policy: private reverse zone handled separately

This allows to disable specific deny rules on zone-by-zone basis as it should be according to RFC6303 sec.3. Disable can be done by policy rule PASS. Also any FORWARD rule for such zone will be evaluated before DENY that query.

policy: private reverse zone handled separately
This allows to disable specific deny rules on zone-by-zone basis as it should be according to RFC6303 sec.3. Disable can be done by policy rule PASS. Also any FORWARD rule for such zone will be evaluated before DENY that query.
14084634 · Vitezslav Kriz · 5b1678f1 · 14084634
Commit 14084634 authored 7 years ago by Vitezslav Kriz
--- a/modules/policy/policy.lua
+++ b/modules/policy/policy.lua
@@ -243,7 +243,7 @@ function policy.evaluate(rules, req, query, state)
 			end
 		end
 	end
-	return state
+	return
 end

 -- Enforce policy action
@@ -284,11 +284,13 @@ end
 policy.layer = {
 	begin = function(state, req)
 		req = kres.request_t(req)
-		return policy.evaluate(policy.rules, req, req:current(), state)
-	end,
+		return policy.evaluate(policy.rules, req, req:current(), state) or 
+		       policy.evaluate(policy.special_names, req, req:current(), state) or
+		       state
+	end,	
 	finish = function(state, req)
 		req = kres.request_t(req)
-		return policy.evaluate(policy.postrules, req, req:current(), state)
+		return policy.evaluate(policy.postrules, req, req:current(), state) or state
 	end
 }

@@ -446,6 +448,12 @@ policy.todnames(private_zones)
 -- @var Default rules
 policy.rules = {}
 policy.postrules = {}
-policy.add(policy.suffix_common(policy.DENY, private_zones, '\4arpa\0'))
+policy.special_names = {
+	{
+		id=0,
+		cb=policy.suffix_common(policy.DENY, private_zones, '\4arpa\0'),
+		count=0
+	}
+}

 return policy