[ipfire-2.x.git] / src / patches / dnsmasq / 012-Update_list_of_subnet_for_--bogus-priv.patch

From 90477fb79420a34124b66ebd808c578817a30e4c Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Tue, 20 Oct 2015 21:21:32 +0100
Subject: [PATCH] Update list of subnet for --bogus-priv

RFC6303 specifies & recommends following zones not be forwarded
to globally facing servers.
+------------------------------+-----------------------+
| Zone                         | Description           |
+------------------------------+-----------------------+
| 0.IN-ADDR.ARPA               | IPv4 "THIS" NETWORK   |
| 127.IN-ADDR.ARPA             | IPv4 Loopback NETWORK |
| 254.169.IN-ADDR.ARPA         | IPv4 LINK LOCAL       |
| 2.0.192.IN-ADDR.ARPA         | IPv4 TEST-NET-1       |
| 100.51.198.IN-ADDR.ARPA      | IPv4 TEST-NET-2       |
| 113.0.203.IN-ADDR.ARPA       | IPv4 TEST-NET-3       |
| 255.255.255.255.IN-ADDR.ARPA | IPv4 BROADCAST        |
+------------------------------+-----------------------+

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
---
 src/rfc1035.c |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/rfc1035.c b/src/rfc1035.c
index 6a51b30..4eb1772 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -756,10 +756,14 @@ int private_net(struct in_addr addr, int ban_localhost)
   return
     (((ip_addr & 0xFF000000) == 0x7F000000) && ban_localhost)  /* 127.0.0.0/8    (loopback) */ ||
     ((ip_addr & 0xFF000000) == 0x00000000)  /* RFC 5735 section 3. "here" network */ ||
-    ((ip_addr & 0xFFFF0000) == 0xC0A80000)  /* 192.168.0.0/16 (private)  */ ||
     ((ip_addr & 0xFF000000) == 0x0A000000)  /* 10.0.0.0/8     (private)  */ ||
     ((ip_addr & 0xFFF00000) == 0xAC100000)  /* 172.16.0.0/12  (private)  */ ||
-    ((ip_addr & 0xFFFF0000) == 0xA9FE0000)  /* 169.254.0.0/16 (zeroconf) */ ;
+    ((ip_addr & 0xFFFF0000) == 0xC0A80000)  /* 192.168.0.0/16 (private)  */ ||
+    ((ip_addr & 0xFFFF0000) == 0xA9FE0000)  /* 169.254.0.0/16 (zeroconf) */ ||
+    ((ip_addr & 0xFFFFFF00) == 0xC0000200)  /* 192.0.2.0/24   (test-net) */ ||
+    ((ip_addr & 0xFFFFFF00) == 0xC6336400)  /* 198.51.100.0/24(test-net) */ ||
+    ((ip_addr & 0xFFFFFF00) == 0xCB007100)  /* 203.0.113.0/24 (test-net) */ ||
+    ((ip_addr & 0xFFFFFFFF) == 0xFFFFFFFF)  /* 255.255.255.255/32 (broadcast)*/ ;
 }
 
 static unsigned char *do_doctor(unsigned char *p, int count, struct dns_header *header, size_t qlen, char *name, int *doctored)
-- 
1.7.10.4
Commit	Line	Data
40e1bbda MF	1	From 90477fb79420a34124b66ebd808c578817a30e4c Mon Sep 17 00:00:00 2001
	2	From: Simon Kelley <simon@thekelleys.org.uk>
	3	Date: Tue, 20 Oct 2015 21:21:32 +0100
	4	Subject: [PATCH] Update list of subnet for --bogus-priv
	5
	6	RFC6303 specifies & recommends following zones not be forwarded
	7	to globally facing servers.
	8	+------------------------------+-----------------------+
	9	\| Zone \| Description \|
	10	+------------------------------+-----------------------+
	11	\| 0.IN-ADDR.ARPA \| IPv4 "THIS" NETWORK \|
	12	\| 127.IN-ADDR.ARPA \| IPv4 Loopback NETWORK \|
	13	\| 254.169.IN-ADDR.ARPA \| IPv4 LINK LOCAL \|
	14	\| 2.0.192.IN-ADDR.ARPA \| IPv4 TEST-NET-1 \|
	15	\| 100.51.198.IN-ADDR.ARPA \| IPv4 TEST-NET-2 \|
	16	\| 113.0.203.IN-ADDR.ARPA \| IPv4 TEST-NET-3 \|
	17	\| 255.255.255.255.IN-ADDR.ARPA \| IPv4 BROADCAST \|
	18	+------------------------------+-----------------------+
	19
	20	Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
	21	---
	22	src/rfc1035.c \| 8 ++++++--
	23	1 file changed, 6 insertions(+), 2 deletions(-)
	24
	25	diff --git a/src/rfc1035.c b/src/rfc1035.c
	26	index 6a51b30..4eb1772 100644
	27	--- a/src/rfc1035.c
	28	+++ b/src/rfc1035.c
	29	@@ -756,10 +756,14 @@ int private_net(struct in_addr addr, int ban_localhost)
	30	return
	31	(((ip_addr & 0xFF000000) == 0x7F000000) && ban_localhost) /* 127.0.0.0/8 (loopback) */ \|\|
	32	((ip_addr & 0xFF000000) == 0x00000000) /* RFC 5735 section 3. "here" network */ \|\|
	33	- ((ip_addr & 0xFFFF0000) == 0xC0A80000) /* 192.168.0.0/16 (private) */ \|\|
	34	((ip_addr & 0xFF000000) == 0x0A000000) /* 10.0.0.0/8 (private) */ \|\|
	35	((ip_addr & 0xFFF00000) == 0xAC100000) /* 172.16.0.0/12 (private) */ \|\|
	36	- ((ip_addr & 0xFFFF0000) == 0xA9FE0000) /* 169.254.0.0/16 (zeroconf) */ ;
	37	+ ((ip_addr & 0xFFFF0000) == 0xC0A80000) /* 192.168.0.0/16 (private) */ \|\|
	38	+ ((ip_addr & 0xFFFF0000) == 0xA9FE0000) /* 169.254.0.0/16 (zeroconf) */ \|\|
	39	+ ((ip_addr & 0xFFFFFF00) == 0xC0000200) /* 192.0.2.0/24 (test-net) */ \|\|
	40	+ ((ip_addr & 0xFFFFFF00) == 0xC6336400) /* 198.51.100.0/24(test-net) */ \|\|
	41	+ ((ip_addr & 0xFFFFFF00) == 0xCB007100) /* 203.0.113.0/24 (test-net) */ \|\|
	42	+ ((ip_addr & 0xFFFFFFFF) == 0xFFFFFFFF) /* 255.255.255.255/32 (broadcast)*/ ;
	43	}
	44
	45	static unsigned char do_doctor(unsigned char p, int count, struct dns_header header, size_t qlen, char name, int *doctored)
	46	--
	47	1.7.10.4
	48