Commit 28442f11 authored by Mark Andrews's avatar Mark Andrews
Browse files

log RPZ type and class

parent a13a0a2b
Pipeline #6382 passed with stages
in 7 minutes and 43 seconds
......@@ -413,15 +413,15 @@ for mode in native dnsrps; do
$DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p ${PORT} -b 10.53.0.4 > dig.out.${t}
$DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p ${PORT} -b 10.53.0.3 >> dig.out.${t}
$DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p ${PORT} -b 10.53.0.2 >> dig.out.${t}
sed -n "$cur,"'$p' < ns2/named.run | grep "view recursive: rpz CLIENT-IP Local-Data rewrite l2.l1.l0 via 32.4.0.53.10.rpz-client-ip.log1" > /dev/null && {
sed -n "$cur,"'$p' < ns2/named.run | grep "view recursive: rpz CLIENT-IP Local-Data rewrite l2.l1.l0/A/IN via 32.4.0.53.10.rpz-client-ip.log1" > /dev/null && {
echo_i " failed: unexpected rewrite message for policy zone log1 was logged"
status=1
}
sed -n "$cur,"'$p' < ns2/named.run | grep "view recursive: rpz CLIENT-IP Local-Data rewrite l2.l1.l0 via 32.3.0.53.10.rpz-client-ip.log2" > /dev/null || {
sed -n "$cur,"'$p' < ns2/named.run | grep "view recursive: rpz CLIENT-IP Local-Data rewrite l2.l1.l0/A/IN via 32.3.0.53.10.rpz-client-ip.log2" > /dev/null || {
echo_i " failed: expected rewrite message for policy zone log2 was not logged"
status=1
}
sed -n "$cur,"'$p' < ns2/named.run | grep "view recursive: rpz CLIENT-IP Local-Data rewrite l2.l1.l0 via 32.2.0.53.10.rpz-client-ip.log3" > /dev/null || {
sed -n "$cur,"'$p' < ns2/named.run | grep "view recursive: rpz CLIENT-IP Local-Data rewrite l2.l1.l0/A/IN via 32.2.0.53.10.rpz-client-ip.log3" > /dev/null || {
echo_i " failed: expected rewrite message for policy zone log3 was not logged"
status=1
}
......
......@@ -1301,12 +1301,15 @@ rpz_log_rewrite(ns_client_t *client, bool disabled,
dns_zone_t *p_zone, dns_name_t *p_name,
dns_name_t *cname, dns_rpz_num_t rpz_num)
{
isc_stats_t *zonestats;
char qname_buf[DNS_NAME_FORMATSIZE];
char p_name_buf[DNS_NAME_FORMATSIZE];
char cname_buf[DNS_NAME_FORMATSIZE] = { 0 };
char p_name_buf[DNS_NAME_FORMATSIZE];
char qname_buf[DNS_NAME_FORMATSIZE];
char classname[DNS_RDATACLASS_FORMATSIZE];
char typename[DNS_RDATATYPE_FORMATSIZE];
const char *s1 = cname_buf, *s2 = cname_buf;
dns_rdataset_t *rdataset;
dns_rpz_st_t *st;
isc_stats_t *zonestats;
/*
* Count enabled rewrites in the global counter.
......@@ -1338,11 +1341,22 @@ rpz_log_rewrite(ns_client_t *client, bool disabled,
s2 = ")";
}
/*
* Log Qclass and Qtype in addition to existing
* fields.
*/
rdataset = ISC_LIST_HEAD(client->query.origqname->list);
INSIST(rdataset != NULL);
dns_rdataclass_format(rdataset->rdclass, classname, sizeof(classname));
dns_rdatatype_format(rdataset->type, typename, sizeof(typename));
ns_client_log(client, DNS_LOGCATEGORY_RPZ, NS_LOGMODULE_QUERY,
DNS_RPZ_INFO_LEVEL, "%srpz %s %s rewrite %s via %s%s%s%s",
DNS_RPZ_INFO_LEVEL,
"%srpz %s %s rewrite %s/%s/%s via %s%s%s%s",
disabled ? "disabled " : "",
dns_rpz_type2str(type), dns_rpz_policy2str(policy),
qname_buf, p_name_buf, s1, cname_buf, s2);
qname_buf, typename, classname,
p_name_buf, s1, cname_buf, s2);
}
static void
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment