From: bert hubert <bert.hubert@netherlabs.nl>
Date: Wed, 26 Aug 2015 12:38:42 +0000 (+0200)
Subject: teach blockFilter to TCP code, but ignore truncation requests coming from it
X-Git-Tag: dnsdist-1.0.0-alpha1~248^2~62^2~7^2~1
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=cb52e3eed3d8cb1bac8952e01ed632e71725c528;p=pdns

teach blockFilter to TCP code, but ignore truncation requests coming from it
---

diff --git a/pdns/dnsdist-tcp.cc b/pdns/dnsdist-tcp.cc
index 0fc17d175..2b885c4ef 100644
--- a/pdns/dnsdist-tcp.cc
+++ b/pdns/dnsdist-tcp.cc
@@ -83,6 +83,18 @@ void* tcpClientThread(int pipefd)
 {
   /* we get launched with a pipe on which we receive file descriptors from clients that we own
      from that point on */
+     
+  typedef std::function<bool(ComboAddress, DNSName, uint16_t, dnsheader*)> blockfilter_t;
+  blockfilter_t blockFilter = 0;
+
+  
+  {
+    std::lock_guard<std::mutex> lock(g_luamutex);
+    auto candidate = g_lua.readVariable<boost::optional<blockfilter_t> >("blockFilter");
+    if(candidate)
+      blockFilter = *candidate;
+  }     
+     
   auto localPolicy = g_policy.getLocal();
   auto localRulactions = g_rulactions.getLocal();
 
@@ -112,6 +124,22 @@ void* tcpClientThread(int pipefd)
 	DNSName qname(query, qlen, 12, false, &qtype);
 	string ruleresult;
 	struct dnsheader* dh =(dnsheader*)query;
+	
+        if(blockFilter) {
+	  std::lock_guard<std::mutex> lock(g_luamutex);
+	
+	  if(blockFilter(ci.remote, qname, qtype, dh)) {
+	    g_stats.blockFilter++;
+	    goto drop;
+          }
+          if(dh->tc && dh->qr) { // don't truncate on TCP/IP!
+            dh->tc=false;        // maybe we should just pass blockFilter the TCP status
+            dh->qr=false;
+          }
+        }
+
+	
+	
 	DNSAction::Action action=DNSAction::Action::None;
 	for(const auto& lr : *localRulactions) {
 	  if(lr.first->matches(ci.remote, qname, qtype, dh, qlen)) {