From 01d8dc22407636e22ecc68b76bdbe97292946fb5 Mon Sep 17 00:00:00 2001 From: Wouter Wijngaards Date: Tue, 21 Aug 2018 07:10:09 +0000 Subject: [PATCH] - log-local-actions: yes option for unbound.conf that logs all the local zone actions, a patch from Saksham Manchanda (Secure64). git-svn-id: file:///svn/unbound/trunk@4864 be551aaa-1e26-0410-a405-d3ace91eadb9 --- doc/Changelog | 4 ++++ services/localzone.c | 7 ++++--- util/config_file.c | 3 +++ util/config_file.h | 2 ++ util/configlexer.lex | 1 + util/configparser.y | 12 +++++++++++- 6 files changed, 25 insertions(+), 4 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index 4c4f61b48..2e57818da 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,7 @@ +21 August 2018: Wouter + - log-local-actions: yes option for unbound.conf that logs all the + local zone actions, a patch from Saksham Manchanda (Secure64). + 17 August 2018: Ralph - Fix classification for QTYPE=CNAME queries when QNAME minimisation is enabled. diff --git a/services/localzone.c b/services/localzone.c index 0f608170c..b9acc642a 100644 --- a/services/localzone.c +++ b/services/localzone.c @@ -1459,7 +1459,7 @@ lz_inform_print(struct local_zone* z, struct query_info* qinfo, uint16_t port = ntohs(((struct sockaddr_in*)&repinfo->addr)->sin_port); dname_str(z->name, zname); addr_to_str(&repinfo->addr, repinfo->addrlen, ip, sizeof(ip)); - snprintf(txt, sizeof(txt), "%s inform %s@%u", zname, ip, + snprintf(txt, sizeof(txt), "%s %s %s@%u", zname, local_zone_type2str(z->type), ip, (unsigned)port); log_nametypeclass(0, txt, qinfo->qname, qinfo->qtype, qinfo->qclass); } @@ -1576,8 +1576,9 @@ local_zones_answer(struct local_zones* zones, struct module_env* env, z->override_tree, &tag, tagname, num_tags); lock_rw_unlock(&zones->lock); } - if((lzt == local_zone_inform || lzt == local_zone_inform_deny) - && repinfo) + if((env->cfg->log_local_actions || + lzt == local_zone_inform || lzt == local_zone_inform_deny) + && repinfo) lz_inform_print(z, qinfo, repinfo); if(lzt != local_zone_always_refuse diff --git a/util/config_file.c b/util/config_file.c index b2fa238a6..03f066cee 100644 --- a/util/config_file.c +++ b/util/config_file.c @@ -118,6 +118,7 @@ config_create(void) cfg->log_time_ascii = 0; cfg->log_queries = 0; cfg->log_replies = 0; + cfg->log_local_actions = 0; cfg->log_servfail = 0; #ifndef USE_WINSOCK # ifdef USE_MINI_EVENT @@ -548,6 +549,7 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_YNO("val-log-squelch:", val_log_squelch) else S_YNO("log-queries:", log_queries) else S_YNO("log-replies:", log_replies) + else S_YNO("log-local-actions:", log_local_actions) else S_YNO("log-servfail:", log_servfail) else S_YNO("val-permissive-mode:", val_permissive_mode) else S_YNO("aggressive-nsec:", aggressive_nsec) @@ -905,6 +907,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_STR(opt, "logfile", logfile) else O_YNO(opt, "log-queries", log_queries) else O_YNO(opt, "log-replies", log_replies) + else O_YNO(opt, "log-local-actions", log_local_actions) else O_YNO(opt, "log-servfail", log_servfail) else O_STR(opt, "pidfile", pidfile) else O_YNO(opt, "hide-identity", hide_identity) diff --git a/util/config_file.h b/util/config_file.h index aca170c03..0d8f7990f 100644 --- a/util/config_file.h +++ b/util/config_file.h @@ -277,6 +277,8 @@ struct config_file { int log_queries; /** log replies with one line per reply */ int log_replies; + /** log every local-zone hit **/ + int log_local_actions; /** log servfails with a reason */ int log_servfail; /** log identity to report */ diff --git a/util/configlexer.lex b/util/configlexer.lex index b2e8da19a..148886c8e 100644 --- a/util/configlexer.lex +++ b/util/configlexer.lex @@ -371,6 +371,7 @@ log-identity{COLON} { YDVAR(1, VAR_LOG_IDENTITY) } log-time-ascii{COLON} { YDVAR(1, VAR_LOG_TIME_ASCII) } log-queries{COLON} { YDVAR(1, VAR_LOG_QUERIES) } log-replies{COLON} { YDVAR(1, VAR_LOG_REPLIES) } +log-local-actions{COLON} { YDVAR(1, VAR_LOG_LOCAL_ACTIONS) } log-servfail{COLON} { YDVAR(1, VAR_LOG_SERVFAIL) } local-zone{COLON} { YDVAR(2, VAR_LOCAL_ZONE) } local-data{COLON} { YDVAR(1, VAR_LOCAL_DATA) } diff --git a/util/configparser.y b/util/configparser.y index 4dec6e877..9285d7ba3 100644 --- a/util/configparser.y +++ b/util/configparser.y @@ -107,7 +107,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING VAR_ADD_HOLDDOWN %token VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE VAR_PREFETCH %token VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT VAR_HARDEN_BELOW_NXDOMAIN -%token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_LOG_REPLIES +%token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS %token VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM %token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE @@ -220,6 +220,7 @@ content_server: server_num_threads | server_verbosity | server_port | server_edns_buffer_size | server_prefetch | server_prefetch_key | server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag | server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream | + server_log_local_actions | server_ssl_service_key | server_ssl_service_pem | server_ssl_port | server_minimal_responses | server_rrset_roundrobin | server_max_udp_size | server_so_reuseport | server_delay_close | @@ -812,6 +813,15 @@ server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG free($2); } ; +server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG + { + OUTYY(("P(server_log_local_actions:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->log_local_actions = (strcmp($2, "yes")==0); + free($2); + } + ; server_chroot: VAR_CHROOT STRING_ARG { OUTYY(("P(server_chroot:%s)\n", $2)); -- 2.47.3