Lines Matching +full:pd +full:- +full:node
2 * services/rpz.c - rpz service
71 case RPZ_NXDOMAIN_ACTION: return "rpz-nxdomain"; in rpz_action_to_string()
72 case RPZ_NODATA_ACTION: return "rpz-nodata"; in rpz_action_to_string()
73 case RPZ_PASSTHRU_ACTION: return "rpz-passthru"; in rpz_action_to_string()
74 case RPZ_DROP_ACTION: return "rpz-drop"; in rpz_action_to_string()
75 case RPZ_TCP_ONLY_ACTION: return "rpz-tcp-only"; in rpz_action_to_string()
76 case RPZ_INVALID_ACTION: return "rpz-invalid"; in rpz_action_to_string()
77 case RPZ_LOCAL_DATA_ACTION: return "rpz-local-data"; in rpz_action_to_string()
78 case RPZ_DISABLED_ACTION: return "rpz-disabled"; in rpz_action_to_string()
79 case RPZ_CNAME_OVERRIDE_ACTION: return "rpz-cname-override"; in rpz_action_to_string()
80 case RPZ_NO_OVERRIDE_ACTION: return "rpz-no-override"; in rpz_action_to_string()
81 default: return "rpz-unknown-action"; in rpz_action_to_string()
104 case RPZ_QNAME_TRIGGER: return "rpz-qname"; in rpz_trigger_to_string()
105 case RPZ_CLIENT_IP_TRIGGER: return "rpz-client-ip"; in rpz_trigger_to_string()
106 case RPZ_RESPONSE_IP_TRIGGER: return "rpz-response-ip"; in rpz_trigger_to_string()
107 case RPZ_NSDNAME_TRIGGER: return "rpz-nsdname"; in rpz_trigger_to_string()
108 case RPZ_NSIP_TRIGGER: return "rpz-nsip"; in rpz_trigger_to_string()
109 case RPZ_INVALID_TRIGGER: return "rpz-invalid"; in rpz_trigger_to_string()
110 default: return "rpz-unknown-trigger"; in rpz_trigger_to_string()
156 /* all DNSSEC-related RRs must be ignored */ in rpz_type_ignored()
189 /* all DNSSEC-related RRs must be ignored */ in rpz_rr_to_action()
209 if(dname_valid(rdata, rdatalen-2) != rdatalen-2) in rpz_rr_to_action()
219 (uint8_t*)&"\014rpz-passthru\000")) in rpz_rr_to_action()
221 else if(dname_subdomain_c(rdata, (uint8_t*)&"\010rpz-drop\000")) in rpz_rr_to_action()
224 (uint8_t*)&"\014rpz-tcp-only\000")) in rpz_rr_to_action()
228 /* all other TLDs starting with "rpz-" are invalid */ in rpz_rr_to_action()
229 tldlab = get_tld_label(rdata, rdatalen-2); in rpz_rr_to_action()
230 if(tldlab && dname_lab_startswith(tldlab, "rpz-", &endptr)) in rpz_rr_to_action()
327 if(!tldlab || !dname_lab_startswith(tldlab, "rpz-", &endptr)) in rpz_dname_to_trigger()
331 (uint8_t*)&"\015rpz-client-ip\000")) in rpz_dname_to_trigger()
333 else if(dname_subdomain_c(tldlab, (uint8_t*)&"\006rpz-ip\000")) in rpz_dname_to_trigger()
335 else if(dname_subdomain_c(tldlab, (uint8_t*)&"\013rpz-nsdname\000")) in rpz_dname_to_trigger()
337 else if(dname_subdomain_c(tldlab, (uint8_t*)&"\010rpz-nsip\000")) in rpz_dname_to_trigger()
350 set->region = regional_create(); in rpz_clientip_synthesized_set_create()
351 if(set->region == NULL) { in rpz_clientip_synthesized_set_create()
355 addr_tree_init(&set->entries); in rpz_clientip_synthesized_set_create()
356 lock_rw_init(&set->lock); in rpz_clientip_synthesized_set_create()
363 struct clientip_synthesized_rr* r = (struct clientip_synthesized_rr*)n->key; in rpz_clientip_synthesized_rr_delete()
364 lock_rw_destroy(&r->lock); in rpz_clientip_synthesized_rr_delete()
376 lock_rw_destroy(&set->lock); in rpz_clientip_synthesized_set_delete()
377 traverse_postorder(&set->entries, rpz_clientip_synthesized_rr_delete, NULL); in rpz_clientip_synthesized_set_delete()
378 regional_destroy(set->region); in rpz_clientip_synthesized_set_delete()
387 local_zones_delete(r->local_zones); in rpz_delete()
388 local_zones_delete(r->nsdname_zones); in rpz_delete()
389 respip_set_delete(r->respip_set); in rpz_delete()
390 rpz_clientip_synthesized_set_delete(r->client_set); in rpz_delete()
391 rpz_clientip_synthesized_set_delete(r->ns_set); in rpz_delete()
392 regional_destroy(r->region); in rpz_delete()
393 free(r->taglist); in rpz_delete()
394 free(r->log_name); in rpz_delete()
402 local_zones_delete(r->local_zones); in rpz_clear()
403 r->local_zones = NULL; in rpz_clear()
404 local_zones_delete(r->nsdname_zones); in rpz_clear()
405 r->nsdname_zones = NULL; in rpz_clear()
406 respip_set_delete(r->respip_set); in rpz_clear()
407 r->respip_set = NULL; in rpz_clear()
408 rpz_clientip_synthesized_set_delete(r->client_set); in rpz_clear()
409 r->client_set = NULL; in rpz_clear()
410 rpz_clientip_synthesized_set_delete(r->ns_set); in rpz_clear()
411 r->ns_set = NULL; in rpz_clear()
412 if(!(r->local_zones = local_zones_create())){ in rpz_clear()
415 r->nsdname_zones = local_zones_create(); in rpz_clear()
416 if(r->nsdname_zones == NULL) { in rpz_clear()
419 if(!(r->respip_set = respip_set_create())) { in rpz_clear()
422 if(!(r->client_set = rpz_clientip_synthesized_set_create())) { in rpz_clear()
425 if(!(r->ns_set = rpz_clientip_synthesized_set_create())) { in rpz_clear()
434 lock_rw_wrlock(&r->respip_set->lock); in rpz_finish_config()
435 addr_tree_init_parents(&r->respip_set->ip_tree); in rpz_finish_config()
436 lock_rw_unlock(&r->respip_set->lock); in rpz_finish_config()
438 lock_rw_wrlock(&r->client_set->lock); in rpz_finish_config()
439 addr_tree_init_parents(&r->client_set->entries); in rpz_finish_config()
440 lock_rw_unlock(&r->client_set->lock); in rpz_finish_config()
442 lock_rw_wrlock(&r->ns_set->lock); in rpz_finish_config()
443 addr_tree_init_parents(&r->ns_set->entries); in rpz_finish_config()
444 lock_rw_unlock(&r->ns_set->lock); in rpz_finish_config()
452 struct packed_rrset_data* pd; in new_cname_override() local
460 rrset->entry.key = rrset; in new_cname_override()
461 pd = (struct packed_rrset_data*)regional_alloc_zero(region, sizeof(*pd)); in new_cname_override()
462 if(!pd) { in new_cname_override()
466 pd->trust = rrset_trust_prim_noglue; in new_cname_override()
467 pd->security = sec_status_insecure; in new_cname_override()
469 pd->count = 1; in new_cname_override()
470 pd->rr_len = regional_alloc_zero(region, sizeof(*pd->rr_len)); in new_cname_override()
