Added new logging category rpz-passthru

It is now possible to use the new logging category "rpz-passthru"
to redirect RPZ passthru activity to a dedicate logging channel.

diff --git a/lib/dns/include/dns/log.h b/lib/dns/include/dns/log.h
index a687fbfc9fb0c3303702fec9ab835a3d28971830..4fe22e4b6a16e1e18ca8796e02bb706079d1e0eb 100644 (file)
--- a/lib/dns/include/dns/log.h
+++ b/lib/dns/include/dns/log.h
@@ -41,6 +41,7 @@ LIBDNS_EXTERNAL_DATA extern isc_logmodule_t   dns_modules[];
 #define DNS_LOGCATEGORY_DNSTAP         (&dns_categories[16])
 #define DNS_LOGCATEGORY_ZONELOAD       (&dns_categories[17])
 #define DNS_LOGCATEGORY_NSID           (&dns_categories[18])
+#define DNS_LOGCATEGORY_RPZ_PASSTHRU   (&dns_categories[19])
 
 /* Backwards compatibility. */
 #define DNS_LOGCATEGORY_GENERAL ISC_LOGCATEGORY_GENERAL

diff --git a/lib/dns/log.c b/lib/dns/log.c
index 5964d1ba491e5eb19d53f261cc6b1b048e99a2cc..98163b0ba243873c8386c92f9bce53586a03d6e0 100644 (file)
--- a/lib/dns/log.c
+++ b/lib/dns/log.c
@@ -20,26 +20,13 @@
  * \#define to <dns/log.h>.
  */
 LIBDNS_EXTERNAL_DATA isc_logcategory_t dns_categories[] = {
-       { "notify", 0 },
-       { "database", 0 },
-       { "security", 0 },
-       { "_placeholder", 0 },
-       { "dnssec", 0 },
-       { "resolver", 0 },
-       { "xfer-in", 0 },
-       { "xfer-out", 0 },
-       { "dispatch", 0 },
-       { "lame-servers", 0 },
-       { "delegation-only", 0 },
-       { "edns-disabled", 0 },
-       { "rpz", 0 },
-       { "rate-limit", 0 },
-       { "cname", 0 },
-       { "spill", 0 },
-       { "dnstap", 0 },
-       { "zoneload", 0 },
-       { "nsid", 0 },
-       { NULL, 0 }
+       { "notify", 0 },       { "database", 0 },        { "security", 0 },
+       { "_placeholder", 0 }, { "dnssec", 0 },          { "resolver", 0 },
+       { "xfer-in", 0 },      { "xfer-out", 0 },        { "dispatch", 0 },
+       { "lame-servers", 0 }, { "delegation-only", 0 }, { "edns-disabled", 0 },
+       { "rpz", 0 },          { "rate-limit", 0 },      { "cname", 0 },
+       { "spill", 0 },        { "dnstap", 0 },          { "zoneload", 0 },
+       { "nsid", 0 },         { "rpz-passthru", 0 },    { NULL, 0 }
 };
 
 /*%

diff --git a/lib/ns/query.c b/lib/ns/query.c
index 8f1a8b11624b29e21cb5e44edcb80d46e6ea1fe7..9d3ca90df97314311fa0bb8609e58aa403b4261e 100644 (file)
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@@ -1164,8 +1164,12 @@ rpz_log_rewrite(ns_client_t *client, bool disabled, dns_rpz_policy_t policy,
        dns_rdataclass_format(rdataset->rdclass, classbuf, sizeof(classbuf));
        dns_rdatatype_format(rdataset->type, typebuf, sizeof(typebuf));
 
-       ns_client_log(client, DNS_LOGCATEGORY_RPZ, NS_LOGMODULE_QUERY,
-                     DNS_RPZ_INFO_LEVEL,
+       /* It's possible to have a separate log channel for rpz passthru. */
+       isc_logcategory_t *log_cat = (policy == DNS_RPZ_POLICY_PASSTHRU)
+                                            ? DNS_LOGCATEGORY_RPZ_PASSTHRU
+                                            : DNS_LOGCATEGORY_RPZ;
+
+       ns_client_log(client, log_cat, NS_LOGMODULE_QUERY, DNS_RPZ_INFO_LEVEL,
                      "%srpz %s %s rewrite %s/%s/%s via %s%s%s%s",
                      disabled ? "disabled " : "", dns_rpz_type2str(type),
                      dns_rpz_policy2str(policy), qname_buf, typebuf, classbuf,