From: Petr Špaček <petr.spacek@nic.cz>
Date: Wed, 10 Jul 2019 06:59:48 +0000 (+0200)
Subject: rebinding: log each blocked request only in verbose mode
X-Git-Tag: v4.1.0~4^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8e4edfcf84b73df30d558aa5f45bb7b9ca9fe600;p=thirdparty%2Fknot-resolver.git

rebinding: log each blocked request only in verbose mode

Also the log now uses the same format query UID format as elsewhere.
---

diff --git a/NEWS b/NEWS
index 51cd5fe12..1a6d7a86e 100644
--- a/NEWS
+++ b/NEWS
@@ -26,6 +26,7 @@ Bugfixes
 - prefill module: avoid crash on empty zone file (#474, !840)
 - rebinding module: avoid excessive iteration on blocked attempts (!842)
 - rebinding module: fix crash caused by race condition (!842)
+- rebinding module: log each blocked query only in verbose mode (!842)
 
 
 Knot Resolver 4.0.0 (2019-04-18)
diff --git a/daemon/lua/kres-gen.lua b/daemon/lua/kres-gen.lua
index aecd4cff5..02e3ea2b8 100644
--- a/daemon/lua/kres-gen.lua
+++ b/daemon/lua/kres-gen.lua
@@ -336,6 +336,7 @@ int kr_rplan_pop(struct kr_rplan *, struct kr_query *);
 struct kr_query *kr_rplan_resolved(struct kr_rplan *);
 struct kr_query *kr_rplan_last(struct kr_rplan *);
 int kr_nsrep_set(struct kr_query *, size_t, const struct sockaddr *);
+void kr_log_qverbose_impl(const struct kr_query *, const char *, const char *, ...);
 int kr_make_query(struct kr_query *, knot_pkt_t *);
 void kr_pkt_make_auth_header(knot_pkt_t *);
 int kr_pkt_put(knot_pkt_t *, const knot_dname_t *, uint32_t, uint16_t, uint16_t, const uint8_t *, uint16_t);
diff --git a/daemon/lua/kres-gen.sh b/daemon/lua/kres-gen.sh
index 118c63334..b0ac3de15 100755
--- a/daemon/lua/kres-gen.sh
+++ b/daemon/lua/kres-gen.sh
@@ -186,6 +186,7 @@ ${CDEFS} ${LIBKRES} functions <<-EOF
 # Nameservers
 	kr_nsrep_set
 # Utils
+	kr_log_qverbose_impl
 	kr_make_query
 	kr_pkt_make_auth_header
 	kr_pkt_put
diff --git a/modules/rebinding/rebinding.lua b/modules/rebinding/rebinding.lua
index 372295fe6..1252549a2 100644
--- a/modules/rebinding/rebinding.lua
+++ b/modules/rebinding/rebinding.lua
@@ -1,3 +1,5 @@
+local ffi = require('ffi')
+
 -- Protection from DNS rebinding attacks
 local kres = require('kres')
 local renumber = require('kres_modules.renumber')
@@ -101,9 +103,12 @@ function M.layer.consume(state, req, pkt)
 	qry.flags.RESOLVED = 1  -- stop iteration
 	qry.flags.CACHED = 1  -- do not cache
 	refuse(req)
-	log('[' .. string.format('%5d', qry.id) .. '][rebinding] '
-	    .. 'blocking blacklisted IP \'' .. kres.rr2str(bad_rr)
-	    .. '\' received from IP ' .. tostring(kres.sockaddr_t(req.upstream.addr)))
+	if verbose() then
+		ffi.C.kr_log_qverbose_impl(qry, 'rebinding',
+		    'blocking blacklisted IP in RR \'%s\' received from IP %s\n',
+		    kres.rr2str(bad_rr),
+		    tostring(kres.sockaddr_t(req.upstream.addr)))
+	end
 	return kres.DONE
 end