Lines Matching defs:rpz
2 * services/rpz.c - rpz service
43 #include "services/rpz.h"
71 case RPZ_NXDOMAIN_ACTION: return "rpz-nxdomain";
72 case RPZ_NODATA_ACTION: return "rpz-nodata";
73 case RPZ_PASSTHRU_ACTION: return "rpz-passthru";
74 case RPZ_DROP_ACTION: return "rpz-drop";
75 case RPZ_TCP_ONLY_ACTION: return "rpz-tcp-only";
76 case RPZ_INVALID_ACTION: return "rpz-invalid";
77 case RPZ_LOCAL_DATA_ACTION: return "rpz-local-data";
78 case RPZ_DISABLED_ACTION: return "rpz-disabled";
79 case RPZ_CNAME_OVERRIDE_ACTION: return "rpz-cname-override";
80 case RPZ_NO_OVERRIDE_ACTION: return "rpz-no-override";
81 default: return "rpz-unknown-action";
104 case RPZ_QNAME_TRIGGER: return "rpz-qname";
105 case RPZ_CLIENT_IP_TRIGGER: return "rpz-client-ip";
106 case RPZ_RESPONSE_IP_TRIGGER: return "rpz-response-ip";
107 case RPZ_NSDNAME_TRIGGER: return "rpz-nsdname";
108 case RPZ_NSIP_TRIGGER: return "rpz-nsip";
109 case RPZ_INVALID_TRIGGER: return "rpz-invalid";
110 default: return "rpz-unknown-trigger";
219 (uint8_t*)&"\014rpz-passthru\000"))
221 else if(dname_subdomain_c(rdata, (uint8_t*)&"\010rpz-drop\000"))
224 (uint8_t*)&"\014rpz-tcp-only\000"))
228 /* all other TLDs starting with "rpz-" are invalid */
230 if(tldlab && dname_lab_startswith(tldlab, "rpz-", &endptr))
327 if(!tldlab || !dname_lab_startswith(tldlab, "rpz-", &endptr))
331 (uint8_t*)&"\015rpz-client-ip\000"))
333 else if(dname_subdomain_c(tldlab, (uint8_t*)&"\006rpz-ip\000"))
335 else if(dname_subdomain_c(tldlab, (uint8_t*)&"\013rpz-nsdname\000"))
337 else if(dname_subdomain_c(tldlab, (uint8_t*)&"\010rpz-nsip\000"))
383 rpz_delete(struct rpz* r)
399 rpz_clear(struct rpz* r)
432 rpz_finish_config(struct rpz* r)
495 delete_cname_override(struct rpz* r)
504 /** Apply rpz config elements to the rpz structure, false on failure. */
506 rpz_apply_cfg_elements(struct rpz* r, struct config_auth* p)
528 log_err("rpz: override with cname action found, but no "
529 "rpz-cname-override configured");
534 log_err("rpz: cannot parse cname override: %s",
554 struct rpz*
557 struct rpz* r = calloc(1, sizeof(*r));
614 rpz_config(struct rpz* r, struct config_auth* p)
682 verbose(VERB_ALGO, "rpz: qname trigger, %s skipping unsupported action: %s",
694 log_err("malloc error while inserting rpz nsdname trigger");
701 verbose(VERB_ALGO, "rpz: skipping duplicate record: '%s'", rrstr);
712 log_warn("rpz: create failed");
722 log_err("malloc error while inserting rpz nsdname trigger");
745 verbose(VERB_ALGO, "rpz: %s: <%s>", msg, buf);
749 rpz_insert_qname_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen,
754 verbose(VERB_ALGO, "rpz: skipping invalid action");
778 log_err("malloc failure for rpz strip suffix");
793 log_err("malloc failure for rpz strip suffix");
800 rpz_insert_nsdname_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen,
810 verbose(VERB_ALGO, "rpz: skipping invalid action");
834 log_err("malloc error while inserting rpz ipaddr based trigger");
884 log_warn("rpz: unexpected: unable to insert clientip address node");
897 log_err("malloc error while inserting rpz clientip based record");
900 log_err("rpz: unexpected: unable to insert %s: %s", msg, rrstr);
988 verbose(VERB_ALGO, "rpz: unable to insert clientip rr");
1001 rpz_insert_clientip_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen,
1014 verbose(VERB_ALGO, "rpz: unable to parse client ip");
1023 rpz_insert_nsip_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen,
1036 verbose(VERB_ALGO, "rpz: unable to parse ns ip");
1046 rpz_insert_response_ip_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen,
1059 verbose(VERB_ALGO, "rpz: unable to parse response ip");
1067 verbose(VERB_ALGO, "rpz: respip trigger, %s skipping unsupported action: %s",
1077 rpz_insert_rr(struct rpz* r, uint8_t* azname, size_t aznamelen, uint8_t* dname,
1088 /* this rpz action is not valid, eg. this is the SOA or NS RR */
1095 log_err("rpz: name of record (%s) to insert into RPZ is not a "
1099 log_err("rpz: name of record to insert into RPZ is not a "
1122 verbose(VERB_ALGO, "rpz: skipping invalid trigger");
1152 verbose(VERB_ALGO, "rpz: skipping unsupported trigger: %s",
1358 /** Remove RR from rpz localzones structure */
1369 verbose(VERB_ALGO, "rpz: cannot remove RR from IXFR, "
1390 rpz_remove_qname_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen,
1399 rpz_remove_response_ip_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen,
1414 verbose(VERB_ALGO, "rpz: cannot remove RR from IXFR, "
1492 verbose(VERB_ALGO, "rpz: cannot remove RR from IXFR, "
1518 rpz_remove_clientip_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen,
1534 rpz_remove_nsip_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen,
1550 rpz_remove_nsdname_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen,
1567 rpz_remove_rr(struct rpz* r, uint8_t* azname, size_t aznamelen, uint8_t* dname,
1577 /* this rpz action is not valid, eg. this is the SOA or NS RR */
1628 * The dname is used, for the applied rpz, if NULL, addrnode is used.
