#endif /* defined(HAVE_LMDB) || defined(HAVE_CDB) */
}
+void registerNMGObjects(const ::rust::Vec<NetmaskGroupConfiguration>& nmgs)
+{
+ for (const auto& netmaskGroup : nmgs) {
+ std::shared_ptr<NetmaskGroup> nmg;
+ bool registered = true;
+ nmg = dnsdist::configuration::yaml::getRegisteredTypeByName<NetmaskGroup>(std::string(netmaskGroup.name));
+ if (!nmg) {
+ nmg = std::make_shared<NetmaskGroup>();
+ registered = false;
+ }
+
+ for (const auto& netmask : netmaskGroup.netmasks) {
+ nmg->addMask(std::string(netmask));
+ }
+ if (!registered) {
+ dnsdist::configuration::yaml::registerType<NetmaskGroup>(nmg, netmaskGroup.name);
+ }
+ }
+}
+
std::shared_ptr<DNSSelector> getLuaSelector(const LuaSelectorConfiguration& config)
{
dnsdist::selectors::LuaSelectorFunction function;
struct ProtobufLoggerConfiguration;
struct DnstapLoggerConfiguration;
struct KeyValueStoresConfiguration;
+struct NetmaskGroupConfiguration;
void registerProtobufLogger(const ProtobufLoggerConfiguration& config);
void registerDnstapLogger(const DnstapLoggerConfiguration& config);
void registerKVSObjects(const KeyValueStoresConfiguration& config);
+void registerNMGObjects(const ::rust::Vec<NetmaskGroupConfiguration>& nmgs);
#include "dnsdist-rust-bridge-actions-generated.hh"
#include "dnsdist-rust-bridge-selectors-generated.hh"
fn registerProtobufLogger(config: &ProtobufLoggerConfiguration);
fn registerDnstapLogger(config: &DnstapLoggerConfiguration);
fn registerKVSObjects(config: &KeyValueStoresConfiguration);
+ fn registerNMGObjects(nmgs: &Vec<NetmaskGroupConfiguration>);
}
}
config.load_balancing_policies = serde.load_balancing_policies;
config.logging = serde.logging;
config.metrics = serde.metrics;
+ config.netmask_groups = serde.netmask_groups;
config.packet_caches = serde.packet_caches;
config.pools = serde.pools;
config.proxy_protocol = serde.proxy_protocol;
register_remote_loggers(&config.remote_logging);
// this needs to be done before the rules so that they can refer to the KVS objects
dnsdistsettings::registerKVSObjects(&config.key_value_stores);
+ // this needs to be done before the rules so that they can refer to the NMG objects
+ dnsdistsettings::registerNMGObjects(&config.netmask_groups);
// this needs to be done BEFORE the rules so that they can refer to the selectors
// by name
config.selectors = get_selectors_from_serde(&serde.selectors)?;
type: "MetricsConfiguration"
default: true
description: "Metrics-related settings"
+ - name: "netmask_groups"
+ type: "Vec<NetmaskGroupConfiguration>"
+ default: true
+ description: "Netmask groups definitions"
- name: "packet_caches"
type: "Vec<PacketCacheConfiguration>"
default: true
Note that this does not grant the capabilities to the process, doing so might be done by running it as root which we don't advise, or by adding capabilities via the systemd unit file, for example.
Please also be aware that switching to a different user via ``--uid`` will still drop all capabilities."
+netmask_group:
+ description: "Group of netmasks"
+ parameters:
+ - name: "name"
+ type: "String"
+ description: "The name of this netmask group"
+ - name: "netmasks"
+ type: "Vec<String>"
+ default: ""
+ description: "List of netmasks"
+
packet_cache:
description: "Packet-cache settings"
parameters:
sender = getattr(self, method)
(_, receivedResponse) = sender(query, response=None, useQueue=False)
self.assertEqual(receivedResponse, expectedResponse)
+
+class TestYamlNMGRuleObject(DNSDistTest):
+
+ _yaml_config_template = """---
+binds:
+ - listen_address: "127.0.0.1:%d"
+ protocol: Do53
+
+backends:
+ - address: "127.0.0.1:%d"
+ protocol: Do53
+
+netmask_groups:
+ - name: "my-mng"
+ netmasks:
+ - "192.0.2.1/32"
+ - "127.0.0.1/32"
+
+query_rules:
+ - name: "refuse queries from specific netmasks"
+ selector:
+ type: "NetmaskGroup"
+ netmask_group_name: "my-mng"
+ action:
+ type: "RCode"
+ rcode: "5"
+"""
+ _yaml_config_params = ['_dnsDistPort', '_testServerPort']
+ _config_params = []
+
+ def testYamlNMGRule(self):
+ """
+ YAML: NMGRule (via a NMG object) should refuse our queries
+ """
+ name = 'nmgrule-object.yaml.tests.powerdns.com.'
+ query = dns.message.make_query(name, 'A', 'IN')
+ query.flags &= ~dns.flags.RD
+ expectedResponse = dns.message.make_response(query)
+ expectedResponse.set_rcode(dns.rcode.REFUSED)
+
+ for method in ("sendUDPQuery", "sendTCPQuery"):
+ sender = getattr(self, method)
+ (_, receivedResponse) = sender(query, response=None, useQueue=False)
+ self.assertEqual(receivedResponse, expectedResponse)
projects / thirdparty / pdns.git / commitdiff
