Support IP accept list

2019-06-15 11:57:05 +08:00
parent 9a067e99c7
commit a09e63d333
7 changed files with 56 additions and 19 deletions
--- a/src/dns_conf.c
+++ b/src/dns_conf.c
@@ -9,7 +9,7 @@
 #include <string.h>
 #include <syslog.h>
 #include <unistd.h>
- #include <libgen.h>
+#include <libgen.h>

 #define DEFAULT_DNS_CACHE_SIZE 512

@@ -168,10 +168,10 @@ static int _config_server(int argc, char *argv[], dns_server_type_t type, int de
 	/* clang-format off */
 	static struct option long_options[] = {
 		{"blacklist-ip", no_argument, NULL, 'b'}, /* filtering with blacklist-ip */
-#ifdef FEATURE_CHECK_EDNS
+#ifdef FEATURE_CHECK_EDNS		
 		/* experimental feature */
 		{"check-edns", no_argument, NULL, 'e'},   /* check edns */
-#endif
+#endif 
 		{"spki-pin", required_argument, NULL, 'p'}, /* check SPKI pin */
 		{"host-name", required_argument, NULL, 'h'}, /* host name */
 		{"http-host", required_argument, NULL, 'H'}, /* http host */
@@ -236,6 +236,10 @@ static int _config_server(int argc, char *argv[], dns_server_type_t type, int de
 			result_flag |= DNSSERVER_FLAG_CHECK_EDNS;
 			break;
 		}
+		case 'a': {
+			result_flag |= DNSSERVER_FLAG_ACCEPT_IP;
+			break;
+		}		
 		case 'h': {
 			strncpy(server->hostname, optarg, DNS_MAX_CNAME_LEN);
 			break;
@@ -886,6 +890,12 @@ static int _config_iplist_rule(char *subnet, enum address_rule rule)
 		break;
 	case ADDRESS_RULE_IP_IGNORE:
 		ip_rule->ip_ignore = 1;
+		break;
+	case ADDRESS_RULE_IP_ACCEPT:
+		ip_rule->ip_accept = 1;
+		break;
+	default:
+		return -1;
 	}

 	return 0;
@@ -918,6 +928,15 @@ static int _conf_ip_ignore(void *data, int argc, char *argv[])
 	return _config_iplist_rule(argv[1], ADDRESS_RULE_IP_IGNORE);
 }

+static int _conf_ip_accept(void *data, int argc, char *argv[])
+{
+	if (argc <= 1) {
+		return -1;
+	}
+
+	return _config_iplist_rule(argv[1], ADDRESS_RULE_IP_ACCEPT);
+}
+
 static int _conf_edns_client_subnet(void *data, int argc, char *argv[])
 {
 	char *slash = NULL;
@@ -1024,6 +1043,7 @@ static struct config_item _config_item[] = {
 	CONF_CUSTOM("blacklist-ip", _config_blacklist_ip, NULL),
 	CONF_CUSTOM("bogus-nxdomain", _conf_bogus_nxdomain, NULL),
 	CONF_CUSTOM("ignore-ip", _conf_ip_ignore, NULL),
+	CONF_CUSTOM("accept-ip", _conf_ip_accept, NULL),
 	CONF_CUSTOM("edns-client-subnet", _conf_edns_client_subnet, NULL),
 	CONF_CUSTOM("conf-file", config_addtional_file, NULL),
 	CONF_END(),