Lines Matching defs:st

980 	dns_rpz_st_t *st;
1000 st = client->query.rpz_st;
1001 if ((st->popt.no_log & DNS_RPZ_ZBIT(rpz_num)) != 0)
1096 dns_rpz_st_t *st = client->query.rpz_st;
1102 if (st->popt.no_log == 0 &&
4222 rpz_match_clear(dns_rpz_st_t *st) {
4223 rpz_clean(&st->m.zone, &st->m.db, &st->m.node, &st->m.rdataset);
4224 st->m.version = NULL;
4248 dns_rpz_st_t *st = client->query.rpz_st;
4252 if (st->m.rdataset != NULL)
4253 query_putrdataset(client, &st->m.rdataset);
4254 rpz_match_clear(st);
4256 rpz_clean(NULL, &st->r.db, NULL, NULL);
4257 if (st->r.ns_rdataset != NULL)
4258 query_putrdataset(client, &st->r.ns_rdataset);
4259 if (st->r.r_rdataset != NULL)
4260 query_putrdataset(client, &st->r.r_rdataset);
4262 rpz_clean(&st->q.zone, &st->q.db, &st->q.node, NULL);
4263 if (st->q.rdataset != NULL)
4264 query_putrdataset(client, &st->q.rdataset);
4265 if (st->q.sigrdataset != NULL)
4266 query_putrdataset(client, &st->q.sigrdataset);
4267 st->state = 0;
4268 st->m.type = DNS_RPZ_TYPE_BAD;
4269 st->m.policy = DNS_RPZ_POLICY_MISS;
4276 dns_rpz_st_t *st;
4282 st = client->query.rpz_st;
4286 zbits = st->have.client_ip;
4289 zbits = st->have.qname;
4293 zbits = st->have.ipv4;
4295 zbits = st->have.ipv6;
4297 zbits = st->have.ip;
4301 zbits = st->have.nsdname;
4305 zbits = st->have.nsipv4;
4307 zbits = st->have.nsipv6;
4309 zbits = st->have.nsip;
4325 if (st->m.policy != DNS_RPZ_POLICY_MISS) {
4326 if (st->m.type >= rpz_type) {
4327 zbits &= DNS_RPZ_ZMASK(st->m.rpz->num);
4329 zbits &= DNS_RPZ_ZMASK(st->m.rpz->num) >> 1;
4337 zbits &= st->popt.no_rd_ok;
4395 dns_rpz_st_t *st;
4406 st = client->query.rpz_st;
4407 if ((st->state & DNS_RPZ_RECURSING) != 0) {
4408 INSIST(st->r.r_type == type);
4409 INSIST(dns_name_equal(name, st->r_name));
4412 st->state &= ~DNS_RPZ_RECURSING;
4413 RESTORE(*dbp, st->r.db);
4416 RESTORE(*rdatasetp, st->r.r_rdataset);
4417 result = st->r.r_result;
4422 st->m.policy = DNS_RPZ_POLICY_ERROR;
4430 st->m.policy = DNS_RPZ_POLICY_ERROR;
4445 st->m.policy = DNS_RPZ_POLICY_ERROR;
4487 dns_name_copy(name, st->r_name, NULL);
4488 result = query_recurse(client, type, st->r_name,
4491 st->state |= DNS_RPZ_RECURSING;
4720 rpz_save_p(dns_rpz_st_t *st, dns_rpz_zone_t *rpz, dns_rpz_type_t rpz_type,
4728 rpz_match_clear(st);
4729 st->m.rpz = rpz;
4730 st->m.type = rpz_type;
4731 st->m.policy = policy;
4732 dns_name_copy(p_name, st->p_name, NULL);
4733 st->m.prefix = prefix;
4734 st->m.result = result;
4735 SAVE(st->m.zone, *zonep);
4736 SAVE(st->m.db, *dbp);
4737 SAVE(st->m.node, *nodep);
4743 SAVE(trdataset, st->m.rdataset);
4744 SAVE(st->m.rdataset, *rdatasetp);
4746 st->m.ttl = ISC_MIN(st->m.rdataset->ttl, rpz->max_policy_ttl);
4748 st->m.ttl = ISC_MIN(DNS_RPZ_TTL_DEFAULT, rpz->max_policy_ttl);
4750 SAVE(st->m.version, version);
4762 dns_rpz_st_t *st;
4785 st = client->query.rpz_st;
4800 if (st->m.policy != DNS_RPZ_POLICY_MISS) {
4801 if (st->m.rpz->num < rpz->num)
4803 if (st->m.rpz->num == rpz->num &&
4804 (st->m.type < rpz_type ||
4805 st->m.prefix > prefix))
4836 st->m.policy = DNS_RPZ_POLICY_ERROR;
4850 * dns_rpz_find_ip() ensures st->m.rpz->num >= rpz->num.
4857 if (st->m.policy != DNS_RPZ_POLICY_MISS &&
4858 rpz->num == st->m.rpz->num &&
4859 (st->m.type == rpz_type &&
4860 st->m.prefix == prefix &&
4861 0 > dns_name_rdatacompare(st->p_name, p_name)))
4872 rpz_save_p(st, rpz, rpz_type,
4997 dns_rpz_st_t *st;
5005 st = client->query.rpz_st;
5009 if ((st->state & DNS_RPZ_DONE_IPv4) == 0 &&
5022 st->state |= DNS_RPZ_DONE_IPv4;
5059 dns_rpz_st_t *st;
5097 st = client->query.rpz_st;
5116 if (st->m.policy != DNS_RPZ_POLICY_MISS) {
5117 if (st->m.rpz->num < rpz->num)
5119 if (st->m.rpz->num == rpz->num &&
5120 st->m.type < rpz_type)
5149 st->m.policy = DNS_RPZ_POLICY_ERROR;
5157 * We known st->m.rpz->num >= rpz->num and either
5158 * st->m.rpz->num > rpz->num or st->m.type >= rpz_type
5160 if (st->m.policy != DNS_RPZ_POLICY_MISS &&
5161 rpz->num == st->m.rpz->num &&
5162 (st->m.type < rpz_type ||
5163 (st->m.type == rpz_type &&
5164 0 >= dns_name_compare(p_name, st->p_name))))
5203 rpz_save_p(st, rpz, rpz_type,
5232 dns_rpz_st_t *st;
5236 st = client->query.rpz_st;
5242 if (st->r.ns_rdataset != NULL &&
5243 dns_rdataset_isassociated(st->r.ns_rdataset))
5244 dns_rdataset_disassociate(st->r.ns_rdataset);
5246 st->r.label--;
5267 dns_rpz_st_t *st;
5281 st = client->query.rpz_st;
5284 (st != NULL && (st->state & DNS_RPZ_REWRITTEN) != 0))
5300 if (st == NULL) {
5301 st = isc_mem_get(client->mctx, sizeof(*st));
5302 if (st == NULL)
5304 st->state = 0;
5306 if (st->state == 0) {
5307 st->state |= DNS_RPZ_ACTIVE;
5308 memset(&st->m, 0, sizeof(st->m));
5309 st->m.type = DNS_RPZ_TYPE_BAD;
5310 st->m.policy = DNS_RPZ_POLICY_MISS;
5311 st->m.ttl = ~0;
5312 memset(&st->r, 0, sizeof(st->r));
5313 memset(&st->q, 0, sizeof(st->q));
5314 dns_fixedname_init(&st->_p_namef);
5315 dns_fixedname_init(&st->_r_namef);
5316 dns_fixedname_init(&st->_fnamef);
5317 st->p_name = dns_fixedname_name(&st->_p_namef);
5318 st->r_name = dns_fixedname_name(&st->_r_namef);
5319 st->fname = dns_fixedname_name(&st->_fnamef);
5320 st->have = have;
5321 st->popt = popt;
5322 st->rpz_ver = rpz_ver;
5323 client->query.rpz_st = st;
5374 if ((st->state & (DNS_RPZ_DONE_CLIENT_IP | DNS_RPZ_DONE_QNAME)) !=
5385 allowed = st->have.qname_skip_recurse;
5395 if ((st->state & DNS_RPZ_DONE_CLIENT_IP) == 0) {