471 pd->rr_ttl = regional_alloc_zero(region, sizeof(*pd->rr_ttl)); in new_cname_override()
472 pd->rr_data = regional_alloc_zero(region, sizeof(*pd->rr_data)); in new_cname_override()
473 if(!pd->rr_len || !pd->rr_ttl || !pd->rr_data) { in new_cname_override()
477 pd->rr_len[0] = ctlen+2; in new_cname_override()
478 pd->rr_ttl[0] = 3600; in new_cname_override()
479 pd->rr_data[0] = regional_alloc_zero(region, 2 /* rdlength */ + ctlen); in new_cname_override()
480 if(!pd->rr_data[0]) { in new_cname_override()
484 memmove(pd->rr_data[0], &rdlength, 2); in new_cname_override()
485 memmove(pd->rr_data[0]+2, ct, ctlen); in new_cname_override()
487 rrset->entry.data = pd; in new_cname_override()
488 rrset->rk.type = htons(LDNS_RR_TYPE_CNAME); in new_cname_override()
489 rrset->rk.rrset_class = htons(LDNS_RR_CLASS_IN); in new_cname_override()
497 if(r->cname_override) { in delete_cname_override()
499 regional_free_all(r->region); in delete_cname_override()
500 r->cname_override = NULL; in delete_cname_override()
508 if(p->rpz_taglist && p->rpz_taglistlen) { in rpz_apply_cfg_elements()
509 r->taglistlen = p->rpz_taglistlen; in rpz_apply_cfg_elements()
510 r->taglist = memdup(p->rpz_taglist, r->taglistlen); in rpz_apply_cfg_elements()
511 if(!r->taglist) { in rpz_apply_cfg_elements()
517 if(p->rpz_action_override) { in rpz_apply_cfg_elements()
518 r->action_override = rpz_config_to_action(p->rpz_action_override); in rpz_apply_cfg_elements()
521 r->action_override = RPZ_NO_OVERRIDE_ACTION; in rpz_apply_cfg_elements()
523 if(r->action_override == RPZ_CNAME_OVERRIDE_ACTION) { in rpz_apply_cfg_elements()
527 if(!p->rpz_cname) { in rpz_apply_cfg_elements()
529 "rpz-cname-override configured"); in rpz_apply_cfg_elements()
533 if(sldns_str2wire_dname_buf(p->rpz_cname, nm, &nmlen) != 0) { in rpz_apply_cfg_elements()
535 p->rpz_cname); in rpz_apply_cfg_elements()
538 r->cname_override = new_cname_override(r->region, nm, nmlen); in rpz_apply_cfg_elements()
539 if(!r->cname_override) { in rpz_apply_cfg_elements()
543 r->log = p->rpz_log; in rpz_apply_cfg_elements()
544 r->signal_nxdomain_ra = p->rpz_signal_nxdomain_ra; in rpz_apply_cfg_elements()
545 if(p->rpz_log_name) { in rpz_apply_cfg_elements()
546 if(!(r->log_name = strdup(p->rpz_log_name))) { in rpz_apply_cfg_elements()
561 r->region = regional_create_custom(sizeof(struct regional)); in rpz_create()
562 if(!r->region) { in rpz_create()
566 if(!(r->local_zones = local_zones_create())){ in rpz_create()
570 r->nsdname_zones = local_zones_create(); in rpz_create()
571 if(r->local_zones == NULL){ in rpz_create()
575 if(!(r->respip_set = respip_set_create())) { in rpz_create()
579 r->client_set = rpz_clientip_synthesized_set_create(); in rpz_create()
580 if(r->client_set == NULL) { in rpz_create()
584 r->ns_set = rpz_clientip_synthesized_set_create(); in rpz_create()
585 if(r->ns_set == NULL) { in rpz_create()
594 if(r->local_zones) in rpz_create()
595 local_zones_delete(r->local_zones); in rpz_create()
596 if(r->nsdname_zones) in rpz_create()
597 local_zones_delete(r->nsdname_zones); in rpz_create()
598 if(r->respip_set) in rpz_create()
599 respip_set_delete(r->respip_set); in rpz_create()
600 if(r->client_set != NULL) in rpz_create()
601 rpz_clientip_synthesized_set_delete(r->client_set); in rpz_create()
602 if(r->ns_set != NULL) in rpz_create()
603 rpz_clientip_synthesized_set_delete(r->ns_set); in rpz_create()
604 if(r->taglist) in rpz_create()
605 free(r->taglist); in rpz_create()
606 if(r->region) in rpz_create()
607 regional_destroy(r->region); in rpz_create()
620 if(r->taglist) { in rpz_config()
621 free(r->taglist); in rpz_config()
622 r->taglist = NULL; in rpz_config()
623 r->taglistlen = 0; in rpz_config()
627 if(r->log_name) { in rpz_config()
628 free(r->log_name); in rpz_config()
629 r->log_name = NULL; in rpz_config()
650 newdnamelen = dnamelen - originlen; in strip_dname_origin()
688 lock_rw_wrlock(&lz->lock); in rpz_insert_local_zones_trigger()
696 lock_rw_unlock(&lz->lock); in rpz_insert_local_zones_trigger()
700 rrstr[strlen(rrstr)-1]=0; /* remove newline */ in rpz_insert_local_zones_trigger()
704 lock_rw_unlock(&lz->lock); in rpz_insert_local_zones_trigger()
713 lock_rw_unlock(&lz->lock); in rpz_insert_local_zones_trigger()
724 lock_rw_unlock(&lz->lock); in rpz_insert_local_zones_trigger()
727 lock_rw_wrlock(&z->lock); in rpz_insert_local_zones_trigger()
730 lock_rw_unlock(&z->lock); in rpz_insert_local_zones_trigger()
736 lock_rw_unlock(&lz->lock); in rpz_insert_local_zones_trigger()
759 rpz_insert_local_zones_trigger(r->local_zones, dname, dnamelen, a, rrtype, in rpz_insert_qname_trigger()
816 rpz_insert_local_zones_trigger(r->nsdname_zones, dname_stripped, in rpz_insert_nsdname_trigger()
827 struct resp_addr* node; in rpz_insert_ipaddr_based_trigger() local
831 lock_rw_wrlock(&set->lock); in rpz_insert_ipaddr_based_trigger()
835 lock_rw_unlock(&set->lock); in rpz_insert_ipaddr_based_trigger()
839 node = respip_sockaddr_find_or_create(set, addr, addrlen, net, 1, rrstr); in rpz_insert_ipaddr_based_trigger()
840 if(node == NULL) { in rpz_insert_ipaddr_based_trigger()
841 lock_rw_unlock(&set->lock); in rpz_insert_ipaddr_based_trigger()
846 lock_rw_wrlock(&node->lock); in rpz_insert_ipaddr_based_trigger()
847 lock_rw_unlock(&set->lock); in rpz_insert_ipaddr_based_trigger()
849 node->action = respa; in rpz_insert_ipaddr_based_trigger()
852 respip_enter_rr(set->region, node, rrtype, in rpz_insert_ipaddr_based_trigger()
856 lock_rw_unlock(&node->lock); in rpz_insert_ipaddr_based_trigger()
866 struct clientip_synthesized_rr* node = in rpz_clientip_ensure_entry() local
867 (struct clientip_synthesized_rr*)addr_tree_find(&set->entries, in rpz_clientip_ensure_entry()
870 if(node != NULL) { return node; } in rpz_clientip_ensure_entry()
