return findExactNamedPolicy(d_propolName, qname, pol);
}
-bool DNSFilterEngine::Zone::findNSIPPolicy(const ComboAddress& addr, DNSFilterEngine::Policy& pol) const
+bool DNSFilterEngine::Zone::findNSIPPolicy(const ComboAddress& addr, Netmask& key, DNSFilterEngine::Policy& pol) const
{
if (const auto fnd = d_propolNSAddr.lookup(addr)) {
+ key = fnd->first;
pol = fnd->second;
return true;
}
return false;
}
-bool DNSFilterEngine::Zone::findResponsePolicy(const ComboAddress& addr, DNSFilterEngine::Policy& pol) const
+bool DNSFilterEngine::Zone::findResponsePolicy(const ComboAddress& addr, Netmask& key, DNSFilterEngine::Policy& pol) const
{
if (const auto fnd = d_postpolAddr.lookup(addr)) {
+ key = fnd->first;
pol = fnd->second;
return true;
}
return false;
}
-bool DNSFilterEngine::Zone::findClientPolicy(const ComboAddress& addr, DNSFilterEngine::Policy& pol) const
+bool DNSFilterEngine::Zone::findClientPolicy(const ComboAddress& addr, Netmask& key, DNSFilterEngine::Policy& pol) const
{
if (const auto fnd = d_qpolAddr.lookup(addr)) {
+ key = fnd->first;
pol = fnd->second;
return true;
}
continue;
}
- if(z->findNSIPPolicy(address, pol)) {
+ Netmask key;
+ if(z->findNSIPPolicy(address, key, pol)) {
// cerr<<"Had a hit on the nameserver ("<<address.toString()<<") used to process the query"<<endl;
- // XXX should use ns RPZ
- pol.d_trigger = Zone::maskToRPZ(address);
+ pol.d_trigger = Zone::maskToRPZ(key);
pol.d_trigger.appendRawLabel(rpzNSIPName);
pol.d_hit = address.toString();
return true;
continue;
}
- if (z->findClientPolicy(ca, pol)) {
+ Netmask key;
+ if (z->findClientPolicy(ca, key, pol)) {
// cerr<<"Had a hit on the IP address ("<<ca.toString()<<") of the client"<<endl;
return true;
}
return false;
}
- if (z->findResponsePolicy(ca, pol)) {
- pol.d_trigger = Zone::maskToRPZ(ca);
+ Netmask key;
+ if (z->findResponsePolicy(ca, key, pol)) {
+ pol.d_trigger = Zone::maskToRPZ(key);
pol.d_trigger.appendRawLabel(rpzIPName);
pol.d_hit = ca.toString();
return true;
bool findExactQNamePolicy(const DNSName& qname, DNSFilterEngine::Policy& pol) const;
bool findExactNSPolicy(const DNSName& qname, DNSFilterEngine::Policy& pol) const;
- bool findNSIPPolicy(const ComboAddress& addr, DNSFilterEngine::Policy& pol) const;
- bool findResponsePolicy(const ComboAddress& addr, DNSFilterEngine::Policy& pol) const;
- bool findClientPolicy(const ComboAddress& addr, DNSFilterEngine::Policy& pol) const;
+ bool findNSIPPolicy(const ComboAddress& addr, Netmask& key, DNSFilterEngine::Policy& pol) const;
+ bool findResponsePolicy(const ComboAddress& addr, Netmask& key, DNSFilterEngine::Policy& pol) const;
+ bool findClientPolicy(const ComboAddress& addr, Netmask& key, DNSFilterEngine::Policy& pol) const;
bool hasClientPolicies() const
{
const auto matchingPolicy = dfe.getProcessingPolicy(nsIP, std::unordered_map<std::string, bool>(), DNSFilterEngine::maximumPriority);
BOOST_CHECK(matchingPolicy.d_type == DNSFilterEngine::PolicyType::NSIP);
BOOST_CHECK(matchingPolicy.d_kind == DNSFilterEngine::PolicyKind::Drop);
+ Netmask key;
DNSFilterEngine::Policy zonePolicy;
- BOOST_CHECK(zone->findNSIPPolicy(nsIP, zonePolicy));
+ BOOST_CHECK(zone->findNSIPPolicy(nsIP, key, zonePolicy));
+ BOOST_CHECK(key == nsIP);
BOOST_CHECK(zonePolicy == matchingPolicy);
}
/* allowed NS IP */
const auto matchingPolicy = dfe.getProcessingPolicy(ComboAddress("192.0.2.142"), std::unordered_map<std::string, bool>(), DNSFilterEngine::maximumPriority);
BOOST_CHECK(matchingPolicy.d_type == DNSFilterEngine::PolicyType::None);
+ Netmask key;
DNSFilterEngine::Policy zonePolicy;
- BOOST_CHECK(zone->findNSIPPolicy(ComboAddress("192.0.2.142"), zonePolicy) == false);
+ BOOST_CHECK(zone->findNSIPPolicy(ComboAddress("192.0.2.142"), key, zonePolicy) == false);
}
{
const auto matchingPolicy = dfe.getClientPolicy(clientIP, std::unordered_map<std::string, bool>(), DNSFilterEngine::maximumPriority);
BOOST_CHECK(matchingPolicy.d_type == DNSFilterEngine::PolicyType::ClientIP);
BOOST_CHECK(matchingPolicy.d_kind == DNSFilterEngine::PolicyKind::Drop);
+ Netmask key;
DNSFilterEngine::Policy zonePolicy;
- BOOST_CHECK(zone->findClientPolicy(clientIP, zonePolicy));
+ BOOST_CHECK(zone->findClientPolicy(clientIP, key, zonePolicy));
+ BOOST_CHECK(key == clientIP);
BOOST_CHECK(zonePolicy == matchingPolicy);
}
/* not blocked */
const auto matchingPolicy = dfe.getClientPolicy(ComboAddress("192.0.2.142"), std::unordered_map<std::string, bool>(), DNSFilterEngine::maximumPriority);
BOOST_CHECK(matchingPolicy.d_type == DNSFilterEngine::PolicyType::None);
+ Netmask key;
DNSFilterEngine::Policy zonePolicy;
- BOOST_CHECK(zone->findClientPolicy(ComboAddress("192.0.2.142"), zonePolicy) == false);
+ BOOST_CHECK(zone->findClientPolicy(ComboAddress("192.0.2.142"), key, zonePolicy) == false);
BOOST_CHECK(zone->findExactQNamePolicy(DNSName("totally.legit."), zonePolicy) == false);
}
const auto matchingPolicy = dfe.getPostPolicy({dr}, std::unordered_map<std::string, bool>(), DNSFilterEngine::maximumPriority);
BOOST_CHECK(matchingPolicy.d_type == DNSFilterEngine::PolicyType::ResponseIP);
BOOST_CHECK(matchingPolicy.d_kind == DNSFilterEngine::PolicyKind::Drop);
+ Netmask key;
DNSFilterEngine::Policy zonePolicy;
- BOOST_CHECK(zone->findResponsePolicy(responseIP, zonePolicy));
+ BOOST_CHECK(zone->findResponsePolicy(responseIP, key, zonePolicy));
+ BOOST_CHECK(key == responseIP);
BOOST_CHECK(zonePolicy == matchingPolicy);
}
dr.d_content = DNSRecordContent::mastermake(QType::A, QClass::IN, "192.0.2.142");
const auto matchingPolicy = dfe.getPostPolicy({dr}, std::unordered_map<std::string, bool>(), DNSFilterEngine::maximumPriority);
BOOST_CHECK(matchingPolicy.d_type == DNSFilterEngine::PolicyType::None);
+ Netmask key;
DNSFilterEngine::Policy zonePolicy;
- BOOST_CHECK(zone->findResponsePolicy(ComboAddress("192.0.2.142"), zonePolicy) == false);
+ BOOST_CHECK(zone->findResponsePolicy(ComboAddress("192.0.2.142"), key, zonePolicy) == false);
}
BOOST_CHECK_EQUAL(zone->size(), 7U);
projects / thirdparty / pdns.git / commitdiff
