From: Remi Gacogne Date: Thu, 6 Apr 2017 12:21:32 +0000 (+0200) Subject: rec: RPZ updates are done zone by zone, zones are now shared pointers X-Git-Tag: rec-4.1.0-alpha1~135^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6b972d59ad6294b00aaffe9d9cda42860d46378e;p=thirdparty%2Fpdns.git rec: RPZ updates are done zone by zone, zones are now shared pointers This prevents having to copy and update all the zones even though the RPZ IXFR tracker only works on one of them at a time. Also prevents race conditions if two RPZ IXFR tracker threads update the state at the same time by using `GlobalStateHolder::modify()` instead of `GlobalStateHolder::setState()`. --- diff --git a/pdns/filterpo.cc b/pdns/filterpo.cc index d87c55ccc0..8a5b1e1840 100644 --- a/pdns/filterpo.cc +++ b/pdns/filterpo.cc @@ -61,11 +61,12 @@ DNSFilterEngine::Policy DNSFilterEngine::getProcessingPolicy(const DNSName& qnam // cout<<"Got question for nameserver name "<getName(); + if(zoneName && discardedPolicies.find(*zoneName) != discardedPolicies.end()) { continue; } - if(findNamedPolicy(z.propolName, qname, pol)) { + if(findNamedPolicy(z->d_propolName, qname, pol)) { // cerr<<"Had a hit on the nameserver ("<getName(); + if(zoneName && discardedPolicies.find(*zoneName) != discardedPolicies.end()) { continue; } - if(auto fnd=z.propolNSAddr.lookup(address)) { + if(auto fnd=z->d_propolNSAddr.lookup(address)) { // cerr<<"Had a hit on the nameserver ("<second;; } @@ -94,16 +96,17 @@ DNSFilterEngine::Policy DNSFilterEngine::getQueryPolicy(const DNSName& qname, co // cout<<"Got question for "<getName(); + if(zoneName && discardedPolicies.find(*zoneName) != discardedPolicies.end()) { continue; } - if(findNamedPolicy(z.qpolName, qname, pol)) { + if(findNamedPolicy(z->d_qpolName, qname, pol)) { // cerr<<"Had a hit on the name of the query"<d_qpolAddr.lookup(ca)) { // cerr<<"Had a hit on the IP address ("<second; } @@ -132,11 +135,12 @@ DNSFilterEngine::Policy DNSFilterEngine::getPostPolicy(const vector& continue; for(const auto& z : d_zones) { - if(z.name && discardedPolicies.find(*z.name) != discardedPolicies.end()) { + const auto zoneName = z->getName(); + if(zoneName && discardedPolicies.find(*zoneName) != discardedPolicies.end()) { continue; } - if(auto fnd=z.postpolAddr.lookup(ca)) + if(auto fnd=z->d_postpolAddr.lookup(ca)) return fnd->second; } } @@ -149,98 +153,62 @@ void DNSFilterEngine::assureZones(size_t zone) d_zones.resize(zone+1); } -void DNSFilterEngine::clear(size_t zone) +void DNSFilterEngine::Zone::addClientTrigger(const Netmask& nm, Policy pol) { - assureZones(zone); - auto& z = d_zones[zone]; - z.qpolAddr.clear(); - z.postpolAddr.clear(); - z.propolName.clear(); - z.propolNSAddr.clear(); - z.qpolName.clear(); + pol.d_name = d_name; + d_qpolAddr.insert(nm).second=pol; } -void DNSFilterEngine::clear() +void DNSFilterEngine::Zone::addResponseTrigger(const Netmask& nm, Policy pol) { - for(auto& z : d_zones) { - z.qpolAddr.clear(); - z.postpolAddr.clear(); - z.propolName.clear(); - z.propolNSAddr.clear(); - z.qpolName.clear(); - } -} - -void DNSFilterEngine::addClientTrigger(const Netmask& nm, Policy pol, size_t zone) -{ - assureZones(zone); - pol.d_name = d_zones[zone].name; - d_zones[zone].qpolAddr.insert(nm).second=pol; + pol.d_name = d_name; + d_postpolAddr.insert(nm).second=pol; } -void DNSFilterEngine::addResponseTrigger(const Netmask& nm, Policy pol, size_t zone) +void DNSFilterEngine::Zone::addQNameTrigger(const DNSName& n, Policy pol) { - assureZones(zone); - pol.d_name = d_zones[zone].name; - d_zones[zone].postpolAddr.insert(nm).second=pol; + pol.d_name = d_name; + d_qpolName[n]=pol; } -void DNSFilterEngine::addQNameTrigger(const DNSName& n, Policy pol, size_t zone) +void DNSFilterEngine::Zone::addNSTrigger(const DNSName& n, Policy pol) { - assureZones(zone); - pol.d_name = d_zones[zone].name; - d_zones[zone].qpolName[n]=pol; + pol.d_name = d_name; + d_propolName[n]=pol; } -void DNSFilterEngine::addNSTrigger(const DNSName& n, Policy pol, size_t zone) +void DNSFilterEngine::Zone::addNSIPTrigger(const Netmask& nm, Policy pol) { - assureZones(zone); - pol.d_name = d_zones[zone].name; - d_zones[zone].propolName[n]=pol; + pol.d_name = d_name; + d_propolNSAddr.insert(nm).second = pol; } -void DNSFilterEngine::addNSIPTrigger(const Netmask& nm, Policy pol, size_t zone) +bool DNSFilterEngine::Zone::rmClientTrigger(const Netmask& nm, Policy pol) { - assureZones(zone); - pol.d_name = d_zones[zone].name; - d_zones[zone].propolNSAddr.insert(nm).second = pol; -} - -bool DNSFilterEngine::rmClientTrigger(const Netmask& nm, Policy pol, size_t zone) -{ - assureZones(zone); - - auto& qpols = d_zones[zone].qpolAddr; - qpols.erase(nm); + d_qpolAddr.erase(nm); return true; } -bool DNSFilterEngine::rmResponseTrigger(const Netmask& nm, Policy pol, size_t zone) +bool DNSFilterEngine::Zone::rmResponseTrigger(const Netmask& nm, Policy pol) { - assureZones(zone); - auto& postpols = d_zones[zone].postpolAddr; - postpols.erase(nm); + d_postpolAddr.erase(nm); return true; } -bool DNSFilterEngine::rmQNameTrigger(const DNSName& n, Policy pol, size_t zone) +bool DNSFilterEngine::Zone::rmQNameTrigger(const DNSName& n, Policy pol) { - assureZones(zone); - d_zones[zone].qpolName.erase(n); // XXX verify we had identical policy? + d_qpolName.erase(n); // XXX verify we had identical policy? return true; } -bool DNSFilterEngine::rmNSTrigger(const DNSName& n, Policy pol, size_t zone) +bool DNSFilterEngine::Zone::rmNSTrigger(const DNSName& n, Policy pol) { - assureZones(zone); - d_zones[zone].propolName.erase(n); // XXX verify policy matched? =pol; + d_propolName.erase(n); // XXX verify policy matched? =pol; return true; } -bool DNSFilterEngine::rmNSIPTrigger(const Netmask& nm, Policy pol, size_t zone) +bool DNSFilterEngine::Zone::rmNSIPTrigger(const Netmask& nm, Policy pol) { - assureZones(zone); - auto& pols = d_zones[zone].propolNSAddr; - pols.erase(nm); + d_propolNSAddr.erase(nm); return true; } diff --git a/pdns/filterpo.hh b/pdns/filterpo.hh index fb9ee4c1c4..abf647e2ae 100644 --- a/pdns/filterpo.hh +++ b/pdns/filterpo.hh @@ -80,48 +80,85 @@ public: int32_t d_ttl; }; - DNSFilterEngine(); - void clear(); - void clear(size_t zone); - void reserve(size_t zone, size_t entriesCount) { - assureZones(zone); - d_zones[zone].qpolName.reserve(entriesCount); - } - void addClientTrigger(const Netmask& nm, Policy pol, size_t zone); - void addQNameTrigger(const DNSName& nm, Policy pol, size_t zone); - void addNSTrigger(const DNSName& dn, Policy pol, size_t zone); - void addNSIPTrigger(const Netmask& nm, Policy pol, size_t zone); - void addResponseTrigger(const Netmask& nm, Policy pol, size_t zone); + class Zone { + public: + void clear() + { + d_qpolAddr.clear(); + d_postpolAddr.clear(); + d_propolName.clear(); + d_qpolName.clear(); + } + void reserve(size_t entriesCount) + { + d_qpolName.reserve(entriesCount); + } + void setName(const std::string& name) + { + d_name = std::make_shared(name); + } + const std::shared_ptr getName() const + { + return d_name; + } - bool rmClientTrigger(const Netmask& nm, Policy pol, size_t zone); - bool rmQNameTrigger(const DNSName& nm, Policy pol, size_t zone); - bool rmNSTrigger(const DNSName& dn, Policy pol, size_t