* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: client.c,v 1.262 2009/01/27 22:29:58 jinmei Exp $ */
+/* $Id: client.c,v 1.263 2009/03/03 01:36:17 marka Exp $ */
#include <config.h>
dns_name_t *signame;
isc_boolean_t ra; /* Recursion available. */
isc_netaddr_t netaddr;
- isc_netaddr_t destaddr;
int match;
dns_messageid_t id;
unsigned int flags;
* etc), we regard this as an error for safety.
*/
if ((client->interface->flags & NS_INTERFACEFLAG_ANYADDR) == 0)
- isc_netaddr_fromsockaddr(&destaddr, &client->interface->addr);
+ isc_netaddr_fromsockaddr(&client->destaddr,
+ &client->interface->addr);
else {
+ isc_sockaddr_t sockaddr;
result = ISC_R_FAILURE;
- if (TCP_CLIENT(client)) {
- isc_sockaddr_t destsockaddr;
-
+ if (TCP_CLIENT(client))
result = isc_socket_getsockname(client->tcpsocket,
- &destsockaddr);
- if (result == ISC_R_SUCCESS)
- isc_netaddr_fromsockaddr(&destaddr,
- &destsockaddr);
- }
+ &sockaddr);
+ if (result == ISC_R_SUCCESS)
+ isc_netaddr_fromsockaddr(&client->destaddr, &sockaddr);
if (result != ISC_R_SUCCESS &&
client->interface->addr.type.sa.sa_family == AF_INET6 &&
(client->attributes & NS_CLIENTATTR_PKTINFO) != 0) {
- isc_uint32_t zone = 0;
-
/*
* XXXJT technically, we should convert the receiving
* interface ID to a proper scope zone ID. However,
* interface index as link ID. Despite the assumption,
* it should cover most typical cases.
*/
- if (IN6_IS_ADDR_LINKLOCAL(&client->pktinfo.ipi6_addr))
- zone = (isc_uint32_t)client->pktinfo.ipi6_ifindex;
-
- isc_netaddr_fromin6(&destaddr,
+ isc_netaddr_fromin6(&client->destaddr,
&client->pktinfo.ipi6_addr);
- isc_netaddr_setzone(&destaddr, zone);
+ if (IN6_IS_ADDR_LINKLOCAL(&client->pktinfo.ipi6_addr))
+ isc_netaddr_setzone(&client->destaddr,
+ client->pktinfo.ipi6_ifindex);
result = ISC_R_SUCCESS;
}
if (result != ISC_R_SUCCESS) {
tsig = dns_tsigkey_identity(client->message->tsigkey);
if (allowed(&netaddr, tsig, view->matchclients) &&
- allowed(&destaddr, tsig, view->matchdestinations) &&
+ allowed(&client->destaddr, tsig,
+ view->matchdestinations) &&
!((client->message->flags & DNS_MESSAGEFLAG_RD)
== 0 && view->matchrecursiveonly))
{
ns_client_checkaclsilent(client, NULL,
client->view->queryacl,
ISC_TRUE) == ISC_R_SUCCESS &&
- ns_client_checkaclsilent(client, &client->interface->addr,
+ ns_client_checkaclsilent(client, &client->destaddr,
client->view->recursiononacl,
ISC_TRUE) == ISC_R_SUCCESS &&
- ns_client_checkaclsilent(client, &client->interface->addr,
+ ns_client_checkaclsilent(client, &client->destaddr,
client->view->queryonacl,
ISC_TRUE) == ISC_R_SUCCESS)
ra = ISC_TRUE;
}
isc_result_t
-ns_client_checkaclsilent(ns_client_t *client, isc_sockaddr_t *sockaddr,
+ns_client_checkaclsilent(ns_client_t *client, isc_netaddr_t *netaddr,
dns_acl_t *acl, isc_boolean_t default_allow)
{
isc_result_t result;
+ isc_netaddr_t tmpnetaddr;
int match;
- isc_netaddr_t netaddr;
if (acl == NULL) {
if (default_allow)
goto deny;
}
+ if (netaddr == NULL) {
+ isc_netaddr_fromsockaddr(&tmpnetaddr, &client->peeraddr);
+ netaddr = &tmpnetaddr;
+ }
- if (sockaddr == NULL)
- isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
- else
- isc_netaddr_fromsockaddr(&netaddr, sockaddr);
-
- result = dns_acl_match(&netaddr, client->signer, acl,
- &ns_g_server->aclenv,
- &match, NULL);
+ result = dns_acl_match(netaddr, client->signer, acl,
+ &ns_g_server->aclenv, &match, NULL);
if (result != ISC_R_SUCCESS)
