modules/policy: make actions usable in postrules

DENY, DENY_MSG, DROP, REFUSE and TC will now clear the _selected RRs. I believe that's what people usually expect of these actions anyway.

modules/policy: make actions usable in postrules
DENY, DENY_MSG, DROP, REFUSE and TC will now clear the _selected RRs. I believe that's what people usually expect of these actions anyway.
ed7c40d6 · Vladimír Čunát · aaea4b0b · ed7c40d6
Verified Commit ed7c40d6 authored 5 years ago by Vladimír Čunát
--- a/modules/policy/policy.lua
+++ b/modules/policy/policy.lua
@@ -506,6 +506,21 @@ function policy.slice_randomize_psl(seed)
 	end
 end

+-- Prepare for making an answer from scratch.  (Return the packet for convenience.)
+local function answer_clear(req)
+	-- If we're in postrules, previous resolving might have chosen some RRs
+	-- for inclusion in the answer, so we need to avoid those.
+	-- *_selected arrays are in mempool, so explicit deallocation is not necessary.
+	req.answ_selected.len = 0
+	req.auth_selected.len = 0
+	req.add_selected.len = 0
+
+	-- Let's be defensive and clear the answer, too.
+	local pkt = req.answer
+	pkt:clear_payload()
+	return pkt
+end
+
 function policy.DENY_MSG(msg)
 	if msg and (type(msg) ~= 'string' or #msg >= 255) then
 		error('DENY_MSG: optional msg must be string shorter than 256 characters')
@@ -513,7 +528,7 @@ function policy.DENY_MSG(msg)

 	return function (_, req)
 		-- Write authority information
-		local answer = req.answer
+		local answer = answer_clear(req)
 		ffi.C.kr_pkt_make_auth_header(answer)
 		answer:rcode(kres.rcode.NXDOMAIN)
 		answer:begin(kres.section.AUTHORITY)
@@ -600,26 +615,28 @@ policy.DEBUG_CACHE_MISS = policy.DEBUG_IF(

 policy.DENY = policy.DENY_MSG() -- compatibility with < 2.0

-function policy.DROP(_, _)
+function policy.DROP(_, req)
+	answer_clear(req)
 	return kres.FAIL
 end

 function policy.REFUSE(_, req)
-	local answer = req.answer
+	local answer = answer_clear(req)
 	answer:rcode(kres.rcode.REFUSED)
 	answer:ad(false)
 	return kres.DONE
 end

 function policy.TC(state, req)
-	local answer = req.answer
-	if answer.max_size ~= 65535 then
-		answer:tc(1) -- ^ Only UDP queries
-		answer:ad(false)
-		return kres.DONE
-	else
+	-- Skip non-UDP queries
+	if req.answer.max_size == 65535 then
 		return state
 	end
+
+	local answer = answer_clear(req)
+	answer:tc(1)
+	answer:ad(false)
+	return kres.DONE
 end

 function policy.QTRACE(_, req)