From: Otto Moerbeek Date: Tue, 18 Aug 2020 10:33:56 +0000 (+0200) Subject: Also process removal in a more generic way. X-Git-Tag: rec-4.4.0-beta1~18^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6c6c4c24b4304812cbce713d9bf1f8c5ca5130ed;p=thirdparty%2Fpdns.git Also process removal in a more generic way. --- diff --git a/pdns/filterpo.cc b/pdns/filterpo.cc index 3c8220721c..3c39947b03 100644 --- a/pdns/filterpo.cc +++ b/pdns/filterpo.cc @@ -311,7 +311,7 @@ void DNSFilterEngine::assureZones(size_t zone) d_zones.resize(zone+1); } -void DNSFilterEngine::Zone::addToNameMap(std::unordered_map& map, const DNSName& n, Policy&& pol, bool ignoreDuplicate, PolicyType ptype) +void DNSFilterEngine::Zone::addNameTrigger(std::unordered_map& map, const DNSName& n, Policy&& pol, bool ignoreDuplicate, PolicyType ptype) { auto it = map.find(n); @@ -337,7 +337,7 @@ void DNSFilterEngine::Zone::addToNameMap(std::unordered_map& map } } -void DNSFilterEngine::Zone::addToNetmaskTree(NetmaskTree& nmt, const Netmask& nm, Policy&& pol, bool ignoreDuplicate, PolicyType ptype) +void DNSFilterEngine::Zone::addNetmaskTrigger(NetmaskTree& nmt, const Netmask& nm, Policy&& pol, bool ignoreDuplicate, PolicyType ptype) { bool exists = nmt.has_key(nm); @@ -365,60 +365,59 @@ void DNSFilterEngine::Zone::addToNetmaskTree(NetmaskTree& nmt, const Net } } -void DNSFilterEngine::Zone::addClientTrigger(const Netmask& nm, Policy&& pol, bool ignoreDuplicate) -{ - addToNetmaskTree(d_qpolAddr, nm, std::move(pol), ignoreDuplicate, PolicyType::ClientIP); -} - -void DNSFilterEngine::Zone::addResponseTrigger(const Netmask& nm, Policy&& pol, bool ignoreDuplicate) +bool DNSFilterEngine::Zone::rmNameTrigger(std::unordered_map& map, const DNSName& n, const Policy& pol) { - addToNetmaskTree(d_postpolAddr, nm, std::move(pol), ignoreDuplicate, PolicyType::ResponseIP); -} - -void DNSFilterEngine::Zone::addQNameTrigger(const DNSName& n, Policy&& pol, bool ignoreDuplicate) -{ - addToNameMap(d_qpolName, n, std::move(pol), ignoreDuplicate, PolicyType::QName); -} + auto found = map.find(n); + if (found == map.end()) { + return false; + } -void DNSFilterEngine::Zone::addNSTrigger(const DNSName& n, Policy&& pol, bool ignoreDuplicate) -{ - addToNameMap(d_propolName, n, std::move(pol), ignoreDuplicate, PolicyType::NSDName); -} + auto& existing = found->second; + if (existing.d_kind != DNSFilterEngine::PolicyKind::Custom) { + map.erase(found); + return true; + } -void DNSFilterEngine::Zone::addNSIPTrigger(const Netmask& nm, Policy&& pol, bool ignoreDuplicate) -{ - addToNetmaskTree(d_propolNSAddr, nm, std::move(pol), ignoreDuplicate, PolicyType::NSIP); -} + /* for custom types, we might have more than one type, + and then we need to remove only the right ones. */ + if (existing.d_custom.size() <= 1) { + map.erase(found); + return true; + } -bool DNSFilterEngine::Zone::rmClientTrigger(const Netmask& nm, const Policy& pol) -{ - d_qpolAddr.erase(nm); - return true; -} + bool result = false; + for (auto& toRemove : pol.d_custom) { + for (auto it = existing.d_custom.begin(); it != existing.d_custom.end(); ++it) { + if (**it == *toRemove) { + existing.d_custom.erase(it); + result = true; + break; + } + } + } -bool DNSFilterEngine::Zone::rmResponseTrigger(const Netmask& nm, const Policy& pol) -{ - d_postpolAddr.erase(nm); - return true; + return result; } -bool DNSFilterEngine::Zone::rmQNameTrigger(const DNSName& n, const Policy& pol) +bool DNSFilterEngine::Zone::rmNetmaskTrigger(NetmaskTree& nmt, const Netmask& nm, const Policy& pol) { - auto found = d_qpolName.find(n); - if (found == d_qpolName.end()) { + bool found = nmt.has_key(nm); + if (!found) { return false; } - auto& existing = found->second; + // XXX NetMaskTree's node_type has a non-const second, but lookup() returns a const node_type *, so we cannot modify second + // Should look into making lookup) return a non-const node_type *... + auto& existing = const_cast(nmt.lookup(nm)->second); if (existing.d_kind != DNSFilterEngine::PolicyKind::Custom) { - d_qpolName.erase(found); + nmt.erase(nm); return true; } /* for custom types, we might have more than one type, and then we need to remove only the right ones. */ if (existing.d_custom.size() <= 1) { - d_qpolName.erase(found); + nmt.erase(nm); return true; } @@ -436,16 +435,54 @@ bool DNSFilterEngine::Zone::rmQNameTrigger(const DNSName& n, const Policy& pol) return result; } +void DNSFilterEngine::Zone::addClientTrigger(const Netmask& nm, Policy&& pol, bool ignoreDuplicate) +{ + addNetmaskTrigger(d_qpolAddr, nm, std::move(pol), ignoreDuplicate, PolicyType::ClientIP); +} + +void DNSFilterEngine::Zone::addResponseTrigger(const Netmask& nm, Policy&& pol, bool ignoreDuplicate) +{ + addNetmaskTrigger(d_postpolAddr, nm, std::move(pol), ignoreDuplicate, PolicyType::ResponseIP); +} + +void DNSFilterEngine::Zone::addQNameTrigger(const DNSName& n, Policy&& pol, bool ignoreDuplicate) +{ + addNameTrigger(d_qpolName, n, std::move(pol), ignoreDuplicate, PolicyType::QName); +} + +void DNSFilterEngine::Zone::addNSTrigger(const DNSName& n, Policy&& pol, bool ignoreDuplicate) +{ + addNameTrigger(d_propolName, n, std::move(pol), ignoreDuplicate, PolicyType::NSDName); +} + +void DNSFilterEngine::Zone::addNSIPTrigger(const Netmask& nm, Policy&& pol, bool ignoreDuplicate) +{ + addNetmaskTrigger(d_propolNSAddr, nm, std::move(pol), ignoreDuplicate, PolicyType::NSIP); +} + +bool DNSFilterEngine::Zone::rmClientTrigger(const Netmask& nm, const Policy& pol) +{ + return rmNetmaskTrigger(d_qpolAddr, nm, pol); +} + +bool DNSFilterEngine::Zone::rmResponseTrigger(const Netmask& nm, const Policy& pol) +{ + return rmNetmaskTrigger(d_postpolAddr, nm, pol); +} + +bool DNSFilterEngine::Zone::rmQNameTrigger(const DNSName& n, const Policy& pol) +{ + return rmNameTrigger(d_qpolName, n, pol); +} + bool DNSFilterEngine::Zone::rmNSTrigger(const DNSName& n, const Policy& pol) { - d_propolName.erase(n); // XXX verify policy matched? =pol; - return true; + return rmNameTrigger(d_propolName, n, pol); } bool DNSFilterEngine::Zone::rmNSIPTrigger(const Netmask& nm, const Policy& pol) { - d_propolNSAddr.erase(nm); - return true; + return rmNetmaskTrigger(d_propolNSAddr, nm, pol); } DNSRecord DNSFilterEngine::Policy::getRecordFromCustom(const DNSName& qname, const std::shared_ptr& custom) const diff --git a/pdns/filterpo.hh b/pdns/filterpo.hh index e726968e4e..1a0476b790 100644 --- a/pdns/filterpo.hh +++ b/pdns/filterpo.hh @@ -276,8 +276,11 @@ public: } private: - void addToNetmaskTree(NetmaskTree& nmt, const Netmask& nm, Policy&& pol, bool ignoreDuplicate, PolicyType ptype); - void addToNameMap(std::unordered_map& map, const DNSName& n, Policy&& pol, bool ignoreDuplicate, PolicyType ptype); + void addNameTrigger(std::unordered_map& map, const DNSName& n, Policy&& pol, bool ignoreDuplicate, PolicyType ptype); + void addNetmaskTrigger(NetmaskTree& nmt, const Netmask& nm, Policy&& pol, bool ignoreDuplicate, PolicyType ptype); + bool rmNameTrigger(std::unordered_map& map, const DNSName& n, const Policy& pol); + bool rmNetmaskTrigger(NetmaskTree& nmt, const Netmask& nm, const Policy& pol); + static DNSName maskToRPZ(const Netmask& nm); static bool findExactNamedPolicy(const std::unordered_map& polmap, const DNSName& qname, DNSFilterEngine::Policy& pol); static bool findNamedPolicy(const std::unordered_map& polmap, const DNSName& qname, DNSFilterEngine::Policy& pol);