Commit 15dc8bd8 authored by Vladimír Čunát's avatar Vladimír Čunát

force kresd to follow net.ip(4,6) settings when forwarding

Continuation of the parent commit.  In particular, kr_nsrep_set()
can't be used to create NS list "with holes".
parent 06bf7a39
...@@ -20,6 +20,7 @@ Bugfixes ...@@ -20,6 +20,7 @@ Bugfixes
as the submodule collects metrics from all sub-processes as well. as the submodule collects metrics from all sub-processes as well.
- TLS fixes for corner cases (!714, !700) - TLS fixes for corner cases (!714, !700)
- fix build with -DNOVERBOSELOG (#424) - fix build with -DNOVERBOSELOG (#424)
- policy.{FORWARD,TLS_FORWARD,STUB}: respect net.ipv{4,6} setting (!710)
Improvements Improvements
------------ ------------
......
...@@ -461,13 +461,13 @@ configured in the config file. ...@@ -461,13 +461,13 @@ configured in the config file.
:return: boolean (default: true) :return: boolean (default: true)
Enable/disable using IPv6 for recursion. Enable/disable using IPv6 for contacting upstream nameservers.
.. envvar:: net.ipv4 = true|false .. envvar:: net.ipv4 = true|false
:return: boolean (default: true) :return: boolean (default: true)
Enable/disable using IPv4 for recursion. Enable/disable using IPv4 for contacting upstream nameservers.
.. function:: net.listen(addresses, [port = 53, flags = {tls = (port == 853)}]) .. function:: net.listen(addresses, [port = 53, flags = {tls = (port == 853)}])
......
...@@ -109,11 +109,11 @@ struct kr_nsrep ...@@ -109,11 +109,11 @@ struct kr_nsrep
}; };
/** /**
* Set given NS address. * Set given NS address. (Very low-level access to the list.)
* @param qry updated query * @param qry updated query
* @param index index of the updated target * @param index index of the updated target
* @param sock socket address to use (sockaddr_in or sockaddr_in6 or NULL) * @param sock socket address to use (sockaddr_in or sockaddr_in6 or NULL)
* @return 0 or an error code * @return 0 or an error code, in particular kr_error(ENOENT) for net.ipvX
*/ */
KR_EXPORT KR_EXPORT
int kr_nsrep_set(struct kr_query *qry, size_t index, const struct sockaddr *sock); int kr_nsrep_set(struct kr_query *qry, size_t index, const struct sockaddr *sock);
......
...@@ -81,13 +81,20 @@ end ...@@ -81,13 +81,20 @@ end
-- Override the list of nameservers (forwarders) -- Override the list of nameservers (forwarders)
local function set_nslist(qry, list) local function set_nslist(qry, list)
for i, ns in ipairs(list) do local ns_i = 0
for _, ns in ipairs(list) do
-- kr_nsrep_set() can return kr_error(ENOENT), it's OK -- kr_nsrep_set() can return kr_error(ENOENT), it's OK
ffi.C.kr_nsrep_set(qry, i - 1, ns) if ffi.C.kr_nsrep_set(qry, ns_i, ns) == 0 then
ns_i = ns_i + 1
end
end end
-- If less than maximum NSs, insert guard to terminate the list -- If less than maximum NSs, insert guard to terminate the list
if #list < 4 then if ns_i < 3 then
assert(ffi.C.kr_nsrep_set(qry, #list, nil) == 0); assert(ffi.C.kr_nsrep_set(qry, ns_i, nil) == 0);
end
if ns_i == 0 then
-- would use assert() but don't want to compose the message if not triggered
error('no adress in the configured NS set is usable:\n' .. table_print(list, 2))
end end
end end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment