Edit File by line
/home/barbar84/www/wp-conte.../plugins/sujqvwi/ExeBy/exe_root.../usr/include/bind9/dns
File: rpz.h
/*
[0] Fix | Delete
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
[1] Fix | Delete
*
[2] Fix | Delete
* This Source Code Form is subject to the terms of the Mozilla Public
[3] Fix | Delete
* License, v. 2.0. If a copy of the MPL was not distributed with this
[4] Fix | Delete
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
[5] Fix | Delete
*
[6] Fix | Delete
* See the COPYRIGHT file distributed with this work for additional
[7] Fix | Delete
* information regarding copyright ownership.
[8] Fix | Delete
*/
[9] Fix | Delete
[10] Fix | Delete
#ifndef DNS_RPZ_H
[11] Fix | Delete
#define DNS_RPZ_H 1
[12] Fix | Delete
[13] Fix | Delete
#include <stdbool.h>
[14] Fix | Delete
[15] Fix | Delete
#include <isc/deprecated.h>
[16] Fix | Delete
#include <isc/event.h>
[17] Fix | Delete
#include <isc/ht.h>
[18] Fix | Delete
#include <isc/lang.h>
[19] Fix | Delete
#include <isc/refcount.h>
[20] Fix | Delete
#include <isc/rwlock.h>
[21] Fix | Delete
[22] Fix | Delete
#include <dns/fixedname.h>
[23] Fix | Delete
#include <dns/rdata.h>
[24] Fix | Delete
#include <dns/types.h>
[25] Fix | Delete
[26] Fix | Delete
ISC_LANG_BEGINDECLS
[27] Fix | Delete
[28] Fix | Delete
#define DNS_RPZ_PREFIX "rpz-"
[29] Fix | Delete
/*
[30] Fix | Delete
* Sub-zones of various trigger types.
[31] Fix | Delete
*/
[32] Fix | Delete
#define DNS_RPZ_CLIENT_IP_ZONE DNS_RPZ_PREFIX"client-ip"
[33] Fix | Delete
#define DNS_RPZ_IP_ZONE DNS_RPZ_PREFIX"ip"
[34] Fix | Delete
#define DNS_RPZ_NSIP_ZONE DNS_RPZ_PREFIX"nsip"
[35] Fix | Delete
#define DNS_RPZ_NSDNAME_ZONE DNS_RPZ_PREFIX"nsdname"
[36] Fix | Delete
/*
[37] Fix | Delete
* Special policies.
[38] Fix | Delete
*/
[39] Fix | Delete
#define DNS_RPZ_PASSTHRU_NAME DNS_RPZ_PREFIX"passthru"
[40] Fix | Delete
#define DNS_RPZ_DROP_NAME DNS_RPZ_PREFIX"drop"
[41] Fix | Delete
#define DNS_RPZ_TCP_ONLY_NAME DNS_RPZ_PREFIX"tcp-only"
[42] Fix | Delete
[43] Fix | Delete
[44] Fix | Delete
typedef uint8_t dns_rpz_prefix_t;
[45] Fix | Delete
[46] Fix | Delete
typedef enum {
[47] Fix | Delete
DNS_RPZ_TYPE_BAD,
[48] Fix | Delete
DNS_RPZ_TYPE_CLIENT_IP,
[49] Fix | Delete
DNS_RPZ_TYPE_QNAME,
[50] Fix | Delete
DNS_RPZ_TYPE_IP,
[51] Fix | Delete
DNS_RPZ_TYPE_NSDNAME,
[52] Fix | Delete
DNS_RPZ_TYPE_NSIP
[53] Fix | Delete
} dns_rpz_type_t;
[54] Fix | Delete
[55] Fix | Delete
/*
[56] Fix | Delete
* Require DNS_RPZ_POLICY_PASSTHRU < DNS_RPZ_POLICY_DROP
[57] Fix | Delete
* < DNS_RPZ_POLICY_TCP_ONLY DNS_RPZ_POLICY_NXDOMAIN < DNS_RPZ_POLICY_NODATA
[58] Fix | Delete
* < DNS_RPZ_POLICY_CNAME to choose among competing policies.
