#include <isc/lang.h>#include <dns/fixedname.h>#include <dns/rdata.h>#include <dns/types.h>#include <isc/refcount.h>Go to the source code of this file.
| #define DNS_RPZ_PREFIX "rpz-" |
| #define DNS_RPZ_CLIENT_IP_ZONE DNS_RPZ_PREFIX"client-ip" |
| #define DNS_RPZ_IP_ZONE DNS_RPZ_PREFIX"ip" |
| #define DNS_RPZ_NSIP_ZONE DNS_RPZ_PREFIX"nsip" |
| #define DNS_RPZ_NSDNAME_ZONE DNS_RPZ_PREFIX"nsdname" |
| #define DNS_RPZ_PASSTHRU_NAME DNS_RPZ_PREFIX"passthru" |
| #define DNS_RPZ_DROP_NAME DNS_RPZ_PREFIX"drop" |
| #define DNS_RPZ_TCP_ONLY_NAME DNS_RPZ_PREFIX"tcp-only" |
| #define DNS_RPZ_MAX_ZONES 32 |
| #define DNS_RPZ_ALL_ZBITS ((dns_rpz_zbits_t)-1) |
| #define DNS_RPZ_INVALID_NUM DNS_RPZ_MAX_ZONES |
Definition at line 93 of file rpz.h.
Referenced by configure_zone(), dns_rbtdb_create(), dns_rpz_find_ip(), dns_zone_create(), dns_zone_rpz_enable(), dns_zone_rpz_enable_db(), rpz_attach(), rpz_ready(), rpz_rewrite_ip(), and zone_free().
| #define DNS_RPZ_ZBIT | ( | n | ) | (((dns_rpz_zbits_t)1) << (dns_rpz_num_t)(n)) |
Definition at line 95 of file rpz.h.
Referenced by adj_trigger_cnt(), configure_rpz_zone(), configure_view(), dns_rpz_beginload(), dns_rpz_ready(), dns_zone_rpz_enable(), fix_triggers(), make_nm_set(), and name2ipkey().
| #define DNS_RPZ_ZMASK | ( | n | ) |
Value:
((dns_rpz_zbits_t)((((n) >= DNS_RPZ_MAX_ZONES-1) ? \ 0 : (1<<((n)+1))) -1))
Definition at line 101 of file rpz.h.
Referenced by fix_qname_skip_recurse(), rpz_get_zbits(), and rpz_rewrite_ip().
| #define DNS_RPZ_REWRITTEN 0x0001 |
| #define DNS_RPZ_DONE_CLIENT_IP 0x0002 |
| #define DNS_RPZ_DONE_QNAME 0x0004 |
| #define DNS_RPZ_DONE_QNAME_IP 0x0008 |
| #define DNS_RPZ_DONE_NSDNAME 0x0010 |
| #define DNS_RPZ_DONE_IPv4 0x0020 |
| #define DNS_RPZ_RECURSING 0x0040 |
Definition at line 217 of file rpz.h.
Referenced by query_find(), rpz_rewrite(), and rpz_rrset_find().
| #define DNS_RPZ_TTL_DEFAULT 5 |
| #define DNS_RPZ_MAX_TTL_DEFAULT DNS_RPZ_TTL_DEFAULT |
| #define DNS_RPZ_ERROR_LEVEL ISC_LOG_WARNING |
Definition at line 278 of file rpz.h.
Referenced by add_cidr(), configure_rpz_name(), configure_rpz_name2(), configure_rpz_zone(), configure_view(), del_name(), dns_rpz_find_ip(), dns_rpz_find_name(), dns_rpz_ready(), findnodeintree(), rpz_find_p(), rpz_get_p_name(), rpz_getdb(), rpz_rewrite(), rpz_rewrite_ip_rrset(), and rpz_rrset_find().
| #define DNS_RPZ_INFO_LEVEL ISC_LOG_INFO |
Definition at line 279 of file rpz.h.
Referenced by fix_triggers(), rpz_log_rewrite(), and rpz_rewrite().
| #define DNS_RPZ_DEBUG_LEVEL1 ISC_LOG_DEBUG(1) |
Definition at line 280 of file rpz.h.
