diff options
| author | Vladimír Čunát <vladimir.cunat@nic.cz> | 2022-07-03 15:15:40 +0200 |
|---|---|---|
| committer | Vladimír Čunát <vladimir.cunat@nic.cz> | 2023-06-12 10:32:28 +0200 |
| commit | 15013db53a59f9c19d887d9efadd429ee222a0b8 (patch) | |
| tree | 5db964c1bd0a1ece40086f024552615dbfe9e1b6 /modules/policy | |
| parent | lib/cache: add a "<" search in addition to "<=" (diff) | |
| download | knot-resolver-15013db53a59f9c19d887d9efadd429ee222a0b8.tar.xz knot-resolver-15013db53a59f9c19d887d9efadd429ee222a0b8.zip | |
lib/rules: add basic view capability
Example:
assert(require('ffi').C.kr_view_insert_action(
'127.0.0.0/24', 'policy.DENY_MSG("message")'
) == 0)
Diffstat (limited to 'modules/policy')
| -rw-r--r-- | modules/policy/policy.lua | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/modules/policy/policy.lua b/modules/policy/policy.lua index 64689801..1990837a 100644 --- a/modules/policy/policy.lua +++ b/modules/policy/policy.lua @@ -834,6 +834,8 @@ end policy.rules = {} policy.postrules = {} +local view_action_buf = ffi.new('knot_db_val_t[1]') + -- Top-down policy list walk until we hit a match -- the caller is responsible for reordering policy list -- from most specific to least specific. @@ -843,6 +845,12 @@ policy.layer = { begin = function(state, req) -- Don't act on "finished" cases. if bit.band(state, bit.bor(kres.FAIL, kres.DONE)) ~= 0 then return state end + + if ffi.C.kr_view_select_action(req, view_action_buf) == 0 then + local act_str = ffi.string(view_action_buf[0].data, view_action_buf[0].len) + return loadstring('return '..act_str)()(state, req) + end + local qry = req:initial() -- same as :current() but more descriptive return policy.evaluate(policy.rules, req, qry, state) or state |