DNSFilterEngine::Policy DNSFilterEngine::getProcessingPolicy(const DNSName& qname) const
{
// cout<<"Got question for nameserver name "<<qname<<endl;
- Policy pol{PolicyKind::NoAction, nullptr, 0};
+ Policy pol{PolicyKind::NoAction, nullptr, "", 0};
for(const auto& z : d_zones) {
if(findNamedPolicy(z.propolName, qname, pol)) {
// cerr<<"Had a hit on the nameserver ("<<qname<<") used to process the query"<<endl;
{
// cout<<"Got question for "<<qname<<" from "<<ca.toString()<<endl;
- Policy pol{PolicyKind::NoAction, nullptr, 0};
+ Policy pol{PolicyKind::NoAction, nullptr, "", 0};
for(const auto& z : d_zones) {
if(findNamedPolicy(z.qpolName, qname, pol)) {
// cerr<<"Had a hit on the name of the query"<<endl;
return fnd->second;
}
}
- return Policy{PolicyKind::NoAction, nullptr, 0};
+ return Policy{PolicyKind::NoAction, nullptr, "", 0};
}
void DNSFilterEngine::assureZones(int zone)
}
PolicyKind d_kind;
std::shared_ptr<DNSRecordContent> d_custom;
+ std::string d_name;
int d_ttl;
};
vector<uint8_t> packet;
auto luaconfsLocal = g_luaconfs.getLocal();
+ std::string appliedPolicy;
#ifdef HAVE_PROTOBUF
PBDNSMessage_DNSResponse protobufResponse;
if(luaconfsLocal->protobufServer) {
return;
case DNSFilterEngine::PolicyKind::NXDOMAIN:
res=RCode::NXDomain;
+ appliedPolicy=dfepol.d_name;
goto haveAnswer;
case DNSFilterEngine::PolicyKind::NODATA:
res=RCode::NoError;
+ appliedPolicy=dfepol.d_name;
goto haveAnswer;
case DNSFilterEngine::PolicyKind::Custom:
spoofed.d_content = dfepol.d_custom;
spoofed.d_place = DNSResourceRecord::ANSWER;
ret.push_back(spoofed);
+ appliedPolicy=dfepol.d_name;
goto haveAnswer;
if(!dc->d_tcp) {
res=RCode::NoError;
pw.getHeader()->tc=1;
+ appliedPolicy=dfepol.d_name;
goto haveAnswer;
}
break;
case DNSFilterEngine::PolicyKind::NXDOMAIN:
ret.clear();
res=RCode::NXDomain;
+ appliedPolicy=dfepol.d_name;
goto haveAnswer;
case DNSFilterEngine::PolicyKind::NODATA:
ret.clear();
res=RCode::NoError;
+ appliedPolicy=dfepol.d_name;
goto haveAnswer;
case DNSFilterEngine::PolicyKind::Truncate:
ret.clear();
res=RCode::NoError;
pw.getHeader()->tc=1;
+ appliedPolicy=dfepol.d_name;
goto haveAnswer;
}
break;
spoofed.d_content = dfepol.d_custom;
spoofed.d_place = DNSResourceRecord::ANSWER;
ret.push_back(spoofed);
+ appliedPolicy=dfepol.d_name;
goto haveAnswer;
}
#ifdef HAVE_PROTOBUF
if (luaconfsLocal->protobufServer) {
protobufResponse.set_rcode(pw.getHeader()->rcode);
+ if (!appliedPolicy.empty()) {
+ protobufResponse.set_appliedpolicy(appliedPolicy);
+ }
protobufLogResponse(luaconfsLocal->protobufServer, dc, packet.size(), protobufResponse);
}
#endif
Lua.writeFunction("rpzFile", [&lci](const string& fname, const boost::optional<std::unordered_map<string,boost::variant<int, string>>>& options) {
try {
boost::optional<DNSFilterEngine::Policy> defpol;
+ std::string polName;
if(options) {
auto& have = *options;
+ if(have.count("policyName")) {
+ polName = boost::get<std::string>(constGet(have, "policyName"));
+ }
if(have.count("defpol")) {
defpol=DNSFilterEngine::Policy();
