Fixes #8587.
Truncate= 5; // https://tools.ietf.org/html/draft-vixie-dns-rpz-04 3.5
Custom = 6; // https://tools.ietf.org/html/draft-vixie-dns-rpz-04 3.6
}
+ enum VState {
+ Indeterminate = 1;
+ Insecure = 2;
+ Secure = 3;
+ NTA = 4;
+ TA = 5;
+ BogusNoValidDNSKEY = 6;
+ BogusInvalidDenial = 7;
+ BogusUnableToGetDSs = 8;
+ BogusUnableToGetDNSKEYs = 9;
+ BogusSelfSignedDS = 10;
+ BogusNoRRSIG = 11;
+ BogusNoValidRRSIG = 12;
+ BogusMissingNegativeIndication = 13;
+ BogusSignatureNotYetValid = 14;
+ BogusSignatureExpired = 15;
+ BogusUnsupportedDNSKEYAlgo = 16;
+ BogusUnsupportedDSDigestType = 17;
+ BogusNoZoneKeyBitSet = 18;
+ BogusRevokedDNSKEY = 19;
+ BogusInvalidDNSKEYProtocol = 20;
+ }
required Type type = 1;
optional bytes messageId = 2; // UUID, shared by the query and the response
optional bytes serverIdentity = 3; // ID of the server emitting the protobuf message
optional string appliedPolicyTrigger = 8; // The RPZ trigger
optional string appliedPolicyHit = 9; // The value (qname or IP) that caused the hit
optional PolicyKind appliedPolicyKind = 10; // The Kind (RPZ action) applied by the hit
+ optional VState validationState = 11; // The DNSSEC Validation State
}
optional DNSResponse response = 13;
}
pbMessage.addPolicyTags(dc->d_policyTags);
pbMessage.setInBytes(packet.size());
+ pbMessage.setValidationState(sr.getValidationState());
// Take s snap of the current protobuf buffer state to store in the PC
pbDataForCache = boost::make_optional(RecursorPacketCache::PBData{
enum class MessageType : int32_t { DNSQueryType = 1, DNSResponseType = 2, DNSOutgoingQueryType = 3, DNSIncomingResponseType = 4 };
enum class Field : protozero::pbf_tag_type { type = 1, messageId = 2, serverIdentity = 3, socketFamily = 4, socketProtocol = 5, from = 6, to = 7, inBytes = 8, timeSec = 9, timeUsec = 10, id = 11, question = 12, response = 13, originalRequestorSubnet = 14, requestorId = 15, initialRequestId = 16, deviceId = 17, newlyObservedDomain = 18, deviceName = 19, fromPort = 20, toPort = 21 };
enum class QuestionField : protozero::pbf_tag_type { qName = 1, qType = 2, qClass = 3};
- enum class ResponseField : protozero::pbf_tag_type { rcode = 1, rrs = 2, appliedPolicy = 3, tags = 4, queryTimeSec = 5, queryTimeUsec = 6, appliedPolicyType = 7, appliedPolicyTrigger = 8, appliedPolicyHit = 9, appliedPolicyKind = 10 };
+ enum class ResponseField : protozero::pbf_tag_type { rcode = 1, rrs = 2, appliedPolicy = 3, tags = 4, queryTimeSec = 5, queryTimeUsec = 6, appliedPolicyType = 7, appliedPolicyTrigger = 8, appliedPolicyHit = 9, appliedPolicyKind = 10, validationState = 11 };
enum class RRField : protozero::pbf_tag_type { name = 1, type = 2, class_ = 3, ttl = 4, rdata = 5, udr = 6 };
Message(std::string& buffer): d_buffer(buffer), d_message{d_buffer}
#include "protozero.hh"
#include "filterpo.hh"
+#include "validate.hh"
namespace pdns
{
d_response.add_uint32(static_cast<protozero::pbf_tag_type>(ResponseField::appliedPolicyKind), k);
}
+ void setValidationState(const vState state)
+ {
+ uint32_t s;
+
+ switch (state) {
+ case vState::Indeterminate:
+ s = 1;
+ break;
+ case vState::Insecure:
+ s = 2;
+ break;
+ case vState::Secure:
+ s = 3;
+ break;
+ case vState::NTA:
+ s = 4;
+ break;
+ case vState::TA:
+ s = 5;
+ break;
+ case vState::BogusNoValidDNSKEY:
+ s = 6;
+ break;
+ case vState::BogusInvalidDenial:
+ s = 7;
+ break;
+ case vState::BogusUnableToGetDSs:
+ s = 8;
+ break;
+ case vState::BogusUnableToGetDNSKEYs:
+ s = 9;
+ break;
+ case vState::BogusSelfSignedDS:
+ s = 10;
+ break;
+ case vState::BogusNoRRSIG:
+ s = 11;
+ break;
+ case vState::BogusNoValidRRSIG:
+ s = 12;
+ break;
+ case vState::BogusMissingNegativeIndication:
+ s = 13;
+ break;
+ case vState::BogusSignatureNotYetValid:
+ s = 14;
+ break;
+ case vState::BogusSignatureExpired:
+ s = 15;
+ break;
+ case vState::BogusUnsupportedDNSKEYAlgo:
+ s = 16;
+ break;
+ case vState::BogusUnsupportedDSDigestType:
+ s = 17;
+ break;
+ case vState::BogusNoZoneKeyBitSet:
+ s = 18;
+ break;
+ case vState::BogusRevokedDNSKEY:
+ s = 19;
+ break;
+ case vState::BogusInvalidDNSKEYProtocol:
+ s = 20;
+ break;
+ default:
+ throw std::runtime_error("Unsupported protobuf validation state");
+ }
+ d_response.add_uint32(static_cast<protozero::pbf_tag_type>(ResponseField::validationState), s);
+ }
+
#ifdef NOD_ENABLED
void clearUDR(std::string&);
#endif
self.assertTrue(msg.question.HasField('qName'))
self.assertEquals(msg.question.qName, qname)
- def checkProtobufResponse(self, msg, protocol, response, initiator='127.0.0.1', receivedSize=None):
+ def checkProtobufResponse(self, msg, protocol, response, initiator='127.0.0.1', receivedSize=None, vstate=dnsmessage_pb2.PBDNSMessage.VState.Indeterminate):
self.assertEquals(msg.type, dnsmessage_pb2.PBDNSMessage.DNSResponseType)
self.checkProtobufBase(msg, protocol, response, initiator, receivedSize=receivedSize)
self.assertTrue(msg.HasField('response'))
self.assertTrue(msg.response.HasField('queryTimeSec'))
+ self.assertTrue(msg.response.HasField('validationState'))
+ self.assertEquals(msg.response.validationState, vstate)
def checkProtobufResponseRecord(self, record, rclass, rtype, rname, rttl, checkTTL=True):
self.assertTrue(record.HasField('class'))
projects / thirdparty / pdns.git / commitdiff
