Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 10:18:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Eliminate IPv6 privacy addresses from --interface-name answers.

Browse Source
This commit is contained in:
Simon Kelley
2014-12-17 12:41:56 +00:00
parent bd9520b7ad
commit 476693678e
5 changed files with 28 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGELOG
View File

@@ -14,6 +14,11 @@ version 2.73
Fix breakage of --domain=<domain>,<subnet>,local - only reverse Fix breakage of --domain=<domain>,<subnet>,local - only reverse
queries were intercepted. THis appears to have been broken queries were intercepted. THis appears to have been broken
since 2.69. Thanks to Josh Stone for finding the bug. since 2.69. Thanks to Josh Stone for finding the bug.
Eliminate IPv6 privacy addresses and deprecated addresses from
the answers given by --interface-name. Note that reverse queries
(ie looking for names, given addresses) are not affected.
Thanks to Michael Gorbach for the suggestion.
version 2.72 version 2.72

4
src/auth.c
View File

@@ -363,6 +363,10 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
if (((addrlist->flags & ADDRLIST_IPV6) ? T_AAAA : T_A) == qtype && if (((addrlist->flags & ADDRLIST_IPV6) ? T_AAAA : T_A) == qtype &&
(local_query || filter_zone(zone, flag, &addrlist->addr))) (local_query || filter_zone(zone, flag, &addrlist->addr)))
{ {
#ifdef HAVE_IPV6
if (addrlist->flags & ADDRLIST_REVONLY)
continue;
#endif
found = 1; found = 1;
log_query(F_FORWARD | F_CONFIG | flag, name, &addrlist->addr, NULL); log_query(F_FORWARD | F_CONFIG | flag, name, &addrlist->addr, NULL);
if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,

1
src/dnsmasq.h
View File

@@ -318,6 +318,7 @@ struct ds_config {
#define ADDRLIST_LITERAL 1 #define ADDRLIST_LITERAL 1
#define ADDRLIST_IPV6 2 #define ADDRLIST_IPV6 2
#define ADDRLIST_REVONLY 4
struct addrlist { struct addrlist {
struct all_addr addr; struct all_addr addr;

12
src/network.c
View File

@@ -236,7 +236,7 @@ struct iface_param {
}; };
static int iface_allowed(struct iface_param *param, int if_index, char *label, static int iface_allowed(struct iface_param *param, int if_index, char *label,
union mysockaddr *addr, struct in_addr netmask, int prefixlen, int dad) union mysockaddr *addr, struct in_addr netmask, int prefixlen, int iface_flags)
{ {
struct irec *iface; struct irec *iface;
int mtu = 0, loopback; int mtu = 0, loopback;
@@ -388,6 +388,10 @@ static int iface_allowed(struct iface_param *param, int if_index, char *label,
{ {
al->addr.addr.addr6 = addr->in6.sin6_addr; al->addr.addr.addr6 = addr->in6.sin6_addr;
al->flags = ADDRLIST_IPV6; al->flags = ADDRLIST_IPV6;
/* Privacy addresses and addresses still undergoing DAD and deprecated addresses
don't appear in forward queries, but will in reverse ones. */
if (!(iface_flags & IFACE_PERMANENT) || (iface_flags & (IFACE_DEPRECATED | IFACE_TENTATIVE)))
al->flags |= ADDRLIST_REVONLY;
} }
#endif #endif
} }
@@ -399,7 +403,7 @@ static int iface_allowed(struct iface_param *param, int if_index, char *label,
for (iface = daemon->interfaces; iface; iface = iface->next) for (iface = daemon->interfaces; iface; iface = iface->next)
if (sockaddr_isequal(&iface->addr, addr)) if (sockaddr_isequal(&iface->addr, addr))
{ {
iface->dad = dad; iface->dad = !!(iface_flags & IFACE_TENTATIVE);
iface->found = 1; /* for garbage collection */ iface->found = 1; /* for garbage collection */
return 1; return 1;
} }
@@ -474,7 +478,7 @@ static int iface_allowed(struct iface_param *param, int if_index, char *label,
iface->dhcp_ok = dhcp_ok; iface->dhcp_ok = dhcp_ok;
iface->dns_auth = auth_dns; iface->dns_auth = auth_dns;
iface->mtu = mtu; iface->mtu = mtu;
iface->dad = dad; iface->dad = !!(iface_flags & IFACE_TENTATIVE);
iface->found = 1; iface->found = 1;
iface->done = iface->multicast_done = iface->warned = 0; iface->done = iface->multicast_done = iface->warned = 0;
iface->index = if_index; iface->index = if_index;
@@ -519,7 +523,7 @@ static int iface_allowed_v6(struct in6_addr *local, int prefix,
else else
addr.in6.sin6_scope_id = 0; addr.in6.sin6_scope_id = 0;
return iface_allowed((struct iface_param *)vparam, if_index, NULL, &addr, netmask, prefix, !!(flags & IFACE_TENTATIVE)); return iface_allowed((struct iface_param *)vparam, if_index, NULL, &addr, netmask, prefix, flags);
} }
#endif #endif

17
src/rfc1035.c
View File

@@ -1923,14 +1923,17 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
for (intr = daemon->int_names; intr; intr = intr->next) for (intr = daemon->int_names; intr; intr = intr->next)
if (hostname_isequal(name, intr->name)) if (hostname_isequal(name, intr->name))
{ {
ans = 1; for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)
if (!dryrun)
{
for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)
#ifdef HAVE_IPV6 #ifdef HAVE_IPV6
if (((addrlist->flags & ADDRLIST_IPV6) ? T_AAAA : T_A) == type) if (((addrlist->flags & ADDRLIST_IPV6) ? T_AAAA : T_A) == type)
#endif #endif
{
#ifdef HAVE_IPV6
if (addrlist->flags & ADDRLIST_REVONLY)
continue;
#endif
ans = 1;
if (!dryrun)
{ {
gotit = 1; gotit = 1;
log_query(F_FORWARD | F_CONFIG | flag, name, &addrlist->addr, NULL); log_query(F_FORWARD | F_CONFIG | flag, name, &addrlist->addr, NULL);
@@ -1939,7 +1942,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
type == T_A ? "4" : "6", &addrlist->addr)) type == T_A ? "4" : "6", &addrlist->addr))
anscount++; anscount++;
} }
} }
} }
if (!dryrun && !gotit) if (!dryrun && !gotit)