mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 14:47:09 +00:00
Merge branch 'master' of git://github.com/k9982874/unbound into k9982874-master
This commit is contained in:
commit
ed95b07764
20
Makefile.in
20
Makefile.in
@ -176,11 +176,11 @@ DAEMON_OBJ=acl_list.lo cachedump.lo daemon.lo \
|
||||
shm_main.lo remote.lo stats.lo unbound.lo \
|
||||
worker.lo @WIN_DAEMON_OBJ@
|
||||
DAEMON_OBJ_LINK=$(DAEMON_OBJ) $(COMMON_OBJ_ALL_SYMBOLS) $(SLDNS_OBJ) \
|
||||
$(COMPAT_OBJ) @WIN_DAEMON_OBJ_LINK@
|
||||
$(COMPAT_OBJ) $(IPSET_OBJ) @WIN_DAEMON_OBJ_LINK@
|
||||
CHECKCONF_SRC=smallapp/unbound-checkconf.c smallapp/worker_cb.c
|
||||
CHECKCONF_OBJ=unbound-checkconf.lo worker_cb.lo
|
||||
CHECKCONF_OBJ_LINK=$(CHECKCONF_OBJ) $(COMMON_OBJ_ALL_SYMBOLS) $(SLDNS_OBJ) \
|
||||
$(COMPAT_OBJ) @WIN_CHECKCONF_OBJ_LINK@
|
||||
$(COMPAT_OBJ) $(IPSET_OBJ) @WIN_CHECKCONF_OBJ_LINK@
|
||||
CONTROL_SRC=smallapp/unbound-control.c
|
||||
CONTROL_OBJ=unbound-control.lo
|
||||
CONTROL_OBJ_LINK=$(CONTROL_OBJ) worker_cb.lo $(COMMON_OBJ_ALL_SYMBOLS) \
|
||||
@ -229,10 +229,12 @@ DELAYER_SRC=testcode/delayer.c
|
||||
DELAYER_OBJ=delayer.lo
|
||||
DELAYER_OBJ_LINK=$(DELAYER_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \
|
||||
$(SLDNS_OBJ)
|
||||
IPSET_SRC=@IPSET_SRC@
|
||||
IPSET_OBJ=@IPSET_OBJ@
|
||||
LIBUNBOUND_SRC=libunbound/context.c libunbound/libunbound.c \
|
||||
libunbound/libworker.c
|
||||
LIBUNBOUND_OBJ=context.lo libunbound.lo libworker.lo ub_event_pluggable.lo
|
||||
LIBUNBOUND_OBJ_LINK=$(LIBUNBOUND_OBJ) $(COMMON_OBJ_WITHOUT_UB_EVENT) $(SLDNS_OBJ) $(COMPAT_OBJ)
|
||||
LIBUNBOUND_OBJ_LINK=$(LIBUNBOUND_OBJ) $(COMMON_OBJ_WITHOUT_UB_EVENT) $(SLDNS_OBJ) $(COMPAT_OBJ) $(IPSET_OBJ)
|
||||
|
||||
# win apps or "" if not on windows
|
||||
WINAPPS=@WINAPPS@
|
||||
@ -256,15 +258,18 @@ ALL_SRC=$(COMMON_SRC) $(UNITTEST_SRC) $(DAEMON_SRC) \
|
||||
$(MEMSTATS_SRC) $(CHECKCONF_SRC) $(LIBUNBOUND_SRC) $(HOST_SRC) \
|
||||
$(ASYNCLOOK_SRC) $(STREAMTCP_SRC) $(PERF_SRC) $(DELAYER_SRC) \
|
||||
$(CONTROL_SRC) $(UBANCHOR_SRC) $(PETAL_SRC) \
|
||||
$(PYTHONMOD_SRC) $(PYUNBOUND_SRC) $(WIN_DAEMON_THE_SRC)\
|
||||
$(SVCINST_SRC) $(SVCUNINST_SRC) $(ANCHORUPD_SRC) $(SLDNS_SRC)
|
||||
$(PYTHONMOD_SRC) $(PYUNBOUND_SRC) $(WIN_DAEMON_THE_SRC) \
|
||||
$(SVCINST_SRC) $(SVCUNINST_SRC) $(ANCHORUPD_SRC) $(SLDNS_SRC) \
|
||||
$(IPSET_SRC)
|
||||
|
||||
ALL_OBJ=$(COMMON_OBJ) $(UNITTEST_OBJ) $(DAEMON_OBJ) \
|
||||
$(TESTBOUND_OBJ) $(LOCKVERIFY_OBJ) $(PKTVIEW_OBJ) \
|
||||
$(MEMSTATS_OBJ) $(CHECKCONF_OBJ) $(LIBUNBOUND_OBJ) $(HOST_OBJ) \
|
||||
$(ASYNCLOOK_OBJ) $(STREAMTCP_OBJ) $(PERF_OBJ) $(DELAYER_OBJ) \
|
||||
$(CONTROL_OBJ) $(UBANCHOR_OBJ) $(PETAL_OBJ) \
|
||||
$(COMPAT_OBJ) $(PYUNBOUND_OBJ) \
|
||||
$(SVCINST_OBJ) $(SVCUNINST_OBJ) $(ANCHORUPD_OBJ) $(SLDNS_OBJ)
|
||||
$(SVCINST_OBJ) $(SVCUNINST_OBJ) $(ANCHORUPD_OBJ) $(SLDNS_OBJ) \
|
||||
$(IPSET_OBJ)
|
||||
|
||||
COMPILE=$(LIBTOOL) --tag=CC --mode=compile $(CC) $(CPPFLAGS) $(CFLAGS) @PTHREAD_CFLAGS_ONLY@
|
||||
LINK=$(LIBTOOL) --tag=CC --mode=link $(CC) $(staticexe) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS)
|
||||
@ -1462,3 +1467,6 @@ sha512.lo sha512.o: $(srcdir)/compat/sha512.c config.h
|
||||
reallocarray.lo reallocarray.o: $(srcdir)/compat/reallocarray.c config.h
|
||||
isblank.lo isblank.o: $(srcdir)/compat/isblank.c config.h
|
||||
strsep.lo strsep.o: $(srcdir)/compat/strsep.c config.h
|
||||
|
||||
ipset.lo ipset.o: $(srcdir)/ipset/ipset.c $(srcdir)/ipset/ipset.h config.h $(srcdir)/util/module.h \
|
||||
$(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/services/cache/dns.h
|
||||
|
@ -775,6 +775,9 @@
|
||||
/* Define to 1 to use ipsecmod support. */
|
||||
#undef USE_IPSECMOD
|
||||
|
||||
/* Define to 1 to use ipset support */
|
||||
#undef USE_IPSET
|
||||
|
||||
/* Define if you want to use internal select based events */
|
||||
#undef USE_MINI_EVENT
|
||||
|
||||
|
59
configure
vendored
59
configure
vendored
@ -638,6 +638,8 @@ INSTALLTARGET
