|
unbound
0.1
|
#include "config.h"#include "services/rpz.h"#include "util/config_file.h"#include "sldns/wire2str.h"#include "sldns/str2wire.h"#include "util/data/dname.h"#include "util/net_help.h"#include "util/log.h"#include "util/locks.h"#include "util/regional.h"Functions | |
| const char * | rpz_action_to_string (enum rpz_action a) |
| string for RPZ action enum More... | |
| static enum rpz_action | rpz_config_to_action (char *a) |
| RPZ action enum for config string. | |
| static const char * | rpz_trigger_to_string (enum rpz_trigger r) |
| string for RPZ trigger enum | |
| static uint8_t * | get_tld_label (uint8_t *dname, size_t maxdnamelen) |
| Get the label that is just before the root label. More... | |
| static enum rpz_action | rpz_rr_to_action (uint16_t rr_type, uint8_t *rdatawl, size_t rdatalen) |
| Classify RPZ action for RR type/rdata. More... | |
| static enum localzone_type | rpz_action_to_localzone_type (enum rpz_action a) |
| enum respip_action | rpz_action_to_respip_action (enum rpz_action a) |
| Classify respip action for RPZ action. More... | |
| static enum rpz_action | localzone_type_to_rpz_action (enum localzone_type lzt) |
| enum rpz_action | respip_action_to_rpz_action (enum respip_action a) |
| static enum rpz_trigger | rpz_dname_to_trigger (uint8_t *dname, size_t dname_len) |
| Get RPZ trigger for dname. More... | |
| void | rpz_delete (struct rpz *r) |
| Delete RPZ. More... | |
| int | rpz_clear (struct rpz *r) |
| Clear local-zones and respip data in RPZ, used after reloading file or AXFR/HTTP transfer. More... | |
| void | rpz_finish_config (struct rpz *r) |
| Prepare RPZ after procesing feed content. More... | |
| static struct ub_packed_rrset_key * | new_cname_override (struct regional *region, uint8_t *ct, size_t ctlen) |
| new rrset containing CNAME override, does not yet contain a dname | |
| struct rpz * | rpz_create (struct config_auth *p) |
| Create RPZ. More... | |
| static size_t | strip_dname_origin (uint8_t *dname, size_t dnamelen, size_t originlen, uint8_t *newdname, size_t maxnewdnamelen) |
| Remove RPZ zone name from dname Copy dname to newdname, without the originlen number of trailing bytes. | |
| static void | rpz_insert_qname_trigger (struct rpz *r, uint8_t *dname, size_t dnamelen, enum rpz_action a, uint16_t rrtype, uint16_t rrclass, uint32_t ttl, uint8_t *rdata, size_t rdata_len, uint8_t *rr, size_t rr_len) |
| Insert RR into RPZ's local-zone. | |
| static int | rpz_insert_response_ip_trigger (struct rpz *r, uint8_t *dname, size_t dnamelen, enum rpz_action a, uint16_t rrtype, uint16_t rrclass, uint32_t ttl, uint8_t *rdata, size_t rdata_len, uint8_t *rr, size_t rr_len) |
| Insert RR into RPZ's respip_set. | |
| int | rpz_insert_rr (struct rpz *r, uint8_t *azname, size_t aznamelen, uint8_t *dname, size_t dnamelen, uint16_t rr_type, uint16_t rr_class, uint32_t rr_ttl, uint8_t *rdatawl, size_t rdatalen, uint8_t *rr, size_t rr_len) |
| Create policy from RR and add to this RPZ. More... | |
| static struct local_zone * | rpz_find_zone (struct rpz *r, uint8_t *qname, size_t qname_len, uint16_t qclass, int only_exact, int wr, int zones_keep_lock) |
| Find RPZ local-zone by qname. More... | |
| static int | rpz_data_delete_rr (struct local_zone *z, uint8_t *policydname, size_t policydnamelen, uint16_t rr_type, uint8_t *rdata, size_t rdatalen) |
| Remove RR from RPZ's local-data. More... | |
| static int | rpz_rrset_delete_rr (struct resp_addr *raddr, uint16_t rr_type, uint8_t *rdata, size_t rdatalen) |
| Remove RR from RPZ's respip set. More... | |
| static void | rpz_remove_qname_trigger (struct rpz *r, uint8_t *dname, size_t dnamelen, enum rpz_action a, uint16_t rr_type, uint16_t rr_class, uint8_t *rdatawl, size_t rdatalen) |
| Remove RR from RPZ's local-zone. | |
| static void | rpz_remove_response_ip_trigger (struct rpz *r, uint8_t *dname, size_t dnamelen, enum rpz_action a, uint16_t rr_type, uint8_t *rdatawl, size_t rdatalen) |
| void | rpz_remove_rr (struct rpz *r, size_t aznamelen, uint8_t *dname, size_t dnamelen, uint16_t rr_type, uint16_t rr_class, uint8_t *rdatawl, size_t rdatalen) |
| Delete policy matching RR, used for IXFR. More... | |
| static void | log_rpz_apply (uint8_t *dname, enum rpz_action a, struct query_info *qinfo, struct comm_reply *repinfo, char *log_name) |
| print log information for an applied RPZ policy. More... | |
| int | rpz_apply_qname_trigger (struct auth_zones *az, struct module_env *env, struct query_info *qinfo, struct edns_data *edns, sldns_buffer *buf, struct regional *temp, struct comm_reply *repinfo, uint8_t *taglist, size_t taglen, struct ub_server_stats *stats) |
| Walk over the RPZ zones to find and apply a QNAME trigger policy. More... | |
This file contains functions to enable RPZ service.