Referenced by rpz_get_p_name(), rpz_log_fail(), rpz_rewrite(), and rpz_rewrite_ip_rrset().
| #define DNS_RPZ_DEBUG_LEVEL2 ISC_LOG_DEBUG(2) |
| #define DNS_RPZ_DEBUG_LEVEL3 ISC_LOG_DEBUG(3) |
| #define DNS_RPZ_DEBUG_QUIET (DNS_RPZ_DEBUG_LEVEL3+1) |
| typedef isc_uint8_t dns_rpz_prefix_t |
| typedef isc_uint8_t dns_rpz_num_t |
| typedef isc_uint32_t dns_rpz_zbits_t |
| typedef struct dns_rpz_triggers dns_rpz_triggers_t |
| typedef struct dns_rpz_zone dns_rpz_zone_t |
| typedef struct dns_rpz_cidr_node dns_rpz_cidr_node_t |
| typedef struct dns_rpz_zones dns_rpz_zones_t |
| enum dns_rpz_type_t |
| enum dns_rpz_policy_t |
| const char* dns_rpz_type2str | ( | dns_rpz_type_t | type | ) |
Definition at line 177 of file rpz.c.
References DNS_RPZ_TYPE_BAD, DNS_RPZ_TYPE_CLIENT_IP, DNS_RPZ_TYPE_IP, DNS_RPZ_TYPE_NSDNAME, DNS_RPZ_TYPE_NSIP, DNS_RPZ_TYPE_QNAME, and FATAL_ERROR.
Referenced by rpz_getdb(), rpz_log_fail(), and rpz_log_rewrite().
| dns_rpz_policy_t dns_rpz_str2policy | ( | const char * | str | ) |
Definition at line 197 of file rpz.c.
References DNS_RPZ_POLICY_CNAME, DNS_RPZ_POLICY_DISABLED, DNS_RPZ_POLICY_DROP, DNS_RPZ_POLICY_ERROR, DNS_RPZ_POLICY_GIVEN, DNS_RPZ_POLICY_NODATA, DNS_RPZ_POLICY_NXDOMAIN, DNS_RPZ_POLICY_PASSTHRU, and DNS_RPZ_POLICY_TCP_ONLY.
Referenced by configure_rpz_zone().
| const char* dns_rpz_policy2str | ( | dns_rpz_policy_t | policy | ) |
Definition at line 224 of file rpz.c.
References DNS_RPZ_POLICY_CNAME, DNS_RPZ_POLICY_DROP, DNS_RPZ_POLICY_MISS, DNS_RPZ_POLICY_NODATA, DNS_RPZ_POLICY_NXDOMAIN, DNS_RPZ_POLICY_PASSTHRU, DNS_RPZ_POLICY_RECORD, DNS_RPZ_POLICY_TCP_ONLY, DNS_RPZ_POLICY_WILDCNAME, INSIST, POST, and str.
Referenced by rpz_log_rewrite().
| dns_rpz_policy_t dns_rpz_decode_cname | ( | dns_rpz_zone_t * | rpz, | |
| dns_rdataset_t * | rdataset, | |||
| dns_name_t * | selfname | |||
| ) |
Definition at line 2107 of file rpz.c.
References dns_name_countlabels(), dns_name_equal(), dns_name_iswildcard(), DNS_RDATA_INIT, dns_rdata_reset(), dns_rdata_tostruct(), dns_rdataset_current(), dns_rdataset_first(), dns_rootname, DNS_RPZ_POLICY_DROP, DNS_RPZ_POLICY_NODATA, DNS_RPZ_POLICY_NXDOMAIN, DNS_RPZ_POLICY_PASSTHRU, DNS_RPZ_POLICY_RECORD, DNS_RPZ_POLICY_TCP_ONLY, DNS_RPZ_POLICY_WILDCNAME, dns_rpz_zone::drop, INSIST, ISC_R_SUCCESS, dns_rpz_zone::passthru, and dns_rpz_zone::tcp_only.
Referenced by rpz_find_p().
| isc_result_t dns_rpz_new_zones | ( | dns_rpz_zones_t ** | rpzsp, | |
| isc_mem_t * | mctx | |||
| ) |
Definition at line 1228 of file rpz.c.
References DESTROYLOCK, dns_rbt_create(), isc_mem_attach(), isc_mem_get, isc_mem_put, isc_mutex_init, ISC_R_NOMEMORY, ISC_R_SUCCESS, isc_refcount_decrement, isc_refcount_destroy, isc_refcount_init(), REQUIRE, and rpz_node_deleter().
Referenced by configure_rpz(), and dns_rpz_beginload().
| void dns_rpz_attach_rpzs | ( | dns_rpz_zones_t * | source, | |
| dns_rpz_zones_t ** | target | |||
| ) |
Definition at line 1349 of file rpz.c.
References isc_refcount_increment, dns_rpz_zones::refs, and REQUIRE.
Referenced by configure_rpz(), dns_rpz_beginload(), dns_zone_rpz_enable(), and rpz_attach().
| void dns_rpz_detach_rpzs | ( | dns_rpz_zones_t ** | rpzsp | ) |
Definition at line 1359 of file rpz.c.
References cidr_free(), DESTROYLOCK, dns_rbt_destroy(), DNS_RPZ_MAX_ZONES, isc_mem_putanddetach, isc_refcount_decrement, isc_refcount_destroy, dns_rpz_zones::maint_lock, dns_rpz_zones::mctx, dns_rpz_zones::rbt, dns_rpz_zones::refs, REQUIRE, rpz_detach(), dns_rpz_zones::search_lock, and dns_rpz_zones::zones.
Referenced by configure_rpz(), destroy(), dns_rpz_ready(), free_rbtdb(), and zone_free().
| isc_result_t dns_rpz_beginload | ( | dns_rpz_zones_t ** | load_rpzsp, | |
| dns_rpz_zones_t * | rpzs, | |||
| dns_rpz_num_t | rpz_num | |||
| ) |
Definition at line 1397 of file rpz.c.
References dns_rpz_attach_rpzs(), dns_rpz_new_zones(), DNS_RPZ_ZBIT, ISC_R_SUCCESS, isc_refcount_increment, dns_rpz_zones::load_begun, LOCK, dns_rpz_zones::maint_lock, dns_rpz_zones::mctx, dns_rpz_zones::num_zones, dns_rpz_zones::p, dns_rpz_zone::refs, REQUIRE, dns_rpz_zones::search_lock, dns_rpz_zones::total_triggers, dns_rpz_zones::triggers, UNLOCK, and dns_rpz_zones::zones.
Referenced by beginload().
| isc_result_t dns_rpz_ready | ( | dns_rpz_zones_t * | rpzs, | |
| dns_rpz_zones_t ** | load_rpzsp, | |||
| dns_rpz_num_t | rpz_num | |||
| ) |
Definition at line 1514 of file rpz.c.
References add_nm(), dns_rpz_cidr_node::child, dns_rpz_zones::cidr, dns_rpz_addr_zbits::client_ip, dns_rbtnode::data, dns_fixedname_init, dns_fixedname_name, dns_lctx, DNS_LOGCATEGORY_RPZ, DNS_LOGMODULE_RBTDB, dns_name_concatenate(), DNS_R_NEWORIGIN, dns_rbtnodechain_current(), dns_rbtnodechain_first(), dns_rbtnodechain_init(), dns_rbtnodechain_next(), dns_rpz_detach_rpzs(), DNS_RPZ_ERROR_LEVEL, DNS_RPZ_ZBIT, fix_triggers(), dns_rpz_zones::have, INSIST, dns_rpz_cidr_node::ip, dns_rpz_addr_zbits::ip, isc_log_write(), ISC_R_NOMEMORY, ISC_R_NOMORE, ISC_R_NOTFOUND, ISC_R_SUCCESS, isc_result_totext(), ISC_TRUE, LOCK, dns_rpz_zones::maint_lock, name, dns_rpz_nm_zbits::ns, dns_rpz_addr_zbits::nsip, dns_rpz_zones::num_zones, origin, dns_rpz_zones::p, dns_rpz_cidr_node::parent, dns_rpz_cidr_node::prefix, dns_rpz_nm_zbits::qname, dns_rpz_zones::rbt, search(), dns_rpz_zones::search_lock, dns_rpz_nm_data::set, dns_rpz_cidr_node::set, dns_rpz_zones::total_triggers, UNLOCK, and dns_rpz_nm_data::wild.
Referenced by rpz_ready().
| isc_result_t dns_rpz_add | ( | dns_rpz_zones_t * | rpzs, | |
| dns_rpz_num_t | rpz_num, | |||
| dns_name_t * | name | |||
| ) |
Definition at line 1677 of file rpz.c.
