Also process removal in a more generic way.

diff --git a/pdns/filterpo.cc b/pdns/filterpo.cc
index 3c8220721c6c881596a65626997b75f77d671349..3c39947b03ea97d2f3d2e7a799cc68d83c7a1e26 100644 (file)
--- a/pdns/filterpo.cc
+++ b/pdns/filterpo.cc
@@ -311,7 +311,7 @@ void DNSFilterEngine::assureZones(size_t zone)
     d_zones.resize(zone+1);
 }
 
-void DNSFilterEngine::Zone::addToNameMap(std::unordered_map<DNSName,Policy>& map, const DNSName& n, Policy&& pol, bool ignoreDuplicate, PolicyType ptype)
+void DNSFilterEngine::Zone::addNameTrigger(std::unordered_map<DNSName,Policy>& map, const DNSName& n, Policy&& pol, bool ignoreDuplicate, PolicyType ptype)
 {
   auto it = map.find(n);
 
@@ -337,7 +337,7 @@ void DNSFilterEngine::Zone::addToNameMap(std::unordered_map<DNSName,Policy>& map
   }
 }
 
-void DNSFilterEngine::Zone::addToNetmaskTree(NetmaskTree<Policy>& nmt, const Netmask& nm, Policy&& pol, bool ignoreDuplicate, PolicyType ptype)
+void DNSFilterEngine::Zone::addNetmaskTrigger(NetmaskTree<Policy>& nmt, const Netmask& nm, Policy&& pol, bool ignoreDuplicate, PolicyType ptype)
 {
   bool exists = nmt.has_key(nm);
 
@@ -365,60 +365,59 @@ void DNSFilterEngine::Zone::addToNetmaskTree(NetmaskTree<Policy>& nmt, const Net
   }
 }
 
-void DNSFilterEngine::Zone::addClientTrigger(const Netmask& nm, Policy&& pol, bool ignoreDuplicate)
-{
-  addToNetmaskTree(d_qpolAddr, nm, std::move(pol), ignoreDuplicate, PolicyType::ClientIP);
-}
-
-void DNSFilterEngine::Zone::addResponseTrigger(const Netmask& nm, Policy&& pol, bool ignoreDuplicate)
+bool DNSFilterEngine::Zone::rmNameTrigger(std::unordered_map<DNSName,Policy>& map, const DNSName& n, const Policy& pol)
 {
-  addToNetmaskTree(d_postpolAddr, nm, std::move(pol), ignoreDuplicate, PolicyType::ResponseIP);
-}
-
-void DNSFilterEngine::Zone::addQNameTrigger(const DNSName& n, Policy&& pol, bool ignoreDuplicate)
-{
-  addToNameMap(d_qpolName, n, std::move(pol), ignoreDuplicate, PolicyType::QName);
-}
+  auto found = map.find(n);
+  if (found == map.end()) {
+    return false;
+  }
 
-void DNSFilterEngine::Zone::addNSTrigger(const DNSName& n, Policy&& pol, bool ignoreDuplicate)
-{
-  addToNameMap(d_propolName, n, std::move(pol), ignoreDuplicate, PolicyType::NSDName);
-}
+  auto& existing = found->second;
+  if (existing.d_kind != DNSFilterEngine::PolicyKind::Custom) {
+    map.erase(found);
+    return true;
+  }
 
-void DNSFilterEngine::Zone::addNSIPTrigger(const Netmask& nm, Policy&& pol, bool ignoreDuplicate)
-{
-  addToNetmaskTree(d_propolNSAddr, nm, std::move(pol), ignoreDuplicate, PolicyType::NSIP);
-}
+  /* for custom types, we might have more than one type,
+     and then we need to remove only the right ones. */
+  if (existing.d_custom.size() <= 1) {
+    map.erase(found);
+    return true;
+  }
 
-bool DNSFilterEngine::Zone::rmClientTrigger(const Netmask& nm, const Policy& pol)
-{
-  d_qpolAddr.erase(nm);
-  return true;
-}
+  bool result = false;
+  for (auto& toRemove : pol.d_custom) {
+    for (auto it = existing.d_custom.begin(); it != existing.d_custom.end(); ++it) {
+      if (**it == *toRemove) {
+        existing.d_custom.erase(it);
+        result = true;
+        break;
+      }
+    }
+  }
 
-bool DNSFilterEngine::Zone::rmResponseTrigger(const Netmask& nm, const Policy& pol)
-{
-  d_postpolAddr.erase(nm);
-  return true;
+  return result;
 }
 
-bool DNSFilterEngine::Zone::rmQNameTrigger(const DNSName& n, const Policy& pol)
+bool DNSFilterEngine::Zone::rmNetmaskTrigger(NetmaskTree<Policy>& nmt, const Netmask& nm, const Policy& pol)
 {
-  auto found = d_qpolName.find(n);
-  if (found == d_qpolName.end()) {
+  bool found = nmt.has_key(nm);
+  if (!found) {
     return false;
   }
 
