rpz.h File Reference

This file contains functions to enable RPZ service. More...

#include "services/localzone.h"
#include "util/locks.h"
#include "util/log.h"
#include "util/config_file.h"
#include "services/authzone.h"
#include "sldns/sbuffer.h"
#include "daemon/stats.h"
#include "respip/respip.h"

Data Structures
struct	clientip_synthesized_rrset
struct	clientip_synthesized_rr
struct	rpz
	RPZ containing policies. More...

Enumerations
enum	rpz_trigger {   RPZ_QNAME_TRIGGER = 0 , RPZ_CLIENT_IP_TRIGGER , RPZ_RESPONSE_IP_TRIGGER , RPZ_NSDNAME_TRIGGER ,   RPZ_NSIP_TRIGGER , RPZ_INVALID_TRIGGER }
	RPZ triggers, only the QNAME trigger is currently supported in Unbound.
enum	rpz_action {   RPZ_NXDOMAIN_ACTION = 0 , RPZ_NODATA_ACTION , RPZ_PASSTHRU_ACTION , RPZ_DROP_ACTION ,   RPZ_TCP_ONLY_ACTION , RPZ_INVALID_ACTION , RPZ_LOCAL_DATA_ACTION , RPZ_DISABLED_ACTION ,   RPZ_NO_OVERRIDE_ACTION , RPZ_CNAME_OVERRIDE_ACTION }
	RPZ actions.

Functions
int	rpz_insert_rr (struct rpz *r, uint8_t *azname, size_t aznamelen, uint8_t *dname, size_t dnamelen, uint16_t rr_type, uint16_t rr_class, uint32_t rr_ttl, uint8_t *rdatawl, size_t rdatalen, uint8_t *rr, size_t rr_len)
	Create policy from RR and add to this RPZ. More...
void	rpz_remove_rr (struct rpz *r, uint8_t *azname, size_t aznamelen, uint8_t *dname, size_t dnamelen, uint16_t rr_type, uint16_t rr_class, uint8_t *rdatawl, size_t rdatalen)
	Delete policy matching RR, used for IXFR. More...
int	rpz_callback_from_worker_request (struct auth_zones *az, struct module_env *env, struct query_info *qinfo, struct edns_data *edns, sldns_buffer *buf, struct regional *temp, struct comm_reply *repinfo, uint8_t *taglist, size_t taglen, struct ub_server_stats *stats, int *passthru)
	Walk over the RPZ zones to find and apply a QNAME trigger policy. More...
struct dns_msg *	rpz_callback_from_iterator_module (struct module_qstate *qstate, struct iter_qstate *iq)
	Callback to process when the iterator module is about to send queries. More...
struct dns_msg *	rpz_callback_from_iterator_cname (struct module_qstate *qstate, struct iter_qstate *iq)
	Callback to process when the iterator module has followed a cname. More...
void	rpz_delete (struct rpz *r)
	Delete RPZ. More...
int	rpz_clear (struct rpz *r)
	Clear local-zones and respip data in RPZ, used after reloading file or AXFR/HTTP transfer. More...
struct rpz *	rpz_create (struct config_auth *p)
	Create RPZ. More...
const char *	rpz_action_to_string (enum rpz_action a)
	String for RPZ action enum. More...
enum rpz_action	respip_action_to_rpz_action (enum respip_action a)
void	rpz_finish_config (struct rpz *r)
	Prepare RPZ after processing feed content. More...
enum respip_action	rpz_action_to_respip_action (enum rpz_action a)
	Classify respip action for RPZ action. More...
void	rpz_enable (struct rpz *r)
	Enable RPZ. More...
void	rpz_disable (struct rpz *r)
	Disable RPZ. More...

Detailed Description

This file contains functions to enable RPZ service.

Function Documentation

rpz_insert_rr()

int rpz_insert_rr	(	struct rpz *	r,
		uint8_t *	azname,
		size_t	aznamelen,
		uint8_t *	dname,
		size_t	dnamelen,
		uint16_t	rr_type,
		uint16_t	rr_class,
		uint32_t	rr_ttl,
		uint8_t *	rdatawl,
		size_t	rdatalen,
		uint8_t *	rr,
		size_t	rr_len
	)

Create policy from RR and add to this RPZ.

Parameters

r	the rpz to add the policy to.
azname	dname of the auth-zone
aznamelen	the length of the auth-zone name
dname	dname of the RR
dnamelen	length of the dname
rr_type	RR type of the RR
rr_class	RR class of the RR
rr_ttl	TTL of the RR
rdatawl	rdata of the RR, prepended with the rdata size
rdatalen	length if the RR, including the prepended rdata size
rr	the complete RR, for logging purposes
rr_len	the length of the complete RR

Returns

: 0 on error

References dname_str(), dname_subdomain_c(), log_assert, log_err(), rpz_dname_to_trigger(), rpz_rr_to_action(), rpz_type_ignored(), sldns_wire2str_dname(), and strip_dname_origin().

Referenced by az_insert_rr().

rpz_remove_rr()

void rpz_remove_rr	(	struct rpz *	r,
		uint8_t *	azname,
		size_t	aznamelen,
		uint8_t *	dname,
		size_t	dnamelen,
		uint16_t	rr_type,
		uint16_t	rr_class,
		uint8_t *	rdatawl,
		size_t	rdatalen
	)

Delete policy matching RR, used for IXFR.

