mirror of
https://github.com/isc-projects/bind9.git
synced 2026-06-10 21:29:59 -04:00
filter-aaaa can be used as zone or view plugin
Update the filter-aaaa system test so the two authoritative zones in ns4 both configure filter-aaaa as a zone plugin. In order to work in both contexts, the plugin must register both the `NS_QUERY_QCTX_INITIALIZED` and `NS_QUERY_AUTHZONE_ATTACHED` hooks. When the plugin is configured at the zone level in an authoritative server, `NS_QUERY_QCTX_INITIALIZED` is skipped, because no zone will have been looked up by the time it is called. When the zone is found, calling `NS_QUERY_AUTHZONE_ATTACHED` will allow the same initialization to occur.
This commit is contained in:
Colin Vidal
parent
1566634fae
commit
e8156b394e
3 changed files with 60 additions and 16 deletions
|
|
@ -105,7 +105,7 @@ typedef struct filter_instance {
|
|||
* Forward declarations of functions referenced in install_hooks().
|
||||
*/
|
||||
static ns_hookresult_t
|
||||
filter_qctx_initialize(void *arg, void *cbdata, isc_result_t *resp);
|
||||
filter_initialize(void *arg, void *cbdata, isc_result_t *resp);
|
||||
static ns_hookresult_t
|
||||
filter_respond_begin(void *arg, void *cbdata, isc_result_t *resp);
|
||||
static ns_hookresult_t
|
||||
|
|
@ -127,7 +127,7 @@ static void
|
|||
install_hooks(ns_hooktable_t *hooktable, isc_mem_t *mctx,
|
||||
filter_instance_t *inst) {
|
||||
const ns_hook_t filter_init = {
|
||||
.action = filter_qctx_initialize,
|
||||
.action = filter_initialize,
|
||||
.action_data = inst,
|
||||
};
|
||||
|
||||
|
|
@ -157,6 +157,7 @@ install_hooks(ns_hooktable_t *hooktable, isc_mem_t *mctx,
|
|||
};
|
||||
|
||||
ns_hook_add(hooktable, mctx, NS_QUERY_QCTX_INITIALIZED, &filter_init);
|
||||
ns_hook_add(hooktable, mctx, NS_QUERY_AUTHZONE_ATTACHED, &filter_init);
|
||||
ns_hook_add(hooktable, mctx, NS_QUERY_RESPOND_BEGIN, &filter_respbegin);
|
||||
ns_hook_add(hooktable, mctx, NS_QUERY_RESPOND_ANY_FOUND,
|
||||
&filter_respanyfound);
|
||||
|
|
@ -620,9 +621,15 @@ process_section(const section_filter_t *filter) {
|
|||
* in a hash table keyed according to the client object; this enables us to
|
||||
* retrieve persistent data related to a client query for as long as the
|
||||
* object persists.
|
||||
*
|
||||
* Whether the plugin is registered at view level and the server makes authority
|
||||
* on zones, this can be called twice (once when the query context is
|
||||
* initialized, once when the authoritative zone is found). This is all fine:
|
||||
* the state will be initialized on the first call, and the function bails off
|
||||
* early on the second call (the state is already initialized).
|
||||
*/
|
||||
static ns_hookresult_t
|
||||
filter_qctx_initialize(void *arg, void *cbdata, isc_result_t *resp) {
|
||||
filter_initialize(void *arg, void *cbdata, isc_result_t *resp) {
|
||||
query_ctx_t *qctx = (query_ctx_t *)arg;
|
||||
filter_instance_t *inst = (filter_instance_t *)cbdata;
|
||||
filter_data_t *client_state;
|
||||
|
|
|
|||
|
|
@ -105,7 +105,7 @@ typedef struct filter_instance {
|
|||
* Forward declarations of functions referenced in install_hooks().
|
||||
*/
|
||||
static ns_hookresult_t
|
||||
filter_qctx_initialize(void *arg, void *cbdata, isc_result_t *resp);
|
||||
filter_initialize(void *arg, void *cbdata, isc_result_t *resp);
|
||||
static ns_hookresult_t
|
||||
filter_respond_begin(void *arg, void *cbdata, isc_result_t *resp);
|
||||
static ns_hookresult_t
|
||||
|
|
@ -127,7 +127,7 @@ static void
|
|||
install_hooks(ns_hooktable_t *hooktable, isc_mem_t *mctx,
|
||||
filter_instance_t *inst) {
|
||||
const ns_hook_t filter_init = {
|
||||
.action = filter_qctx_initialize,
|
||||
.action = filter_initialize,
|
||||
.action_data = inst,
|
||||
};
|
||||
|
||||
|
|
@ -157,6 +157,7 @@ install_hooks(ns_hooktable_t *hooktable, isc_mem_t *mctx,
|
|||
};
|
||||
|
||||
ns_hook_add(hooktable, mctx, NS_QUERY_QCTX_INITIALIZED, &filter_init);
|
||||
ns_hook_add(hooktable, mctx, NS_QUERY_AUTHZONE_ATTACHED, &filter_init);
|
||||
ns_hook_add(hooktable, mctx, NS_QUERY_RESPOND_BEGIN, &filter_respbegin);
|
||||
ns_hook_add(hooktable, mctx, NS_QUERY_RESPOND_ANY_FOUND,
|
||||
&filter_respanyfound);
|
||||
|
|
@ -624,9 +625,15 @@ process_section(const section_filter_t *filter) {
|
|||
* in a hash table keyed according to the client object; this enables us to
|
||||
* retrieve persistent data related to a client query for as long as the
|
||||
* object persists.
|
||||
*
|
||||
* Whether the plugin is registered at view level and the server makes authority
|
||||
* on zones, this can be called twice (once when the query context is
|
||||
* initialized, once when the authoritative zone is found). This is all fine:
|
||||
* the state will be initialized on the first call, and the function bails off
|
||||
* early on the second call (the state is already initialized).
|
||||
*/
|
||||
static ns_hookresult_t
|
||||
filter_qctx_initialize(void *arg, void *cbdata, isc_result_t *resp) {
|
||||
filter_initialize(void *arg, void *cbdata, isc_result_t *resp) {
|
||||
query_ctx_t *qctx = (query_ctx_t *)arg;
|
||||
filter_instance_t *inst = (filter_instance_t *)cbdata;
|
||||
filter_data_t *client_state;
|
||||
|
|
|
|||
|
|
@ -29,15 +29,15 @@ options {
|
|||
};
|
||||
|
||||
{% if family == "v6" %}
|
||||
plugin query "@TOP_BUILDDIR@/filter-@filtertype@.@DYLIB@" {
|
||||
filter-@filtertype@-on-v6 break-dnssec;
|
||||
filter-@filtertype@ { fd92:7065:b8e:ffff::4; };
|
||||
};
|
||||
plugin query "@TOP_BUILDDIR@/filter-@filtertype@.@DYLIB@" {
|
||||
filter-@filtertype@-on-v6 break-dnssec;
|
||||
filter-@filtertype@ { fd92:7065:b8e:ffff::4; };
|
||||
};
|
||||
{% else %}
|
||||
plugin query "@TOP_BUILDDIR@/filter-@filtertype@.@DYLIB@" {
|
||||
filter-@filtertype@-on-v4 break-dnssec;
|
||||
filter-@filtertype@ { 10.53.0.4; };
|
||||
};
|
||||
plugin query "@TOP_BUILDDIR@/filter-@filtertype@.@DYLIB@" {
|
||||
filter-@filtertype@-on-v4 break-dnssec;
|
||||
filter-@filtertype@ { 10.53.0.4; };
|
||||
};
|
||||
{% endif %}
|
||||
|
||||
key rndc_key {
|
||||
|
|
@ -50,5 +50,35 @@ controls {
|
|||
};
|
||||
|
||||
zone "." { type primary; file "root.db"; };
|
||||
zone "signed" { type primary; file "signed.db.signed"; };
|
||||
zone "unsigned" { type primary; file "unsigned.db"; };
|
||||
|
||||
zone "signed" {
|
||||
type primary;
|
||||
file "signed.db.signed";
|
||||
{% if family == "v6" %}
|
||||
plugin query "@TOP_BUILDDIR@/filter-@filtertype@.@DYLIB@" {
|
||||
filter-@filtertype@-on-v6 break-dnssec;
|
||||
filter-@filtertype@ { fd92:7065:b8e:ffff::4; };
|
||||
};
|
||||
{% else %}
|
||||
plugin query "@TOP_BUILDDIR@/filter-@filtertype@.@DYLIB@" {
|
||||
filter-@filtertype@-on-v4 break-dnssec;
|
||||
filter-@filtertype@ { 10.53.0.4; };
|
||||
};
|
||||
{% endif %}
|
||||
};
|
||||
|
||||
zone "unsigned" {
|
||||
type primary;
|
||||
file "unsigned.db";
|
||||
{% if family == "v6" %}
|
||||
plugin query "@TOP_BUILDDIR@/filter-@filtertype@.@DYLIB@" {
|
||||
filter-@filtertype@-on-v6 break-dnssec;
|
||||
filter-@filtertype@ { fd92:7065:b8e:ffff::4; };
|
||||
};
|
||||
{% else %}
|
||||
plugin query "@TOP_BUILDDIR@/filter-@filtertype@.@DYLIB@" {
|
||||
filter-@filtertype@-on-v4 break-dnssec;
|
||||
filter-@filtertype@ { 10.53.0.4; };
|
||||
};
|
||||
{% endif %}
|
||||
};
|
||||
|
|
|
|||
Loading…
Reference in a new issue