From 5034517a25d505cb855bac9cc9c39ef9b6552901 Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Tue, 8 Jan 2019 14:56:17 +0100
Subject: [PATCH] rec: Call the ipfilter hook if any over TCP as well

---
 pdns/pdns_recursor.cc | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index 606da49e6..4bb10c96e 100644
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -1959,6 +1959,15 @@ static void handleRunningTCPQuestion(int fd, FDMultiplexer::funcparam_t& var)
         }
       }
 #endif
+      if(t_pdl) {
+        if(t_pdl->ipfilter(dc->d_source, dc->d_destination, *dh)) {
+          if(!g_quiet)
+            g_log<<Logger::Notice<<t_id<<" ["<<MT->getTid()<<"/"<<MT->numProcesses()<<"] DROPPED TCP question from "<<dc->d_source.toStringWithPort()<<(dc->d_source != dc->d_remote ? " (via "+dc->d_remote.toStringWithPort()+")" : "")<<" based on policy"<<endl;
+          g_stats.policyDrops++;
+          return;
+        }
+      }
+
       if(dc->d_mdp.d_header.qr) {
         g_stats.ignoredCount++;
         if(g_logCommonErrors) {
-- 
2.40.0