|
||||
ALLTARGET
|
||||
SOURCEFILE
|
||||
SOURCEDETERMINE
|
||||
IPSET_OBJ
|
||||
IPSET_SRC
|
||||
IPSECMOD_HEADER
|
||||
IPSECMOD_OBJ
|
||||
DNSCRYPT_OBJ
|
||||
@ -878,6 +880,8 @@ enable_dnscrypt
|
||||
with_libsodium
|
||||
enable_cachedb
|
||||
enable_ipsecmod
|
||||
enable_ipset
|
||||
with_libmnl
|
||||
with_libunbound_only
|
||||
'
|
||||
ac_precious_vars='build_alias
|
||||
@ -1565,6 +1569,7 @@ Optional Features:
|
||||
storage
|
||||
--enable-ipsecmod Enable ipsecmod module that facilitates
|
||||
opportunistic IPsec
|
||||
--enable-ipset enable ipset module
|
||||
|
||||
Optional Packages:
|
||||
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
|
||||
@ -1619,6 +1624,7 @@ Optional Packages:
|
||||
--with-protobuf-c=path Path where protobuf-c is installed, for dnstap
|
||||
--with-libfstrm=path Path where libfstrm is installed, for dnstap
|
||||
--with-libsodium=path Path where libsodium is installed, for dnscrypt
|
||||
--with-libmnl=path specify explicit path for libmnl.
|
||||
--with-libunbound-only do not build daemon and tool programs
|
||||
|
||||
Some influential environment variables:
|
||||
@ -21050,6 +21056,59 @@ $as_echo "#define USE_IPSECMOD 1" >>confdefs.h
|
||||
;;
|
||||
esac
|
||||
|
||||
# check for ipset if requested
|
||||
# Check whether --enable-ipset was given.
|
||||
if test "${enable_ipset+set}" = set; then :
|
||||
enableval=$enable_ipset;
|
||||
fi
|
||||
|
||||
case "$enable_ipset" in
|
||||
yes)
|
||||
|
||||
$as_echo "#define USE_IPSET 1" >>confdefs.h
|
||||
|
||||
IPSET_SRC="ipset/ipset.c"
|
||||
|
||||
IPSET_OBJ="ipset.lo"
|
||||
|
||||
|
||||
# mnl
|
||||
|
||||
# Check whether --with-libmnl was given.
|
||||
if test "${with_libmnl+set}" = set; then :
|
||||
withval=$with_libmnl;
|
||||
else
|
||||
withval="yes"
|
||||
fi
|
||||
|
||||
found_libmnl="no"
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libmnl" >&5
|
||||
$as_echo_n "checking for libmnl... " >&6; }
|
||||
if test x_$withval = x_ -o x_$withval = x_yes; then
|
||||
withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr"
|
||||
fi
|
||||
for dir in $withval ; do
|
||||
if test -f "$dir/include/libmnl/libmnl.h"; then
|
||||
found_libmnl="yes"
|
||||
if test "$dir" != "/usr"; then
|
||||
CPPFLAGS="$CPPFLAGS -I$dir/include"
|
||||
LDFLAGS="$LDFLAGS -L$dir/lib"
|
||||
fi
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: found in $dir" >&5
|
||||
$as_echo "found in $dir" >&6; }
|
||||
LIBS="$LIBS -lmnl"
|
||||
break;
|
||||
fi
|
||||
done
|
||||
if test x_$found_libmnl != x_yes; then
|
||||
as_fn_error $? "Could not find libmnl, libmnl.h" "$LINENO" 5
|
||||
fi
|
||||
;;
|
||||
no|*)
|
||||
# nothing
|
||||
;;
|
||||
esac
|
||||
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if ${MAKE:-make} supports $< with implicit rule in scope" >&5
|
||||
$as_echo_n "checking if ${MAKE:-make} supports $< with implicit rule in scope... " >&6; }
|
||||
# on openBSD, the implicit rule make $< work.
|
||||
|
41
configure.ac
41
configure.ac
@ -1604,6 +1604,47 @@ case "$enable_ipsecmod" in
|
||||
;;
|
||||
esac
|
||||
|
||||
# check for ipset if requested
|
||||
AC_ARG_ENABLE(ipset, AC_HELP_STRING([--enable-ipset], [enable ipset module]))
|
||||
case "$enable_ipset" in
|
||||
yes)
|
||||
AC_DEFINE([USE_IPSET], [1], [Define to 1 to use ipset support])
|
||||
IPSET_SRC="ipset/ipset.c"
|
||||
AC_SUBST(IPSET_SRC)
|
||||
IPSET_OBJ="ipset.lo"
|
||||
AC_SUBST(IPSET_OBJ)
|
||||
|
||||
# mnl
|
||||
AC_ARG_WITH(libmnl, AC_HELP_STRING([--with-libmnl=path],
|
||||
[specify explicit path for libmnl.]),
|
||||
[ ],[ withval="yes" ])
|
||||
found_libmnl="no"
|
||||
AC_MSG_CHECKING(for libmnl)
|
||||
if test x_$withval = x_ -o x_$withval = x_yes; then
|
||||
withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr"
|
||||
fi
|
||||
for dir in $withval ; do
|
||||
if test -f "$dir/include/libmnl/libmnl.h"; then
|
||||
found_libmnl="yes"
|
||||
dnl assume /usr is in default path.
