[thirdparty/pdns.git] / pdns / filterpo.cc

#include "filterpo.hh"
#include <iostream>
#include "namespaces.hh"
#include "dnsrecords.hh"

DNSFilterEngine::DNSFilterEngine()
{
}

bool findNamedPolicy(const map<DNSName, DNSFilterEngine::Policy>& polmap, const DNSName& qname, DNSFilterEngine::Policy& pol)
{
  DNSName s(qname);

    /* for www.powerdns.com, we need to check:
         www.powerdns.com.
           *.powerdns.com.
             powerdns.com.
	            *.com.
                      com.
	 	        *.
  			 .       */
 
  bool first=true;
  do {
    auto iter = polmap.find(s);
    if(iter != polmap.end()) {
      pol=iter->second;
      return true;
    }
    if(!first) {
      iter = polmap.find(DNSName("*")+s);
      if(iter != polmap.end()) {
	pol=iter->second;
	return true;
      }
    }
    first=false;
  } while(s.chopOff());
  return false;
}

DNSFilterEngine::Policy DNSFilterEngine::getProcessingPolicy(const DNSName& qname) const
{
  //  cout<<"Got question for nameserver name "<<qname<<endl;
  Policy pol{PolicyKind::NoAction, nullptr, "", 0};
  for(const auto& z : d_zones) {
    if(findNamedPolicy(z.propolName, qname, pol)) {
      //      cerr<<"Had a hit on the nameserver ("<<qname<<") used to process the query"<<endl;
      return pol;
    }
  }
  return pol;
}  


DNSFilterEngine::Policy DNSFilterEngine::getQueryPolicy(const DNSName& qname, const ComboAddress& ca) const
{
  //  cout<<"Got question for "<<qname<<" from "<<ca.toString()<<endl;

  Policy pol{PolicyKind::NoAction, nullptr, "", 0};
  for(const auto& z : d_zones) {
    if(findNamedPolicy(z.qpolName, qname, pol)) {
      //      cerr<<"Had a hit on the name of the query"<<endl;
      return pol;
    }
    
    if(auto fnd=z.qpolAddr.lookup(ca)) {
      //	cerr<<"Had a hit on the IP address ("<<ca.toString()<<") of the client"<<endl;
      return fnd->second;
    }
  }

  return pol;
}

DNSFilterEngine::Policy DNSFilterEngine::getPostPolicy(const vector<DNSRecord>& records) const
{
  ComboAddress ca;

  for(const auto& r : records) {
    if(r.d_place != DNSResourceRecord::ANSWER) 
      continue;
    if(r.d_type == QType::A) {
      if (auto rec = getRR<ARecordContent>(r)) {
        ca = rec->getCA();
      }
    }
    else if(r.d_type == QType::AAAA) {
      if (auto rec = getRR<AAAARecordContent>(r)) {
        ca = rec->getCA();
      }
    }
    else
      continue;

    for(const auto& z : d_zones) {
      if(auto fnd=z.postpolAddr.lookup(ca))
	return fnd->second;
    }
  }
  return Policy{PolicyKind::NoAction, nullptr, "", 0};
}

void DNSFilterEngine::assureZones(int zone)
{
  if((int)d_zones.size() <= zone)
    d_zones.resize(zone+1);
}

void DNSFilterEngine::clear(int zone)
{
  assureZones(zone);
  auto& z = d_zones[zone];
  z.qpolAddr.clear();
  z.postpolAddr.clear();
  z.propolName.clear();
  z.qpolName.clear();
}

void DNSFilterEngine::addClientTrigger(const Netmask& nm, Policy pol, int zone)
{
  assureZones(zone);
  d_zones[zone].qpolAddr.insert(nm).second=pol;
}

void DNSFilterEngine::addResponseTrigger(const Netmask& nm, Policy pol, int zone)
{
  assureZones(zone);
  d_zones[zone].postpolAddr.insert(nm).second=pol;
}

