From: Otto Moerbeek Date: Tue, 7 Apr 2020 11:19:30 +0000 (+0200) Subject: Routingtag is now handled by gettag() and not part of dq anymore. X-Git-Tag: rec-4.4.0-alpha1^2~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=163ed9167b838227dd9ca9ef66d5c72ed1340bd2;p=thirdparty%2Fpdns.git Routingtag is now handled by gettag() and not part of dq anymore. ffi interface to be done. Includes attempt at documenting the return value of gettag() a bit better. --- diff --git a/pdns/lua-recursor4-ffi.hh b/pdns/lua-recursor4-ffi.hh index d852fbeb05..7051b7c549 100644 --- a/pdns/lua-recursor4-ffi.hh +++ b/pdns/lua-recursor4-ffi.hh @@ -67,6 +67,8 @@ extern "C" { void pdns_ffi_param_set_requestorid(pdns_ffi_param_t* ref, const char* name) __attribute__ ((visibility ("default"))); void pdns_ffi_param_set_devicename(pdns_ffi_param_t* ref, const char* name) __attribute__ ((visibility ("default"))); void pdns_ffi_param_set_deviceid(pdns_ffi_param_t* ref, size_t len, const void* name) __attribute__ ((visibility ("default"))); + void pdns_ffi_param_set_routingtag(pdns_ffi_param_t* ref, const char* name) __attribute__ ((visibility ("default"))); + void pdns_ffi_param_set_variable(pdns_ffi_param_t* ref, bool variable) __attribute__ ((visibility ("default"))); void pdns_ffi_param_set_ttl_cap(pdns_ffi_param_t* ref, uint32_t ttl) __attribute__ ((visibility ("default"))); void pdns_ffi_param_set_log_query(pdns_ffi_param_t* ref, bool logQuery) __attribute__ ((visibility ("default"))); diff --git a/pdns/lua-recursor4.cc b/pdns/lua-recursor4.cc index 931b3bb4b7..da82ace25e 100644 --- a/pdns/lua-recursor4.cc +++ b/pdns/lua-recursor4.cc @@ -169,7 +169,6 @@ void RecursorLua4::postPrepareContext() d_lw->registerMember("requestorId", &DNSQuestion::requestorId); d_lw->registerMember("deviceId", &DNSQuestion::deviceId); d_lw->registerMember("deviceName", &DNSQuestion::deviceName); - d_lw->registerMember("routingTag", &DNSQuestion::routingTag); d_lw->registerMember("followupFunction", &DNSQuestion::followupFunction); d_lw->registerMember("followupPrefix", &DNSQuestion::followupPrefix); d_lw->registerMember("followupName", &DNSQuestion::followupName); @@ -449,7 +448,7 @@ bool RecursorLua4::ipfilter(const ComboAddress& remote, const ComboAddress& loca return false; // don't block } -unsigned int RecursorLua4::gettag(const ComboAddress& remote, const Netmask& ednssubnet, const ComboAddress& local, const DNSName& qname, uint16_t qtype, std::unordered_set* policyTags, LuaContext::LuaObject& data, const EDNSOptionViewMap& ednsOptions, bool tcp, std::string& requestorId, std::string& deviceId, std::string& deviceName, const std::vector& proxyProtocolValues) const +unsigned int RecursorLua4::gettag(const ComboAddress& remote, const Netmask& ednssubnet, const ComboAddress& local, const DNSName& qname, uint16_t qtype, std::unordered_set* policyTags, LuaContext::LuaObject& data, const EDNSOptionViewMap& ednsOptions, bool tcp, std::string& requestorId, std::string& deviceId, std::string& deviceName, std::string& routingTag, const std::vector& proxyProtocolValues) const { if(d_gettag) { std::vector> proxyProtocolValuesMap; @@ -487,6 +486,12 @@ unsigned int RecursorLua4::gettag(const ComboAddress& remote, const Netmask& edn if (deviceNameret) { deviceName = *deviceNameret; } + + const auto routingTagret = std::get<6>(ret); + if (routingTagret) { + routingTag = *routingTagret; + } + return std::get<0>(ret); } return 0; @@ -495,7 +500,7 @@ unsigned int RecursorLua4::gettag(const ComboAddress& remote, const Netmask& edn struct pdns_ffi_param { public: - pdns_ffi_param(const DNSName& qname_, uint16_t qtype_, const ComboAddress& local_, const ComboAddress& remote_, const Netmask& ednssubnet_, std::unordered_set& policyTags_, std::vector& records_, const EDNSOptionViewMap& ednsOptions_, const std::vector& proxyProtocolValues_, std::string& requestorId_, std::string& deviceId_, std::string& deviceName_, boost::optional& rcode_, uint32_t& ttlCap_, bool& variable_, bool tcp_, bool& logQuery_, bool& logResponse_, bool& followCNAMERecords_): qname(qname_), local(local_), remote(remote_), ednssubnet(ednssubnet_), policyTags(policyTags_), records(records_), ednsOptions(ednsOptions_), proxyProtocolValues(proxyProtocolValues_), requestorId(requestorId_), deviceId(deviceId_), deviceName(deviceName_), rcode(rcode_), ttlCap(ttlCap_), variable(variable_), logQuery(logQuery_), logResponse(logResponse_), followCNAMERecords(followCNAMERecords_), qtype(qtype_), tcp(tcp_) + pdns_ffi_param(const DNSName& qname_, uint16_t qtype_, const ComboAddress& local_, const ComboAddress& remote_, const Netmask& ednssubnet_, std::unordered_set& policyTags_, std::vector& records_, const EDNSOptionViewMap& ednsOptions_, const std::vector& proxyProtocolValues_, std::string& requestorId_, std::string& deviceId_, std::string& deviceName_, std::string& routingTag_, boost::optional& rcode_, uint32_t& ttlCap_, bool& variable_, bool tcp_, bool& logQuery_, bool& logResponse_, bool& followCNAMERecords_): qname(qname_), local(local_), remote(remote_), ednssubnet(ednssubnet_), policyTags(policyTags_), records(records_), ednsOptions(ednsOptions_), proxyProtocolValues(proxyProtocolValues_), requestorId(requestorId_), deviceId(deviceId_), deviceName(deviceName_), routingTag(routingTag_), rcode(rcode_), ttlCap(ttlCap_), variable(variable_), logQuery(logQuery_), logResponse(logResponse_), followCNAMERecords(followCNAMERecords_), qtype(qtype_), tcp(tcp_) { } @@ -517,6 +522,7 @@ public: std::string& requestorId; std::string& deviceId; std::string& deviceName; + std::string& routingTag; boost::optional& rcode; uint32_t& ttlCap; bool& variable; @@ -529,10 +535,10 @@ public: bool tcp; }; -unsigned int RecursorLua4::gettag_ffi(const ComboAddress& remote, const Netmask& ednssubnet, const ComboAddress& local, const DNSName& qname, uint16_t qtype, std::unordered_set* policyTags, std::vector& records, LuaContext::LuaObject& data, const EDNSOptionViewMap& ednsOptions, bool tcp, const std::vector& proxyProtocolValues, std::string& requestorId, std::string& deviceId, std::string& deviceName, boost::optional& rcode, uint32_t& ttlCap, bool& variable, bool& logQuery, bool& logResponse, bool& followCNAMERecords) const +unsigned int RecursorLua4::gettag_ffi(const ComboAddress& remote, const Netmask& ednssubnet, const ComboAddress& local, const DNSName& qname, uint16_t qtype, std::unordered_set* policyTags, std::vector& records, LuaContext::LuaObject& data, const EDNSOptionViewMap& ednsOptions, bool tcp, const std::vector& proxyProtocolValues, std::string& requestorId, std::string& deviceId, std::string& deviceName, std::string& routingTag, boost::optional& rcode, uint32_t& ttlCap, bool& variable, bool& logQuery, bool& logResponse, bool& followCNAMERecords) const { if (d_gettag_ffi) { - pdns_ffi_param_t param(qname, qtype, local, remote, ednssubnet, *policyTags, records, ednsOptions, proxyProtocolValues, requestorId, deviceId, deviceName, rcode, ttlCap, variable, tcp, logQuery, logResponse, followCNAMERecords); + pdns_ffi_param_t param(qname, qtype, local, remote, ednssubnet, *policyTags, records, ednsOptions, proxyProtocolValues, requestorId, deviceId, deviceName, routingTag, rcode, ttlCap, variable, tcp, logQuery, logResponse, followCNAMERecords); auto ret = d_gettag_ffi(¶m); if (ret) { @@ -811,6 +817,11 @@ void pdns_ffi_param_set_deviceid(pdns_ffi_param_t* ref, size_t len, const void* ref->deviceId = std::string(reinterpret_cast(name), len); } +void pdns_ffi_param_set_routingtag(pdns_ffi_param_t* ref, const char* rtag) +{ + ref->routingTag = std::string(rtag); +} + void pdns_ffi_param_set_variable(pdns_ffi_param_t* ref, bool variable) { ref->variable = variable; diff --git a/pdns/lua-recursor4.hh b/pdns/lua-recursor4.hh index 1639583069..570d3fd3e4 100644 --- a/pdns/lua-recursor4.hh +++ b/pdns/lua-recursor4.hh @@ -81,7 +81,6 @@ public: std::string requestorId; std::string deviceId; std::string deviceName; - std::string routingTag; vState validationState{Indeterminate}; bool& variable; bool& wantsRPZ; @@ -116,8 +115,8 @@ public: DNSName followupName; }; - unsigned int gettag(const ComboAddress& remote, const Netmask& ednssubnet, const