References add_cidr(), add_name(), DNS_RPZ_TYPE_BAD, DNS_RPZ_TYPE_CLIENT_IP, DNS_RPZ_TYPE_IP, DNS_RPZ_TYPE_NSDNAME, DNS_RPZ_TYPE_NSIP, DNS_RPZ_TYPE_QNAME, ISC_R_FAILURE, LOCK, dns_rpz_zones::maint_lock, dns_rpz_zones::num_zones, REQUIRE, dns_rpz_zones::search_lock, type_from_name(), UNLOCK, and dns_rpz_zones::zones.
Referenced by findnodeintree(), and loadnode().
| void dns_rpz_delete | ( | dns_rpz_zones_t * | rpzs, | |
| dns_rpz_num_t | rpz_num, | |||
| dns_name_t * | name | |||
| ) |
Definition at line 1884 of file rpz.c.
References del_cidr(), del_name(), DNS_RPZ_TYPE_BAD, DNS_RPZ_TYPE_CLIENT_IP, DNS_RPZ_TYPE_IP, DNS_RPZ_TYPE_NSDNAME, DNS_RPZ_TYPE_NSIP, DNS_RPZ_TYPE_QNAME, LOCK, dns_rpz_zones::maint_lock, dns_rpz_zones::num_zones, REQUIRE, dns_rpz_zones::search_lock, type_from_name(), UNLOCK, and dns_rpz_zones::zones.
Referenced by delete_node(), and loadnode().
| dns_rpz_num_t dns_rpz_find_ip | ( | dns_rpz_zones_t * | rpzs, | |
| dns_rpz_type_t | rpz_type, | |||
| dns_rpz_zbits_t | zbits, | |||
| const isc_netaddr_t * | netaddr, | |||
| dns_name_t * | ip_name, | |||
| dns_rpz_prefix_t * | prefixp | |||
| ) |
Definition at line 1925 of file rpz.c.
References ADDR_V4MAPPED, AF_INET6, dns_rpz_addr_zbits::client_ip, dns_rpz_zones::client_ipv4, dns_rpz_zones::client_ipv6, dns_lctx, DNS_LOGCATEGORY_RPZ, DNS_LOGMODULE_RBTDB, dns_rootname, DNS_RPZ_ERROR_LEVEL, DNS_RPZ_INVALID_NUM, DNS_RPZ_TYPE_CLIENT_IP, DNS_RPZ_TYPE_IP, DNS_RPZ_TYPE_NSIP, isc_netaddr::family, dns_rpz_zones::have, isc_netaddr::in, isc_netaddr::in6, INSIST, dns_rpz_cidr_node::ip, dns_rpz_addr_zbits::ip, ip2name(), dns_rpz_zones::ipv4, dns_rpz_zones::ipv6, ISC_FALSE, isc_log_write(), ISC_R_NOTFOUND, ISC_R_SUCCESS, isc_result_totext(), LOCK, make_addr_set(), dns_rpz_addr_zbits::nsip, dns_rpz_zones::nsipv4, dns_rpz_zones::nsipv6, dns_rpz_cidr_node::prefix, search(), dns_rpz_zones::search_lock, dns_rpz_cidr_node::set, isc_netaddr::type, UNLOCK, dns_rpz_cidr_key_t::w, and zbit_to_num().
Referenced by rpz_rewrite_ip().
| dns_rpz_zbits_t dns_rpz_find_name | ( | dns_rpz_zones_t * | rpzs, | |
| dns_rpz_type_t | rpz_type, | |||
| dns_rpz_zbits_t | zbits, | |||
| dns_name_t * | trig_name | |||
| ) |
Definition at line 2041 of file rpz.c.
References dns_rbtnode::data, dns_lctx, DNS_LOGCATEGORY_RPZ, DNS_LOGMODULE_RBTDB, dns_name_format(), DNS_NAME_FORMATSIZE, DNS_R_PARTIALMATCH, dns_rbt_findnode(), DNS_RBTFIND_EMPTYDATA, DNS_RPZ_ERROR_LEVEL, DNS_RPZ_TYPE_QNAME, isc_log_write(), ISC_R_NOTFOUND, ISC_R_SUCCESS, isc_result_totext(), LOCK, namebuf, dns_rpz_nm_zbits::ns, dns_rbtnode::parent, dns_rpz_nm_zbits::qname, dns_rpz_zones::rbt, dns_rpz_zones::search_lock, dns_rpz_nm_data::set, UNLOCK, and dns_rpz_nm_data::wild.
Referenced by rpz_rewrite_name().