For triggers fomr rpz zones it makes sense to store them as listed there.
For hit values (names or IPs) it makes more sense to store them
in the regular string value and not list them as rpz trigger format.
e.g.: a trigger is listed
24.0.2.0.192.rpz-ip.rpz.local.
A corresponding hit as
192.0.2.1
optional uint32 queryTimeUsec = 6; // Time of the corresponding query reception (additional micro-seconds)
optional PolicyType appliedPolicyType = 7; // Type of the filtering policy (RPZ or Lua) applied
optional string appliedPolicyTrigger = 8; // The RPZ trigger
+ optional string appliedPolicyHit = 9; // The value (qname or IP) that caused the hit
}
optional DNSResponse response = 13;
if(iter != polmap.end()) {
pol=iter->second;
pol.d_trigger = g_wildcarddnsname+s;
+ pol.d_hit = qname.toString();
return true;
}
}
if (it != polmap.end()) {
pol = it->second;
pol.d_trigger = qname;
+ pol.d_hit = qname.toString();
return true;
}
// cerr<<"Had a hit on the nameserver ("<<qname<<") used to process the query"<<endl;
pol.d_trigger = qname;
pol.d_trigger.appendRawLabel("rpz-nsdname");
+ pol.d_hit = qname.toString();
return true;
}
// cerr<<"Had a hit on the nameserver ("<<qname<<") used to process the query"<<endl;
pol.d_trigger = wc;
pol.d_trigger.appendRawLabel(rpzNSDnameName);
+ pol.d_hit = qname.toString();
return true;
}
}
// XXX should use ns RPZ
pol.d_trigger = Zone::maskToRPZ(address);
pol.d_trigger.appendRawLabel(rpzNSIPName);
+ pol.d_hit = address.toString();
return true;
}
}
if (z->findExactQNamePolicy(qname, pol)) {
// cerr<<"Had a hit on the name of the query"<<endl;
pol.d_trigger = qname;
+ pol.d_hit = qname.toString();
return true;
}
if (z->findExactQNamePolicy(wc, pol)) {
// cerr<<"Had a hit on the name of the query"<<endl;
pol.d_trigger = wc;
+ pol.d_hit = qname.toString();
return true;
}
}
if (z->findResponsePolicy(ca, pol)) {
pol.d_trigger = Zone::maskToRPZ(ca);
- pol.d_trigger.appendRawLabel("rpz-ip");
+ pol.d_trigger.appendRawLabel(rpzIPName);
+ pol.d_hit = ca.toString();
return true;
}
}
std::vector<std::shared_ptr<DNSRecordContent>> d_custom;
std::shared_ptr<PolicyZoneData> d_zoneData{nullptr};
DNSName d_trigger;
+ string d_hit;
/* Yup, we are currently using the same TTL for every record for a given name */
int32_t d_ttl;
PolicyKind d_kind;
d_lw->registerMember("policyType", &DNSFilterEngine::Policy::d_type);
d_lw->registerMember("policyTTL", &DNSFilterEngine::Policy::d_ttl);
d_lw->registerMember("policyTrigger", &DNSFilterEngine::Policy::d_trigger);
+ d_lw->registerMember("policyHit", &DNSFilterEngine::Policy::d_hit);
d_lw->registerMember<DNSFilterEngine::Policy, std::string>("policyCustom",
[](const DNSFilterEngine::Policy& pol) -> std::string {
std::string result;
pbMessage->setAppliedPolicy(appliedPolicy.getName());
pbMessage->setAppliedPolicyType(appliedPolicy.d_type);
pbMessage->setAppliedPolicyTrigger(appliedPolicy.d_trigger);
+ pbMessage->setAppliedPolicyHit(appliedPolicy.d_hit);
}
pbMessage->setPolicyTags(dc->d_policyTags);
if (g_useKernelTimestamp && dc->d_kernelTimestamp.tv_sec) {
#endif /* HAVE_PROTOBUF */
}
+void RecProtoBufMessage::setAppliedPolicyHit(const string& hit)
+{
+#ifdef HAVE_PROTOBUF
+ PBDNSMessage_DNSResponse* response = d_message.mutable_response();
+ if (response && !hit.empty()) {
+ response->set_appliedpolicyhit(hit);
+ }
+#endif /* HAVE_PROTOBUF */
+}
+
void RecProtoBufMessage::setPolicyTags(const std::unordered_set<std::string>& policyTags)
{
#ifdef HAVE_PROTOBUF
void setAppliedPolicy(const std::string& policy);
void setAppliedPolicyType(const DNSFilterEngine::PolicyType& policyType);
void setAppliedPolicyTrigger(const DNSName& trigger);
+ void setAppliedPolicyHit(const string& hit);
void setPolicyTags(const std::unordered_set<std::string>& policyTags);
void addPolicyTag(const std::string& policyTag);
void removePolicyTag(const std::string& policyTag);