void/ZeroTierOne
2
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-06-05 03:53:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

DNS is now toggleable via zerotier-cli set <nwid> allowDNS=[0|1]

Browse source 
Flag is disabled by default as it should be opt-in on each endpoint
This commit is contained in:
Grant Limberg 2020-09-10 15:59:18 -07:00
parent 3db263284b
commit bbb307aff7
No known key found for this signature in database
GPG key ID: 2BA62CCABBB4095A
4 changed files with 35 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
one.cpp
View file

@ -734,7 +734,7 @@ static int cli(int argc,char **argv)
} }
std::size_t eqidx = arg2.find('='); std::size_t eqidx = arg2.find('=');
if (eqidx != std::string::npos) { if (eqidx != std::string::npos) {
if ((arg2.substr(0,eqidx) == "allowManaged")||(arg2.substr(0,eqidx) == "allowGlobal")||(arg2.substr(0,eqidx) == "allowDefault")) { if ((arg2.substr(0,eqidx) == "allowManaged")||(arg2.substr(0,eqidx) == "allowGlobal")||(arg2.substr(0,eqidx) == "allowDefault")||(arg2.substr(0,eqidx) == "allowDNS")) {
char jsons[1024]; char jsons[1024];
OSUtils::ztsnprintf(jsons,sizeof(jsons),"{\"%s\":%s}", OSUtils::ztsnprintf(jsons,sizeof(jsons),"{\"%s\":%s}",
arg2.substr(0,eqidx).c_str(), arg2.substr(0,eqidx).c_str(),

35
service/OneService.cpp
View file

@ -72,6 +72,12 @@
#include <ifaddrs.h> #include <ifaddrs.h>
#endif #endif
#ifdef __APPLE__
#include "../osdep/MacDNSHelper.hpp"
#elif defined(__WINDOWS__)
#include "../osdep/WinDNSHelper.hpp"
#endif
#ifdef ZT_USE_SYSTEM_HTTP_PARSER #ifdef ZT_USE_SYSTEM_HTTP_PARSER
#include <http_parser.h> #include <http_parser.h>
#else #else
@ -203,6 +209,7 @@ static void _networkToJson(nlohmann::json &nj,const ZT_VirtualNetworkConfig *nc,
nj["allowManaged"] = localSettings.allowManaged; nj["allowManaged"] = localSettings.allowManaged;
nj["allowGlobal"] = localSettings.allowGlobal; nj["allowGlobal"] = localSettings.allowGlobal;
nj["allowDefault"] = localSettings.allowDefault; nj["allowDefault"] = localSettings.allowDefault;
nj["allowDNS"] = localSettings.allowDNS;
nlohmann::json aa = nlohmann::json::array(); nlohmann::json aa = nlohmann::json::array();
for(unsigned int i=0;i<nc->assignedAddressCount;++i) { for(unsigned int i=0;i<nc->assignedAddressCount;++i) {
@ -515,6 +522,7 @@ public:
settings.allowManaged = true; settings.allowManaged = true;
settings.allowGlobal = false; settings.allowGlobal = false;
settings.allowDefault = false; settings.allowDefault = false;
settings.allowDNS = false;
memset(&config, 0, sizeof(ZT_VirtualNetworkConfig)); memset(&config, 0, sizeof(ZT_VirtualNetworkConfig));
} }
@ -1128,6 +1136,7 @@ public:
fprintf(out,"allowManaged=%d\n",(int)n->second.settings.allowManaged); fprintf(out,"allowManaged=%d\n",(int)n->second.settings.allowManaged);
fprintf(out,"allowGlobal=%d\n",(int)n->second.settings.allowGlobal); fprintf(out,"allowGlobal=%d\n",(int)n->second.settings.allowGlobal);
fprintf(out,"allowDefault=%d\n",(int)n->second.settings.allowDefault); fprintf(out,"allowDefault=%d\n",(int)n->second.settings.allowDefault);
fprintf(out,"allowDNS=%d\n",(int)n->second.settings.allowDNS);
fclose(out); fclose(out);
} }
@ -1465,6 +1474,8 @@ public:
if (allowGlobal.is_boolean()) localSettings.allowGlobal = (bool)allowGlobal; if (allowGlobal.is_boolean()) localSettings.allowGlobal = (bool)allowGlobal;
json &allowDefault = j["allowDefault"]; json &allowDefault = j["allowDefault"];
if (allowDefault.is_boolean()) localSettings.allowDefault = (bool)allowDefault; if (allowDefault.is_boolean()) localSettings.allowDefault = (bool)allowDefault;
json &allowDNS = j["allowDNS"];
if (allowDNS.is_boolean()) localSettings.allowDNS = (bool)allowDNS;
} }
} catch ( ... ) { } catch ( ... ) {
// discard invalid JSON // discard invalid JSON
@ -2006,16 +2017,25 @@ public:
} }
if (syncDns) { if (syncDns) {
if (strlen(n.config.dns.domain) != 0) { if (n.settings.allowDNS) {
std::vector<InetAddress> servers; if (strlen(n.config.dns.domain) != 0) {
for (int j = 0; j < ZT_MAX_DNS_SERVERS; ++j) { std::vector<InetAddress> servers;
InetAddress a(n.config.dns.server_addr[j]); for (int j = 0; j < ZT_MAX_DNS_SERVERS; ++j) {
if (a.isV4() || a.isV6()) { InetAddress a(n.config.dns.server_addr[j]);
servers.push_back(a); if (a.isV4() || a.isV6()) {
servers.push_back(a);
}
} }
n.tap->setDns(n.config.dns.domain, servers);
} }
n.tap->setDns(n.config.dns.domain, servers); } else {
#ifdef __APPLE__
MacDNSHelper::removeDNS(n.config.nwid);
#elif defined(__WINDOWS__)
WinDNSHelper::removeDNS(n.config.nwid);
#endif
} }
} }
} }
@ -2334,6 +2354,7 @@ public:
} }
n.settings.allowGlobal = nc.getB("allowGlobal", false); n.settings.allowGlobal = nc.getB("allowGlobal", false);
n.settings.allowDefault = nc.getB("allowDefault", false); n.settings.allowDefault = nc.getB("allowDefault", false);
n.settings.allowDNS = nc.getB("allowDNS", false);
} }
} catch (std::exception &exc) { } catch (std::exception &exc) {
#ifdef __WINDOWS__ #ifdef __WINDOWS__

5
service/OneService.hpp
View file

@ -86,6 +86,11 @@ public:
* Allow overriding of system default routes for "full tunnel" operation? * Allow overriding of system default routes for "full tunnel" operation?
*/ */
bool allowDefault; bool allowDefault;
/**
* Allow configuration of DNS for the network
*/
bool allowDNS;
}; };
/** /**

1
service/README.md
View file

@ -138,6 +138,7 @@ Most network settings are not writable, as they are defined by the network contr
| allowManaged | boolean | Allow IP and route management | yes | | allowManaged | boolean | Allow IP and route management | yes |
| allowGlobal | boolean | Allow IPs and routes that overlap with global IPs | yes | | allowGlobal | boolean | Allow IPs and routes that overlap with global IPs | yes |
| allowDefault | boolean | Allow overriding of system default route | yes | | allowDefault | boolean | Allow overriding of system default route | yes |
| allowDNS | boolean | Allow configuration of DNS on network | yes |
Route objects: Route objects: