Tree @e0c663b9-858b-4725-8252-6c669606afa4/main (Download .tar.gz)
- builder-support
- debian
- ext
- html
- m4
- src_js
- aclocal.m4
- ascii.hh
- base64.hh
- bpf-filter.cc
- bpf-filter.ebpf.src
- bpf-filter.hh
- bpf-filter.main.ebpf
- bpf-filter.qname.ebpf
- cachecleaner.hh
- capabilities.cc
- capabilities.hh
- cdb.cc
- cdb.hh
- circular_buffer.hh
- compile
- config.guess
- config.h.in
- config.sub
- configure
- configure.ac
- connection-management.hh
- COPYING
- delaypipe.cc
- delaypipe.hh
- depcomp
- devpollmplexer.cc
- dns.cc
- dns.hh
- dnscrypt.cc
- dnscrypt.hh
- dnsdist-backend.cc
- dnsdist-cache.cc
- dnsdist-cache.hh
- dnsdist-carbon.cc
- dnsdist-console.cc
- dnsdist-console.hh
- dnsdist-dnscrypt.cc
- dnsdist-dynblocks.cc
- dnsdist-dynblocks.hh
- dnsdist-dynbpf.cc
- dnsdist-dynbpf.hh
- dnsdist-ecs.cc
- dnsdist-ecs.hh
- dnsdist-healthchecks.cc
- dnsdist-healthchecks.hh
- dnsdist-idstate.cc
- dnsdist-kvs.cc
- dnsdist-kvs.hh
- dnsdist-lbpolicies.cc
- dnsdist-lbpolicies.hh
- dnsdist-lua-actions.cc
- dnsdist-lua-bindings-dnscrypt.cc
- dnsdist-lua-bindings-dnsquestion.cc
- dnsdist-lua-bindings-kvs.cc
- dnsdist-lua-bindings-packetcache.cc
- dnsdist-lua-bindings-protobuf.cc
- dnsdist-lua-bindings.cc
- dnsdist-lua-ffi-interface.h
- dnsdist-lua-ffi-interface.inc
- dnsdist-lua-ffi.cc
- dnsdist-lua-ffi.hh
- dnsdist-lua-inspection-ffi.cc
- dnsdist-lua-inspection-ffi.hh
- dnsdist-lua-inspection.cc
- dnsdist-lua-rules.cc
- dnsdist-lua-vars.cc
- dnsdist-lua-web.cc
- dnsdist-lua.cc
- dnsdist-lua.hh
- DNSDIST-MIB.txt
- dnsdist-prometheus.hh
- dnsdist-protobuf.cc
- dnsdist-protobuf.hh
- dnsdist-proxy-protocol.cc
- dnsdist-proxy-protocol.hh
- dnsdist-rings.cc
- dnsdist-rings.hh
- dnsdist-rules.hh
- dnsdist-secpoll.cc
- dnsdist-secpoll.hh
- dnsdist-snmp.cc
- dnsdist-snmp.hh
- dnsdist-systemd.cc
- dnsdist-systemd.hh
- dnsdist-tcp-downstream.cc
- dnsdist-tcp-downstream.hh
- dnsdist-tcp-upstream.hh
- dnsdist-tcp.cc
- dnsdist-web.cc
- dnsdist-web.hh
- dnsdist-xpf.cc
- dnsdist-xpf.hh
- dnsdist.1
- dnsdist.cc
- dnsdist.hh
- dnsdist.service.in
- dnsdistconf.lua
- dnslabeltext.cc
- dnslabeltext.rl
- dnsmessage.proto
- dnsname.cc
- dnsname.hh
- dnsparser.cc
- dnsparser.hh
- dnstap.cc
- dnstap.hh
- dnstap.proto
- dnswriter.cc
- dnswriter.hh
- doh.cc
- doh.hh
- dolog.hh
- ednscookies.cc
- ednscookies.hh
- ednsoptions.cc
- ednsoptions.hh
- ednssubnet.cc
- ednssubnet.hh
- epollmplexer.cc
- fstrm_logger.cc
- fstrm_logger.hh
- gettime.cc
- gettime.hh
- htmlfiles.h
- incfiles
- install-sh
- ipcipher.cc
- ipcipher.hh
- iputils.cc
- iputils.hh
- kqueuemplexer.cc
- libssl.cc
- libssl.hh
- lock.hh
- ltmain.sh
- lua_hpp.mk
- Makefile.am
- Makefile.in
- misc.cc
- misc.hh
- missing
- mplexer.hh
- namespaces.hh
- noinitvector.hh
- packetcache.hh
- pdnsexception.hh
- pollmplexer.cc
- portsmplexer.cc
- protozero.cc
- protozero.hh
- proxy-protocol.cc
- proxy-protocol.hh
- qtype.cc
- qtype.hh
- README
- README.md
- remote_logger.cc
- remote_logger.hh
- sholder.hh
- snmp-agent.cc
- snmp-agent.hh
- sodcrypto.cc
- sodcrypto.hh
- sstuff.hh
- stat_t.hh
- statnode.cc
- statnode.hh
- svc-records.cc
- svc-records.hh
- tcpiohandler-mplexer.hh
- tcpiohandler.cc
- tcpiohandler.hh
- test-base64_cc.cc
- test-connectionmanagement_hh.cc
- test-delaypipe_hh.cc
- test-dnscrypt_cc.cc
- test-dnsdist_cc.cc
- test-dnsdistdynblocks_hh.cc
- test-dnsdistkvs_cc.cc
- test-dnsdistlbpolicies_cc.cc
- test-dnsdistpacketcache_cc.cc
- test-dnsdistrings_cc.cc
- test-dnsdistrules_cc.cc
- test-dnsdisttcp_cc.cc