1660 snprintf(txt, sizeof(txt), "rpz: applied %s%s%s%s%s%s %s %s%s",
1688 verbose(VERB_ALGO, "rpz: trigger %s %s/%d on %s action=%s",
1703 struct local_zone** z_out, struct auth_zone** a_out, struct rpz** r_out)
1707 struct rpz* r = NULL;
1714 r = a->rpz;
1856 verbose(VERB_ALGO, "rpz: bug: local-data action but no local data");
1863 verbose(VERB_ALGO, "rpz: unable to find local-data for query");
1870 verbose(VERB_ALGO, "rpz: local data action: out of memory");
1885 verbose(VERB_ALGO, "rpz: local data action soa: out of memory");
1898 rpz_apply_cname_override_action(struct rpz* r,
1960 rpz_synthesize_nodata(struct rpz* ATTR_UNUSED(r), struct module_qstate* ms,
1986 rpz_synthesize_nxdomain(struct rpz* r, struct module_qstate* ms,
2016 rpz_synthesize_localdata_from_rrset(struct rpz* ATTR_UNUSED(r), struct module_qstate* ms,
2052 /* this rrset is from the rpz data, or synthesized.
2069 rpz_synthesize_nsip_localdata(struct rpz* r, struct module_qstate* ms,
2077 verbose(VERB_ALGO, "rpz: nsip: no matching local data found");
2103 rpz_synthesize_nsdname_localdata(struct rpz* r, struct module_qstate* ms,
2122 verbose(VERB_ALGO, "rpz: nsdname: impossible: qname not found");
2128 verbose(VERB_ALGO, "rpz: nsdname: no matching local data found");
2137 rpz_synthesize_qname_localdata_msg(struct rpz* r, struct module_qstate* ms,
2149 verbose(VERB_ALGO, "rpz: qname: name not found");
2154 verbose(VERB_ALGO, "rpz: qname: type not found");
2162 rpz_synthesize_cname_override_msg(struct rpz* r, struct module_qstate* ms,
2198 /* this rrset is from the rpz data, or synthesized.
2214 rpz_synthesize_qname_localdata(struct module_env* env, struct rpz* r,
2258 rpz_delegation_point_ipbased_trigger_lookup(struct rpz* rpz, struct iter_qstate* is)
2267 action = rpz_ipbased_trigger_lookup(rpz->ns_set, &cursor->addr,
2276 struct rpz* r, struct clientip_synthesized_rr* raddr,
2283 verbose(VERB_ALGO, "rpz: using override action=%s (replaces=%s)",
2289 verbose(VERB_ALGO, "rpz: bug: nsip local data action but no local data");
2323 verbose(VERB_ALGO, "rpz: nsip: bug: unhandled or invalid action: '%s'",
2340 struct rpz* r, struct local_zone* z,
2347 verbose(VERB_ALGO, "rpz: using override action=%s (replaces=%s)",
2381 verbose(VERB_ALGO, "rpz: nsdname: bug: unhandled or invalid action: '%s'",
2404 /* the rpz specs match the nameserver names (NS records), not the
2419 verbose(VERB_ALGO, "rpz: trigger nsdname %s on %s action=%s",
2422 verbose(VERB_ALGO, "rpz: trigger nsdname %s action=%s",
2438 struct rpz* r = NULL;
2452 verbose(VERB_ALGO, "rpz: iterator module callback: have_rpz=%d", az->rpz_first != NULL);
2463 r = a->rpz;
2511 struct rpz* r = NULL;
2528 r = a->rpz;
2573 verbose(VERB_ALGO, "rpz: qname trigger %s on %s, with action=%s",
2576 verbose(VERB_ALGO, "rpz: qname trigger %s, with action=%s",
2605 verbose(VERB_ALGO, "rpz: qname trigger: bug: unhandled or invalid action: '%s'",
2624 struct local_zone** z_out, struct auth_zone** a_out, struct rpz** r_out,
2703 struct rpz* r = NULL;
2746 verbose(VERB_ALGO, "rpz: qname trigger %s on %s with action=%s",
2749 verbose(VERB_ALGO, "rpz: qname trigger %s with action=%s",
2762 void rpz_enable(struct rpz* r)
2769 void rpz_disable(struct rpz* r)