From 6a948130b2406d0e3b295ec68f56b3b8ed302960 Mon Sep 17 00:00:00 2001 From: Otto Date: Fri, 3 Dec 2021 13:24:45 +0100 Subject: [PATCH] Do not generate eventtrace records if no Lua hook is defined --- pdns/lua-recursor4.cc | 30 ++++++++++++++++++++++++++---- pdns/lua-recursor4.hh | 2 +- pdns/pdns_recursor.cc | 8 ++------ 3 files changed, 29 insertions(+), 11 deletions(-) diff --git a/pdns/lua-recursor4.cc b/pdns/lua-recursor4.cc index 841eb55585..e2578bfab4 100644 --- a/pdns/lua-recursor4.cc +++ b/pdns/lua-recursor4.cc @@ -504,6 +504,9 @@ void RecursorLua4::maintenance() const bool RecursorLua4::prerpz(DNSQuestion& dq, int& ret, RecEventTrace& et) const { + if (!d_prerpz) { + return false; + } et.add(RecEventTrace::LuaPreRPZ); bool ok = genhook(d_prerpz, dq, ret); et.add(RecEventTrace::LuaPreRPZ, ok, false); @@ -512,6 +515,9 @@ bool RecursorLua4::prerpz(DNSQuestion& dq, int& ret, RecEventTrace& et) const bool RecursorLua4::preresolve(DNSQuestion& dq, int& ret, RecEventTrace& et) const { + if (!d_preresolve) { + return false; + } et.add(RecEventTrace::LuaPreResolve); bool ok = genhook(d_preresolve, dq, ret); et.add(RecEventTrace::LuaPreResolve, ok, false); @@ -520,6 +526,9 @@ bool RecursorLua4::preresolve(DNSQuestion& dq, int& ret, RecEventTrace& et) cons bool RecursorLua4::nxdomain(DNSQuestion& dq, int& ret, RecEventTrace& et) const { + if (!d_nxdomain) { + return false; + } et.add(RecEventTrace::LuaNXDomain); bool ok = genhook(d_nxdomain, dq, ret); et.add(RecEventTrace::LuaNXDomain, ok, false); @@ -528,6 +537,9 @@ bool RecursorLua4::nxdomain(DNSQuestion& dq, int& ret, RecEventTrace& et) const bool RecursorLua4::nodata(DNSQuestion& dq, int& ret, RecEventTrace& et) const { + if (!d_nodata) { + return false; + } et.add(RecEventTrace::LuaNoData); bool ok = genhook(d_nodata, dq, ret); et.add(RecEventTrace::LuaNoData, ok, false); @@ -536,6 +548,9 @@ bool RecursorLua4::nodata(DNSQuestion& dq, int& ret, RecEventTrace& et) const bool RecursorLua4::postresolve(DNSQuestion& dq, int& ret, RecEventTrace& et) const { + if (!d_postresolve) { + return false; + } et.add(RecEventTrace::LuaPostResolve); bool ok = genhook(d_postresolve, dq, ret); et.add(RecEventTrace::LuaPostResolve, ok, false); @@ -544,6 +559,9 @@ bool RecursorLua4::postresolve(DNSQuestion& dq, int& ret, RecEventTrace& et) con bool RecursorLua4::preoutquery(const ComboAddress& ns, const ComboAddress& requestor, const DNSName& query, const QType& qtype, bool isTcp, vector& res, int& ret, RecEventTrace& et) const { + if (!d_preoutquery) { + return false; + } bool variableAnswer = false; bool wantsRPZ = false; bool logQuery = false; @@ -556,11 +574,15 @@ bool RecursorLua4::preoutquery(const ComboAddress& ns, const ComboAddress& reque return ok; } -bool RecursorLua4::ipfilter(const ComboAddress& remote, const ComboAddress& local, const struct dnsheader& dh) const +bool RecursorLua4::ipfilter(const ComboAddress& remote, const ComboAddress& local, const struct dnsheader& dh, RecEventTrace& et) const { - if (d_ipfilter) - return d_ipfilter(remote, local, dh); - return false; // don't block + if (!d_ipfilter) { + return false; // Do not block + } + et.add(RecEventTrace::LuaIPFilter); + bool ok = d_ipfilter(remote, local, dh); + et.add(RecEventTrace::LuaIPFilter, ok, false); + return ok; } bool RecursorLua4::policyHitEventFilter(const ComboAddress& remote, const DNSName& qname, const QType& qtype, bool tcp, DNSFilterEngine::Policy& policy, std::unordered_set& tags, std::unordered_map& discardedPolicies) const diff --git a/pdns/lua-recursor4.hh b/pdns/lua-recursor4.hh index b3d409f906..a86c9eaa8e 100644 --- a/pdns/lua-recursor4.hh +++ b/pdns/lua-recursor4.hh @@ -193,7 +193,7 @@ public: bool postresolve(DNSQuestion& dq, int& ret, RecEventTrace&) const; bool preoutquery(const ComboAddress& ns, const ComboAddress& requestor, const DNSName& query, const QType& qtype, bool isTcp, vector& res, int& ret, RecEventTrace& et) const; - bool ipfilter(const ComboAddress& remote, const ComboAddress& local, const struct dnsheader&) const; + bool ipfilter(const ComboAddress& remote, const ComboAddress& local, const struct dnsheader&, RecEventTrace&) const; bool policyHitEventFilter(const ComboAddress& remote, const DNSName& qname, const QType& qtype, bool tcp, DNSFilterEngine::Policy& policy, std::unordered_set& tags, std::unordered_map& discardedPolicies) const; diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc index 3d4315d06a..83f644f8d5 100644 --- a/pdns/pdns_recursor.cc +++ b/pdns/pdns_recursor.cc @@ -2935,9 +2935,7 @@ static void handleRunningTCPQuestion(int fd, FDMultiplexer::funcparam_t& var) } if (t_pdl) { - dc->d_eventTrace.add(RecEventTrace::LuaIPFilter); - bool ipf = t_pdl->ipfilter(dc->d_source, dc->d_destination, *dh); - dc->d_eventTrace.add(RecEventTrace::LuaIPFilter, ipf, false); + bool ipf = t_pdl->ipfilter(dc->d_source, dc->d_destination, *dh, dc->d_eventTrace); if (ipf) { if (!g_quiet) { g_log<getTid()<<"/"<numProcesses()<<"] DROPPED TCP question from "<d_source.toStringWithPort()<<(dc->d_source != dc->d_remote ? " (via "+dc->d_remote.toStringWithPort()+")" : "")<<" based on policy"<ipfilter(source, destination, *dh); - eventTrace.add(RecEventTrace::LuaIPFilter, ipf, false); + bool ipf = t_pdl->ipfilter(source, destination, *dh, eventTrace); if (ipf) { if (!g_quiet) { g_log<getTid()<<"/"<numProcesses()<<"] DROPPED question from "<