From: Otto Moerbeek Date: Tue, 2 Apr 2024 11:39:18 +0000 (+0200) Subject: rec: allow access to real/physical addresses in DNSQuestion X-Git-Tag: rec-5.1.0-alpha1~30^2~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ad6f25d512d3b8ecdc71db4589b1938c00fa3c67;p=thirdparty%2Fpdns.git rec: allow access to real/physical addresses in DNSQuestion --- diff --git a/pdns/recursordist/docs/lua-scripting/dq.rst b/pdns/recursordist/docs/lua-scripting/dq.rst index 4ce6a49b60..aa8fd9641c 100644 --- a/pdns/recursordist/docs/lua-scripting/dq.rst +++ b/pdns/recursordist/docs/lua-scripting/dq.rst @@ -50,10 +50,20 @@ The DNSQuestion object contains at least the following fields: .. attribute:: DNSQuestion.remoteaddr :class:`ComboAddress` of the requestor. + If the proxy protocol is used, this will contain the source address from the proxy protocol header. .. attribute:: DNSQuestion.localaddr :class:`ComboAddress` where this query was received on. + If the proxy protocol is used, this will contain the destination address from the proxy protocol header. + + .. attribute:: DNSQuestion.phys_remoteaddr + + :class:`ComboAddress` of the physical requestor, that is, the physical network source address of the request. + + .. attribute:: DNSQuestion.phys_localaddr + + The physical :class:`ComboAddress` where this query was received on, which is one of the listening addresses of the recursor. .. attribute:: DNSQuestion.variable diff --git a/pdns/recursordist/lua-recursor4-ffi.hh b/pdns/recursordist/lua-recursor4-ffi.hh index f5785bdf7b..7114951731 100644 --- a/pdns/recursordist/lua-recursor4-ffi.hh +++ b/pdns/recursordist/lua-recursor4-ffi.hh @@ -76,6 +76,14 @@ extern "C" const char* pdns_ffi_param_get_local(pdns_ffi_param_t* ref) __attribute__((visibility("default"))); void pdns_ffi_param_get_local_raw(pdns_ffi_param_t* ref, const void** addr, size_t* addrSize) __attribute__((visibility("default"))); uint16_t pdns_ffi_param_get_local_port(const pdns_ffi_param_t* ref) __attribute__((visibility("default"))); + + const char* pdns_ffi_param_get_phys_remote(pdns_ffi_param_t* ref) __attribute__((visibility("default"))); + void pdns_ffi_param_get_phys_remote_raw(pdns_ffi_param_t* ref, const void** addr, size_t* addrSize) __attribute__((visibility("default"))); + uint16_t pdns_ffi_param_get_phys_remote_port(const pdns_ffi_param_t* ref) __attribute__((visibility("default"))); + const char* pdns_ffi_param_get_phys_local(pdns_ffi_param_t* ref) __attribute__((visibility("default"))); + void pdns_ffi_param_get_phys_local_raw(pdns_ffi_param_t* ref, const void** addr, size_t* addrSize) __attribute__((visibility("default"))); + uint16_t pdns_ffi_param_get_phys_local_port(const pdns_ffi_param_t* ref) __attribute__((visibility("default"))); + const char* pdns_ffi_param_get_edns_cs(pdns_ffi_param_t* ref) __attribute__((visibility("default"))); void pdns_ffi_param_get_edns_cs_raw(pdns_ffi_param_t* ref, const void** net, size_t* netSize) __attribute__((visibility("default"))); uint8_t pdns_ffi_param_get_edns_cs_source_mask(const pdns_ffi_param_t* ref) __attribute__((visibility("default"))); diff --git a/pdns/recursordist/lua-recursor4.cc b/pdns/recursordist/lua-recursor4.cc index 0a682b2e5d..bc0c80c05a 100644 --- a/pdns/recursordist/lua-recursor4.cc +++ b/pdns/recursordist/lua-recursor4.cc @@ -167,6 +167,8 @@ void RecursorLua4::postPrepareContext() d_lw->registerMember("isTcp", [](const DNSQuestion& dnsQuestion) -> bool { return dnsQuestion.isTcp; }, [](DNSQuestion& /* dnsQuestion */, bool newTcp) { (void) newTcp; }); d_lw->registerMember("localaddr", [](const DNSQuestion& dnsQuestion) -> const ComboAddress& { return dnsQuestion.local; }, [](DNSQuestion& /* dnsQuestion */, const ComboAddress& newLocal) { (void) newLocal; }); d_lw->registerMember("remoteaddr", [](const DNSQuestion& dnsQuestion) -> const ComboAddress& { return dnsQuestion.remote; }, [](DNSQuestion& /* dnsQuestion */, const ComboAddress& newRemote) { (void) newRemote; }); + d_lw->registerMember("phys_localaddr", [](const DNSQuestion& dnsQuestion) -> const ComboAddress& { return dnsQuestion.phys_local; }, [](DNSQuestion& /* dnsQuestion */, const ComboAddress& newLocal) { (void) newLocal; }); + d_lw->registerMember("phys_remoteaddr", [](const DNSQuestion& dnsQuestion) -> const ComboAddress& { return dnsQuestion.phys_remote; }, [](DNSQuestion& /* dnsQuestion */, const ComboAddress& newRemote) { (void) newRemote; }); d_lw->registerMember("validationState", [](const DNSQuestion& dnsQuestion) -> uint8_t { return (vStateIsBogus(dnsQuestion.validationState) ? /* in order not to break older scripts */ static_cast(255) : static_cast(dnsQuestion.validationState)); }, [](DNSQuestion& /* dnsQuestion */, uint8_t newState) { (void) newState; }); d_lw->registerMember("detailedValidationState", [](const DNSQuestion& dnsQuestion) -> vState { return dnsQuestion.validationState; }, [](DNSQuestion& /* dnsQuestion */, vState newState) { (void) newState; }); @@ -610,7 +612,7 @@ bool RecursorLua4::preoutquery(const ComboAddress& nameserver, const ComboAddres bool wantsRPZ = false; bool logQuery = false; bool addPaddingToResponse = false; - RecursorLua4::DNSQuestion dnsQuestion(nameserver, requestor, query, qtype.getCode(), isTcp, variableAnswer, wantsRPZ, logQuery, addPaddingToResponse, theTime); + RecursorLua4::DNSQuestion dnsQuestion(nameserver, requestor, nameserver, requestor, query, qtype.getCode(), isTcp, variableAnswer, wantsRPZ, logQuery, addPaddingToResponse, theTime); dnsQuestion.currentRecords = &res; eventTrace.add(RecEventTrace::LuaPreOutQuery); bool isOK = genhook(d_preoutquery, dnsQuestion, ret); @@ -706,6 +708,8 @@ public: std::unique_ptr qnameStr{nullptr}; std::unique_ptr localStr{nullptr}; std::unique_ptr remoteStr{nullptr}; + std::unique_ptr physLocalStr{nullptr}; + std::unique_ptr physRemoteStr{nullptr}; std::unique_ptr ednssubnetStr{nullptr}; std::vector ednsOptionsVect; std::vector proxyProtocolValuesVect; @@ -866,6 +870,44 @@ uint16_t pdns_ffi_param_get_local_port(const pdns_ffi_param_t* ref) return ref->params.local.getPort(); } +const char* pdns_ffi_param_get_phys_remote(pdns_ffi_param_t* ref) +{ + if (!ref->physRemoteStr) { + ref->physRemoteStr = std::make_unique(ref->params.phys_remote.toString()); + } + + return ref->physRemoteStr->c_str(); +} + +void pdns_ffi_param_get_phys_remote_raw(pdns_ffi_param_t* ref, const void** addr, size_t* addrSize) +{ + pdns_ffi_comboaddress_to_raw(ref->params.phys_remote, addr, addrSize); +} + +uint16_t pdns_ffi_param_get_phys_remote_port(const pdns_ffi_param_t* ref) +{ + return ref->params.phys_remote.getPort(); +} + +const char* pdns_ffi_param_get_phys_local(pdns_ffi_param_t* ref) +{ + if (!ref->physLocalStr) { + ref->physLocalStr = std::make_unique(ref->params.phys_local.toString()); + } + + return ref->physLocalStr->c_str(); +} + +void pdns_ffi_param_get_phys_local_raw(pdns_ffi_param_t* ref, const void** addr, size_t* addrSize) +{ + pdns_ffi_comboaddress_to_raw(ref->params.phys_local, addr, addrSize); +} + +uint16_t pdns_ffi_param_get_phys_local_port(const pdns_ffi_param_t* ref) +{ + return ref->params.phys_local.getPort(); +} + const char* pdns_ffi_param_get_edns_cs(pdns_ffi_param_t* ref) { if (ref->params.ednssubnet.empty()) { diff --git a/pdns/recursordist/lua-recursor4.hh b/pdns/recursordist/lua-recursor4.hh index 0c7b9c6828..2288b17706 100644 --- a/pdns/recursordist/lua-recursor4.hh +++ b/pdns/recursordist/lua-recursor4.hh @@ -87,12 +87,14 @@ public: struct DNSQuestion { // NOLINTNEXTLINE(bugprone-easily-swappable-parameters) - DNSQuestion(const ComboAddress& rem, const ComboAddress& loc, const DNSName& query, uint16_t type, bool tcp, bool& variable_, bool& wantsRPZ_, bool& logResponse_, bool& addPaddingToResponse_, const struct timeval& queryTime_) : - qname(query), qtype(type), local(loc), remote(rem), isTcp(tcp), variable(variable_), wantsRPZ(wantsRPZ_), logResponse(logResponse_), addPaddingToResponse(addPaddingToResponse_), queryTime(queryTime_) + DNSQuestion(const ComboAddress& prem, const ComboAddress& ploc, const ComboAddress& rem, const ComboAddress& loc, const DNSName& query, uint16_t type, bool tcp, bool& variable_, bool& wantsRPZ_, bool& logResponse_, bool& addPaddingToResponse_, const struct timeval& queryTime_) : + qname(query), qtype(type), phys_local(ploc), phys_remote(prem), local(loc), remote(rem), isTcp(tcp), variable(variable_), wantsRPZ(wantsRPZ_), logResponse(logResponse_), addPaddingToResponse(addPaddingToResponse_), queryTime(queryTime_) { } const DNSName& qname; const uint16_t qtype; + const ComboAddress& phys_local; + const ComboAddress& phys_remote; const ComboAddress& local; const ComboAddress& remote; const ComboAddress* fromAuthIP{nullptr}; @@ -166,13 +168,15 @@ public: { public: // NOLINTNEXTLINE(bugprone-easily-swappable-parameters) - FFIParams(const DNSName& qname_, uint16_t qtype_, const ComboAddress& local_, const ComboAddress& remote_, const Netmask& ednssubnet_, LuaContext::LuaObject& data_, std::unordered_set& policyTags_, std::vector& records_, const EDNSOptionViewMap& ednsOptions_, const std::vector& proxyProtocolValues_, std::string& requestorId_, std::string& deviceId_, std::string& deviceName_, std::string& routingTag_, boost::optional& rcode_, uint32_t& ttlCap_, bool& variable_, bool tcp_, bool& logQuery_, bool& logResponse_, bool& followCNAMERecords_, boost::optional& extendedErrorCode_, std::string& extendedErrorExtra_, bool& disablePadding_, std::map& meta_) : - data(data_), qname(qname_), local(local_), remote(remote_), ednssubnet(ednssubnet_), policyTags(policyTags_), records(records_), ednsOptions(ednsOptions_), proxyProtocolValues(proxyProtocolValues_), requestorId(requestorId_), deviceId(deviceId_), deviceName(deviceName_), routingTag(routingTag_), extendedErrorExtra(extendedErrorExtra_), rcode(rcode_), extendedErrorCode(extendedErrorCode_), ttlCap(ttlCap_), variable(variable_), logQuery(logQuery_), logResponse(logResponse_), followCNAMERecords(followCNAMERecords_), disablePadding(disablePadding_), qtype(qtype_), tcp(tcp_), meta(meta_) + FFIParams(const DNSName& qname_, uint16_t qtype_, const ComboAddress& plocal_, const ComboAddress& premote_, const ComboAddress& local_, const ComboAddress& remote_, const Netmask& ednssubnet_, LuaContext::LuaObject& data_, std::unordered_set& policyTags_, std::vector& records_, const EDNSOptionViewMap& ednsOptions_, const std::vector& proxyProtocolValues_, std::string& requestorId_, std::string& deviceId_, std::string& deviceName_, std::string& routingTag_, boost::optional& rcode_, uint32_t& ttlCap_, bool& variable_, bool tcp_, bool& logQuery_, bool& logResponse_, bool& followCNAMERecords_, boost::optional& extendedErrorCode_, std::string& extendedErrorExtra_, bool& disablePadding_, std::map& meta_) : + data(data_), qname(qname_), phys_local(plocal_), phys_remote(premote_), local(local_), remote(remote_), ednssubnet(ednssubnet_), policyTags(policyTags_), records(records_), ednsOptions(ednsOptions_), proxyProtocolValues(proxyProtocolValues_), requestorId(requestorId_), deviceId(deviceId_), deviceName(deviceName_), routingTag(routingTag_), extendedErrorExtra(extendedErrorExtra_), rcode(rcode_), extendedErrorCode(extendedErrorCode_), ttlCap(ttlCap_), variable(variable_), logQuery(logQuery_), logResponse(logResponse_), followCNAMERecords(followCNAMERecords_), disablePadding(disablePadding_), qtype(qtype_), tcp(tcp_), meta(meta_) { } LuaContext::LuaObject& data; const DNSName& qname; + const ComboAddress& phys_local; + const ComboAddress& phys_remote; const ComboAddress& local; const ComboAddress& remote; const Netmask& ednssubnet; diff --git a/pdns/recursordist/pdns_recursor.cc