}
#else
+static void parseRPZParameters(const std::unordered_map<string,boost::variant<uint32_t, string> >& have, std::string& polName, boost::optional<DNSFilterEngine::Policy>& defpol, uint32_t& maxTTL, size_t& zoneSizeHint)
+{
+ if(have.count("policyName")) {
+ polName = boost::get<std::string>(constGet(have, "policyName"));
+ }
+ if(have.count("defpol")) {
+ defpol=DNSFilterEngine::Policy();
+ defpol->d_kind = (DNSFilterEngine::PolicyKind)boost::get<uint32_t>(constGet(have, "defpol"));
+ defpol->d_name = std::make_shared<std::string>(polName);
+ if(defpol->d_kind == DNSFilterEngine::PolicyKind::Custom) {
+ defpol->d_custom=
+ shared_ptr<DNSRecordContent>(
+ DNSRecordContent::mastermake(QType::CNAME, 1,
+ boost::get<string>(constGet(have,"defcontent"))
+ )
+ );
+
+ if(have.count("defttl"))
+ defpol->d_ttl = static_cast<int32_t>(boost::get<uint32_t>(constGet(have, "defttl")));
+ else
+ defpol->d_ttl = -1; // get it from the zone
+ }
+ }
+ if(have.count("maxTTL")) {
+ maxTTL = boost::get<uint32_t>(constGet(have, "maxTTL"));
+ }
+ if(have.count("zoneSizeHint")) {
+ zoneSizeHint = static_cast<size_t>(boost::get<uint32_t>(constGet(have, "zoneSizeHint")));
+ }
+}
+
void loadRecursorLuaConfig(const std::string& fname, bool checkOnly)
{
LuaConfigItems lci;
};
Lua.writeVariable("Policy", pmap);
- Lua.writeFunction("rpzFile", [&lci](const string& filename, const boost::optional<std::unordered_map<string,boost::variant<int, string>>>& options) {
+ Lua.writeFunction("rpzFile", [&lci](const string& filename, const boost::optional<std::unordered_map<string,boost::variant<uint32_t, string>>>& options) {
try {
boost::optional<DNSFilterEngine::Policy> defpol;
std::string polName("rpzFile");
const size_t zoneIdx = lci.dfe.size();
+ uint32_t maxTTL = std::numeric_limits<uint32_t>::max();
if(options) {
auto& have = *options;
- if(have.count("policyName")) {
- polName = boost::get<std::string>(constGet(have, "policyName"));
- }
- if(have.count("defpol")) {
- defpol=DNSFilterEngine::Policy();
- defpol->d_kind = (DNSFilterEngine::PolicyKind)boost::get<int>(constGet(have, "defpol"));
- defpol->d_name = std::make_shared<std::string>(polName);
- if(defpol->d_kind == DNSFilterEngine::PolicyKind::Custom) {
- defpol->d_custom=
- shared_ptr<DNSRecordContent>(
- DNSRecordContent::mastermake(QType::CNAME, 1,
- boost::get<string>(constGet(have,"defcontent"))
- )
- );
-
- if(have.count("defttl"))
- defpol->d_ttl = boost::get<int>(constGet(have, "defttl"));
- else
- defpol->d_ttl = -1; // get it from the zone
- }
- }
- if(have.count("zoneSizeHint")) {
- lci.dfe.reserve(zoneIdx, static_cast<size_t>(boost::get<int>(constGet(have, "zoneSizeHint"))));
+ size_t zoneSizeHint = 0;
+ parseRPZParameters(have, polName, defpol, maxTTL, zoneSizeHint);
+ if (zoneSizeHint > 0) {
+ lci.dfe.reserve(zoneIdx, zoneSizeHint);
}
}
theL()<<Logger::Warning<<"Loading RPZ from file '"<<filename<<"'"<<endl;
lci.dfe.setPolicyName(zoneIdx, polName);
- loadRPZFromFile(filename, lci.dfe, defpol, zoneIdx);
+ loadRPZFromFile(filename, lci.dfe, defpol, maxTTL, zoneIdx);
theL()<<Logger::Warning<<"Done loading RPZ from file '"<<filename<<"'"<<endl;
}
catch(std::exception& e) {
});
- Lua.writeFunction("rpzMaster", [&lci, checkOnly](const string& master_, const string& zone_, const boost::optional<std::unordered_map<string,boost::variant<int, string>>>& options) {
