1 diff --git a/NEWS b/NEWS
2 index 8d8bdd9..4d8c01d 100644
6 This file describes user-visible changes in rbldnsd.
7 Newer news is at the top.
11 + - fix tests for systems without ipv6 support, or when ipv6 is
12 + disabled in rbldnsd at compile-time
14 + - fix tests for API change in pydns >= 2.3.6
16 + - It is no longer an error to request binding to a particular
17 + address/port more than once. (The subsequent requests are simply
18 + ignored.) (This avoids confusion on certain systems/configurations
19 + where gethostbyname("localhost") can return 127.0.0.1 multiple
24 - minor fixes/changes in packaging, no code changes.
25 diff --git a/rbldnsd.c b/rbldnsd.c
26 index abf1d01..8322bdd 100644
29 @@ -203,10 +203,79 @@ static volatile int signalled;
30 #define SIGNALLED_ZSTATS 0x10
31 #define SIGNALLED_TERM 0x20
33 +static inline int sockaddr_in_equal(const struct sockaddr_in *addr1,
34 + const struct sockaddr_in *addr2)
36 + return (addr1->sin_port == addr2->sin_port
37 + && addr1->sin_addr.s_addr == addr2->sin_addr.s_addr);
41 +static inline int sockaddr_in6_equal(const struct sockaddr_in6 *addr1,
42 + const struct sockaddr_in6 *addr2)
44 + if (memcmp(addr1->sin6_addr.s6_addr, addr2->sin6_addr.s6_addr, 16) != 0)
46 + return (addr1->sin6_port == addr2->sin6_port
47 + && addr1->sin6_flowinfo == addr2->sin6_flowinfo
48 + && addr1->sin6_scope_id == addr2->sin6_scope_id);
52 +static inline int sockaddr_equal(const struct sockaddr *addr1,
53 + const struct sockaddr *addr2)
55 + if (addr1->sa_family != addr2->sa_family)
57 + switch (addr1->sa_family) {
59 + return sockaddr_in_equal((const struct sockaddr_in *)addr1,
60 + (const struct sockaddr_in *)addr2);
62 + return sockaddr_in6_equal((const struct sockaddr_in6 *)addr1,
63 + (const struct sockaddr_in6 *)addr2);
66 + error(0, "unknown address family (%d)", addr1->sa_family);
70 +/* already_bound(addr, addrlen)
72 + * Determine whether we've already bound to a particular address.
73 + * This is here mostly to deal with the fact that on certain systems,
74 + * gethostbyname()/getaddrinfo() can return a duplicate 127.0.0.1
75 + * for 'localhost'. See
76 + * - http://sourceware.org/bugzilla/show_bug.cgi?id=4980
77 + * - https://bugzilla.redhat.com/show_bug.cgi?id=496300
79 +static int already_bound(const struct sockaddr *addr, socklen_t addrlen) {
81 + struct sockaddr_in addr_buf;
83 + struct sockaddr_in6 addr_buf;
85 + struct sockaddr *boundaddr = (struct sockaddr *)&addr_buf;
89 + for (i = 0; i < numsock; i++) {
90 + buflen = sizeof(addr_buf);
91 + if (getsockname(sock[i], boundaddr, &buflen) < 0)
92 + error(errno, "getsockname failed");
93 + if (buflen == addrlen && sockaddr_equal(boundaddr, addr))
100 static void newsocket(struct sockaddr_in *sin) {
102 const char *host = ip4atos(ntohl(sin->sin_addr.s_addr));
104 + if (already_bound((struct sockaddr *)sin, sizeof(*sin)))
106 if (numsock >= MAXSOCK)
107 error(0, "too many listening sockets (%d max)", MAXSOCK);
108 fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
109 @@ -223,6 +292,8 @@ static int newsocket(struct addrinfo *ai) {
111 char host[NI_MAXHOST], serv[NI_MAXSERV];
113 + if (already_bound(ai->ai_addr, ai->ai_addrlen))
115 if (numsock >= MAXSOCK)
116 error(0, "too many listening sockets (%d max)", MAXSOCK);
117 fd = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
118 diff --git a/rbldnsd.py b/rbldnsd.py
119 index 9300ef2..4b78dee 100644
127 from itertools import count
129 from tempfile import NamedTemporaryFile, TemporaryFile
130 @@ -12,6 +13,14 @@ try:
133 raise RuntimeError("The pydns library is not installed")
135 + from DNS import SocketError as DNS_SocketError
137 + class DNS_SocketError(Exception):
138 + """ Dummy, never raised.
140 + (Older versions of pydns before 2.3.6 do not raise SocketError.)
143 DUMMY_ZONE_HEADER = """
144 $SOA 0 example.org. hostmaster.example.com. 0 1h 1h 2d 1h
145 @@ -113,7 +122,6 @@ class Rbldnsd(object):
148 # wait for rbldnsd to start responding
150 for retry in count():
151 if daemon.poll() is not None:
153 @@ -124,12 +132,18 @@ class Rbldnsd(object):
157 + except DNS_SocketError as ex:
159 + wrapped_error = ex.args[0]
160 + if wrapped_error.errno != errno.ECONNREFUSED:
162 except DNS.DNSError as ex:
164 if str(ex) != 'no working nameservers found':
168 - "rbldnsd does not seem to be responding")
170 + raise DaemonError("rbldnsd does not seem to be responding")
173 def _stop_daemon(self):
174 daemon = self._daemon
175 @@ -150,6 +164,22 @@ class Rbldnsd(object):
176 raise DaemonError("rbldnsd exited with code %d"
181 + """ Was rbldnsd compiled with -DNO_IPv6?
