From f90c75442216deb1e49d11ab00a6df30c5afd130 Mon Sep 17 00:00:00 2001
From: bert hubert <bert.hubert@netherlabs.nl>
Date: Fri, 18 Dec 2015 09:14:05 +0100
Subject: [PATCH] move recursor to LuaWrapper based new API for blocking,
 changing etc of queries. Documentation to follow. For real.

---
 build-scripts/dist-recursor |  6 +++---
 pdns/Makefile-recursor      |  4 ++--
 pdns/Makefile.am            |  4 +---
 pdns/lua-pdns.hh            |  3 +--
 pdns/lua-recursor.cc        |  1 -
 pdns/lua-recursor4.cc       | 42 ++++++++++++++++++++++++-------------
 pdns/lua-recursor4.hh       | 10 +++++++--
 pdns/pdns_recursor.cc       |  1 -
 pdns/syncres.hh             |  2 ++
 9 files changed, 45 insertions(+), 28 deletions(-)

diff --git a/build-scripts/dist-recursor b/build-scripts/dist-recursor
index ae6450129..1d547c89f 100755
--- a/build-scripts/dist-recursor
+++ b/build-scripts/dist-recursor
@@ -32,7 +32,7 @@ rcpgenerator.hh lock.hh dnswriter.hh  dnsrecords.hh dnsparser.hh utility.hh \
 recursor_cache.hh rec_channel.hh qtype.hh misc.hh dns.hh syncres.hh \
 sstuff.hh mtasker.hh mtasker.cc lwres.hh logger.hh pdnsexception.hh \
 mplexer.hh pubsuffix.hh mbedtlscompat.hh \
-dns_random.hh lua-pdns.hh lua-recursor.hh namespaces.hh \
+dns_random.hh lua-recursor4.hh namespaces.hh \
 recpacketcache.hh base32.hh cachecleaner.hh json.hh version.hh \
 ws-recursor.hh ws-api.hh secpoll-recursor.hh \
 responsestats.hh webserver.hh dnsname.hh dnspacket.hh ednssubnet.hh \
@@ -41,11 +41,11 @@ dnsseckeeper.hh statbag.hh ueberbackend.hh sha.hh dnsbackend.hh comment.hh \
 validate.hh validate-recursor.hh sortlist.hh rec-lua-conf.hh sholder.hh"
 
 CFILES="syncres.cc iputils.cc  misc.cc unix_utility.cc qtype.cc \
-logger.cc arguments.cc  lwres.cc pdns_recursor.cc lua-iputils.cc \
+logger.cc arguments.cc  lwres.cc pdns_recursor.cc \
 recursor_cache.cc  dnsparser.cc dnswriter.cc  dnsrecords.cc  rcpgenerator.cc  \
 base64.cc  zoneparser-tng.cc  rec_channel.cc rec_channel_rec.cc rec_control.cc \
 selectmplexer.cc epollmplexer.cc kqueuemplexer.cc portsmplexer.cc pdns_hw.cc \
-sillyrecords.cc pubsuffix.cc lua-pdns.cc lua-recursor.cc randomhelper.cc \
+sillyrecords.cc pubsuffix.cc lua-recursor4.cc randomhelper.cc \
 devpollmplexer.cc recpacketcache.cc dns.cc reczones.cc base32.cc nsecrecords.cc \
 dnslabeltext.cc json.cc ws-recursor.cc ws-api.cc version.cc dns_random.cc \
 responsestats.cc webserver.cc rec-carbon.cc secpoll-recursor.cc dnsname.cc \
diff --git a/pdns/Makefile-recursor b/pdns/Makefile-recursor
index d32a8a804..e1edefa2f 100644
--- a/pdns/Makefile-recursor
+++ b/pdns/Makefile-recursor
@@ -27,10 +27,10 @@ ext/mbedtls/library/ripemd160.o ext/mbedtls/library/rsa.o \
 ext/mbedtls/library/bignum.o ext/mbedtls/library/oid.o ext/mbedtls/library/asn1parse.o  \
 ext/mbedtls/library/ctr_drbg.o ext/mbedtls/library/entropy.o ext/mbedtls/library/entropy_poll.o\
 ext/mbedtls/library/timing.o \
-lua-pdns.o lua-recursor.o randomhelper.o recpacketcache.o dns.o \
+lua-recursor4.o randomhelper.o recpacketcache.o dns.o \
 reczones.o base32.o nsecrecords.o json.o ws-recursor.o ws-api.o \
 version.o responsestats.o webserver.o ext/yahttp/yahttp/reqresp.o ext/yahttp/yahttp/router.o \
-rec-carbon.o secpoll-recursor.o lua-iputils.o iputils.o dnsname.o \
+rec-carbon.o secpoll-recursor.o iputils.o dnsname.o \
 rpzloader.o filterpo.o resolver.o ixfr.o dnssecinfra.o gss_context.o \
 ednssubnet.o validate.o validate-recursor.o mbedtlssigners.o \
 rec-lua-conf.o sortlist.o
diff --git a/pdns/Makefile.am b/pdns/Makefile.am
index 8be5817b3..cc34b6bec 100644
--- a/pdns/Makefile.am
+++ b/pdns/Makefile.am
@@ -1105,9 +1105,7 @@ pdns_recursor_SOURCES = \
 	ixfr.cc ixfr.hh \
 	json.cc json.hh \
 	logger.cc \
-	lua-pdns.cc lua-pdns.hh lua-iputils.cc \
-	lua-recursor.cc lua-recursor.hh \
-	lua-recursor4.cc lua-recursor4.hh \	
+	lua-recursor4.cc lua-recursor4.hh \
 	lwres.cc lwres.hh \
 	mbedtlscompat.hh \
 	mbedtlssigners.cc \
diff --git a/pdns/lua-pdns.hh b/pdns/lua-pdns.hh
index 0b71b1826..5d1f5796d 100644
--- a/pdns/lua-pdns.hh
+++ b/pdns/lua-pdns.hh
@@ -31,8 +31,7 @@ protected: // FIXME?
   bool d_failed;
   bool d_variable;  
 };
-// enum for policy decisions, used by both auth and recursor. Not all values supported everywhere.
-namespace PolicyDecision { enum returnTypes { PASS=-1, DROP=-2, TRUNCATE=-3 }; };
+
 void pushResourceRecordsTable(lua_State* lua, const vector<DNSRecord>& records);
 void popResourceRecordsTable(lua_State *lua, const DNSName &query, vector<DNSRecord>& ret);
 void pushSyslogSecurityLevelTable(lua_State *lua);
diff --git a/pdns/lua-recursor.cc b/pdns/lua-recursor.cc
index 5064dbc30..6510a39e8 100644
--- a/pdns/lua-recursor.cc
+++ b/pdns/lua-recursor.cc
@@ -291,7 +291,6 @@ bool RecursorLua::passthrough(const string& func, const ComboAddress& remote, co
       auto table = getLuaTable(d_lua, -1);
       lua_pop(d_lua, 2);
       string answer = GenUDPQueryResponse(ComboAddress(dest), uquery);
-
       lua_getglobal(d_lua,  callback.c_str());
       
