New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dnsdist: Make custom LuaAction and LuaResponsAction second return value optional #6363
Changes from 6 commits
c134cba
fbd6b77
049ce64
311f9aa
63cdc73
9a0f696
0b3789e
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -73,7 +73,7 @@ DNS Section | |
DNSAction | ||
--------- | ||
|
||
These constants represent an Action that can be returned from the functions invoked by :func:`addLuaAction` and :func:`addLuaResponseAction`. | ||
These constants represent an Action that can be returned from the functions invoked by :func:`addLuaAction`. | ||
|
||
* ``DNSAction.Allow``: let the query pass, skipping other rules | ||
* ``DNSAction.Delay``: delay the response for the specified milliseconds (UDP-only), continue to the next rule | ||
|
@@ -83,4 +83,21 @@ These constants represent an Action that can be returned from the functions invo | |
* ``DNSAction.Nxdomain``: return a response with a NXDomain rcode | ||
* ``DNSAction.Pool``: use the specified pool to forward this query | ||
* ``DNSAction.Refused``: return a response with a Refused rcode | ||
* ``DNSAction.ServFail``: return a response with a ServFail rcode | ||
* ``DNSAction.Spoof``: spoof the response using the supplied IPv4 (A), IPv6 (AAAA) or string (CNAME) value | ||
* ``DNSAction.Truncate``: truncate the response | ||
|
||
|
||
.. _DNSResponseAction: | ||
|
||
DNSResponseAction | ||
----------------- | ||
|
||
These constants represent an Action that can be returned from the functions invoked by :func:`addLuaResponseAction`. | ||
|
||
* ``DNSResponseAction.Allow``: let the query pass, skipping other rules | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. s/query/response/ |
||
* ``DNSResponseAction.Delay``: delay the response for the specified milliseconds (UDP-only), continue to the next rule | ||
* ``DNSResponseAction.Drop``: drop the query | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. s/query/response/ |
||
* ``DNSResponseAction.HeaderModify``: indicate that the query has been turned into a response | ||
* ``DNSResponseAction.None``: continue to the next rule | ||
* ``DNSResponseAction.ServFail``: return a response with a ServFail rcode |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -150,7 +150,9 @@ Rule Generators | |
|
||
Invoke a Lua function that accepts a :class:`DNSQuestion`. | ||
This function works similar to using :func:`LuaAction`. | ||
The ``function`` should return a :ref:`DNSAction`. If the Lua code fails, ServFail is returned. | ||
The ``function`` should return both a :ref:`DNSAction` and its argument `rule`. The `rule` is used as an argument | ||
of the following :ref:`DNSAction`: `DNSAction.Spoof`, `DNSAction.Pool` and `DNSAction.Delay`. As of version `1.3.0`, you can | ||
ommit the argument. For earlier releases, simply return an empty string. If the Lua code fails, ServFail is returned. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. s/ommit/omit/ |
||
|
||
:param DNSRule: match queries based on this rule | ||
:param string function: the name of a Lua function | ||
|
@@ -160,14 +162,30 @@ Rule Generators | |
|
||
* ``uuid``: string - UUID to assign to the new rule. By default a random UUID is generated for each rule. | ||
|
||
:: | ||
|
||
function luarule(dq) | ||
if(dq.qtype==35) -- NAPTR | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Wouldn't |
||
then | ||
return DNSAction.Pool, "abuse" -- send to abuse pool | ||
else | ||
return DNSAction.None, "" -- no action | ||
-- return DNSAction.None -- as of dnsdist version 1.3.0 | ||
end | ||
end | ||
|
||
addLuaAction(AllRule(), luarule) | ||
|
||
.. function:: addLuaResponseAction(DNSrule, function [, options]) | ||
|
||
.. versionchanged:: 1.3.0 | ||
Added the optional parameter ``options``. | ||
|
||
Invoke a Lua function that accepts a :class:`DNSResponse`. | ||
This function works similar to using :func:`LuaResponseAction`. | ||
The ``function`` should return a :ref:`DNSResponseAction`. If the Lua code fails, ServFail is returned. | ||
The ``function`` should return both a :ref:`DNSResponseAction` and its argument `rule`. The `rule` is used as an argument | ||
of the `DNSResponseAction.Delay`. As of version `1.3.0`, you can ommit the argument (see :func:`addLuaAction`). For earlier | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. s/ommit/omit/ |
||
releases, simply return an empty string. If the Lua code fails, ServFail is returned. | ||
|
||
:param DNSRule: match queries based on this rule | ||
:param string function: the name of a Lua function | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -1279,6 +1279,42 @@ def testRefusedViaLua(self): | |
refusedResponse.id = receivedResponse.id | ||
self.assertEquals(receivedResponse, refusedResponse) | ||
|
||
class TestAdvancedLuaActionReturnSyntax(DNSDistTest): | ||
|
||
_config_template = """ | ||
function refuse(dq) | ||
return DNSAction.Refused | ||
end | ||
addAction(AllRule(), LuaAction(refuse)) | ||
newServer{address="127.0.0.1:%s"} | ||
""" | ||
|
||
def testRefusedWithEmptyRule(self): | ||
""" | ||
Advanced: Short syntax for LuaAction return values | ||
""" | ||
name = 'refused.advanced.tests.powerdns.com.' | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Would you mind using a different qname than the previous test? It often makes debugging easier. |
||
query = dns.message.make_query(name, 'A', 'IN') | ||
response = dns.message.make_response(query) | ||
rrset = dns.rrset.from_text(name, | ||
3600, | ||
dns.rdataclass.IN, | ||
dns.rdatatype.AAAA, | ||
'::1') | ||
response.answer.append(rrset) | ||
refusedResponse = dns.message.make_response(query) | ||
refusedResponse.set_rcode(dns.rcode.REFUSED) | ||
|
||
(_, receivedResponse) = self.sendUDPQuery(query, response=None, useQueue=False) | ||
self.assertTrue(receivedResponse) | ||
refusedResponse.id = receivedResponse.id | ||
self.assertEquals(receivedResponse, refusedResponse) | ||
|
||
(_, receivedResponse) = self.sendTCPQuery(query, response=None, useQueue=False) | ||
self.assertTrue(receivedResponse) | ||
refusedResponse.id = receivedResponse.id | ||
self.assertEquals(receivedResponse, refusedResponse) | ||
|
||
class TestAdvancedLuaTruncated(DNSDistTest): | ||
|
||
_config_template = """ | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a nit but
dq
made more sense thandr
here :)