projects / thirdparty / pdns.git / blame
| Commit | Line | Data |
|---|---|---|
| 12c86877 BH |
1 | /* |
| 2 | PowerDNS Versatile Database Driven Nameserver | |
| 3 | Copyright (C) 2002 PowerDNS.COM BV | |
| 4 | ||
| 5 | This program is free software; you can redistribute it and/or modify | |
| 22dc646a BH |
6 | it under the terms of the GNU General Public License version 2 |
| 7 | as published by the Free Software Foundation | |
| f782fe38 MH |
8 | |
| 9 | Additionally, the license of this program contains a special | |
| 10 | exception which allows to distribute the program in binary form when | |
| 11 | it is linked against OpenSSL. | |
| 12c86877 BH |
12 | |
| 13 | This program is distributed in the hope that it will be useful, | |
| 14 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 16 | GNU General Public License for more details. | |
| 17 | ||
| 18 | You should have received a copy of the GNU General Public License | |
| 19 | along with this program; if not, write to the Free Software | |
| 06bd9ccf | 20 | Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA |
| 12c86877 BH |
21 | */ |
| 22 | #ifndef PDNS_DNSPROXY | |
| 23 | #define PDNS_DNSPROXY | |
| 24 | #include <pthread.h> | |
| 25 | #include <map> | |
| 76473b92 KM |
26 | #include <sys/socket.h> |
| 27 | #include <netinet/in.h> | |
| 28 | #include <arpa/inet.h> | |
| 12c86877 BH |
29 | #include "dnspacket.hh" |
| 30 | #include "lock.hh" | |
| 31 | #include "iputils.hh" | |
| 32 | ||
| 10f4eea8 | 33 | #include "namespaces.hh" |
| 12c86877 BH |
34 | |
| 35 | /** | |
| 36 | ||
| 37 | how will this work. | |
| 38 | ||
| 39 | This is a thread that just throws packets around. Should handle ~1000 packets/second. | |
| 40 | ||
| 41 | Consists of a thread receiving packets back from the backend and retransmitting them to the original client. | |
| 42 | ||
| 43 | Furthermore, it provides a member function that reports the packet to the connection tracker and actually sends it out. | |
| 44 | ||
| 45 | The sending happens from a source port that is determined by the constructor, but IS random. Furthermore, the ID is XOR-ed with a random value | |
| 46 | to make sure outside parties can't spoof us. | |
| 47 | ||
| 48 | To fix: how to remove the stale entries that will surely accumulate | |
| 49 | */ | |
| 50 | ||
| 51 | class DNSProxy | |
| 52 | { | |
| 53 | public: | |
| 54 | DNSProxy(const string &ip); //!< creates socket | |
| 55 | void go(); //!< launches the actual thread | |
| 56 | void onlyFrom(const string &ips); //!< Only these netmasks are allowed to recurse via us | |
| 57 | bool sendPacket(DNSPacket *p); //!< send out a packet and make a conntrack entry to we can send back the answer | |
| d59b894d | 58 | bool completePacket(DNSPacket *r, const std::string& target,const std::string& aname); |
| 12c86877 BH |
59 | |
| 60 | void mainloop(); //!< this is the main loop that receives reply packets and sends them out again | |
| 61 | static void *launchhelper(void *p) | |
| 62 | { | |
| 63 | static_cast<DNSProxy *>(p)->mainloop(); | |
| 64 | return 0; | |
| 65 | } | |
| b636533b | 66 | bool recurseFor(DNSPacket* p); |
| 12c86877 BH |
67 | private: |
| 68 | NetmaskGroup d_ng; | |
| 69 | int d_sock; | |
| 1566533a | 70 | AtomicCounter* d_resanswers; |
| 71 | AtomicCounter* d_udpanswers; | |
| 72 | AtomicCounter* d_resquestions; | |
| 12c86877 | 73 | pthread_mutex_t d_lock; |
| 092f210a | 74 | uint16_t d_xor; |
| 12c86877 BH |
75 | int getID_locked(); |
| 76 | struct ConntrackEntry | |
| 77 | { | |
| 12c86877 | 78 | time_t created; |
| e04e65fd | 79 | boost::optional<ComboAddress> anyLocal; |
| 964cf8b3 | 80 | string qname; |
| d59b894d | 81 | DNSPacket* complete; |
| 82 | string aname; | |
| e04e65fd PL |
83 | ComboAddress remote; |
| 84 | uint16_t id; | |
| 85 | uint16_t qtype; | |
| 86 | int outsock; | |
| 12c86877 BH |
87 | }; |
| 88 | ||
| 89 | typedef map<int,ConntrackEntry> map_t; | |
| 90 | map_t d_conntrack; | |
| 91 | }; | |
| 92 | ||
| 93 | #endif |