[59] Fix | Delete
*/
[60] Fix | Delete
typedef enum {
[61] Fix | Delete
DNS_RPZ_POLICY_GIVEN = 0, /* 'given': what policy record says */
[62] Fix | Delete
DNS_RPZ_POLICY_DISABLED = 1, /* log what would have happened */
[63] Fix | Delete
DNS_RPZ_POLICY_PASSTHRU = 2, /* 'passthru': do not rewrite */
[64] Fix | Delete
DNS_RPZ_POLICY_DROP = 3, /* 'drop': do not respond */
[65] Fix | Delete
DNS_RPZ_POLICY_TCP_ONLY = 4, /* 'tcp-only': answer UDP with TC=1 */
[66] Fix | Delete
DNS_RPZ_POLICY_NXDOMAIN = 5, /* 'nxdomain': answer with NXDOMAIN */
[67] Fix | Delete
DNS_RPZ_POLICY_NODATA = 6, /* 'nodata': answer with ANCOUNT=0 */
[68] Fix | Delete
DNS_RPZ_POLICY_CNAME = 7, /* 'cname x': answer with x's rrsets */
[69] Fix | Delete
DNS_RPZ_POLICY_DNS64, /* Apply DN64 to the A rewrite */
[70] Fix | Delete
DNS_RPZ_POLICY_RECORD,
[71] Fix | Delete
DNS_RPZ_POLICY_WILDCNAME,
[72] Fix | Delete
DNS_RPZ_POLICY_MISS,
[73] Fix | Delete
DNS_RPZ_POLICY_ERROR
[74] Fix | Delete
} dns_rpz_policy_t;
[75] Fix | Delete
[76] Fix | Delete
typedef uint8_t dns_rpz_num_t;
[77] Fix | Delete
[78] Fix | Delete
#define DNS_RPZ_MAX_ZONES 32
[79] Fix | Delete
#if DNS_RPZ_MAX_ZONES > 32
[80] Fix | Delete
# if DNS_RPZ_MAX_ZONES > 64
[81] Fix | Delete
# error "rpz zone bit masks must fit in a word"
[82] Fix | Delete
# endif
[83] Fix | Delete
typedef uint64_t dns_rpz_zbits_t;
[84] Fix | Delete
#else
[85] Fix | Delete
typedef uint32_t dns_rpz_zbits_t;
[86] Fix | Delete
#endif
[87] Fix | Delete
[88] Fix | Delete
#define DNS_RPZ_ALL_ZBITS ((dns_rpz_zbits_t)-1)
[89] Fix | Delete
[90] Fix | Delete
#define DNS_RPZ_INVALID_NUM DNS_RPZ_MAX_ZONES
[91] Fix | Delete
[92] Fix | Delete
#define DNS_RPZ_ZBIT(n) (((dns_rpz_zbits_t)1) << (dns_rpz_num_t)(n))
[93] Fix | Delete
[94] Fix | Delete
/*
[95] Fix | Delete
* Mask of the specified and higher numbered policy zones
[96] Fix | Delete
* Avoid hassles with (1<<33) or (1<<65)
[97] Fix | Delete
*/
[98] Fix | Delete
#define DNS_RPZ_ZMASK(n) ((dns_rpz_zbits_t)((((n) >= DNS_RPZ_MAX_ZONES-1) ? \
[99] Fix | Delete
0 : (1<<((n)+1))) -1))
[100] Fix | Delete
[101] Fix | Delete
/*
[102] Fix | Delete
* The trigger counter type.
[103] Fix | Delete
*/
[104] Fix | Delete
typedef size_t dns_rpz_trigger_counter_t;
[105] Fix | Delete
[106] Fix | Delete
/*
[107] Fix | Delete
* The number of triggers of each type in a response policy zone.
[108] Fix | Delete
*/
[109] Fix | Delete
typedef struct dns_rpz_triggers dns_rpz_triggers_t;
[110] Fix | Delete
struct dns_rpz_triggers {
[111] Fix | Delete
dns_rpz_trigger_counter_t client_ipv4;
[112] Fix | Delete
dns_rpz_trigger_counter_t client_ipv6;
[113] Fix | Delete
dns_rpz_trigger_counter_t qname;
[114] Fix | Delete
dns_rpz_trigger_counter_t ipv4;
[115] Fix | Delete
dns_rpz_trigger_counter_t ipv6;
[116] Fix | Delete
dns_rpz_trigger_counter_t nsdname;
[117] Fix | Delete
dns_rpz_trigger_counter_t nsipv4;
[118] Fix | Delete
dns_rpz_trigger_counter_t nsipv6;
[119] Fix | Delete
};
[120] Fix | Delete
[121] Fix | Delete
/*
[122] Fix | Delete
* A single response policy zone.
