Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 18:28:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add --filter and --filter-AAAA options.

Browse Source
This commit is contained in:
Simon Kelley
2021-10-07 23:12:59 +01:00
parent 72fac0810c
commit 37a70d39e0
7 changed files with 67 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/forward.c
View File

@@ -629,7 +629,7 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
if (added_pheader)
{
/* client didn't send EDNS0, we added one, strip it off before returning answer. */
n = rrfilter(header, n, 0);
n = rrfilter(header, n, RRFILTER_EDNS0);
pheader = NULL;
}
else
@@ -718,7 +718,17 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
cache_secure = 0;
}
}
/* Before extract_addresses() */
if (rcode == NOERROR)
{
if (option_bool(OPT_FILTER_A))
n = rrfilter(header, n, RRFILTER_A);
if (option_bool(OPT_FILTER_AAAA))
n = rrfilter(header, n, RRFILTER_AAAA);
}
if (extract_addresses(header, n, daemon->namebuff, now, ipsets, nftsets, is_sign, check_rebind, no_cache, cache_secure, &doctored))
{
my_syslog(LOG_WARNING, _("possible DNS-rebind attack detected: %s"), daemon->namebuff);
@@ -748,7 +758,7 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
/* If the requestor didn't set the DO bit, don't return DNSSEC info. */
if (!do_bit)
n = rrfilter(header, n, 1);
n = rrfilter(header, n, RRFILTER_DNSSEC);
}
#endif
@@ -772,7 +782,7 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
u16 swap = htons((u16)ede);
n = add_pseudoheader(header, n, limit, daemon->edns_pktsz, EDNS0_OPTION_EDE, (unsigned char *)&swap, 2, do_bit, 1);
}
return n;
}