zone); - bool rmNSIPTrigger(const Netmask& nm, Policy pol, size_t zone); - bool rmResponseTrigger(const Netmask& nm, Policy pol, size_t zone); + void addClientTrigger(const Netmask& nm, Policy pol); + void addQNameTrigger(const DNSName& nm, Policy pol); + void addNSTrigger(const DNSName& dn, Policy pol); + void addNSIPTrigger(const Netmask& nm, Policy pol); + void addResponseTrigger(const Netmask& nm, Policy pol); + bool rmClientTrigger(const Netmask& nm, Policy pol); + bool rmQNameTrigger(const DNSName& nm, Policy pol); + bool rmNSTrigger(const DNSName& dn, Policy pol); + bool rmNSIPTrigger(const Netmask& nm, Policy pol); + bool rmResponseTrigger(const Netmask& nm, Policy pol); + + std::unordered_map d_qpolName; // QNAME trigger (RPZ) + NetmaskTree d_qpolAddr; // Source address + std::unordered_map d_propolName; // NSDNAME (RPZ) + NetmaskTree d_propolNSAddr; // NSIP (RPZ) + NetmaskTree d_postpolAddr; // IP trigger (RPZ) + std::shared_ptr d_name; + }; + + DNSFilterEngine(); + void clear() + { + for(auto& z : d_zones) { + z->clear(); + } + } + const std::shared_ptr getZone(size_t zoneIdx) const + { + std::shared_ptr result{nullptr}; + if (zoneIdx < d_zones.size()) { + result = d_zones[zoneIdx]; + } + return result; + } + size_t addZone(std::shared_ptr newZone) + { + d_zones.push_back(newZone); + return (d_zones.size() - 1); + } + void setZone(size_t zoneIdx, std::shared_ptr newZone) + { + if (newZone) { + assureZones(zoneIdx); + d_zones[zoneIdx] = newZone; + } + } Policy getQueryPolicy(const DNSName& qname, const ComboAddress& nm, const std::unordered_map& discardedPolicies) const; Policy getProcessingPolicy(const DNSName& qname, const std::unordered_map& discardedPolicies) const; Policy getProcessingPolicy(const ComboAddress& address, const std::unordered_map& discardedPolicies) const; Policy getPostPolicy(const vector& records, const std::unordered_map& discardedPolicies) const; - size_t size() { + size_t size() const { return d_zones.size(); } - void setPolicyName(size_t zoneIdx, std::string name) - { - assureZones(zoneIdx); - d_zones[zoneIdx].name = std::make_shared(name); - } private: void assureZones(size_t zone); - struct Zone { - std::unordered_map qpolName; // QNAME trigger (RPZ) - NetmaskTree qpolAddr; // Source address - std::unordered_map propolName; // NSDNAME (RPZ) - NetmaskTree propolNSAddr; // NSIP (RPZ) - NetmaskTree postpolAddr; // IP trigger (RPZ) - std::shared_ptr name; - }; - vector d_zones; + vector> d_zones; }; diff --git a/pdns/rec-lua-conf.cc b/pdns/rec-lua-conf.cc index 5f816584aa..6c5e7e171e 100644 --- a/pdns/rec-lua-conf.cc +++ b/pdns/rec-lua-conf.cc @@ -114,19 +114,20 @@ void loadRecursorLuaConfig(const std::string& fname, bool checkOnly) try { boost::optional defpol; std::string polName("rpzFile"); - const size_t zoneIdx = lci.dfe.size(); + std::shared_ptr zone = std::make_shared(); uint32_t maxTTL = std::numeric_limits::max(); if(options) { auto& have = *options; size_t zoneSizeHint = 0; parseRPZParameters(have, polName, defpol, maxTTL, zoneSizeHint); if (zoneSizeHint > 0) { - lci.dfe.reserve(zoneIdx, zoneSizeHint); + zone->reserve(zoneSizeHint); } } theL()<setName(polName); + loadRPZFromFile(filename, zone, defpol, maxTTL); + lci.dfe.addZone(zone); theL()<>>& options) { + Lua.writeFunction("rpzMaster", [&lci, checkOnly](const string& master_, const string& zoneName, const boost::optional>>& options) { try { boost::optional defpol; + std::shared_ptr zone = std::make_shared(); TSIGTriplet tt; uint32_t refresh=0; - std::string polName(zone_); + std::string polName(zoneName); size_t maxReceivedXFRMBytes = 