Allow RPZ rewrite logging to be configured on a per-zone basis (#39754)

2015-07-06 08:48:37 +05:30
parent 3e33f4198d
commit 33ca26968b
13 changed files with 173 additions and 10 deletions
--- a/bin/tests/system/rpzrecurse/tests.sh
+++ b/bin/tests/system/rpzrecurse/tests.sh
@@ -245,4 +245,25 @@ grep "^l2.l1.l0.[[:space:]]*[0-9]*[[:space:]]*IN[[:space:]]*A[[:space:]]*10.53.0
    status=1
 }

+# Check RPZ log clause
+t=`expr $t + 1`
+echo "I:testing RPZ log clause (${t})"
+run_server log
+cur=`awk 'BEGIN {l=0} // {l++} END { print l }' ns2/named.run`
+$DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p 5300 -b 10.53.0.4 > dig.out.${t}
+$DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p 5300 -b 10.53.0.3 >> dig.out.${t}
+$DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p 5300 -b 10.53.0.2 >> dig.out.${t}
+tail -n +"$cur" < ns2/named.run | grep "view recursive: rpz CLIENT-IP Local-Data rewrite l2.l1.l0 via 32.4.0.53.10.rpz-client-ip.log1" > /dev/null && {
+    echo "I: failed: unexpected rewrite message for policy zone log1 was logged"
+    status=1
+}
+tail -n +"$cur" < ns2/named.run | grep "view recursive: rpz CLIENT-IP Local-Data rewrite l2.l1.l0 via 32.3.0.53.10.rpz-client-ip.log2" > /dev/null || {
+    echo "I: failed: expected rewrite message for policy zone log2 was not logged"
+    status=1
+}
+tail -n +"$cur" < ns2/named.run | grep "view recursive: rpz CLIENT-IP Local-Data rewrite l2.l1.l0 via 32.2.0.53.10.rpz-client-ip.log3" > /dev/null || {
+    echo "I: failed: expected rewrite message for policy zone log3 was not logged"
+    status=1
+}
+
 exit $status