|
||||
if test "$dir" != "/usr"; then
|
||||
CPPFLAGS="$CPPFLAGS -I$dir/include"
|
||||
LDFLAGS="$LDFLAGS -L$dir/lib"
|
||||
fi
|
||||
AC_MSG_RESULT(found in $dir)
|
||||
LIBS="$LIBS -lmnl"
|
||||
break;
|
||||
fi
|
||||
done
|
||||
if test x_$found_libmnl != x_yes; then
|
||||
AC_ERROR([Could not find libmnl, libmnl.h])
|
||||
fi
|
||||
;;
|
||||
no|*)
|
||||
# nothing
|
||||
;;
|
||||
esac
|
||||
|
||||
AC_MSG_CHECKING([if ${MAKE:-make} supports $< with implicit rule in scope])
|
||||
# on openBSD, the implicit rule make $< work.
|
||||
# on Solaris, it does not work ($? is changed sources, $^ lists dependencies).
|
||||
|
@ -654,6 +654,9 @@ server:
|
||||
# local-zone: "8.b.d.0.1.0.0.2.ip6.arpa." nodefault
|
||||
# And for 64.100.in-addr.arpa. to 127.100.in-addr.arpa.
|
||||
|
||||
# Add example.com into ipset
|
||||
# local-zone: "example.com" ipset
|
||||
|
||||
# If unbound is running service for the local host then it is useful
|
||||
# to perform lan-wide lookups to the upstream, and unblock the
|
||||
# long list of local-zones above. If this unbound is a dns server
|
||||
@ -992,3 +995,14 @@ remote-control:
|
||||
# redis-server-port: 6379
|
||||
# # timeout (in ms) for communication with the redis server
|
||||
# redis-timeout: 100
|
||||
|
||||
# IPSet
|
||||
# Add specify domain into set via ipset.
|
||||
# Note: To enable ipset needs run unbound as root user.
|
||||
# ipset:
|
||||
# # set name for ip v4 addresses
|
||||
# name-v4: "list-v4"
|
||||
# # set name for ip v6 addresses
|
||||
# name-v6: "list-v6"
|
||||
#
|
||||
|
||||
|
346
ipset/ipset.c
Executable file
346
ipset/ipset.c
Executable file
@ -0,0 +1,346 @@
|
||||
#include "config.h"
|
||||
#include "ipset/ipset.h"
|
||||
#include "util/regional.h"
|
||||
#include "util/config_file.h"
|
||||
|
||||
#include "services/cache/dns.h"
|
||||
|
||||
#include "sldns/sbuffer.h"
|
||||
#include "sldns/wire2str.h"
|
||||
#include "sldns/parseutil.h"
|
||||
|
||||
#include <libmnl/libmnl.h>
|
||||
#include <linux/netfilter/nfnetlink.h>
|
||||
#include <linux/netfilter/ipset/ip_set.h>
|
||||
|
||||
#define BUFF_LEN 256
|
||||
|
||||
/**
|
||||
* Return an error
|
||||
* @param qstate: our query state
|
||||
* @param id: module id
|
||||
* @param rcode: error code (DNS errcode).
|
||||
* @return: 0 for use by caller, to make notation easy, like:
|
||||
* return error_response(..).
|
||||
*/
|
||||
static int error_response(struct module_qstate* qstate, int id, int rcode) {
|
||||
verbose(VERB_QUERY, "return error response %s",
|
||||
sldns_lookup_by_id(sldns_rcodes, rcode)?
|
||||
sldns_lookup_by_id(sldns_rcodes, rcode)->name:"??");
|
||||
qstate->return_rcode = rcode;
|
||||
qstate->return_msg = NULL;
|
||||
qstate->ext_state[id] = module_finished;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct mnl_socket * open_mnl_socket() {
|
||||
struct mnl_socket *mnl;
|
||||
|
||||
mnl = mnl_socket_open(NETLINK_NETFILTER);
|
||||
if (!mnl) {
|
||||
log_err("ipset: could not open netfilter.");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (mnl_socket_bind(mnl, 0, MNL_SOCKET_AUTOPID) < 0) {
|
||||
mnl_socket_close(mnl);
|
||||
log_err("ipset: could not bind netfilter.");
|
||||
return NULL;
|
||||
}
|
||||
return mnl;
|
||||
}
|
||||
|
||||
static int add_to_ipset(struct mnl_socket *mnl, const char *setname, const void *ipaddr, int af) {
|
||||
struct nlmsghdr *nlh;
|
||||
struct nfgenmsg *nfg;
|
||||
struct nlattr *nested[2];
|
||||
static char buffer[BUFF_LEN];
|
||||
|
||||
if (strlen(setname) >= IPSET_MAXNAMELEN) {
|
||||
errno = ENAMETOOLONG;
|
||||
return -1;
|
||||
}
|
||||
if (af != AF_INET && af != AF_INET6) {
|
||||
errno = EAFNOSUPPORT;
|
||||
return -1;
|
||||
}
|
||||
|
||||
nlh = mnl_nlmsg_put_header(buffer);
|
||||
nlh->nlmsg_type = IPSET_CMD_ADD | (NFNL_SUBSYS_IPSET << 8);
|
||||
nlh->nlmsg_flags = NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL;
|
||||
|
||||
nfg = mnl_nlmsg_put_extra_header(nlh, sizeof(struct nfgenmsg));
|
||||
nfg->nfgen_family = af;
|
||||
nfg->version = NFNETLINK_V0;
|
||||
nfg->res_id = htons(0);
|
||||
|
||||
mnl_attr_put_u8(nlh, IPSET_ATTR_PROTOCOL, IPSET_PROTOCOL);
|
||||
mnl_attr_put(nlh, IPSET_ATTR_SETNAME, strlen(setname) + 1, setname);
|
||||
nested[0] = mnl_attr_nest_start(nlh, IPSET_ATTR_DATA);
|
||||
nested[1] = mnl_attr_nest_start(nlh, IPSET_ATTR_IP);
|
||||
mnl_attr_put(nlh, (af == AF_INET ? IPSET_ATTR_IPADDR_IPV4 : IPSET_ATTR_IPADDR_IPV6)
|
||||
| NLA_F_NET_BYTEORDER, (af == AF_INET ? sizeof(struct in_addr) : sizeof(struct in6_addr)), ipaddr);
|
||||
mnl_attr_nest_end(nlh, nested[1]);
|
||||
mnl_attr_nest_end(nlh, nested[0]);
|
||||
|
||||
if (mnl_socket_sendto(mnl, nlh, nlh->nlmsg_len) < 0) {
|
||||
return -1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int ipset_update(struct module_env *env, struct dns_msg *return_msg, struct ipset_env *ie) {
|
||||
int ret;
|
||||
|
||||
struct mnl_socket *mnl;
|
||||
|
||||
int i, j;
|
||||
|
||||
const char *setname;
|
||||
|
||||
struct ub_packed_rrset_key *rrset;
|
||||
