upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-23 08:10:30 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- log-local-actions: yes option for unbound.conf that logs all the

Browse source 
local zone actions, a patch from Saksham Manchanda (Secure64).


git-svn-id: file:///svn/unbound/trunk@4864 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2018-08-21 07:10:09 +00:00
parent 4fe427ded2
commit 01d8dc2240
6 changed files with 25 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
doc/Changelog
View file

@ -1,3 +1,7 @@
21 August 2018: Wouter
- log-local-actions: yes option for unbound.conf that logs all the
local zone actions, a patch from Saksham Manchanda (Secure64).
17 August 2018: Ralph 17 August 2018: Ralph
- Fix classification for QTYPE=CNAME queries when QNAME minimisation is - Fix classification for QTYPE=CNAME queries when QNAME minimisation is
enabled. enabled.

5
services/localzone.c
View file

@ -1459,7 +1459,7 @@ lz_inform_print(struct local_zone* z, struct query_info* qinfo,
uint16_t port = ntohs(((struct sockaddr_in*)&repinfo->addr)->sin_port); uint16_t port = ntohs(((struct sockaddr_in*)&repinfo->addr)->sin_port);
dname_str(z->name, zname); dname_str(z->name, zname);
addr_to_str(&repinfo->addr, repinfo->addrlen, ip, sizeof(ip)); addr_to_str(&repinfo->addr, repinfo->addrlen, ip, sizeof(ip));
snprintf(txt, sizeof(txt), "%s inform %s@%u", zname, ip, snprintf(txt, sizeof(txt), "%s %s %s@%u", zname, local_zone_type2str(z->type), ip,
(unsigned)port); (unsigned)port);
log_nametypeclass(0, txt, qinfo->qname, qinfo->qtype, qinfo->qclass); log_nametypeclass(0, txt, qinfo->qname, qinfo->qtype, qinfo->qclass);
} }
@ -1576,7 +1576,8 @@ local_zones_answer(struct local_zones* zones, struct module_env* env,
z->override_tree, &tag, tagname, num_tags); z->override_tree, &tag, tagname, num_tags);
lock_rw_unlock(&zones->lock); lock_rw_unlock(&zones->lock);
} }
if((lzt == local_zone_inform || lzt == local_zone_inform_deny) if((env->cfg->log_local_actions ||
lzt == local_zone_inform || lzt == local_zone_inform_deny)
&& repinfo) && repinfo)
lz_inform_print(z, qinfo, repinfo); lz_inform_print(z, qinfo, repinfo);

3
util/config_file.c
View file

@ -118,6 +118,7 @@ config_create(void)
cfg->log_time_ascii = 0; cfg->log_time_ascii = 0;
cfg->log_queries = 0; cfg->log_queries = 0;
cfg->log_replies = 0; cfg->log_replies = 0;
cfg->log_local_actions = 0;
cfg->log_servfail = 0; cfg->log_servfail = 0;
#ifndef USE_WINSOCK #ifndef USE_WINSOCK
# ifdef USE_MINI_EVENT # ifdef USE_MINI_EVENT
@ -548,6 +549,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
else S_YNO("val-log-squelch:", val_log_squelch) else S_YNO("val-log-squelch:", val_log_squelch)
else S_YNO("log-queries:", log_queries) else S_YNO("log-queries:", log_queries)
else S_YNO("log-replies:", log_replies) else S_YNO("log-replies:", log_replies)
else S_YNO("log-local-actions:", log_local_actions)
else S_YNO("log-servfail:", log_servfail) else S_YNO("log-servfail:", log_servfail)
else S_YNO("val-permissive-mode:", val_permissive_mode) else S_YNO("val-permissive-mode:", val_permissive_mode)
else S_YNO("aggressive-nsec:", aggressive_nsec) else S_YNO("aggressive-nsec:", aggressive_nsec)
@ -905,6 +907,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_STR(opt, "logfile", logfile) else O_STR(opt, "logfile", logfile)
else O_YNO(opt, "log-queries", log_queries) else O_YNO(opt, "log-queries", log_queries)
else O_YNO(opt, "log-replies", log_replies) else O_YNO(opt, "log-replies", log_replies)
else O_YNO(opt, "log-local-actions", log_local_actions)
else O_YNO(opt, "log-servfail", log_servfail) else O_YNO(opt, "log-servfail", log_servfail)
else O_STR(opt, "pidfile", pidfile) else O_STR(opt, "pidfile", pidfile)
else O_YNO(opt, "hide-identity", hide_identity) else O_YNO(opt, "hide-identity", hide_identity)