872 /* node does not yet exist => allocate one */ in rpz_clientip_ensure_entry()
873 node = regional_alloc_zero(set->region, sizeof(*node)); in rpz_clientip_ensure_entry()
874 if(node == NULL) { in rpz_clientip_ensure_entry()
879 lock_rw_init(&node->lock); in rpz_clientip_ensure_entry()
880 node->action = RPZ_INVALID_ACTION; in rpz_clientip_ensure_entry()
881 insert_ok = addr_tree_insert(&set->entries, &node->node, in rpz_clientip_ensure_entry()
884 log_warn("rpz: unexpected: unable to insert clientip address node"); in rpz_clientip_ensure_entry()
885 /* we can not free the just allocated node. in rpz_clientip_ensure_entry()
890 return node; in rpz_clientip_ensure_entry()
909 struct packed_rrset_data* pd; in rpz_clientip_new_rrset() local
916 rrset->next = raddr->data; in rpz_clientip_new_rrset()
917 raddr->data = rrset; in rpz_clientip_new_rrset()
918 rrset->rrset = (struct ub_packed_rrset_key*) in rpz_clientip_new_rrset()
919 regional_alloc_zero(region, sizeof(*rrset->rrset)); in rpz_clientip_new_rrset()
920 if(rrset->rrset == NULL) { in rpz_clientip_new_rrset()
924 rrset->rrset->entry.key = rrset->rrset; in rpz_clientip_new_rrset()
925 pd = (struct packed_rrset_data*)regional_alloc_zero(region, sizeof(*pd)); in rpz_clientip_new_rrset()
926 if(pd == NULL) { in rpz_clientip_new_rrset()
930 pd->trust = rrset_trust_prim_noglue; in rpz_clientip_new_rrset()
931 pd->security = sec_status_insecure; in rpz_clientip_new_rrset()
932 rrset->rrset->entry.data = pd; in rpz_clientip_new_rrset()
933 rrset->rrset->rk.type = htons(rrtype); in rpz_clientip_new_rrset()
934 rrset->rrset->rk.rrset_class = htons(rrclass); in rpz_clientip_new_rrset()
935 rrset->rrset->rk.dname = regional_alloc_zero(region, 1); in rpz_clientip_new_rrset()
936 if(rrset->rrset->rk.dname == NULL) { in rpz_clientip_new_rrset()
940 rrset->rrset->rk.dname_len = 1; in rpz_clientip_new_rrset()
950 if (rrtype == LDNS_RR_TYPE_CNAME && raddr->data != NULL) { in rpz_clientip_enter_rr()
951 log_err("CNAME response-ip data can not co-exist with other " in rpz_clientip_enter_rr()
952 "client-ip data"); in rpz_clientip_enter_rr()
957 if(raddr->data == NULL) { in rpz_clientip_enter_rr()
961 return rrset_insert_rr(region, rrset->rrset->entry.data, rdata, rdata_len, ttl, ""); in rpz_clientip_enter_rr()
970 struct clientip_synthesized_rr* node; in rpz_clientip_insert_trigger_rr() local
972 lock_rw_wrlock(&set->lock); in rpz_clientip_insert_trigger_rr()
974 node = rpz_clientip_ensure_entry(set, addr, addrlen, net); in rpz_clientip_insert_trigger_rr()
975 if(node == NULL) { in rpz_clientip_insert_trigger_rr()
976 lock_rw_unlock(&set->lock); in rpz_clientip_insert_trigger_rr()
981 lock_rw_wrlock(&node->lock); in rpz_clientip_insert_trigger_rr()
982 lock_rw_unlock(&set->lock); in rpz_clientip_insert_trigger_rr()
984 node->action = a; in rpz_clientip_insert_trigger_rr()
986 if(!rpz_clientip_enter_rr(set->region, node, rrtype, in rpz_clientip_insert_trigger_rr()
989 lock_rw_unlock(&node->lock); in rpz_clientip_insert_trigger_rr()
995 lock_rw_unlock(&node->lock); in rpz_clientip_insert_trigger_rr()
1018 return rpz_clientip_insert_trigger_rr(r->client_set, &addr, addrlen, net, in rpz_insert_clientip_trigger()
1040 return rpz_clientip_insert_trigger_rr(r->ns_set, &addr, addrlen, net, in rpz_insert_nsip_trigger()
1072 return rpz_insert_ipaddr_based_trigger(r->respip_set, &addr, addrlen, net, in rpz_insert_response_ip_trigger()
1108 if(!(policydname = calloc(1, (dnamelen-aznamelen)+1))) { in rpz_insert_rr()
1115 policydname, (dnamelen-aznamelen)+1))) { in rpz_insert_rr()
1159 * Find RPZ local-zone by qname.
1160 * @param zones: local-zone tree
1165 * @param wr: get write lock for local-zone if 1, read lock if 0
1166 * @param zones_keep_lock: if set do not release the r->local_zones lock, this
1168 * @return: NULL or local-zone holding rd or wr lock
1182 lock_rw_wrlock(&zones->lock); in rpz_find_zone()
1184 lock_rw_rdlock(&zones->lock); in rpz_find_zone()
1191 lock_rw_unlock(&zones->lock); in rpz_find_zone()
1196 lock_rw_wrlock(&z->lock); in rpz_find_zone()
1198 lock_rw_rdlock(&z->lock); in rpz_find_zone()
1201 lock_rw_unlock(&zones->lock); in rpz_find_zone()
1211 ce = dname_get_shared_topdomain(z->name, qname); in rpz_find_zone()
1213 lock_rw_unlock(&z->lock); in rpz_find_zone()
1215 lock_rw_unlock(&zones->lock); in rpz_find_zone()
1221 lock_rw_unlock(&z->lock); in rpz_find_zone()
1223 lock_rw_unlock(&zones->lock); in rpz_find_zone()
1230 lock_rw_unlock(&z->lock); in rpz_find_zone()
1234 lock_rw_wrlock(&zones->lock); in rpz_find_zone()
1236 lock_rw_rdlock(&zones->lock); in rpz_find_zone()
1242 lock_rw_unlock(&zones->lock); in rpz_find_zone()
1246 lock_rw_wrlock(&z->lock); in rpz_find_zone()
1248 lock_rw_rdlock(&z->lock); in rpz_find_zone()
1251 lock_rw_unlock(&zones->lock); in rpz_find_zone()
1261 struct local_rrset* cursor = data->data, *cname = NULL; in rpz_find_synthesized_rrset()
1263 struct packed_rrset_key* packed_rrset = &cursor->rrset->rk; in rpz_find_synthesized_rrset()
1264 if(htons(qtype) == packed_rrset->type) { in rpz_find_synthesized_rrset()
1267 if(ntohs(packed_rrset->type) == LDNS_RR_TYPE_CNAME && alias_ok) in rpz_find_synthesized_rrset()
1269 cursor = cursor->next; in rpz_find_synthesized_rrset()
1277 * Remove RR from RPZ's local-data
1278 * @param z: local-zone for RPZ, holding write lock
1297 struct local_rrset* prev=NULL, *p=ld->rrsets; in rpz_data_delete_rr()
1298 while(p && ntohs(p->rrset->rk.type) != rr_type) { in rpz_data_delete_rr()
1300 p = p->next; in rpz_data_delete_rr()
1304 d = (struct packed_rrset_data*)p->rrset->entry.data; in rpz_data_delete_rr()
1306 if(d->count == 1) { in rpz_data_delete_rr()
1308 if(prev) prev->next = p->next; in rpz_data_delete_rr()
1309 else ld->rrsets = p->next; in rpz_data_delete_rr()