void DNSFilterEngine::addQNameTrigger(const DNSName& n, Policy pol, int zone)
{
  assureZones(zone);
  d_zones[zone].qpolName[n]=pol;
}

void DNSFilterEngine::addNSTrigger(const DNSName& n, Policy pol, int zone)
{
  assureZones(zone);
  d_zones[zone].propolName[n]=pol;
}

bool DNSFilterEngine::rmClientTrigger(const Netmask& nm, Policy pol, int zone)
{
  assureZones(zone);

  auto& qpols = d_zones[zone].qpolAddr;
  qpols.erase(nm);
  return true;
}

bool DNSFilterEngine::rmResponseTrigger(const Netmask& nm, Policy pol, int zone)
{
  assureZones(zone);
  auto& postpols = d_zones[zone].postpolAddr;
  postpols.erase(nm);  
  return true;
}

bool DNSFilterEngine::rmQNameTrigger(const DNSName& n, Policy pol, int zone)
{
  assureZones(zone);
  d_zones[zone].qpolName.erase(n); // XXX verify we had identical policy?
  return true;
}

bool DNSFilterEngine::rmNSTrigger(const DNSName& n, Policy pol, int zone)
{
  assureZones(zone);
  d_zones[zone].propolName.erase(n); // XXX verify policy matched? =pol;
  return true;
}
Commit	Line	Data
644dd1da	1	#include "filterpo.hh"
	2	#include <iostream>
	3	#include "namespaces.hh"
	4	#include "dnsrecords.hh"
	5
	6	DNSFilterEngine::DNSFilterEngine()
	7	{
	8	}
	9
	10	bool findNamedPolicy(const map<DNSName, DNSFilterEngine::Policy>& polmap, const DNSName& qname, DNSFilterEngine::Policy& pol)
	11	{
	12	DNSName s(qname);
	13
	14	/* for www.powerdns.com, we need to check:
	15	www.powerdns.com.
	16	*.powerdns.com.
	17	powerdns.com.
	18	*.com.
	19	com.
	20	*.
	21	. */
	22
	23	bool first=true;
	24	do {
	25	auto iter = polmap.find(s);
	26	if(iter != polmap.end()) {
	27	pol=iter->second;
	28	return true;
	29	}
	30	if(!first) {
	31	iter = polmap.find(DNSName("*")+s);
	32	if(iter != polmap.end()) {
	33	pol=iter->second;
	34	return true;
	35	}
	36	}
	37	first=false;
	38	} while(s.chopOff());
	39	return false;
	40	}
	41
	42	DNSFilterEngine::Policy DNSFilterEngine::getProcessingPolicy(const DNSName& qname) const
	43	{
39ec5d29	44	// cout<<"Got question for nameserver name "<<qname<<endl;
83971888	45	Policy pol{PolicyKind::NoAction, nullptr, "", 0};
644dd1da	46	for(const auto& z : d_zones) {
644dd1da	47	if(findNamedPolicy(z.propolName, qname, pol)) {
de0f72ba	48	// cerr<<"Had a hit on the nameserver ("<<qname<<") used to process the query"<<endl;
644dd1da	49	return pol;
	50	}
	51	}
	52	return pol;
	53	}
	54
	55
	56	DNSFilterEngine::Policy DNSFilterEngine::getQueryPolicy(const DNSName& qname, const ComboAddress& ca) const
	57	{
de0f72ba	58	// cout<<"Got question for "<<qname<<" from "<<ca.toString()<<endl;
644dd1da	59
83971888	60	Policy pol{PolicyKind::NoAction, nullptr, "", 0};
644dd1da	61	for(const auto& z : d_zones) {
644dd1da	62	if(findNamedPolicy(z.qpolName, qname, pol)) {
de0f72ba	63	// cerr<<"Had a hit on the name of the query"<<endl;
644dd1da	64	return pol;
	65	}
	66
0e760497	67	if(auto fnd=z.qpolAddr.lookup(ca)) {