struct packed_rrset_data *d;
|
||||
|
||||
int af;
|
||||
|
||||
static char dname[BUFF_LEN];
|
||||
const char *s;
|
||||
int dlen, plen;
|
||||
|
||||
struct config_strlist *p;
|
||||
|
||||
uint16_t rrtype;
|
||||
size_t rr_len, rd_len;
|
||||
|
||||
uint8_t *rr_data;
|
||||
|
||||
mnl = (struct mnl_socket *)ie->mnl;
|
||||
if (!mnl) {
|
||||
// retry to create mnl socket
|
||||
mnl = open_mnl_socket();
|
||||
if (!mnl) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
ie->mnl = mnl;
|
||||
}
|
||||
|
||||
for (i = 0; i < return_msg->rep->rrset_count; ++i) {
|
||||
setname = NULL;
|
||||
|
||||
rrset = return_msg->rep->rrsets[i];
|
||||
|
||||
if (rrset->rk.type == htons(LDNS_RR_TYPE_A)) {
|
||||
af = AF_INET;
|
||||
if ((ie->v4_enabled == 1)) {
|
||||
setname = ie->name_v4;
|
||||
}
|
||||
} else {
|
||||
af = AF_INET6;
|
||||
if ((ie->v6_enabled == 1)) {
|
||||
setname = ie->name_v6;
|
||||
}
|
||||
}
|
||||
|
||||
if (setname) {
|
||||
dlen = sldns_wire2str_dname_buf(rrset->rk.dname, rrset->rk.dname_len, dname, BUFF_LEN);
|
||||
if (dlen == 0) {
|
||||
log_err("bad domain name");
|
||||
return -1;
|
||||
}
|
||||
if (dname[dlen - 1] == '.') {
|
||||
dlen--;
|
||||
}
|
||||
|
||||
for (p = env->cfg->local_zones_ipset; p; p = p->next) {
|
||||
plen = strlen(p->str);
|
||||
|
||||
if (dlen >= plen) {
|
||||
s = dname + (dlen - plen);
|
||||
|
||||
if (strncasecmp(p->str, s, plen) == 0) {
|
||||
d = (struct packed_rrset_data*)rrset->entry.data;
|
||||
for (j = 0; j < d->count + d->rrsig_count; j++) {
|
||||
rr_len = d->rr_len[j];
|
||||
rr_data = d->rr_data[j];
|
||||
|
||||
rd_len = sldns_read_uint16(rr_data);
|
||||
if (rr_len - 2 >= rd_len) {
|
||||
ret = add_to_ipset(mnl, setname, rr_data + 2, af);
|
||||
if (ret < 0) {
|
||||
log_err("ipset: could not add %s into %s", dname, setname);
|
||||
|
||||
mnl_socket_close(mnl);
|
||||
ie->mnl = NULL;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int ipset_init(struct module_env* env, int id) {
|
||||
struct ipset_env *ipset_env;
|
||||
|
||||
ipset_env = (struct ipset_env *)calloc(1, sizeof(struct ipset_env));
|
||||
if (!ipset_env) {
|
||||
log_err("malloc failure");
|
||||
return 0;
|
||||
}
|
||||
|
||||
env->modinfo[id] = (void *)ipset_env;
|
||||
|
||||
ipset_env->mnl == NULL;
|
||||
|
||||
ipset_env->name_v4 = env->cfg->ipset_name_v4;
|
||||
ipset_env->name_v6 = env->cfg->ipset_name_v6;
|
||||
|
||||
ipset_env->v4_enabled = !ipset_env->name_v4 || (strlen(ipset_env->name_v4) == 0) ? 0 : 1;
|
||||
ipset_env->v6_enabled = !ipset_env->name_v6 || (strlen(ipset_env->name_v6) == 0) ? 0 : 1;
|
||||
|
||||
if ((ipset_env->v4_enabled < 1) && (ipset_env->v6_enabled < 1)) {
|
||||
log_err("ipset: set name no configuration?");
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
void ipset_deinit(struct module_env *env, int id) {
|
||||
struct mnl_socket *mnl;
|
||||
struct ipset_env *ipset_env;
|
||||
|
||||
if (!env || !env->modinfo[id]) {
|
||||
return;
|
||||
}
|
||||
|
||||
ipset_env = (struct ipset_env *)env->modinfo[id];
|
||||
|
||||
mnl = (struct mnl_socket *)ipset_env->mnl;
|
||||
if (mnl) {
|
||||
mnl_socket_close(mnl);
|
||||
ipset_env->mnl = NULL;
|
||||
}
|
||||
|
||||
free(ipset_env);
|
||||
env->modinfo[id] = NULL;
|
||||
}
|
||||
|
||||
static int ipset_new(struct module_qstate* qstate, int id) {
|
||||
struct ipset_qstate *iq = (struct ipset_qstate *)regional_alloc(
|
||||
qstate->region, sizeof(struct ipset_qstate));
|
||||
qstate->minfo[id] = iq;
|
||||
if (!iq) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
memset(iq, 0, sizeof(*iq));
|
||||
/* initialise it */
|
||||
/* TODO */
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
void ipset_operate(struct module_qstate *qstate, enum module_ev event, int id,
|
||||
struct outbound_entry *outbound) {
|
||||
struct ipset_env *ie = (struct ipset_env *)qstate->env->modinfo[id];
|
||||
struct ipset_qstate *iq = (struct ipset_qstate *)qstate->minfo[id];
|
||||
verbose(VERB_QUERY, "ipset[module %d] operate: extstate:%s event:%s",
|
||||
id, strextstate(qstate->ext_state[id]), strmodulevent(event));
|
||||
if (iq) {
|
||||
log_query_info(VERB_QUERY, "ipset operate: query", &qstate->qinfo);
|
||||
}
|
||||
|
||||
/* perform ipset state machine */
|
||||
if ((event == module_event_new || event == module_event_pass) && !iq) {
|
||||
if (!ipset_new(qstate, id)) {
|
||||
(void)error_response(qstate, id, LDNS_RCODE_SERVFAIL);
|
||||
return;
|
||||
}
|
||||
iq = (struct ipset_qstate*)qstate->minfo[id];
|
||||
}
|
||||
|
||||
if (iq && (event == module_event_pass || event == module_event_new)) {
|
||||
qstate->ext_state[id] = module_wait_module;
|
||||
return;
|
||||
}
|
||||
|
||||
if (iq && (event == module_event_moddone)) {
|
||||
if (qstate->return_msg && qstate->return_msg->rep) {
|
||||
ipset_update(qstate->env, qstate->return_msg, ie);
|
||||
}
|
||||
qstate->ext_state[id] = module_finished;
|
||||
return;
|
||||
}
|
||||
|
||||
if (iq && outbound) {
|
||||
/* ipset does not need to process responses at this time
|
||||
* ignore it.