-  auto& existing = found->second;
+  // XXX NetMaskTree's node_type has a non-const second, but lookup() returns a const node_type *, so we cannot modify second
+  // Should look into making lookup) return a non-const node_type *...
+  auto& existing = const_cast<Policy&>(nmt.lookup(nm)->second);
   if (existing.d_kind != DNSFilterEngine::PolicyKind::Custom) {
-    d_qpolName.erase(found);
+    nmt.erase(nm);
     return true;
   }
 
   /* for custom types, we might have more than one type,
      and then we need to remove only the right ones. */
   if (existing.d_custom.size() <= 1) {
-    d_qpolName.erase(found);
+    nmt.erase(nm);
     return true;
   }
 
@@ -436,16 +435,54 @@ bool DNSFilterEngine::Zone::rmQNameTrigger(const DNSName& n, const Policy& pol)
   return result;
 }
 
+void DNSFilterEngine::Zone::addClientTrigger(const Netmask& nm, Policy&& pol, bool ignoreDuplicate)
+{
+  addNetmaskTrigger(d_qpolAddr, nm, std::move(pol), ignoreDuplicate, PolicyType::ClientIP);
+}
+
+void DNSFilterEngine::Zone::addResponseTrigger(const Netmask& nm, Policy&& pol, bool ignoreDuplicate)
+{
+  addNetmaskTrigger(d_postpolAddr, nm, std::move(pol), ignoreDuplicate, PolicyType::ResponseIP);
+}
+
+void DNSFilterEngine::Zone::addQNameTrigger(const DNSName& n, Policy&& pol, bool ignoreDuplicate)
+{
+  addNameTrigger(d_qpolName, n, std::move(pol), ignoreDuplicate, PolicyType::QName);
+}
+
+void DNSFilterEngine::Zone::addNSTrigger(const DNSName& n, Policy&& pol, bool ignoreDuplicate)
+{
+  addNameTrigger(d_propolName, n, std::move(pol), ignoreDuplicate, PolicyType::NSDName);
+}
+
+void DNSFilterEngine::Zone::addNSIPTrigger(const Netmask& nm, Policy&& pol, bool ignoreDuplicate)
+{
+  addNetmaskTrigger(d_propolNSAddr, nm, std::move(pol), ignoreDuplicate, PolicyType::NSIP);
+}
+
+bool DNSFilterEngine::Zone::rmClientTrigger(const Netmask& nm, const Policy& pol)
+{
+  return rmNetmaskTrigger(d_qpolAddr, nm, pol);
+}
+
+bool DNSFilterEngine::Zone::rmResponseTrigger(const Netmask& nm, const Policy& pol)
+{
+  return rmNetmaskTrigger(d_postpolAddr, nm, pol);
+}
+
+bool DNSFilterEngine::Zone::rmQNameTrigger(const DNSName& n, const Policy& pol)
+{
+  return rmNameTrigger(d_qpolName, n, pol);
+}
+
 bool DNSFilterEngine::Zone::rmNSTrigger(const DNSName& n, const Policy& pol)
 {
-  d_propolName.erase(n); // XXX verify policy matched? =pol;
-  return true;
+  return rmNameTrigger(d_propolName, n, pol);
 }
 
 bool DNSFilterEngine::Zone::rmNSIPTrigger(const Netmask& nm, const Policy& pol)
 {
-  d_propolNSAddr.erase(nm);
-  return true;
+  return rmNetmaskTrigger(d_propolNSAddr, nm, pol);
 }
 
 DNSRecord DNSFilterEngine::Policy::getRecordFromCustom(const DNSName& qname, const std::shared_ptr<DNSRecordContent>& custom) const

diff --git a/pdns/filterpo.hh b/pdns/filterpo.hh
index e726968e4e3b0bfbd89e3ac56244650d637f844b..1a0476b7905e24e0825f4d52f50c7d3936389642 100644 (file)
--- a/pdns/filterpo.hh
+++ b/pdns/filterpo.hh
@@ -276,8 +276,11 @@ public:
     }
     
   private:
-    void addToNetmaskTree(NetmaskTree<Policy>& nmt, const Netmask& nm, Policy&& pol, bool ignoreDuplicate, PolicyType ptype);
-    void addToNameMap(std::unordered_map<DNSName,Policy>& map, const DNSName& n, Policy&& pol, bool ignoreDuplicate, PolicyType ptype);
+    void addNameTrigger(std::unordered_map<DNSName,Policy>& map, const DNSName& n, Policy&& pol, bool ignoreDuplicate, PolicyType ptype);
+    void addNetmaskTrigger(NetmaskTree<Policy>& nmt, const Netmask& nm, Policy&& pol, bool ignoreDuplicate, PolicyType ptype);
+    bool rmNameTrigger(std::unordered_map<DNSName,Policy>& map, const DNSName& n, const Policy& pol);
+    bool rmNetmaskTrigger(NetmaskTree<Policy>& nmt, const Netmask& nm, const Policy& pol);
+
     static DNSName maskToRPZ(const Netmask& nm);
     static bool findExactNamedPolicy(const std::unordered_map<DNSName, DNSFilterEngine::Policy>& polmap, const DNSName& qname, DNSFilterEngine::Policy& pol);
     static bool findNamedPolicy(const std::unordered_map<DNSName, DNSFilterEngine::Policy>& polmap, const DNSName& qname, DNSFilterEngine::Policy& pol);