diff options
Diffstat (limited to 'network/NetworkManager/patches/dns-direct-IPv4-reverse-DNS-queries-to-split-DNS-ser.patch')
| -rw-r--r-- | network/NetworkManager/patches/dns-direct-IPv4-reverse-DNS-queries-to-split-DNS-ser.patch | 236 |
1 files changed, 236 insertions, 0 deletions
diff --git a/network/NetworkManager/patches/dns-direct-IPv4-reverse-DNS-queries-to-split-DNS-ser.patch b/network/NetworkManager/patches/dns-direct-IPv4-reverse-DNS-queries-to-split-DNS-ser.patch new file mode 100644 index 0000000000..fa84e83ddb --- /dev/null +++ b/network/NetworkManager/patches/dns-direct-IPv4-reverse-DNS-queries-to-split-DNS-ser.patch @@ -0,0 +1,236 @@ +From 93249f1901cc3f1f08d5f8f66f7cd6f7bd918946 Mon Sep 17 00:00:00 2001 +From: Dan Williams <dcbw@redhat.com> +Date: Thu, 16 Dec 2010 17:47:59 -0600 +Subject: [PATCH] dns: direct IPv4 reverse DNS queries to split DNS servers + +When split DNS is used for a local caching nameserver, make sure +that reverse DNS queries for hosts within the VPN tunnel are directed +to the VPN's nameservers, not to the public upstream nameservers. +--- + src/dns-manager/Makefile.am | 4 +- + src/dns-manager/nm-dns-dnsmasq.c | 22 +++++++-- + src/dns-manager/nm-dns-utils.c | 99 ++++++++++++++++++++++++++++++++++++++ + src/dns-manager/nm-dns-utils.h | 28 +++++++++++ + 4 files changed, 148 insertions(+), 5 deletions(-) + create mode 100644 src/dns-manager/nm-dns-utils.c + create mode 100644 src/dns-manager/nm-dns-utils.h + +diff --git a/src/dns-manager/Makefile.am b/src/dns-manager/Makefile.am +index 1ffe62d..7b5fc4f 100644 +--- a/src/dns-manager/Makefile.am ++++ b/src/dns-manager/Makefile.am +@@ -14,7 +14,9 @@ libdns_manager_la_SOURCES = \ + nm-dns-dnsmasq.h \ + nm-dns-dnsmasq.c \ + nm-dns-bind.h \ +- nm-dns-bind.c ++ nm-dns-bind.c \ ++ nm-dns-utils.h \ ++ nm-dns-utils.c + + libdns_manager_la_CPPFLAGS = \ + $(DBUS_CFLAGS) \ +diff --git a/src/dns-manager/nm-dns-dnsmasq.c b/src/dns-manager/nm-dns-dnsmasq.c +index 41c8e2a..9cc0197 100644 +--- a/src/dns-manager/nm-dns-dnsmasq.c ++++ b/src/dns-manager/nm-dns-dnsmasq.c +@@ -33,6 +33,7 @@ + #include "nm-logging.h" + #include "nm-ip4-config.h" + #include "nm-ip6-config.h" ++#include "nm-dns-utils.h" + + G_DEFINE_TYPE (NMDnsDnsmasq, nm_dns_dnsmasq, NM_TYPE_DNS_PLUGIN) + +@@ -75,9 +76,11 @@ add_ip4_config (GString *str, NMIP4Config *ip4, gboolean split) + gboolean added = FALSE; + + if (split) { ++ char **domains, **iter; ++ + /* FIXME: it appears that dnsmasq can only handle one nameserver +- * per domain (at the manpage seems to indicate that) so only use +- * the first nameserver here. ++ * per domain (and the manpage says this too) so only use the first ++ * nameserver here. + */ + addr.s_addr = nm_ip4_config_get_nameserver (ip4, 0); + memset (&buf[0], 0, sizeof (buf)); +@@ -103,6 +106,17 @@ add_ip4_config (GString *str, NMIP4Config *ip4, gboolean split) + added = TRUE; + } + } ++ ++ /* Ensure reverse-DNS works by directing queries for in-addr.arpa ++ * domains to the split domain's nameserver. ++ */ ++ domains = nm_dns_utils_get_ip4_rdns_domains (ip4); ++ if (domains) { ++ for (iter = domains; iter && *iter; iter++) ++ g_string_append_printf (str, "server=/%s/%s\n", *iter, buf); ++ g_strfreev (domains); ++ added = TRUE; ++ } + } + + /* If no searches or domains, just add the namservers */ +@@ -216,7 +230,7 @@ update (NMDnsPlugin *plugin, + } + + /* Now add interface configs without split DNS */ +- for (iter = (GSList *) dev_configs; iter;iter = g_slist_next (iter)) { ++ for (iter = (GSList *) dev_configs; iter; iter = g_slist_next (iter)) { + if (NM_IS_IP4_CONFIG (iter->data)) + add_ip4_config (conf, NM_IP4_CONFIG (iter->data), FALSE); + else if (NM_IS_IP6_CONFIG (iter->data)) +@@ -224,7 +238,7 @@ update (NMDnsPlugin *plugin, + } + + /* And any other random configs */ +- for (iter = (GSList *) other_configs; iter;iter = g_slist_next (iter)) { ++ for (iter = (GSList *) other_configs; iter; iter = g_slist_next (iter)) { + if (NM_IS_IP4_CONFIG (iter->data)) + add_ip4_config (conf, NM_IP4_CONFIG (iter->data), FALSE); + else if (NM_IS_IP6_CONFIG (iter->data)) +diff --git a/src/dns-manager/nm-dns-utils.c b/src/dns-manager/nm-dns-utils.c +new file mode 100644 +index 0000000..615adfd +--- /dev/null ++++ b/src/dns-manager/nm-dns-utils.c +@@ -0,0 +1,99 @@ ++/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */ ++/* This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2, or (at your option) ++ * any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License along ++ * with this program; if not, write to the Free Software Foundation, Inc., ++ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Copyright (C) 2010 Red Hat, Inc. ++ * ++ */ ++ ++#include <arpa/inet.h> ++#include <string.h> ++ ++#include "nm-dns-utils.h" ++#include "nm-utils.h" ++ ++static void ++add_ip4_to_rdns_array (guint32 ip, GPtrArray *domains) /* network byte order */ ++{ ++ guint32 defprefix; ++ guchar *p; ++ char *str = NULL; ++ int i; ++ ++ defprefix = nm_utils_ip4_get_default_prefix (ip); ++ ++ /* Convert to host byte order, mask the host bits, and convert back */ ++ ip = ntohl (ip); ++ ip &= 0xFFFFFFFF << (32 - defprefix); ++ ip = htonl (ip); ++ p = (guchar *) &ip; ++ ++ if (defprefix == 8) ++ str = g_strdup_printf ("%u.in-addr.arpa", p[0] & 0xFF); ++ else if (defprefix == 16) ++ str = g_strdup_printf ("%u.%u.in-addr.arpa", p[1] & 0xFF, p[0] & 0xFF); ++ else if (defprefix == 24) ++ str = g_strdup_printf ("%u.%u.%u.in-addr.arpa", p[2] & 0xFF, p[1] & 0xFF, p[0] & 0xFF); ++ ++ g_return_if_fail (str != NULL); ++ ++ /* Suppress duplicates */ ++ for (i = 0; i < domains->len; i++) { ++ if (strcmp (str, g_ptr_array_index (domains, i)) == 0) ++ break; ++ } ++ ++ if (i == domains->len) ++ g_ptr_array_add (domains, str); ++ else ++ g_free (str); ++} ++ ++char ** ++nm_dns_utils_get_ip4_rdns_domains (NMIP4Config *ip4) ++{ ++ GPtrArray *domains = NULL; ++ int i; ++ ++ g_return_val_if_fail (ip4 != NULL, NULL); ++ ++ domains = g_ptr_array_sized_new (5); ++ ++ /* To calculate the reverse DNS domains for this IP4 config, we take ++ * all the IP addresses and routes in the config, calculate the network ++ * portion, and convert that to classful, and use the network bits for ++ * the final domain. FIXME: better handle classless routing, which might ++ * require us to add multiple domains for each actual network prefix to ++ * cover all the separate networks in that block. ++ */ ++ ++ for (i = 0; i < nm_ip4_config_get_num_addresses (ip4); i++) { ++ NMIP4Address *addr = nm_ip4_config_get_address (ip4, i); ++ ++ add_ip4_to_rdns_array (nm_ip4_address_get_address (addr), domains); ++ } ++ ++ for (i = 0; i < nm_ip4_config_get_num_routes (ip4); i++) { ++ NMIP4Route *route = nm_ip4_config_get_route (ip4, i); ++ ++ add_ip4_to_rdns_array (nm_ip4_route_get_dest (route), domains); ++ } ++ ++ /* Terminating NULL so we can use g_strfreev() to free it */ ++ g_ptr_array_add (domains, NULL); ++ ++ /* Free the array and return NULL if the only element was the ending NULL */ ++ return (char **) g_ptr_array_free (domains, (domains->len == 1)); ++} ++ +diff --git a/src/dns-manager/nm-dns-utils.h b/src/dns-manager/nm-dns-utils.h +new file mode 100644 +index 0000000..daa6711 +--- /dev/null ++++ b/src/dns-manager/nm-dns-utils.h +@@ -0,0 +1,28 @@ ++/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */ ++/* This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2, or (at your option) ++ * any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License along ++ * with this program; if not, write to the Free Software Foundation, Inc., ++ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Copyright (C) 2010 Red Hat, Inc. ++ * ++ */ ++ ++#ifndef NM_DNS_UTILS_H ++#define NM_DNS_UTILS_H ++ ++#include "nm-ip4-config.h" ++ ++char **nm_dns_utils_get_ip4_rdns_domains (NMIP4Config *ip4); ++ ++#endif /* NM_DNS_UTILS_H */ ++ +-- +1.7.3.4 + |