aboutsummaryrefslogtreecommitdiff
path: root/external/unbound/iterator/iter_utils.c
diff options
context:
space:
mode:
Diffstat (limited to 'external/unbound/iterator/iter_utils.c')
-rw-r--r--external/unbound/iterator/iter_utils.c45
1 files changed, 45 insertions, 0 deletions
diff --git a/external/unbound/iterator/iter_utils.c b/external/unbound/iterator/iter_utils.c
index 5ec5752bf..bc94ef682 100644
--- a/external/unbound/iterator/iter_utils.c
+++ b/external/unbound/iterator/iter_utils.c
@@ -65,6 +65,7 @@
#include "validator/val_utils.h"
#include "validator/val_sigcrypt.h"
#include "sldns/sbuffer.h"
+#include "sldns/str2wire.h"
/** time when nameserver glue is said to be 'recent' */
#define SUSPICION_RECENT_EXPIRY 86400
@@ -105,6 +106,40 @@ read_fetch_policy(struct iter_env* ie, const char* str)
return 1;
}
+/** apply config caps whitelist items to name tree */
+static int
+caps_white_apply_cfg(rbtree_t* ntree, struct config_file* cfg)
+{
+ struct config_strlist* p;
+ for(p=cfg->caps_whitelist; p; p=p->next) {
+ struct name_tree_node* n;
+ size_t len;
+ uint8_t* nm = sldns_str2wire_dname(p->str, &len);
+ if(!nm) {
+ log_err("could not parse %s", p->str);
+ return 0;
+ }
+ n = (struct name_tree_node*)calloc(1, sizeof(*n));
+ if(!n) {
+ log_err("out of memory");
+ free(nm);
+ return 0;
+ }
+ n->node.key = n;
+ n->name = nm;
+ n->len = len;
+ n->labs = dname_count_labels(nm);
+ n->dclass = LDNS_RR_CLASS_IN;
+ if(!name_tree_insert(ntree, n, nm, len, n->labs, n->dclass)) {
+ /* duplicate element ignored, idempotent */
+ free(n->name);
+ free(n);
+ }
+ }
+ name_tree_init_parents(ntree);
+ return 1;
+}
+
int
iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg)
{
@@ -128,6 +163,16 @@ iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg)
log_err("Could not set private addresses");
return 0;
}
+ if(cfg->caps_whitelist) {
+ if(!iter_env->caps_white)
+ iter_env->caps_white = rbtree_create(name_tree_compare);
+ if(!iter_env->caps_white || !caps_white_apply_cfg(
+ iter_env->caps_white, cfg)) {
+ log_err("Could not set capsforid whitelist");
+ return 0;
+ }
+
+ }
iter_env->supports_ipv6 = cfg->do_ip6;
iter_env->supports_ipv4 = cfg->do_ip4;
return 1;