Parameters

r	the rpz to add the policy to.
azname	dname of the auth-zone
aznamelen	the length of the auth-zone name
dname	dname of the RR
dnamelen	length of the dname
rr_type	RR type of the RR
rr_class	RR class of the RR
rdatawl	rdata of the RR, prepended with the rdata size
rdatalen	length if the RR, including the prepended rdata size

References dname_subdomain_c(), LDNS_MAX_DOMAINLEN, rpz_rr_to_action(), and rpz_type_ignored().

Referenced by az_remove_rr().

rpz_callback_from_worker_request()

int rpz_callback_from_worker_request	(	struct auth_zones *	az,
		struct module_env *	env,
		struct query_info *	qinfo,
		struct edns_data *	edns,
		sldns_buffer *	buf,
		struct regional *	temp,
		struct comm_reply *	repinfo,
		uint8_t *	taglist,
		size_t	taglen,
		struct ub_server_stats *	stats,
		int *	passthru
	)

Walk over the RPZ zones to find and apply a QNAME trigger policy.

Parameters

az	auth_zones struct, containing first RPZ item and RPZ lock
env	module env
qinfo	qinfo containing qname and qtype
edns	edns data
buf	buffer to write answer to
temp	scratchpad
repinfo	reply info
taglist	taglist to lookup.
taglen	length of taglist.
stats	worker stats struct
passthru	returns if the query can passthru further rpz processing.

Returns

: 1 if client answer is ready, 0 to continue resolving

rpz_callback_from_iterator_module()

struct dns_msg* rpz_callback_from_iterator_module	(	struct module_qstate *	qstate,
		struct iter_qstate *	iq
	)

Callback to process when the iterator module is about to send queries.

Checks for nsip and nsdname triggers.

Parameters

qstate	the query state.
iq	iterator module query state.

Returns

NULL if nothing is done. Or a new message with the contents from the rpz, based on the delegation point. It is allocated in the qstate region.

References module_env::auth_zones, module_qstate::env, auth_zone::lock, match(), auth_zone::rpz, auth_zone::rpz_az_next, auth_zones::rpz_first, auth_zones::rpz_lock, module_qstate::rpz_passthru, VERB_ALGO, and verbose().

rpz_callback_from_iterator_cname()

struct dns_msg* rpz_callback_from_iterator_cname	(	struct module_qstate *	qstate,
		struct iter_qstate *	iq
	)

Callback to process when the iterator module has followed a cname.

There can be a qname trigger for the new query name.

Parameters

qstate	the query state.
iq	iterator module query state.

Returns

NULL if nothing is done. Or a new message with the contents from the rpz, based on the iq.qchase. It is allocated in the qstate region.

References module_env::auth_zones, module_qstate::env, auth_zone::lock, iter_qstate::qchase, query_info::qclass, query_info::qname, query_info::qname_len, auth_zone::rpz, auth_zone::rpz_az_next, rpz_find_zone(), auth_zones::rpz_first, auth_zones::rpz_lock, module_qstate::rpz_passthru, VERB_ALGO, and verbose().

rpz_delete()

void rpz_delete

(

struct rpz *

r

)

Delete RPZ.

Parameters

r	RPZ struct to delete

References local_zones_delete(), and respip_set_delete().

Referenced by auth_zone_delete().

rpz_clear()

int rpz_clear

(

struct rpz *

r

)

Clear local-zones and respip data in RPZ, used after reloading file or AXFR/HTTP transfer.

Parameters

r	RPZ to use

References local_zones_delete(), and respip_set_delete().

Referenced by apply_axfr(), apply_http(), and auth_zone_read_zonefile().

rpz_create()

struct rpz* rpz_create

(

struct config_auth *

p

)

Create RPZ.

RPZ must be added to linked list after creation.

Returns

: the newly created RPZ

References local_zones_create(), regional_create_custom(), and respip_set_create().

Referenced by auth_zones_cfg().

rpz_action_to_string()

const char* rpz_action_to_string

(

enum rpz_action

a

)

String for RPZ action enum.

Parameters

a	RPZ action to get string for

Returns

: string for RPZ action

String for RPZ action enum.

Referenced by log_rpz_apply(), and respip_inform_print().

rpz_finish_config()

void rpz_finish_config

(

struct rpz *

r

)

Prepare RPZ after processing feed content.

Parameters

r	RPZ to use

References addr_tree_init_parents(), and clientip_synthesized_rrset::lock.

Referenced by auth_zone_read_zonefile(), and xfr_process_chunk_list().

rpz_action_to_respip_action()

enum respip_action rpz_action_to_respip_action

(

enum rpz_action

a

)

Classify respip action for RPZ action.

Parameters

a	RPZ action

Returns

: the respip action

References LDNS_RR_TYPE_DNAME, LDNS_RR_TYPE_NS, and LDNS_RR_TYPE_SOA.

rpz_enable()

void rpz_enable

(

struct rpz *

r

)

Enable RPZ.

Parameters

r	RPZ struct to enable

Referenced by do_rpz_enable_disable().

rpz_disable()

void rpz_disable

(

struct rpz *

r

)

Disable RPZ.

Parameters

r	RPZ struct to disable

Referenced by do_rpz_enable_disable().