5415 if ((st->state & DNS_RPZ_DONE_QNAME) == 0) {
5426 st->r.label = dns_name_countlabels(client->query.qname);
5427 st->state &= ~(DNS_RPZ_DONE_QNAME_IP |
5437 * IP address triggers. If the qname misses the 1st zone,
5451 st->state |= (DNS_RPZ_DONE_CLIENT_IP | DNS_RPZ_DONE_QNAME);
5461 if ((st->state & DNS_RPZ_DONE_QNAME_IP) == 0 &&
5474 st->state |= DNS_RPZ_DONE_QNAME_IP;
5475 st->state &= ~DNS_RPZ_DONE_IPv4;
5492 while (st->r.label > st->popt.min_ns_labels) {
5496 if (st->r.label == dns_name_countlabels(client->query.qname)) {
5500 dns_name_split(client->query.qname, st->r.label,
5503 if (st->r.ns_rdataset == NULL ||
5504 !dns_rdataset_isassociated(st->r.ns_rdataset))
5510 &db, NULL, &st->r.ns_rdataset,
5514 if (st->m.policy == DNS_RPZ_POLICY_ERROR)
5518 result = dns_rdataset_first(st->r.ns_rdataset);
5521 st->state &= ~(DNS_RPZ_DONE_NSDNAME |
5562 dns_rdataset_current(st->r.ns_rdataset, &nsrdata);
5569 st->m.policy = DNS_RPZ_POLICY_ERROR;
5577 result = dns_rdataset_next(st->r.ns_rdataset);
5584 if ((st->state & DNS_RPZ_DONE_NSDNAME) == 0) {
5594 st->state |= DNS_RPZ_DONE_NSDNAME;
5605 st->state &= ~(DNS_RPZ_DONE_NSDNAME |
5607 result = dns_rdataset_next(st->r.ns_rdataset);
5609 dns_rdataset_disassociate(st->r.ns_rdataset);
5610 st->r.label--;
5625 if (st->m.policy != DNS_RPZ_POLICY_MISS &&
5626 st->m.policy != DNS_RPZ_POLICY_ERROR &&
5627 st->m.rpz->policy != DNS_RPZ_POLICY_GIVEN)
5628 st->m.policy = st->m.rpz->policy;
5629 if (st->m.policy == DNS_RPZ_POLICY_MISS ||
5630 st->m.policy == DNS_RPZ_POLICY_PASSTHRU ||
5631 st->m.policy == DNS_RPZ_POLICY_ERROR) {
5632 if (st->m.policy == DNS_RPZ_POLICY_PASSTHRU &&
5634 rpz_log_rewrite(client, ISC_FALSE, st->m.policy,
5635 st->m.type, st->m.zone, st->p_name,
5636 NULL, st->m.rpz->num);
5637 rpz_match_clear(st);
5639 if (st->m.policy == DNS_RPZ_POLICY_ERROR) {
5641 st->m.type = DNS_RPZ_TYPE_BAD;
5645 if ((st->state & DNS_RPZ_RECURSING) == 0)
5646 rpz_clean(NULL, &st->r.db, NULL, &st->r.ns_rdataset);
5724 rpz_add_cname(ns_client_t *client, dns_rpz_st_t *st,
5754 fname, dns_trust_authanswer, st->m.ttl);
5757 rpz_log_rewrite(client, ISC_FALSE, st->m.policy,
5758 st->m.type, st->m.zone, st->p_name, fname,
5759 st->m.rpz->num);