1311 if(d->count > 1) { in rpz_data_delete_rr()
1317 if(ld && ld->rrsets) in rpz_data_delete_rr()
1324 * @param raddr: respip node
1336 if(!raddr->data) in rpz_rrset_delete_rr()
1338 d = raddr->data->entry.data; in rpz_rrset_delete_rr()
1339 if(ntohs(raddr->data->rk.type) != rr_type) { in rpz_rrset_delete_rr()
1343 if(d->count == 1) { in rpz_rrset_delete_rr()
1345 raddr->data->entry.data = NULL; in rpz_rrset_delete_rr()
1346 raddr->data = NULL; in rpz_rrset_delete_rr()
1349 if(d->count > 1) { in rpz_rrset_delete_rr()
1376 else if(a != localzone_type_to_rpz_action(z->type)) { in rpz_remove_local_zones_trigger()
1377 lock_rw_unlock(&z->lock); in rpz_remove_local_zones_trigger()
1378 lock_rw_unlock(&zones->lock); in rpz_remove_local_zones_trigger()
1381 lock_rw_unlock(&z->lock); in rpz_remove_local_zones_trigger()
1385 lock_rw_unlock(&zones->lock); in rpz_remove_local_zones_trigger()
1388 /** Remove RR from RPZ's local-zone */
1394 rpz_remove_local_zones_trigger(r->local_zones, dname, dnamelen, in rpz_remove_qname_trigger()
1402 struct resp_addr* node; in rpz_remove_response_ip_trigger() local
1411 lock_rw_wrlock(&r->respip_set->lock); in rpz_remove_response_ip_trigger()
1412 if(!(node = (struct resp_addr*)addr_tree_find( in rpz_remove_response_ip_trigger()
1413 &r->respip_set->ip_tree, &addr, addrlen, net))) { in rpz_remove_response_ip_trigger()
1416 lock_rw_unlock(&r->respip_set->lock); in rpz_remove_response_ip_trigger()
1420 lock_rw_wrlock(&node->lock); in rpz_remove_response_ip_trigger()
1423 delete_respip = rpz_rrset_delete_rr(node, rr_type, rdatawl, in rpz_remove_response_ip_trigger()
1426 lock_rw_unlock(&node->lock); in rpz_remove_response_ip_trigger()
1428 respip_sockaddr_delete(r->respip_set, node); in rpz_remove_response_ip_trigger()
1429 lock_rw_unlock(&r->respip_set->lock); in rpz_remove_response_ip_trigger()
1437 while(p && ntohs(p->rrset->rk.type) != dtype) { in del_local_rrset_from_list()
1439 p = p->next; in del_local_rrset_from_list()
1444 if(prev) prev->next = p->next; in del_local_rrset_from_list()
1445 else *list_head = p->next; in del_local_rrset_from_list()
1449 /** Delete client-ip trigger RR from its RRset and perhaps also the rrset
1450 * from the linked list. Returns if the local data is empty and the node can
1452 static int rpz_remove_clientip_rr(struct clientip_synthesized_rr* node, in rpz_remove_clientip_rr() argument
1458 rrset = rpz_find_synthesized_rrset(rr_type, node, 0); in rpz_remove_clientip_rr()
1461 d = (struct packed_rrset_data*)rrset->rrset->entry.data; in rpz_remove_clientip_rr()
1464 if(d->count == 1) { in rpz_remove_clientip_rr()
1467 del_local_rrset_from_list(&node->data, rr_type); in rpz_remove_clientip_rr()
1468 /* if the list is empty, the node can be removed too */ in rpz_remove_clientip_rr()
1469 if(node->data == NULL) in rpz_remove_clientip_rr()
1471 } else if (d->count > 1) { in rpz_remove_clientip_rr()
1484 struct clientip_synthesized_rr* node; in rpz_clientip_remove_trigger_rr() local
1487 lock_rw_wrlock(&set->lock); in rpz_clientip_remove_trigger_rr()
1488 node = (struct clientip_synthesized_rr*)addr_tree_find(&set->entries, in rpz_clientip_remove_trigger_rr()
1490 if(node == NULL) { in rpz_clientip_remove_trigger_rr()
1494 lock_rw_unlock(&set->lock); in rpz_clientip_remove_trigger_rr()
1497 lock_rw_wrlock(&node->lock); in rpz_clientip_remove_trigger_rr()
1500 delete_node = rpz_remove_clientip_rr(node, rr_type, rdatawl, in rpz_clientip_remove_trigger_rr()
1502 } else if(a != node->action) { in rpz_clientip_remove_trigger_rr()
1507 rbtree_delete(&set->entries, node->node.node.key); in rpz_clientip_remove_trigger_rr()
1509 lock_rw_unlock(&set->lock); in rpz_clientip_remove_trigger_rr()
1510 lock_rw_unlock(&node->lock); in rpz_clientip_remove_trigger_rr()
1512 lock_rw_destroy(&node->lock); in rpz_clientip_remove_trigger_rr()
1528 rpz_clientip_remove_trigger_rr(r->client_set, &addr, addrlen, net, in rpz_remove_clientip_trigger()
1544 rpz_clientip_remove_trigger_rr(r->ns_set, &addr, addrlen, net, in rpz_remove_nsip_trigger()
1561 rpz_remove_local_zones_trigger(r->nsdname_zones, dname_stripped, in rpz_remove_nsdname_trigger()
1624 /** print log information for an applied RPZ policy. Based on local-zone's
1642 addr_to_str(&addrnode->addr, addrnode->addrlen, addrbuf, sizeof(addrbuf)); in log_rpz_apply()
1643 snprintf(dnamestr, sizeof(dnamestr), "%s/%d", addrbuf, addrnode->net); in log_rpz_apply()
1648 addr_to_str(&repinfo->client_addr, repinfo->client_addrlen, ip, sizeof(ip)); in log_rpz_apply()
1649 port = ntohs(((struct sockaddr_in*)&repinfo->client_addr)->sin_port); in log_rpz_apply()
1650 } else if(ms && ms->mesh_info && ms->mesh_info->reply_list) { in log_rpz_apply()
1651 addr_to_str(&ms->mesh_info->reply_list->query_reply.client_addr, in log_rpz_apply()
1652 ms->mesh_info->reply_list->query_reply.client_addrlen, in log_rpz_apply()
1654 …port = ntohs(((struct sockaddr_in*)&ms->mesh_info->reply_list->query_reply.client_addr)->sin_port); in log_rpz_apply()
1666 log_nametypeclass(0, txt, qinfo->qname, qinfo->qtype, qinfo->qclass); in log_rpz_apply()
1676 lock_rw_rdlock(&set->lock); in rpz_ipbased_trigger_lookup()
1678 raddr = (struct clientip_synthesized_rr*)addr_tree_lookup(&set->entries, in rpz_ipbased_trigger_lookup()
1681 lock_rw_rdlock(&raddr->lock); in rpz_ipbased_trigger_lookup()
1682 action = raddr->action; in rpz_ipbased_trigger_lookup()
1686 addr_to_str(&raddr->node.addr, raddr->node.addrlen, in rpz_ipbased_trigger_lookup()
1689 triggername, net, raddr->node.net, ip, rpz_action_to_string(action)); in rpz_ipbased_trigger_lookup()
1692 lock_rw_unlock(&set->lock); in rpz_ipbased_trigger_lookup()
1705 struct clientip_synthesized_rr* node = NULL; in rpz_resolve_client_action_and_zone() local
1710 lock_rw_rdlock(&az->rpz_lock); in rpz_resolve_client_action_and_zone()
1712 for(a = az->rpz_first; a; a = a->rpz_az_next) { in rpz_resolve_client_action_and_zone()
1713 lock_rw_rdlock(&a->lock); in rpz_resolve_client_action_and_zone()
1714 r = a->rpz; in rpz_resolve_client_action_and_zone()
1715 if(r->disabled) { in rpz_resolve_client_action_and_zone()
1716 lock_rw_unlock(&a->lock); in rpz_resolve_client_action_and_zone()
1719 if(r->taglist && !taglist_intersect(r->taglist, in rpz_resolve_client_action_and_zone()
1720 r->taglistlen, taglist, taglen)) { in rpz_resolve_client_action_and_zone()
1721 lock_rw_unlock(&a->lock); in rpz_resolve_client_action_and_zone()
1724 z = rpz_find_zone(r->local_zones, qinfo->qname, qinfo->qname_len, in rpz_resolve_client_action_and_zone()
1725 qinfo->qclass, 0, 0, 0); in rpz_resolve_client_action_and_zone()
1726 node = rpz_ipbased_trigger_lookup(r->client_set, in rpz_resolve_client_action_and_zone()
1727 &repinfo->client_addr, repinfo->client_addrlen, in rpz_resolve_client_action_and_zone()
1729 if((z || node) && r->action_override == RPZ_DISABLED_ACTION) { in rpz_resolve_client_action_and_zone()
1730 if(r->log) in rpz_resolve_client_action_and_zone()
1731 log_rpz_apply((node?"clientip":"qname"), in rpz_resolve_client_action_and_zone()
1732 (z?z->name:NULL), in rpz_resolve_client_action_and_zone()
1733 (node?&node->node:NULL), in rpz_resolve_client_action_and_zone()
1734 r->action_override, in rpz_resolve_client_action_and_zone()
1735 qinfo, repinfo, NULL, r->log_name); in rpz_resolve_client_action_and_zone()
1736 stats->rpz_action[r->action_override]++; in rpz_resolve_client_action_and_zone()
1738 lock_rw_unlock(&z->lock); in rpz_resolve_client_action_and_zone()
1741 if(node != NULL) { in rpz_resolve_client_action_and_zone()
1742 lock_rw_unlock(&node->lock); in rpz_resolve_client_action_and_zone()
1743 node = NULL; in rpz_resolve_client_action_and_zone()
1746 if(z || node) { in rpz_resolve_client_action_and_zone()
1750 lock_rw_unlock(&a->lock); in rpz_resolve_client_action_and_zone()
1753 lock_rw_unlock(&az->rpz_lock); in rpz_resolve_client_action_and_zone()
1759 return node; in rpz_resolve_client_action_and_zone()
1765 ? (repinfo->c != NULL in rpz_is_udp_query()
1766 ? repinfo->c->type == comm_udp in rpz_is_udp_query()
1790 rep.ttl = ((struct packed_rrset_data*)rrset->entry.data)->rr_ttl[0]; in rpz_local_encode()
1796 if(rep.ttl < ((struct packed_rrset_data*)soa_rrset->entry.data)->rr_ttl[0]) { in rpz_local_encode()
1797 rep.ttl = ((struct packed_rrset_data*)soa_rrset->entry.data)->rr_ttl[0]; in rpz_local_encode()
1801 udpsize = edns->udp_size; in rpz_local_encode()
1802 edns->edns_version = EDNS_ADVERTISED_VERSION; in rpz_local_encode()
1803 edns->udp_size = EDNS_ADVERTISED_SIZE; in rpz_local_encode()
1804 edns->ext_rcode = 0; in rpz_local_encode()
1805 edns->bits &= EDNS_DO; in rpz_local_encode()
1807 repinfo, temp, env->now_tv) || in rpz_local_encode()
1810 buf, 0, 0, temp, udpsize, edns, (int)(edns->bits&EDNS_DO), 0)) { in rpz_local_encode()
1833 csoa.rk.dname = auth_zone->name; in make_soa_ubrrset()
1834 csoa.rk.dname_len = auth_zone->namelen; in make_soa_ubrrset()
1836 csoa.entry.data = soa->data; in make_soa_ubrrset()
1854 action = raddr->action; in rpz_apply_clientip_localdata_action()
1855 if(action == RPZ_LOCAL_DATA_ACTION && raddr->data == NULL ) { in rpz_apply_clientip_localdata_action()
1856 verbose(VERB_ALGO, "rpz: bug: local-data action but no local data"); in rpz_apply_clientip_localdata_action()
1861 rrset = rpz_find_synthesized_rrset(qinfo->qtype, raddr, 1); in rpz_apply_clientip_localdata_action()
1863 verbose(VERB_ALGO, "rpz: unable to find local-data for query"); in rpz_apply_clientip_localdata_action()
1868 rp = respip_copy_rrset(rrset->rrset, temp); in rpz_apply_clientip_localdata_action()
1874 rp->rk.flags |= PACKED_RRSET_FIXEDTTL | PACKED_RRSET_RPZ; in rpz_apply_clientip_localdata_action()
1875 rp->rk.dname = qinfo->qname; in rpz_apply_clientip_localdata_action()
1876 rp->rk.dname_len = qinfo->qname_len; in rpz_apply_clientip_localdata_action()
1877 rp->entry.hash = rrset_key_hash(&rp->rk); in rpz_apply_clientip_localdata_action()
1903 qinfo->local_alias = regional_alloc_zero(temp, in rpz_apply_cname_override_action()
1905 if(qinfo->local_alias == NULL) in rpz_apply_cname_override_action()
1907 qinfo->local_alias->rrset = respip_copy_rrset(r->cname_override, temp); in rpz_apply_cname_override_action()
1908 if(qinfo->local_alias->rrset == NULL) { in rpz_apply_cname_override_action()
1909 qinfo->local_alias = NULL; in rpz_apply_cname_override_action()
1912 qinfo->local_alias->rrset->rk.dname = qinfo->qname; in rpz_apply_cname_override_action()
1913 qinfo->local_alias->rrset->rk.dname_len = qinfo->qname_len; in rpz_apply_cname_override_action()
1919 * gets minimal-responses applied to it, that can remove the additional SOA
1932 rsoa = make_soa_ubrrset(az, soa, ms->region); in rpz_add_soa()
1934 prevrrsets = rep->rrsets; in rpz_add_soa()
1935 rep->rrsets = regional_alloc_zero(ms->region, in rpz_add_soa()
1936 sizeof(*rep->rrsets)*(rep->rrset_count+1)); in rpz_add_soa()
1937 if(!rep->rrsets) in rpz_add_soa()
1939 if(prevrrsets && rep->rrset_count > 0) in rpz_add_soa()
1940 memcpy(rep->rrsets, prevrrsets, rep->rrset_count*sizeof(*rep->rrsets)); in rpz_add_soa()
1941 rep->rrset_count++; in rpz_add_soa()
1942 rep->ar_numrrsets++; in rpz_add_soa()
1943 rep->rrsets[rep->rrset_count-1] = rsoa; in rpz_add_soa()
1963 struct dns_msg* msg = rpz_dns_msg_new(ms->region); in rpz_synthesize_nodata()
1965 msg->qinfo = *qinfo; in rpz_synthesize_nodata()
1966 msg->rep = construct_reply_info_base(ms->region, in rpz_synthesize_nodata()
1979 if(msg->rep) in rpz_synthesize_nodata()
1980 msg->rep->authoritative = 1; in rpz_synthesize_nodata()
1981 if(!rpz_add_soa(msg->rep, ms, az)) in rpz_synthesize_nodata()