2
util/config_file.h
View file

@ -277,6 +277,8 @@ struct config_file {
int log_queries; int log_queries;
/** log replies with one line per reply */ /** log replies with one line per reply */
int log_replies; int log_replies;
/** log every local-zone hit **/
int log_local_actions;
/** log servfails with a reason */ /** log servfails with a reason */
int log_servfail; int log_servfail;
/** log identity to report */ /** log identity to report */

1
util/configlexer.lex
View file

@ -371,6 +371,7 @@ log-identity{COLON} { YDVAR(1, VAR_LOG_IDENTITY) }
log-time-ascii{COLON} { YDVAR(1, VAR_LOG_TIME_ASCII) } log-time-ascii{COLON} { YDVAR(1, VAR_LOG_TIME_ASCII) }
log-queries{COLON} { YDVAR(1, VAR_LOG_QUERIES) } log-queries{COLON} { YDVAR(1, VAR_LOG_QUERIES) }
log-replies{COLON} { YDVAR(1, VAR_LOG_REPLIES) } log-replies{COLON} { YDVAR(1, VAR_LOG_REPLIES) }
log-local-actions{COLON} { YDVAR(1, VAR_LOG_LOCAL_ACTIONS) }
log-servfail{COLON} { YDVAR(1, VAR_LOG_SERVFAIL) } log-servfail{COLON} { YDVAR(1, VAR_LOG_SERVFAIL) }
local-zone{COLON} { YDVAR(2, VAR_LOCAL_ZONE) } local-zone{COLON} { YDVAR(2, VAR_LOCAL_ZONE) }
local-data{COLON} { YDVAR(1, VAR_LOCAL_DATA) } local-data{COLON} { YDVAR(1, VAR_LOCAL_DATA) }

12
util/configparser.y
View file

@ -107,7 +107,7 @@ extern struct config_parser_state* cfg_parser;
%token VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING VAR_ADD_HOLDDOWN %token VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING VAR_ADD_HOLDDOWN
%token VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE VAR_PREFETCH %token VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE VAR_PREFETCH
%token VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT VAR_HARDEN_BELOW_NXDOMAIN %token VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT VAR_HARDEN_BELOW_NXDOMAIN
%token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_LOG_REPLIES %token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS
%token VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM %token VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM
%token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST %token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
%token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE
@ -220,6 +220,7 @@ content_server: server_num_threads | server_verbosity | server_port |
server_edns_buffer_size | server_prefetch | server_prefetch_key | server_edns_buffer_size | server_prefetch | server_prefetch_key |
server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag | server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |
server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream | server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream |
server_log_local_actions |
server_ssl_service_key | server_ssl_service_pem | server_ssl_port | server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
server_minimal_responses | server_rrset_roundrobin | server_max_udp_size | server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
server_so_reuseport | server_delay_close | server_so_reuseport | server_delay_close |
@ -812,6 +813,15 @@ server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG
free($2); free($2);
} }
; ;
server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG
{
OUTYY(("P(server_log_local_actions:%s)\n", $2));
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
yyerror("expected yes or no.");
else cfg_parser->cfg->log_local_actions = (strcmp($2, "yes")==0);
free($2);
}
;
server_chroot: VAR_CHROOT STRING_ARG server_chroot: VAR_CHROOT STRING_ARG
{ {
OUTYY(("P(server_chroot:%s)\n", $2)); OUTYY(("P(server_chroot:%s)\n", $2));