diff options
| author | Simon Kelley <simon@thekelleys.org.uk> | 2023-03-20 18:32:14 +0000 |
|---|---|---|
| committer | Simon Kelley <simon@thekelleys.org.uk> | 2023-03-20 18:32:14 +0000 |
| commit | 1f0f86a0d0d0759de4c5eb1080333618563ee5a0 (patch) | |
| tree | ac7d3219c3dcdbea3c9c6cb1f56ee6d48c147121 /src/rfc1035.c | |
| parent | 28429720355c21739c851c28b003b6d0b4aee549 (diff) | |
| download | dnsmasq-1f0f86a0d0d0759de4c5eb1080333618563ee5a0.tar.gz | |
Add EDE "filtered" extended error when --filter-A or --filter-AAAA act.
If a NODATA answer is returned instead of actual data for A or AAAA
queries because of the existence of --filter-A or --filter-AAAA
config options, then mark the replies with an EDE "filtered" tag.
Basic patch by Petr Menšík, tweaked by Simon Kelley to apply onto
the preceding caching patches.
Diffstat (limited to 'src/rfc1035.c')
| -rw-r--r-- | src/rfc1035.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/src/rfc1035.c b/src/rfc1035.c index 75481d3..ea21ffa 100644 --- a/src/rfc1035.c +++ b/src/rfc1035.c @@ -1419,7 +1419,7 @@ static int cache_validated(const struct crec *crecp) size_t answer_request(struct dns_header *header, char *limit, size_t qlen, struct in_addr local_addr, struct in_addr local_netmask, time_t now, int ad_reqd, int do_bit, int have_pseudoheader, - int *stale) + int *stale, int *filtered) { char *name = daemon->namebuff; unsigned char *p, *ansp; @@ -1437,6 +1437,9 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, if (stale) *stale = 0; + + if (filtered) + *filtered = 0; /* never answer queries with RD unset, to avoid cache snooping. */ if (ntohs(header->ancount) != 0 || @@ -1705,8 +1708,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, /* don't answer wildcard queries with data not from /etc/hosts or dhcp leases */ if (qtype == T_ANY && !(crecp->flags & (F_HOSTS | F_DHCP))) continue; - - + if (!(crecp->flags & F_DNSSECOK)) sec_data = 0; @@ -1887,6 +1889,9 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, if (!dryrun) log_query(F_NEG | F_CONFIG | flag, name, NULL, NULL, 0); + + if (filtered) + *filtered = 1; } else if (crecp->flags & F_NEG) { @@ -1947,6 +1952,9 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, if (!dryrun) log_query(F_NEG | F_CONFIG | flag, name, NULL, NULL, 0); + + if (filtered) + *filtered = 1; } } } |