summaryrefslogtreecommitdiffstats
path: root/modules/refuse_nord/refuse_nord.c
diff options
context:
space:
mode:
Diffstat (limited to 'modules/refuse_nord/refuse_nord.c')
-rw-r--r--modules/refuse_nord/refuse_nord.c38
1 files changed, 38 insertions, 0 deletions
diff --git a/modules/refuse_nord/refuse_nord.c b/modules/refuse_nord/refuse_nord.c
new file mode 100644
index 0000000..607ff61
--- /dev/null
+++ b/modules/refuse_nord/refuse_nord.c
@@ -0,0 +1,38 @@
+/* Copyright (C) Knot Resolver contributors.
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ *
+ * This module responds to all queries without RD bit set with REFUSED. */
+
+#include <libknot/consts.h>
+#include <libknot/packet/pkt.h>
+#include "daemon/worker.h"
+#include "lib/module.h"
+#include "lib/layer.h"
+
+static int refuse_nord_query(kr_layer_t *ctx)
+{
+ struct kr_request *req = ctx->req;
+ uint8_t rd = knot_wire_get_rd(req->qsource.packet->wire);
+ if (rd)
+ return ctx->state;
+
+ knot_pkt_t *answer = kr_request_ensure_answer(req);
+ if (!answer)
+ return ctx->state;
+ knot_wire_set_rcode(answer->wire, KNOT_RCODE_REFUSED);
+ knot_wire_clear_ad(answer->wire);
+ kr_request_set_extended_error(req, KNOT_EDNS_EDE_NOTAUTH, "ABC4");
+ ctx->state = KR_STATE_DONE;
+ return ctx->state;
+}
+
+KR_EXPORT int refuse_nord_init(struct kr_module *module)
+{
+ static const kr_layer_api_t layer = {
+ .begin = &refuse_nord_query,
+ };
+ module->layer = &layer;
+ return kr_ok();
+}
+
+KR_MODULE_EXPORT(refuse_nord)
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 21:05:08 +0000