if(!(node=respip_sockaddr_find_or_create(r->respip_set, &addr, addrlen,
net, 1, rrstr))) {
lock_rw_unlock(&r->respip_set->lock);
+ free(rrstr);
return 0;
}
rrclass, ttl, rdata, rdata_len, rrstr, "");
}
lock_rw_unlock(&node->lock);
+ free(rrstr);
return 1;
}
free(policydname);
}
else if(t == RPZ_RESPONSE_IP_TRIGGER) {
- if(!rpz_insert_response_ip_trigger(r, policydname,
+ rpz_insert_response_ip_trigger(r, policydname,
a, rr_type, rr_class, rr_ttl, rdatawl, rdatalen, rr,
- rr_len))
- free(policydname);
+ rr_len);
+ free(policydname);
}
else {
free(policydname);
--- /dev/null
+; config options
+server:
+ module-config: "respip validator iterator"
+ target-fetch-policy: "0 0 0 0 0"
+ do-not-query-localhost: no
+ qname-minimisation: no
+
+
+rpz:
+ name: "rpz.example.com."
+ zonefile:
+TEMPFILE_NAME rpz.example.com
+TEMPFILE_CONTENTS rpz.example.com
+$ORIGIN example.com.
+rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. (
+ 1379078166 28800 7200 604800 7200 )
+ 3600 IN NS ns1.rpz.example.com.
+ 3600 IN NS ns2.rpz.example.com.
+$ORIGIN rpz.example.com.
+8.0.0.0.10.rpz-ip CNAME *.
+16.0.0.10.10.rpz-ip CNAME .
+24.0.10.10.10.rpz-ip CNAME rpz-drop.
+32.10.10.10.10.rpz-ip CNAME rpz-passthru.
+32.zz.db8.2001.rpz-ip CNAME *.
+48.zz.aa.db8.2001.rpz-ip CNAME .
+64.zz.bb.aa.db8.2001.rpz-ip CNAME rpz-drop.
+128.1.zz.cc.bb.aa.db8.2001.rpz-ip CNAME rpz-passthru.
+128.123.zz.cc.bb.aa.db8.2001.rpz-ip AAAA 2001:db8::123
+
+TEMPFILE_END
+
+rpz:
+ name: "rpz2.example.com."
+ zonefile:
+TEMPFILE_NAME rpz2.example.com
+TEMPFILE_CONTENTS rpz2.example.com
+$ORIGIN example.com.
+rpz2 3600 IN SOA ns1.rpz2.example.com. hostmaster.rpz2.example.com. (
+ 1379078166 28800 7200 604800 7200 )
+ 3600 IN NS ns1.rpz2.example.com.
+ 3600 IN NS ns2.rpz2.example.com.
+$ORIGIN rpz2.example.com.
+32.10.10.10.10.rpz-ip A 203.0.113.123
+32.123.2.0.192.rpz-ip A 203.0.113.123
+128.1.zz.cc.bb.aa.db8.2001.rpz-ip AAAA 2001:db1::123
+TEMPFILE_END
+
+stub-zone:
+ name: "."
+ stub-addr: 10.20.30.40
+CONFIG_END
+
+SCENARIO_BEGIN Test all supported RPZ action for response IP address trigger
+
+; c.
+RANGE_BEGIN 0 100
+ ADDRESS 10.20.30.40
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS ns.
+SECTION ADDITIONAL
+ns. IN A 10.20.30.40
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+a. IN A
+SECTION ANSWER
+a. IN A 10.0.0.123
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+a. IN AAAA
+SECTION ANSWER
+a. IN AAAA 2001:db8::123
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+b. IN A
+SECTION ANSWER
+b. IN A 10.1.0.123
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+b. IN AAAA
+SECTION ANSWER
+b. IN AAAA 2001:db8:1::123
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+c. IN A
+SECTION ANSWER
+c. IN A 10.11.0.123
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+c. IN AAAA
+SECTION ANSWER
+c. IN AAAA 2001:db8:ff::123
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+d. IN A
+SECTION ANSWER
+d. IN A 10.10.0.123
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+d. IN AAAA
+SECTION ANSWER
+d. IN AAAA 2001:db8:aa::123
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+e. IN A
+SECTION ANSWER
+e. IN A 10.10.10.123
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+e. IN AAAA
+SECTION ANSWER
+e. IN AAAA 2001:db8:aa:bb::123
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+f. IN A
+SECTION ANSWER
+f. IN A 10.10.10.10
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+f. IN AAAA
+SECTION ANSWER
+f. IN AAAA 2001:db8:aa:bb:cc::1
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+g. IN A
+SECTION ANSWER
+g. IN A 192.0.2.123
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+g. IN AAAA
+SECTION ANSWER
+g. IN AAAA 2001:db8:aa:bb:cc::123
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+a. IN A
+ENTRY_END
+
+STEP 2 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+a. IN A
+SECTION ANSWER
+ENTRY_END
+
+STEP 3 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+a. IN AAAA
+ENTRY_END
+
+STEP 4 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+a. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+STEP 5 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+b. IN A
+ENTRY_END
+
+STEP 6 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+b. IN A
+SECTION ANSWER
+ENTRY_END
+
+STEP 7 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+b. IN AAAA
+ENTRY_END
+
+STEP 8 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+b. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+STEP 9 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+c. IN A
+ENTRY_END
+
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+c. IN A
+SECTION ANSWER
+ENTRY_END
+
+STEP 11 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+c. IN AAAA
+ENTRY_END
+
+STEP 12 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+c. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+STEP 13 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+d. IN A
+ENTRY_END
+
+STEP 14 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NXDOMAIN
+SECTION QUESTION
+d. IN A
+SECTION ANSWER
+ENTRY_END
+
+STEP 15 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+d. IN AAAA
+ENTRY_END
+
+STEP 16 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NXDOMAIN
+SECTION QUESTION
+d. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+STEP 17 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+f. IN A
+ENTRY_END
+
+STEP 18 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+f. IN A
+SECTION ANSWER
+f. IN A 10.10.10.10
+ENTRY_END
+
+STEP 19 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+f. IN AAAA
+ENTRY_END
+
+STEP 20 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+f. IN AAAA
+SECTION ANSWER
+f. IN AAAA 2001:db8:aa:bb:cc::1
+ENTRY_END
+
+STEP 21 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+g. IN A
+ENTRY_END
+
+STEP 22 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+g. IN A
+SECTION ANSWER
+g. IN A 203.0.113.123
+ENTRY_END
+
+STEP 23 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+g. IN AAAA
+ENTRY_END
+
+STEP 24 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+g. IN AAAA
+SECTION ANSWER
+g. IN AAAA 2001:db8::123
+ENTRY_END
+
+; should be dropped
+STEP 25 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+e. IN A
+ENTRY_END
+STEP 26 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+e. IN AAAA
+ENTRY_END
+STEP 27 TIME_PASSES ELAPSE 12
+SCENARIO_END
projects / thirdparty / unbound.git / commitdiff