|
||||
ipset_process_response(qstate, iq, ie, id, outbound, event);
|
||||
*/
|
||||
return;
|
||||
}
|
||||
|
||||
if (event == module_event_error) {
|
||||
verbose(VERB_ALGO, "got called with event error, giving up");
|
||||
(void)error_response(qstate, id, LDNS_RCODE_SERVFAIL);
|
||||
return;
|
||||
}
|
||||
|
||||
if (!iq && (event == module_event_moddone)) {
|
||||
/* during priming, module done but we never started */
|
||||
qstate->ext_state[id] = module_finished;
|
||||
return;
|
||||
}
|
||||
|
||||
log_err("bad event for ipset");
|
||||
(void)error_response(qstate, id, LDNS_RCODE_SERVFAIL);
|
||||
}
|
||||
|
||||
void ipset_inform_super(struct module_qstate *ATTR_UNUSED(qstate),
|
||||
int ATTR_UNUSED(id), struct module_qstate *ATTR_UNUSED(super)) {
|
||||
/* ipset does not use subordinate requests at this time */
|
||||
verbose(VERB_ALGO, "ipset inform_super was called");
|
||||
}
|
||||
|
||||
void ipset_clear(struct module_qstate *qstate, int id) {
|
||||
struct cachedb_qstate *iq;
|
||||
if (!qstate) {
|
||||
return;
|
||||
}
|
||||
iq = (struct cachedb_qstate *)qstate->minfo[id];
|
||||
if (iq) {
|
||||
/* free contents of iq */
|
||||
/* TODO */
|
||||
}
|
||||
qstate->minfo[id] = NULL;
|
||||
}
|
||||
|
||||
size_t ipset_get_mem(struct module_env *env, int id) {
|
||||
struct ipset_env *ie = (struct ipset_env *)env->modinfo[id];
|
||||
if (!ie) {
|
||||
return 0;
|
||||
}
|
||||
return sizeof(*ie);
|
||||
}
|
||||
|
||||
/**
|
||||
* The ipset function block
|
||||
*/
|
||||
static struct module_func_block ipset_block = {
|
||||
"ipset",
|
||||
&ipset_init, &ipset_deinit, &ipset_operate,
|
||||
&ipset_inform_super, &ipset_clear, &ipset_get_mem
|
||||
};
|
||||
|
||||
struct module_func_block * ipset_get_funcblock(void) {
|
||||
return &ipset_block;
|
||||
}
|
||||
|
56
ipset/ipset.h
Executable file
56
ipset/ipset.h
Executable file
@ -0,0 +1,56 @@
|
||||
/**
|
||||
* ipset.h
|
||||
*
|
||||
* Author: Kevin Chou
|
||||
* Email: k9982874@gmail.com
|
||||
*/
|
||||
#ifndef IPSET_H
|
||||
#define IPSET_H
|
||||
|
||||
#include "util/module.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
struct ipset_env {
|
||||
void* mnl;
|
||||
|
||||
int v4_enabled;
|
||||
int v6_enabled;
|
||||
|
||||
const char *name_v4;
|
||||
const char *name_v6;
|
||||
};
|
||||
|
||||
struct ipset_qstate {
|
||||
int dummy;
|
||||
};
|
||||
|
||||
/** Init the ipset module */
|
||||
int ipset_init(struct module_env* env, int id);
|
||||
/** Deinit the ipset module */
|
||||
void ipset_deinit(struct module_env* env, int id);
|
||||
/** Operate on an event on a query (in qstate). */
|
||||
void ipset_operate(struct module_qstate* qstate, enum module_ev event,
|
||||
int id, struct outbound_entry* outbound);
|
||||
/** Subordinate query done, inform this super request of its conclusion */
|
||||
void ipset_inform_super(struct module_qstate* qstate, int id,
|
||||
struct module_qstate* super);
|
||||
/** clear the ipset query-specific contents out of qstate */
|
||||
void ipset_clear(struct module_qstate* qstate, int id);
|
||||
/** return memory estimate for ipset module */
|
||||
size_t ipset_get_mem(struct module_env* env, int id);
|
||||
|
||||
/**
|
||||
* Get the function block with pointers to the ipset functions
|
||||
* @return the function block for "ipset".
