Commit c0d327d7 authored by Vladimír Čunát's avatar Vladimír Čunát Committed by Petr Špaček

policy.TLS_FORWARD: refusal when configuring with multiple IPs

Fixes #306
parent 817274a4
Knot Resolver 2.X.Y (2018-0M-DD)
================================
Bugfixes
--------
- detect_time_jump module: don't clear cache on suspend-resume (#284) - detect_time_jump module: don't clear cache on suspend-resume (#284)
- stats module: fix stats.list() returning nothing, regressed in 2.0.0 - stats module: fix stats.list() returning nothing, regressed in 2.0.0
- policy.TLS_FORWARD: refusal when configuring with multiple IPs (#306)
Knot Resolver 2.0.0 (2018-01-31) Knot Resolver 2.0.0 (2018-01-31)
......
...@@ -276,6 +276,7 @@ int kr_pkt_clear_payload(knot_pkt_t *); ...@@ -276,6 +276,7 @@ int kr_pkt_clear_payload(knot_pkt_t *);
const char *kr_inaddr(const struct sockaddr *); const char *kr_inaddr(const struct sockaddr *);
int kr_inaddr_family(const struct sockaddr *); int kr_inaddr_family(const struct sockaddr *);
int kr_inaddr_len(const struct sockaddr *); int kr_inaddr_len(const struct sockaddr *);
int kr_sockaddr_len(const struct sockaddr *);
uint16_t kr_inaddr_port(const struct sockaddr *); uint16_t kr_inaddr_port(const struct sockaddr *);
int kr_straddr_family(const char *); int kr_straddr_family(const char *);
int kr_straddr_subnet(void *, const char *); int kr_straddr_subnet(void *, const char *);
......
...@@ -143,6 +143,7 @@ EOF ...@@ -143,6 +143,7 @@ EOF
kr_inaddr kr_inaddr
kr_inaddr_family kr_inaddr_family
kr_inaddr_len kr_inaddr_len
kr_sockaddr_len
kr_inaddr_port kr_inaddr_port
kr_straddr_family kr_straddr_family
kr_straddr_subnet kr_straddr_subnet
......
...@@ -337,6 +337,18 @@ int kr_inaddr_len(const struct sockaddr *addr) ...@@ -337,6 +337,18 @@ int kr_inaddr_len(const struct sockaddr *addr)
return kr_family_len(addr->sa_family); return kr_family_len(addr->sa_family);
} }
int kr_sockaddr_len(const struct sockaddr *addr)
{
if (!addr) {
return kr_error(EINVAL);
}
switch (addr->sa_family) {
case AF_INET: return sizeof(struct sockaddr_in);
case AF_INET6: return sizeof(struct sockaddr_in6);
default: return kr_error(EINVAL);
}
}
uint16_t kr_inaddr_port(const struct sockaddr *addr) uint16_t kr_inaddr_port(const struct sockaddr *addr)
{ {
if (!addr) { if (!addr) {
...@@ -972,4 +984,4 @@ int knot_dname_lf2wire(knot_dname_t * const dst, uint8_t len, const uint8_t *lf) ...@@ -972,4 +984,4 @@ int knot_dname_lf2wire(knot_dname_t * const dst, uint8_t len, const uint8_t *lf)
*d = 0; /* the final zero */ *d = 0; /* the final zero */
++d; ++d;
return d - dst; return d - dst;
} }
\ No newline at end of file
...@@ -216,9 +216,12 @@ const char *kr_inaddr(const struct sockaddr *addr); ...@@ -216,9 +216,12 @@ const char *kr_inaddr(const struct sockaddr *addr);
/** Address family. */ /** Address family. */
KR_EXPORT KR_PURE KR_EXPORT KR_PURE
int kr_inaddr_family(const struct sockaddr *addr); int kr_inaddr_family(const struct sockaddr *addr);
/** Address length for given family. */ /** Address length for given family, i.e. sizeof(struct in*_addr). */
KR_EXPORT KR_PURE KR_EXPORT KR_PURE
int kr_inaddr_len(const struct sockaddr *addr); int kr_inaddr_len(const struct sockaddr *addr);
/** Sockaddr length for given family, i.e. sizeof(struct sockaddr_in*). */
KR_EXPORT KR_PURE
int kr_sockaddr_len(const struct sockaddr *addr);
/** Port. */ /** Port. */
KR_EXPORT KR_PURE KR_EXPORT KR_PURE
uint16_t kr_inaddr_port(const struct sockaddr *addr); uint16_t kr_inaddr_port(const struct sockaddr *addr);
......
...@@ -209,7 +209,7 @@ function policy.TLS_FORWARD(target) ...@@ -209,7 +209,7 @@ function policy.TLS_FORWARD(target)
local auth_type = tls_forward_target_authtype(idx, upstream_list_entry) local auth_type = tls_forward_target_authtype(idx, upstream_list_entry)
local string_addr = upstream_list_entry[1] local string_addr = upstream_list_entry[1]
local sockaddr_c = addr2sock(string_addr, 853) local sockaddr_c = addr2sock(string_addr, 853)
local sockaddr_lua = ffi.string(sockaddr_c, ffi.C.kr_inaddr_len(sockaddr_c)) local sockaddr_lua = ffi.string(sockaddr_c, ffi.C.kr_sockaddr_len(sockaddr_c))
if sockaddr_config[sockaddr_lua] then if sockaddr_config[sockaddr_lua] then
error('TLS_FORWARD configuration cannot declare two configs for IP address ' .. string_addr) error('TLS_FORWARD configuration cannot declare two configs for IP address ' .. string_addr)
end end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment