Skip to content

D
Dnsmasq
Commit fca008d8 authored by Simon Kelley's avatar Simon Kelley
Browse files
Options

Make --bogus-priv apply to IPv6.

parent 43517fca
Show whitespace changes
Inline Side-by-side
Showing with 25 additions and 6 deletions
CHANGELOG
View file @ fca008d8
...@@ -77,6 +77,9 @@ version 2.77 ...@@ -77,6 +77,9 @@ version 2.77
Implement RFC 6842. Thanks to Reddeiah Raju Konduru for Implement RFC 6842. Thanks to Reddeiah Raju Konduru for
pointing out that this was missing. pointing out that this was missing.
Make --bogus-priv apply to IPv6, for the prefixes specified
in RFC6303. Thanks to Kevin Darbyshire-Bryant for work on this.
version 2.76 version 2.76
Include 0.0.0.0/8 in DNS rebind checks. This range Include 0.0.0.0/8 in DNS rebind checks. This range
......
man/dnsmasq.8
View file @ fca008d8
...@@ -301,7 +301,8 @@ attached to. Currently this facility is limited to IPv4. ...@@ -301,7 +301,8 @@ attached to. Currently this facility is limited to IPv4.
.B \-b, --bogus-priv .B \-b, --bogus-priv
Bogus private reverse lookups. All reverse lookups for private IP ranges (ie 192.168.x.x, etc) Bogus private reverse lookups. All reverse lookups for private IP ranges (ie 192.168.x.x, etc)
which are not found in /etc/hosts or the DHCP leases file are answered which are not found in /etc/hosts or the DHCP leases file are answered
with "no such domain" rather than being forwarded upstream. with "no such domain" rather than being forwarded upstream. The
set of prefixes affected is the list given in RFC6303, for IPv4 and IPv6.
.TP .TP
.B \-V, --alias=[<old-ip>]|[<start-ip>-<end-ip>],<new-ip>[,<mask>] .B \-V, --alias=[<old-ip>]|[<start-ip>-<end-ip>],<new-ip>[,<mask>]
Modify IPv4 addresses returned from upstream nameservers; old-ip is Modify IPv4 addresses returned from upstream nameservers; old-ip is
......
src/rfc1035.c
View file @ fca008d8
...@@ -426,6 +426,19 @@ int private_net(struct in_addr addr, int ban_localhost) ...@@ -426,6 +426,19 @@ int private_net(struct in_addr addr, int ban_localhost)
((ip_addr & 0xFFFFFFFF) == 0xFFFFFFFF) /* 255.255.255.255/32 (broadcast)*/ ; ((ip_addr & 0xFFFFFFFF) == 0xFFFFFFFF) /* 255.255.255.255/32 (broadcast)*/ ;
} }
#ifdef HAVE_IPV6
static int private_net6(struct in6_addr *a)
{
return
IN6_IS_ADDR_UNSPECIFIED(a) || /* RFC 6303 4.3 */
IN6_IS_ADDR_LOOPBACK(a) || /* RFC 6303 4.3 */
IN6_IS_ADDR_LINKLOCAL(a) || /* RFC 6303 4.5 */
((unsigned char *)a)[0] == 0xfd || /* RFC 6303 4.4 */
((u32 *)a)[0] == htonl(0x20010db8); /* RFC 6303 4.6 */
}
#endif
static unsigned char *do_doctor(unsigned char *p, int count, struct dns_header *header, size_t qlen, char *name, int *doctored) static unsigned char *do_doctor(unsigned char *p, int count, struct dns_header *header, size_t qlen, char *name, int *doctored)
{ {
int i, qtype, qclass, rdlen; int i, qtype, qclass, rdlen;
...@@ -1440,16 +1453,18 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, ...@@ -1440,16 +1453,18 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
anscount++; anscount++;
} }
} }
else if (is_arpa == F_IPV4 && else if (option_bool(OPT_BOGUSPRIV) && (
option_bool(OPT_BOGUSPRIV) && #ifdef HAVE_IPV6
private_net(addr.addr.addr4, 1)) (is_arpa == F_IPV6 && private_net6(&addr.addr.addr6)) ||
#endif
(is_arpa == F_IPV4 && private_net(addr.addr.addr4, 1))))
{ {
/* if not in cache, enabled and private IPV4 address, return NXDOMAIN */ /* if not in cache, enabled and private IPV4 address, return NXDOMAIN */
ans = 1; ans = 1;
sec_data = 0; sec_data = 0;
nxdomain = 1; nxdomain = 1;
if (!dryrun) if (!dryrun)
log_query(F_CONFIG | F_REVERSE | F_IPV4 | F_NEG | F_NXDOMAIN, log_query(F_CONFIG | F_REVERSE | is_arpa | F_NEG | F_NXDOMAIN,
name, &addr, NULL); name, &addr, NULL);
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment