mirror of
https://github.com/NLnetLabs/unbound.git
synced 2025-12-20 23:00:56 -05:00
- ipset: refactor long routine into three smaller ones.
This commit is contained in:
W.C.A. Wijngaards
parent
9902a5f81d
commit
7f9aa6734a
2 changed files with 78 additions and 58 deletions
|
|
@ -1,5 +1,6 @@
|
|||
2 September 2019: Wouter
|
||||
- ipset module #28: log that an address is added, when verbosity high.
|
||||
- ipset: refactor long routine into three smaller ones.
|
||||
|
||||
23 August 2019: Wouter
|
||||
- Fix contrib/fastrpz.patch asprintf return value checks.
|
||||
|
|
|
|||
135
ipset/ipset.c
135
ipset/ipset.c
|
|
@ -97,29 +97,93 @@ static int add_to_ipset(struct mnl_socket *mnl, const char *setname, const void
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int ipset_update(struct module_env *env, struct dns_msg *return_msg, struct ipset_env *ie) {
|
||||
static void
|
||||
ipset_add_rrset_data(struct ipset_env *ie, struct mnl_socket *mnl,
|
||||
struct packed_rrset_data *d, const char* setname, int af,
|
||||
const char* dname)
|
||||
{
|
||||
int ret;
|
||||
size_t j, rr_len, rd_len;
|
||||
uint8_t *rr_data;
|
||||
|
||||
struct mnl_socket *mnl;
|
||||
/* to d->count, not d->rrsig_count, because we do not want to add the RRSIGs, only the addresses */
|
||||
for (j = 0; j < d->count; j++) {
|
||||
rr_len = d->rr_len[j];
|
||||
rr_data = d->rr_data[j];
|
||||
|
||||
size_t i, j;
|
||||
rd_len = sldns_read_uint16(rr_data);
|
||||
if(af == AF_INET && rd_len != INET_SIZE)
|
||||
continue;
|
||||
if(af == AF_INET6 && rd_len != INET6_SIZE)
|
||||
continue;
|
||||
if (rr_len - 2 >= rd_len) {
|
||||
if(verbosity >= VERB_QUERY) {
|
||||
char ip[128];
|
||||
if(inet_ntop(af, rr_data+2, ip, (socklen_t)sizeof(ip)) == 0)
|
||||
snprintf(ip, sizeof(ip), "(inet_ntop_error)");
|
||||
verbose(VERB_QUERY, "ipset: add %s to %s for %s", ip, setname, dname);
|
||||
}
|
||||
ret = add_to_ipset(mnl, setname, rr_data + 2, af);
|
||||
if (ret < 0) {
|
||||
log_err("ipset: could not add %s into %s", dname, setname);
|
||||
|
||||
const char *setname;
|
||||
|
||||
struct ub_packed_rrset_key *rrset;
|
||||
struct packed_rrset_data *d;
|
||||
|
||||
int af;
|
||||
mnl_socket_close(mnl);
|
||||
ie->mnl = NULL;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static int
|
||||
ipset_check_zones_for_rrset(struct module_env *env, struct ipset_env *ie,
|
||||
struct mnl_socket *mnl, struct ub_packed_rrset_key *rrset,
|
||||
const char *setname, int af)
|
||||
{
|
||||
static char dname[BUFF_LEN];
|
||||
const char *s;
|
||||
int dlen, plen;
|
||||
|
||||
struct config_strlist *p;
|
||||
struct packed_rrset_data *d;
|
||||
|
||||
size_t rr_len, rd_len;
|
||||
dlen = sldns_wire2str_dname_buf(rrset->rk.dname, rrset->rk.dname_len, dname, BUFF_LEN);
|
||||
if (dlen == 0) {
|
||||
log_err("bad domain name");
|
||||
return -1;
|
||||
}
|
||||
if (dname[dlen - 1] == '.') {
|
||||
dlen--;
|
||||
}
|
||||
|
||||
for (p = env->cfg->local_zones_ipset; p; p = p->next) {
|
||||
plen = strlen(p->str);
|
||||
|
||||
if (dlen >= plen) {
|
||||
s = dname + (dlen - plen);
|
||||
|
||||
if (strncasecmp(p->str, s, plen) == 0) {
|
||||
d = (struct packed_rrset_data*)rrset->entry.data;
|
||||
ipset_add_rrset_data(ie, mnl, d, setname,
|
||||
af, dname);
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int ipset_update(struct module_env *env, struct dns_msg *return_msg, struct ipset_env *ie) {
|
||||
struct mnl_socket *mnl;
|
||||
|
||||
size_t i;
|
||||
|
||||
const char *setname;
|
||||
|
||||
struct ub_packed_rrset_key *rrset;
|
||||
|
||||
int af;
|
||||
|
||||
uint8_t *rr_data;
|
||||
|
||||
mnl = (struct mnl_socket *)ie->mnl;
|
||||
if (!mnl) {
|
||||
|
|
@ -150,55 +214,10 @@ static int ipset_update(struct module_env *env, struct dns_msg *return_msg, stru
|
|||
}
|
||||
|
||||
if (setname) {
|
||||
dlen = sldns_wire2str_dname_buf(rrset->rk.dname, rrset->rk.dname_len, dname, BUFF_LEN);
|
||||
if (dlen == 0) {
|
||||
log_err("bad domain name");
|
||||
if(ipset_check_zones_for_rrset(env, ie, mnl, rrset,
|
||||
setname, af) == -1)
|
||||
return -1;
|
||||
}
|
||||
if (dname[dlen - 1] == '.') {
|
||||
dlen--;
|
||||
}
|
||||
|
||||
for (p = env->cfg->local_zones_ipset; p; p = p->next) {
|
||||
plen = strlen(p->str);
|
||||
|
||||
if (dlen >= plen) {
|
||||
s = dname + (dlen - plen);
|
||||
|
||||
if (strncasecmp(p->str, s, plen) == 0) {
|
||||
d = (struct packed_rrset_data*)rrset->entry.data;
|
||||
/* to d->count, not d->rrsig_count, because we do not want to add the RRSIGs, only the addresses */
|
||||
for (j = 0; j < d->count; j++) {
|
||||
rr_len = d->rr_len[j];
|
||||
rr_data = d->rr_data[j];
|
||||
|
||||
rd_len = sldns_read_uint16(rr_data);
|
||||
if(af == AF_INET && rd_len != INET_SIZE)
|
||||
continue;
|
||||
if(af == AF_INET6 && rd_len != INET6_SIZE)
|
||||
continue;
|
||||
if (rr_len - 2 >= rd_len) {
|
||||
if(verbosity >= VERB_QUERY) {
|
||||
char ip[128];
|
||||
if(inet_ntop(af, rr_data+2, ip, (socklen_t)sizeof(ip)) == 0)
|
||||
snprintf(ip, sizeof(ip), "(inet_ntop_error)");
|
||||
verbose(VERB_QUERY, "ipset: add %s to %s for %s", ip, setname, dname);
|
||||
}
|
||||
ret = add_to_ipset(mnl, setname, rr_data + 2, af);
|
||||
if (ret < 0) {
|
||||
log_err("ipset: could not add %s into %s", dname, setname);
|
||||
|
||||
mnl_socket_close(mnl);
|
||||
ie->mnl = NULL;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
|
|
|||
Loading…
Reference in a new issue