ComboAddress& local, const DNSName& qname, uint16_t qtype, std::unordered_set* policyTags, LuaContext::LuaObject& data, const EDNSOptionViewMap&, bool tcp, std::string& requestorId, std::string& deviceId, std::string& deviceName, const std::vector& proxyProtocolValues) const; - unsigned int gettag_ffi(const ComboAddress& remote, const Netmask& ednssubnet, const ComboAddress& local, const DNSName& qname, uint16_t qtype, std::unordered_set* policyTags, std::vector& records, LuaContext::LuaObject& data, const EDNSOptionViewMap& ednsOptions, bool tcp, const std::vector& proxyProtocolValues, std::string& requestorId, std::string& deviceId, std::string& deviceName, boost::optional& rcode, uint32_t& ttlCap, bool& variable, bool& logQuery, bool& logResponse, bool& followCNAMERecords) const; + unsigned int gettag(const ComboAddress& remote, const Netmask& ednssubnet, const ComboAddress& local, const DNSName& qname, uint16_t qtype, std::unordered_set* policyTags, LuaContext::LuaObject& data, const EDNSOptionViewMap&, bool tcp, std::string& requestorId, std::string& deviceId, std::string& deviceName, std::string& routingTag, const std::vector& proxyProtocolValues) const; + unsigned int gettag_ffi(const ComboAddress& remote, const Netmask& ednssubnet, const ComboAddress& local, const DNSName& qname, uint16_t qtype, std::unordered_set* policyTags, std::vector& records, LuaContext::LuaObject& data, const EDNSOptionViewMap& ednsOptions, bool tcp, const std::vector& proxyProtocolValues, std::string& requestorId, std::string& deviceId, std::string& deviceName, std::string& routingTag, boost::optional& rcode, uint32_t& ttlCap, bool& variable, bool& logQuery, bool& logResponse, bool& followCNAMERecords) const; void maintenance() const; bool prerpz(DNSQuestion& dq, int& ret) const; @@ -138,7 +137,7 @@ public: d_postresolve); } - typedef std::function >,boost::optional,boost::optional,boost::optional,boost::optional >(ComboAddress, Netmask, ComboAddress, DNSName, uint16_t, const EDNSOptionViewMap&, bool, const std::vector>&)> gettag_t; + typedef std::function >,boost::optional,boost::optional,boost::optional,boost::optional,boost::optional >(ComboAddress, Netmask, ComboAddress, DNSName, uint16_t, const EDNSOptionViewMap&, bool, const std::vector>&)> gettag_t; gettag_t d_gettag; // public so you can query if we have this hooked typedef std::function(pdns_ffi_param_t*)> gettag_ffi_t; gettag_ffi_t d_gettag_ffi; diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc index f0ffdfe971..e42340450c 100644 --- a/pdns/pdns_recursor.cc +++ b/pdns/pdns_recursor.cc @@ -334,6 +334,7 @@ struct DNSComboWriter { #endif std::string d_query; std::unordered_set d_policyTags; + std::string d_routingTag; std::vector d_records; LuaContext::LuaObject d_data; EDNSSubnetOpts d_ednssubnet; @@ -1499,8 +1500,8 @@ static void startDoResolve(void *p) sr.d_appliedPolicy = appliedPolicy; sr.d_policyTags = std::move(dc->d_policyTags); - if (!dq.routingTag.empty()) { - sr.d_routingTag = dq.routingTag; + if (!dc->d_routingTag.empty()) { + sr.d_routingTag = dc->d_routingTag; } res = sr.beginResolve(dc->d_mdp.d_qname, QType(dc->d_mdp.d_qtype), dc->d_mdp.d_qclass, ret); @@ -2285,10 +2286,10 @@ static void handleRunningTCPQuestion(int fd, FDMultiplexer::funcparam_t& var) if(t_pdl) { try { if (t_pdl->d_gettag_ffi) { - dc->d_tag = t_pdl->gettag_ffi(dc->d_source, dc->d_ednssubnet.source, dc->d_destination, qname, qtype, &dc->d_policyTags, dc->d_records, dc->d_data, ednsOptions, true, dc->d_proxyProtocolValues, requestorId, deviceId, deviceName, dc->d_rcode, dc->d_ttlCap, dc->d_variable, logQuery, dc->d_logResponse, dc->d_followCNAMERecords); + dc->d_tag = t_pdl->gettag_ffi(dc->d_source, dc->d_ednssubnet.source, dc->d_destination, qname, qtype, &dc->d_policyTags, dc->d_records, dc->d_data, ednsOptions, true, dc->d_proxyProtocolValues, requestorId, deviceId, deviceName, dc->d_routingTag, dc->d_rcode, dc->d_ttlCap, dc->d_variable, logQuery, dc->d_logResponse, dc->d_followCNAMERecords); } else if (t_pdl->d_gettag) { - dc->d_tag = t_pdl->gettag(dc->d_source, dc->d_ednssubnet.source, dc->d_destination, qname, qtype, &dc->d_policyTags, dc->d_data, ednsOptions, true, requestorId, deviceId, deviceName, dc->d_proxyProtocolValues); + dc->d_tag = t_pdl->gettag(dc->d_source, dc->d_ednssubnet.source, dc->d_destination, qname, qtype, &dc->d_policyTags, dc->d_data, ednsOptions, true, requestorId, deviceId, deviceName, dc->d_routingTag, dc->d_proxyProtocolValues); } } catch(const std::exception& e) { @@ -2481,6 +2482,7 @@ static string* doProcessUDPQuestion(const std::string& question, const ComboAddr string requestorId; string deviceId; string deviceName; + string routingTag; bool logQuery = false; bool logResponse = false; #ifdef HAVE_PROTOBUF @@ -2543,10 +2545,10 @@ static string* doProcessUDPQuestion(const std::string& question, const ComboAddr if(t_pdl) { try { if (t_pdl->d_gettag_ffi) { - ctag = t_pdl->gettag_ffi(source, ednssubnet.source, destination, qname, qtype, &policyTags, records, data, ednsOptions, false, proxyProtocolValues, requestorId, deviceId, deviceName, rcode, ttlCap, variable, logQuery, logResponse, followCNAMEs); + ctag = t_pdl->gettag_ffi(source, ednssubnet.source, destination, qname, qtype, &policyTags, records, data, ednsOptions, false, proxyProtocolValues, requestorId, deviceId, deviceName, routingTag, rcode, ttlCap, variable, logQuery, logResponse, followCNAMEs); } else if (t_pdl->d_gettag) { - ctag = t_pdl->gettag(source, ednssubnet.source, destination, qname, qtype, &policyTags, data, ednsOptions, false, requestorId, deviceId, deviceName, proxyProtocolValues); + ctag = t_pdl->gettag(source, ednssubnet.source, destination, qname, qtype, &policyTags, data, ednsOptions, false, requestorId, deviceId, deviceName, routingTag, proxyProtocolValues); } } catch(const std::exception& e) { @@ -2695,6 +2697,7 @@ static string* doProcessUDPQuestion(const std::string& question, const ComboAddr dc->d_kernelTimestamp = tv; #endif dc->d_proxyProtocolValues = std::move(proxyProtocolValues); + dc->d_routingTag = routingTag; MT->makeThread(startDoResolve, (void*) dc.release()); // deletes dc return 0; diff --git a/pdns/recursordist/docs/lua-scripting/hooks.rst b/pdns/recursordist/docs/lua-scripting/hooks.rst index bdb15ee562..c8d436dca3 100644 --- a/pdns/recursordist/docs/lua-scripting/hooks.rst +++ b/pdns/recursordist/docs/lua-scripting/hooks.rst @@ -53,7 +53,7 @@ Interception Functions :param DNSHeader dh: The DNS Header of the query. -.. function:: gettag(remote, ednssubnet, localip, qname, qtype, ednsoptions, tcp, proxyprotocolvalues) -> int +.. function:: gettag(remote, ednssubnet, localip, qname, qtype, ednsoptions, tcp, proxyprotocolvalues) -> multiple values gettag(remote, ednssubnet, localip, qname, qtype, ednsoptions, tcp) -> int gettag(remote, ednssubnet, localip, qname, qtype, ednsoptions) -> int @@ -79,6 +79,9 @@ Interception Functions Along the ``deviceId`` value that can be returned, it was added a ``deviceName`` field to fill the :attr:`DNSQuestion.deviceName` field. + .. versionadded:: 4.4.0 + A ``routingTag`` can be returned, which is used as an extra name to identify records in the record cache. + The tagged packetcache can e.g. be used to answer queries from cache that have e.g. been filtered for certain IPs (this logic should be implemented in :func:`gettag`). This ensure that queries are answered quickly compared to setting :attr:`dq.variable ` to true. In the latter case, repeated queries will pass through the entire Lua script. @@ -92,6 +95,8 @@ Interception Functions :param bool tcp: Added in 4.1.0, a boolean indicating whether the query was received over UDP (false) or TCP (true). :param proxyprotocolvalues: Added in 4.4.0, a table of :class:`ProxyProtocolValue` objects representing the Type-Length Values received via the Proxy Protocol, if any. + :return: ``tag`` [``, policyTags`` [``, data`` [``, reqId`` [``, deviceId`` [``, deviceName`` [``, routingTag`` ]]]]]] + .. function:: prerpz(dq) This hook is called before any filtering policy have been applied, making it possible to completely disable filtering by setting :attr:`dq.wantsRPZ ` to false.