daxi20/smartdns
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Support IP accept list

Browse Source
This commit is contained in:
Nick Peng
2019-06-15 11:57:05 +08:00
parent 9a067e99c7
commit a09e63d333
7 changed files with 56 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
ReadMe.md
View File

@@ -560,16 +560,17 @@ https://github.com/pymumu/smartdns/releases
|audit-size|审计大小|128K|数字+K,M,G|audit-size 128K |audit-size|审计大小|128K|数字+K,M,G|audit-size 128K
|audit-num|审计归档个数|2|数字|audit-num 2 |audit-num|审计归档个数|2|数字|audit-num 2
|conf-file|附加配置文件|无|文件路径|conf-file /etc/smartdns/smartdns.more.conf |conf-file|附加配置文件|无|文件路径|conf-file /etc/smartdns/smartdns.more.conf
|server|上游UDP DNS|无|可重复<br>`[ip][:port]`服务器IP端口可选。<br>`[-blacklist-ip]`blacklist-ip参数指定使用blacklist-ip配置IP过滤结果。<br>`[-group [group] ...]`DNS服务器所属组比如office, foreign和nameserver配套使用。<br>`[-exclude-default-group]`将DNS服务器从默认组中排除| server 8.8.8.8:53 -blacklist-ip -group g1 |server|上游UDP DNS|无|可重复<br>`[ip][:port]`服务器IP端口可选。<br>`[-blacklist-ip]`blacklist-ip参数指定使用blacklist-ip配置IP过滤结果。<br>`[-accept-ip]`accept-ip参数指定仅接受accept-ip中配置IP范围。<br>`[-group [group] ...]`DNS服务器所属组比如office, foreign和nameserver配套使用。<br>`[-exclude-default-group]`将DNS服务器从默认组中排除| server 8.8.8.8:53 -blacklist-ip -group g1
|server-tcp|上游TCP DNS|无|可重复<br>`[ip][:port]`服务器IP端口可选。<br>`[-blacklist-ip]`blacklist-ip参数指定使用blacklist-ip配置IP过滤结果。<br>`[-group [group] ...]`DNS服务器所属组比如office, foreign和nameserver配套使用。<br>`[-exclude-default-group]`将DNS服务器从默认组中排除| server-tcp 8.8.8.8:53 |server-tcp|上游TCP DNS|无|可重复<br>`[ip][:port]`服务器IP端口可选。<br>`[-blacklist-ip]`blacklist-ip参数指定使用blacklist-ip配置IP过滤结果。<br>`[-accept-ip]`accept-ip参数指定仅接受accept-ip中配置IP范围。<br>`[-group [group] ...]`DNS服务器所属组比如office, foreign和nameserver配套使用。<br>`[-exclude-default-group]`将DNS服务器从默认组中排除| server-tcp 8.8.8.8:53
|server-tls|上游TLS DNS|无|可重复<br>`[ip][:port]`服务器IP端口可选。<br>`[-spki-pin [sha256-pin]]`: TLS合法性校验SPKI值base64编码的sha256 SPKI pin值<br>`[host-name]`TLS SNI名称<br>`[-blacklist-ip]`blacklist-ip参数指定使用blacklist-ip配置IP过滤结果。<br>`[-group [group] ...]`DNS服务器所属组比如office, foreign和nameserver配套使用。<br>`[-exclude-default-group]`将DNS服务器从默认组中排除| server-tls 8.8.8.8:853 |server-tls|上游TLS DNS|无|可重复<br>`[ip][:port]`服务器IP端口可选。<br>`[-spki-pin [sha256-pin]]`: TLS合法性校验SPKI值base64编码的sha256 SPKI pin值<br>`[host-name]`TLS SNI名称<br>`[-blacklist-ip]`blacklist-ip参数指定使用blacklist-ip配置IP过滤结果。<br>`[-accept-ip]`accept-ip参数指定仅接受accept-ip中配置IP范围。<br>`[-group [group] ...]`DNS服务器所属组比如office, foreign和nameserver配套使用。<br>`[-exclude-default-group]`将DNS服务器从默认组中排除| server-tls 8.8.8.8:853
