New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rec: correct appliedPolicyTrigger value for IP matches #10842
Changes from 4 commits
b143b5f
9524d9c
562c1c1
f9de1f7
e4387f4
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||||
---|---|---|---|---|---|---|
|
@@ -50,13 +50,21 @@ bool DNSFilterEngine::Zone::findExactQNamePolicy(const DNSName& qname, DNSFilter | |||||
|
||||||
bool DNSFilterEngine::Zone::findExactNSPolicy(const DNSName& qname, DNSFilterEngine::Policy& pol) const | ||||||
{ | ||||||
return findExactNamedPolicy(d_propolName, qname, pol); | ||||||
if (findExactNamedPolicy(d_propolName, qname, pol)) { | ||||||
pol.d_trigger = qname; | ||||||
pol.d_trigger.appendRawLabel(rpzNSDnameName); | ||||||
return true; | ||||||
} | ||||||
return false; | ||||||
} | ||||||
|
||||||
bool DNSFilterEngine::Zone::findNSIPPolicy(const ComboAddress& addr, DNSFilterEngine::Policy& pol) const | ||||||
{ | ||||||
if (const auto fnd = d_propolNSAddr.lookup(addr)) { | ||||||
pol = fnd->second; | ||||||
pol.d_trigger = Zone::maskToRPZ(fnd->first); | ||||||
pol.d_trigger.appendRawLabel(rpzNSIPName); | ||||||
pol.d_hit = addr.toString(); | ||||||
return true; | ||||||
} | ||||||
return false; | ||||||
|
@@ -66,6 +74,9 @@ bool DNSFilterEngine::Zone::findResponsePolicy(const ComboAddress& addr, DNSFilt | |||||
{ | ||||||
if (const auto fnd = d_postpolAddr.lookup(addr)) { | ||||||
pol = fnd->second; | ||||||
pol.d_trigger = Zone::maskToRPZ(fnd->first); | ||||||
pol.d_trigger.appendRawLabel(rpzIPName); | ||||||
pol.d_hit = addr.toString(); | ||||||
return true; | ||||||
} | ||||||
return false; | ||||||
|
@@ -75,6 +86,9 @@ bool DNSFilterEngine::Zone::findClientPolicy(const ComboAddress& addr, DNSFilter | |||||
{ | ||||||
if (const auto fnd = d_qpolAddr.lookup(addr)) { | ||||||
pol = fnd->second; | ||||||
pol.d_trigger = Zone::maskToRPZ(fnd->first); | ||||||
pol.d_trigger.appendRawLabel(rpzClientIPName); | ||||||
pol.d_hit = addr.toString(); | ||||||
return true; | ||||||
} | ||||||
return false; | ||||||
|
@@ -179,17 +193,13 @@ bool DNSFilterEngine::getProcessingPolicy(const DNSName& qname, const std::unord | |||||
} | ||||||
if (z->findExactNSPolicy(qname, pol)) { | ||||||
// cerr<<"Had a hit on the nameserver ("<<qname<<") used to process the query"<<endl; | ||||||
pol.d_trigger = qname; | ||||||
pol.d_trigger.appendRawLabel(rpzNSDnameName); | ||||||
pol.d_hit = qname.toStringNoDot(); | ||||||
return true; | ||||||
} | ||||||
|
||||||
for (const auto& wc : wcNames) { | ||||||
if (z->findExactNSPolicy(wc, pol)) { | ||||||
// cerr<<"Had a hit on the nameserver ("<<qname<<") used to process the query"<<endl; | ||||||
pol.d_trigger = wc; | ||||||
pol.d_trigger.appendRawLabel(rpzNSDnameName); | ||||||
// Hit is not arg to findExactNSPolicy! | ||||||
pol.d_hit = qname.toStringNoDot(); | ||||||
return true; | ||||||
} | ||||||
|
@@ -212,12 +222,9 @@ bool DNSFilterEngine::getProcessingPolicy(const ComboAddress& address, const std | |||||
continue; | ||||||
} | ||||||
|
||||||
Netmask key; | ||||||
if(z->findNSIPPolicy(address, pol)) { | ||||||
// cerr<<"Had a hit on the nameserver ("<<address.toString()<<") used to process the query"<<endl; | ||||||
// XXX should use ns RPZ | ||||||
pol.d_trigger = Zone::maskToRPZ(address); | ||||||
pol.d_trigger.appendRawLabel(rpzNSIPName); | ||||||
pol.d_hit = address.toString(); | ||||||
return true; | ||||||
} | ||||||
} | ||||||
|
@@ -236,6 +243,7 @@ bool DNSFilterEngine::getClientPolicy(const ComboAddress& ca, const std::unorder | |||||
continue; | ||||||
} | ||||||
|
||||||
Netmask key; | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Leftover as well? |
||||||
if (z->findClientPolicy(ca, pol)) { | ||||||
// cerr<<"Had a hit on the IP address ("<<ca.toString()<<") of the client"<<endl; | ||||||
rgacogne marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||
return true; | ||||||
|
@@ -294,15 +302,13 @@ bool DNSFilterEngine::getQueryPolicy(const DNSName& qname, const std::unordered_ | |||||
|
||||||
if (z->findExactQNamePolicy(qname, pol)) { | ||||||
// cerr<<"Had a hit on the name of the query"<<endl; | ||||||
pol.d_trigger = qname; | ||||||
pol.d_hit = qname.toStringNoDot(); | ||||||
return true; | ||||||
} | ||||||
|
||||||
for (const auto& wc : wcNames) { | ||||||
if (z->findExactQNamePolicy(wc, pol)) { | ||||||
// cerr<<"Had a hit on the name of the query"<<endl; | ||||||
pol.d_trigger = wc; | ||||||
// Hit is not arg to findExactQNamePolicy! | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
|
||||||
pol.d_hit = qname.toStringNoDot(); | ||||||
return true; | ||||||
} | ||||||
|
@@ -355,10 +361,8 @@ bool DNSFilterEngine::getPostPolicy(const DNSRecord& record, const std::unordere | |||||
return false; | ||||||
} | ||||||
|
||||||
Netmask key; | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Leftover? |
||||||
if (z->findResponsePolicy(ca, pol)) { | ||||||
pol.d_trigger = Zone::maskToRPZ(ca); | ||||||
pol.d_trigger.appendRawLabel(rpzIPName); | ||||||
pol.d_hit = ca.toString(); | ||||||
return true; | ||||||
} | ||||||
} | ||||||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Leftover?