rec: Call the ipfilter hook if any over TCP as well

author Remi Gacogne <remi.gacogne@powerdns.com>

Tue, 8 Jan 2019 13:56:17 +0000 (14:56 +0100)

committer Remi Gacogne <remi.gacogne@powerdns.com>

Mon, 21 Jan 2019 14:43:29 +0000 (15:43 +0100)
author Remi Gacogne <remi.gacogne@powerdns.com>
Tue, 8 Jan 2019 13:56:17 +0000 (14:56 +0100)
committer Remi Gacogne <remi.gacogne@powerdns.com>
Mon, 21 Jan 2019 14:43:29 +0000 (15:43 +0100)
diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc

index 606da49e61c9f06a131cf020e6c5ff0d802cf02d..4bb10c96e038e21650a8e2998b4e2a1eeaa203c5 100644 (file)
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -1959,6 +1959,15 @@ static void handleRunningTCPQuestion(int fd, FDMultiplexer::funcparam_t& var)
          }
        }
  #endif
+      if(t_pdl) {
+        if(t_pdl->ipfilter(dc->d_source, dc->d_destination, *dh)) {
+          if(!g_quiet)
+            g_log<<Logger::Notice<<t_id<<" ["<<MT->getTid()<<"/"<<MT->numProcesses()<<"] DROPPED TCP question from "<<dc->d_source.toStringWithPort()<<(dc->d_source != dc->d_remote ? " (via "+dc->d_remote.toStringWithPort()+")" : "")<<" based on policy"<<endl;
+          g_stats.policyDrops++;
+          return;
+        }
+      }
+
        if(dc->d_mdp.d_header.qr) {
          g_stats.ignoredCount++;
          if(g_logCommonErrors) {
author	Remi Gacogne <remi.gacogne@powerdns.com>
	Tue, 8 Jan 2019 13:56:17 +0000 (14:56 +0100)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Mon, 21 Jan 2019 14:43:29 +0000 (15:43 +0100)