|
||||
*/
|
||||
struct module_func_block* ipset_get_funcblock(void);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* IPSET_H */
|
||||
|
@ -60,6 +60,9 @@
|
||||
#ifdef CLIENT_SUBNET
|
||||
#include "edns-subnet/subnetmod.h"
|
||||
#endif
|
||||
#ifdef USE_IPSET
|
||||
#include "ipset/ipset.h"
|
||||
#endif
|
||||
|
||||
/** count number of modules (words) in the string */
|
||||
static int
|
||||
@ -145,6 +148,9 @@ module_list_avail(void)
|
||||
#endif
|
||||
#ifdef CLIENT_SUBNET
|
||||
"subnetcache",
|
||||
#endif
|
||||
#ifdef USE_IPSET
|
||||
"ipset",
|
||||
#endif
|
||||
"respip",
|
||||
"validator",
|
||||
@ -173,6 +179,9 @@ module_funcs_avail(void)
|
||||
#endif
|
||||
#ifdef CLIENT_SUBNET
|
||||
&subnetmod_get_funcblock,
|
||||
#endif
|
||||
#ifdef USE_IPSET
|
||||
&ipset_get_funcblock,
|
||||
#endif
|
||||
&respip_get_funcblock,
|
||||
&val_get_funcblock,
|
||||
|
@ -573,6 +573,10 @@ morechecks(struct config_file* cfg)
|
||||
&& strcmp(cfg->module_conf, "python ipsecmod validator iterator") != 0
|
||||
&& strcmp(cfg->module_conf, "ipsecmod python validator iterator") != 0
|
||||
&& strcmp(cfg->module_conf, "ipsecmod validator python iterator") != 0
|
||||
#endif
|
||||
#ifdef USE_IPSET
|
||||
&& strcmp(cfg->module_conf, "validator ipset iterator") != 0
|
||||
&& strcmp(cfg->module_conf, "ipset iterator") != 0
|
||||
#endif
|
||||
) {
|
||||
fatal_exit("module conf '%s' is not known to work",
|
||||
|
@ -255,6 +255,9 @@ config_create(void)
|
||||
cfg->neg_cache_size = 1 * 1024 * 1024;
|
||||
cfg->local_zones = NULL;
|
||||
cfg->local_zones_nodefault = NULL;
|
||||
#ifdef USE_IPSET
|
||||
cfg->local_zones_ipset = NULL;
|
||||
#endif
|
||||
cfg->local_zones_disable_default = 0;
|
||||
cfg->local_data = NULL;
|
||||
cfg->local_zone_overrides = NULL;
|
||||
@ -326,10 +329,14 @@ config_create(void)
|
||||
#ifdef USE_CACHEDB
|
||||
cfg->cachedb_backend = NULL;
|
||||
cfg->cachedb_secret = NULL;
|
||||
#endif
|
||||
#ifdef USE_IPSET
|
||||
cfg->ipset_name_v4 = NULL;
|
||||
cfg->ipset_name_v6 = NULL;
|
||||
#endif
|
||||
return cfg;
|
||||
error_exit:
|
||||
config_delete(cfg);
|
||||
config_delete(cfg);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -1091,6 +1098,10 @@ config_get_option(struct config_file* cfg, const char* opt,
|
||||
#ifdef USE_CACHEDB
|
||||
else O_STR(opt, "backend", cachedb_backend)
|
||||
else O_STR(opt, "secret-seed", cachedb_secret)
|
||||
#endif
|
||||
#ifdef USE_IPSET
|
||||
else O_STR(opt, "name-v4", ipset_name_v4)
|
||||
else O_STR(opt, "name-v6", ipset_name_v6)
|
||||
#endif
|
||||
/* not here:
|
||||
* outgoing-permit, outgoing-avoid - have list of ports
|
||||
@ -1310,6 +1321,9 @@ config_delview(struct config_view* p)
|
||||
free(p->name);
|
||||
config_deldblstrlist(p->local_zones);
|
||||
config_delstrlist(p->local_zones_nodefault);
|
||||
#ifdef USE_IPSET
|
||||
config_delstrlist(p->local_zones_ipset);
|
||||
#endif
|
||||
config_delstrlist(p->local_data);
|
||||
free(p);
|
||||
}
|
||||
@ -1400,6 +1414,9 @@ config_delete(struct config_file* cfg)
|
||||
free(cfg->val_nsec3_key_iterations);
|
||||
config_deldblstrlist(cfg->local_zones);
|
||||
config_delstrlist(cfg->local_zones_nodefault);
|
||||
#ifdef USE_IPSET
|
||||
config_delstrlist(cfg->local_zones_ipset);
|
||||
#endif
|
||||
config_delstrlist(cfg->local_data);
|
||||
config_deltrplstrlist(cfg->local_zone_overrides);
|
||||
config_del_strarray(cfg->tagname, cfg->num_tags);
|
||||
@ -1427,6 +1444,10 @@ config_delete(struct config_file* cfg)
|
||||
#ifdef USE_CACHEDB
|
||||
free(cfg->cachedb_backend);
|
||||
free(cfg->cachedb_secret);
|
||||
#endif
|
||||
#ifdef USE_IPSET
|
||||
free(cfg->ipset_name_v4);
|
||||
free(cfg->ipset_name_v6);
|
||||
#endif
|
||||
free(cfg);
|
||||
}
|
||||
@ -2107,6 +2128,11 @@ cfg_parse_local_zone(struct config_file* cfg, const char* val)
|
||||
if(strcmp(type, "nodefault")==0) {
|
||||
return cfg_strlist_insert(&cfg->local_zones_nodefault,
|
||||
strdup(name));
|
||||
#ifdef USE_IPSET
|
||||
} else if(strcmp(type, "ipset")==0) {
|
||||
return cfg_strlist_insert(&cfg->local_zones_ipset,
|
||||
strdup(name));
|
||||
#endif
|
||||
} else {
|
||||
return cfg_str2list_insert(&cfg->local_zones, strdup(buf),
|
||||
strdup(type));
|
||||
@ -2381,3 +2407,4 @@ int options_remote_is_address(struct config_file* cfg)
|
||||
if(cfg->control_ifs.first->str[0] == 0) return 1;
|
||||
return (cfg->control_ifs.first->str[0] != '/');
|
||||
}
|
||||
|
||||
|
@ -384,6 +384,10 @@ struct config_file {
|
||||
struct config_str2list* local_zones;
|
||||
/** local zones nodefault list */
|
||||
struct config_strlist* local_zones_nodefault;
|
||||
#ifdef USE_IPSET
|
||||
/** local zones ipset list */
|
||||
struct config_strlist* local_zones_ipset;
|
||||
#endif
|
||||
/** do not add any default local zone */
|
||||
int local_zones_disable_default;
|
||||
/** local data RRs configured */
|
||||
@ -574,6 +578,12 @@ struct config_file {
|
||||
/** timeout (in ms) for communication with the redis server */
|
||||
int redis_timeout;
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* ipset module */
|
||||
#ifdef USE_IPSET
|
||||
char* ipset_name_v4;
|
||||
char* ipset_name_v6;
|
||||
#endif
|
||||
};
|
||||
|
||||
@ -647,6 +657,10 @@ struct config_view {
|
||||
struct config_strlist* local_data;
|
||||
/** local zones nodefault list */
|
||||
struct config_strlist* local_zones_nodefault;
|
||||
#ifdef USE_IPSET
|
||||
/** local zones ipset list */
|
||||
struct config_strlist* local_zones_ipset;
|
||||
#endif
|
||||
/** Fallback to global local_zones when there is no match in the view
|
||||
* view specific tree. 1 for yes, 0 for no */
|
||||
int isfirst;
|
||||
@ -1181,3 +1195,4 @@ void w_config_adjust_directory(struct config_file* cfg);
|
||||
extern int fake_dsa, fake_sha1;
|
||||
|
||||
#endif /* UTIL_CONFIG_FILE_H */
|
||||
|
||||
|
4131
util/configlexer.c
4131
util/configlexer.c
File diff suppressed because it is too large
Load Diff
@ -483,6 +483,9 @@ secret-seed{COLON} { YDVAR(1, VAR_CACHEDB_SECRETSEED) }
|
||||
redis-server-host{COLON} { YDVAR(1, VAR_CACHEDB_REDISHOST) }
|
||||
redis-server-port{COLON} { YDVAR(1, VAR_CACHEDB_REDISPORT) }
|
||||
redis-timeout{COLON} { YDVAR(1, VAR_CACHEDB_REDISTIMEOUT) }
|
||||
ipset{COLON} { YDVAR(0, VAR_IPSET) }
|
||||
name-v4{COLON} { YDVAR(1, VAR_IPSET_NAME_V4) }
|
||||
name-v6{COLON} { YDVAR(1, VAR_IPSET_NAME_V6) }
|
||||
udp-upstream-without-downstream{COLON} { YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) }
|
||||
tcp-connection-limit{COLON} { YDVAR(2, VAR_TCP_CONNECTION_LIMIT) }
|
||||
<INITIAL,val>{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++; }
|
||||
|
2847
util/configparser.c
2847
util/configparser.c
File diff suppressed because it is too large
Load Diff
@ -1,8 +1,9 @@
|
||||
/* A Bison parser, made by GNU Bison 3.0.5. */
|
||||
/* A Bison parser, made by GNU Bison 3.3.2. */
|
||||
|
||||
/* Bison interface for Yacc-like parsers in C
|
||||
|
||||
Copyright (C) 1984, 1989-1990, 2000-2015, 2018 Free Software Foundation, Inc.