b/pdns/recursordist/pdns_recursor.cc index 0aec4db5f2..756ec5d046 100644 --- a/pdns/recursordist/pdns_recursor.cc +++ b/pdns/recursordist/pdns_recursor.cc @@ -1107,7 +1107,7 @@ void startDoResolve(void* arg) // NOLINT(readability-function-cognitive-complexi int res = RCode::NoError; DNSFilterEngine::Policy appliedPolicy; - RecursorLua4::DNSQuestion dnsQuestion(comboWriter->d_source, comboWriter->d_destination, comboWriter->d_mdp.d_qname, comboWriter->d_mdp.d_qtype, comboWriter->d_tcp, variableAnswer, wantsRPZ, comboWriter->d_logResponse, addPaddingToResponse, (g_useKernelTimestamp && comboWriter->d_kernelTimestamp.tv_sec != 0) ? comboWriter->d_kernelTimestamp : comboWriter->d_now); + RecursorLua4::DNSQuestion dnsQuestion(comboWriter->d_remote, comboWriter->d_local, comboWriter->d_source, comboWriter->d_destination, comboWriter->d_mdp.d_qname, comboWriter->d_mdp.d_qtype, comboWriter->d_tcp, variableAnswer, wantsRPZ, comboWriter->d_logResponse, addPaddingToResponse, (g_useKernelTimestamp && comboWriter->d_kernelTimestamp.tv_sec != 0) ? comboWriter->d_kernelTimestamp : comboWriter->d_now); dnsQuestion.ednsFlags = &edo.d_extFlags; dnsQuestion.ednsOptions = &ednsOpts; dnsQuestion.tag = comboWriter->d_tag; @@ -2217,7 +2217,7 @@ static string* doProcessUDPQuestion(const std::string& question, const ComboAddr if (t_pdl) { try { if (t_pdl->hasGettagFFIFunc()) { - RecursorLua4::FFIParams params(qname, qtype, destination, source, ednssubnet.source, data, policyTags, records, ednsOptions, proxyProtocolValues, requestorId, deviceId, deviceName, routingTag, rcode, ttlCap, variable, false, logQuery, logResponse, followCNAMEs, extendedErrorCode, extendedErrorExtra, responsePaddingDisabled, meta); + RecursorLua4::FFIParams params(qname, qtype, destaddr, fromaddr, destination, source, ednssubnet.source, data, policyTags, records, ednsOptions, proxyProtocolValues, requestorId, deviceId, deviceName, routingTag, rcode, ttlCap, variable, false, logQuery, logResponse, followCNAMEs, extendedErrorCode, extendedErrorExtra, responsePaddingDisabled, meta); eventTrace.add(RecEventTrace::LuaGetTagFFI); ctag = t_pdl->gettag_ffi(params); diff --git a/pdns/recursordist/rec-tcp.cc b/pdns/recursordist/rec-tcp.cc index a2287598a0..c68d245b49 100644 --- a/pdns/recursordist/rec-tcp.cc +++ b/pdns/recursordist/rec-tcp.cc @@ -327,7 +327,7 @@ static void doProcessTCPQuestion(std::unique_ptr& comboWriter, s if (t_pdl) { try { if (t_pdl->hasGettagFFIFunc()) { - RecursorLua4::FFIParams params(qname, qtype, comboWriter->d_destination, comboWriter->d_source, comboWriter->d_ednssubnet.source, comboWriter->d_data, comboWriter->d_policyTags, comboWriter->d_records, ednsOptions, comboWriter->d_proxyProtocolValues, requestorId, deviceId, deviceName, comboWriter->d_routingTag, comboWriter->d_rcode, comboWriter->d_ttlCap, comboWriter->d_variable, true, logQuery, comboWriter->d_logResponse, comboWriter->d_followCNAMERecords, comboWriter->d_extendedErrorCode, comboWriter->d_extendedErrorExtra, comboWriter->d_responsePaddingDisabled, comboWriter->d_meta); + RecursorLua4::FFIParams params(qname, qtype, comboWriter->d_local, comboWriter->d_remote, comboWriter->d_destination, comboWriter->d_source, comboWriter->d_ednssubnet.source, comboWriter->d_data, comboWriter->d_policyTags, comboWriter->d_records, ednsOptions, comboWriter->d_proxyProtocolValues, requestorId, deviceId, deviceName, comboWriter->d_routingTag, comboWriter->d_rcode, comboWriter->d_ttlCap, comboWriter->d_variable, true, logQuery, comboWriter->d_logResponse, comboWriter->d_followCNAMERecords, comboWriter->d_extendedErrorCode, comboWriter->d_extendedErrorExtra, comboWriter->d_responsePaddingDisabled, comboWriter->d_meta); comboWriter->d_eventTrace.add(RecEventTrace::LuaGetTagFFI); comboWriter->d_tag = t_pdl->gettag_ffi(params); comboWriter->d_eventTrace.add(RecEventTrace::LuaGetTagFFI, comboWriter->d_tag, false);