Commit 9e88cf88 authored by Grigorii Demidov's avatar Grigorii Demidov

modules/policy: QTRACE policy was added (answers logging)

parent 58f39afd
......@@ -152,7 +152,7 @@ struct kr_context {
struct kr_zonecut root_hints;
char _stub[];
};
struct query_flag {static const int NO_MINIMIZE = 1; static const int NO_THROTTLE = 2; static const int NO_IPV6 = 4; static const int NO_IPV4 = 8; static const int TCP = 16; static const int RESOLVED = 32; static const int AWAIT_IPV4 = 64; static const int AWAIT_IPV6 = 128; static const int AWAIT_CUT = 256; static const int SAFEMODE = 512; static const int CACHED = 1024; static const int NO_CACHE = 2048; static const int EXPIRING = 4096; static const int ALLOW_LOCAL = 8192; static const int DNSSEC_WANT = 16384; static const int DNSSEC_BOGUS = 32768; static const int DNSSEC_INSECURE = 65536; static const int STUB = 131072; static const int ALWAYS_CUT = 262144; static const int DNSSEC_WEXPAND = 524288; static const int PERMISSIVE = 1048576; static const int STRICT = 2097152; static const int BADCOOKIE_AGAIN = 4194304; static const int CNAME = 8388608; static const int REORDER_RR = 16777216;};
struct query_flag {static const int NO_MINIMIZE = 1; static const int NO_THROTTLE = 2; static const int NO_IPV6 = 4; static const int NO_IPV4 = 8; static const int TCP = 16; static const int RESOLVED = 32; static const int AWAIT_IPV4 = 64; static const int AWAIT_IPV6 = 128; static const int AWAIT_CUT = 256; static const int SAFEMODE = 512; static const int CACHED = 1024; static const int NO_CACHE = 2048; static const int EXPIRING = 4096; static const int ALLOW_LOCAL = 8192; static const int DNSSEC_WANT = 16384; static const int DNSSEC_BOGUS = 32768; static const int DNSSEC_INSECURE = 65536; static const int STUB = 131072; static const int ALWAYS_CUT = 262144; static const int DNSSEC_WEXPAND = 524288; static const int PERMISSIVE = 1048576; static const int STRICT = 2097152; static const int BADCOOKIE_AGAIN = 4194304; static const int CNAME = 8388608; static const int REORDER_RR = 16777216; static const int TRACE = 33554432;};
int knot_dname_size(const knot_dname_t *);
knot_dname_t *knot_dname_from_str(uint8_t *, const char *, size_t);
char *knot_dname_to_str(char *, const knot_dname_t *, size_t);
......
......@@ -751,7 +751,15 @@ static int resolve(kr_layer_t *ctx, knot_pkt_t *pkt)
assert(pkt && ctx);
struct kr_request *req = ctx->req;
struct kr_query *query = req->current_query;
if (!query || (query->flags & (QUERY_RESOLVED|QUERY_BADCOOKIE_AGAIN))) {
if (!query) {
return ctx->state;
}
if (query->flags & QUERY_TRACE) {
kr_pkt_print(pkt);
}
if (query->flags & (QUERY_RESOLVED|QUERY_BADCOOKIE_AGAIN)) {
return ctx->state;
}
......
......@@ -50,7 +50,8 @@
X(STRICT, 1 << 21) /**< Strict resolver mode. */ \
X(BADCOOKIE_AGAIN, 1 << 22) /**< Query again because bad cookie returned. */ \
X(CNAME, 1 << 23) /**< Query response contains CNAME in answer section. */ \
X(REORDER_RR, 1 << 24) /**< Reorder cached RRs. */
X(REORDER_RR, 1 << 24) /**< Reorder cached RRs. */ \
X(TRACE, 1 << 25) /**< Log answer with kr_verbose_log(). */
/* 1 << 31 Used by ../modules/dns64/dns64.lua */
/** Query flags */
......