0; uint32_t maxTTL = std::numeric_limits::max(); ComboAddress localAddress; - const size_t zoneIdx = lci.dfe.size(); if(options) { auto& have = *options; size_t zoneSizeHint = 0; parseRPZParameters(have, polName, defpol, maxTTL, zoneSizeHint); if (zoneSizeHint > 0) { - lci.dfe.reserve(zoneIdx, zoneSizeHint); + zone->reserve(zoneSizeHint); } if(have.count("tsigname")) { tt.name=DNSName(toLower(boost::get(constGet(have, "tsigname")))); @@ -171,22 +172,23 @@ void loadRecursorLuaConfig(const std::string& fname, bool checkOnly) if (localAddress != ComboAddress() && localAddress.sin4.sin_family != master.sin4.sin_family) // We were passed a localAddress, check if its AF matches the master's throw PDNSException("Master address("+master.toString()+") is not of the same Address Family as the local address ("+localAddress.toString()+")."); - DNSName zone(zone_); - lci.dfe.setPolicyName(zoneIdx, polName); + zone->setName(polName); + size_t zoneIdx = lci.dfe.addZone(zone); if (!checkOnly) { - auto sr=loadRPZFromServer(master, zone, lci.dfe, defpol, maxTTL, zoneIdx, tt, maxReceivedXFRMBytes * 1024 * 1024, localAddress); + auto sr=loadRPZFromServer(master, DNSName(zoneName), zone, defpol, maxTTL, tt, maxReceivedXFRMBytes * 1024 * 1024, localAddress); if(refresh) sr->d_st.refresh=refresh; - std::thread t(RPZIXFRTracker, master, zone, defpol, maxTTL, zoneIdx, tt, sr, maxReceivedXFRMBytes * 1024 * 1024, localAddress); + + std::thread t(RPZIXFRTracker, master, DNSName(zoneName), defpol, maxTTL, zoneIdx, tt, sr, maxReceivedXFRMBytes * 1024 * 1024, localAddress); t.detach(); } } catch(std::exception& e) { - theL()< zone = std::make_shared(); + zone->setName("Unit test policy 0"); + zone->addNSIPTrigger(Netmask(ns, 32), pol); auto luaconfsCopy = g_luaconfs.getCopy(); - luaconfsCopy.dfe.setPolicyName(0, "Unit test policy 0"); - luaconfsCopy.dfe.addNSIPTrigger(Netmask(ns, 32), pol, 0); + luaconfsCopy.dfe.addZone(zone); g_luaconfs.setState(luaconfsCopy); vector ret; @@ -2121,9 +2123,11 @@ BOOST_AUTO_TEST_CASE(test_nameserver_ipv6_rpz) { DNSFilterEngine::Policy pol; pol.d_kind = DNSFilterEngine::PolicyKind::Drop; + std::shared_ptr zone = std::make_shared(); + zone->setName("Unit test policy 0"); + zone->addNSIPTrigger(Netmask(ns, 128), pol); auto luaconfsCopy = g_luaconfs.getCopy(); - luaconfsCopy.dfe.setPolicyName(0, "Unit test policy 0"); - luaconfsCopy.dfe.addNSIPTrigger(Netmask(ns, 128), pol, 0); + luaconfsCopy.dfe.addZone(zone); g_luaconfs.setState(luaconfsCopy); vector ret; @@ -2162,9 +2166,11 @@ BOOST_AUTO_TEST_CASE(test_nameserver_name_rpz) { DNSFilterEngine::Policy pol; pol.d_kind = DNSFilterEngine::PolicyKind::Drop; + std::shared_ptr zone = std::make_shared(); + zone->setName("Unit test policy 0"); + zone->addNSTrigger(nsName, pol); auto luaconfsCopy = g_luaconfs.getCopy(); - luaconfsCopy.dfe.setPolicyName(0, "Unit test policy 0"); - luaconfsCopy.dfe.addNSTrigger(nsName, pol, 0); + luaconfsCopy.dfe.addZone(zone); g_luaconfs.setState(luaconfsCopy); vector ret; @@ -2203,10 +2209,12 @@ BOOST_AUTO_TEST_CASE(test_nameserver_name_rpz_disabled) { DNSFilterEngine::Policy pol; pol.d_kind = DNSFilterEngine::PolicyKind::Drop; + std::shared_ptr zone = std::make_shared(); + zone->setName("Unit test policy 0"); + zone->addNSIPTrigger(Netmask(ns, 128), pol); + zone->addNSTrigger(nsName, pol); auto luaconfsCopy = g_luaconfs.getCopy(); - luaconfsCopy.dfe.setPolicyName(0, "Unit test policy 0"); - luaconfsCopy.dfe.addNSIPTrigger(Netmask(ns, 128), pol, 0); - luaconfsCopy.dfe.addNSTrigger(nsName, pol, 0); + luaconfsCopy.dfe.addZone(zone); g_luaconfs.setState(luaconfsCopy); /* RPZ is disabled for this query, we should not be blocked */ diff --git a/pdns/reczones.cc b/pdns/reczones.cc index d319c4663f..5a97903bea 100644 --- a/pdns/reczones.cc +++ b/pdns/reczones.cc @@ -310,7 +310,7 @@ string reloadAuthAndForwards() } -void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, boost::optional defpol, uint32_t maxTTL, size_t polZone, const TSIGTriplet& tt, shared_ptr oursr, size_t maxReceivedBytes, const ComboAddress& localAddress) +void RPZIXFRTracker(const ComboAddress& master, const DNSName& zoneName, boost::optional defpol, uint32_t maxTTL, size_t zoneIdx, const TSIGTriplet& tt, shared_ptr oursr, size_t maxReceivedBytes, const ComboAddress& localAddress) { uint32_t refresh = oursr->d_st.refresh; for(;;) { @@ -319,7 +319,7 @@ void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, boost::opti sleep(refresh); - L<(dr)->d_st.serial<(dr)->d_st.serial<, vector > > deltas; ComboAddress local(localAddress); @@ -327,23 +327,27 @@ void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, boost::opti local = getQueryLocalAddress(master.sin4.sin_family, 0); try { - deltas = getIXFRDeltas(master, zone, dr, tt, &local, maxReceivedBytes); + deltas = getIXFRDeltas(master, zoneName, dr, tt, &local, maxReceivedBytes); } catch(std::runtime_error& e ){ L< oldZone = luaconfsLocal->dfe.getZone(zoneIdx); + /* we need to make a _full copy_ of the zone we are going to work on */ + std::shared_ptr newZone = std::make_shared(*oldZone); - auto luaconfsCopy = g_luaconfs.getCopy(); int totremove=0, totadd=0; for(const auto& delta : deltas) { const auto& remove = delta.first; const auto& add = delta.second; if(remove.empty()) { L<clear(); } for(const auto& rr : remove) { // should always contain the SOA if(rr.d_type == QType::NS) @@ -359,7 +363,7 @@ void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, boost::opti else { totremove++; L<(rr); - // L<d_st.serial<d_st.serial<d_st.serial<d_st.serial< defpol, uint32_t maxTTL, size_t place) +void RPZRecordToPolicy(const DNSRecord& dr, std::shared_ptr zone, bool addOrRemove, boost::optional defpol, uint32_t maxTTL) { static const DNSName drop("rpz-drop."), truncate("rpz-tcp-only."), noaction("rpz-passthru."); static const DNSName rpzClientIP("rpz-client-ip"), rpzIP("rpz-ip"), @@ -140,43 +140,43 @@ void RPZRecordToPolicy(const DNSRecord& dr, DNSFilterEngine& target, bool addOrR if(dr.d_name.isPartOf(rpzNSDname)) { DNSName filt=dr.d_name.makeRelative(rpzNSDname); if(addOrRemove) - target.addNSTrigger(filt, pol, place); + zone->addNSTrigger(filt, pol); else - target.rmNSTrigger(filt, pol, place); + zone->rmNSTrigger(filt, pol); } else if(dr.d_name.isPartOf(rpzClientIP)) { DNSName filt=dr.d_name.makeRelative(rpzClientIP); auto nm=makeNetmaskFromRPZ(filt); if(addOrRemove) - target.addClientTrigger(nm, pol, place); + zone->addClientTrigger(nm, pol); else - target.rmClientTrigger(nm, pol, place); + zone->rmClientTrigger(nm, pol); } else if(dr.d_name.isPartOf(rpzIP)) { // cerr<<"Should apply answer content IP policy: "<addResponseTrigger(nm, pol); else - target.rmResponseTrigger(nm, pol, place); + zone->rmResponseTrigger(nm, pol); } else if(dr.d_name.isPartOf(rpzNSIP)) { DNSName filt=dr.d_name.makeRelative(rpzNSIP); auto nm=makeNetmaskFromRPZ(filt); if(addOrRemove) - target.addNSIPTrigger(nm, pol, place); + zone->addNSIPTrigger(nm, pol); else - target.rmNSIPTrigger(nm, pol, place); + zone->rmNSIPTrigger(nm, pol); } else { if(addOrRemove) - target.addQNameTrigger(dr.d_name, pol, place); + zone->addQNameTrigger(dr.d_name, pol); else - target.rmQNameTrigger(dr.d_name, pol, place); + zone->rmQNameTrigger(dr.d_name, pol); } } -shared_ptr