|server-https|上游HTTPS DNS|无|可重复<br>`https://[host][:port]/path`服务器IP端口可选。<br>`[-spki-pin [sha256-pin]]`: TLS合法性校验SPKI值base64编码的sha256 SPKI pin值<br>`[host-name]`TLS SNI名称<br>`[http-host]`http协议头主机名<br>`[-blacklist-ip]`blacklist-ip参数指定使用blacklist-ip配置IP过滤结果。<br>`[-group [group] ...]`DNS服务器所属组比如office, foreign和nameserver配套使用。<br>`[-exclude-default-group]`将DNS服务器从默认组中排除| server-https https://cloudflare-dns.com/dns-query |server-https|上游HTTPS DNS|无|可重复<br>`https://[host][:port]/path`服务器IP端口可选。<br>`[-spki-pin [sha256-pin]]`: TLS合法性校验SPKI值base64编码的sha256 SPKI pin值<br>`[host-name]`TLS SNI名称<br>`[http-host]`http协议头主机名<br>`[-blacklist-ip]`blacklist-ip参数指定使用blacklist-ip配置IP过滤结果。<br>`[-accept-ip]`accept-ip参数指定仅接受accept-ip中配置IP范围。<br>`[-group [group] ...]`DNS服务器所属组比如office, foreign和nameserver配套使用。<br>`[-exclude-default-group]`将DNS服务器从默认组中排除| server-https https://cloudflare-dns.com/dns-query
|address|指定域名IP地址|无|address /domain/[ip\|-\|-4\|-6\|#\|#4\|#6] <br>`-`表示忽略 <br>`#`表示返回SOA <br>`4`表示IPV4 <br>`6`表示IPV6| address /www.example.com/1.2.3.4 |address|指定域名IP地址|无|address /domain/[ip\|-\|-4\|-6\|#\|#4\|#6] <br>`-`表示忽略 <br>`#`表示返回SOA <br>`4`表示IPV4 <br>`6`表示IPV6| address /www.example.com/1.2.3.4
|nameserver|指定域名使用server组解析|无|nameserver /domain/[group\|-], `group`为组名,`-`表示忽略此规则配套server中的`-group`参数使用| nameserver /www.example.com/office |nameserver|指定域名使用server组解析|无|nameserver /domain/[group\|-], `group`为组名,`-`表示忽略此规则配套server中的`-group`参数使用| nameserver /www.example.com/office
|ipset|域名IPSET|None|ipset /domain/[ipset\|-], `-`表示忽略|ipset /www.example.com/pass |ipset|域名IPSET|None|ipset /domain/[ipset\|-], `-`表示忽略|ipset /www.example.com/pass
|ipset-timeout|设置IPSET超时功能启用|auto|[yes]|ipset-timeout yes |ipset-timeout|设置IPSET超时功能启用|auto|[yes]|ipset-timeout yes
|bogus-nxdomain|假冒IP地址过滤|无|[ip/subnet],可重复| bogus-nxdomain 1.2.3.4/16 |bogus-nxdomain|假冒IP地址过滤|无|[ip/subnet],可重复| bogus-nxdomain 1.2.3.4/16
|ignore-ip|忽略IP地址|无|[ip/subnet],可重复| ignore-ip 1.2.3.4/16 |ignore-ip|忽略IP地址|无|[ip/subnet],可重复| ignore-ip 1.2.3.4/16
|accept-ip|接受IP地址|无|[ip/subnet],可重复| accept-ip 1.2.3.4/16
|blacklist-ip|黑名单IP地址|无|[ip/subnet],可重复| blacklist-ip 1.2.3.4/16 |blacklist-ip|黑名单IP地址|无|[ip/subnet],可重复| blacklist-ip 1.2.3.4/16
|force-AAAA-SOA|强制AAAA地址返回SOA|no|[yes\|no]|force-AAAA-SOA yes |force-AAAA-SOA|强制AAAA地址返回SOA|no|[yes\|no]|force-AAAA-SOA yes
|prefetch-domain|域名预先获取功能|no|[yes\|no]|prefetch-domain yes |prefetch-domain|域名预先获取功能|no|[yes\|no]|prefetch-domain yes

