Home Explore Help
Register Sign In
OpenWrt
/
smartdns
mirror of https://github.com/pymumu/smartdns.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

feature: support client ACL.

Nick Peng 2 years ago
parent
707a6dbcae
commit
8e8b246536
3 changed files with 27 additions and 3 deletions
Split View Show Diff Stats
  1. 10 0
      src/dns_conf.c
  2. 1 0
      src/dns_conf.h
  3. 16 3
      src/dns_server.c

+ 10 - 0
src/dns_conf.c
View File 

@@ -2570,6 +2570,7 @@ static int _config_bind_ip(int argc, char *argv[], DNS_BIND_TYPE type)
 
 		{"no-dualstack-selection", no_argument, NULL, 'D'},
 
 		{"no-ip-alias", no_argument, NULL, 'a'},
 
 		{"force-aaaa-soa", no_argument, NULL, 'F'},
 
+		{"acl", no_argument, NULL, 251},
 
 		{"no-rules", no_argument, NULL, 252},
 
 		{"no-serve-expired", no_argument, NULL, 253},
 
 		{"force-https-soa", no_argument, NULL, 254},
 
@@ -2666,6 +2667,10 @@ static int _config_bind_ip(int argc, char *argv[], DNS_BIND_TYPE type)
 
 			server_flag |= BIND_FLAG_FORCE_AAAA_SOA;
 
 			break;
 
 		}
 
+		case 251: {
 
+			server_flag |= BIND_FLAG_ACL;
 
+			break;
 
+		}
 
 		case 252: {
 
 			server_flag |= BIND_FLAG_NO_RULES;
 
 			break;
 
@@ -4949,6 +4954,7 @@ static int _config_client_rules(void *data, int argc, char *argv[])
 
 		{"no-dualstack-selection", no_argument, NULL, 'D'},
 
 		{"no-ip-alias", no_argument, NULL, 'a'},
 
 		{"force-aaaa-soa", no_argument, NULL, 'F'},
 
+		{"acl", no_argument, NULL, 251},
 
 		{"no-rules", no_argument, NULL, 252},
 
 		{"no-serve-expired", no_argument, NULL, 253},
 
 		{"force-https-soa", no_argument, NULL, 254},
 
@@ -5019,6 +5025,10 @@ static int _config_client_rules(void *data, int argc, char *argv[])
 
 			server_flag |= BIND_FLAG_FORCE_AAAA_SOA;
 
 			break;
 
 		}
 
+		case 251: {
 
+			server_flag |= BIND_FLAG_ACL;
 
+			break;
 
+		}
 
 		case 252: {
 
 			server_flag |= BIND_FLAG_NO_RULES;
 
 			break;

+ 1 - 0
src/dns_conf.h
View File 

@@ -158,6 +158,7 @@ typedef enum {
 
 #define BIND_FLAG_FORCE_HTTPS_SOA (1 << 13)
 
 #define BIND_FLAG_NO_SERVE_EXPIRED (1 << 14)
 
 #define BIND_FLAG_NO_RULES (1 << 15)
 
+#define BIND_FLAG_ACL (1 << 16)
 
 
 enum response_mode_type {
 
 	DNS_RESPONSE_MODE_FIRST_PING_IP = 0,

+ 16 - 3
src/dns_server.c
View File 

@@ -5596,10 +5596,15 @@ static void _dns_server_request_set_client(struct dns_request *request, struct d
 
 	_dns_server_conn_get(conn);
 
 }
 
 
-static void _dns_server_request_set_client_rules(struct dns_request *request, struct dns_client_rules *client_rule)
 
+static int _dns_server_request_set_client_rules(struct dns_request *request, struct dns_client_rules *client_rule)
 
 {
 
 	if (client_rule == NULL) {
 
-		return;
 
+		if (_dns_server_has_bind_flag(request, BIND_FLAG_ACL) == 0) {
 
+			request->send_tick = get_tick_count();
 
+			request->rcode = DNS_RC_REFUSED;
 
+			return -1;
 
+		}
 
+		return 0;
 
 	}
 
 
 	tlog(TLOG_DEBUG, "match client rule.\n");
 
@@ -5617,6 +5622,8 @@ static void _dns_server_request_set_client_rules(struct dns_request *request, st
 
 			request->server_flags = flags->flags;
 
 		}
 
 	}
 
+
 
+	return 0;
 
 }
 
 
 static void _dns_server_request_set_id(struct dns_request *request, unsigned short id)
 
@@ -6202,7 +6209,6 @@ static int _dns_server_recv(struct dns_server_conn_head *conn, unsigned char *in
 
 
 	memcpy(&request->localaddr, local, local_len);
 
 	_dns_server_request_set_client(request, conn);
 
-	_dns_server_request_set_client_rules(request, client_rules);
 
 	_dns_server_request_set_client_addr(request, from, from_len);
 
 	_dns_server_request_set_id(request, packet->head.id);
 
 
@@ -6228,6 +6234,13 @@ static int _dns_server_recv(struct dns_server_conn_head *conn, unsigned char *in
 
 		goto errout;
 
 	}
 
 
+
 
+	ret = _dns_server_request_set_client_rules(request, client_rules);
 
+	if (ret != 0) {
 
+		ret = 0;
 
+		goto errout;
 
+	}
 
+
 
 	ret = _dns_server_do_query(request, 1);
 
 	if (ret != 0) {
 
 		tlog(TLOG_DEBUG, "do query %s failed.\n", request->domain);