......@@ -508,7 +508,7 @@ char *kr_module_call(struct kr_context *ctx, const char *module, const char *pro
#ifndef NDEBUG
void kr_rrset_print(const knot_rrset_t *rr)
void kr_rrset_print(const knot_rrset_t *rr, const char *prefix)
{
#if KNOT_VERSION_HEX < ((2 << 16) | (4 << 8))
char rrtext[KNOT_DNAME_MAXLEN * 2] = {0};
......@@ -523,55 +523,75 @@ void kr_rrset_print(const knot_rrset_t *rr)
#endif
}
static void flags_to_str(char *dst, const knot_pkt_t *pkt, size_t maxlen)
{
int offset = 0;
int ret = 0;
struct {
uint8_t (*get) (const uint8_t *packet);
char name[3];
} flag[7] = {
{knot_wire_get_aa, "AA"},
{knot_wire_get_rd, "RD"},
{knot_wire_get_tc, "TC"},
{knot_wire_get_qr, "QR"},
{knot_wire_get_cd, "CD"},
{knot_wire_get_ad, "AD"},
{knot_wire_get_ra, "RA"}
};
for (int i = 0; i < 7; ++i) {
if (!flag[i].get(pkt->wire)) {
continue;
}
ret = snprintf(dst + offset, maxlen, "%s ", flag[i].name);
if (ret <= 0 || ret >= maxlen) {
dst[0] = 0;
return;
}
offset += ret;
maxlen -= offset;
}
dst[offset] = 0;
}
void kr_pkt_print(knot_pkt_t *pkt)
{
char snames[3][11] = {"ANSWER","AUTHORITY","ADDITIONAL"};
char rrtype[32];
char flags[32];
char qname[KNOT_DNAME_MAXLEN];
uint8_t pkt_rcode = knot_wire_get_rcode(pkt->wire);
const knot_lookup_t *rcode = NULL;
rcode = knot_lookup_by_id(knot_rcode_names, pkt_rcode);
printf("RCODE: %s FLAGS: ", rcode != NULL ? rcode->name : "unknown");
if (knot_wire_get_aa(pkt->wire))
printf("AA ");
if (knot_wire_get_rd(pkt->wire))
printf("RD ");
if (knot_wire_get_tc(pkt->wire))
printf("TC ");
if (knot_wire_get_qr(pkt->wire))
printf("QR ");
if (knot_wire_get_cd(pkt->wire))
printf("CD ");
if (knot_wire_get_ad(pkt->wire))
printf("AD ");
if (knot_wire_get_ra(pkt->wire))
printf("RA ");
printf("\n");
flags_to_str(flags, pkt, sizeof(flags));
knot_dname_to_str(qname, knot_pkt_qname(pkt), KNOT_DNAME_MAXLEN);
knot_rrtype_to_string(knot_pkt_qtype(pkt), rrtype, sizeof(rrtype));
printf("QUESTION\n%s\t\t%s\n", qname, rrtype);
kr_log_verbose("\n>>>>>>>>\n RCODE: %s FLAGS: %s\n",
rcode != NULL ? rcode->name : "unknown", flags);
kr_log_verbose("QUESTION\n%s\t\t%s\n", qname, rrtype);
for (knot_section_t i = KNOT_ANSWER; i <= KNOT_ADDITIONAL; ++i) {
const knot_pktsection_t *sec = knot_pkt_section(pkt, i);
printf("%s\n", snames[i - KNOT_ANSWER]);
kr_log_verbose("%s\n", snames[i - KNOT_ANSWER]);
for (unsigned k = 0; k < sec->count; ++k) {
const knot_rrset_t *rr = knot_pkt_rr(sec, k);
kr_rrset_print(rr);
kr_rrset_print(rr, "");
}
}
kr_log_verbose("<<<<<<<<\n\n");
}
void kr_dname_print(const knot_dname_t *name, const char *prefix, const char *postfix)
{
char str[KNOT_DNAME_MAXLEN];
knot_dname_to_str(str, name, KNOT_DNAME_MAXLEN);
printf ("%s%s%s", prefix, str, postfix);
kr_log_verbose ("%s%s%s", prefix, str, postfix);
}
void kr_rrtype_print(const uint16_t rrtype, const char *prefix, const char *postfix)
{
char str[32];
knot_rrtype_to_string(rrtype, str, 32);
printf ("%s%s%s", prefix, str, postfix);
kr_log_verbose ("%s%s%s", prefix, str, postfix);
}
#endif /* !NDEBUG */
......
......@@ -193,7 +193,7 @@ int kr_ranked_rrarray_add(ranked_rr_array_t *array, const knot_rrset_t *rr,
int kr_ranked_rrarray_set_wire(ranked_rr_array_t *array, bool to_wire, uint32_t qry_uid);
#ifndef NDEBUG /* These might be useful (again) during debugging. */
void kr_rrset_print(const knot_rrset_t *rr);
void kr_rrset_print(const knot_rrset_t *rr, const char *prefix);
void kr_pkt_print(knot_pkt_t *pkt);
void kr_dname_print(const knot_dname_t *name, const char *prefix, const char *postfix);
void kr_rrtype_print(const uint16_t rrtype, const char *prefix, const char *postfix);
......
......@@ -93,7 +93,7 @@ end
local policy = {
-- Policies
PASS = 1, DENY = 2, DROP = 3, TC = 4, FORWARD = forward, REROUTE = reroute, MIRROR = mirror,
PASS = 1, DENY = 2, DROP = 3, TC = 4, QTRACE = 5, FORWARD = forward, REROUTE = reroute, MIRROR = mirror,
-- Special values
ANY = 0,
}
......@@ -228,6 +228,8 @@ function policy.enforce(state, req, action)
answer:tc(1) -- ^ Only UDP queries
return kres.DONE
end
elseif action == policy.QTRACE then
req.options = bit.band(bit.bor(req.options, kres.query.TRACE))
elseif type(action) == 'function' then
return action(state, req)
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment