Add statistics support for disabled (action override) response IP RPZ

triggers.

diff --git a/daemon/worker.c b/daemon/worker.c
index 2cfc96845618c7357ce183e57fdf8320ea6df047..f321ad261ea7997518473378c0750803f1673167 100644 (file)
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -602,7 +602,9 @@ apply_respip_action(struct worker* worker, const struct query_info* qinfo,
                        repinfo);
 
                if(worker->stats.extended && actinfo.rpz_used) {
-                       /* TODO: does not work for disabled (override) actions */
+                       if(actinfo.rpz_disabled)
+                               worker->stats.rpz_action[RPZ_DISABLED_ACTION] +=
+                                       actinfo.rpz_disabled;
                        if(actinfo.rpz_cname_override)
                                worker->stats.rpz_action[RPZ_CNAME_OVERRIDE_ACTION]++;
                        else

diff --git a/respip/respip.c b/respip/respip.c
index a529ccf624b45b3fc77d4a376f73d275942efa6d..57abed6837848a9baf08594ccd8f2cf47f322ef6 100644 (file)
--- a/respip/respip.c
+++ b/respip/respip.c
@@ -654,7 +654,6 @@ make_new_reply_info(const struct reply_info* rep, struct regional* region,
  * Note that this function distinguishes error conditions from "success but
  * not overridden".  This is because we want to avoid accidentally applying
  * the "no data" action in case of error.
- * @param raddr: address span that requires an action
  * @param action: action to apply
  * @param data: RRset to use for override
  * @param qtype: original query type
@@ -671,7 +670,7 @@ make_new_reply_info(const struct reply_info* rep, struct regional* region,
  * @return 1 if overridden, 0 if not overridden, -1 on error.
  */
 static int
-respip_data_answer(const struct resp_addr* raddr, enum respip_action action,
+respip_data_answer(enum respip_action action,
        struct ub_packed_rrset_key* data,
        uint16_t qtype, const struct reply_info* rep,
        size_t rrset_id, struct reply_info** new_repp, int tag,
@@ -815,7 +814,7 @@ populate_action_info(struct respip_action_info* actinfo,
        if(action == respip_none || !raddr)
                return 1;
        actinfo->action = action;
-       actinfo->rpz_used = 1;
+       actinfo->rpz_used = rpz_used;
        actinfo->rpz_log = rpz_log;
        actinfo->log_name = log_name;
        actinfo->rpz_cname_override = rpz_cname_override;
@@ -824,7 +823,7 @@ populate_action_info(struct respip_action_info* actinfo,
         * later logging.  We make a copy to proactively avoid disruption if
         *  and when we allow a dynamic update to the respip tree. */
        if(action == respip_inform || action == respip_inform_deny ||
-               rpz_log) {
+               rpz_used) {
                struct respip_addr_info* a =
                        regional_alloc_zero(region, sizeof(*a));
                if(!a) {
@@ -947,6 +946,7 @@ respip_rewrite_reply(const struct query_info* qinfo,
                                        region)) {
                                        lock_rw_unlock(&raddr->lock);
                                        raddr = NULL;
+                                       actinfo->rpz_disabled++;
                                }
                                rpz_used = 1;
                        }
@@ -962,7 +962,7 @@ respip_rewrite_reply(const struct query_info* qinfo,
                        && action != respip_always_transparent
                        && action != respip_always_nxdomain
                        && action != respip_always_nodata
-                       && (result = respip_data_answer(raddr, action,
+                       && (result = respip_data_answer(action,
                        (data) ? data : raddr->data, qinfo->qtype, rep,
                        rrset_id, new_repp, tag, tag_datas, tag_datas_size,
                        ipset->tagname, ipset->num_tags, &redirect_rrset,

diff --git a/respip/respip.h b/respip/respip.h
index 4fd3a08d9383b7580320ee9ae6b24b1091849b92..4a56b8d29f2bbd83dba6baa462d95b3af80f33a2 100644 (file)
--- a/respip/respip.h
+++ b/respip/respip.h
@@ -81,6 +81,7 @@ struct respip_action_info {
        enum respip_action action;
        int rpz_used;
        int rpz_log;
+       int rpz_disabled;
        char* log_name;
        int rpz_cname_override;
        struct respip_addr_info* addrinfo; /* set only for inform variants */

diff --git a/services/mesh.c b/services/mesh.c
index 65f26390eb8ce51d2186e10283c43cb59ac9bfd7..4e5e4d4974cd8857dd04b08792d48eaac6cc321a 100644 (file)
--- a/services/mesh.c
+++ b/services/mesh.c
@@ -1186,7 +1186,9 @@ void mesh_query_done(struct mesh_state* mstate)
                                &r->query_reply);
                        if(mstate->s.env->cfg->stat_extended &&
                                mstate->s.respip_action_info->rpz_used) {
-                               /* TODO: does not work for disabled (override) actions */
+                               if(mstate->s.respip_action_info->rpz_disabled)
+                                       mstate->s.env->mesh->rpz_action[RPZ_DISABLED_ACTION] +=
+                                               mstate->s.respip_action_info->rpz_disabled;
                                if(mstate->s.respip_action_info->rpz_cname_override)
                                        mstate->s.env->mesh->rpz_action[RPZ_CNAME_OVERRIDE_ACTION]++;
                                else