	68	// cerr<<"Had a hit on the IP address ("<<ca.toString()<<") of the client"<<endl;
	69	return fnd->second;
644dd1da	70	}
	71	}
	72
39ec5d29	73	return pol;
644dd1da	74	}
	75
	76	DNSFilterEngine::Policy DNSFilterEngine::getPostPolicy(const vector<DNSRecord>& records) const
	77	{
	78	ComboAddress ca;
	79
	80	for(const auto& r : records) {
589ad24b	81	if(r.d_place != DNSResourceRecord::ANSWER)
644dd1da	82	continue;
ba3c54cb RG	83	if(r.d_type == QType::A) {
	84	if (auto rec = getRR<ARecordContent>(r)) {
	85	ca = rec->getCA();
	86	}
	87	}
	88	else if(r.d_type == QType::AAAA) {
	89	if (auto rec = getRR<AAAARecordContent>(r)) {
	90	ca = rec->getCA();
	91	}
	92	}
644dd1da	93	else
	94	continue;
	95
	96	for(const auto& z : d_zones) {
0e760497	97	if(auto fnd=z.postpolAddr.lookup(ca))
0e760497	98	return fnd->second;
644dd1da	99	}
644dd1da	100	}
83971888	101	return Policy{PolicyKind::NoAction, nullptr, "", 0};
644dd1da	102	}
	103
	104	void DNSFilterEngine::assureZones(int zone)
	105	{
	106	if((int)d_zones.size() <= zone)
	107	d_zones.resize(zone+1);
644dd1da	108	}
644dd1da	109
7eafc52f	110	void DNSFilterEngine::clear(int zone)
	111	{
	112	assureZones(zone);
	113	auto& z = d_zones[zone];
	114	z.qpolAddr.clear();
	115	z.postpolAddr.clear();
	116	z.propolName.clear();
	117	z.qpolName.clear();
	118	}
	119
644dd1da	120	void DNSFilterEngine::addClientTrigger(const Netmask& nm, Policy pol, int zone)
	121	{
	122	assureZones(zone);
0e760497	123	d_zones[zone].qpolAddr.insert(nm).second=pol;
644dd1da	124	}
	125
	126	void DNSFilterEngine::addResponseTrigger(const Netmask& nm, Policy pol, int zone)
	127	{
	128	assureZones(zone);
0e760497	129	d_zones[zone].postpolAddr.insert(nm).second=pol;
644dd1da	130	}
	131
	132	void DNSFilterEngine::addQNameTrigger(const DNSName& n, Policy pol, int zone)
	133	{
	134	assureZones(zone);
	135	d_zones[zone].qpolName[n]=pol;
	136	}
	137
	138	void DNSFilterEngine::addNSTrigger(const DNSName& n, Policy pol, int zone)
	139	{
	140	assureZones(zone);
	141	d_zones[zone].propolName[n]=pol;
	142	}
39ec5d29	143
	144	bool DNSFilterEngine::rmClientTrigger(const Netmask& nm, Policy pol, int zone)
	145	{
	146	assureZones(zone);
	147
	148	auto& qpols = d_zones[zone].qpolAddr;
0e760497	149	qpols.erase(nm);
39ec5d29	150	return true;
	151	}
	152
	153	bool DNSFilterEngine::rmResponseTrigger(const Netmask& nm, Policy pol, int zone)
	154	{
	155	assureZones(zone);
	156	auto& postpols = d_zones[zone].postpolAddr;
0e760497	157	postpols.erase(nm);
39ec5d29	158	return true;
	159	}
	160
	161	bool DNSFilterEngine::rmQNameTrigger(const DNSName& n, Policy pol, int zone)
	162	{
	163	assureZones(zone);
	164	d_zones[zone].qpolName.erase(n); // XXX verify we had identical policy?
	165	return true;
	166	}
	167
	168	bool DNSFilterEngine::rmNSTrigger(const DNSName& n, Policy pol, int zone)
	169	{
	170	assureZones(zone);
	171	d_zones[zone].propolName.erase(n); // XXX verify policy matched? =pol;
	172	return true;
	173	}