|
||||
Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2019 Free Software Foundation,
|
||||
Inc.
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
@ -30,6 +31,9 @@
|
||||
This special exception was added by the Free Software Foundation in
|
||||
version 2.2 of Bison. */
|
||||
|
||||
/* Undocumented macros, especially those whose name start with YY_,
|
||||
are private implementation details. Do not rely on them. */
|
||||
|
||||
#ifndef YY_YY_UTIL_CONFIGPARSER_H_INCLUDED
|
||||
# define YY_YY_UTIL_CONFIGPARSER_H_INCLUDED
|
||||
/* Debug traces. */
|
||||
@ -308,7 +312,10 @@ extern int yydebug;
|
||||
VAR_STREAM_WAIT_SIZE = 518,
|
||||
VAR_TLS_CIPHERS = 519,
|
||||
VAR_TLS_CIPHERSUITES = 520,
|
||||
VAR_TLS_SESSION_TICKET_KEYS = 521
|
||||
VAR_TLS_SESSION_TICKET_KEYS = 521,
|
||||
VAR_IPSET = 522,
|
||||
VAR_IPSET_NAME_V4 = 523,
|
||||
VAR_IPSET_NAME_V6 = 524
|
||||
};
|
||||
#endif
|
||||
/* Tokens. */
|
||||
@ -576,17 +583,20 @@ extern int yydebug;
|
||||
#define VAR_TLS_CIPHERS 519
|
||||
#define VAR_TLS_CIPHERSUITES 520
|
||||
#define VAR_TLS_SESSION_TICKET_KEYS 521
|
||||
#define VAR_IPSET 522
|
||||
#define VAR_IPSET_NAME_V4 523
|
||||
#define VAR_IPSET_NAME_V6 524
|
||||
|
||||
/* Value type. */
|
||||
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
|
||||
|
||||
union YYSTYPE
|
||||
{
|
||||
#line 66 "./util/configparser.y" /* yacc.c:1910 */
|
||||
#line 66 "./util/configparser.y" /* yacc.c:1921 */
|
||||
|
||||
char* str;
|
||||
|
||||
#line 590 "util/configparser.h" /* yacc.c:1910 */
|
||||
#line 600 "util/configparser.h" /* yacc.c:1921 */
|
||||
};
|
||||
|
||||
typedef union YYSTYPE YYSTYPE;
|
||||
|
@ -167,6 +167,7 @@ extern struct config_parser_state* cfg_parser;
|
||||
%token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY
|
||||
%token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES
|
||||
%token VAR_TLS_SESSION_TICKET_KEYS
|
||||
%token VAR_IPSET VAR_IPSET_NAME_V4 VAR_IPSET_NAME_V6
|
||||
|
||||
%%
|
||||
toplevelvars: /* empty */ | toplevelvars toplevelvar ;
|
||||
@ -174,7 +175,7 @@ toplevelvar: serverstart contents_server | stubstart contents_stub |
|
||||
forwardstart contents_forward | pythonstart contents_py |
|
||||
rcstart contents_rc | dtstart contents_dt | viewstart contents_view |
|
||||
dnscstart contents_dnsc | cachedbstart contents_cachedb |
|
||||
authstart contents_auth
|
||||
ipsetstart contents_ipset | authstart contents_auth
|
||||
;
|
||||
|
||||
/* server: declaration */
|
||||
@ -1784,13 +1785,14 @@ server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
|
||||
&& strcmp($3, "always_nxdomain")!=0
|
||||
&& strcmp($3, "noview")!=0
|
||||
&& strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
|
||||
&& strcmp($3, "inform_redirect") != 0) {
|
||||
&& strcmp($3, "inform_redirect") != 0
|
||||
&& strcmp($3, "ipset") != 0) {
|
||||
yyerror("local-zone type: expected static, deny, "
|
||||
"refuse, redirect, transparent, "
|
||||
"typetransparent, inform, inform_deny, "
|
||||
"inform_redirect, always_transparent, "
|
||||
"always_refuse, always_nxdomain, noview "
|
||||
"or nodefault");
|
||||
", nodefault or ipset");
|
||||
free($2);
|
||||
free($3);
|
||||
} else if(strcmp($3, "nodefault")==0) {
|
||||
@ -1798,6 +1800,13 @@ server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
|
||||
local_zones_nodefault, $2))
|
||||
fatal_exit("out of memory adding local-zone");
|
||||
free($3);
|
||||
#ifdef USE_IPSET
|
||||
} else if(strcmp($3, "ipset")==0) {
|
||||
if(!cfg_strlist_insert(&cfg_parser->cfg->
|
||||
local_zones_ipset, $2))
|
||||
fatal_exit("out of memory adding local-zone");
|
||||
free($3);
|
||||
#endif
|
||||
} else {
|
||||
if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
|
||||
$2, $3))
|
||||
@ -2455,6 +2464,13 @@ view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
|
||||
local_zones_nodefault, $2))
|
||||
fatal_exit("out of memory adding local-zone");
|
||||
free($3);
|
||||
#ifdef USE_IPSET
|
||||
} else if(strcmp($3, "ipset")==0) {
|
||||
if(!cfg_strlist_insert(&cfg_parser->cfg->views->
|
||||
local_zones_ipset, $2))
|
||||
fatal_exit("out of memory adding local-zone");
|
||||
free($3);
|
||||
#endif
|
||||
} else {
|
||||
if(!cfg_str2list_insert(
|
||||
&cfg_parser->cfg->views->local_zones,
