From: Otto Moerbeek Date: Mon, 17 Jun 2024 09:22:47 +0000 (+0200) Subject: rec: count substituted remote in case of proxy protocol X-Git-Tag: rec-5.0.7~2^2~1 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1cc69bd39f1fed573a64f6bda917fdd4b0108fba;p=thirdparty%2Fpdns.git rec: count substituted remote in case of proxy protocol Other remote counts are already doing that (cherry picked from commit a6f989d8cb1b26329a50925d6d7f0ef06d9572cd) --- diff --git a/pdns/recursordist/pdns_recursor.cc b/pdns/recursordist/pdns_recursor.cc index 3c5eb4ed3d..7b2419fd88 100644 --- a/pdns/recursordist/pdns_recursor.cc +++ b/pdns/recursordist/pdns_recursor.cc @@ -2507,7 +2507,7 @@ static void handleNewUDPQuestion(int fileDesc, FDMultiplexer::funcparam_t& /* va } } if (t_remotes) { - t_remotes->push_back(fromaddr); + t_remotes->push_back(source); } if (t_allowFrom && !t_allowFrom->match(&mappedSource)) { diff --git a/pdns/recursordist/rec-tcp.cc b/pdns/recursordist/rec-tcp.cc index 7d1a8bb3d1..efb08f8fd5 100644 --- a/pdns/recursordist/rec-tcp.cc +++ b/pdns/recursordist/rec-tcp.cc @@ -565,6 +565,9 @@ static void handleRunningTCPQuestion(int fileDesc, FDMultiplexer::funcparam_t& v ++iter->second.stats.netmaskMatches; } } + if (t_remotes) { + t_remotes->push_back(conn->d_source); + } if (t_allowFrom && !t_allowFrom->match(&conn->d_mappedSource)) { if (!g_quiet) { SLOG(g_log << Logger::Error << "[" << g_multiTasker->getTid() << "] dropping TCP query from " << conn->d_mappedSource.toString() << ", address not matched by allow-from" << endl, @@ -693,10 +696,6 @@ void handleNewTCPQuestion(int fileDesc, [[maybe_unused]] FDMultiplexer::funcpara return; } - if (t_remotes) { - t_remotes->push_back(addr); - } - bool fromProxyProtocolSource = expectProxyProtocol(addr); ComboAddress mappedSource = addr; if (!fromProxyProtocolSource && t_proxyMapping) {