1990 struct dns_msg* msg = rpz_dns_msg_new(ms->region); in rpz_synthesize_nxdomain()
1993 msg->qinfo = *qinfo; in rpz_synthesize_nxdomain()
1995 if(r->signal_nxdomain_ra) in rpz_synthesize_nxdomain()
1997 msg->rep = construct_reply_info_base(ms->region, in rpz_synthesize_nxdomain()
2010 if(msg->rep) in rpz_synthesize_nxdomain()
2011 msg->rep->authoritative = 1; in rpz_synthesize_nxdomain()
2012 if(!rpz_add_soa(msg->rep, ms, az)) in rpz_synthesize_nxdomain()
2026 msg = rpz_dns_msg_new(ms->region); in rpz_synthesize_localdata_from_rrset()
2029 msg->qinfo = *qi; in rpz_synthesize_localdata_from_rrset()
2030 new_reply_info = construct_reply_info_base(ms->region, in rpz_synthesize_localdata_from_rrset()
2047 new_reply_info->authoritative = 1; in rpz_synthesize_localdata_from_rrset()
2048 rp = respip_copy_rrset(rrset->rrset, ms->region); in rpz_synthesize_localdata_from_rrset()
2053 rp->rk.dname = qi->qname; in rpz_synthesize_localdata_from_rrset()
2054 rp->rk.dname_len = qi->qname_len; in rpz_synthesize_localdata_from_rrset()
2063 rp->rk.flags |= PACKED_RRSET_RPZ; in rpz_synthesize_localdata_from_rrset()
2064 new_reply_info->rrsets[0] = rp; in rpz_synthesize_localdata_from_rrset()
2065 msg->rep = new_reply_info; in rpz_synthesize_localdata_from_rrset()
2066 if(!rpz_add_soa(msg->rep, ms, az)) in rpz_synthesize_localdata_from_rrset()
2078 rrset = rpz_find_synthesized_rrset(qi->qtype, data, 1); in rpz_synthesize_nsip_localdata()
2093 for(p = data->rrsets; p; p = p->next) { in local_data_find_type()
2094 if(p->rrset->rk.type == type) in local_data_find_type()
2096 if(alias_ok && p->rrset->rk.type == htons(LDNS_RR_TYPE_CNAME)) in local_data_find_type()
2114 if(match->dname == NULL) { return NULL; } in rpz_synthesize_nsdname_localdata()
2116 key.node.key = &key; in rpz_synthesize_nsdname_localdata()
2117 key.name = match->dname; in rpz_synthesize_nsdname_localdata()
2118 key.namelen = match->dname_len; in rpz_synthesize_nsdname_localdata()
2119 key.namelabs = dname_count_labels(match->dname); in rpz_synthesize_nsdname_localdata()
2123 ld = (struct local_data*)rbtree_search(&z->data, &key.node); in rpz_synthesize_nsdname_localdata()
2129 rrset = local_data_find_type(ld, qi->qtype, 1); in rpz_synthesize_nsdname_localdata()
2146 key.node.key = &key; in rpz_synthesize_qname_localdata_msg()
2147 key.name = qinfo->qname; in rpz_synthesize_qname_localdata_msg()
2148 key.namelen = qinfo->qname_len; in rpz_synthesize_qname_localdata_msg()
2149 key.namelabs = dname_count_labels(qinfo->qname); in rpz_synthesize_qname_localdata_msg()
2150 ld = (struct local_data*)rbtree_search(&z->data, &key.node); in rpz_synthesize_qname_localdata_msg()
2155 rrset = local_data_find_type(ld, qinfo->qtype, 1); in rpz_synthesize_qname_localdata_msg()
2172 msg = rpz_dns_msg_new(ms->region); in rpz_synthesize_cname_override_msg()
2175 msg->qinfo = *qinfo; in rpz_synthesize_cname_override_msg()
2176 new_reply_info = construct_reply_info_base(ms->region, in rpz_synthesize_cname_override_msg()
2193 new_reply_info->authoritative = 1; in rpz_synthesize_cname_override_msg()
2195 rp = respip_copy_rrset(r->cname_override, ms->region); in rpz_synthesize_cname_override_msg()
2200 rp->rk.dname = qinfo->qname; in rpz_synthesize_cname_override_msg()
2201 rp->rk.dname_len = qinfo->qname_len; in rpz_synthesize_cname_override_msg()
2210 rp->rk.flags |= PACKED_RRSET_RPZ; in rpz_synthesize_cname_override_msg()
2211 new_reply_info->rrsets[0] = rp; in rpz_synthesize_cname_override_msg()
2213 msg->rep = new_reply_info; in rpz_synthesize_cname_override_msg()
2225 if(r->action_override == RPZ_CNAME_OVERRIDE_ACTION) { in rpz_synthesize_qname_localdata()
2228 if(r->log) { in rpz_synthesize_qname_localdata()
2229 log_rpz_apply("qname", z->name, NULL, RPZ_CNAME_OVERRIDE_ACTION, in rpz_synthesize_qname_localdata()
2230 qinfo, repinfo, NULL, r->log_name); in rpz_synthesize_qname_localdata()
2232 stats->rpz_action[RPZ_CNAME_OVERRIDE_ACTION]++; in rpz_synthesize_qname_localdata()
2237 edns, repinfo, buf, temp, dname_count_labels(qinfo->qname), in rpz_synthesize_qname_localdata()
2238 &ld, lzt, -1, NULL, 0, NULL, 0)) { in rpz_synthesize_qname_localdata()
2239 if(r->log) { in rpz_synthesize_qname_localdata()
2240 log_rpz_apply("qname", z->name, NULL, in rpz_synthesize_qname_localdata()
2242 repinfo, NULL, r->log_name); in rpz_synthesize_qname_localdata()
2244 stats->rpz_action[localzone_type_to_rpz_action(lzt)]++; in rpz_synthesize_qname_localdata()
2245 return !qinfo->local_alias; in rpz_synthesize_qname_localdata()
2250 if(r->signal_nxdomain_ra && LDNS_RCODE_WIRE(sldns_buffer_begin(buf)) in rpz_synthesize_qname_localdata()
2253 if(r->log) { in rpz_synthesize_qname_localdata()
2254 log_rpz_apply("qname", z->name, NULL, localzone_type_to_rpz_action(lzt), in rpz_synthesize_qname_localdata()
2255 qinfo, repinfo, NULL, r->log_name); in rpz_synthesize_qname_localdata()
2257 stats->rpz_action[localzone_type_to_rpz_action(lzt)]++; in rpz_synthesize_qname_localdata()
2266 if(is->dp == NULL) { return NULL; } in rpz_delegation_point_ipbased_trigger_lookup()
2267 for(cursor = is->dp->target_list; in rpz_delegation_point_ipbased_trigger_lookup()
2269 cursor = cursor->next_target) { in rpz_delegation_point_ipbased_trigger_lookup()
2270 if(cursor->bogus) { continue; } in rpz_delegation_point_ipbased_trigger_lookup()
2271 action = rpz_ipbased_trigger_lookup(rpz->ns_set, &cursor->addr, in rpz_delegation_point_ipbased_trigger_lookup()
2272 cursor->addrlen, "nsip"); in rpz_delegation_point_ipbased_trigger_lookup()
2283 enum rpz_action action = raddr->action; in rpz_apply_nsip_trigger()
2286 if(r->action_override != RPZ_NO_OVERRIDE_ACTION) { in rpz_apply_nsip_trigger()
2288 rpz_action_to_string(r->action_override), rpz_action_to_string(action)); in rpz_apply_nsip_trigger()
