From: Remi Gacogne Date: Wed, 30 Mar 2016 14:30:13 +0000 (+0200) Subject: rec: Add a name to DNSFilterEngine policy X-Git-Tag: dnsdist-1.0.0-beta1~51^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=83971888a17bbb059d5709cf069d29ec49fb6dc0;p=thirdparty%2Fpdns.git rec: Add a name to DNSFilterEngine policy --- diff --git a/pdns/filterpo.cc b/pdns/filterpo.cc index a3d2bc22f6..259350d3a7 100644 --- a/pdns/filterpo.cc +++ b/pdns/filterpo.cc @@ -42,7 +42,7 @@ bool findNamedPolicy(const map& polmap, const DNSFilterEngine::Policy DNSFilterEngine::getProcessingPolicy(const DNSName& qname) const { // cout<<"Got question for nameserver name "<& return fnd->second; } } - return Policy{PolicyKind::NoAction, nullptr, 0}; + return Policy{PolicyKind::NoAction, nullptr, "", 0}; } void DNSFilterEngine::assureZones(int zone) diff --git a/pdns/filterpo.hh b/pdns/filterpo.hh index 8eb198edbd..a5b8d4e125 100644 --- a/pdns/filterpo.hh +++ b/pdns/filterpo.hh @@ -51,6 +51,7 @@ public: } PolicyKind d_kind; std::shared_ptr d_custom; + std::string d_name; int d_ttl; }; diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc index cab442fc18..1a5bd84aca 100644 --- a/pdns/pdns_recursor.cc +++ b/pdns/pdns_recursor.cc @@ -692,6 +692,7 @@ void startDoResolve(void *p) vector packet; auto luaconfsLocal = g_luaconfs.getLocal(); + std::string appliedPolicy; #ifdef HAVE_PROTOBUF PBDNSMessage_DNSResponse protobufResponse; if(luaconfsLocal->protobufServer) { @@ -768,10 +769,12 @@ void startDoResolve(void *p) return; case DNSFilterEngine::PolicyKind::NXDOMAIN: res=RCode::NXDomain; + appliedPolicy=dfepol.d_name; goto haveAnswer; case DNSFilterEngine::PolicyKind::NODATA: res=RCode::NoError; + appliedPolicy=dfepol.d_name; goto haveAnswer; case DNSFilterEngine::PolicyKind::Custom: @@ -783,6 +786,7 @@ void startDoResolve(void *p) spoofed.d_content = dfepol.d_custom; spoofed.d_place = DNSResourceRecord::ANSWER; ret.push_back(spoofed); + appliedPolicy=dfepol.d_name; goto haveAnswer; @@ -790,6 +794,7 @@ void startDoResolve(void *p) if(!dc->d_tcp) { res=RCode::NoError; pw.getHeader()->tc=1; + appliedPolicy=dfepol.d_name; goto haveAnswer; } break; @@ -818,11 +823,13 @@ void startDoResolve(void *p) case DNSFilterEngine::PolicyKind::NXDOMAIN: ret.clear(); res=RCode::NXDomain; + appliedPolicy=dfepol.d_name; goto haveAnswer; case DNSFilterEngine::PolicyKind::NODATA: ret.clear(); res=RCode::NoError; + appliedPolicy=dfepol.d_name; goto haveAnswer; case DNSFilterEngine::PolicyKind::Truncate: @@ -830,6 +837,7 @@ void startDoResolve(void *p) ret.clear(); res=RCode::NoError; pw.getHeader()->tc=1; + appliedPolicy=dfepol.d_name; goto haveAnswer; } break; @@ -844,6 +852,7 @@ void startDoResolve(void *p) spoofed.d_content = dfepol.d_custom; spoofed.d_place = DNSResourceRecord::ANSWER; ret.push_back(spoofed); + appliedPolicy=dfepol.d_name; goto haveAnswer; } @@ -995,6 +1004,9 @@ void startDoResolve(void *p) #ifdef HAVE_PROTOBUF if (luaconfsLocal->protobufServer) { protobufResponse.set_rcode(pw.getHeader()->rcode); + if (!appliedPolicy.empty()) { + protobufResponse.set_appliedpolicy(appliedPolicy); + } protobufLogResponse(luaconfsLocal->protobufServer, dc, packet.size(), protobufResponse); } #endif diff --git a/pdns/rec-lua-conf.cc b/pdns/rec-lua-conf.cc index 7a95e4861d..90fdfd1d38 100644 --- a/pdns/rec-lua-conf.cc +++ b/pdns/rec-lua-conf.cc @@ -89,11 +89,16 @@ void loadRecursorLuaConfig(const std::string& fname) Lua.writeFunction("rpzFile", [&lci](const string& fname, const boost::optional>>& options) { try { boost::optional defpol; + std::string polName; if(options) { auto& have = *options; + if(have.count("policyName")) { + polName = boost::get(constGet(have, "policyName")); + } if(have.count("defpol")) { defpol=DNSFilterEngine::Policy(); defpol->d_kind = (DNSFilterEngine::PolicyKind)boost::get(constGet(have, "defpol")); + defpol->d_name = polName; if(defpol->d_kind == DNSFilterEngine::PolicyKind::Custom) { defpol->d_custom= shared_ptr( @@ -108,9 +113,8 @@ void loadRecursorLuaConfig(const std::string& fname) defpol->d_ttl = -1; // get it from the zone } } - } - loadRPZFromFile(fname, lci.dfe, defpol, 0); + loadRPZFromFile(fname, lci.dfe, polName, defpol, 0); } catch(std::exception& e) { theL()< defpol; TSIGTriplet tt; int refresh=0; + std::string polName; if(options) { auto& have = *options; - + if(have.count("policyName")) { + polName = boost::get(constGet(have, "policyName")); + } if(have.count("defpol")) { // cout<<"Set a default policy"<d_kind = (DNSFilterEngine::PolicyKind)boost::get(constGet(have, "defpol")); + defpol->d_name = polName; if(defpol->d_kind == DNSFilterEngine::PolicyKind::Custom) { // cout<<"Setting a custom field even!"<d_custom= @@ -142,7 +150,6 @@ void loadRecursorLuaConfig(const std::string& fname) defpol->d_ttl = boost::get(constGet(have, "defttl")); else defpol->d_ttl = -1; // get it from the zone - } } if(have.count("tsigname")) { @@ -158,10 +165,10 @@ void loadRecursorLuaConfig(const std::string& fname) ComboAddress master(master_, 53); DNSName zone(zone_); - auto sr=loadRPZFromServer(master,zone, lci.dfe, defpol, 0, tt); + auto sr=loadRPZFromServer(master, zone, lci.dfe, polName, defpol, 0, tt); if(refresh) sr->d_st.refresh=refresh; - std::thread t(RPZIXFRTracker, master, zone, tt, sr); + std::thread t(RPZIXFRTracker, master, zone, polName, tt, sr); t.detach(); } catch(std::exception& e) { diff --git a/pdns/reczones.cc b/pdns/reczones.cc index 43c7d8277e..f2f572ded8 100644 --- a/pdns/reczones.cc +++ b/pdns/reczones.cc @@ -309,7 +309,7 @@ string reloadAuthAndForwards() } -void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, const TSIGTriplet& tt, shared_ptr oursr) +void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, const std::string& polName, const TSIGTriplet& tt, shared_ptr oursr) { int refresh = oursr->d_st.refresh; for(;;) { @@ -351,7 +351,7 @@ void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, const TSIGT } else { L<(), 0); + RPZRecordToPolicy(rr, luaconfsCopy.dfe, polName, false, boost::optional(), 0); } } @@ -364,7 +364,7 @@ void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, const TSIGT } else { L<(), 0); + RPZRecordToPolicy(rr, luaconfsCopy.dfe, polName, true, boost::optional(), 0); } } } diff --git a/pdns/rpzloader.cc b/pdns/rpzloader.cc index 4a7c62fff0..6be490f9fd 100644 --- a/pdns/rpzloader.cc +++ b/pdns/rpzloader.cc @@ -15,13 +15,13 @@ static Netmask makeNetmaskFromRPZ(const DNSName& name) return Netmask(parts[4]+"."+parts[3]+"."+parts[2]+"."+parts[1]+"/"+parts[0]); } -void RPZRecordToPolicy(const DNSRecord& dr, DNSFilterEngine& target, bool addOrRemove, boost::optional defpol, int place) +void RPZRecordToPolicy(const DNSRecord& dr, DNSFilterEngine& target, const std::string& polName, bool addOrRemove, boost::optional defpol, int place) { static const DNSName drop("rpz-drop."), truncate("rpz-tcp-only."), noaction("rpz-passthru."); static const DNSName rpzClientIP("rpz-client-ip"), rpzIP("rpz-ip"), rpzNSDname("rpz-nsdname"), rpzNSIP("rpz-nsip."); - DNSFilterEngine::Policy pol{DNSFilterEngine::PolicyKind::NoAction, nullptr, 0}; + DNSFilterEngine::Policy pol{DNSFilterEngine::PolicyKind::NoAction, nullptr, polName, 0}; if(dr.d_type == QType::CNAME) { auto target=std::dynamic_pointer_cast(dr.d_content)->getTarget(); @@ -97,7 +97,7 @@ void RPZRecordToPolicy(const DNSRecord& dr, DNSFilterEngine& target, bool addOrR } } -shared_ptr loadRPZFromServer(const ComboAddress& master, const DNSName& zone, DNSFilterEngine& target, boost::optional defpol, int place, const TSIGTriplet& tt) +shared_ptr loadRPZFromServer(const ComboAddress& master, const DNSName& zone, DNSFilterEngine& target, const std::string& polName, boost::optional defpol, int place, const TSIGTriplet& tt) { L< loadRPZFromServer(const ComboAddress& master, const continue; } - RPZRecordToPolicy(dr, target, true, defpol, place); + RPZRecordToPolicy(dr, target, polName, true, defpol, place); nrecords++; } if(last != time(0)) { @@ -134,7 +134,7 @@ shared_ptr loadRPZFromServer(const ComboAddress& master, const return sr; } -int loadRPZFromFile(const std::string& fname, DNSFilterEngine& target, boost::optional defpol, int place) +int loadRPZFromFile(const std::string& fname, DNSFilterEngine& target, const std::string& polName, boost::optional defpol, int place) { ZoneParserTNG zpt(fname); DNSResourceRecord drr; @@ -153,7 +153,7 @@ int loadRPZFromFile(const std::string& fname, DNSFilterEngine& target, boost::op } else { dr.d_name=dr.d_name.makeRelative(domain); - RPZRecordToPolicy(dr, target, true, defpol, place); + RPZRecordToPolicy(dr, target, polName, true, defpol, place); } } catch(PDNSException& pe) { diff --git a/pdns/rpzloader.hh b/pdns/rpzloader.hh index 113410188e..c61993ae4f 100644 --- a/pdns/rpzloader.hh +++ b/pdns/rpzloader.hh @@ -3,7 +3,7 @@ #include #include "dnsrecords.hh" -int loadRPZFromFile(const std::string& fname, DNSFilterEngine& target, boost::optional defpol, int place); -std::shared_ptr loadRPZFromServer(const ComboAddress& master, const DNSName& zone, DNSFilterEngine& target, boost::optional defpol, int place, const TSIGTriplet& tt); -void RPZRecordToPolicy(const DNSRecord& dr, DNSFilterEngine& target, bool addOrRemove, boost::optional defpol, int place); -void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, const TSIGTriplet &tt, shared_ptr oursr); +int loadRPZFromFile(const std::string& fname, DNSFilterEngine& target, const std::string& policyName, boost::optional defpol, int place); +std::shared_ptr loadRPZFromServer(const ComboAddress& master, const DNSName& zone, DNSFilterEngine& target, const std::string& policyName, boost::optional defpol, int place, const TSIGTriplet& tt); +void RPZRecordToPolicy(const DNSRecord& dr, DNSFilterEngine& target, const std::string& policyName, bool addOrRemove, boost::optional defpol, int place); +void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, const std::string& policyName, const TSIGTriplet &tt, shared_ptr oursr);