daxi20/smartdns
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enable audit-log SOA

Browse Source
This commit is contained in:
Nick Peng
2019-09-22 10:49:28 +08:00
parent c4b99a99e7
commit e05d1f9d17
4 changed files with 26 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
etc/smartdns/smartdns.conf
View File

@@ -95,8 +95,9 @@ log-level info
# log-num 2 # log-num 2
# dns audit # dns audit
# audit-enable: enable or disable audit [yes|no] # audit-enable [yes|no]: enable or disable audit.
# audit-enable yes # audit-enable yes
# audit-SOA [yes|no]: enable or disalbe log soa result.
# audit-size size of each audit file, support k,m,g # audit-size size of each audit file, support k,m,g
# audit-file /var/log/smartdns-audit.log # audit-file /var/log/smartdns-audit.log
# audit-size 128k # audit-size 128k

2
src/dns_conf.c
View File

@@ -49,6 +49,7 @@ int dns_conf_log_num = 8;
/* auditing */ /* auditing */
int dns_conf_audit_enable = 0; int dns_conf_audit_enable = 0;
int dns_conf_audit_log_SOA;
char dns_conf_audit_file[DNS_MAX_PATH]; char dns_conf_audit_file[DNS_MAX_PATH];
size_t dns_conf_audit_size = 1024 * 1024; size_t dns_conf_audit_size = 1024 * 1024;
int dns_conf_audit_num = 2; int dns_conf_audit_num = 2;
@@ -1216,6 +1217,7 @@ static struct config_item _config_item[] = {
CONF_SIZE("log-size", &dns_conf_log_size, 0, 1024 * 1024 * 1024), CONF_SIZE("log-size", &dns_conf_log_size, 0, 1024 * 1024 * 1024),
CONF_INT("log-num", &dns_conf_log_num, 0, 1024), CONF_INT("log-num", &dns_conf_log_num, 0, 1024),
CONF_YESNO("audit-enable", &dns_conf_audit_enable), CONF_YESNO("audit-enable", &dns_conf_audit_enable),
CONF_YESNO("audit-SOA", &dns_conf_audit_log_SOA),
CONF_STRING("audit-file", (char *)&dns_conf_audit_file, DNS_MAX_PATH), CONF_STRING("audit-file", (char *)&dns_conf_audit_file, DNS_MAX_PATH),
CONF_SIZE("audit-size", &dns_conf_audit_size, 0, 1024 * 1024 * 1024), CONF_SIZE("audit-size", &dns_conf_audit_size, 0, 1024 * 1024 * 1024),
CONF_INT("audit-num", &dns_conf_audit_num, 0, 1024), CONF_INT("audit-num", &dns_conf_audit_num, 0, 1024),

1
src/dns_conf.h
View File

@@ -195,6 +195,7 @@ extern struct dns_server_groups dns_conf_server_groups[DNS_NAX_GROUP_NUMBER];
extern int dns_conf_server_group_num; extern int dns_conf_server_group_num;
extern int dns_conf_audit_enable; extern int dns_conf_audit_enable;
extern int dns_conf_audit_log_SOA;
extern char dns_conf_audit_file[DNS_MAX_PATH]; extern char dns_conf_audit_file[DNS_MAX_PATH];
extern size_t dns_conf_audit_size; extern size_t dns_conf_audit_size;
extern int dns_conf_audit_num; extern int dns_conf_audit_num;

36
src/dns_server.c
View File

@@ -290,7 +290,11 @@ static void _dns_server_audit_log(struct dns_request *request)
} else if (request->qtype == DNS_T_A && request->has_ipv4) { } else if (request->qtype == DNS_T_A && request->has_ipv4) {
snprintf(req_result, sizeof(req_result), "%d.%d.%d.%d", request->ipv4_addr[0], request->ipv4_addr[1], request->ipv4_addr[2], request->ipv4_addr[3]); snprintf(req_result, sizeof(req_result), "%d.%d.%d.%d", request->ipv4_addr[0], request->ipv4_addr[1], request->ipv4_addr[2], request->ipv4_addr[3]);
} else if (request->has_soa) { } else if (request->has_soa) {
return; if (!dns_conf_audit_log_SOA) {
return;
}
snprintf(req_result, sizeof(req_result), "SOA");
} else { } else {
return; return;
} }
@@ -1747,25 +1751,23 @@ static int _dns_server_pre_process_rule_flags(struct dns_request *request)
struct dns_rule_flags *rule_flag = NULL; struct dns_rule_flags *rule_flag = NULL;
unsigned int flags = 0; unsigned int flags = 0;
if (request->domain_rule == NULL) { if (request->domain_rule == NULL) {
goto errout; goto out;
} }
/* get domain rule flag */ /* get domain rule flag */
rule_flag = request->domain_rule->rules[DOMAIN_RULE_FLAGS]; rule_flag = request->domain_rule->rules[DOMAIN_RULE_FLAGS];
if (rule_flag == NULL) { if (rule_flag == NULL) {
goto errout; goto out;
} }
flags = rule_flag->flags; flags = rule_flag->flags;
if (flags & DOMAIN_FLAG_ADDR_IGN) { if (flags & DOMAIN_FLAG_ADDR_IGN) {
/* ignore this domain */ /* ignore this domain */
goto errout; goto out;
} }
if (_dns_server_is_return_soa(request)) { if (_dns_server_is_return_soa(request)) {
/* return SOA */ goto soa;
_dns_server_reply_SOA(DNS_RC_NOERROR, request);
return 0;
} }
/* return specific type of address */ /* return specific type of address */
@@ -1773,34 +1775,38 @@ static int _dns_server_pre_process_rule_flags(struct dns_request *request)
case DNS_T_A: case DNS_T_A:
if (flags & DOMAIN_FLAG_ADDR_IPV4_IGN) { if (flags & DOMAIN_FLAG_ADDR_IPV4_IGN) {
/* ignore this domain for A reqeust */ /* ignore this domain for A reqeust */
goto errout; goto out;
} }
if (_dns_server_is_return_soa(request)) { if (_dns_server_is_return_soa(request)) {
/* return SOA for A request */ /* return SOA for A request */
_dns_server_reply_SOA(DNS_RC_NOERROR, request); goto soa;
return 0;
} }
break; break;
case DNS_T_AAAA: case DNS_T_AAAA:
if (flags & DOMAIN_FLAG_ADDR_IPV6_IGN) { if (flags & DOMAIN_FLAG_ADDR_IPV6_IGN) {
/* ignore this domain for A reqeust */ /* ignore this domain for A reqeust */
goto errout; goto out;
} }
if (_dns_server_is_return_soa(request)) { if (_dns_server_is_return_soa(request)) {
/* return SOA for A request */ /* return SOA for A request */
_dns_server_reply_SOA(DNS_RC_NOERROR, request); goto soa;
return 0;
} }
break; break;
default: default:
goto errout; goto out;
break; break;
} }
errout: out:
return -1; return -1;
soa:
/* return SOA */
_dns_server_reply_SOA(DNS_RC_NOERROR, request);
_dns_server_audit_log(request);
return 0;
} }
static int _dns_server_process_address(struct dns_request *request) static int _dns_server_process_address(struct dns_request *request)