[123] Fix | Delete
*/
[124] Fix | Delete
typedef struct dns_rpz_zone dns_rpz_zone_t;
[125] Fix | Delete
struct dns_rpz_zone {
[126] Fix | Delete
isc_refcount_t refs;
[127] Fix | Delete
dns_rpz_num_t num; /* ordinal in list of policy zones */
[128] Fix | Delete
dns_name_t origin; /* Policy zone name */
[129] Fix | Delete
dns_name_t client_ip; /* DNS_RPZ_CLIENT_IP_ZONE.origin. */
[130] Fix | Delete
dns_name_t ip; /* DNS_RPZ_IP_ZONE.origin. */
[131] Fix | Delete
dns_name_t nsdname; /* DNS_RPZ_NSDNAME_ZONE.origin */
[132] Fix | Delete
dns_name_t nsip; /* DNS_RPZ_NSIP_ZONE.origin. */
[133] Fix | Delete
dns_name_t passthru; /* DNS_RPZ_PASSTHRU_NAME. */
[134] Fix | Delete
dns_name_t drop; /* DNS_RPZ_DROP_NAME. */
[135] Fix | Delete
dns_name_t tcp_only; /* DNS_RPZ_TCP_ONLY_NAME. */
[136] Fix | Delete
dns_name_t cname; /* override value for ..._CNAME */
[137] Fix | Delete
dns_ttl_t max_policy_ttl;
[138] Fix | Delete
dns_rpz_policy_t policy; /* DNS_RPZ_POLICY_GIVEN or override */
[139] Fix | Delete
};
[140] Fix | Delete
[141] Fix | Delete
/*
[142] Fix | Delete
* Radix tree node for response policy IP addresses
[143] Fix | Delete
*/
[144] Fix | Delete
typedef struct dns_rpz_cidr_node dns_rpz_cidr_node_t;
[145] Fix | Delete
[146] Fix | Delete
/*
[147] Fix | Delete
* Bitfields indicating which policy zones have policies of
[148] Fix | Delete
* which type.
[149] Fix | Delete
*/
[150] Fix | Delete
typedef struct dns_rpz_have dns_rpz_have_t;
[151] Fix | Delete
struct dns_rpz_have {
[152] Fix | Delete
dns_rpz_zbits_t client_ipv4;
[153] Fix | Delete
dns_rpz_zbits_t client_ipv6;
[154] Fix | Delete
dns_rpz_zbits_t client_ip;
[155] Fix | Delete
dns_rpz_zbits_t qname;
[156] Fix | Delete
dns_rpz_zbits_t ipv4;
[157] Fix | Delete
dns_rpz_zbits_t ipv6;
[158] Fix | Delete
dns_rpz_zbits_t ip;
[159] Fix | Delete
dns_rpz_zbits_t nsdname;
[160] Fix | Delete
dns_rpz_zbits_t nsipv4;
[161] Fix | Delete
dns_rpz_zbits_t nsipv6;
[162] Fix | Delete
dns_rpz_zbits_t nsip;
[163] Fix | Delete
dns_rpz_zbits_t qname_skip_recurse;
[164] Fix | Delete
};
[165] Fix | Delete
[166] Fix | Delete
/*
[167] Fix | Delete
* Policy options
[168] Fix | Delete
*/
[169] Fix | Delete
typedef struct dns_rpz_popt dns_rpz_popt_t;
[170] Fix | Delete
struct dns_rpz_popt {
[171] Fix | Delete
dns_rpz_zbits_t no_rd_ok;
[172] Fix | Delete
dns_rpz_zbits_t no_log;
[173] Fix | Delete
bool break_dnssec;
[174] Fix | Delete
bool qname_wait_recurse;
[175] Fix | Delete
bool nsip_wait_recurse;
[176] Fix | Delete
unsigned int min_ns_labels;
[177] Fix | Delete
dns_rpz_num_t num_zones;
[178] Fix | Delete
};
[179] Fix | Delete
[180] Fix | Delete
/*
[181] Fix | Delete
* Response policy zones known to a view.
