From: Vladimír Čunát Date: Fri, 11 Jan 2019 11:44:23 +0000 (+0100) Subject: modules/policy RPZ: various nitpicks X-Git-Tag: v4.0.0~41^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9f1723e43ed45936bfae87b3f0f09f015b3e3fd1;p=thirdparty%2Fknot-resolver.git modules/policy RPZ: various nitpicks - logging - watch by default - in Fedora we need to depend on the version for lua 5.1 --- diff --git a/NEWS b/NEWS index fe1300745..9af226c36 100644 --- a/NEWS +++ b/NEWS @@ -11,6 +11,8 @@ Bugfixes Improvements ------------ - hints module: allow configuring the TTL and change default from 0 to 5s +- policy module: policy.rpz() will watch the file for changes by default +- packaging: lua cqueues added to default dependencies where available Knot Resolver 3.2.1 (2019-01-10) diff --git a/distro/rpm/knot-resolver.spec b/distro/rpm/knot-resolver.spec index 975959d07..57eb1e82f 100644 --- a/distro/rpm/knot-resolver.spec +++ b/distro/rpm/knot-resolver.spec @@ -59,7 +59,7 @@ BuildRequires: pkgconfig(lmdb) BuildRequires: python3-sphinx Requires: lua-socket-compat Requires: lua-sec-compat -Requires: lua-cqueues +Requires: lua-cqueues-compat Requires(pre): shadow-utils %endif %if 0%{?suse_version} diff --git a/modules/policy/README.rst b/modules/policy/README.rst index b85242a29..3b33e03be 100644 --- a/modules/policy/README.rst +++ b/modules/policy/README.rst @@ -231,7 +231,7 @@ Most properties (actions, filters) are described above. :param action: the default action for match in the zone; typically you want ``policy.DENY`` :param path: path to zone file | database - :param watch: boolean, if true the file will be reparsed and the ruleset reloaded on file change + :param watch: boolean, if not false, the file will be reparsed and the ruleset reloaded on file change Enforce RPZ_ rules. This can be used in conjunction with published blocklist feeds. The RPZ_ operation is well described in this `Jan-Piet Mens's post`_, diff --git a/modules/policy/policy.lua b/modules/policy/policy.lua index 9227be342..467cb81a4 100644 --- a/modules/policy/policy.lua +++ b/modules/policy/policy.lua @@ -450,13 +450,14 @@ local function rpz_parse(action, path) rules[name] = action_map[name_action] -- Warn when NYI if #name > 1 and not action_map[name_action] then - print(string.format('[ rpz ] %s:%d: unsupported policy action', path, tonumber(parser.line_counter))) + log('[poli] RPZ %s:%d: unsupported policy action', path, tonumber(parser.line_counter)) end end collectgarbage() return rules end +-- Split path into dirname and basename (like the shell utilities) local function get_dir_and_file(path) local dir, file = string.match(path, "(.*)/([^/]+)") @@ -475,7 +476,7 @@ end function policy.rpz(action, path, watch) local rules = rpz_parse(action, path) - if watch then + if watch or true then local has_notify, notify = pcall(require, 'cqueues.notify') if has_notify then local bit = require('bit') @@ -490,11 +491,16 @@ function policy.rpz(action, path, watch) -- Watcher will also fire for changes to the directory itself if name == file then -- If the file changes then reparse and replace the existing ruleset + if verbose() then + log('[poli] RPZ reloading: ' .. name) + end rules = rpz_parse(action, path) end end end) - else + elseif watch then -- explicitly requested and failed + error('[poli] lua-cqueues required to watch and reload RPZ file') + elseif verbose() then log('[poli] lua-cqueues required to watch and reload RPZ file, continuing without watching') end end