policy.rpz: support local data with larger RRsets

diff --git a/modules/policy/policy.lua b/modules/policy/policy.lua
index e839f1abc3ab984e0a7e7e5d7812a02ece0134fc..070b2c08b6ba08702ca4bbf8c421addad849646a 100644 (file)
--- a/modules/policy/policy.lua
+++ b/modules/policy/policy.lua
@@ -445,7 +445,20 @@ local function rpz_parse(action, path)
                                                path, tonumber(parser.line_counter), kres.tostring.type[parser.r_type])
                                elseif is_bad == nil then
                                        if new_actions[name] == nil then new_actions[name] = {} end
-                                       new_actions[name][parser.r_type] = { ttl=parser.r_ttl, rdata=rdata }
+                                       local act = new_actions[name][parser.r_type]
+                                       if act == nil then
+                                               new_actions[name][parser.r_type] = { ttl=parser.r_ttl, rdata=rdata }
+                                       else -- mutiple RRs: no reordering or deduplication
+                                               if type(act.rdata) ~= 'table' then
+                                                       act.rdata = { act.rdata }
+                                               end
+                                               table.insert(act.rdata, rdata)
+                                               if parser.r_ttl ~= act.ttl then -- be conservative
+                                                       log('[poli] RPZ %s:%d warning: different TTLs in a set (minimum taken)',
+                                                               path, tonumber(parser.line_counter))
+                                                       act.ttl = math.min(act.ttl, parser.r_ttl)
+                                               end
+                                       end
                                else
                                        assert(is_bad == false and prefix_labels == 0)
                                end

diff --git a/modules/policy/policy.rpz.test.lua b/modules/policy/policy.rpz.test.lua
index 761282fb6db75f194bd4703ccf234416cb30573e..047b27f5cd1fb069da3754a97413e03e40f41607 100644 (file)
--- a/modules/policy/policy.rpz.test.lua
+++ b/modules/policy/policy.rpz.test.lua
@@ -39,6 +39,9 @@ local function test_rpz()
                'case.sensitive.', kres.type.A, kres.rcode.NOERROR, '192.168.8.8')
        check_answer('"A 192.168.8.8" and domain with uppercase and lowercase letters',
                'CASe.SENSItivE.', kres.type.A, kres.rcode.NOERROR, '192.168.8.8')
+       check_answer('two AAAA records',
+               'two.records.', kres.type.AAAA, kres.rcode.NOERROR,
+               {'2001:db8::2', '2001:db8::1'})
 end
 
 net.ipv4 = false

diff --git a/modules/policy/policy.test.rpz b/modules/policy/policy.test.rpz
index 8c07efc2e1fb182f5f9c8e6aab3509c2a46b9137..80b7106f40170b44e2773e1ed62def6181d7c124 100644 (file)
--- a/modules/policy/policy.test.rpz
+++ b/modules/policy/policy.test.rpz
@@ -13,3 +13,6 @@ rra-zonename-suffix                   A       192.168.6.6
 testdomain.rra.testdomain.     A       192.168.7.7
 CaSe.SeNSiTiVe         A       192.168.8.8
 
+two.records            AAAA    2001:db8::2
+two.records            AAAA    2001:db8::1
+