| const char* rpz_action_to_string | ( | enum rpz_action | a | ) |
string for RPZ action enum
String for RPZ action enum.
Referenced by log_rpz_apply(), and respip_inform_print().
|
static |
Get the label that is just before the root label.
| dname | dname to work on |
| maxdnamelen | maximum length of the dname |
|
static |
Classify RPZ action for RR type/rdata.
| rr_type | the RR type |
| rdatawl | RDATA with 2 bytes length |
| rdatalen | the length of rdatawl (including its 2 bytes length) |
Referenced by rpz_insert_rr(), and rpz_remove_rr().
| enum respip_action rpz_action_to_respip_action | ( | enum rpz_action | a | ) |
Classify respip action for RPZ action.
| a | RPZ action |
Referenced by rpz_insert_response_ip_trigger().
|
static |
Get RPZ trigger for dname.
| dname | dname containing RPZ trigger |
| dname_len | length of the dname |
Referenced by rpz_insert_rr().
| void rpz_delete | ( | struct rpz * | r | ) |
Delete RPZ.
| r | RPZ struct to delete |
References local_zones_delete(), regional_destroy(), and respip_set_delete().
Referenced by auth_zone_delete().
| int rpz_clear | ( | struct rpz * | r | ) |
Clear local-zones and respip data in RPZ, used after reloading file or AXFR/HTTP transfer.
| r | RPZ to use |
References local_zones_create(), local_zones_delete(), respip_set_create(), and respip_set_delete().
Referenced by apply_axfr(), apply_http(), and auth_zone_read_zonefile().
| void rpz_finish_config | ( | struct rpz * | r | ) |
Prepare RPZ after procesing feed content.
| r | RPZ to use |
References addr_tree_init_parents().
Referenced by auth_zone_read_zonefile(), and xfr_process_chunk_list().
| struct rpz* rpz_create | ( | struct config_auth * | p | ) |
Create RPZ.
RPZ must be added to linked list after creation.
References local_zones_create(), memdup(), regional_create_custom(), respip_set_create(), config_auth::rpz_action_override, rpz_config_to_action(), config_auth::rpz_taglist, and config_auth::rpz_taglistlen.
Referenced by auth_zones_cfg().
| int rpz_insert_rr | ( | struct rpz * | r, |
| uint8_t * | azname, | ||
| size_t | aznamelen, | ||
| uint8_t * | dname, | ||
| size_t | dnamelen, | ||
| uint16_t | rr_type, | ||
| uint16_t | rr_class, | ||
| uint32_t | rr_ttl, | ||
| uint8_t * | rdatawl, | ||
| size_t | rdatalen, | ||
| uint8_t * | rr, | ||
| size_t | rr_len | ||
| ) |
Create policy from RR and add to this RPZ.
| r | the rpz to add the policy to. |
| azname | dname of the auth-zone |
| aznamelen | the length of the auth-zone name |
| dname | dname of the RR |
| dnamelen | length of the dname |
| rr_type | RR type of the RR |
| rr_class | RR class of the RR |
| rr_ttl | TTL of the RR |
| rdatawl | rdata of the RR, prepended with the rdata size |
| rdatalen | length if the RR, including the prepended rdata size |
| rr | the complete RR, for logging purposes |
| rr_len | the length of the complete RR |
References dname_subdomain_c(), log_assert, log_err(), rpz_dname_to_trigger(), rpz_rr_to_action(), and strip_dname_origin().
