modules/policy: add 'domain' filter for equality matching

diff --git a/modules/policy/README.rst b/modules/policy/README.rst
index 6d22b9bc008c6ee31f4b223936ccb3b90a8991cd..7037e4e0a1ea19bf23015ecd4fab7bae87ca87db 100644 (file)
--- a/modules/policy/README.rst
+++ b/modules/policy/README.rst
@@ -28,6 +28,16 @@ A *filter* selects which queries will be affected by specified Actions_. There a
 
    Always applies the action.
 
+.. function:: domain(action, domain)
+
+   Applies the action if query name matches the provided domain name.
+
+.. note:: For speed this filter requires a domain name in DNS wire format, not textual representation, so each label in the name must be prefixed with its length. Always use convenience function :func:`todname` for automatic conversion from a string! For example:
+
+   .. code-block:: lua
+
+      policy.domain(policy.DENY, todname('example.com'))
+
 .. function:: pattern(action, pattern)
 
    Applies the action if query name matches a `Lua regular expression <http://lua-users.org/wiki/PatternsTutorial>`_.

diff --git a/modules/policy/policy.lua b/modules/policy/policy.lua
index 07ba88b600ba4432d72a30f4a4ea5ebd11cf1311..74ee25b810b2655d7d3c6531d132053bfca10ac3 100644 (file)
--- a/modules/policy/policy.lua
+++ b/modules/policy/policy.lua
@@ -344,7 +344,17 @@ function policy.all(action)
        return function(_, _) return action end
 end
 
--- Requests which QNAME matches given zone list (i.e. suffix match)
+-- Requests whose QNAME is exactly the provided domain
+function policy.domain(action, dname)
+       return function(_, query)
+               if query:name() == dname then
+                       return action
+               end
+               return nil
+       end
+end
+
+-- Requests whose QNAME matches given zone list (i.e. suffix match)
 function policy.suffix(action, zone_list)
        local AC = require('ahocorasick')
        local tree = AC.create(zone_list)