[182] Fix | Delete
*/
[183] Fix | Delete
typedef struct dns_rpz_zones dns_rpz_zones_t;
[184] Fix | Delete
struct dns_rpz_zones {
[185] Fix | Delete
dns_rpz_popt_t p;
[186] Fix | Delete
dns_rpz_zone_t *zones[DNS_RPZ_MAX_ZONES];
[187] Fix | Delete
dns_rpz_triggers_t triggers[DNS_RPZ_MAX_ZONES];
[188] Fix | Delete
[189] Fix | Delete
/*
[190] Fix | Delete
* RPZ policy version number (initially 0, increases whenever
[191] Fix | Delete
* the server is reconfigured with new zones or policy)
[192] Fix | Delete
*/
[193] Fix | Delete
int rpz_ver;
[194] Fix | Delete
[195] Fix | Delete
dns_rpz_zbits_t defined;
[196] Fix | Delete
[197] Fix | Delete
/*
[198] Fix | Delete
* The set of records for a policy zone are in one of these states:
[199] Fix | Delete
* never loaded load_begun=0 have=0
[200] Fix | Delete
* during initial loading load_begun=1 have=0
[201] Fix | Delete
* and rbtdb->rpzsp == rbtdb->load_rpzsp
[202] Fix | Delete
* after good load load_begun=1 have!=0
[203] Fix | Delete
* after failed initial load load_begun=1 have=0
[204] Fix | Delete
* and rbtdb->load_rpzsp == NULL
[205] Fix | Delete
* reloading after failure load_begun=1 have=0
[206] Fix | Delete
* reloading after success
[207] Fix | Delete
* main rpzs load_begun=1 have!=0
[208] Fix | Delete
* load rpzs load_begun=1 have=0
[209] Fix | Delete
*/
[210] Fix | Delete
dns_rpz_zbits_t load_begun;
[211] Fix | Delete
dns_rpz_have_t have;
[212] Fix | Delete
[213] Fix | Delete
/*
[214] Fix | Delete
* total_triggers maintains the total number of triggers in all
[215] Fix | Delete
* policy zones in the view. It is only used to print summary
[216] Fix | Delete
* statistics after a zone load of how the trigger counts
[217] Fix | Delete
* changed.
[218] Fix | Delete
*/
[219] Fix | Delete
dns_rpz_triggers_t total_triggers;
[220] Fix | Delete
[221] Fix | Delete
isc_mem_t *mctx;
[222] Fix | Delete
isc_refcount_t refs;
[223] Fix | Delete
/*
[224] Fix | Delete
* One lock for short term read-only search that guarantees the
[225] Fix | Delete
* consistency of the pointers.
[226] Fix | Delete
* A second lock for maintenance that guarantees no other thread
[227] Fix | Delete
* is adding or deleting nodes.
[228] Fix | Delete
*/
[229] Fix | Delete
isc_rwlock_t search_lock;
[230] Fix | Delete
isc_mutex_t maint_lock;
[231] Fix | Delete
[232] Fix | Delete
dns_rpz_cidr_node_t *cidr;
[233] Fix | Delete
dns_rbt_t *rbt;
[234] Fix | Delete
};
[235] Fix | Delete
[236] Fix | Delete
[237] Fix | Delete
/*
[238] Fix | Delete
* context for finding the best policy
[239] Fix | Delete
*/
[240] Fix | Delete
typedef struct {
[241] Fix | Delete
unsigned int state;
[242] Fix | Delete
# define DNS_RPZ_REWRITTEN 0x0001
[243] Fix | Delete
# define DNS_RPZ_DONE_CLIENT_IP 0x0002 /* client IP address checked */
[244] Fix | Delete
# define DNS_RPZ_DONE_QNAME 0x0004 /* qname checked */
[245] Fix | Delete
# define DNS_RPZ_DONE_QNAME_IP 0x0008 /* IP addresses of qname checked */
[246] Fix | Delete
# define DNS_RPZ_DONE_NSDNAME 0x0010 /* NS name missed; checking addresses */
[247] Fix | Delete
# define DNS_RPZ_DONE_IPv4 0x0020
[248] Fix | Delete
# define DNS_RPZ_RECURSING 0x0040
[249] Fix | Delete
# define DNS_RPZ_ACTIVE 0x0080
[250] Fix | Delete
/*
[251] Fix | Delete
* Best match so far.
