diff options
| author | Florian Obser <florian@cvs.openbsd.org> | 2019-10-21 07:16:10 +0000 |
|---|---|---|
| committer | Florian Obser <florian@cvs.openbsd.org> | 2019-10-21 07:16:10 +0000 |
| commit | e60535e9c701a5372c0478e53729dc99dcaefdf1 (patch) | |
| tree | ad641f8bce4b0fb5d8bff2a627476c9513cae3c3 /sbin | |
| parent | cfe8755e96dd20ba56747b69edf50afd109bd576 (diff) | |
Optionally log blocked queries when using the block list.
OK benno
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/unwind/frontend.c | 4 | ||||
| -rw-r--r-- | sbin/unwind/parse.y | 14 | ||||
| -rw-r--r-- | sbin/unwind/printconf.c | 5 | ||||
| -rw-r--r-- | sbin/unwind/unwind.c | 3 | ||||
| -rw-r--r-- | sbin/unwind/unwind.conf.5 | 9 | ||||
| -rw-r--r-- | sbin/unwind/unwind.h | 3 |
6 files changed, 26 insertions, 12 deletions
diff --git a/sbin/unwind/frontend.c b/sbin/unwind/frontend.c index 8809d183417..ca1bb19b492 100644 --- a/sbin/unwind/frontend.c +++ b/sbin/unwind/frontend.c @@ -1,4 +1,4 @@ -/* $OpenBSD: frontend.c,v 1.31 2019/10/12 14:59:13 florian Exp $ */ +/* $OpenBSD: frontend.c,v 1.32 2019/10/21 07:16:09 florian Exp $ */ /* * Copyright (c) 2018 Florian Obser <florian@openbsd.org> @@ -732,6 +732,8 @@ udp_receive(int fd, short events, void *arg) find.domain = dname; if (RB_FIND(bl_tree, &bl_head, &find) != NULL) { + if (frontend_conf->blocklist_log) + log_info("blocking %s", dname); pq->rcode_override = LDNS_RCODE_REFUSED; goto send_answer; } diff --git a/sbin/unwind/parse.y b/sbin/unwind/parse.y index 1c02f76c7ad..ee9a7b74fd0 100644 --- a/sbin/unwind/parse.y +++ b/sbin/unwind/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.10 2019/10/18 06:03:25 otto Exp $ */ +/* $OpenBSD: parse.y,v 1.11 2019/10/21 07:16:09 florian Exp $ */ /* * Copyright (c) 2018 Florian Obser <florian@openbsd.org> @@ -102,11 +102,11 @@ typedef struct { %token YES NO INCLUDE ERROR %token FORWARDER DOT PORT CAPTIVE PORTAL URL EXPECTED RESPONSE %token STATUS AUTO AUTHENTICATION NAME PREFERENCE RECURSOR DHCP -%token BLOCK LIST +%token BLOCK LIST LOG %token <v.string> STRING %token <v.number> NUMBER -%type <v.number> yesno port dot prefopt +%type <v.number> yesno port dot prefopt log %type <v.string> string authname %% @@ -179,7 +179,7 @@ optnl : '\n' optnl /* zero or more newlines */ | /*empty*/ ; -block_list : BLOCK LIST STRING { +block_list : BLOCK LIST STRING log { if (conf->blocklist_file != NULL) { yyerror("block list already " "configured"); @@ -190,6 +190,7 @@ block_list : BLOCK LIST STRING { if (conf->blocklist_file == NULL) err(1, "strdup"); free($3); + conf->blocklist_log = $4; } } ; @@ -346,6 +347,10 @@ authname: AUTHENTICATION NAME STRING { $$ = $3; } dot : DOT { $$ = DOT; } | /* empty */ { $$ = 0; } ; + +log : LOG { $$ = 1; } + | /* empty */ { $$ = 0; } + ; %% struct keywords { @@ -391,6 +396,7 @@ lookup(char *s) {"forwarder", FORWARDER}, {"include", INCLUDE}, {"list", LIST}, + {"log", LOG}, {"name", NAME}, {"no", NO}, {"port", PORT}, diff --git a/sbin/unwind/printconf.c b/sbin/unwind/printconf.c index 1fa0ab39f7a..70c2681fa0a 100644 --- a/sbin/unwind/printconf.c +++ b/sbin/unwind/printconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: printconf.c,v 1.10 2019/05/13 23:13:24 florian Exp $ */ +/* $OpenBSD: printconf.c,v 1.11 2019/10/21 07:16:09 florian Exp $ */ /* * Copyright (c) 2018 Florian Obser <florian@openbsd.org> @@ -107,5 +107,6 @@ print_config(struct uw_conf *conf) } if (conf->blocklist_file != NULL) - printf("block list \"%s\"\n", conf->blocklist_file); + printf("block list \"%s\"%s\n", conf->blocklist_file, + conf->blocklist_log ? " log" : ""); } diff --git a/sbin/unwind/unwind.c b/sbin/unwind/unwind.c index 29a32e5e364..e45b335e9d7 100644 --- a/sbin/unwind/unwind.c +++ b/sbin/unwind/unwind.c @@ -1,4 +1,4 @@ -/* $OpenBSD: unwind.c,v 1.30 2019/09/29 13:18:39 florian Exp $ */ +/* $OpenBSD: unwind.c,v 1.31 2019/10/21 07:16:09 florian Exp $ */ /* * Copyright (c) 2018 Florian Obser <florian@openbsd.org> @@ -816,6 +816,7 @@ merge_config(struct uw_conf *conf, struct uw_conf *xconf) free(conf->blocklist_file); conf->blocklist_file = xconf->blocklist_file; + conf->blocklist_log = xconf->blocklist_log; /* Add new forwarders. */ while ((uw_forwarder = SIMPLEQ_FIRST(&xconf->uw_forwarder_list)) != diff --git a/sbin/unwind/unwind.conf.5 b/sbin/unwind/unwind.conf.5 index f87e0bab261..f94bc80667c 100644 --- a/sbin/unwind/unwind.conf.5 +++ b/sbin/unwind/unwind.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: unwind.conf.5,v 1.14 2019/05/10 14:10:38 florian Exp $ +.\" $OpenBSD: unwind.conf.5,v 1.15 2019/10/21 07:16:09 florian Exp $ .\" .\" Copyright (c) 2018 Florian Obser <florian@openbsd.org> .\" Copyright (c) 2005 Esben Norby <norby@openbsd.org> @@ -18,7 +18,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: May 10 2019 $ +.Dd $Mdocdate: October 21 2019 $ .Dt UNWIND.CONF 5 .Os .Sh NAME @@ -63,12 +63,15 @@ forwarder { $fwd1 $fwd2 } .Ed .Sh GLOBAL CONFIGURATION .Bl -tag -width Ds -.It Ic block list Ar file +.It Ic block list Ar file Op Cm log A file containing domains to block, one per line. If a domain from this list is queried .Nm unwind answers with a return code of .Cm refused . +With +.Cm log +blocked queries are logged. .It Ic captive portal Brq ... .Nm unwind can detect when it is running behind a diff --git a/sbin/unwind/unwind.h b/sbin/unwind/unwind.h index f3100343b4a..41ec58f9025 100644 --- a/sbin/unwind/unwind.h +++ b/sbin/unwind/unwind.h @@ -1,4 +1,4 @@ -/* $OpenBSD: unwind.h,v 1.17 2019/05/14 14:51:31 florian Exp $ */ +/* $OpenBSD: unwind.h,v 1.18 2019/10/21 07:16:09 florian Exp $ */ /* * Copyright (c) 2018 Florian Obser <florian@openbsd.org> @@ -141,6 +141,7 @@ struct uw_conf { int captive_portal_expected_status; int captive_portal_auto; char *blocklist_file; + int blocklist_log; }; struct query_imsg { |