upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-24 00:29:58 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- ipset: refactor long routine into three smaller ones.

Browse source
This commit is contained in:
W.C.A. Wijngaards 2019-09-02 15:17:25 +02:00
parent 9902a5f81d
commit 7f9aa6734a
2 changed files with 78 additions and 58 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
doc/Changelog
View file

@ -1,5 +1,6 @@
2 September 2019: Wouter 2 September 2019: Wouter
- ipset module #28: log that an address is added, when verbosity high. - ipset module #28: log that an address is added, when verbosity high.
- ipset: refactor long routine into three smaller ones.
23 August 2019: Wouter 23 August 2019: Wouter
- Fix contrib/fastrpz.patch asprintf return value checks. - Fix contrib/fastrpz.patch asprintf return value checks.

135
ipset/ipset.c
View file

@ -97,29 +97,93 @@ static int add_to_ipset(struct mnl_socket *mnl, const char *setname, const void
return 0; return 0;
} }
static int ipset_update(struct module_env *env, struct dns_msg *return_msg, struct ipset_env *ie) { static void
ipset_add_rrset_data(struct ipset_env *ie, struct mnl_socket *mnl,
struct packed_rrset_data *d, const char* setname, int af,
const char* dname)
{
int ret; int ret;
size_t j, rr_len, rd_len;
uint8_t *rr_data;
struct mnl_socket *mnl; /* to d->count, not d->rrsig_count, because we do not want to add the RRSIGs, only the addresses */
for (j = 0; j < d->count; j++) {
rr_len = d->rr_len[j];
rr_data = d->rr_data[j];
size_t i, j; rd_len = sldns_read_uint16(rr_data);
if(af == AF_INET && rd_len != INET_SIZE)
continue;
if(af == AF_INET6 && rd_len != INET6_SIZE)
continue;
if (rr_len - 2 >= rd_len) {
if(verbosity >= VERB_QUERY) {
char ip[128];
if(inet_ntop(af, rr_data+2, ip, (socklen_t)sizeof(ip)) == 0)
snprintf(ip, sizeof(ip), "(inet_ntop_error)");
verbose(VERB_QUERY, "ipset: add %s to %s for %s", ip, setname, dname);
}
ret = add_to_ipset(mnl, setname, rr_data + 2, af);
if (ret < 0) {
log_err("ipset: could not add %s into %s", dname, setname);
const char *setname; mnl_socket_close(mnl);
ie->mnl = NULL;
struct ub_packed_rrset_key *rrset; break;
struct packed_rrset_data *d; }
}
int af; }
}
static int
ipset_check_zones_for_rrset(struct module_env *env, struct ipset_env *ie,
struct mnl_socket *mnl, struct ub_packed_rrset_key *rrset,
const char *setname, int af)
{
static char dname[BUFF_LEN]; static char dname[BUFF_LEN];
const char *s; const char *s;
int dlen, plen; int dlen, plen;
struct config_strlist *p; struct config_strlist *p;
struct packed_rrset_data *d;
size_t rr_len, rd_len; dlen = sldns_wire2str_dname_buf(rrset->rk.dname, rrset->rk.dname_len, dname, BUFF_LEN);
if (dlen == 0) {
log_err("bad domain name");
return -1;
}
if (dname[dlen - 1] == '.') {
dlen--;
}
for (p = env->cfg->local_zones_ipset; p; p = p->next) {
plen = strlen(p->str);
if (dlen >= plen) {
s = dname + (dlen - plen);
if (strncasecmp(p->str, s, plen) == 0) {
d = (struct packed_rrset_data*)rrset->entry.data;
ipset_add_rrset_data(ie, mnl, d, setname,
af, dname);
break;
}
}
}
return 0;
}
static int ipset_update(struct module_env *env, struct dns_msg *return_msg, struct ipset_env *ie) {
struct mnl_socket *mnl;
size_t i;
const char *setname;
struct ub_packed_rrset_key *rrset;
int af;
uint8_t *rr_data;
mnl = (struct mnl_socket *)ie->mnl; mnl = (struct mnl_socket *)ie->mnl;
if (!mnl) { if (!mnl) {
@ -150,54 +214,9 @@ static int ipset_update(struct module_env *env, struct dns_msg *return_msg, stru
} }
if (setname) { if (setname) {
dlen = sldns_wire2str_dname_buf(rrset->rk.dname, rrset->rk.dname_len, dname, BUFF_LEN); if(ipset_check_zones_for_rrset(env, ie, mnl, rrset,
if (dlen == 0) { setname, af) == -1)
log_err("bad domain name");
return -1; return -1;
}
if (dname[dlen - 1] == '.') {
dlen--;
}
for (p = env->cfg->local_zones_ipset; p; p = p->next) {
plen = strlen(p->str);
if (dlen >= plen) {
s = dname + (dlen - plen);
if (strncasecmp(p->str, s, plen) == 0) {
d = (struct packed_rrset_data*)rrset->entry.data;
/* to d->count, not d->rrsig_count, because we do not want to add the RRSIGs, only the addresses */
for (j = 0; j < d->count; j++) {
rr_len = d->rr_len[j];
rr_data = d->rr_data[j];
rd_len = sldns_read_uint16(rr_data);
if(af == AF_INET && rd_len != INET_SIZE)
continue;
if(af == AF_INET6 && rd_len != INET6_SIZE)
continue;
if (rr_len - 2 >= rd_len) {
if(verbosity >= VERB_QUERY) {
char ip[128];
if(inet_ntop(af, rr_data+2, ip, (socklen_t)sizeof(ip)) == 0)
snprintf(ip, sizeof(ip), "(inet_ntop_error)");
verbose(VERB_QUERY, "ipset: add %s to %s for %s", ip, setname, dname);
}
ret = add_to_ipset(mnl, setname, rr_data + 2, af);
if (ret < 0) {
log_err("ipset: could not add %s into %s", dname, setname);
mnl_socket_close(mnl);
ie->mnl = NULL;
break;
}
}
}
break;
}
}
}
} }
} }