#ifdef HAVE_FSTRM
sr.setFrameStreamServers(t_frameStreamServers);
#endif
- sr.setQuerySource(dc->d_mappedSource, g_useIncomingECS && !dc->d_ednssubnet.source.empty() ? boost::optional<const EDNSSubnetOpts&>(dc->d_ednssubnet) : boost::none);
+ bool useMapped = true;
+ // If proxy by table is active and had a match, we only want to use the mapped address if it also has a domain match
+ // (if a domain suffix match table is present in the config)
+ if (t_proxyMapping && dc->d_source != dc->d_mappedSource) {
+ if (auto it = t_proxyMapping->lookup(dc->d_source)) {
+ if (it->second.suffixMatchNode) {
+ if (!it->second.suffixMatchNode->check(dc->d_mdp.d_qname)) {
+ // No match in domains, use original source
+ useMapped = false;
+ }
+ }
+ // No suffix match node defined, use mapped address
+ }
+ // lookup failing cannot happen as dc->d_source != dc->d_mappedSource
+ }
+ sr.setQuerySource(useMapped ? dc->d_mappedSource : dc->d_source, g_useIncomingECS && !dc->d_ednssubnet.source.empty() ? boost::optional<const EDNSSubnetOpts&>(dc->d_ednssubnet) : boost::none);
+
sr.setQueryReceivedOverTCP(dc->d_tcp);
bool tracedQuery = false; // we could consider letting Lua know about this too
ComboAddress mappedSource = source;
if (t_proxyMapping) {
if (auto it = t_proxyMapping->lookup(source)) {
- mappedSource = it->second;
+ mappedSource = it->second.address;
}
}
if (t_remotes) {
lci.allowAdditionalQTypes.insert_or_assign(qtype, pair(targets, mode));
});
- Lua->writeFunction("addProxyMapping", [&proxyMapping](const string& netmaskArg, const string& addressArg) {
+ Lua->writeFunction("addProxyMapping", [&proxyMapping](const string& netmaskArg, const string& addressArg, boost::optional<std::vector<pair<int,std::string>>> smnStrings) {
try {
Netmask netmask(netmaskArg);
ComboAddress address(addressArg);
- proxyMapping.insert_or_assign(netmask, address);
+ boost::optional<SuffixMatchNode> smn;
+ if (smnStrings) {
+ smn = boost::make_optional(SuffixMatchNode{});
+ for (const auto& el : *smnStrings) {
+ smn->add(el.second);
+ }
+ }
+ proxyMapping.insert_or_assign(netmask, {address, smn});
}
catch (std::exception& e) {
g_log << Logger::Error << "Error processing addProxyMapping: " << e.what() << endl;
ResolveDeferred
};
-using ProxyMapping = NetmaskTree<ComboAddress, Netmask>;
+struct ProxyByTableValue
+{
+ ComboAddress address;
+ boost::optional<SuffixMatchNode> suffixMatchNode;
+};
+
+using ProxyMapping = NetmaskTree<ProxyByTableValue, Netmask>;
class LuaConfigItems
{
conn->d_mappedSource = conn->d_source;
if (t_proxyMapping) {
if (auto it = t_proxyMapping->lookup(conn->d_source)) {
- conn->d_mappedSource = it->second;
+ conn->d_mappedSource = it->second.address;
}
}
if (t_allowFrom && !t_allowFrom->match(&conn->d_mappedSource)) {
ComboAddress mappedSource = addr;
if (!fromProxyProtocolSource && t_proxyMapping) {
if (auto it = t_proxyMapping->lookup(addr)) {
- mappedSource = it->second;
+ mappedSource = it->second.address;
}
}
if (!fromProxyProtocolSource && t_allowFrom && !t_allowFrom->match(&mappedSource)) {
projects / thirdparty / pdns.git / commitdiff
