From: Colin Vidal Date: Tue, 10 Jun 2025 14:32:04 +0000 (+0200) Subject: filter-aaaa can be used as zone or view plugin X-Git-Tag: v9.21.14~56^2~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e8156b394ea5ff3f3c038dc3e44cc837531df876;p=thirdparty%2Fbind9.git filter-aaaa can be used as zone or view plugin Update the filter-aaaa system test so the two authoritative zones in ns4 both configure filter-aaaa as a zone plugin. In order to work in both contexts, the plugin must register both the `NS_QUERY_QCTX_INITIALIZED` and `NS_QUERY_AUTHZONE_ATTACHED` hooks. When the plugin is configured at the zone level in an authoritative server, `NS_QUERY_QCTX_INITIALIZED` is skipped, because no zone will have been looked up by the time it is called. When the zone is found, calling `NS_QUERY_AUTHZONE_ATTACHED` will allow the same initialization to occur. --- diff --git a/bin/plugins/filter-a.c b/bin/plugins/filter-a.c index 23421b31dec..2f684a2a45e 100644 --- a/bin/plugins/filter-a.c +++ b/bin/plugins/filter-a.c @@ -105,7 +105,7 @@ typedef struct filter_instance { * Forward declarations of functions referenced in install_hooks(). */ static ns_hookresult_t -filter_qctx_initialize(void *arg, void *cbdata, isc_result_t *resp); +filter_initialize(void *arg, void *cbdata, isc_result_t *resp); static ns_hookresult_t filter_respond_begin(void *arg, void *cbdata, isc_result_t *resp); static ns_hookresult_t @@ -127,7 +127,7 @@ static void install_hooks(ns_hooktable_t *hooktable, isc_mem_t *mctx, filter_instance_t *inst) { const ns_hook_t filter_init = { - .action = filter_qctx_initialize, + .action = filter_initialize, .action_data = inst, }; @@ -157,6 +157,7 @@ install_hooks(ns_hooktable_t *hooktable, isc_mem_t *mctx, }; ns_hook_add(hooktable, mctx, NS_QUERY_QCTX_INITIALIZED, &filter_init); + ns_hook_add(hooktable, mctx, NS_QUERY_AUTHZONE_ATTACHED, &filter_init); ns_hook_add(hooktable, mctx, NS_QUERY_RESPOND_BEGIN, &filter_respbegin); ns_hook_add(hooktable, mctx, NS_QUERY_RESPOND_ANY_FOUND, &filter_respanyfound); @@ -620,9 +621,15 @@ process_section(const section_filter_t *filter) { * in a hash table keyed according to the client object; this enables us to * retrieve persistent data related to a client query for as long as the * object persists. + * + * Whether the plugin is registered at view level and the server makes authority + * on zones, this can be called twice (once when the query context is + * initialized, once when the authoritative zone is found). This is all fine: + * the state will be initialized on the first call, and the function bails off + * early on the second call (the state is already initialized). */ static ns_hookresult_t -filter_qctx_initialize(void *arg, void *cbdata, isc_result_t *resp) { +filter_initialize(void *arg, void *cbdata, isc_result_t *resp) { query_ctx_t *qctx = (query_ctx_t *)arg; filter_instance_t *inst = (filter_instance_t *)cbdata; filter_data_t *client_state; diff --git a/bin/plugins/filter-aaaa.c b/bin/plugins/filter-aaaa.c index 62281208ec6..d24a6ca80bc 100644 --- a/bin/plugins/filter-aaaa.c +++ b/bin/plugins/filter-aaaa.c @@ -105,7 +105,7 @@ typedef struct filter_instance { * Forward declarations of functions referenced in install_hooks(). */ static ns_hookresult_t -filter_qctx_initialize(void *arg, void *cbdata, isc_result_t *resp); +filter_initialize(void *arg, void *cbdata, isc_result_t *resp); static ns_hookresult_t filter_respond_begin(void *arg, void *cbdata, isc_result_t *resp); static ns_hookresult_t @@ -127,7 +127,7 @@ static void install_hooks(ns_hooktable_t *hooktable, isc_mem_t *mctx, filter_instance_t *inst) { const ns_hook_t filter_init = { - .action = filter_qctx_initialize, + .action = filter_initialize, .action_data = inst, }; @@ -157,6 +157,7 @@ install_hooks(ns_hooktable_t *hooktable, isc_mem_t *mctx, }; ns_hook_add(hooktable, mctx, NS_QUERY_QCTX_INITIALIZED, &filter_init); + ns_hook_add(hooktable, mctx, NS_QUERY_AUTHZONE_ATTACHED, &filter_init); ns_hook_add(hooktable, mctx, NS_QUERY_RESPOND_BEGIN, &filter_respbegin); ns_hook_add(hooktable, mctx, NS_QUERY_RESPOND_ANY_FOUND, &filter_respanyfound); @@ -624,9 +625,15 @@ process_section(const section_filter_t *filter) { * in a hash table keyed according to the client object; this enables us to * retrieve persistent data related to a client query for as long as the * object persists. + * + * Whether the plugin is registered at view level and the server makes authority + * on zones, this can be called twice (once when the query context is + * initialized, once when the authoritative zone is found). This is all fine: + * the state will be initialized on the first call, and the function bails off + * early on the second call (the state is already initialized). */ static ns_hookresult_t -filter_qctx_initialize(void *arg, void *cbdata, isc_result_t *resp) { +filter_initialize(void *arg, void *cbdata, isc_result_t *resp) { query_ctx_t *qctx = (query_ctx_t *)arg; filter_instance_t *inst = (filter_instance_t *)cbdata; filter_data_t *client_state; diff --git a/bin/tests/system/filters/ns4/named.conf.j2 b/bin/tests/system/filters/ns4/named.conf.j2 index 4246092923c..94faf5894eb 100644 --- a/bin/tests/system/filters/ns4/named.conf.j2 +++ b/bin/tests/system/filters/ns4/named.conf.j2 @@ -29,15 +29,15 @@ options { }; {% if family == "v6" %} - plugin query "@TOP_BUILDDIR@/filter-@filtertype@.@DYLIB@" { - filter-@filtertype@-on-v6 break-dnssec; - filter-@filtertype@ { fd92:7065:b8e:ffff::4; }; - }; + plugin query "@TOP_BUILDDIR@/filter-@filtertype@.@DYLIB@" { + filter-@filtertype@-on-v6 break-dnssec; + filter-@filtertype@ { fd92:7065:b8e:ffff::4; }; + }; {% else %} - plugin query "@TOP_BUILDDIR@/filter-@filtertype@.@DYLIB@" { - filter-@filtertype@-on-v4 break-dnssec; - filter-@filtertype@ { 10.53.0.4; }; - }; + plugin query "@TOP_BUILDDIR@/filter-@filtertype@.@DYLIB@" { + filter-@filtertype@-on-v4 break-dnssec; + filter-@filtertype@ { 10.53.0.4; }; + }; {% endif %} key rndc_key { @@ -50,5 +50,35 @@ controls { }; zone "." { type primary; file "root.db"; }; -zone "signed" { type primary; file "signed.db.signed"; }; -zone "unsigned" { type primary; file "unsigned.db"; }; + +zone "signed" { + type primary; + file "signed.db.signed"; + {% if family == "v6" %} + plugin query "@TOP_BUILDDIR@/filter-@filtertype@.@DYLIB@" { + filter-@filtertype@-on-v6 break-dnssec; + filter-@filtertype@ { fd92:7065:b8e:ffff::4; }; + }; + {% else %} + plugin query "@TOP_BUILDDIR@/filter-@filtertype@.@DYLIB@" { + filter-@filtertype@-on-v4 break-dnssec; + filter-@filtertype@ { 10.53.0.4; }; + }; + {% endif %} +}; + +zone "unsigned" { + type primary; + file "unsigned.db"; + {% if family == "v6" %} + plugin query "@TOP_BUILDDIR@/filter-@filtertype@.@DYLIB@" { + filter-@filtertype@-on-v6 break-dnssec; + filter-@filtertype@ { fd92:7065:b8e:ffff::4; }; + }; + {% else %} + plugin query "@TOP_BUILDDIR@/filter-@filtertype@.@DYLIB@" { + filter-@filtertype@-on-v4 break-dnssec; + filter-@filtertype@ { 10.53.0.4; }; + }; + {% endif %} +};