8
ReadMe_en.md
View File

@@ -555,10 +555,10 @@ Note: Merlin firmware is derived from ASUS firmware and can theoretically be use
|audit-size|audit log size|128K|number+K,M,G|audit-size 128K |audit-size|audit log size|128K|number+K,M,G|audit-size 128K
|audit-num|archived audit log number|2|Integer|audit-num 2 |audit-num|archived audit log number|2|Integer|audit-num 2
|conf-file|additional conf file|None|File path|conf-file /etc/smartdns/smartdns.more.conf |conf-file|additional conf file|None|File path|conf-file /etc/smartdns/smartdns.more.conf
|server|Upstream UDP DNS server|None|Repeatable <br>`[ip][:port]`: Server IP, port optional. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server 8.8.8.8:53 -blacklist-ip |server|Upstream UDP DNS server|None|Repeatable <br>`[ip][:port]`: Server IP, port optional. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-accept-ip]`: accept-ip parameter specifies that only the IP range configured in accept-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server 8.8.8.8:53 -blacklist-ip
|server-tcp|Upstream TCP DNS server|None|Repeatable <br>`[ip][:port]`: Server IP, port optional. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-tcp 8.8.8.8:53 |server-tcp|Upstream TCP DNS server|None|Repeatable <br>`[ip][:port]`: Server IP, port optional. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-accept-ip]`: accept-ip parameter specifies that only the IP range configured in accept-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-tcp 8.8.8.8:53
|server-tls|Upstream TLS DNS server|None|Repeatable <br>`[ip][:port]`: Server IP, port optional. <br>`[-spki-pin [sha256-pin]]`: TLS verify SPKI value, a base64 encoded SHA256 hash<br>`[host-name]`:TLS Server name<br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-tls 8.8.8.8:853 |server-tls|Upstream TLS DNS server|None|Repeatable <br>`[ip][:port]`: Server IP, port optional. <br>`[-spki-pin [sha256-pin]]`: TLS verify SPKI value, a base64 encoded SHA256 hash<br>`[host-name]`:TLS Server name. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-accept-ip]`: accept-ip parameter specifies that only the IP range configured in accept-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-tls 8.8.8.8:853
|server-https|Upstream HTTPS DNS server|None|Repeatable <br>`https://[host][:port]/path`: Server IP, port optional. <br>`[-spki-pin [sha256-pin]]`: TLS verify SPKI value, a base64 encoded SHA256 hash<br>`[host-name]`:TLS Server name<br>`[http-host]`http header host<br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-https https://cloudflare-dns.com/dns-query |server-https|Upstream HTTPS DNS server|None|Repeatable <br>`https://[host][:port]/path`: Server IP, port optional. <br>`[-spki-pin [sha256-pin]]`: TLS verify SPKI value, a base64 encoded SHA256 hash<br>`[host-name]`:TLS Server name<br>`[http-host]`http header host. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-accept-ip]`: accept-ip parameter specifies that only the IP range configured in accept-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-https https://cloudflare-dns.com/dns-query
|address|Domain IP address|None|address /domain/[ip\|-\|-4\|-6\|#\|#4\|#6], `-` for ignore, `#` for return SOA, `4` for IPV4, `6` for IPV6| address /www.example.com/1.2.3.4 |address|Domain IP address|None|address /domain/[ip\|-\|-4\|-6\|#\|#4\|#6], `-` for ignore, `#` for return SOA, `4` for IPV4, `6` for IPV6| address /www.example.com/1.2.3.4
|nameserver|To query domain with specific server group|None|nameserver /domain/[group\|-], `group` is the group name, `-` means ignore this rule, use the `-group` parameter in the related server|nameserver /www.example.com/office |nameserver|To query domain with specific server group|None|nameserver /domain/[group\|-], `group` is the group name, `-` means ignore this rule, use the `-group` parameter in the related server|nameserver /www.example.com/office
|ipset|Domain IPSet|None|ipset /domain/[ipset\|-], `-` for ignore|ipset /www.example.com/pass |ipset|Domain IPSet|None|ipset /domain/[ipset\|-], `-` for ignore|ipset /www.example.com/pass

15
etc/smartdns/smartdns.conf
View File

@@ -39,6 +39,9 @@ cache-size 512
# List of IPs that will be ignored # List of IPs that will be ignored
# ignore-ip [ip/subnet] # ignore-ip [ip/subnet]
# List of IPs that will be accepted
# accept-ip [ip/subnet]
# force AAAA query return SOA # force AAAA query return SOA
# force-AAAA-SOA [yes|no] # force-AAAA-SOA [yes|no]
@@ -80,30 +83,31 @@ log-level info
# audit-num 2 # audit-num 2
# remote udp dns server list # remote udp dns server list
# server [IP]:[PORT] [-blacklist-ip] [-check-edns] [-group [group] ...] [-exclude-default-group] # server [IP]:[PORT] [-blacklist-ip] [-accept-ip] [-check-edns] [-group [group] ...] [-exclude-default-group]
# default port is 53 # default port is 53
# -blacklist-ip: filter result with blacklist ip # -blacklist-ip: filter result with blacklist ip
# -accept-ip: accept ip result with accept-ip list
# -check-edns: result must exist edns RR, or discard result. # -check-edns: result must exist edns RR, or discard result.
# -group [group]: set server to group, use with nameserver /domain/group. # -group [group]: set server to group, use with nameserver /domain/group.
# -exclude-default-group: exclude this server from default group. # -exclude-default-group: exclude this server from default group.
# server 8.8.8.8 -blacklist-ip -check-edns -group g1 -group g2 # server 8.8.8.8 -blacklist-ip -check-edns -group g1 -group g2
# remote tcp dns server list # remote tcp dns server list
# server-tcp [IP]:[PORT] [-blacklist-ip] [-group [group] ...] [-exclude-default-group] # server-tcp [IP]:[PORT] [-blacklist-ip] [-accept-ip] [-group [group] ...] [-exclude-default-group]
# default port is 53 # default port is 53
# server-tcp 8.8.8.8 # server-tcp 8.8.8.8
# remote tls dns server list # remote tls dns server list
# server-tls [IP]:[PORT] [-blacklist-ip] [-spki-pin [sha256-pin]] [-group [group] ...] [-exclude-default-group] # server-tls [IP]:[PORT] [-blacklist-ip] [-accept-ip] [-spki-pin [sha256-pin]] [-group [group] ...] [-exclude-default-group]
# -spki-pin: TLS spki pin to verify. # -spki-pin: TLS spki pin to verify.
# Get SKPI with this command: # Get SPKI with this command:
# echo | openssl s_client -connect '[ip]:853' | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64 # echo | openssl s_client -connect '[ip]:853' | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
# default port is 853 # default port is 853
# server-tls 8.8.8.8 # server-tls 8.8.8.8
# server-tls 1.0.0.1 # server-tls 1.0.0.1
# remote https dns server list # remote https dns server list
# server-https https://[host]:[port]/path [-blacklist-ip] [-spki-pin [sha256-pin]] [-group [group] ...] [-exclude-default-group] # server-https https://[host]:[port]/path [-blacklist-ip] [-accept-ip] [-spki-pin [sha256-pin]] [-group [group] ...] [-exclude-default-group]
# -spki-pin: TLS spki pin to verify. # -spki-pin: TLS spki pin to verify.
# default port is 443 # default port is 443
# server-https https://cloudflare-dns.com/dns-query # server-https https://cloudflare-dns.com/dns-query
@@ -126,4 +130,3 @@ log-level info
# ipset /domain/[ipset|-] # ipset /domain/[ipset|-]
# ipset /www.example.com/block, set ipset with ipset name of block # ipset /www.example.com/block, set ipset with ipset name of block
# ipset /www.example.com/-, ignore this domain # ipset /www.example.com/-, ignore this domain

1
src/dns_client.h
View File

@@ -22,6 +22,7 @@ typedef enum dns_result_type {
#define DNSSERVER_FLAG_BLACKLIST_IP (0x1 << 0) #define DNSSERVER_FLAG_BLACKLIST_IP (0x1 << 0)
#define DNSSERVER_FLAG_CHECK_EDNS (0x1 << 1) #define DNSSERVER_FLAG_CHECK_EDNS (0x1 << 1)
#define DNSSERVER_FLAG_CHECK_TTL (0x1 << 2) #define DNSSERVER_FLAG_CHECK_TTL (0x1 << 2)
#define DNSSERVER_FLAG_ACCEPT_IP (0x1 << 3)
int dns_client_init(void); int dns_client_init(void);

