Commit 81c4fd8f authored by Vladimír Čunát's avatar Vladimír Čunát

policy.DENY: set AA flag and clear AD flag

I see no sane way to set the flags from lua, so I made a C function.
parent 910b2cde
......@@ -188,6 +188,7 @@ int kr_rplan_pop(struct kr_rplan *, struct kr_query *);
struct kr_query *kr_rplan_resolved(struct kr_rplan *);
int kr_nsrep_set(struct kr_query *, size_t, const struct sockaddr *);
unsigned int kr_rand_uint(unsigned int);
void kr_pkt_make_auth_header(knot_pkt_t *);
int kr_pkt_put(knot_pkt_t *, const knot_dname_t *, uint32_t, uint16_t, uint16_t, const uint8_t *, uint16_t);
int kr_pkt_recycle(knot_pkt_t *);
const char *kr_inaddr(const struct sockaddr *);
......
......@@ -105,6 +105,7 @@ EOF
kr_nsrep_set
# Utils
kr_rand_uint
kr_pkt_make_auth_header
kr_pkt_put
kr_pkt_recycle
kr_inaddr
......
......@@ -245,6 +245,13 @@ int kr_pkt_put(knot_pkt_t *pkt, const knot_dname_t *name, uint32_t ttl,
return knot_pkt_put(pkt, 0, &rr, KNOT_PF_FREE);
}
void kr_pkt_make_auth_header(knot_pkt_t *pkt)
{
assert(pkt && pkt->wire);
knot_wire_clear_ad(pkt->wire);
knot_wire_set_aa(pkt->wire);
}
const char *kr_inaddr(const struct sockaddr *addr)
{
if (!addr) {
......
......@@ -137,6 +137,10 @@ KR_EXPORT
int kr_pkt_put(knot_pkt_t *pkt, const knot_dname_t *name, uint32_t ttl,
uint16_t rclass, uint16_t rtype, const uint8_t *rdata, uint16_t rdlen);
/** Set packet header suitable for authoritative answer. (for policy module) */
KR_EXPORT
void kr_pkt_make_auth_header(knot_pkt_t *pkt);
/** Simple storage for IPx address or AF_UNSPEC. */
union inaddr {
struct sockaddr ip;
......
......@@ -232,6 +232,7 @@ function policy.enforce(state, req, action)
if action == policy.DENY then
-- Write authority information
local answer = req.answer
ffi.C.kr_pkt_make_auth_header(answer)
answer:rcode(kres.rcode.NXDOMAIN)
answer:begin(kres.section.AUTHORITY)
answer:put('\7blocked', 900, answer:qclass(), kres.type.SOA,
......@@ -315,7 +316,8 @@ function policy.todnames(names)
return names
end
-- RFC1918 Private, local, broadcast, test and special zones
-- RFC1918 Private, local, broadcast, test and special zones
-- Considerations: RFC6761, sec 6.1.
local private_zones = {
'10.in-addr.arpa.',
'16.172.in-addr.arpa.',
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment