From: Oto Šťáva Date: Fri, 19 Nov 2021 09:11:18 +0000 (+0100) Subject: modules/policy: add 'domain' filter for equality matching X-Git-Tag: v5.4.3~7^2~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dde426bf96e87db289a4aa063e0ff81d2ea6cefd;p=thirdparty%2Fknot-resolver.git modules/policy: add 'domain' filter for equality matching --- diff --git a/modules/policy/README.rst b/modules/policy/README.rst index 6d22b9bc0..7037e4e0a 100644 --- a/modules/policy/README.rst +++ b/modules/policy/README.rst @@ -28,6 +28,16 @@ A *filter* selects which queries will be affected by specified Actions_. There a Always applies the action. +.. function:: domain(action, domain) + + Applies the action if query name matches the provided domain name. + +.. note:: For speed this filter requires a domain name in DNS wire format, not textual representation, so each label in the name must be prefixed with its length. Always use convenience function :func:`todname` for automatic conversion from a string! For example: + + .. code-block:: lua + + policy.domain(policy.DENY, todname('example.com')) + .. function:: pattern(action, pattern) Applies the action if query name matches a `Lua regular expression `_. diff --git a/modules/policy/policy.lua b/modules/policy/policy.lua index 07ba88b60..74ee25b81 100644 --- a/modules/policy/policy.lua +++ b/modules/policy/policy.lua @@ -344,7 +344,17 @@ function policy.all(action) return function(_, _) return action end end --- Requests which QNAME matches given zone list (i.e. suffix match) +-- Requests whose QNAME is exactly the provided domain +function policy.domain(action, dname) + return function(_, query) + if query:name() == dname then + return action + end + return nil + end +end + +-- Requests whose QNAME matches given zone list (i.e. suffix match) function policy.suffix(action, zone_list) local AC = require('ahocorasick') local tree = AC.create(zone_list)