+ Lua.writeFunction("rpzMaster", [&lci, checkOnly](const string& master_, const string& zone_, const boost::optional<std::unordered_map<string,boost::variant<uint32_t, string>>>& options) {
try {
boost::optional<DNSFilterEngine::Policy> defpol;
TSIGTriplet tt;
- int refresh=0;
- std::string polName;
+ uint32_t refresh=0;
+ std::string polName(zone_);
size_t maxReceivedXFRMBytes = 0;
+ uint32_t maxTTL = std::numeric_limits<uint32_t>::max();
ComboAddress localAddress;
const size_t zoneIdx = lci.dfe.size();
if(options) {
auto& have = *options;
- polName = zone_;
- if(have.count("policyName"))
- polName = boost::get<std::string>(constGet(have, "policyName"));
- if(have.count("defpol")) {
- // cout<<"Set a default policy"<<endl;
- defpol=DNSFilterEngine::Policy();
- defpol->d_kind = (DNSFilterEngine::PolicyKind)boost::get<int>(constGet(have, "defpol"));
- defpol->d_name = std::make_shared<std::string>(polName);
- if(defpol->d_kind == DNSFilterEngine::PolicyKind::Custom) {
- // cout<<"Setting a custom field even!"<<endl;
- defpol->d_custom=
- shared_ptr<DNSRecordContent>(
- DNSRecordContent::mastermake(QType::CNAME, 1,
- boost::get<string>(constGet(have,"defcontent"))
- )
- );
- if(have.count("defttl"))
- defpol->d_ttl = boost::get<int>(constGet(have, "defttl"));
- else
- defpol->d_ttl = -1; // get it from the zone
- }
- }
- if(have.count("zoneSizeHint")) {
- lci.dfe.reserve(zoneIdx, static_cast<size_t>(boost::get<int>(constGet(have, "zoneSizeHint"))));
+ size_t zoneSizeHint = 0;
+ parseRPZParameters(have, polName, defpol, maxTTL, zoneSizeHint);
+ if (zoneSizeHint > 0) {
+ lci.dfe.reserve(zoneIdx, zoneSizeHint);
}
if(have.count("tsigname")) {
tt.name=DNSName(toLower(boost::get<string>(constGet(have, "tsigname"))));
throw std::runtime_error("TSIG secret is not valid Base-64 encoded");
}
if(have.count("refresh")) {
- refresh = boost::get<int>(constGet(have,"refresh"));
+ refresh = boost::get<uint32_t>(constGet(have,"refresh"));
}
if(have.count("maxReceivedMBytes")) {
- maxReceivedXFRMBytes = static_cast<size_t>(boost::get<int>(constGet(have,"maxReceivedMBytes")));
+ maxReceivedXFRMBytes = static_cast<size_t>(boost::get<uint32_t>(constGet(have,"maxReceivedMBytes")));
}
if(have.count("localAddress")) {
localAddress = ComboAddress(boost::get<string>(constGet(have,"localAddress")));
lci.dfe.setPolicyName(zoneIdx, polName);
if (!checkOnly) {
- auto sr=loadRPZFromServer(master, zone, lci.dfe, defpol, zoneIdx, tt, maxReceivedXFRMBytes * 1024 * 1024, localAddress);
+ auto sr=loadRPZFromServer(master, zone, lci.dfe, defpol, maxTTL, zoneIdx, tt, maxReceivedXFRMBytes * 1024 * 1024, localAddress);
if(refresh)
sr->d_st.refresh=refresh;
- std::thread t(RPZIXFRTracker, master, zone, defpol, zoneIdx, tt, sr, maxReceivedXFRMBytes * 1024 * 1024, localAddress);
+ std::thread t(RPZIXFRTracker, master, zone, defpol, maxTTL, zoneIdx, tt, sr, maxReceivedXFRMBytes * 1024 * 1024, localAddress);
t.detach();
}
}
return Netmask(v6);
}
-void RPZRecordToPolicy(const DNSRecord& dr, DNSFilterEngine& target, bool addOrRemove, boost::optional<DNSFilterEngine::Policy> defpol, size_t place)
+void RPZRecordToPolicy(const DNSRecord& dr, DNSFilterEngine& target, bool addOrRemove, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL, size_t place)
{
static const DNSName drop("rpz-drop."), truncate("rpz-tcp-only."), noaction("rpz-passthru.");
static const DNSName rpzClientIP("rpz-client-ip"), rpzIP("rpz-ip"),
}
}
- if(pol.d_ttl < 0)
- pol.d_ttl = dr.d_ttl;
+ if (!defpol || defpol->d_ttl < 0) {
+ pol.d_ttl = static_cast<int32_t>(std::min(maxTTL, dr.d_ttl));
+ } else {
+ pol.d_ttl = static_cast<int32_t>(std::min(maxTTL, static_cast<uint32_t>(pol.d_ttl)));
+ }
// now to DO something with that
}
}
-shared_ptr<SOARecordContent> loadRPZFromServer(const ComboAddress& master, const DNSName& zone, DNSFilterEngine& target, boost::optional<DNSFilterEngine::Policy> defpol, size_t place, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress)
+shared_ptr<SOARecordContent> loadRPZFromServer(const ComboAddress& master, const DNSName& zone, DNSFilterEngine& target, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL, size_t place, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress)
{
L<<Logger::Warning<<"Loading RPZ zone '"<<zone<<"' from "<<master.toStringWithPort()<<endl;
if(!tt.name.empty())
continue;
}
- RPZRecordToPolicy(dr, target, true, defpol, place);
+ RPZRecordToPolicy(dr, target, true, defpol, maxTTL, place);
nrecords++;
}
if(last != time(0)) {
}
// this function is silent - you do the logging
-int loadRPZFromFile(const std::string& fname, DNSFilterEngine& target, boost::optional<DNSFilterEngine::Policy> defpol, size_t place)
+int loadRPZFromFile(const std::string& fname, DNSFilterEngine& target, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL, size_t place)
{
ZoneParserTNG zpt(fname);
DNSResourceRecord drr;
}
else {
dr.d_name=dr.d_name.makeRelative(domain);
- RPZRecordToPolicy(dr, target, true, defpol, place);
+ RPZRecordToPolicy(dr, target, true, defpol, maxTTL, place);
}
}
catch(PDNSException& pe) {
#include <string>
#include "dnsrecords.hh"
-int loadRPZFromFile(const std::string& fname, DNSFilterEngine& target, boost::optional<DNSFilterEngine::Policy> defpol, size_t place);
-std::shared_ptr<SOARecordContent> loadRPZFromServer(const ComboAddress& master, const DNSName& zone, DNSFilterEngine& target, boost::optional<DNSFilterEngine::Policy> defpol, size_t place, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress);
-void RPZRecordToPolicy(const DNSRecord& dr, DNSFilterEngine& target, bool addOrRemove, boost::optional<DNSFilterEngine::Policy> defpol, size_t place);
-void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, boost::optional<DNSFilterEngine::Policy> defpol, size_t polZone, const TSIGTriplet &tt, shared_ptr<SOARecordContent> oursr, size_t maxReceivedBytes, const ComboAddress& localAddress);
+int loadRPZFromFile(const std::string& fname, DNSFilterEngine& target, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL, size_t place);
+std::shared_ptr<SOARecordContent> loadRPZFromServer(const ComboAddress& master, const DNSName& zone, DNSFilterEngine& target, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL, size_t place, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress);
+void RPZRecordToPolicy(const DNSRecord& dr, DNSFilterEngine& target, bool addOrRemove, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL, size_t place);
+void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL, size_t polZone, const TSIGTriplet &tt, shared_ptr<SOARecordContent> oursr, size_t maxReceivedBytes, const ComboAddress& localAddress);
projects / thirdparty / pdns.git / commitdiff
