Added new logging category rpz-passthru

It is now possible to use the new logging category "rpz-passthru" to redirect RPZ passthru activity to a dedicate logging channel.
2025-08-31 14:35:26 +00:00 · 2020-04-20 16:32:56 -03:00
parent de1414581d
commit f2bf7beeb6
3 changed files with 14 additions and 22 deletions
--- a/lib/dns/include/dns/log.h
+++ b/lib/dns/include/dns/log.h
@@ -41,6 +41,7 @@ LIBDNS_EXTERNAL_DATA extern isc_logmodule_t   dns_modules[];
 #define DNS_LOGCATEGORY_DNSTAP		(&dns_categories[16])
 #define DNS_LOGCATEGORY_ZONELOAD	(&dns_categories[17])
 #define DNS_LOGCATEGORY_NSID		(&dns_categories[18])
+#define DNS_LOGCATEGORY_RPZ_PASSTHRU	(&dns_categories[19])

 /* Backwards compatibility. */
 #define DNS_LOGCATEGORY_GENERAL ISC_LOGCATEGORY_GENERAL
--- a/lib/dns/log.c
+++ b/lib/dns/log.c
@@ -20,26 +20,13 @@
 * \#define to <dns/log.h>.
 */
 LIBDNS_EXTERNAL_DATA isc_logcategory_t dns_categories[] = {
-	{ "notify", 0 },
-	{ "database", 0 },
-	{ "security", 0 },
-	{ "_placeholder", 0 },
-	{ "dnssec", 0 },
-	{ "resolver", 0 },
-	{ "xfer-in", 0 },
-	{ "xfer-out", 0 },
-	{ "dispatch", 0 },
-	{ "lame-servers", 0 },
-	{ "delegation-only", 0 },
-	{ "edns-disabled", 0 },
-	{ "rpz", 0 },
-	{ "rate-limit", 0 },
-	{ "cname", 0 },
-	{ "spill", 0 },
-	{ "dnstap", 0 },
-	{ "zoneload", 0 },
-	{ "nsid", 0 },
-	{ NULL, 0 }
+	{ "notify", 0 },       { "database", 0 },	 { "security", 0 },
+	{ "_placeholder", 0 }, { "dnssec", 0 },		 { "resolver", 0 },
+	{ "xfer-in", 0 },      { "xfer-out", 0 },	 { "dispatch", 0 },
+	{ "lame-servers", 0 }, { "delegation-only", 0 }, { "edns-disabled", 0 },
+	{ "rpz", 0 },	       { "rate-limit", 0 },	 { "cname", 0 },
+	{ "spill", 0 },	       { "dnstap", 0 },		 { "zoneload", 0 },
+	{ "nsid", 0 },	       { "rpz-passthru", 0 },	 { NULL, 0 }
 };

 /*%
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@@ -1164,8 +1164,12 @@ rpz_log_rewrite(ns_client_t *client, bool disabled, dns_rpz_policy_t policy,
 	dns_rdataclass_format(rdataset->rdclass, classbuf, sizeof(classbuf));
 	dns_rdatatype_format(rdataset->type, typebuf, sizeof(typebuf));

-	ns_client_log(client, DNS_LOGCATEGORY_RPZ, NS_LOGMODULE_QUERY,
-		      DNS_RPZ_INFO_LEVEL,
+	/* It's possible to have a separate log channel for rpz passthru. */
+	isc_logcategory_t *log_cat = (policy == DNS_RPZ_POLICY_PASSTHRU)
+					     ? DNS_LOGCATEGORY_RPZ_PASSTHRU
+					     : DNS_LOGCATEGORY_RPZ;
+
+	ns_client_log(client, log_cat, NS_LOGMODULE_QUERY, DNS_RPZ_INFO_LEVEL,
 		      "%srpz %s %s rewrite %s/%s/%s via %s%s%s%s",
 		      disabled ? "disabled " : "", dns_rpz_type2str(type),
 		      dns_rpz_policy2str(policy), qname_buf, typebuf, classbuf,