defpol->d_kind = (DNSFilterEngine::PolicyKind)boost::get<int>(constGet(have, "defpol"));
+ defpol->d_name = polName;
if(defpol->d_kind == DNSFilterEngine::PolicyKind::Custom) {
defpol->d_custom=
shared_ptr<DNSRecordContent>(
defpol->d_ttl = -1; // get it from the zone
}
}
-
}
- loadRPZFromFile(fname, lci.dfe, defpol, 0);
+ loadRPZFromFile(fname, lci.dfe, polName, defpol, 0);
}
catch(std::exception& e) {
theL()<<Logger::Error<<"Unable to load RPZ zone from '"<<fname<<"': "<<e.what()<<endl;
boost::optional<DNSFilterEngine::Policy> defpol;
TSIGTriplet tt;
int refresh=0;
+ std::string polName;
if(options) {
auto& have = *options;
-
+ if(have.count("policyName")) {
+ polName = boost::get<std::string>(constGet(have, "policyName"));
+ }
if(have.count("defpol")) {
// cout<<"Set a default policy"<<endl;
defpol=DNSFilterEngine::Policy();
defpol->d_kind = (DNSFilterEngine::PolicyKind)boost::get<int>(constGet(have, "defpol"));
+ defpol->d_name = polName;
if(defpol->d_kind == DNSFilterEngine::PolicyKind::Custom) {
// cout<<"Setting a custom field even!"<<endl;
defpol->d_custom=
defpol->d_ttl = boost::get<int>(constGet(have, "defttl"));
else
defpol->d_ttl = -1; // get it from the zone
-
}
}
if(have.count("tsigname")) {
ComboAddress master(master_, 53);
DNSName zone(zone_);
- auto sr=loadRPZFromServer(master,zone, lci.dfe, defpol, 0, tt);
+ auto sr=loadRPZFromServer(master, zone, lci.dfe, polName, defpol, 0, tt);
if(refresh)
sr->d_st.refresh=refresh;
- std::thread t(RPZIXFRTracker, master, zone, tt, sr);
+ std::thread t(RPZIXFRTracker, master, zone, polName, tt, sr);
t.detach();
}
catch(std::exception& e) {
}
-void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, const TSIGTriplet& tt, shared_ptr<SOARecordContent> oursr)
+void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, const std::string& polName, const TSIGTriplet& tt, shared_ptr<SOARecordContent> oursr)
{
int refresh = oursr->d_st.refresh;
for(;;) {
}
else {
L<<Logger::Info<<"Had removal of "<<rr.d_name<<endl;
- RPZRecordToPolicy(rr, luaconfsCopy.dfe, false, boost::optional<DNSFilterEngine::Policy>(), 0);
+ RPZRecordToPolicy(rr, luaconfsCopy.dfe, polName, false, boost::optional<DNSFilterEngine::Policy>(), 0);
}
}
}
else {
L<<Logger::Info<<"Had addition of "<<rr.d_name<<endl;
- RPZRecordToPolicy(rr, luaconfsCopy.dfe, true, boost::optional<DNSFilterEngine::Policy>(), 0);
+ RPZRecordToPolicy(rr, luaconfsCopy.dfe, polName, true, boost::optional<DNSFilterEngine::Policy>(), 0);
}
}
}
return Netmask(parts[4]+"."+parts[3]+"."+parts[2]+"."+parts[1]+"/"+parts[0]);
}
-void RPZRecordToPolicy(const DNSRecord& dr, DNSFilterEngine& target, bool addOrRemove, boost::optional<DNSFilterEngine::Policy> defpol, int place)
+void RPZRecordToPolicy(const DNSRecord& dr, DNSFilterEngine& target, const std::string& polName, bool addOrRemove, boost::optional<DNSFilterEngine::Policy> defpol, int place)
{
static const DNSName drop("rpz-drop."), truncate("rpz-tcp-only."), noaction("rpz-passthru.");
static const DNSName rpzClientIP("rpz-client-ip"), rpzIP("rpz-ip"),
rpzNSDname("rpz-nsdname"), rpzNSIP("rpz-nsip.");
- DNSFilterEngine::Policy pol{DNSFilterEngine::PolicyKind::NoAction, nullptr, 0};
+ DNSFilterEngine::Policy pol{DNSFilterEngine::PolicyKind::NoAction, nullptr, polName, 0};
if(dr.d_type == QType::CNAME) {
auto target=std::dynamic_pointer_cast<CNAMERecordContent>(dr.d_content)->getTarget();
}
}
-shared_ptr<SOARecordContent> loadRPZFromServer(const ComboAddress& master, const DNSName& zone, DNSFilterEngine& target, boost::optional<DNSFilterEngine::Policy> defpol, int place, const TSIGTriplet& tt)
+shared_ptr<SOARecordContent> loadRPZFromServer(const ComboAddress& master, const DNSName& zone, DNSFilterEngine& target, const std::string& polName, boost::optional<DNSFilterEngine::Policy> defpol, int place, const TSIGTriplet& tt)
{
L<<Logger::Warning<<"Loading RPZ zone '"<<zone<<"' from "<<master.toStringWithPort()<<endl;
if(!tt.name.empty())
continue;
}
- RPZRecordToPolicy(dr, target, true, defpol, place);
+ RPZRecordToPolicy(dr, target, polName, true, defpol, place);
nrecords++;
}
if(last != time(0)) {
return sr;
}
-int loadRPZFromFile(const std::string& fname, DNSFilterEngine& target, boost::optional<DNSFilterEngine::Policy> defpol, int place)
+int loadRPZFromFile(const std::string& fname, DNSFilterEngine& target, const std::string& polName, boost::optional<DNSFilterEngine::Policy> defpol, int place)
{
ZoneParserTNG zpt(fname);
DNSResourceRecord drr;
}
else {
dr.d_name=dr.d_name.makeRelative(domain);
- RPZRecordToPolicy(dr, target, true, defpol, place);
+ RPZRecordToPolicy(dr, target, polName, true, defpol, place);
}
}
catch(PDNSException& pe) {
#include <string>
#include "dnsrecords.hh"
-int loadRPZFromFile(const std::string& fname, DNSFilterEngine& target, boost::optional<DNSFilterEngine::Policy> defpol, int place);
-std::shared_ptr<SOARecordContent> loadRPZFromServer(const ComboAddress& master, const DNSName& zone, DNSFilterEngine& target, boost::optional<DNSFilterEngine::Policy> defpol, int place, const TSIGTriplet& tt);
-void RPZRecordToPolicy(const DNSRecord& dr, DNSFilterEngine& target, bool addOrRemove, boost::optional<DNSFilterEngine::Policy> defpol, int place);
-void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, const TSIGTriplet &tt, shared_ptr<SOARecordContent> oursr);
+int loadRPZFromFile(const std::string& fname, DNSFilterEngine& target, const std::string& policyName, boost::optional<DNSFilterEngine::Policy> defpol, int place);
+std::shared_ptr<SOARecordContent> loadRPZFromServer(const ComboAddress& master, const DNSName& zone, DNSFilterEngine& target, const std::string& policyName, boost::optional<DNSFilterEngine::Policy> defpol, int place, const TSIGTriplet& tt);
+void RPZRecordToPolicy(const DNSRecord& dr, DNSFilterEngine& target, const std::string& policyName, bool addOrRemove, boost::optional<DNSFilterEngine::Policy> defpol, int place);
+void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, const std::string& policyName, const TSIGTriplet &tt, shared_ptr<SOARecordContent> oursr);
projects / thirdparty / pdns.git / commitdiff