loadRPZFromServer(const ComboAddress& master, const DNSName& zone, DNSFilterEngine& target, boost::optional defpol, uint32_t maxTTL, size_t place, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress) +shared_ptr loadRPZFromServer(const ComboAddress& master, const DNSName& zoneName, std::shared_ptr zone, boost::optional defpol, uint32_t maxTTL, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress) { - L< loadRPZFromServer(const ComboAddress& master, const if (local == ComboAddress()) local = getQueryLocalAddress(master.sin4.sin_family, 0); - AXFRRetriever axfr(master, zone, tt, &local, maxReceivedBytes); + AXFRRetriever axfr(master, zoneName, tt, &local, maxReceivedBytes); unsigned int nrecords=0; Resolver::res_t nop; vector chunk; @@ -196,13 +196,13 @@ shared_ptr loadRPZFromServer(const ComboAddress& master, const continue; } - dr.d_name.makeUsRelative(zone); + dr.d_name.makeUsRelative(zoneName); if(dr.d_type==QType::SOA) { sr = getRR(dr); continue; } - RPZRecordToPolicy(dr, target, true, defpol, maxTTL, place); + RPZRecordToPolicy(dr, zone, true, defpol, maxTTL); nrecords++; } if(last != time(0)) { @@ -215,7 +215,7 @@ shared_ptr loadRPZFromServer(const ComboAddress& master, const } // this function is silent - you do the logging -int loadRPZFromFile(const std::string& fname, DNSFilterEngine& target, boost::optional defpol, uint32_t maxTTL, size_t place) +void loadRPZFromFile(const std::string& fname, std::shared_ptr zone, boost::optional defpol, uint32_t maxTTL) { ZoneParserTNG zpt(fname); DNSResourceRecord drr; @@ -233,13 +233,11 @@ int loadRPZFromFile(const std::string& fname, DNSFilterEngine& target, boost::op } else { dr.d_name=dr.d_name.makeRelative(domain); - RPZRecordToPolicy(dr, target, true, defpol, maxTTL, place); + RPZRecordToPolicy(dr, zone, true, defpol, maxTTL); } } catch(PDNSException& pe) { throw PDNSException("Issue parsing '"+drr.qname.toString()+"' '"+drr.content+"' at "+zpt.getLineOfFile()+": "+pe.reason); } } - - return place; } diff --git a/pdns/rpzloader.hh b/pdns/rpzloader.hh index 6026361bb9..83a367275a 100644 --- a/pdns/rpzloader.hh +++ b/pdns/rpzloader.hh @@ -24,7 +24,7 @@ #include #include "dnsrecords.hh" -int loadRPZFromFile(const std::string& fname, DNSFilterEngine& target, boost::optional defpol, uint32_t maxTTL, size_t place); -std::shared_ptr loadRPZFromServer(const ComboAddress& master, const DNSName& zone, DNSFilterEngine& target, boost::optional defpol, uint32_t maxTTL, size_t place, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress); -void RPZRecordToPolicy(const DNSRecord& dr, DNSFilterEngine& target, bool addOrRemove, boost::optional defpol, uint32_t maxTTL, size_t place); -void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, boost::optional defpol, uint32_t maxTTL, size_t polZone, const TSIGTriplet &tt, shared_ptr oursr, size_t maxReceivedBytes, const ComboAddress& localAddress); +void loadRPZFromFile(const std::string& fname, std::shared_ptr zone, boost::optional defpol, uint32_t maxTTL); +std::shared_ptr loadRPZFromServer(const ComboAddress& master, const DNSName& zoneName, std::shared_ptr zone, boost::optional defpol, uint32_t maxTTL, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress); +void RPZRecordToPolicy(const DNSRecord& dr, std::shared_ptr zone, bool addOrRemove, boost::optional defpol, uint32_t maxTTL); +void RPZIXFRTracker(const ComboAddress& master, const DNSName& zoneName, boost::optional defpol, uint32_t maxTTL, size_t polZone, const TSIGTriplet &tt, shared_ptr oursr, size_t maxReceivedBytes, const ComboAddress& localAddress);