blob: 607ff6144782f3d1b5a366620a55ba099bf2f1ae (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
/* Copyright (C) Knot Resolver contributors.
* SPDX-License-Identifier: GPL-3.0-or-later
*
* This module responds to all queries without RD bit set with REFUSED. */
#include <libknot/consts.h>
#include <libknot/packet/pkt.h>
#include "daemon/worker.h"
#include "lib/module.h"
#include "lib/layer.h"
static int refuse_nord_query(kr_layer_t *ctx)
{
struct kr_request *req = ctx->req;
uint8_t rd = knot_wire_get_rd(req->qsource.packet->wire);
if (rd)
return ctx->state;
knot_pkt_t *answer = kr_request_ensure_answer(req);
if (!answer)
return ctx->state;
knot_wire_set_rcode(answer->wire, KNOT_RCODE_REFUSED);
knot_wire_clear_ad(answer->wire);
kr_request_set_extended_error(req, KNOT_EDNS_EDE_NOTAUTH, "ABC4");
ctx->state = KR_STATE_DONE;
return ctx->state;
}
KR_EXPORT int refuse_nord_init(struct kr_module *module)
{
static const kr_layer_api_t layer = {
.begin = &refuse_nord_query,
};
module->layer = &layer;
return kr_ok();
}
KR_MODULE_EXPORT(refuse_nord)
|
