Skip to content

Mm dns #400

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
huaraz wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Mm dns #400

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
187731f
Reverse DNS for IP networl.mask match
Aug 31, 2021
a1bba96
Merge branch 'tinyproxy:master' into mm-rdns
huaraz Aug 31, 2021
5a89297
Remove duplication
Aug 31, 2021
e5e633e
Disable option as default
Sep 3, 2021
6a8db94
Add man page content
Sep 3, 2021
306cdfe
Use correct naming of DNS action
Sep 3, 2021
56c0dd1
correct option name
Sep 12, 2021
9967f64
Merge branch 'tinyproxy:master' into mm-dns
huaraz Oct 2, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions configure.ac
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,16 @@ if test x"$transparent_enabled" = x"yes"; then
AC_DEFINE(TRANSPARENT_PROXY)
fi

dnl Include support for reverse dns to match IP network/mask ?
AH_TEMPLATE([FDNS_ENABLE],
[Include support for forward dns to match IP network/mask. This is best used with nscd enabled to minimise DNS resolution delays])
TP_ARG_ENABLE(fdns,
[Enable support for forward dns to match IP network/mask (default is NO)],
no)
if test x"$fdns__enabled" = x"yes"; then
AC_DEFINE(FDNS_ENABLE)
fi

dnl Let user decide whether he wants support for manpages
dnl Which require either pod2man or a tarball release
AH_TEMPLATE([MANPAGE_SUPPORT],
Expand Down
1 change: 1 addition & 0 deletions docs/man5/tinyproxy.conf.txt.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -200,6 +200,7 @@ Note that the upstream directive can also be used to null-route
a specific target domain/host, e.g.:
`upstream http 0.0.0.0:0 ".adserver.com"`

With FDNS enabled the site's IP address will also be matched against the <IP/bits> or <IP/mask> values in addition to the name or domain match
=item B<MaxClients>

Tinyproxy creates one thread for each connected client.
Expand Down
42 changes: 42 additions & 0 deletions src/hostspec.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@
#include "hostspec.h"
#include "heap.h"
#include "network.h"
#ifdef FDNS_ENABLE
#include "log.h"
#endif

static int dotted_mask(char *bitmask_string, unsigned char array[])
{
Expand Down Expand Up @@ -159,6 +162,42 @@ static int numeric_match(const uint8_t addr[], const struct hostspec *h)
return 1;
}

#ifdef FDNS_ENABLE
static int dns_numeric_match(const char *ip, const struct hostspec *h)
{
int ret;
struct addrinfo *res, *ressave;
uint8_t numeric_addr[IPV6_LEN];
char ipbuf[512];

errno = 0;

ret =getaddrinfo (ip, NULL, NULL, &res);

ressave = res;

if (ret != 0) {
if (ret == EAI_SYSTEM)
log_message (LOG_ERR, "Could not retrieve address info for %s : %s",ip,strerror(errno));
else
log_message (LOG_ERR, "Could not retrieve address info for %s : %s",ip,gai_strerror(errno));
} else {
do {
/* return if IP matches */
get_ip_string (res->ai_addr, ipbuf, sizeof (ipbuf));
full_inet_pton (ipbuf, &numeric_addr);
if (numeric_match (numeric_addr, h)) {
break;
}
} while ((res = res->ai_next) != NULL);
}

freeaddrinfo (ressave);

return numeric_match (numeric_addr, h);
}
#endif

/* check whether ip matches hostspec.
return 1 on match, 0 on non-match */
int hostspec_match(const char *ip, const struct hostspec *h) {
Expand All @@ -171,6 +210,9 @@ int hostspec_match(const char *ip, const struct hostspec *h) {
if(is_numeric_addr) return 0;
return string_match (ip, h->address.string);
case HST_NUMERIC:
#ifdef FDNS_ENABLE
if(!is_numeric_addr) return dns_numeric_match(ip, h);
#endif
return numeric_match (numeric_addr, h);
case HST_NONE:
return 0;
Expand Down