From: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Date: Fri, 28 Aug 2020 09:29:33 +0000 (+0200)
Subject: Document new Lua dq fields and centralize logging in handle olicyHit functions.
X-Git-Tag: rec-4.4.0-beta1^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b3e25e9e578dc726aec065d78461c920267b4263;p=thirdparty%2Fpdns.git

Document new Lua dq fields and centralize logging in handle olicyHit functions.
Plus corrections from review.
---

diff --git a/pdns/filterpo.cc b/pdns/filterpo.cc
index 6de5c9bdac..b5f66d8f6a 100644
--- a/pdns/filterpo.cc
+++ b/pdns/filterpo.cc
@@ -27,7 +27,7 @@
 #include "namespaces.hh"
 #include "dnsrecords.hh"
 
-// Names below are RPZ Actions and end with a dot (execpt "Local Data")
+// Names below are RPZ Actions and end with a dot (except "Local Data")
 static const std::string rpzDropName("rpz-drop."),
   rpzTruncateName("rpz-tcp-only."),
   rpzNoActionName("rpz-passthru."),
@@ -106,7 +106,7 @@ bool DNSFilterEngine::Zone::findNamedPolicy(const std::unordered_map<DNSName, DN
     iter = polmap.find(g_wildcarddnsname+s);
     if(iter != polmap.end()) {
       pol=iter->second;
-      pol.d_trigger = g_wildcarddnsname+s;
+      pol.d_trigger = iter->first;
       pol.d_hit = qname.toStringNoDot();
       return true;
     }
diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index aaec67a0c0..71a61f517b 100644
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -889,6 +889,10 @@ static PolicyResult handlePolicyHit(const DNSFilterEngine::Policy& appliedPolicy
     ++g_stats.policyResults[appliedPolicy.d_kind];
   }
 
+  if (sr.doLog() &&  appliedPolicy.d_type != DNSFilterEngine::PolicyType::None) {
+    g_log << Logger::Warning << dc->d_mdp.d_qname << "|" << QType(dc->d_mdp.d_qtype).getName() << appliedPolicy.getLogString() << endl;
+  }
+
   switch (appliedPolicy.d_kind) {
 
   case DNSFilterEngine::PolicyKind::NoAction:
@@ -1569,10 +1573,6 @@ static void startDoResolve(void *p)
           goto haveAnswer;
         }
         else if (policyResult == PolicyResult::Drop) {
-          if (sr.doLog()) {
-            g_log << Logger::Warning << dc->d_mdp.d_qname << "|" << QType(dc->d_mdp.d_qtype).getName() << appliedPolicy.getLogString() << endl;
-          }
-          g_stats.policyDrops++;
           return;
         }
       }
@@ -1621,9 +1621,6 @@ static void startDoResolve(void *p)
         }
       }
     }
-    if (sr.doLog() &&  appliedPolicy.d_type != DNSFilterEngine::PolicyType::None) {
-      g_log << Logger::Warning << dc->d_mdp.d_qname << "|" << QType(dc->d_mdp.d_qtype).getName() << appliedPolicy.getLogString() << endl;
-    }
 
     if(res == -1) {
       pw.getHeader()->rcode=RCode::ServFail;
diff --git a/pdns/recursordist/docs/lua-scripting/dq.rst b/pdns/recursordist/docs/lua-scripting/dq.rst
index 343b00bd7e..550830c2c2 100644
--- a/pdns/recursordist/docs/lua-scripting/dq.rst
+++ b/pdns/recursordist/docs/lua-scripting/dq.rst
@@ -92,6 +92,14 @@ The DNSQuestion object contains at least the following fields:
 
         The TTL in seconds for the ``pdns.policyactions.Custom`` response
 
+    .. attribute:: DNSQuestion.appliedPolicy.policyTrigger
+
+        The trigger (left-hand) part of the RPZ rule that was matched
+
+  .. attribute:: DNSQuestion.appliedPolicy.policyHit
+
+        The value that was matched. This is a string representing a name or an address.
+
   .. attribute:: DNSQuestion.wantsRPZ
 
       A boolean that indicates the use of the Policy Engine.
diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index 4f3ecb3886..efa6343b2c 100644
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -2028,6 +2028,10 @@ void SyncRes::handlePolicyHit(const std::string& prefix, const DNSName& qname, c
     ++g_stats.policyResults[d_appliedPolicy.d_kind];
   }
 
+  if (d_appliedPolicy.d_type != DNSFilterEngine::PolicyType::None) {
+    LOG(prefix << qname << "|" << qtype.getName() << d_appliedPolicy.getLogString() << endl);
+  }
+
   switch (d_appliedPolicy.d_kind) {
 
   case DNSFilterEngine::PolicyKind::NoAction: