From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Tue, 8 Jan 2019 13:56:17 +0000 (+0100)
Subject: rec: Call the ipfilter hook if any over TCP as well
X-Git-Tag: rec-4.2.0-alpha1~8^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5034517a25d505cb855bac9cc9c39ef9b6552901;p=thirdparty%2Fpdns.git

rec: Call the ipfilter hook if any over TCP as well
---

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index 606da49e61..4bb10c96e0 100644
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -1959,6 +1959,15 @@ static void handleRunningTCPQuestion(int fd, FDMultiplexer::funcparam_t& var)
         }
       }
 #endif
+      if(t_pdl) {
+        if(t_pdl->ipfilter(dc->d_source, dc->d_destination, *dh)) {
+          if(!g_quiet)
+            g_log<<Logger::Notice<<t_id<<" ["<<MT->getTid()<<"/"<<MT->numProcesses()<<"] DROPPED TCP question from "<<dc->d_source.toStringWithPort()<<(dc->d_source != dc->d_remote ? " (via "+dc->d_remote.toStringWithPort()+")" : "")<<" based on policy"<<endl;
+          g_stats.policyDrops++;
+          return;
+        }
+      }
+
       if(dc->d_mdp.d_header.qr) {
         g_stats.ignoredCount++;
         if(g_logCommonErrors) {