]>
Commit | Line | Data |
---|---|---|
12c86877 BH |
1 | /* |
2 | PowerDNS Versatile Database Driven Nameserver | |
3 | Copyright (C) 2002 PowerDNS.COM BV | |
4 | ||
5 | This program is free software; you can redistribute it and/or modify | |
22dc646a BH |
6 | it under the terms of the GNU General Public License version 2 |
7 | as published by the Free Software Foundation | |
f782fe38 MH |
8 | |
9 | Additionally, the license of this program contains a special | |
10 | exception which allows to distribute the program in binary form when | |
11 | it is linked against OpenSSL. | |
12c86877 BH |
12 | |
13 | This program is distributed in the hope that it will be useful, | |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
16 | GNU General Public License for more details. | |
17 | ||
18 | You should have received a copy of the GNU General Public License | |
19 | along with this program; if not, write to the Free Software | |
06bd9ccf | 20 | Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA |
12c86877 BH |
21 | */ |
22 | #ifndef PDNS_DNSPROXY | |
23 | #define PDNS_DNSPROXY | |
24 | #include <pthread.h> | |
25 | #include <map> | |
76473b92 KM |
26 | #include <sys/socket.h> |
27 | #include <netinet/in.h> | |
28 | #include <arpa/inet.h> | |
12c86877 BH |
29 | #include "dnspacket.hh" |
30 | #include "lock.hh" | |
31 | #include "iputils.hh" | |
32 | ||
10f4eea8 | 33 | #include "namespaces.hh" |
12c86877 BH |
34 | |
35 | /** | |
36 | ||
37 | how will this work. | |
38 | ||
39 | This is a thread that just throws packets around. Should handle ~1000 packets/second. | |
40 | ||
41 | Consists of a thread receiving packets back from the backend and retransmitting them to the original client. | |
42 | ||
43 | Furthermore, it provides a member function that reports the packet to the connection tracker and actually sends it out. | |
44 | ||
45 | The sending happens from a source port that is determined by the constructor, but IS random. Furthermore, the ID is XOR-ed with a random value | |
46 | to make sure outside parties can't spoof us. | |
47 | ||
48 | To fix: how to remove the stale entries that will surely accumulate | |
49 | */ | |
50 | ||
51 | class DNSProxy | |
52 | { | |
53 | public: | |
54 | DNSProxy(const string &ip); //!< creates socket | |
55 | void go(); //!< launches the actual thread | |
56 | void onlyFrom(const string &ips); //!< Only these netmasks are allowed to recurse via us | |
57 | bool sendPacket(DNSPacket *p); //!< send out a packet and make a conntrack entry to we can send back the answer | |
58 | ||
59 | void mainloop(); //!< this is the main loop that receives reply packets and sends them out again | |
60 | static void *launchhelper(void *p) | |
61 | { | |
62 | static_cast<DNSProxy *>(p)->mainloop(); | |
63 | return 0; | |
64 | } | |
b636533b | 65 | bool recurseFor(DNSPacket* p); |
12c86877 BH |
66 | private: |
67 | NetmaskGroup d_ng; | |
68 | int d_sock; | |
dee7ba5a BH |
69 | unsigned int* d_resanswers; |
70 | unsigned int* d_udpanswers; | |
71 | unsigned int* d_resquestions; | |
12c86877 | 72 | pthread_mutex_t d_lock; |
092f210a | 73 | uint16_t d_xor; |
12c86877 BH |
74 | int getID_locked(); |
75 | struct ConntrackEntry | |
76 | { | |
092f210a | 77 | uint16_t id; |
4d183f84 | 78 | ComboAddress remote; |
12c86877 BH |
79 | int outsock; |
80 | time_t created; | |
964cf8b3 BH |
81 | string qname; |
82 | uint16_t qtype; | |
12c86877 BH |
83 | }; |
84 | ||
85 | typedef map<int,ConntrackEntry> map_t; | |
86 | map_t d_conntrack; | |
87 | }; | |
88 | ||
89 | #endif |