goto deny; /* Internal error, already logged. */
const char *opname, dns_acl_t *acl,
isc_boolean_t default_allow, int log_level)
{
- isc_result_t result =
- ns_client_checkaclsilent(client, sockaddr, acl, default_allow);
+ isc_result_t result;
+ isc_netaddr_t netaddr;
+
+ if (sockaddr != NULL)
+ isc_netaddr_fromsockaddr(&netaddr, sockaddr);
+
+ result = ns_client_checkaclsilent(client, sockaddr ? &netaddr : NULL,
+ acl, default_allow);
if (result == ISC_R_SUCCESS)
ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: client.h,v 1.88 2009/01/17 23:47:42 tbox Exp $ */
+/* $Id: client.h,v 1.89 2009/03/03 01:36:17 marka Exp $ */
#ifndef NAMED_CLIENT_H
#define NAMED_CLIENT_H 1
ns_interface_t *interface;
isc_sockaddr_t peeraddr;
isc_boolean_t peeraddr_valid;
+ isc_netaddr_t destaddr;
struct in6_pktinfo pktinfo;
isc_event_t ctlevent;
/*%
*/
isc_result_t
-ns_client_checkaclsilent(ns_client_t *client,
- isc_sockaddr_t *sockaddr,
- dns_acl_t *acl,
- isc_boolean_t default_allow);
+ns_client_checkaclsilent(ns_client_t *client, isc_netaddr_t *netaddr,
+ dns_acl_t *acl, isc_boolean_t default_allow);
/*%
* Convenience function for client request ACL checking.
*
* Requires:
*\li 'client' points to a valid client.
- *\li 'sockaddr' points to a valid address, or is NULL.
+ *\li 'netaddr' points to a valid address, or is NULL.
*\li 'acl' points to a valid ACL, or is NULL.
*
* Returns:
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: query.c,v 1.320 2009/02/15 23:04:38 marka Exp $ */
+/* $Id: query.c,v 1.321 2009/03/03 01:36:17 marka Exp $ */
/*! \file */
char namebuf[DNS_NAME_FORMATSIZE];
char typename[DNS_RDATATYPE_FORMATSIZE];
char classname[DNS_RDATACLASS_FORMATSIZE];
+ char onbuf[ISC_NETADDR_FORMATSIZE];
dns_rdataset_t *rdataset;
int level = ISC_LOG_INFO;
dns_name_format(client->query.qname, namebuf, sizeof(namebuf));
dns_rdataclass_format(rdataset->rdclass, classname, sizeof(classname));
dns_rdatatype_format(rdataset->type, typename, sizeof(typename));
+ isc_netaddr_format(&client->destaddr, onbuf, sizeof(onbuf));
ns_client_log(client, NS_LOGCATEGORY_QUERIES, NS_LOGMODULE_QUERY,
- level, "query: %s %s %s %s%s%s%s%s", namebuf, classname,
- typename, WANTRECURSION(client) ? "+" : "-",
+ level, "query: %s %s %s %s%s%s%s%s (%s)", namebuf,
+ classname, typename, WANTRECURSION(client) ? "+" : "-",
(client->signer != NULL) ? "S": "",
(client->opt != NULL) ? "E" : "",
((extflags & DNS_MESSAGEEXTFLAG_DO) != 0) ? "D" : "",
- ((flags & DNS_MESSAGEFLAG_CD) != 0) ? "C" : "");
+ ((flags & DNS_MESSAGEFLAG_CD) != 0) ? "C" : "",
+ onbuf);
}
static inline void
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- File: $Id: Bv9ARM-book.xml,v 1.399 2009/02/25 17:39:30 jreed Exp $ -->
+<!-- File: $Id: Bv9ARM-book.xml,v 1.400 2009/03/03 01:36:17 marka Exp $ -->
<book xmlns:xi="http://www.w3.org/2001/XInclude">
<title>BIND 9 Administrator Reference Manual</title>
<para>
The query log entry reports the client's IP
address and port number, and the query name,
- class and type. It also reports whether the
+ class and type. Next it reports whether the
Recursion Desired flag was set (+ if set, -
if not set), if the query was signed (S),
EDNS was in use (E), if DO (DNSSEC Ok) was
set (D), or if CD (Checking Disabled) was set
- (C).
+ (C). After this the destination address the
+ query was sent to is reported.
</para>
<para>
projects / thirdparty / bind9.git / commitdiff
