLIST_LITERAL) + up = &addr->next; + else + { + *up = addr->next; + addr->next = spare; + spare = addr; + } + } + } +#endif + param.spare = spare; #ifdef HAVE_IPV6 diff --git a/src/option.c b/src/option.c index 0ba2664..ae5fad5 100644 --- a/src/option.c +++ b/src/option.c @@ -1649,6 +1649,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma new = opt_malloc(sizeof(struct auth_zone)); new->domain = opt_string_alloc(arg); new->subnet = NULL; + new->interface_names = NULL; new->next = daemon->auth_zones; daemon->auth_zones = new; @@ -1656,10 +1657,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma { int prefixlen = 0; char *prefix; - struct subnet *subnet = opt_malloc(sizeof(struct subnet)); - - subnet->next = new->subnet; - new->subnet = subnet; + struct addrlist *subnet = NULL; + struct all_addr addr; comma = split(arg); prefix = split_chr(arg, '/'); @@ -1667,24 +1666,50 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma if (prefix && !atoi_check(prefix, &prefixlen)) ret_err(gen_err); - if (inet_pton(AF_INET, arg, &subnet->addr4)) + if (inet_pton(AF_INET, arg, &addr.addr.addr4)) { + subnet = opt_malloc(sizeof(struct addrlist)); subnet->prefixlen = (prefixlen == 0) ? 24 : prefixlen; - subnet->is6 = 0; + subnet->flags = ADDRLIST_LITERAL; } #ifdef HAVE_IPV6 - else if (inet_pton(AF_INET6, arg, &subnet->addr6)) + else if (inet_pton(AF_INET6, arg, &addr.addr.addr6)) { + subnet = opt_malloc(sizeof(struct addrlist)); subnet->prefixlen = (prefixlen == 0) ? 64 : prefixlen; - subnet->is6 = 1; + subnet->flags = ADDRLIST_LITERAL | ADDRLIST_IPV6; } #endif - else - ret_err(gen_err); + else + { + struct auth_name_list *name = opt_malloc(sizeof(struct auth_name_list)); + name->name = opt_string_alloc(arg); + name->flags = AUTH4 | AUTH6; + name->next = new->interface_names; + new->interface_names = name; + if (prefix) + { + if (prefixlen == 4) + name->flags &= ~AUTH6; +#ifdef HAVE_IPV6 + else if (prefixlen == 6) + name->flags &= ~AUTH4; +#endif + else + ret_err(gen_err); + } + } + + if (subnet) + { + subnet->addr = addr; + subnet->next = new->subnet; + new->subnet = subnet; + } } break; } - + case LOPT_AUTHSOA: /* --auth-soa */ comma = split(arg); daemon->soa_sn = (u32)atoi(arg); @@ -2464,11 +2489,6 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma new->template_interface = opt_string_alloc(a[leasepos] + 12); new->flags |= CONTEXT_TEMPLATE; } - else if (strstr(a[leasepos], "constructor-noauth:") == a[leasepos]) - { - new->template_interface = opt_string_alloc(a[leasepos] + 19); - new->flags |= CONTEXT_TEMPLATE | CONTEXT_NOAUTH; - } else break; } @@ -3335,10 +3355,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma new = opt_malloc(sizeof(struct interface_name)); new->next = NULL; - new->addr4 = NULL; -#ifdef HAVE_IPV6 - new->addr6 = NULL; -#endif + new->addr = NULL; + /* Add to the end of the list, so that first name of an interface is used for PTR lookups. */ for (up = &daemon->int_names; *up; up = &((*up)->next)); diff --git a/src/rfc1035.c b/src/rfc1035.c index 64ad5bf..9fdba05 100644 --- a/src/rfc1035.c +++ b/src/rfc1035.c @@ -1550,8 +1550,8 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, { struct addrlist *addrlist; - for (addrlist = intr->addr4; addrlist; addrlist = addrlist->next) - if (addr.addr.addr4.s_addr == addrlist->addr.addr.addr4.s_addr) + for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) + if (!(addrlist->flags & ADDRLIST_IPV6) && addr.addr.addr4.s_addr == addrlist->addr.addr.addr4.s_addr) break; if (addrlist) @@ -1566,8 +1566,8 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, { struct addrlist *addrlist; - for (addrlist = intr->addr6; addrlist; addrlist = addrlist->next) - if (IN6_ARE_ADDR_EQUAL(&addr.addr.addr6, &addrlist->addr.addr.addr6)) + for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) + if ((addrlist->flags & ADDRLIST_IPV6) && IN6_ARE_ADDR_EQUAL(&addr.addr.addr6, &addrlist->addr.addr.addr6)) break; if (addrlist) @@ -1732,26 +1732,22 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, for (intr = daemon->int_names; intr; intr = intr->next) if (hostname_isequal(name, intr->name)) { - addrlist = intr->addr4; -#ifdef HAVE_IPV6 - if (type == T_AAAA) - addrlist = intr->addr6; -#endif ans = 1; if (!dryrun) { - if (addrlist) - { - gotit = 1; - for (; addrlist; addrlist = addrlist->next) - { - log_query(F_FORWARD | F_CONFIG | flag, name, &addrlist->addr, NULL); - if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, - daemon->local_ttl, NULL, type, C_IN, - type == T_A ? "4" : "6", &addrlist->addr)) - anscount++; - } - } + + for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) +#ifdef HAVE_IPV6 + if (((addrlist->flags & ADDRLIST_IPV6) ? T_AAAA : T_A) == type) +#endif + { + gotit = 1; + log_query(F_FORWARD | F_CONFIG | flag, name, &addrlist->addr, NULL); + if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, + daemon->local_ttl, NULL, type, C_IN, + type == T_A ? "4" : "6", &addrlist->addr)) + anscount++; + } } }