From: Otto Moerbeek Date: Mon, 17 Jun 2024 09:22:47 +0000 (+0200) Subject: rec: count substituted remote in case of proxy protocol X-Git-Tag: rec-5.2.0-alpha0~17^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a6f989d8cb1b26329a50925d6d7f0ef06d9572cd;p=thirdparty%2Fpdns.git rec: count substituted remote in case of proxy protocol Other remote counts are already doing that --- diff --git a/pdns/recursordist/pdns_recursor.cc b/pdns/recursordist/pdns_recursor.cc index 5e0c98ee5a..a04aaa5ce8 100644 --- a/pdns/recursordist/pdns_recursor.cc +++ b/pdns/recursordist/pdns_recursor.cc @@ -2550,7 +2550,7 @@ static void handleNewUDPQuestion(int fileDesc, FDMultiplexer::funcparam_t& /* va } } if (t_remotes) { - t_remotes->push_back(fromaddr); + t_remotes->push_back(source); } if (t_allowFrom && !t_allowFrom->match(&mappedSource)) { diff --git a/pdns/recursordist/rec-tcp.cc b/pdns/recursordist/rec-tcp.cc index 4d1a055fff..661be32fbe 100644 --- a/pdns/recursordist/rec-tcp.cc +++ b/pdns/recursordist/rec-tcp.cc @@ -565,6 +565,9 @@ static void handleRunningTCPQuestion(int fileDesc, FDMultiplexer::funcparam_t& v ++iter->second.stats.netmaskMatches; } } + if (t_remotes) { + t_remotes->push_back(conn->d_source); + } if (t_allowFrom && !t_allowFrom->match(&conn->d_mappedSource)) { if (!g_quiet) { SLOG(g_log << Logger::Error << "[" << g_multiTasker->getTid() << "] dropping TCP query from " << conn->d_mappedSource.toString() << ", address not matched by allow-from" << endl, @@ -693,10 +696,6 @@ void handleNewTCPQuestion(int fileDesc, [[maybe_unused]] FDMultiplexer::funcpara return; } - if (t_remotes) { - t_remotes->push_back(addr); - } - ComboAddress destaddr; socklen_t len = sizeof(destaddr); getsockname(newsock, reinterpret_cast(&destaddr), &len); // if this fails, we're ok with it NOLINT(cppcoreguidelines-pro-type-reinterpret-cast)