       lua_pushstring(d_lua,  remote.toString().c_str() );
diff --git a/pdns/lua-recursor4.cc b/pdns/lua-recursor4.cc
index 59b2dc17e..3d688af64 100644
--- a/pdns/lua-recursor4.cc
+++ b/pdns/lua-recursor4.cc
@@ -6,10 +6,6 @@
 #include "dnsparser.hh"
 #include "syncres.hh"
 
-namespace {
-  enum class PolicyDecision { PASS=-1, DROP=-2, TRUNCATE=-3 };
-}
-
 static int followCNAMERecords(vector<DNSRecord>& ret, const QType& qtype)
 {
   vector<DNSRecord> resolved;
@@ -122,7 +118,15 @@ RecursorLua4::RecursorLua4(const std::string& fname)
   d_lw = new LuaContext;
   d_lw->writeFunction("newDN", [](const std::string& dom){ return DNSName(dom); });  
   d_lw->registerFunction("isPartOf", &DNSName::isPartOf);  
-  //d_lw->registerFunction("toString", &ComboAddress::toString);  
+  d_lw->registerFunction<string(ComboAddress::*)()>("toString", [](const ComboAddress& ca) { return ca.toString(); });
+  d_lw->writeFunction("newCA", [](const std::string& a) { return ComboAddress(a); });
+  d_lw->writeFunction("newNMG", []() { return NetmaskGroup(); });
+  d_lw->registerFunction<void(NetmaskGroup::*)(const std::string&mask)>("addMask", [](NetmaskGroup&nmg, const std::string& mask)
+			 {
+			   nmg.addMask(mask);
+			 });
+
+  d_lw->registerFunction("match", (bool (NetmaskGroup::*)(const ComboAddress&) const)&NetmaskGroup::match);
   d_lw->registerFunction<string(DNSName::*)()>("toString", [](const DNSName&dn ) { return dn.toString(); });
   d_lw->registerMember("qname", &DNSQuestion::qname);
   d_lw->registerMember("qtype", &DNSQuestion::qtype);
@@ -185,8 +189,10 @@ RecursorLua4::RecursorLua4(const std::string& fname)
   d_nodata = d_lw->readVariable<boost::optional<luacall_t>>("nodata").get_value_or(0);
   d_nxdomain = d_lw->readVariable<boost::optional<luacall_t>>("nxdomain").get_value_or(0);
   d_postresolve = d_lw->readVariable<boost::optional<luacall_t>>("postresolve").get_value_or(0);
-  
-  //  d_ipfilter = d_lw->readVariable<boost::optional<ipfilter_t>>("ipfilter").get_value_or(0);
+  d_preoutquery = d_lw->readVariable<boost::optional<luacall_t>>("preoutquery").get_value_or(0);
+
+  d_ipfilter = d_lw->readVariable<boost::optional<ipfilter_t>>("ipfilter").get_value_or(0);
+
 }
 
 bool RecursorLua4::preresolve(const ComboAddress& remote,const ComboAddress& local, const DNSName& query, const QType& qtype, vector<DNSRecord>& res, int& ret, bool* variable)
@@ -211,13 +217,14 @@ bool RecursorLua4::postresolve(const ComboAddress& remote,const ComboAddress& lo
 
 bool RecursorLua4::preoutquery(const ComboAddress& ns, const ComboAddress& requestor, const DNSName& query, const QType& qtype, vector<DNSRecord>& res, int& ret)
 {
-  return genhook(d_postresolve, ns, requestor, query, qtype, res, ret, 0);
+  return genhook(d_preoutquery, ns, requestor, query, qtype, res, ret, 0);
 }
 
 bool RecursorLua4::ipfilter(const ComboAddress& remote, const ComboAddress& local, const struct dnsheader& dh)
 {
   if(d_ipfilter)
-    return d_ipfilter(remote, local);
+    return d_ipfilter({remote}, {local});
+  return false; // don't block
 }
 
 bool RecursorLua4::genhook(luacall_t& func, const ComboAddress& remote,const ComboAddress& local, const DNSName& query, const QType& qtype, vector<DNSRecord>& res, int& ret, bool* variable)
@@ -233,11 +240,11 @@ bool RecursorLua4::genhook(luacall_t& func, const ComboAddress& remote,const Com
   dq->records = res;
 
   bool handled=func(dq);
-  if(variable) *variable = dq->variable; // could still be set to indicate this *name* is variable
+  if(variable) *variable |= dq->variable; // could still be set to indicate this *name* is variable
 
   if(handled) {
     ret=dq->rcode;
-    
+  loop:;
     if(!dq->followupFunction.empty()) {
       if(dq->followupFunction=="followCNAMERecords") {
 	ret = followCNAMERecords(dq->records, qtype);
@@ -248,11 +255,18 @@ bool RecursorLua4::genhook(luacall_t& func, const ComboAddress& remote,const Com
       else if(dq->followupFunction=="getFakePTRRecords") {
 	ret=getFakePTRRecords(dq->followupName, dq->followupPrefix, dq->records);
       }
+      else if(dq->followupFunction=="udpQueryResponse") {
+	dq->udpAnswer = GenUDPQueryResponse(dq->udpQueryDest, dq->udpQuery);
+	auto func = d_lw->readVariable<boost::optional<luacall_t>>(dq->udpCallback).get_value_or(0);
+	if(!func) {
+	  L<<Logger::Error<<"Attempted callback for Lua UDP Query/Response which could not be found"<<endl;
+	  return false;
+	}
+	goto loop;
+      }
+      
     }
     res=dq->records;
-
-    
-
   }
 
 
diff --git a/pdns/lua-recursor4.hh b/pdns/lua-recursor4.hh
index f10032f67..f8c574c5d 100644
--- a/pdns/lua-recursor4.hh
+++ b/pdns/lua-recursor4.hh
@@ -3,6 +3,7 @@
 #include "dnsname.hh"
 #include "namespaces.hh"
 #include "dnsrecords.hh"
+string GenUDPQueryResponse(const ComboAddress& dest, const string& query);
 
 class LuaContext;
 class RecursorLua4 : public boost::noncopyable
@@ -35,15 +36,20 @@ private:
     
     string followupFunction;
     string followupPrefix;
+
+    string udpQuery;
+    ComboAddress udpQueryDest;
+    string udpAnswer;
+    string udpCallback;
+    
     DNSName followupName;
   };
 
-
   LuaContext* d_lw;
   typedef std::function<bool(std::shared_ptr<DNSQuestion>)> luacall_t;
   luacall_t d_preresolve, d_nxdomain, d_nodata, d_postresolve, d_preoutquery, d_postoutquery;
   bool genhook(luacall_t& func, const ComboAddress& remote,const ComboAddress& local, const DNSName& query, const QType& qtype, vector<DNSRecord>& res, int& ret, bool* variable);
-  typedef std::function<bool(const ComboAddress&, const ComboAddress&)> ipfilter_t;
+  typedef std::function<bool(ComboAddress,ComboAddress)> ipfilter_t;
   ipfilter_t d_ipfilter;
 };
 
diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index df26a74a3..40211d404 100644
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -72,7 +72,6 @@ extern SortList g_sortlist;
 #include "iputils.hh"
 #include "mplexer.hh"
 #include "config.h"
-#include "lua-recursor.hh"
 #include "lua-recursor4.hh"
 #include "version.hh"
 #include "responsestats.hh"
diff --git a/pdns/syncres.hh b/pdns/syncres.hh
index 2b18b02ea..0f3de7b82 100644
--- a/pdns/syncres.hh
+++ b/pdns/syncres.hh
@@ -676,4 +676,6 @@ void doCarbonDump(void*);
 boost::optional<Netmask> getEDNSSubnetMask(const ComboAddress& local, const DNSName&dn, const ComboAddress& rem);
 void  parseEDNSSubnetWhitelist(const std::string& wlist);
 
+// enum for policy decisions, used by both auth and recursor. Not all values supported everywhere.
+namespace PolicyDecision { enum returnTypes { PASS=-1, DROP=-2, TRUNCATE=-3 }; };
 #endif
-- 
2.40.0