enum class PolicyKind { NoAction, Drop, NXDOMAIN, NODATA, Truncate, Custom};
enum class PolicyType { None, QName, ClientIP, ResponseIP, NSDName, NSIP };
+ static std::string getKindToString(PolicyKind kind);
+ static std::string getTypeToString(PolicyType type);
+
struct Policy
{
- Policy(): d_custom(nullptr), d_name(nullptr), d_kind(PolicyKind::NoAction), d_type(PolicyType::None), d_ttl(0)
+ Policy(): d_name(nullptr), d_kind(PolicyKind::NoAction), d_type(PolicyType::None), d_ttl(0)
+ {
+ }
+
+ Policy(PolicyKind kind, PolicyType type, int32_t ttl=0, std::shared_ptr<std::string> name=nullptr, const std::vector<std::shared_ptr<DNSRecordContent>>& custom={}): d_custom(custom), d_name(name), d_kind(kind), d_type(type), d_ttl(ttl)
{
}
+
bool operator==(const Policy& rhs) const
{
- return d_kind == rhs.d_kind; // XXX check d_custom too!
+ return d_kind == rhs.d_kind && d_type == rhs.d_type && d_ttl == rhs.d_ttl && d_custom == rhs.d_custom;
}
- std::string getKindToString() const;
- DNSRecord getCustomRecord(const DNSName& qname) const;
- DNSRecord getRecord(const DNSName& qname) const;
+ std::vector<DNSRecord> getCustomRecords(const DNSName& qname, uint16_t qtype) const;
+ std::vector<DNSRecord> getRecords(const DNSName& qname) const;
- std::shared_ptr<DNSRecordContent> d_custom;
- std::shared_ptr<std::string> d_name;
+ std::vector<std::shared_ptr<DNSRecordContent>> d_custom;
+ std::shared_ptr<std::string> d_name; // the name of the policy
PolicyKind d_kind;
PolicyType d_type;
+ /* Yup, we are currently using the same TTL for every record for a given name */
int32_t d_ttl;
- };
+
+ private:
+ DNSRecord getRecordFromCustom(const DNSName& qname, const std::shared_ptr<DNSRecordContent>& custom) const;
+};
class Zone {
public:
{
return d_name;
}
- DNSName getDomain()
+
+ DNSName getDomain() const
{
return d_domain;
}
- uint32_t getRefresh()
+
+ uint32_t getRefresh() const
{
return d_refresh;
}
+
+ uint32_t getSerial() const
+ {
+ return d_serial;
+ }
+
+ size_t size() const
+ {
+ return d_qpolAddr.size() + d_postpolAddr.size() + d_propolName.size() + d_propolNSAddr.size() + d_qpolName.size();
+ }
+
void dump(FILE * fp) const;
- void addClientTrigger(const Netmask& nm, Policy pol);
- void addQNameTrigger(const DNSName& nm, Policy pol);
- void addNSTrigger(const DNSName& dn, Policy pol);
- void addNSIPTrigger(const Netmask& nm, Policy pol);
- void addResponseTrigger(const Netmask& nm, Policy pol);
+ void addClientTrigger(const Netmask& nm, Policy&& pol);
+ void addQNameTrigger(const DNSName& nm, Policy&& pol, bool ignoreDuplicate=false);
+ void addNSTrigger(const DNSName& dn, Policy&& pol);
+ void addNSIPTrigger(const Netmask& nm, Policy&& pol);
+ void addResponseTrigger(const Netmask& nm, Policy&& pol);
- bool rmClientTrigger(const Netmask& nm, Policy pol);
- bool rmQNameTrigger(const DNSName& nm, Policy pol);
- bool rmNSTrigger(const DNSName& dn, Policy pol);
- bool rmNSIPTrigger(const Netmask& nm, Policy pol);
- bool rmResponseTrigger(const Netmask& nm, Policy pol);
+ bool rmClientTrigger(const Netmask& nm, const Policy& pol);
+ bool rmQNameTrigger(const DNSName& nm, const Policy& pol);
+ bool rmNSTrigger(const DNSName& dn, const Policy& pol);
+ bool rmNSIPTrigger(const Netmask& nm, const Policy& pol);
+ bool rmResponseTrigger(const Netmask& nm, const Policy& pol);
- bool findQNamePolicy(const DNSName& qname, DNSFilterEngine::Policy& pol) const;
- bool findNSPolicy(const DNSName& qname, DNSFilterEngine::Policy& pol) const;
+ bool findExactQNamePolicy(const DNSName& qname, DNSFilterEngine::Policy& pol) const;
+ bool findExactNSPolicy(const DNSName& qname, DNSFilterEngine::Policy& pol) const;
bool findNSIPPolicy(const ComboAddress& addr, DNSFilterEngine::Policy& pol) const;
bool findResponsePolicy(const ComboAddress& addr, DNSFilterEngine::Policy& pol) const;
bool findClientPolicy(const ComboAddress& addr, DNSFilterEngine::Policy& pol) const;
+ bool hasClientPolicies() const
+ {
+ return !d_qpolAddr.empty();
+ }
+ bool hasQNamePolicies() const
+ {
+ return !d_qpolName.empty();
+ }
+ bool hasNSPolicies() const
+ {
+ return !d_propolName.empty();
+ }
+ bool hasNSIPPolicies() const
+ {
+ return !d_propolNSAddr.empty();
+ }
+ bool hasResponsePolicies() const
+ {
+ return !d_postpolAddr.empty();
+ }
+
private:
static DNSName maskToRPZ(const Netmask& nm);
- bool findNamedPolicy(const std::unordered_map<DNSName, DNSFilterEngine::Policy>& polmap, const DNSName& qname, DNSFilterEngine::Policy& pol) const;
- void dumpNamedPolicy(FILE* fp, const DNSName& name, const Policy& pol) const;
- void dumpAddrPolicy(FILE* fp, const Netmask& nm, const DNSName& name, const Policy& pol) const;
+ static bool findExactNamedPolicy(const std::unordered_map<DNSName, DNSFilterEngine::Policy>& polmap, const DNSName& qname, DNSFilterEngine::Policy& pol);
+ static bool findNamedPolicy(const std::unordered_map<DNSName, DNSFilterEngine::Policy>& polmap, const DNSName& qname, DNSFilterEngine::Policy& pol);
+ static void dumpNamedPolicy(FILE* fp, const DNSName& name, const Policy& pol);
+ static void dumpAddrPolicy(FILE* fp, const Netmask& nm, const DNSName& name, const Policy& pol);
std::unordered_map<DNSName, Policy> d_qpolName; // QNAME trigger (RPZ)
NetmaskTree<Policy> d_qpolAddr; // Source address
z->clear();
}
}
+ void clearZones()
+ {
+ d_zones.clear();
+ }
const std::shared_ptr<Zone> getZone(size_t zoneIdx) const
{
std::shared_ptr<Zone> result{nullptr};