Referenced by az_insert_rr().
|
static |
Find RPZ local-zone by qname.
| r | rpz containing local-zone tree |
| qname | qname |
| qname_len | length of qname |
| qclass | qclass |
| only_exact | if 1 only excact (non wildcard) matches are returned |
| wr | get write lock for local-zone if 1, read lock if 0 |
| zones_keep_lock | if set do not release the r->local_zones lock, this makes the caller of this function responsible for releasing the lock. |
References dname_count_labels(), dname_count_size_labels(), dname_get_shared_topdomain(), LDNS_MAX_DOMAINLEN, LDNS_RR_CLASS_IN, local_zones_find_le(), local_zones::lock, local_zone::lock, and local_zone::name.
Referenced by rpz_apply_qname_trigger(), and rpz_remove_qname_trigger().
|
static |
Remove RR from RPZ's local-data.
| z | local-zone for RPZ, holding write lock |
| policydname | dname of RR to remove |
| policydnamelen | lenth of policydname |
| rr_type | RR type of RR to remove |
| rdata | rdata of RR to remove |
| rdatalen | length of rdata |
References packed_rrset_data::count, dname_count_labels(), local_rrset_remove_rr(), local_zone_find_data(), local_rrset::next, packed_rrset_find_rr(), and local_data::rrsets.
|
static |
Remove RR from RPZ's respip set.
| raddr | respip node |
| rr_type | RR type of RR to remove |
| rdata | rdata of RR to remove |
| rdatalen | length of rdata |
References packed_rrset_data::count, resp_addr::data, lruhash_entry::data, ub_packed_rrset_key::entry, local_rrset_remove_rr(), packed_rrset_find_rr(), ub_packed_rrset_key::rk, and packed_rrset_key::type.
| void rpz_remove_rr | ( | struct rpz * | r, |
| size_t | aznamelen, | ||
| uint8_t * | dname, | ||
| size_t | dnamelen, | ||
| uint16_t | rr_type, | ||
| uint16_t | rr_class, | ||
| uint8_t * | rdatawl, | ||
| size_t | rdatalen | ||
| ) |
Delete policy matching RR, used for IXFR.
| r | the rpz to add the policy to. |
| aznamelen | the length of the auth-zone name |
| dname | dname of the RR |
| dnamelen | length of the dname |
| rr_type | RR type of the RR |
| rr_class | RR class of the RR |
| rdatawl | rdata of the RR, prepended with the rdata size |
| rdatalen | length if the RR, including the prepended rdata size |
References LDNS_MAX_DOMAINLEN, and rpz_rr_to_action().
Referenced by az_remove_rr().
|
static |
print log information for an applied RPZ policy.
Based on local-zone's lz_inform_print().
References comm_reply::addr, addr_to_str(), comm_reply::addrlen, dname_str(), LDNS_MAX_DOMAINLEN, log_nametypeclass(), query_info::qclass, query_info::qname, query_info::qtype, and rpz_action_to_string().
| int rpz_apply_qname_trigger | ( | struct auth_zones * | az, |
| struct module_env * | env, | ||
| struct query_info * | qinfo, | ||
| struct edns_data * | edns, | ||
| sldns_buffer * | buf, | ||
| struct regional * | temp, | ||
| struct comm_reply * | repinfo, | ||
| uint8_t * | taglist, | ||
| size_t | taglen, | ||
| struct ub_server_stats * | stats | ||
| ) |
Walk over the RPZ zones to find and apply a QNAME trigger policy.
| az | auth_zones struct, containing first RPZ item and RPZ lock |
| env | module env |
| qinfo | qinfo containing qname and qtype |
| edns | edns data |
| buf | buffer to write answer to |
| temp | scratchpad |
| repinfo | reply info |
| taglist | taglist to lookup. |
| taglen | lenth of taglist. |
| stats | worker stats struct |
References auth_zone::lock, query_info::qclass, query_info::qname, query_info::qname_len, auth_zone::rpz, auth_zone::rpz_az_next, rpz_find_zone(), auth_zones::rpz_first, auth_zones::rpz_lock, and taglist_intersect().
1.8.18