From: Marek Vavruša <mvavrusa@cloudflare.com>
Date: Wed, 6 Jun 2018 05:23:43 +0000 (-0700)
Subject: policy: set NS set, support insecure forward in stub
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c8a8df4fe222f0766cf97e258b4d324daec55c8f;p=thirdparty%2Fknot-resolver.git

policy: set NS set, support insecure forward in stub

This allows policy filter to modify NS set in the checkout layer.
---

diff --git a/modules/daf/daf.lua b/modules/daf/daf.lua
index f77269344..6c51c1c14 100644
--- a/modules/daf/daf.lua
+++ b/modules/daf/daf.lua
@@ -16,6 +16,7 @@ M.phases = {
 	reroute = 'finish',
 	rewrite = 'finish',
 	features = 'checkout',
+	nsset = 'checkout',
 }
 
 -- Actions
@@ -35,11 +36,36 @@ M.actions = {
 	forward = function (g)
 		local addrs = {}
 		local tok = g()
-		for addr in string.gmatch(tok, '[^,]+') do
-			table.insert(addrs, addr)
+		while tok do
+			for addr in string.gmatch(tok, '[^,]+') do
+				table.insert(addrs, addr)
+			end
+			tok = g()
 		end
 		return policy.FORWARD(addrs)
 	end,
+	forward_insecure = function (g)
+		local addrs = {}
+		local tok = g()
+		while tok do
+			for addr in string.gmatch(tok, '[^,]+') do
+				table.insert(addrs, addr)
+			end
+			tok = g()
+		end
+		return policy.STUB(addrs)
+	end,
+	nsset = function (g)
+		local addrs = {}
+		local tok = g()
+		while tok do
+			for addr in string.gmatch(tok, '[^,]+') do
+				table.insert(addrs, addr)
+			end
+			tok = g()
+		end
+		return policy.NSSET(addrs)
+	end,
 	mirror = function (g)
 		return policy.MIRROR(g())
 	end,
diff --git a/modules/policy/policy.lua b/modules/policy/policy.lua
index 84c259bcd..8b6fdcca1 100644
--- a/modules/policy/policy.lua
+++ b/modules/policy/policy.lua
@@ -81,13 +81,11 @@ end
 
 -- Override the list of nameservers (forwarders)
 local function set_nslist(qry, list)
-	for i, ns in ipairs(list) do
+	local ns_count = #list
+	for i = 1, 4 do
+		local ns = (i <= ns_count) and list[i] or nil
 		assert(ffi.C.kr_nsrep_set(qry, i - 1, ns) == 0);
 	end
-	-- If less than maximum NSs, insert guard to terminate the list
-	if #list < 4 then
-		assert(ffi.C.kr_nsrep_set(qry, #list, nil) == 0);
-	end
 end
 
 -- Forward request, and solve as stub query
@@ -135,6 +133,30 @@ function policy.FORWARD(target)
 	end
 end
 
+-- Set NS set for given request
+function policy.NSSET(target)
+	local list = {}
+	if type(target) == 'table' then
+		for _, v in pairs(target) do
+			table.insert(list, addr2sock(v, 53))
+			assert(#list <= 4, 'at most 4 NS targets are supported')
+		end
+	else
+		table.insert(list, addr2sock(target, 53))
+	end
+	return function(state, req, qry)
+		if not qry then return end
+		local vars = req:vars()
+		-- Make sure the NS set is updated only once for each query
+		if vars.policy_nsset_set == qry then
+			return
+		end
+		vars.policy_nsset_set = qry
+		set_nslist(qry, list)
+		return state
+	end
+end
+
 -- object must be non-empty string or non-empty table of non-empty strings
 local function is_nonempty_string_or_table(object)
 	if type(object) == 'string' then