183 + # If rbldnsd was compiled with -DNO_IPv6, the (therefore
184 + # unsupported) '-6' command-line switch will not be described
185 + # in the help message
186 + cmd = [self.daemon_bin, '-h']
187 + proc = subprocess.Popen(cmd, stdout=subprocess.PIPE)
188 + help_message = proc.stdout.readlines()
189 + if proc.wait() != 0:
190 + raise subprocess.CalledProcessError(proc.returncode, cmd)
191 + return not any(line.lstrip().startswith('-6 ')
192 + for line in help_message)
195 class TestRbldnsd(unittest.TestCase):
198 diff --git a/test_acl.py b/test_acl.py
199 index d93ca0a..10bed1c 100644
203 """ Tests for the acl dataset
205 +from functools import wraps
208 from tempfile import NamedTemporaryFile
211 @@ -9,6 +12,35 @@ __all__ = [
216 + from unittest import skipIf
218 + # hokey replacement (for python <= 2.6)
219 + def skipIf(condition, reason):
223 + def skipped(*args, **kw):
224 + sys.stderr.write("skipped test: %s " % reason)
231 + # Check for IPv6 support
232 + if not getattr(socket, 'has_ipv6', False):
233 + return False # no python support for ipv6
234 + elif Rbldnsd().no_ipv6:
235 + return False # rbldnsd compiled with -DNO_IPv6
237 + socket.socket(socket.AF_INET6, socket.SOCK_DGRAM).close()
238 + except socket.error:
239 + return False # no kernel (or libc) support for ipv6?
242 +no_ipv6 = not _have_ipv6()
244 def daemon(acl, addr='localhost'):
245 """ Create an Rbldnsd instance with given ACL
247 @@ -33,11 +65,13 @@ class TestAclDataset(unittest.TestCase):
248 addr='127.0.0.1') as dnsd:
249 self.assertEqual(dnsd.query('test.example.com'), 'Success')
251 + @skipIf(no_ipv6, "IPv6 unsupported")
252 def test_refuse_ipv6(self):
253 with daemon(acl=["::1 :refuse"],
255 self.assertRaises(QueryRefused, dnsd.query, 'test.example.com')
257 + @skipIf(no_ipv6, "IPv6 unsupported")
258 def test_pass_ipv6(self):
259 with daemon(acl=[ "0/0 :refuse",
261 diff --git a/test_ip4trie.py b/test_ip4trie.py
262 index fe9e78f..2cce09b 100644
263 --- a/test_ip4trie.py
264 +++ b/test_ip4trie.py
265 @@ -9,7 +9,7 @@ __all__ = [
268 def ip4trie(zone_data):
269 - """ Run rbldnsd with an ip6trie dataset
270 + """ Run rbldnsd with an ip4trie dataset
273 dnsd.add_dataset('ip4trie', ZoneFile(zone_data))
274 diff --git a/test_ip6trie.py b/test_ip6trie.py
275 index d3600db..377c5dd 100644
276 --- a/test_ip6trie.py
277 +++ b/test_ip6trie.py
278 @@ -15,15 +15,6 @@ def ip6trie(zone_data):
279 dnsd.add_dataset('ip6trie', ZoneFile(zone_data))
282 -def rfc3152(ip6addr, domain='example.com'):
283 - from socket import inet_pton, AF_INET6
284 - from struct import unpack
286 - bytes = unpack("16B", inet_pton(AF_INET6, ip6addr))
287 - nibbles = '.'.join("%x.%x" % (byte & 0xf, (byte >> 4) & 0xf)
288 - for byte in reversed(bytes))
289 - return "%s.%s" % (nibbles, domain)
291 class TestIp6TrieDataset(unittest.TestCase):
292 def test_exclusion(self):
293 with ip6trie(["dead::/16 listed",
294 @@ -31,5 +22,35 @@ class TestIp6TrieDataset(unittest.TestCase):
295 self.assertEqual(dnsd.query(rfc3152("dead::beef")), None)
296 self.assertEqual(dnsd.query(rfc3152("dead::beee")), "listed")
299 +def rfc3152(ip6addr, domain='example.com'):
300 + return "%s.%s" % ('.'.join(reversed(_to_nibbles(ip6addr))), domain)
302 +def _to_nibbles(ip6addr):
303 + """ Convert ip6 address (in rfc4291 notation) to a sequence of nibbles
305 + NB: We avoid the use of socket.inet_pton(AF_INET6, ip6addr) here
306 + because it fails (with 'error: can't use AF_INET6, IPv6 is
307 + disabled') when python has been compiled without IPv6 support. See
308 + http://www.corpit.ru/pipermail/rbldnsd/2013q3/001181.html
311 + def _split_words(addr):
312 + return [ int(w, 16) for w in addr.split(':') ] if addr else []
314 + if '::' in ip6addr:
315 + head, tail = [ _split_words(s) for s in ip6addr.split('::', 1) ]
316 + nzeros = 8 - len(head) - len(tail)
318 + words = head + [ 0 ] * nzeros + tail
320 + words = _split_words(ip6addr)
322 + assert len(words) == 8
324 + assert 0 <= word <= 0xffff
326 + return ''.join("%04x" % word for word in words)
328 if __name__ == '__main__':