|
||||
@ -2959,6 +2975,45 @@ server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG
|
||||
}
|
||||
}
|
||||
;
|
||||
ipsetstart: VAR_IPSET
|
||||
{
|
||||
OUTYY(("\nP(ipset:)\n"));
|
||||
}
|
||||
;
|
||||
contents_ipset: contents_ipset content_ipset
|
||||
| ;
|
||||
content_ipset: ipset_name_v4 | ipset_name_v6
|
||||
;
|
||||
ipset_name_v4: VAR_IPSET_NAME_V4 STRING_ARG
|
||||
{
|
||||
#ifdef USE_IPSET
|
||||
OUTYY(("P(name-v4:%s)\n", $2));
|
||||
if(cfg_parser->cfg->ipset_name_v4)
|
||||
yyerror("ipset name v4 override, there must be one "
|
||||
"name for ip v4");
|
||||
free(cfg_parser->cfg->ipset_name_v4);
|
||||
cfg_parser->cfg->ipset_name_v4 = $2;
|
||||
#else
|
||||
OUTYY(("P(Compiled without ipset, ignoring)\n"));
|
||||
free($2);
|
||||
#endif
|
||||
}
|
||||
;
|
||||
ipset_name_v6: VAR_IPSET_NAME_V6 STRING_ARG
|
||||
{
|
||||
#ifdef USE_IPSET
|
||||
OUTYY(("P(name-v6:%s)\n", $2));
|
||||
if(cfg_parser->cfg->ipset_name_v6)
|
||||
yyerror("ipset name v6 override, there must be one "
|
||||
"name for ip v6");
|
||||
free(cfg_parser->cfg->ipset_name_v6);
|
||||
cfg_parser->cfg->ipset_name_v6 = $2;
|
||||
#else
|
||||
OUTYY(("P(Compiled without ipset, ignoring)\n"));
|
||||
free($2);
|
||||
#endif
|
||||
}
|
||||
;
|
||||
%%
|
||||
|
||||
/* parse helper routines could be here */
|
||||
@ -2978,3 +3033,5 @@ validate_respip_action(const char* action)
|
||||
"always_refuse or always_nxdomain");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
@ -90,6 +90,9 @@
|
||||
#ifdef CLIENT_SUBNET
|
||||
#include "edns-subnet/subnetmod.h"
|
||||
#endif
|
||||
#ifdef USE_IPSET
|
||||
#include "ipset/ipset.h"
|
||||
#endif
|
||||
|
||||
int
|
||||
fptr_whitelist_comm_point(comm_point_callback_type *fptr)
|
||||
@ -358,8 +361,8 @@ fptr_whitelist_modenv_kill_sub(void (*fptr)(struct module_qstate* newq))
|
||||
}
|
||||
|
||||
int
|
||||
fptr_whitelist_modenv_detect_cycle(int (*fptr)(
|
||||
struct module_qstate* qstate, struct query_info* qinfo,
|
||||
fptr_whitelist_modenv_detect_cycle(int (*fptr)(
|
||||
struct module_qstate* qstate, struct query_info* qinfo,
|
||||
uint16_t flags, int prime, int valrec))
|
||||
{
|
||||
if(fptr == &mesh_detect_cycle) return 1;
|
||||
@ -384,6 +387,9 @@ fptr_whitelist_mod_init(int (*fptr)(struct module_env* env, int id))
|
||||
#endif
|
||||
#ifdef CLIENT_SUBNET
|
||||
else if(fptr == &subnetmod_init) return 1;
|
||||
#endif
|
||||
#ifdef USE_IPSET
|
||||
else if(fptr == &ipset_init) return 1;
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
@ -406,6 +412,9 @@ fptr_whitelist_mod_deinit(void (*fptr)(struct module_env* env, int id))
|
||||
#endif
|
||||
#ifdef CLIENT_SUBNET
|
||||
else if(fptr == &subnetmod_deinit) return 1;
|
||||
#endif
|
||||
#ifdef USE_IPSET
|
||||
else if(fptr == &ipset_deinit) return 1;
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
@ -429,6 +438,9 @@ fptr_whitelist_mod_operate(void (*fptr)(struct module_qstate* qstate,
|
||||
#endif
|
||||
#ifdef CLIENT_SUBNET
|
||||
else if(fptr == &subnetmod_operate) return 1;
|
||||
#endif
|
||||
#ifdef USE_IPSET
|
||||
else if(fptr == &ipset_operate) return 1;
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
@ -452,6 +464,9 @@ fptr_whitelist_mod_inform_super(void (*fptr)(
|
||||
#endif
|
||||
#ifdef CLIENT_SUBNET
|
||||
else if(fptr == &subnetmod_inform_super) return 1;
|
||||
#endif
|
||||
#ifdef USE_IPSET
|
||||
else if(fptr == &ipset_inform_super) return 1;
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
@ -475,6 +490,9 @@ fptr_whitelist_mod_clear(void (*fptr)(struct module_qstate* qstate,
|
||||
#endif
|
||||
#ifdef CLIENT_SUBNET
|
||||
else if(fptr == &subnetmod_clear) return 1;
|
||||
#endif
|
||||
#ifdef USE_IPSET
|
||||
else if(fptr == &ipset_clear) return 1;
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
@ -497,6 +515,9 @@ fptr_whitelist_mod_get_mem(size_t (*fptr)(struct module_env* env, int id))
|
||||
#endif
|
||||
#ifdef CLIENT_SUBNET
|
||||
else if(fptr == &subnetmod_get_mem) return 1;
|
||||
#endif
|
||||
#ifdef USE_IPSET
|
||||
else if(fptr == &ipset_get_mem) return 1;
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
@ -597,3 +618,4 @@ int fptr_whitelist_inplace_cb_query_response(
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user