26
src/dns_conf.c
View File

@@ -9,7 +9,7 @@
#include <string.h> #include <string.h>
#include <syslog.h> #include <syslog.h>
#include <unistd.h> #include <unistd.h>
#include <libgen.h> #include <libgen.h>
#define DEFAULT_DNS_CACHE_SIZE 512 #define DEFAULT_DNS_CACHE_SIZE 512
@@ -168,10 +168,10 @@ static int _config_server(int argc, char *argv[], dns_server_type_t type, int de
/* clang-format off */ /* clang-format off */
static struct option long_options[] = { static struct option long_options[] = {
{"blacklist-ip", no_argument, NULL, 'b'}, /* filtering with blacklist-ip */ {"blacklist-ip", no_argument, NULL, 'b'}, /* filtering with blacklist-ip */
#ifdef FEATURE_CHECK_EDNS #ifdef FEATURE_CHECK_EDNS
/* experimental feature */ /* experimental feature */
{"check-edns", no_argument, NULL, 'e'}, /* check edns */ {"check-edns", no_argument, NULL, 'e'}, /* check edns */
#endif #endif
{"spki-pin", required_argument, NULL, 'p'}, /* check SPKI pin */ {"spki-pin", required_argument, NULL, 'p'}, /* check SPKI pin */
{"host-name", required_argument, NULL, 'h'}, /* host name */ {"host-name", required_argument, NULL, 'h'}, /* host name */
{"http-host", required_argument, NULL, 'H'}, /* http host */ {"http-host", required_argument, NULL, 'H'}, /* http host */
@@ -236,6 +236,10 @@ static int _config_server(int argc, char *argv[], dns_server_type_t type, int de
result_flag |= DNSSERVER_FLAG_CHECK_EDNS; result_flag |= DNSSERVER_FLAG_CHECK_EDNS;
break; break;
} }
case 'a': {
result_flag |= DNSSERVER_FLAG_ACCEPT_IP;
break;
}
case 'h': { case 'h': {
strncpy(server->hostname, optarg, DNS_MAX_CNAME_LEN); strncpy(server->hostname, optarg, DNS_MAX_CNAME_LEN);
break; break;
@@ -886,6 +890,12 @@ static int _config_iplist_rule(char *subnet, enum address_rule rule)
break; break;
case ADDRESS_RULE_IP_IGNORE: case ADDRESS_RULE_IP_IGNORE:
ip_rule->ip_ignore = 1; ip_rule->ip_ignore = 1;
break;
case ADDRESS_RULE_IP_ACCEPT:
ip_rule->ip_accept = 1;
break;
default:
return -1;
} }
return 0; return 0;
@@ -918,6 +928,15 @@ static int _conf_ip_ignore(void *data, int argc, char *argv[])
return _config_iplist_rule(argv[1], ADDRESS_RULE_IP_IGNORE); return _config_iplist_rule(argv[1], ADDRESS_RULE_IP_IGNORE);
} }
static int _conf_ip_accept(void *data, int argc, char *argv[])
{
if (argc <= 1) {
return -1;
}
return _config_iplist_rule(argv[1], ADDRESS_RULE_IP_ACCEPT);
}
static int _conf_edns_client_subnet(void *data, int argc, char *argv[]) static int _conf_edns_client_subnet(void *data, int argc, char *argv[])
{ {
char *slash = NULL; char *slash = NULL;
@@ -1024,6 +1043,7 @@ static struct config_item _config_item[] = {
CONF_CUSTOM("blacklist-ip", _config_blacklist_ip, NULL), CONF_CUSTOM("blacklist-ip", _config_blacklist_ip, NULL),
CONF_CUSTOM("bogus-nxdomain", _conf_bogus_nxdomain, NULL), CONF_CUSTOM("bogus-nxdomain", _conf_bogus_nxdomain, NULL),
CONF_CUSTOM("ignore-ip", _conf_ip_ignore, NULL), CONF_CUSTOM("ignore-ip", _conf_ip_ignore, NULL),
CONF_CUSTOM("accept-ip", _conf_ip_accept, NULL),
CONF_CUSTOM("edns-client-subnet", _conf_edns_client_subnet, NULL), CONF_CUSTOM("edns-client-subnet", _conf_edns_client_subnet, NULL),
CONF_CUSTOM("conf-file", config_addtional_file, NULL), CONF_CUSTOM("conf-file", config_addtional_file, NULL),
CONF_END(), CONF_END(),

2
src/dns_conf.h
View File

@@ -116,12 +116,14 @@ enum address_rule {
ADDRESS_RULE_BLACKLIST = 1, ADDRESS_RULE_BLACKLIST = 1,
ADDRESS_RULE_BOGUS = 2, ADDRESS_RULE_BOGUS = 2,
ADDRESS_RULE_IP_IGNORE = 3, ADDRESS_RULE_IP_IGNORE = 3,
ADDRESS_RULE_IP_ACCEPT = 4,
}; };
struct dns_ip_address_rule { struct dns_ip_address_rule {
unsigned int blacklist : 1; unsigned int blacklist : 1;
unsigned int bogus : 1; unsigned int bogus : 1;
unsigned int ip_ignore : 1; unsigned int ip_ignore : 1;
unsigned int ip_accept : 1;
}; };
struct dns_edns_client_subnet { struct dns_edns_client_subnet {

14
src/dns_server.c
View File

@@ -962,11 +962,11 @@ static int _dns_server_ip_rule_check(struct dns_request *request, unsigned char
} }
if (node == NULL) { if (node == NULL) {
return -1; goto rule_not_found;
} }
if (node->data == NULL) { if (node->data == NULL) {
return -1; goto rule_not_found;
} }
/* bogux-nxdomain */ /* bogux-nxdomain */
@@ -986,7 +986,17 @@ static int _dns_server_ip_rule_check(struct dns_request *request, unsigned char
if (rule->ip_ignore) { if (rule->ip_ignore) {
goto skip; goto skip;
} }
rule_not_found:
if (result_flag & DNSSERVER_FLAG_ACCEPT_IP) {
if (rule == NULL) {
goto skip;
}
if (!rule->ip_accept) {
goto skip;
}
}
return -1; return -1;
skip: skip:
return -2; return -2;