2289 action = r->action_override; in rpz_apply_nsip_trigger()
2292 if(action == RPZ_LOCAL_DATA_ACTION && raddr->data == NULL) { in rpz_apply_nsip_trigger()
2295 ms->rpz_applied = 1; in rpz_apply_nsip_trigger()
2302 ms->rpz_applied = 1; in rpz_apply_nsip_trigger()
2306 ms->rpz_applied = 1; in rpz_apply_nsip_trigger()
2309 /* basically a passthru here but the tcp-only will be in rpz_apply_nsip_trigger()
2311 ms->tcp_required = 1; in rpz_apply_nsip_trigger()
2316 ms->rpz_applied = 1; in rpz_apply_nsip_trigger()
2317 ms->is_drop = 1; in rpz_apply_nsip_trigger()
2322 ms->rpz_applied = 1; in rpz_apply_nsip_trigger()
2326 ms->rpz_passthru = 1; in rpz_apply_nsip_trigger()
2330 ms->rpz_applied = 1; in rpz_apply_nsip_trigger()
2339 if(r->log) in rpz_apply_nsip_trigger()
2340 log_rpz_apply("nsip", NULL, &raddr->node, in rpz_apply_nsip_trigger()
2341 action, &ms->qinfo, NULL, ms, r->log_name); in rpz_apply_nsip_trigger()
2342 if(ms->env->worker) in rpz_apply_nsip_trigger()
2343 ms->env->worker->stats.rpz_action[action]++; in rpz_apply_nsip_trigger()
2344 lock_rw_unlock(&raddr->lock); in rpz_apply_nsip_trigger()
2354 enum rpz_action action = localzone_type_to_rpz_action(z->type); in rpz_apply_nsdname_trigger()
2356 if(r->action_override != RPZ_NO_OVERRIDE_ACTION) { in rpz_apply_nsdname_trigger()
2358 rpz_action_to_string(r->action_override), rpz_action_to_string(action)); in rpz_apply_nsdname_trigger()
2359 action = r->action_override; in rpz_apply_nsdname_trigger()
2365 ms->rpz_applied = 1; in rpz_apply_nsdname_trigger()
2369 ms->rpz_applied = 1; in rpz_apply_nsdname_trigger()
2372 /* basically a passthru here but the tcp-only will be in rpz_apply_nsdname_trigger()
2374 ms->tcp_required = 1; in rpz_apply_nsdname_trigger()
2379 ms->rpz_applied = 1; in rpz_apply_nsdname_trigger()
2380 ms->is_drop = 1; in rpz_apply_nsdname_trigger()
2385 ms->rpz_applied = 1; in rpz_apply_nsdname_trigger()
2389 ms->rpz_passthru = 1; in rpz_apply_nsdname_trigger()
2393 ms->rpz_applied = 1; in rpz_apply_nsdname_trigger()
2401 if(r->log) in rpz_apply_nsdname_trigger()
2402 log_rpz_apply("nsdname", match->dname, NULL, in rpz_apply_nsdname_trigger()
2403 action, &ms->qinfo, NULL, ms, r->log_name); in rpz_apply_nsdname_trigger()
2404 if(ms->env->worker) in rpz_apply_nsdname_trigger()
2405 ms->env->worker->stats.rpz_action[action]++; in rpz_apply_nsdname_trigger()
2406 lock_rw_unlock(&z->lock); in rpz_apply_nsdname_trigger()
2421 for(nameserver = dp->nslist; in rpz_delegation_point_zone_lookup()
2423 nameserver = nameserver->next) { in rpz_delegation_point_zone_lookup()
2424 z = rpz_find_zone(zones, nameserver->name, nameserver->namelen, in rpz_delegation_point_zone_lookup()
2427 match->dname = nameserver->name; in rpz_delegation_point_zone_lookup()
2428 match->dname_len = nameserver->namelen; in rpz_delegation_point_zone_lookup()
2431 dname_str(match->dname, nm); in rpz_delegation_point_zone_lookup()
2432 dname_str(z->name, zn); in rpz_delegation_point_zone_lookup()
2435 zn, nm, rpz_action_to_string(localzone_type_to_rpz_action(z->type))); in rpz_delegation_point_zone_lookup()
2438 nm, rpz_action_to_string(localzone_type_to_rpz_action(z->type))); in rpz_delegation_point_zone_lookup()
2457 if(ms->rpz_passthru) { in rpz_callback_from_iterator_module()
2462 if(ms->env == NULL || ms->env->auth_zones == NULL) { return 0; } in rpz_callback_from_iterator_module()
2464 az = ms->env->auth_zones; in rpz_callback_from_iterator_module()
2465 lock_rw_rdlock(&az->rpz_lock); in rpz_callback_from_iterator_module()
2467 verbose(VERB_ALGO, "rpz: iterator module callback: have_rpz=%d", az->rpz_first != NULL); in rpz_callback_from_iterator_module()
2471 * configured. In an RPZ: first client-IP addr, then QNAME, then in rpz_callback_from_iterator_module()
2476 for(a = az->rpz_first; a != NULL; a = a->rpz_az_next) { in rpz_callback_from_iterator_module()
2477 lock_rw_rdlock(&a->lock); in rpz_callback_from_iterator_module()
2478 r = a->rpz; in rpz_callback_from_iterator_module()
2479 if(r->disabled) { in rpz_callback_from_iterator_module()
2480 lock_rw_unlock(&a->lock); in rpz_callback_from_iterator_module()
2483 if(r->taglist && (!ms->client_info || in rpz_callback_from_iterator_module()
2484 !taglist_intersect(r->taglist, r->taglistlen, in rpz_callback_from_iterator_module()
2485 ms->client_info->taglist, in rpz_callback_from_iterator_module()
2486 ms->client_info->taglen))) { in rpz_callback_from_iterator_module()
2487 lock_rw_unlock(&a->lock); in rpz_callback_from_iterator_module()
2492 z = rpz_delegation_point_zone_lookup(is->dp, r->nsdname_zones, in rpz_callback_from_iterator_module()
2493 is->qchase.qclass, &match); in rpz_callback_from_iterator_module()
2495 lock_rw_unlock(&a->lock); in rpz_callback_from_iterator_module()
2501 lock_rw_unlock(&a->lock); in rpz_callback_from_iterator_module()
2504 lock_rw_unlock(&a->lock); in rpz_callback_from_iterator_module()
2507 lock_rw_unlock(&az->rpz_lock); in rpz_callback_from_iterator_module()
2514 lock_rw_unlock(&z->lock); in rpz_callback_from_iterator_module()
2516 return rpz_apply_nsip_trigger(ms, &is->qchase, r, raddr, a); in rpz_callback_from_iterator_module()
2518 return rpz_apply_nsdname_trigger(ms, &is->qchase, r, z, &match, a); in rpz_callback_from_iterator_module()
2531 if(ms->rpz_passthru) { in rpz_callback_from_iterator_cname()
2536 if(ms->env == NULL || ms->env->auth_zones == NULL) { return 0; } in rpz_callback_from_iterator_cname()
2537 az = ms->env->auth_zones; in rpz_callback_from_iterator_cname()
2539 lock_rw_rdlock(&az->rpz_lock); in rpz_callback_from_iterator_cname()
2541 for(a = az->rpz_first; a; a = a->rpz_az_next) { in rpz_callback_from_iterator_cname()
2542 lock_rw_rdlock(&a->lock); in rpz_callback_from_iterator_cname()
2543 r = a->rpz; in rpz_callback_from_iterator_cname()