- test-dnsparser_cc.cc
- test-driver
- test-iputils_hh.cc
- test-luawrapper.cc
- test-mplexer.cc
- test-proxy_protocol_cc.cc
- testrunner.cc
- threadname.cc
- threadname.hh
- uuid-utils.cc
- uuid-utils.hh
- xpf.cc
- xpf.hh
ednssubnet.cc @e0c663b9-858b-4725-8252-6c669606afa4/main — raw · history · blame
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 | /* * This file is part of PowerDNS or dnsdist. * Copyright -- PowerDNS.COM B.V. and its contributors * * This program is free software; you can redistribute it and/or modify * it under the terms of version 2 of the GNU General Public License as * published by the Free Software Foundation. * * In addition, for the avoidance of any doubt, permission is granted to * link this program with OpenSSL and to (re)distribute the binaries * produced as the result of such linking. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifdef HAVE_CONFIG_H #include "config.h" #endif #include "ednssubnet.hh" #include "dns.hh" namespace { struct EDNSSubnetOptsWire { uint16_t family; uint8_t sourceMask; uint8_t scopeMask; } GCCPACKATTRIBUTE; // BRRRRR } bool getEDNSSubnetOptsFromString(const string& options, EDNSSubnetOpts* eso) { //cerr<<"options.size:"<<options.size()<<endl; return getEDNSSubnetOptsFromString(options.c_str(), options.length(), eso); } bool getEDNSSubnetOptsFromString(const char* options, unsigned int len, EDNSSubnetOpts* eso) { EDNSSubnetOptsWire esow; static_assert (sizeof(esow) == 4, "sizeof(EDNSSubnetOptsWire) must be 4 bytes"); if(len < sizeof(esow)) return false; memcpy(&esow, options, sizeof(esow)); esow.family = ntohs(esow.family); //cerr<<"Family when parsing from string: "<<esow.family<<endl; ComboAddress address; unsigned int octetsin = esow.sourceMask > 0 ? (((esow.sourceMask - 1)>> 3)+1) : 0; //cerr<<"octetsin:"<<octetsin<<endl; if(esow.family == 1) { if(len != sizeof(esow)+octetsin) return false; if(octetsin > sizeof(address.sin4.sin_addr.s_addr)) return false; address.reset(); address.sin4.sin_family = AF_INET; if(octetsin > 0) memcpy(&address.sin4.sin_addr.s_addr, options+sizeof(esow), octetsin); } else if(esow.family == 2) { if(len != sizeof(esow)+octetsin) return false; if(octetsin > sizeof(address.sin6.sin6_addr.s6_addr)) return false; address.reset(); address.sin4.sin_family = AF_INET6; if(octetsin > 0) memcpy(&address.sin6.sin6_addr.s6_addr, options+sizeof(esow), octetsin); } else return false; //cerr<<"Source address: "<<address.toString()<<", mask: "<<(int)esow.sourceMask<<endl; eso->source = Netmask(address, esow.sourceMask); /* 'address' has more bits set (potentially) than scopeMask. This leads to odd looking netmasks that promise more precision than they have. For this reason we truncate the address to scopeMask bits */ address.truncate(esow.scopeMask); // truncate will not throw for odd scopeMasks eso->scope = Netmask(address, esow.scopeMask); return true; } string makeEDNSSubnetOptsString(const EDNSSubnetOpts& eso) { string ret; EDNSSubnetOptsWire esow; uint16_t family = htons(eso.source.getNetwork().sin4.sin_family == AF_INET ? 1 : 2); esow.family = family; esow.sourceMask = eso.source.getBits(); esow.scopeMask = eso.scope.getBits(); ret.assign((const char*)&esow, sizeof(esow)); int octetsout = ((esow.sourceMask - 1)>> 3)+1; ComboAddress src=eso.source.getNetwork(); src.truncate(esow.sourceMask); if(family == htons(1)) ret.append((const char*) &src.sin4.sin_addr.s_addr, octetsout); else ret.append((const char*) &src.sin6.sin6_addr.s6_addr, octetsout); return ret; } |