if (insp_aton(Config->DNSServer,&addr) > 0)
{
memcpy(&myserver,&addr,sizeof(insp_inaddr));
+ if ((strstr(Config->DNSServer,"::ffff:") == (char*)&Config->DNSServer) || (strstr(Config->DNSServer,"::FFFF:") == (char*)&Config->DNSServer))
+ {
+ /* These dont come back looking like they did when they went in.
+ * We're forced to turn some checks off.
+ * If anyone knows how to fix this, let me know. --Brain
+ */
+ log(DEFAULT,"WARNING: Using IPv4 addresses over IPv6 forces some DNS checks to be disabled.");
+ log(DEFAULT," This should not cause a problem, however it is recommended you migrate");
+ log(DEFAULT," to a true IPv6 environment.");
+ this->ip6munge = true;
+ }
log(DEBUG,"Added nameserver '%s'",Config->DNSServer);
}
else
DNSHeader h;
int id;
int length;
-
+#ifdef SUPPORT_IP6LINKS
if (fp == PROTOCOL_IPV6)
{
in6_addr i;
return -1;
}
else
+#endif
{
in_addr i;
if (inet_aton(ip, &i))
void DNS::MakeIP6Int(char* query, const in6_addr *ip)
{
+#ifdef SUPPORT_IP6LINKS
const char* hex = "0123456789abcdef";
for (int index = 31; index >= 0; index--) /* for() loop steps twice per byte */
{
*query++ = '.'; /* Seperator */
}
strcpy(query,"ip6.arpa"); /* Suffix the string */
+#else
+ *query = 0;
+#endif
}
/* Return the next id which is ready, and the result attached to it */
port_from = ntohs(((sockaddr_in*)&from)->sin_port);
#endif
- if ((port_from != DNS::QUERY_PORT) || (strcasecmp(ipaddr_from, Config->DNSServer)))
+ /* We cant perform this security check if you're using 4in6.
+ * Tough luck to you, choose one or't other!
+ */
+ if (!ip6munge)
{
- log(DEBUG,"port %d is not 53, or %s is not %s",port_from, ipaddr_from, Config->DNSServer);
- return std::make_pair(-1,"");
+ if ((port_from != DNS::QUERY_PORT) || (strcasecmp(ipaddr_from, Config->DNSServer)))
+ {
+ log(DEBUG,"port %d is not 53, or %s is not %s",port_from, ipaddr_from, Config->DNSServer);
+ return std::make_pair(-1,"");
+ }
}
/* Put the read header info into a header class */
memmove(formatted,formatted + 1, strlen(formatted + 1) + 1);
}
resultstr = formatted;
+
+ /* Special case. Sending ::1 around between servers
+ * and to clients is dangerous, because the : on the
+ * start makes the client or server interpret the IP
+ * as the last parameter on the line with a value ":1".
+ */
+ if (*formatted == ':')
+ resultstr = "0" + resultstr;
}
break;