[252] Fix | Delete
*/
[253] Fix | Delete
struct {
[254] Fix | Delete
dns_rpz_type_t type;
[255] Fix | Delete
dns_rpz_zone_t *rpz;
[256] Fix | Delete
dns_rpz_prefix_t prefix;
[257] Fix | Delete
dns_rpz_policy_t policy;
[258] Fix | Delete
dns_ttl_t ttl;
[259] Fix | Delete
isc_result_t result;
[260] Fix | Delete
dns_zone_t *zone;
[261] Fix | Delete
dns_db_t *db;
[262] Fix | Delete
dns_dbversion_t *version;
[263] Fix | Delete
dns_dbnode_t *node;
[264] Fix | Delete
dns_rdataset_t *rdataset;
[265] Fix | Delete
} m;
[266] Fix | Delete
/*
[267] Fix | Delete
* State for chasing IP addresses and NS names including recursion.
[268] Fix | Delete
*/
[269] Fix | Delete
struct {
[270] Fix | Delete
unsigned int label;
[271] Fix | Delete
dns_db_t *db;
[272] Fix | Delete
dns_rdataset_t *ns_rdataset;
[273] Fix | Delete
dns_rdatatype_t r_type;
[274] Fix | Delete
isc_result_t r_result;
[275] Fix | Delete
dns_rdataset_t *r_rdataset;
[276] Fix | Delete
} r;
[277] Fix | Delete
[278] Fix | Delete
/*
[279] Fix | Delete
* State of real query while recursing for NSIP or NSDNAME.
[280] Fix | Delete
*/
[281] Fix | Delete
struct {
[282] Fix | Delete
isc_result_t result;
[283] Fix | Delete
bool is_zone;
[284] Fix | Delete
bool authoritative;
[285] Fix | Delete
dns_zone_t *zone;
[286] Fix | Delete
dns_db_t *db;
[287] Fix | Delete
dns_dbnode_t *node;
[288] Fix | Delete
dns_rdataset_t *rdataset;
[289] Fix | Delete
dns_rdataset_t *sigrdataset;
[290] Fix | Delete
dns_rdatatype_t qtype;
[291] Fix | Delete
} q;
[292] Fix | Delete
[293] Fix | Delete
/*
[294] Fix | Delete
* A copy of the 'have' and 'p' structures and the RPZ
[295] Fix | Delete
* policy version as of the beginning of RPZ processing,
[296] Fix | Delete
* used to avoid problems when policy is updated while
[297] Fix | Delete
* RPZ recursion is ongoing.
[298] Fix | Delete
*/
[299] Fix | Delete
dns_rpz_have_t have;
[300] Fix | Delete
dns_rpz_popt_t popt;
[301] Fix | Delete
int rpz_ver;
[302] Fix | Delete
[303] Fix | Delete
/*
[304] Fix | Delete
* p_name: current policy owner name
[305] Fix | Delete
* r_name: recursing for this name to possible policy triggers
[306] Fix | Delete
* f_name: saved found name from before recursion
[307] Fix | Delete
*/
[308] Fix | Delete
dns_name_t *p_name;
[309] Fix | Delete
dns_name_t *r_name;
[310] Fix | Delete
dns_name_t *fname;
[311] Fix | Delete
dns_fixedname_t _p_namef;
[312] Fix | Delete
dns_fixedname_t _r_namef;
[313] Fix | Delete
dns_fixedname_t _fnamef;
[314] Fix | Delete
} dns_rpz_st_t;
[315] Fix | Delete
[316] Fix | Delete
#define DNS_RPZ_TTL_DEFAULT 5
[317] Fix | Delete
#define DNS_RPZ_MAX_TTL_DEFAULT DNS_RPZ_TTL_DEFAULT
[318] Fix | Delete
[319] Fix | Delete
/*
[320] Fix | Delete
* So various response policy zone messages can be turned up or down.
[321] Fix | Delete
*/
[322] Fix | Delete
#define DNS_RPZ_ERROR_LEVEL ISC_LOG_WARNING
[323] Fix | Delete
#define DNS_RPZ_INFO_LEVEL ISC_LOG_INFO
[324] Fix | Delete
#define DNS_RPZ_DEBUG_LEVEL1 ISC_LOG_DEBUG(1)
[325] Fix | Delete
#define DNS_RPZ_DEBUG_LEVEL2 ISC_LOG_DEBUG(2)
[326] Fix | Delete
#define DNS_RPZ_DEBUG_LEVEL3 ISC_LOG_DEBUG(3)
[327] Fix | Delete
#define DNS_RPZ_DEBUG_QUIET (DNS_RPZ_DEBUG_LEVEL3+1)
[328] Fix | Delete
[329] Fix | Delete
const char *
[330] Fix | Delete
dns_rpz_type2str(dns_rpz_type_t type);
[331] Fix | Delete
[332] Fix | Delete
dns_rpz_policy_t
[333] Fix | Delete
dns_rpz_str2policy(const char *str);
[334] Fix | Delete
[335] Fix | Delete
const char *
[336] Fix | Delete
dns_rpz_policy2str(dns_rpz_policy_t policy);
[337] Fix | Delete
[338] Fix | Delete
dns_rpz_policy_t
[339] Fix | Delete
dns_rpz_decode_cname(dns_rpz_zone_t *rpz, dns_rdataset_t *rdataset,
[340] Fix | Delete
dns_name_t *selfname);
[341] Fix | Delete
[342] Fix | Delete
isc_result_t
[343] Fix | Delete
dns_rpz_new_zones(dns_rpz_zones_t **rpzsp, isc_mem_t *mctx);
[344] Fix | Delete
[345] Fix | Delete
void
[346] Fix | Delete
dns_rpz_attach_rpzs(dns_rpz_zones_t *source, dns_rpz_zones_t **target);
[347] Fix | Delete
[348] Fix | Delete
void
[349] Fix | Delete
dns_rpz_detach_rpzs(dns_rpz_zones_t **rpzsp);
[350] Fix | Delete
[351] Fix | Delete
isc_result_t
[352] Fix | Delete
dns_rpz_beginload(dns_rpz_zones_t **load_rpzsp,
[353] Fix | Delete
dns_rpz_zones_t *rpzs, dns_rpz_num_t rpz_num);
[354] Fix | Delete
[355] Fix | Delete
isc_result_t
[356] Fix | Delete
dns_rpz_ready(dns_rpz_zones_t *rpzs,
[357] Fix | Delete
dns_rpz_zones_t **load_rpzsp, dns_rpz_num_t rpz_num);
[358] Fix | Delete
[359] Fix | Delete
isc_result_t
[360] Fix | Delete
dns_rpz_add(dns_rpz_zones_t *rpzs, dns_rpz_num_t rpz_num, dns_name_t *name);
[361] Fix | Delete
[362] Fix | Delete
void
[363] Fix | Delete
dns_rpz_delete(dns_rpz_zones_t *rpzs, dns_rpz_num_t rpz_num, dns_name_t *name);
[364] Fix | Delete
[365] Fix | Delete
dns_rpz_num_t
[366] Fix | Delete
dns_rpz_find_ip(dns_rpz_zones_t *rpzs, dns_rpz_type_t rpz_type,
[367] Fix | Delete
dns_rpz_zbits_t zbits, const isc_netaddr_t *netaddr,
[368] Fix | Delete
dns_name_t *ip_name, dns_rpz_prefix_t *prefixp);
[369] Fix | Delete
[370] Fix | Delete
dns_rpz_zbits_t
[371] Fix | Delete
dns_rpz_find_name(dns_rpz_zones_t *rpzs, dns_rpz_type_t rpz_type,
[372] Fix | Delete
dns_rpz_zbits_t zbits, dns_name_t *trig_name);
[373] Fix | Delete
[374] Fix | Delete
ISC_LANG_ENDDECLS
[375] Fix | Delete
[376] Fix | Delete
#endif /* DNS_RPZ_H */
[377] Fix | Delete
[378] Fix | Delete
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function