modules/policy: TLS defaults to port 853

diff --git a/daemon/bindings.c b/daemon/bindings.c
index 6875fa9fe35b32bab7c2f04c99f82be933f2f573..9da34be011843bd67afe988f75d101194b7e4be9 100644 (file)
--- a/daemon/bindings.c
+++ b/daemon/bindings.c
@@ -477,7 +477,6 @@ static int net_tls_client(lua_State *L)
        const char *full_addr = NULL;
        bool pin_exists = false;
        bool ca_file_exists = false;
-       printf("%i\n", lua_gettop(L));
        if ((lua_gettop(L) == 1) && lua_isstring(L, 1)) {
                full_addr = lua_tostring(L, 1);
        } else if ((lua_gettop(L) == 2) && lua_isstring(L, 1) && lua_istable(L, 2)) {

diff --git a/modules/policy/policy.lua b/modules/policy/policy.lua
index f662a75d7a102b20586845c6050db7e80e2c5720..7a829954a21c7a5c82b79c305159c6e112b0e180 100644 (file)
--- a/modules/policy/policy.lua
+++ b/modules/policy/policy.lua
@@ -33,15 +33,23 @@ if has_socket then
        end
 end
 
-local function addr_split_port(target)
+local function addr_split_port(target, default_port)
+       assert(default_port)
+       assert(type(default_port) == 'number')
        local addr, port = target:match '([^@]*)@?(.*)'
-       port = port and tonumber(port) or 53
-       return addr, port
+       local nport
+       if port ~= "" then
+               nport = tonumber(port)
+               if not nport or nport < 1 or nport > 65535 then
+                       error('port "'.. port  ..'" is not valid')
+               end
+       end
+       return addr, nport or default_port
 end
 
 -- String address@port -> sockaddr.
-local function addr2sock(target)
-       local addr, port = addr_split_port(target)
+local function addr2sock(target, default_port)
+       local addr, port = addr_split_port(target, default_port)
        local sock = ffi.gc(ffi.C.kr_straddr_socket(addr, port), ffi.C.free);
        if sock == nil then
                error("target '"..target..'" is not a valid IP address')
@@ -51,7 +59,7 @@ end
 
 -- Mirror request elsewhere, and continue solving
 local function mirror(target)
-       local addr, port = addr_split_port(target)
+       local addr, port = addr_split_port(target, 53)
        local sink, err = socket_client(addr, port)
        if not sink then panic('MIRROR target %s is not a valid: %s', target, err) end
        return function(state, req)
@@ -80,11 +88,11 @@ local function stub(target)
        local list = {}
        if type(target) == 'table' then
                for _, v in pairs(target) do
-                       table.insert(list, addr2sock(v))
+                       table.insert(list, addr2sock(v, 53))
                        assert(#list <= 4, 'at most 4 STUB targets are supported')
                end
        else
-               table.insert(list, addr2sock(target))
+               table.insert(list, addr2sock(target, 53))
        end
        return function(state, req)
                local qry = req:current()
@@ -101,11 +109,11 @@ local function forward(target)
        local list = {}
        if type(target) == 'table' then
                for _, v in pairs(target) do
-                       table.insert(list, addr2sock(v))
+                       table.insert(list, addr2sock(v, 53))
                        assert(#list <= 4, 'at most 4 FORWARD targets are supported')
                end
        else
-               table.insert(list, addr2sock(target))
+               table.insert(list, addr2sock(target, 53))
        end
        return function(state, req)
                local qry = req:current()
@@ -135,7 +143,7 @@ local function tls_forward(target)
                if type(upstream_addr) ~= 'string' then
                        assert(false, 'bad IP address in TLS_FORWARD target')
                end
-               table.insert(sockaddr_list, addr2sock(upstream_addr))
+               table.insert(sockaddr_list, addr2sock(upstream_addr, 853))
                table.insert(addr_list, upstream_addr)
                local ca_file = upstream_list_entry['ca_file']
                if ca_file ~= nil then