2544 if(r->disabled) { in rpz_callback_from_iterator_cname()
2545 lock_rw_unlock(&a->lock); in rpz_callback_from_iterator_cname()
2548 if(r->taglist && (!ms->client_info || in rpz_callback_from_iterator_cname()
2549 !taglist_intersect(r->taglist, r->taglistlen, in rpz_callback_from_iterator_cname()
2550 ms->client_info->taglist, in rpz_callback_from_iterator_cname()
2551 ms->client_info->taglen))) { in rpz_callback_from_iterator_cname()
2552 lock_rw_unlock(&a->lock); in rpz_callback_from_iterator_cname()
2555 z = rpz_find_zone(r->local_zones, is->qchase.qname, in rpz_callback_from_iterator_cname()
2556 is->qchase.qname_len, is->qchase.qclass, 0, 0, 0); in rpz_callback_from_iterator_cname()
2557 if(z && r->action_override == RPZ_DISABLED_ACTION) { in rpz_callback_from_iterator_cname()
2558 if(r->log) in rpz_callback_from_iterator_cname()
2559 log_rpz_apply("qname", z->name, NULL, in rpz_callback_from_iterator_cname()
2560 r->action_override, in rpz_callback_from_iterator_cname()
2561 &ms->qinfo, NULL, ms, r->log_name); in rpz_callback_from_iterator_cname()
2562 if(ms->env->worker) in rpz_callback_from_iterator_cname()
2563 ms->env->worker->stats.rpz_action[r->action_override]++; in rpz_callback_from_iterator_cname()
2564 lock_rw_unlock(&z->lock); in rpz_callback_from_iterator_cname()
2571 lock_rw_unlock(&a->lock); in rpz_callback_from_iterator_cname()
2573 lock_rw_unlock(&az->rpz_lock); in rpz_callback_from_iterator_cname()
2577 if(r->action_override == RPZ_NO_OVERRIDE_ACTION) { in rpz_callback_from_iterator_cname()
2578 lzt = z->type; in rpz_callback_from_iterator_cname()
2580 lzt = rpz_action_to_localzone_type(r->action_override); in rpz_callback_from_iterator_cname()
2585 dname_str(is->qchase.qname, nm); in rpz_callback_from_iterator_cname()
2586 dname_str(z->name, zn); in rpz_callback_from_iterator_cname()
2596 ret = rpz_synthesize_nxdomain(r, ms, &is->qchase, a); in rpz_callback_from_iterator_cname()
2597 ms->rpz_applied = 1; in rpz_callback_from_iterator_cname()
2600 ret = rpz_synthesize_nodata(r, ms, &is->qchase, a); in rpz_callback_from_iterator_cname()
2601 ms->rpz_applied = 1; in rpz_callback_from_iterator_cname()
2604 /* basically a passthru here but the tcp-only will be in rpz_callback_from_iterator_cname()
2606 ms->tcp_required = 1; in rpz_callback_from_iterator_cname()
2610 ret = rpz_synthesize_nodata(r, ms, &is->qchase, a); in rpz_callback_from_iterator_cname()
2611 ms->rpz_applied = 1; in rpz_callback_from_iterator_cname()
2612 ms->is_drop = 1; in rpz_callback_from_iterator_cname()
2615 ret = rpz_synthesize_qname_localdata_msg(r, ms, &is->qchase, z, a); in rpz_callback_from_iterator_cname()
2616 if(ret == NULL) { ret = rpz_synthesize_nodata(r, ms, &is->qchase, a); } in rpz_callback_from_iterator_cname()
2617 ms->rpz_applied = 1; in rpz_callback_from_iterator_cname()
2621 ms->rpz_passthru = 1; in rpz_callback_from_iterator_cname()
2628 if(r->log) in rpz_callback_from_iterator_cname()
2629 log_rpz_apply("qname", (z?z->name:NULL), NULL, in rpz_callback_from_iterator_cname()
2631 &is->qchase, NULL, ms, r->log_name); in rpz_callback_from_iterator_cname()
2632 lock_rw_unlock(&z->lock); in rpz_callback_from_iterator_cname()
2633 lock_rw_unlock(&a->lock); in rpz_callback_from_iterator_cname()
2648 struct clientip_synthesized_rr* node = rpz_resolve_client_action_and_zone( in rpz_apply_maybe_clientip_trigger() local
2651 client_action = ((node == NULL) ? RPZ_INVALID_ACTION : node->action); in rpz_apply_maybe_clientip_trigger()
2652 if(node != NULL && *r_out && in rpz_apply_maybe_clientip_trigger()
2653 (*r_out)->action_override != RPZ_NO_OVERRIDE_ACTION) { in rpz_apply_maybe_clientip_trigger()
2654 client_action = (*r_out)->action_override; in rpz_apply_maybe_clientip_trigger()
2657 if(*r_out && (*r_out)->log) in rpz_apply_maybe_clientip_trigger()
2659 (node?"clientip":"qname"), in rpz_apply_maybe_clientip_trigger()
2660 ((*z_out)?(*z_out)->name:NULL), in rpz_apply_maybe_clientip_trigger()
2661 (node?&node->node:NULL), in rpz_apply_maybe_clientip_trigger()
2663 (*r_out)->log_name); in rpz_apply_maybe_clientip_trigger()
2677 stats->rpz_action[client_action]++; in rpz_apply_maybe_clientip_trigger()
2679 rpz_apply_clientip_localdata_action(node, env, qinfo, in rpz_apply_maybe_clientip_trigger()
2693 if(*r_out && (*r_out)->signal_nxdomain_ra && in rpz_apply_maybe_clientip_trigger()
2699 if(*r_out && (*r_out)->log) in rpz_apply_maybe_clientip_trigger()
2701 (node?"clientip":"qname"), in rpz_apply_maybe_clientip_trigger()
2702 ((*z_out)?(*z_out)->name:NULL), in rpz_apply_maybe_clientip_trigger()
2703 (node?&node->node:NULL), in rpz_apply_maybe_clientip_trigger()
2705 (*r_out)->log_name); in rpz_apply_maybe_clientip_trigger()
2708 ret = -1; in rpz_apply_maybe_clientip_trigger()
2710 if(node != NULL) { in rpz_apply_maybe_clientip_trigger()
2711 lock_rw_unlock(&node->lock); in rpz_apply_maybe_clientip_trigger()
2733 lock_rw_unlock(&a->lock); in rpz_callback_from_worker_request()
2736 lock_rw_unlock(&z->lock); in rpz_callback_from_worker_request()
2743 lock_rw_unlock(&a->lock); in rpz_callback_from_worker_request()
2750 if(r->action_override == RPZ_NO_OVERRIDE_ACTION) { in rpz_callback_from_worker_request()
2751 lzt = z->type; in rpz_callback_from_worker_request()
2753 lzt = rpz_action_to_localzone_type(r->action_override); in rpz_callback_from_worker_request()
2755 if(r->action_override == RPZ_PASSTHRU_ACTION || in rpz_callback_from_worker_request()
2762 dname_str(qinfo->qname, nm); in rpz_callback_from_worker_request()
2763 dname_str(z->name, zn); in rpz_callback_from_worker_request()
2775 lock_rw_unlock(&z->lock); in rpz_callback_from_worker_request()
2776 lock_rw_unlock(&a->lock); in rpz_callback_from_worker_request()
2785 r->disabled = 0; in rpz_enable()
2792 r->disabled = 1; in rpz_disable()